Sage Journals: Discover world-class research

Abstract

Big Data in Internet of Healthcare Things (IoHT) environments includes large volumes of structured and unstructured clinical information. The Hadoop Distributed File System (HDFS) is widely used for its scalability and ability to run on commodity hardware. However, it offers limited native encryption, leaving data vulnerable to security risks. Although several encryption techniques exist, traditional algorithms still face performance and security limitations with large-scale medical datasets. Therefore, this study introduces a hybrid encryption framework designed to enhance security in IoHT environments that process large-scale medical Big Data. The framework combines Attribute-Based Encryption (ABE) with the Blowfish cipher to secure data generated by heterogeneous medical devices across the IoHT infrastructure. The proposed approach is benchmarked against established hybrid schemes—CP-ABE + HE, HE + BF, and CP-ABE + AES—to provide a comparative assessment of its security strength and computational performance. The performance assessment employed key computational metrics, including system efficiency, encryption latency, and decryption latency. Experimental results demonstrate that the proposed hybrid scheme delivers superior performance compared to existing approaches, attaining a peak efficiency of 98.5%. The method further achieved encryption and decryption times of 6.8 min and 5.7 min, respectively, indicating improved computational handling of large-scale IoHT data.

Keywords

data encryption internet of healthcare blowfish attribute-based encryption advanced encryption standard big data analytics

Introduction

The rapid technological growth of IoHT includes thousands of sensors in various medical sensor equipment and application generates and collects a large volume of data. This massive amount of data is processed from various applications, sensor networks and small to large-scale IoHT.^1,2 Bigdata refers to any complicated, diverse, and massive number of data that traditional data processing systems are unable to handle. Initially, the properties designed to describe bigdata volume, variety, and velocity. Later, extra attributes, including authenticity, venue, validity, lexicon, vagueness, and value were added to provide equivalent descriptions of large data sets. However, these features frequently run into simultaneous difficulties in complex IoHT applications when storing, analyzing, and retrieving the desired findings. The act of vast volume of complicated data to find correlation and uncover hidden patterns is known as big data analytics.^3–5

Hadoop is a free and open-source structure that permits huge volumes of information to be handled and put away in a conveyed, versatile, and reliable processing climate.^6,7 Hadoop is widely utilized in public cloud services and massive clusters because it is cost-effective, quick to process, fault-tolerant, and adaptable. The Hadoop Distributed File System (HDFS) and MapReduce⁸ are the two major components of Hadoop. MapReduce allows for concurrently processing massive troves of either structured or unstructured data. To distribute massive amounts of data, HDFS employs many hard drive logical file systems. Hadoop’s processing power is far superior to traditional data processing systems but has security issues. There is no method to secure data while it is being stored or transferred since Hadoop is not built for security. Many firms utilise big data for research and marketing, but security considerations may be overlooked.^9,10 The data breach would harm the company’s brand and have legal ramifications.

Hadoop big data manages financial data, personal data, business data, and sensitive information such as customer, client, and employee information. Furthermore, organisations store and analyse a large quantity of data, which must be protected in HDFS storage via encryption, threat detection, and logging measures. These strategies aid frameworks in quickly spotting threats and gathering client data. The diversity of large amounts of information describes it. Text, photos, music, and video are all examples of big data. A range of approaches have been developed in recent years to protect data during its development and storage phases. Data falsification methods and access limits increase data privacy during the generating phase. Encryption techniques are mostly used to ensure data security and privacy during the storage phase.¹¹

The process of converting plain text to ciphertext is known as encryption. By permitting users to have sufficient authentication and banning others, the conversion of explicable data into inexplicable form secures data privacy. Encryption keys are transferred, and the decryption operation will employ the duplicate keys. Encryption is still used for data protection and confidentiality. Strictly speaking, there are two types of encryption algorithms: symmetric vital algorithms and public key algorithms. Existing research uses various encryption algorithms to secure massive data, including Blowfish, AES, RSA, DES, RC4, RC6, and ABE.^12–14 However, when dealing with a significant volume of data in a dynamic environment, the performance of this standard encryption mechanism degrades. As a result, developing an effective data encryption technique for important data security becomes critical. The following are the significant contributions of this research work.

• A hybrid data encryption algorithm based on ABE and Blowfish is proposed.

• A comparison of the proposed encryption method to other hybrid encryption techniques like CP-ABE + HE, HE + BF, and ABE + BF.

• The effectiveness of the proposed ABE + BF has been measured in terms of its ability to encrypt and decrypt data, as well as its throughput and file size.

• The total time taken in encryption and decryption is improved by using ABE + BF shown in the results.

The rest of the paper is organized as follows: Section 2 has a brief related works; Section 3 contains the proposed method and materials Section 4 contains result and discussion, and Section 5 contains the conclusion.

Related works

This section contains brief literature reviews on large data security and encryption techniques. Using various encryption algorithms, researchers are working to improve the security and privacy features of large data applications.^15–17 In the homomorphic cryptography and secure organisation convention configuration introduced in¹⁸ a security saving closeout process is used to further grow information classification and confidence between the client and outsider specialist co-op. Homorphic encryption is used to ensure the security of data transfers between users and third-party service providers. For increased data security, the approach has been expanded to include signature-based verification. However, as the number of users and file sizes grow, so does the system’s performance.

The completely homomorphic encryption scheme suggested in overcomes internal and external information security gaps and threats in the vast information environment.¹⁹ The sophisticated cryptosystem examines the tasks and divides the processing and data into two parts. This procedure greatly increases the system’s data processing capability while ensuring high accuracy.²⁰ Describes comprehensive data encryption and compute acceleration process that can handle various circumstances. For significant information encryption, a varied crypto speed increase secure information stockpiling framework that forcefully enhances the enormous information document functioning modes is provided. When compared to existing software and hardware accelerators, the study’s findings offer a superior tradeoff.

The data analysis methodology proposed in successfully handles privacy issues connected with the process of transmitting health information by utilising encryption.²¹ Patient-centric data access control mode addresses privacy concerns in health information as well as the need for data encryption. The suggested RSA-based encryption encrypts and distributes the patient file over many domains. Though the encryption paradigm efficiently addresses security and privacy concerns, data transmission requires numerous domains. When compared to alternative data transmission technologies, this raises the system cost.

The probabilistic trapdoors are designed to survive assaults and improve data security. The unique encryption technology announced in ensures information privacy in massive data streams. The dependability of obtained information is determined by the security factors of information respectability and privacy. The designers use unique encryption to improve information flow and unscrambling performance while maintaining information trustworthiness and categorization.²²

The problems in traditional cryptography techniques were explored in Attribute-based encryption.²² In a huge data context, fine-grained access control is critical, and the encryption approach provides this. Flexible policies improve access control on encrypted data and increase efficiency when dealing with huge amounts of data. The results were analyzed using 10 distinct attributes, and cryptographic acceleration was used to improve performance. This encryption model’s main advantages are its low memory and processing power.²³ describes a hybrid Attribute-Based Encryption (ABE) model that solves the drawbacks of traditional ABE methods. As traditional models’ techniques become obsolete over time, the shown crossover model integrates intermediary re-encryption to convert ABE’s ciphertext into Personality Based Encryption (IDE) cipher-text. Increase security and prevent data collisions by using the identity-based encryption and key randomization.

Gaytri et al. proposed a hybrid model securing the bigdata to fine-grained and versatile access control for medicinal services records; the authors have proposed an encryption strategy that makes use of CP-ABE in conjunction with the Honey Encryption (HE) method to encode each sensitive public healthcare data document. The proposed approach gives secure information transmission and healthcare services information classification. Far reaching expository and test results are introduced which mirror the proficiency of the proposed approach.²⁴

Authors developed a combined approach for securing the message from brute force attacks using Honey Encryption, a powerful symmetric key encryption technique, and an Android-based device; we propose a secure messaging system in this research article. A comparison between the Honey Encoding with AES and Honey Encoding with Blowfish algorithms is also conducted. Studies reveal that Blowfish produces the most outstanding results with Honey Encryption when compared to AES since Blowfish requires less processing time.²⁵

T. Mohanraj proposed a hybrid encryption algorithm to secure Big Data. Authors have compared the performance of their technique with the traditional available techniques for securing the data with respect to encryption time, decryption time, throughput and efficiency.²⁶

Riaz H. et al., proposed a recent study have reported notable progress in protecting healthcare information within IoT and IoHT environments. For instance, recent work on robust steganography techniques for safeguarding medical records highlights a growing focus on embedding security features directly into the data, thereby reducing the risk of unauthorized access and manipulation. These developments show the importance of applying layered protection mechanisms that complement but are not limited to conventional encryption.

Syed Raza Abbas et al., In addition, extensive reviews on federated learning for smart healthcare illustrate the importance of privacy-preserving data processing, secure model training, and distributed analytical frameworks in IoT-based systems. As healthcare organizations generate and manage increasingly large datasets, the need for secure computation and decentralized protection measures becomes more evident, especially for maintaining privacy and preventing data leakage.

This study introduces a secure and strong information participation approach called Blowfish Hybridised Weighted Quality Based Encryption (BH-WABE) for secure information composition and viable access control. Each attribute is assigned a weight based on its importance, and information is encoded using access control principles. A property authority assigns unmistakable features based on their weight and denies or modifies them, while the cloud specialist co-op stores the rethought data. The recipient can recover the information record matching its weight to reduce the computational cost. In terms of security, reliability, and efficacy, the suggested BH-WABE offers collision resistance, multi-authority security, and fine grained access control.²⁷

Taken together, these findings demonstrate that healthcare IoT systems require security solutions that are integrated, adaptable, and able to scale with data growth. In response to these challenges, the present work introduces a hybrid cryptographic framework aimed at improving confidentiality, integrity, and overall data protection within Big Data–driven IoHT applications. According to the findings, key management and authentication processes linked with cryptographic systems are especially difficult for advanced data administration. While homomorphic encryption advances information security, the encryption cycle is slow and inefficient. Fully homomorphic encryption, on the other hand, improves data privacy and usability. The approach is unsuitable for big data applications because to its sluggish computation speed and accuracy problems. Although RSA-based encryption is more authentic and secure, it is slow when processing huge volumes of data. For common data, traditional encryption techniques work well. Traditional encryption techniques, on the other hand, take longer to calculate due to the vast volume and variety of data in big data. The adoption of hybrid encryption models enhances encryption performance, although the system still has space for improvement. Previous studies have not compared their proposed methodology results with traditional techniques, and not compared with hybrid methodology. So, their proposed methodologies results are not authentic and cannot say that our hybrid methodology is better than other hybrid methodologies. To overcome this gap, authors have proposed a hybrid methodology and compared the performance of the methodology with the previous available hybrid methodology. Based on this discovery, hybrid encryption solutions appear to be a superior option for improving big data security. In light of these facts, our research recommends a hybrid encryption technique for large data security in a distributed file system context that delivers excellent performance while needing little processing.

Proposed method and materials

The hybrid encryption approach relies on the distinct strengths of its two components. ABE is employed to enforce fine-grained access control by encrypting and distributing the symmetric key according to predefined user attributes and roles. This ensures that only authorized entities can obtain the key needed for decryption. Blowfish is then used to protect the actual medical data because it offers fast processing, low memory requirements, and stable performance on resource-limited IoT devices. By separating access control from bulk data encryption, the scheme introduces an additional layer of protection that limits unauthorized access, reduces the risk of key misuse, and enhances overall resilience against common threats in healthcare IoT systems. To secure HDFS massive data, the proposed hybrid encryption technique combines the ABE and Blowfish algorithms. The double encryption procedure delivers higher data protection than typical encryption approaches.

ABE has lately acquired popularity due to its secure communication capabilities in dynamic contexts and decentralised access management. The encryption process, on the other hand, cannot be defined by user-specified policies or processes. Access control policies in ciphertext policies are introduced to give users more control over the encryption process. Previous studies have not compared their proposed methodology results with traditional techniques, and not compared with hybrid methodology. So their proposed methodologies results are not authentic and cannot say that our hybrid methodology is better than other hybrid methodology. To overcome this gap, authors have proposed a hybrid methodology and compare performance of methodology with pervious available hybrid methodology.

Users can configure the encryption and decryption policies in addition to the properties. Furthermore, these access control methods encrypt data during transmission and storage. ABE effectively manages client requirements and combines private and public keys into a single trait-based concept. The property arrangements defined by ABE are derived from consistent combinations of attributes. In ABE, the features and consistent blends may be constructed based on the client’s needs and the application. The suggested hybrid encryption systems is capable of encrypting both static and dynamic data (Figure 1).

Figure 1.

Working of the proposed technique.

Only the characteristics are encrypted in ABE, not the full block. Secret or symmetric cyphers use Blowfish to generate 32- to 448-bit key, which is then used to encrypt and decrypt data. The ABE algorithm is first used in the two-step procedure using Blowfish. ABE relies on some random user the private key must be obtained based on attributes rather than a hybrid approach if the algorithms are conducted independently. The odds of producing duplicate keys are high if the intruder knows the qualities.

When the Blowfish method is used individually, all the data blocks are encrypted similarly. This could cause problems if the intruder understands how to decrypt the data. However, Blowfish allows the user to select a key size between 32 and 448 bits in length. The ABE encryption procedure uses a secure key obtained via Blowfish instead of a random private key to eliminate intrusions and secure the data. The suggested hybrid encryption model’s overall process flow is depicted in Figure 1.

The technique starts by choosing characteristics for the input file. The qualities are chosen based on the client’s preferences as well as consistent mixes. Following the selection, a set of rules for the characteristics is constructed, and encryption is performed.^28,29 A key created by the blowfish method safeguards the file after it has been encrypted for two-tier security. The scrambled record is used for decoding, while the Blowfish key is used for verification. If it matches, the decryption process continues; if it fails, the attempt to decrypt is reported as an intrusion, and the decryption process terminates. If it matches, decryption process continues; if it donesn’t, the decryption attempt is flagged as intrusion.^30,31 Otherwise, it is classified as an incursion at this level. The decrypted file will be plaintext, which can be utilized in the application requested.

The following are the steps involved in the encryption process.

Step 1: The HDFS client uses the distributed file system to communicate with master node in the first step.

Step 2: The controller node receives the distributed file system request, which contains a request to create a new file.

Step 3: The main node identifies and picks the data node with the greatest available space.

Step 4: The distributed file system transfers the data from the data nodes to the HDFS client.

Step 5: Before encrypting the file, the HDFS client sends the selected characteristics.

Step 6: The encrypted file must be secured; to do so; a Blowfish key must be generated and applied to the file.

Step 7: Using the distributed file system output data stream, the writing operation begins from the client to a specified data node.

Step 8: When the writing procedure is complete, the data in the current node is moved to a another node.

Step 9: The master node keeps track of the current data node and the replication data node during replication.

Step 10: The distributed file system delivers an acknowledgement to the HDFS client after the data has been successfully duplicated in the secondary data node.

Step 11: When the HDFS client receives the acknowledgement, it stops writing.

Step 12: The writing process is completed when the HDFS client acknowledgement is received.

The following are the steps involved in the decryption process.

Step 1: The HDFS client uses the distributed file system to communicate with the master node during decryption.

Step 2: The master node receives the distributed file system request, which comprises a request to read a file.

Step 3: The data node gets information from the master node, such as the encrypted files’ location.

Step 4: The HDFS client starts the process by picking data from the chosen block in the file system data input stream.

Step 5: A secret phrase match is directed for confirmation, and if it matches, the client inputs the characteristics to unscramble the data.

Step 6: Access is reported as unlawful or intrusive if the matching process fails.

Step 7: When the acknowledgement is received, the HDFS client stops reading.

Step 8: The reading operation is fully done after obtaining the HDFS client’s acknowledgement.

As proved in previous phases, the proposed model’s encryption and decoding approach provides enhanced information security to vast amounts of data in the HDFS scenario of composing and understanding operations. The algorithm for the proposed healthcare big data security paradigm is as follows.

Result and discussion

Experiments in a Hadoop cluster with an i7 CPU running at 2.20 GHz and 8 GB of RAM validate the suggested hybrid encryption architecture for big data security in the HDFS environment. The performance evaluation in this study was carried out on a single-node environment with modest hardware resources. This configuration was selected to obtain baseline measurements of the proposed encryption model. However, such a setup does not fully represent the scale or complexity of real-world Big Data infrastructures, which typically rely on clusters consisting of many distributed nodes. As a result, the performance values reported here may not directly reflect behavior in large production systems. One node is designated as the master node, while the others are designated as data nodes. The encryption and decryption performance is measured using files of various sizes. Various hybrid CP-ABE + HE, HE + BF, and CP-ABE + AES algorithms are compared in terms of throughput, encryption time, decryption time, and efficiency. Table 1 shows the simulation parameters used in the proposed study.

Table 1.

Simulation parameters.

S. No	Parameter	Value/Range
1	File size (input)	128 MB - 1 GB
2	No. of runs	10
3	Required memory	4-8 gb
4	Key size	256 bit
5	Bandwidth	500 mbps

Encryption time using ABE + BF

Calculating the time, it takes to construct cipher-text yields the encryption time. The suggested model, according to Figure 2, takes the least amount of time to process all of the files also shows in Table 2. As file size increases, so does encryption time. The encryption time for a maximum record size of 1 GB of information is around 6.8 min, but CP-ABE + HE, HE + BF, and CP-ABE + AES need 17.7 min, 13.6 min, and 11.0 min, respectively, to scramble the specified size of the document. The proposed hybrid encryption approach encrypts data in an average of 7.1 min, which is 14 min quicker than the Blowfish algorithm, 16 min faster than the 3DES algorithm, and 8.5 min faster than the DES algorithm.

Figure 2.

Encryption time analysis.

Table 2.

Encryption time (in minutes).

Data size	CP-ABE + HE	HE + BF	CP-ABE + AES	Proposed (ABE + BF)
128	3.1	2.5	1.0	0.2
256	3.6	3.0	1.5	0.7
512	4.5	3.1	2.80	2.4
1024	6.5	5.0	5.5	3.5
Avg	17.7	13.6	11.0	6.8

Decryption time using ABE + BF

The time it takes to transform ciphertext into plain text is used to compute the decryption time, as shown in Figure 3. The proposed model’s decryption time is much less than that of other encryption algorithms, according to the investigation. Decryption time is almost identical to encryption time, taking about 5.7 min to decrypt 1 GB of data. CP-ABE + HE, HE + BF, and CP-ABE + AES algorithms take 18.8, 14.7, and 9 min, respectively, significantly longer than the proposed model. The suggested solution achieves an average decryption time of 5.7 min, which is 13.1 min faster than CP-ABE + HE, 9 min faster than HE + BF 3.3 min faster than the CP-ABE_AES hybrid algorithm. The time taken by different algorithms, as shown in Table 3, measured in minutes.

Figure 3.

Decryption time (minutes).

Table 3.

Decryption time (minutes).

Data size	CP-AB E+ HE	HE + BF	CP-ABE + AES	Proposed (ABE + BF)
128	3.5	2.9	0.8	0.3
256	3.8	3.0	1.2	0.6
512	5.0	3.5	2.0	2.0
1024	6.5	5.3	5.0	3.0
Avg	18.8	14.7	9.0	5.7

Throughput

For both the encryption and decryption procedures, the throughput is determined as depicted in Figures 4 and 5, respectively. The throughput of encryption is calculated by dividing the size of the text by the time it takes to complete the procedure. Decryption throughput is calculated by dividing the total cipher text by the time it takes to decrypt it. The encryption and decryption throughputs are presented in Table 4 and Table 5 respectively.

Figure 4.

Throughput of encryption.

Figure 5.

Throughput of decryption.

Table 4.

Throughput of encryption.

Data size	CP-ABE + He	HE + BF	CP-ABE + AES	Proposed (ABE + BF)
128	41.29	51.2	128	640
256	71.11	85.33	170.66	365.71
512	113.77	165.16	182.85	106.66
1024	157.53	204.8	186.18	292.57
Avg	95.92	126.6	166.92	351.23

Table 5.

Throughput of decryption.

Data size	CP-ABE + HE	HE + BF	CP-ABE + AES	Proposed (ABE + BF)
128	36.57	44.13	160	426.66
256	67.36	85.33	213.33	426.66
512	102.4	146.28	256	256
1024	157.53	193.2	204.8	341.33
Avg	90.96	117.23	208.53	355.83

The proposed encryption algorithm had the highest throughput compared to other approaches due to the smaller file size & shorter computation time. In contrast, the text size rose and the encryption and decryption took longer. As a result, other hybrid encryption methods’ throughput and performance were reduced when compared to the proposed encryption algorithm.

The suggested approach achieves a maximum throughput of 351.23 MB/min and 355.83 MB/min in the encryption and decryption processes. In the encryption process, the throughputs achieved by CP-ABE + HE, HE + BF, and CP-ABE + AES algorithms are 95.92 MB/min, 126.6 MB/min, and 166.9 MB/min, respectively. Same decryption speeds achieve at 90.96 MB/min, 117.23 MB/min, and 208.53 MB/min, respectively.

Efficiency of intrusion detection

The effectiveness of the model’s and other models’ intrusion detection is evaluated for several different scenarios and the results are compared in Figure 6 and Table 6. All six instances are gained via altering the system’s encrypted data, which is done by changing the variables in the encrypted text. For a few instances, the alterations are made in the initial region of encrypted files, while for a few others; they are made in the middle and end of encrypted files.

Figure 6.

intrusion detection accuracy.

Table 6.

Intrusion detection accuracy.

Instances	CP-ABE+HE	HE + BF	CP-ABE+AES	Proposed (ABE + BF)
10	91	93	93	96
20	90	92	90	94
30	88	90	87	93
40	85	88	88	92
50	77	75	80	91
60	71	73	75	90

The intrusion detection results included in this study are intended to evaluate the system’s ability to identify unauthorized modifications to encrypted data. The artificial intrusion instances were created to test integrity validation within the encryption process rather than to simulate complex attack scenarios. Therefore, the reported efficiency values (90%–96%) reflect detection accuracy for data tampering events.

To facilitate the monitoring of the responses of both proposed and existing models to a variety of intrusions. The initial results demonstrate that the detection efficiency is highest, and deviations are detected as invasions by decrypting the text and comparing it to the genuine text. Changes made in the middle and end portions, on the other hand, take longer to detect because decryption is done block by block. As a result, the detection time is initially long, resulting in lower detection efficiency. Because of the hybrid encryption and decryption techniques, the detection efficiency of the proposed model outperforms all previous models.

Table 7 displays the calculated performance parameters, including encryption time, throughput, and overall efficiency for the proposed system and existing systems. In evaluating the algorithms, the time taken to encrypt 1 GB of data is taken into account. The efficiency of the proposed method is calculated by considering time consumption, intrusion detection, and throughput, utilizing equation (1).

Efficiency Throughput = (e n c r y p t i o n t i m e + d e c r y p t i o n t i m e + i n t r u s i o n d e t e c t i o n e f f i c i e n c y / D a t a)

(1)

Table 7.

Efficiency comparison.

	CP-ABE + HE	HE + BF	CP-ABE + AES	Proposed (ABE + BF)
Efficiency (%)	78.4	80.4	90.4	98.5

Compared to previous encryption algorithms, the suggested hybrid encryption model achieves optimum efficiency. Hybrid algorithms’ efficiency was compared in Table 7.

The suggested model’s efficiency is improved by enhanced throughput and minimal calculation time for the encryption and decryption processes. At the same time, due to long computation times and low throughput values, the efficiency of the CP-ABE + HE, HE + BF, and CP-ABE + AES algorithms decrease. The suggested hybrid encryption algorithm achieves maximum efficiency of 98.5%, while the CP-ABE + HE, HE + BF, and CP-ABE + AES algorithms achieve maximum efficiency of 78.4 %, 80.4 %, and 90.4%, respectively, which is much less than the proposed model efficiency. The performance analysis of hybrid algorithms is presented in Table 8.

Table 8.

Performance analysis.

Parameters	CP-ABE+HE	HE + BF	CP-ABE + AES	Proposed (ABE + BF)
Encryption time [min]	17.7	13.6	11.0	6.8
Decryption time [min]	18.8	14.7	9.0	5.7
Encryption throughput (MB/min)	95.92	126.6	166.92	351.23
Decryption throughput (MB/min)	90.96	117.23	208.53	355.83
Efficiency (%)	78.4	80.4	90.4	98.5

Table 8 Compares the proposed model to CP-ABE + HE, HE + BF, and CP-ABE + AES algorithms regarding overall performance. Table 8 shows the average values for all of the parameters. The findings reveal that the suggested hybrid encryption algorithm outperforms traditional techniques in all respects, from tiny to huge data. As a result, security of big data security is improved. The proposed encryption framework can be seamlessly deployed across IoHT architectures, including resource-constrained wearable and sensor-based medical devices. Its lightweight design enables secure data handling at both the sender and receiver ends within healthcare service environments, ensuring end-to-end protection of clinical information during acquisition, transmission, and storage.

Conclusion

In this study, a novel hybrid encryption approach is proposed to enhance the security of large-scale data within the Hadoop Distributed File System (HDFS) environment. The technique integrates Attribute-Based Encryption (ABE) with the Blowfish algorithm to provide a dual-layer protection mechanism for files stored in the HDFS data nodes. Specifically, selected attributes of the input files are encrypted using ABE, while the key generated by the symmetric Blowfish algorithm is utilized as an access credential for the encrypted data. This layered method strengthens data confidentiality and enables the detection of unauthorized access attempts during the decryption process.

The performance of the proposed algorithm was evaluated using key metrics such as encryption time, decryption time, throughput, and overall efficiency. When compared with other hybrid algorithms—including CP-ABE + HE, HE + BF, and CP-ABE + AES—the proposed model demonstrated superior performance. While most related studies benchmark their methods against traditional standalone encryption algorithms, our work provides a more rigorous comparison by evaluating against existing hybrid schemes. The results clearly indicate that the proposed technique achieves higher accuracy, improved performance, and enhanced security for Big Data in IoHT environments. As a direction for future work, these developments will involve deploying the proposed hybrid encryption scheme in multi-node distributed environments. They also indicate growing opportunities to apply AI based robust and scalable encryption frameworks. The hybrid model introduced in this study can support secure processing, storage, and transmission of medical Big Data in next-generation healthcare systems.

Footnotes

Acknowledgement

The authors gratefully acknowledge the support and thank all contributors for their valuable insights and feedback. We also appreciate the reviewers’ comments,which helped improve the quality of this work.

ORCID iDs

Masood Ahmad

Mohd Nadeem

Authors contributions

Abdullah Alharbi- Carried out the core research activities,including the development of the proposed hybrid encryption model,implementation of the algorithms,and execution of the experimental evaluation. They collected and analyzed the data,prepared the initial draft of the manuscript,and contributed significantly to the technical content and interpretation of results. Wael Alosaimi- Assisted in designing the research methodology,supported the implementation and optimization of the encryption framework,and contributed to data analysis and validation of experimental outcomes. They also participated in reviewing,refining,and improving the manuscript to enhance its technical clarity and coherence. Masood Ahmad- Led the overall research direction,coordinated the study design,and supervised the development of the proposed hybrid encryption framework. They guided the experimental design,validated the analytical results,and ensured the technical accuracy of the manuscript. The corresponding author was also responsible for drafting,revising,and finalizing the manuscript,as well as managing communication with the journal,reviewers,and co-authors throughout the submission and revision process. Mohd Nadeem- Contributed to the validation of experimental results,cross-verification of performance metrics,and critical review of the manuscript. They provided technical insights to improve the interpretation of findings and assisted in refining the discussion and conclusion sections to strengthen the overall quality of the paper.

Funding

This work was supported and funded by the Deanship of Graduate Studies and Scientific Research,Taif University. The funders had no role in study design,data collection and analysis,decision to publish,or preparation of the manuscript.

Declaration of conflicting interests

The authors declared no potential conflicts of interest with respect to the research,authorship,and/or publication of this article.

References

Banik

Shamsi

Laiphrakpam

. An encryption scheme for securing multiple medical images. J Inf Secur Appl 2019; 49: 102398.

Hasan

Alkhalifah

Islam

, et al. Blockchain technology on smart grid, energy trading, and big data: security issues, challenges, and recommendations. Wireless Commun Mobile Comput 2022; 20: 1–26.

Wang

Veeraraghavan

Shen

. Evaluation study of a proposed hadoop for data center networks incorporating optical circuit switches. J Opt Commun Netw 2018; 10(8): C50–C63.

Dhasarathan

Hasan

Islam

, et al. COVID-19 health data analysis and personal data preserving: a homomorphic privacy enforcement approach. Comput Commun 2024; 199: 87–97.

Hasan

Islam

Memon

, et al. A novel resource oriented DMA framework for internet of medical things devices in 5G network. IEEE Trans Ind Inf 2022; 18(12): 8895–8904.

Johnu

Chen

Stoleru

, et al. Hadoop MapReduce for Mobile clouds. IEEE Transactions on Cloud Computing 2016; 7(1): 224–236.

Vohra

Hasan

Shukla

, et al. A low overhead and scalable authentication and encryption scheme for medical wireless sensor networks. Human-Centric Computing and Information Sciences 2023; 13: 1–18.

Bhathal

Singh

. Big data: hadoop framework vulnerabilities, security issues and attacks. Array. 2019; 1: 1–8.

Manoharan

. A novel user layer cloud security model based on chaotic arnold transformation using fingerprint biometric traits. Journal of Innovative Image Processing 2021; 3(01): 36–51.

10.

Hamed

Nahr

Fallah

, et al. Evaluating security of big data through fuzzy based decision-making technique. IEEE Access. 2022; 2(1): 859–872.

11.

Chouhan

Singh

. Security attacks on cloud computing with possible solution. Int J Adv Res Comput Sci Software Eng. 2016; 6(1): 92–96.

12.

Princy

. A comparison of symmetric key algorithms DES, AES, blowfish, RC4, RC6: a survey. Int J Comput Sci Eng Technol. 2015; 6(5): 328–331.

13.

Tianshi

Lai

Feng

, et al. An efficient attribute-based online/offline searchable encryption and its application in cloud-based reliable smart grid. J Syst Architect 2019; 98: 165–172.

14.

Tran

. Privacy-preserving big data analytics a comprehensive survey. J Parallel Distr Comput 2019; 134: 207–218.

15.

Prakasam

Madheswaran

Sujith

, et al. Low latency, area and optimal power hybrid lightweight cryptography authentication scheme for internet of things applications. Wirel Pers Commun 2022; 126(1): 351–365.

16.

Hasan

Akhtaruzzaman

Kabir

, et al. Evolution of industry and blockchain era: monitoring price hike and corruption using BIoT for smart government and industry 4.0. IEEE Trans Ind Inf 2024; 18(12): 9153–9161.

17.

Hasan

Islam

Sulaiman

, et al. Lightweight encryption technique to enhance medical image security on internet of medical things applications. IEEE Access 2021; 9: 47731–47742.

18.

Chatterjee

Chakraborty

Mondal

. Design of lightweight cryptographic model for end-to-end encryption in IoT domain. IRO Journal on Sustainable Wireless Systems 2019; 1(4): 215–224.

19.

Alabdulatif

Khalil

. Towards secure big data analytic for cloud-enabled applications with fully homomorphic encryption. J Parallel Distr Comput 2020; 137: 192–204.

20.

Chunhua

Zhang

, et al. ACA-SDS: adaptive crypto acceleration for secure data storage in big data. IEEE Access 2018; 6: 44494–44505.

21.

Kanika

Agrawal

Pandey

, et al. RSA based encryption approach for preserving confidentiality of big data. Journal of King Saud University-Computer and Information Sciences 2022; 34(5): 2088–2097.

22.

Deepak

Surya

, et al. SEEN: a selective encryption method to ensure confidentiality for big sensing data streams. IEEE Transactions on Big Data 2017; 5(3): 379–392.

23.

Challagidad

Birje

. Efficient multi-authority access control using attribute-based encryption in cloud storage. Procedia Comput Sci 2019; 167: 840–849.

24.

Gayatri

Agrawal

Attaallah

, et al. Attribute based honey encryption algorithm for securing big data: hadoop distributed file system perspective. Peer Review Journal of Computer Science 2020; 6: 1–31.

25.

Sahu

Ansari

. Securing messages from brute force attack by combined approach of honey encryption and blowfish. International Research Journal of Engineering and Technology 2017; 4(9): 1019–1023.

26.

Prasad

Shankar

Maniraj

. A secure access policies based data deduplication system. International Journal of Innovative Science and Research Technology. 2018; 3(2): 3155–3157.

27.

Riaz

Naqvi

Ellahi

, et al. Robust steganography technique for enhancing the protection of medical records in healthcare informatics. IEEE J Biomed Health Inform 2025; PP.

28.

Abbas

Zahir

, et al. Federated learning in smart healthcare: a comprehensive review on privacy, security, and predictive analytics with IoT integration. Healthcare 2024; 12: 2587.

29.

Ghosh

Karar

. Blowfish hybridized weighted attribute-based encryption for secure and efficient data collaboration in cloud computing. Appl Sci 2018; 8(7): 1119.

30.

Nyangaresi

. Privacy preserving three-factor authentication protocol for secure message forwarding in wireless body area networks. Ad Hoc Netw 2023; 142: 103–117.

31.

Nyangaresi

. A formally verified message validation protocol for intelligent iot e-health systems. 2022 IEEE world conference on applied intelligence and computing (AIC), Sonbhadra, India, 17-19 June 2022, pp. 416–422.

Instances	CP-ABE+HE	HE + BF	CP-ABE+AES	Proposed (ABE + BF)
10	91	93	93	96
20	90	92	90	94
30	88	90	87	93
40	85	88	88	92
50	77	75	80	91
60	71	73	75	90

Instances	CP-ABE+HE	HE + BF	CP-ABE+AES	Proposed (ABE + BF)
10	91	93	93	96
20	90	92	90	94
30	88	90	87	93
40	85	88	88	92
50	77	75	80	91
60	71	73	75	90

Next-generation security for big data analytics in healthcare IoT using hybrid cryptographic techniques

Abstract

Keywords

Introduction

Related works

Proposed method and materials

Result and discussion

Encryption time using ABE + BF

Decryption time using ABE + BF

Throughput

Efficiency of intrusion detection

Conclusion

Footnotes

Acknowledgement

ORCID iDs

Authors contributions

Funding

Declaration of conflicting interests

References

Instances	CP-ABE+HE	HE + BF	CP-ABE+AES	Proposed (ABE + BF)
10	91	93	93	96
20	90	92	90	94
30	88	90	87	93
40	85	88	88	92
50	77	75	80	91
60	71	73	75	90