1. Introduction

• In an Industry 4.0 environment, a manufacturing Execution System (MES) is a comprehensive dynamic software system that ensures production quality. It can help enterprises monitor, track, record, and control the data generated in the manufacturing process, from receiving orders, production, and process control to products.
• According to the MESA Model [3] proposed by MESA, “data collection and acquisition”, and “product tracking and historical records” are important components of MES. On the traditional MES, the historical record of the product will upload the data to the database in the system. However, the data stored in the database may be hijacked by hackers, and the tampered data may greatly affect the judgment of decision-makers or the accuracy of AI training models. Therefore, maintaining data integrity is a major challenge for enterprises in terms of information security.

2. Related Works

3. Proposed Method

3.4. Non-Confidential Data Upload Method

This section provides a detailed explanation of the general data transmission path and the preprocessing steps that data needs to undergo. Figure 4 illustrates the data transmission path when data is transmitted from IoT sensors to the server. The processing of data on a Raspberry Pi only requires the use of hash and exclusive or (XOR) operations and does not require a significant amount of computing resources, making it suitable for IoT environments with resource-constrained. After preprocessing, the data can ensure data preservation on the server.

The entire process of uploading non-confidential data, with four roles involved: Raspberry Pi, IoT sensors, IOTA, and Server. The Raspberry Pi is responsible for receiving and transmitting information, the IoT sensors receive various signals, IOTA verifies the integrity of the data, and the Server is used to store data and msgID. The entire process is divided into 7 steps:

• Step 1-2: Raspberry Pi collects raw data from sensors using a program.
• Step 3: The original data is hashed to obtain the hash value of the data, to prevent data theft when uploading to IOTA.
• Step 4-5: The hash value of the raw data is uploaded to IOTA and the returned msgID is obtained.
• Step 6-7: Algorithm 1 is used to preprocess the msgID, and the preprocessed data is uploaded to the server, ensuring the integrity of the data and msgID stored on the server.

Before uploading data to the server, Algorithm 1 is applied for pre-processing to ensure data integrity on the server. Algorithm 1 is based on the method shown in Figure 5, which first randomly generates an Initialization Vector with Timestamp (IVT), hashes the IVT using a hash function, and then uses XOR to create a hash value with the raw data. The previous ciphertext is repeatedly hashed using a hash function and then use XOR with the plaintext. These steps can allow all data to have relatedness. If any data is tampered with, the modified data can be easily identified during verification. To avoid spending a lot of time verifying data, a timeout is set in advance on the third line of Algorithm 1, new IVT is generated periodically and preventing data from forming excessively long chains, it can make data verification more efficient. In lines 4 and 8 of Algorithm 1, the hash function and XOR operation are used to make the hash values of each data item correlate. This is to identify any tampering of the data. Hash and XOR operations do not require significant computational power. Therefore, this method can be used for preprocessing data when dealing with large amounts of data that require timely processing, and it is suitable for execution in resource-constrained IoT environments. After preprocessing all the data before the timeout. They will be concatenated into a message chain, and all the cipher texts will be stored in a list, which is the HDML.

3.5. Non-Confidential Data Retrieval Method

This section proposes the method that data users need to use when accessing data so that data users will verify the integrity of the data before accessing it to ensure that the data has not been tampered with. Figure 6 illustrates the entire process of accessing data, which will use two different verification algorithms to verify the integrity of the data. The entire process is divided into 6 steps:

• Step 1-2: Use the timestamp on the IVT to select which data to access, and then request the entire data from the server with a specific timestamp. The obtained data includes IVT, BL, and HDML. IVT is a random number that contains a timestamp, BL is a list that contains D, msgID, and IVT, and HDML is a list that contains HDM. HDM is the hash value of D⊕msgID.
• Step 3: Verify the integrity of msgID using Algorithm 2 to prevent hackers from replacing the msgID and leading data users to the wrong location to search for the hash value on the IOTA, and return true or false after the verification is completed, where true indicates successful verification and false indicates verification failure.
• Step 4-5: Obtain the hash value of the entire data and its corresponding milestone on the IOTA using the msgID that has integrity. Verify if the milestone indicates whether the data has been uploaded in order, or the msgID has been replaced by a malicious user.
• Step 6: Perform integrity verification on the data using the verification method proposed in Algorithm 3, and return true or false after the verification is completed, where true indicates successful verification and false indicates verification failure.

Figure 6. Sequence diagram for non-confidential data retrieval.

Figure 6. Sequence diagram for non-confidential data retrieval.

In step 3 of Figure 6, Algorithm 2 is used to verify the integrity of the msgID stored on the server. In the second line, the first data's hash value is calculated using the first IVT, msgID, and D in BL, and then compared with the first data's hash value in HDML to determine the integrity of the first data. The for loop in line 8 will compare all remaining msgID or data in BL to check if they are correct. Finally, true or false will be returned, where true indicates that the msgID has not been tampered with, while false indicates that the data has been tampered with.

In Step 6 of Figure 6, Algorithm 3 is used to verify the integrity of the data by comparing it with the hash value on the IOTA Tangle. In the conditional statement in line 4, the algorithm first compares the hash value on the IOTA Tangle with the local hash value of the data to verify that the two data are consistent. In the conditional statement in line 7, leveraging the characteristics of DLT, the milestone generated by the transaction uploaded to the IOTA Tangle earlier will always be smaller than that of the later ones. Therefore, this algorithm checks whether the milestones on the IOTA Tangle are sorted in order. If there is an issue of milestones being out of order, it means that the msgID has been replaced, and the data does not have integrity. Finally, this algorithm will return whether the data has been tampered with. If the data has been tampered with, it will return false, otherwise it will return true.

3.6. Secret Data Upload Method

This section provides a detailed explanation of the encryption method required for uploading confidential data, which incorporates the concept of CFB encryption. By concatenating all the data, the method ensures the integrity of the data stored on the server. Although this method requires more computational power than the previously proposed method for uploading non-confidential data, it ensures that the data can only be accessed by those with the key, ensuring the confidentiality of the data. This study has written the encryption method in Algorithm 4 to provide a data preservation method on the server side.

Figure 7 shows the entire process of uploading confidential data, involving four roles: Raspberry Pi, IoT sensors, IOTA, and Server. Raspberry Pi is used for receiving and transmitting information, IoT sensors are used for receiving various signals, IOTA is used for verifying the integrity of the data, and Server is used for storing the data and msgID. The entire process includes seven steps :

• Step 1-2: Request data from sensors and return the received signal from sensors to the Raspberry Pi.
• Step 3: Convert the data into a hash value, which is H, by using a hash function.
• Step 4-5: Upload H to IOTA to ensure the data cannot be stolen from the public ledger. After uploading H, receive the msgID returned by IOTA.
• Step 6: Use Algorithm 4 proposed in this study to encrypt the data using CFB encryption. This results in a ciphertext generated within the timeout, which is CT.
• Step 7: Transmit the D and CT which generated by Algorithm 4 to the server and store it in the corresponding message chain using the timestamp of the IVT.

In step 6 of Figure 7, Algorithm 4 is used to encrypt the original data using CFB encryption. The algorithm requires an AES key to encrypt all of the data. Because of the nature of CFB, each ciphertext is related to the previous data, making it difficult for hackers to tamper with the data. In line 4, a timeout is used to prevent the message chain formed by CFB encryption from becoming too long. If the time does not exceed the timeout, the previous data is encrypted, and use XOR operation with the current data. In line 7, enough message chains have been generated, so a new IVT is produced. If this timeout is not set, verification will take a lot of time, so the IVT is regularly updated at intervals to generate a new message chain.

4. Implementation and Experimental Results

• Raspberry Pi: The Raspberry Pi specifications are Broadcom BCM2711, Quad-core Cortex-A72 (ARM v8) 64-bit SoC, 8GB RAM, and OS with Red Hat Enterprise Linux9.
• DHT11 sensor: The DHT11 is a basic, ultra-low-cost digital temperature and humidity sensor. It uses a capacitive humidity sensor and a thermistor to measure the surrounding air and spits out a digital signal on the data pin.

4.2. Performance Analysis

This section evaluates the proposed methods in this paper by comparing the computational complexity and time required for each method and analyzing their respective strengths and weaknesses. Finally, the time required for uploading data to IOTA and Ethereum is compared, and the advantages and disadvantages of using DLT and blockchain are analyzed.

To analyze the time required for each method used in this section, we have calculated the time required for each operation used and then calculated the amount of computation required for each method. Table 2 shows the average time required for the four operations: hashing, XOR, CFB encryption, and CFB decryption. These four operations are the methods required to be used locally in this architecture.

This section divides the methods for uploading data method divide into two categories: the Non-confidential data upload method and the Secret data upload method. It also divides the methods for retrieving data into two categories: the non-confidential data retrieval method and the Secret data retrieval method. The calculation time required for the two upload methods using the following equation, where n represents the total number of data to be uploaded.

Total computation time of non-confidential data upload:

(1)

Total computation time of secret data upload method:

(2)

Figure 13 illustrates the computation time required by our architecture. Non-confidential data upload method only uses hash computation, therefore, it requires less time but lacks confidentiality. The secret data upload method uses CFB encryption to encrypt data, which requires more computation time. Although it takes more time, it ensures data confidentiality.

The calculation time required for the two data retrieval methods using the following equation, where n denotes the total number of data to be retrieved.

Total computation time of non-confidential data retrieval method:

(3)

Total computation time of secret data retrieval method:

(4)

Figure 14 compares the two methods of data uploading based on the time required according to the amount of received data. The secret data retrieval method initially requires less time to receive data compared to the non-confidential data retrieval method. However, as the amount of data received increases, the secret data retrieval method takes more time because it will generate a message chain, and the longer the message chain, the longer it takes to decrypt. Therefore, our architecture proposes a method of generating new message chains periodically, which is crucial for reducing decryption time.

This section compared the computation time required for different methods. As can be seen from the analysis, if data needs to be kept confidential, more computation time is required. Depending on the needs of different fields, different methods can be used to ensure data storage. For the uploading and receiving of secret data, our method successfully reduced the time required for data decryption by updating the message chain.

5. Conclusions

References

1. X. Zheng; S. Sun; R. R. Mukkamala; R. Vatrapu; and J. Ordieres-Meré. Accelerating Health Data Sharing: A Solution Based on the Internet of Things and Distributed Ledger Technologies. Journal of Medical Internet Research, 2019; 21, 1–12.
2. O. Lamtzidis; and J. Gialelis. “An IOTA Based Distributed Sensor Node System,” Proceedings of 2018 IEEE Globecom Workshops, Abu Dhabi, United Arab Emirates, December 9- December 13, pp. 1-6, 2018.
3. “New MESA Model: A Framework for Smarter Manufacturing,” MESA International. 2022. Available online: https://mesa.org/topics-resources/mesa-model/ (accessed May 2023).
4. S. Nakamoto, “Bitcoin: A Peer-To-Peer Electronic Cash System,” Bitcoin.org. 2008. Available online: https://bitcoin.org/bitcoin.pdf/ (accessed May 2023).
5. K. Kumar; and M. Kurhekar. “Economically Efficient Virtualization over Cloud Using Docker Containers,” Proceedings of 2016 IEEE International Conference on Cloud Computing in Emerging Markets, Bangalore, India, October 19-October 21, pp. 95–100, 2016.
6. R. Soltani; L. Saxena; R. Joshi; and S. Sampalli. “Protecting Routing Data in WSNs with Use of IOTA Tangle,” Proceeding of The 19th International Conference on Mobile Systems and Pervasive Computing, Niagara Falls, Canada, August 9-August 11, vol. 203, pp. 197–204, 2022.
7. W. F. Silvano, and R. Marcelino, Iota Tangle: A Cryptocurrency to Communicate Internet-of-Things Data. Future Generation Computer Systems, 2020; 112, 307–319.
8. S. Popov. “The Tangle,” White paper, 2018, vol. 1, no. 3.
9. V. Mani; P. Manickam; Y. Alotaibi; S. Alghamdi; and O. I. Khalaf. “Hyperledger Healthchain: Patient-Centric IPFS-Based Storage of Health Records. Electronics 2021, 10, 3003. [CrossRef]
10. T. Alsboui, Y. Qin, R. Hill, and H. Al-Aqrabi. “Enabling Distributed Intelligence for the Internet of Things with IOTA and Mobile Agents. Computing 2020, 102, 1345–1363.
11. K. Zhang; J. Tian; H. Xiao, Y. Zhao; W. Zhao; and J. Chen. “A Numerical Splitting and Adaptive Privacy Budget-Allocation-Based LDP Mechanism for Privacy Preservation in Blockchain-Powered IoT. IEEE Internet of Things Journal 2023, 10, 6733–6741. [CrossRef]
12. J. Jayabalan; and N. Jeyanthi. “Scalable Blockchain Model Using Offchain IPFS Storage for Healthcare Data Security and Privacy. Journal of Parallel and Distributed Computing 2022, 164, 152–167. [CrossRef]
13. C. Lin, P. C. Tseng, P. H. Chen, and S. J. Chiou. “Securing Industrial Control Systems: Enhancing Data Preservation in IoT with Streamlined IOTA Integration,“ Proceedings of 4th IFSA Winter Conference on Automation, Robotics & Communications for Industry 4.0 / 5.0, (ARCI’ 2024), 7-9 February 2024, Innsbruck, Austria.