FOGGYTRUST: Trust in Fog-Enabled Networks
- FOGGYTRUST is a fog- and edge-centric trust model that enforces authentication, integrity, and robustness near data producers rather than relying on remote cloud infrastructures.
- It leverages lightweight, real-time cryptographic protocols and localized trust evaluations to address dynamic security challenges in vehicular, IoT, and federated learning environments.
- The framework demonstrates reduced latency, lower processing overhead, and improved resilience against spoofing, replay, and Byzantine attacks in decentralized fog networks.
FOGGYTRUST denotes a fog- and edge-centric approach to trust in which authentication, integrity assessment, and robustness are enforced near data producers, clients, or locally homogeneous groups rather than inferred from a remote cloud, a static trust zone, or infrastructure ownership alone. In the fog-computing literature, this orientation arises because fog systems are decentralized, heterogeneous, and often not centrally audited; as a result, trust is treated as bidirectional, context-dependent, dynamic, subjective, and asymmetric rather than as a fixed property of network membership (Patwary et al., 2020). In recent federated-learning work, FoggyTrust is also the name of a specific hierarchical Byzantine-robust framework that localizes FLTrust-style trust computation to fog nodes (Rassou et al., 26 Jun 2026). Closely related research instantiates the same design principle in vehicular fog computing, urban event systems, IoT-fog auditing, and robust operation in foggy visual environments (Ahmad, 21 May 2025).
1. Conceptual scope and trust-theoretic foundations
Fog-computing security research frames trust as “the expectation that a device or system will faithfully behave in a particular manner to fulfill its intended purpose,” and also adopts the trust-management view of determining, from security policies and credentials, whether an entity satisfies the relevant policy (Patwary et al., 2020). In fog environments, this definition is tightened by operational constraints: fog devices are owned and managed by different parties, devices are not centrally audited, nodes and users can both be threats to each other, and authentication alone is insufficient to establish trust. The consequence is that fog trust is not merely reputation; it is a runtime judgment about whether a fog node is safe or unsafe, and whether a node or client will behave reliably in a distributed, dynamic, and partially untrusted environment.
A central taxonomy places trust alongside privacy, authentication, access control, threats and attacks, and security audit as six major categories of fog security (Patwary et al., 2020). Within that taxonomy, trust management includes trust scope, trust characteristics, trust evaluation models, and attacks on trust computation. Trust aggregation, trust formation, trust update, trust propagation, and trust composition are treated as distinct lifecycle components. The same survey argues that no strongly recommended Fog-specific trust model has yet emerged, and that existing mechanisms are largely adapted from IoT or cloud settings rather than derived from fog-native assumptions.
The literature associated with FOGGYTRUST therefore spans several technically distinct but conceptually aligned lines of work.
| Strand | Trust object | Representative formulation |
|---|---|---|
| Vehicular fog computing | Mobile V2X identity and session legitimacy | Continuous, context-driven, mobility-aware authentication (Ahmad, 21 May 2025) |
| VANET rogue-node defense | Plausibility of beaconed traffic state | Fog-assisted hypothesis testing without trust scores (Paranjothi et al., 2021) |
| Distributed event-based systems | Credibility of producer location claims | Fog-based sensor location certification (Castro-Jul et al., 2023) |
| IoT-fog integrity enforcement | Correctness of fog services and accountability | Blockchain audit, reputation, deposit, incentives (Martinez et al., 2024) |
| Federated learning | Reliability of client model updates | Hierarchical local trust bootstrapping at fog nodes (Rassou et al., 26 Jun 2026) |
A recurring misconception in this literature is that cloud-style trust assumptions can be transferred unchanged to fog. The survey literature rejects that position explicitly: fog is more exposed, more distributed, and more heterogeneous, so trust must be built continuously at runtime rather than assumed statically from provider identity or network location (Patwary et al., 2020).
2. Architectural patterns and trust computation at the fog layer
A canonical fog-assisted trust architecture appears in vehicular fog computing as a three-tier model composed of vehicles , fog nodes , and a decentralized trust ledger or trust evaluation layer. The network is formalized as an undirected graph
where
is the set of fog nodes, is the set of vehicles, and is the set of authenticated communication links (Ahmad, 21 May 2025). In that formulation, the fog node is not a relay but a local trust-enforcement point: it verifies signatures, inspects context, updates trust, decides whether to accept or reject a session, derives session keys, and stores session metadata.
The same work makes the zero-trust premise explicit: prior association, network location, or static identity alone do not justify access. Instead, every decision is driven by verified cryptographic credentials, current contextual information, recent behavioral observations, and dynamic trust scoring. The context vector is
where is vehicle speed, is current location, and 0 is a recent behavior score. Trust is updated through a context-sensitive exponential filter,
1
with 2 as forgetting factor. Acceptance is then evaluated against a threshold, with the simulation threshold set to 3 (Ahmad, 21 May 2025). The forgetting factor is significant because old trust evidence decays automatically, which is especially relevant where topology and behavior change rapidly.
More general fog-security surveys describe the same pattern at a higher level. Trust must be lightweight, distributed, and adaptive; trust computation may combine recommendations and direct experience; and trust may be centralized or distributed in its storage and propagation (Patwary et al., 2020). Surveyed model families include reputation-based models, plausibility-based fuzzy trust models, Trusted Execution Environment (TEE), Secure Element (SE), and Trusted Platform Module (TPM). Blockchain is treated as a promising decentralized trust anchor because it can provide decentralized trust, immutability, node-status tracking, and strong authentication or non-repudiation, but the same survey stresses that Bitcoin-style Proof-of-Work is too heavy for fog devices and that Proof-of-Stake is more plausible (Patwary et al., 2020).
This architecture-level perspective clarifies a second misconception: blockchain is not a complete substitute for trust evaluation. The survey treats blockchain as a supporting mechanism for decentralized identity and tamper resistance, not as a sufficient answer to dynamic trust, context, mobility, privacy, access control, and auditing (Patwary et al., 2020).
3. Mobility-aware vehicular security and fog-assisted rogue-node detection
In vehicular fog computing, FOGGYTRUST is exemplified by the Zero-Trust Mobility-Aware Authentication Framework (ZTMAF), a lightweight security architecture for vehicular fog computing and broader V2X environments (Ahmad, 21 May 2025). Its authentication workflow is intentionally short. A vehicle 4 generates a request containing identity and context, computes
5
signs the request as
6
and sends 7 and 8 to the fog node 9. The fog node verifies the signature, decodes context, updates trust, and, if trust exceeds the threshold, derives a session key
0
If trust is too low, it requests an additional challenge or fallback authentication. The cryptography is deliberately lightweight: a collision-resistant hash function 1, digital signatures, and a PRF implemented as HMAC-SHA256 in the simulation, with Python cryptography and hashlib libraries for implementation (Ahmad, 21 May 2025).
ZTMAF was evaluated with NS-3 version 3.36 and SUMO, using the CityMob dataset, the Krauss car-following model, and a custom Python trust engine. The simulation time was 600 seconds; vehicle counts were 100, 200, 300, 400, and 500; there were 10 static fog nodes; bandwidth was 10 Mbps; packet size was 512 Bytes; and attack models included spoofing, replay, and Sybil (Ahmad, 21 May 2025). Reported results were favorable to the framework: authentication latency stayed below 200 ms up to 400 vehicles, session success rate remained over 95% under high mobility, CPU usage stayed below 25k cycles per authentication attempt, spoofing and replay detection reached 97%, trust stabilized after about 50 seconds for compliant vehicles, latency was 21% lower than blockchain-based systems, CPU cycles were 35% lower than PKI-based authentication, and performance remained consistent up to 500 vehicles (Ahmad, 21 May 2025). The framework is therefore positioned as a real-time, fog-assisted alternative to static trust zones, cumbersome PKI, or consensus-heavy blockchain mechanisms.
A related but methodologically different VANET line is F-RouND, Fog-based Rogue Nodes Detection (Paranjothi et al., 2021). F-RouND does not compute trust scores or reputation values. Instead, it dynamically creates a fog layer from the On-Board Units of all vehicles in the region, coordinated by a guard node, and uses Greenshield’s traffic model and statistical hypothesis testing to identify vehicles broadcasting false beacon information. Beacon messages are broadcast every 100 ms and include
2
while the guard node’s broadcast later adds 3 and 4. The detection rule uses the average regional speed 5, standard deviation
6
and an acceptance interval from 7 to 8; speeds outside that interval are labeled rogue (Paranjothi et al., 2021).
The significance of F-RouND within the FOGGYTRUST theme is architectural rather than taxonomic. It shows that fog computing can replace heavyweight trust infrastructures in dense VANETs by pushing security decisions to the edge and using distributed vehicular resources rather than RSUs, trust-score maintenance, or historical vehicle profiles. In urban scenarios it reported 45% lower processing delay, 12% lower overhead, and 36% lower false-positive rate than Fog-IDS, IDS, and TEAM, and it remained robust even when rogue nodes increased up to 40% in the region (Paranjothi et al., 2021). This suggests that, in some fog security regimes, statistical confidence and local plausibility can function as a lightweight substitute for explicit trust scoring.
4. Certification, auditing, and economic enforcement in urban and IoT-fog systems
A different branch of FOGGYTRUST concerns certification of attributes and auditability of fog behavior. In distributed event-based systems for smart cities, location is treated both as a filtering criterion and as a trust signal. To validate producer location claims, three fog architectures have been proposed: fixed-brokers, assigned-brokers, and collaborative architectures (Castro-Jul et al., 2023). Certification applies specifically to the location attribute, encoded as
9
and
0
with 1.
In the fixed-brokers architecture, the city is divided into cells, each with a physically deployed border broker that certifies a producer’s claimed location if the claim matches the broker’s own location. In the assigned-brokers architecture, brokers remain in the cloud but are assigned geographic areas, and producers submit neighbor lists over LTE based on ad hoc WiFi discovery. Verification can follow the Complete-List Strategy (CLS),
2
or the Nonempty List Strategy (NLS),
3
In the collaborative architecture, nearby producers are polled before publication, and a location is accepted only if there is at least one reply and a unique most-voted location. Across realistic urban simulations in Vigo, Spain, using OpenStreetMap, BonnMotion, the MSLAW mobility model, and ns-3, the three architectures correctly identified between 73% and 100% of false location claims (Castro-Jul et al., 2023). The fixed-brokers architecture identified 100% of false claims, while collaborative certification was more flexible but noisier.
In public IoT-fog environments, the same trust problem is extended from certification to service integrity. A blockchain-based mechanism called FISIE, Fog Identity and Service Integrity Enforcement, introduces an Identity and Integrity Management Smart Contract (IIMSC) that combines mutual authentication, payment, auditing, and incentive enforcement (Martinez et al., 2024). IIMSC maintains three on-chain lookup tables: an IoT table 4, a fog table 5, and an oracle table 6. Mutual authentication uses ECC/secp256k1, ECDSA signatures, and address lookup based on
7
after which both sides derive a symmetric session key through ECC Diffie-Hellman style agreement. Payment is accounted for inside the contract tables rather than transferred directly peer to peer.
The integrity mechanism is distinctive. Oracles act as semi-trusted auditors, but each oracle uses one identity as an IoT-like requester and another as an oracle identity for on-chain audit submission. Audits are scheduled periodically, with the default policy of one audit every 8 requests. The oracle sends a normal-looking request, computes the expected output locally, compares it with the fog node’s response, and submits the result to IIMSC together with a ring signature proving membership in the IoT set without revealing which IoT identity was used (Martinez et al., 2024). If the fog passes, reputation increases: 9 If it fails, both reputation and deposit decrease: 0 A fog node is removed if reputation falls below 1 or its deposit reaches zero (Martinez et al., 2024).
This branch of the literature shows that FOGGYTRUST is not restricted to probabilistic trust scores. It can also be instantiated as provision-trust, certification, or accountable integrity enforcement. In simulation, weighted audit scheduling outperformed random sampling and BIBD sampling in lower mean auditing cost and lower variance, and dishonest nodes were progressively removed as audits continued (Martinez et al., 2024).
5. FoggyTrust as hierarchical Byzantine-robust federated learning
In federated learning, FoggyTrust is a specific hierarchical extension of FLTrust designed for globally heterogeneous data (Rassou et al., 26 Jun 2026). FLTrust assumes a trusted server-side root dataset 2 and computes a server root update 3, then assigns trust to each client update 4 by cosine similarity: 5 Each client update is normalized to the magnitude of the root update,
6
and aggregated by trust-weighted averaging. FoggyTrust keeps this trust mechanism almost unchanged but relocates it to fog nodes. Each fog node 7 has its own root dataset 8, computes a local root update 9, evaluates local trust scores 0, normalizes local client updates, and produces a fog-level aggregate
1
The server then aggregates 2 across fog nodes using a second-level optimizer such as FedAvg, FedAdam, or SCAFFOLD (Rassou et al., 26 Jun 2026).
The motivation is structural. A single global root dataset may be unrepresentative of many honest clients when the system is non-IID at the population level. FoggyTrust therefore assumes that data are globally heterogeneous but still contain locally homogeneous pockets. Trust is computed where the reference data are representative, and cross-group heterogeneity is delegated to a second-level optimizer. This two-level design addresses two problems simultaneously: mismatch in trust estimation and client drift across groups (Rassou et al., 26 Jun 2026).
Evaluation covered MNIST, Fashion-MNIST, CIFAR-10, and Snapshot Safari. The main attack models were Label Flipping, Krum Attack, Trim Attack, and Scaling Attack. The primary corruption setting used 20% malicious clients, corresponding to 20 malicious out of 100 clients for MNIST, Fashion-MNIST, and CIFAR-10, and 6 malicious out of 30 clients for Snapshot Safari (Rassou et al., 26 Jun 2026). The strongest gains appeared on heterogeneous CIFAR-10 under Krum and Trim attacks. FLTrust achieved 0.3213 under Krum Attack and 0.3257 under Trim Attack, while FoggyTrust(FedAvg) reached 0.4837 and 0.5165, FoggyTrust(FedAdam) reached 0.4957 and 0.4671, and FoggyTrust(SCAFFOLD) reached 0.4918 and 0.5230 (Rassou et al., 26 Jun 2026). These are the results behind the claim of over 50% improvement over FLTrust in challenging heterogeneous settings.
The framework is not presented as universally dominant. The paper states that data poisoning remains difficult; FoggyTrust does not consistently improve over FLTrust on label-flipping attacks. Intra-group heterogeneity can still degrade local trust estimation, as illustrated by Snapshot Safari, where weather, illumination, camera position, and time of day remain highly variable even within a group. Root dataset size also matters substantially: a partitioned FoggyTrust variant with smaller root datasets per fog node showed much worse convergence on MNIST than the standard setup (Rassou et al., 26 Jun 2026). These limitations are important because they show that local trust bootstrapping is effective only when locality preserves enough distributional coherence.
6. Trustworthiness under atmospheric fog: perception, adaptation, and synthetic data
A plausible extension of the FOGGYTRUST theme is trustworthy operation under atmospheric fog, where the relevant question is not whether a node is honest but whether a model remains physically grounded, avoids hallucinations, and generalizes from synthetic or clear conditions to real foggy scenes. In object detection, one domain-adaptation framework addresses this by retaining depth and background information during alignment, constraining generated depth and fog transmission by the physical relation
3
and reconstructing a fog-free background image to suppress false object features (Yang et al., 2022). The detector uses a Faster R-CNN backbone 4, detection head 5, a domain discriminator 6, a Depth Estimation Block, a transmission-depth consistency loss, a reconstruction decoder, and semi-supervised target learning with pseudo-labels. On Foggy Cityscapes, the method reported 47.6 mAP against the 44.3 mAP of the best prior DA method, and it also reported 55.4 mAP on STF, 34.62 mAP on FoggyDriving, and 39.9 mAP on RTTS (Yang et al., 2022). Here, trustworthiness is operationalized as physics-consistent representations, reduced false positives, and less source-domain bias.
In lane detection, a fog-aware architecture combines dataset construction with feature design (Zhang et al., 8 Apr 2025). The work introduces the real-world FoggyLane dataset with 1,423 annotated images, as well as FoggyCULane and FoggyTusimple, and proposes a Fog-Enhanced Network with a Global Feature Fusion Module (GFFM), a Kernel Feature Fusion Module (KFFM), and a Low-level Edge Enhanced Module (LEEM). The architecture uses a Swin Transformer backbone, HRNetV2 neck, and a dynamic-convolution-based lane instance detection plus mask segmentation head. Reported performance includes F1-scores of 95.04 on FoggyLane, 79.85 on FoggyCULane, and 96.95 on FoggyTusimple, while TensorRT acceleration yields 38.4 FPS on NVIDIA Jetson AGX Orin (Zhang et al., 8 Apr 2025). This line of work treats trustworthiness as robustness to visibility degradation, preservation of global context, and recovery of weakened edge information.
Synthetic-data generation addresses the same issue from the training side. Analogical image translation learns a zero-shot analogy
7
so that synthetic clear and synthetic foggy images can teach a model to add fog to real clear images without ever seeing real foggy images during training (Gong et al., 2020). The approach combines supervised synthetic-domain learning, adversarial domain alignment, cycle consistency in the real domain, perceptual objectives, and depth-based auxiliary losses. In a user study on Amazon Mechanical Turk, AnalogicalGAN was preferred over CycleGAN by 61.0% to 39.0% and over MUNIT by 66.7% to 33.3%, and the synthesized fog improved downstream semantic foggy scene understanding on Foggy Zurich and Foggy Driving (Gong et al., 2020).
A more explicitly physical approach is SynFog, a synthetic fog dataset and end-to-end fog imaging simulation pipeline (Xie et al., 2024). Instead of relying only on the classical atmospheric scattering model,
8
SynFog renders foggy scene radiance by volumetric path tracing and then simulates optics, sensor response, and image signal processing: 9 The dataset contains 500 unique outdoor driving scenes, two lighting conditions per scene, and three fog densities with 0, 1, and 2, corresponding to 600 m, 300 m, and 150 m visibility (Xie et al., 2024). Models trained on SynFog generalized better to real fog than models trained on Foggy Cityscapes or Virtual KITTI; for example, AECR-Net trained on SynFog achieved 71.5 mAP on Foggy Zurich and 55.5 on Seeing Through Fog, outperforming the corresponding models trained on the other synthetic datasets (Xie et al., 2024).
Taken together, these perception papers do not define FOGGYTRUST in the same way as fog-security papers, but they suggest a related technical meaning: robustness in fog becomes more trustworthy when adaptation preserves scene geometry, synthesis respects image-formation physics, and deployment remains feasible on edge hardware. In that broader sense, FOGGYTRUST connects trust management at the fog layer with trustworthiness under fog as a physical operating condition.