Securing fog computing in healthcare with a zero-trust approach and blockchain (vol 2025, 5, 2025)

As healthcare systems increasingly adopt fog computing to improve responsiveness and real-time data processing at the edge, significant security challenges emerge due to the decentralized architecture. The traditional perimeter-based security models are inadequate for addressing the dynamic and distributed nature of fog networks, leaving them vulnerable to unauthorized access, data tampering, and latency issues. Therefore, this paper proposes a novel security framework that integrates blockchain (BC) and software-defined network (SDN) technologies, underpinned by zero-trust (ZT) principles, to address these challenges in latency-sensitive healthcare environments. The proposed framework enhances security by combining BC's immutable transaction logs for data integrity and traceability with SDN's dynamic network reconfiguration for real-time access control and anomaly detection. The integration of BC and SDN supports continuous authentication and monitoring using cryptographic protocols (SHA-256A and RSA-2048) to secure data transmission. Additionally, tasks are dynamically allocated to fog nodes based on a multi-metric scheduling mechanism that considers fog node capacity, proximity, and compliance with predefined security protocols. The framework was evaluated using iFogSim, simulating a healthcare environment with 50 IoT devices, 10 fog nodes, and varying workloads (100-1000 tasks/min). The key evaluation performance metrics include intrusion detection rate (IDR), data integrity (DI), task completion rate (TCR), average task response time (ART), and average block time. The implementation results demonstrate satisfactory improvements compared to existing models: a 40% increase in IDR, a 30% enhancement in DI, a 15.29% rise in TCR, and a 39.66% reduction in ART. Moreover, the baseline IDR (85%) and DI (70%) were drawn from ZT-1, while TCR (85%) and ART (300 ms) were measured using ZT-2 as benchmarks. These findings illustrate the feasibility of integrating BC, SDN, and ZT principles to mitigate threats such as unauthorized access, data tampering, and delays in latency-sensitive tasks.