Biblio

The Fog is an emergent computing architecture that will support the mobility and geographic distribution of Internet of Things (IoT) nodes and deliver context-aware applications with low latency to end-users. It forms an intermediate layer between IoT devices and the Cloud. However, Fog computing brings many requirements that increase the cost of security management. It inherits the security and trust issues of Cloud and acquires some of the vulnerable features of IoT that threaten data and application confidentiality, integrity, and availability. Several existing solutions address some of the security challenges following adequate adaptation, but others require new and innovative mechanisms. These reflect the need for a Fog architecture that provides secure access, efficient authentication, reliable and secure communication, and trust establishment among IoT devices and Fog nodes. The Fog might be more convenient to deploy decentralized authentication solutions for IoT than the Cloud if appropriately designed. In this short survey, we highlight the Fog security challenges related to IoT security requirements and architectural design. We conduct a comparative study of existing Fog architectures then perform a critical analysis of different authentication schemes in Fog computing, which confirms some of the fundamental requirements for effective authentication of IoT devices based on the Fog, such as decentralization, less resource consumption, and low latency.

The evolution of the Internet of Vehicles (IoV) paradigm has recently attracted a lot of researchers and industries. Vehicular Ad Hoc Networks (VANET) is the networking model that lies at the heart of this technology. It enables the vehicles to exchange relevant information concerning road conditions and safety. However, ensuring communication security has been and still is one of the main challenges to vehicles' interconnection. To secure the interconnected vehicular system, many cryptography techniques, communication protocols, and certification and reputation-based security approaches were proposed. Nonetheless, some limitations are still present, preventing the practical implementation of such approaches. In this paper, we first define a set of locally-perceived behavioral reputation parameters that enable a distributed evaluation of vehicles' reputation. Then, we integrate these parameters into the design of a reputation management system to exclude malicious or faulty vehicles from the IoV network. Our system can help in the prevention of several attacks on the VANET environment such as Sybil and Denial of Service attacks, and can be implemented in a fully decentralized fashion.

Cloud systems are becoming more complex and vulnerable to attacks. Cyber attacks are also becoming more sophisticated and harder to detect. Therefore, it is increasingly difficult for a single cloud-based intrusion detection system (IDS) to detect all attacks, because of limited and incomplete knowledge about attacks. The recent researches in cyber-security have shown that a co-operation among IDSs can bring higher detection accuracy in such complex computer systems. Through collaboration, a cloud-based IDS can consult other IDSs about suspicious intrusions and increase the decision accuracy. The problem of existing cooperative IDS approaches is that they overlook having untrusted (malicious or not) IDSs that may negatively effect the decision about suspicious intrusions in the cloud. Moreover, they rely on a centralized architecture in which a central agent regulates the cooperation, which contradicts the distributed nature of the cloud. In this paper, we propose a framework that enables IDSs to distributively form trustworthy IDSs communities. We devise a novel decentralized algorithm, based on coalitional game theory, that allows a set of cloud-based IDSs to cooperatively set up their coalition in such a way to make their individual detection accuracy increase, even in the presence of untrusted IDSs.

The last decade has witnessed a growing interest in exploiting the advantages of Cloud Computing technology. However, the full migration of services and data to the Cloud is still cautious due to the lack of security assurance. Cloud Service Providers (CSPs)are urged to exert the necessary efforts to boost their reputation and improve their trustworthiness. Nevertheless, the uniform implementation of advanced security solutions across all their data centers is not the ideal solution, since customers' security requirements are usually not monolithic. In this paper, we aim at integrating the Cloud security risk into the process of resource provisioning to increase the security of Cloud data centers. First, we propose a quantitative security risk evaluation approach based on the definition of distinct security metrics and configurations adapted to the Cloud Computing environment. Then, the evaluated security risk levels are incorporated into a resource provisioning model in an InterCloud setting. Finally, we adopt two different metaheuristics approaches from the family of evolutionary computation to solve the security risk-aware resource provisioning problem. Simulations show that our model reduces the security risk within the Cloud infrastructure and demonstrate the efficiency and scalability of proposed solutions.