Securing fog computing in healthcare with a zero-trust approach and blockchain

(2025) 2025:5 Kaur et al. J Wireless Com Network https://doi.org/10.1186/s13638-025-02431-6 RESEARCH EURASIP Journal on Wireless Communications and Networking Open Access Securing fog computing in healthcare with a zero‑trust approach and blockchain Navjeet Kaur1, Ayush Mittal2, Umesh Kumar Lilhore3,8, Sarita Simaiya3,4*, Surjeet Dalal5, Kashif Saleem6 and Ehab Seif Ghith7 *Correspondence: 1 Apex Institute of Technology (CSE), Chandigarh University, Mohali, Punjab, India 2 Infosys Limited, Chandigarh, India 3 Department of Computer Science and Engineering, Galgotia University, Greater Noida, Uttar Pradesh, India 4 Arba Minch University, Arba Minch, Ethiopia 5 Department of Computer Science and Engineering, Amity University, Gurugram, Haryana, India 6 Department of Computer Science & Engineering, College of Applied Studies & Community Service, King Saud University, 11362 Riyadh, Saudi Arabia 7 Department of Mechatronics, Faculty of Engineering, An Shams University, Cairo 11566, Egypt 8 Galgotias Multi‑Disciplinary Research & Development Cell(G‑MRDC), Galgotias University, Greater Noida‑201308 UP, India Abstract As healthcare systems increasingly adopt fog computing to improve responsiveness and real-time data processing at the edge, significant security challenges emerge due to the decentralized architecture. The traditional perimeter-based security models are inadequate for addressing the dynamic and distributed nature of fog networks, leaving them vulnerable to unauthorized access, data tampering, and latency issues. Therefore, this paper proposes a novel security framework that integrates blockchain (BC) and software-defined network (SDN) technologies, underpinned by zero-trust (ZT) principles, to address these challenges in latency-sensitive healthcare environments. The proposed framework enhances security by combining BC’s immutable transaction logs for data integrity and traceability with SDN’s dynamic network reconfiguration for real-time access control and anomaly detection. The integration of BC and SDN supports continuous authentication and monitoring using cryptographic protocols (SHA256A and RSA-2048) to secure data transmission. Additionally, tasks are dynamically allocated to fog nodes based on a multi-metric scheduling mechanism that considers fog node capacity, proximity, and compliance with predefined security protocols. The framework was evaluated using iFogSim, simulating a healthcare environment with 50 IoT devices, 10 fog nodes, and varying workloads (100–1000 tasks/min). The key evaluation performance metrics include intrusion detection rate (IDR), data integrity (DI), task completion rate (TCR), average task response time (ART), and average block time. The implementation results demonstrate satisfactory improvements compared to existing models: a 40% increase in IDR, a 30% enhancement in DI, a 15.29% rise in TCR, and a 39.66% reduction in ART. Moreover, the baseline IDR (85%) and DI (70%) were drawn from ZT-1, while TCR (85%) and ART (300 ms) were measured using ZT-2 as benchmarks. These findings illustrate the feasibility of integrating BC, SDN, and ZT principles to mitigate threats such as unauthorized access, data tampering, and delays in latency-sensitive tasks. Keywords: Blockchain, Fog computing, Security, Software-defined networks, Task scheduling, Zero trust 1 Introduction In the rapidly evolving landscape of digital healthcare, integrating fog computing environments has become essential to enhance data processing capabilities and real-time responsiveness. The fog computing environment leverages a distributed architecture, © The Author(s) 2025. Open Access This article is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License, which permits any non-commercial use, sharing, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if you modified the licensed material. You do not have permission under this licence to share adapted material derived from this article or parts of it. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by-nc-nd/4.0/. Kaur et al. J Wireless Com Network (2025) 2025:5 positioned smart computing resources known as fog nodes, closer to data sources results in reduced latency, optimized bandwidth usage, and security due to proximity. Such advancements are ideal for healthcare applications, where the timely analysis and processing of patient data can be lifesaving [1, 2]. For example, in emergency situations such as heart attack detection, fog nodes can process electrocardiogram (ECG) data locally and issue alerts within seconds, potentially saving lives. Additionally, healthcare data must be safeguarded to comply with the privacy requirements of users. However, in spite of several advantages, the distributed nature of fog environments impose new complex security challenges as fog nodes or edge devices like router or switches are old and resource-limited systems that were not originally designed with advanced security features. These devices typically have constrained computational capabilities, including limited processing power, memory, and storage, which restrict their ability to support sophisticated security mechanisms. Moreover, fog environments involve multiple interconnected nodes, each potentially vulnerable to threats. For instance, a compromised fog node could allow attackers to intercept sensitive medical data, impersonate legitimate devices, or launch denial-of-service attacks. These vulnerabilities are particularly concerning in healthcare, where maintaining patient confidentiality and data integrity is critical to complying with regulations such as HIPAA and GDPR. Therefore, the traditional perimeter-based security models are ill-equipped to address the dynamic and open nature of fog environments [3–5]. Moreover, some recent high-profile data breach in various sectors underscore the vulnerability of trustbased networks [6–8]. Hence, addressing these challenges requires developing security solutions that cater specifically to the unique needs and limitations of fog computing environment. The adoption of a ZT security model presents a comprehensive solution to these challenges. While ZT has been successfully implemented in edge and cloud environments, its adoption in fog computing remains underexplored [9]. Unlike conventional trustbased networks, which operate under the assumption that en (...truncated)