Biblio

Fog computing architecture allows the end-user devices of an Internet of Things (IoT) application to meet their latency and computation requirements by offloading tasks to a fog node in proximity. This fog node in turn may offload the task to a neighboring fog node or the cloud-based on an optimal node selection policy. Several such node selection policies have been proposed that facilitate the selection of an optimal node, minimizing delay and energy consumption. However, one crucial assumption of these schemes is that all the networked fog nodes are authorized part of the fog network. This assumption is not valid, especially in a cooperative fog computing environment like a smart city, where fog nodes of multiple applications cooperate to meet their latency and computation requirements. In this paper, we propose a secure task-offloading framework for a distributed fog computing environment based on smart-contracts on the blockchain. The proposed framework allows a fog-node to securely offload tasks to a neighboring fog node, even if no prior trust-relation exists. The security analysis of the proposed framework shows how non-authenticated fog nodes are prevented from taking up offloading tasks.

Fog computing or edge computing or fogging extends cloud computing to the edge of the network. It operates on the computing, storage and networking services between user-end devices and cloud computing data centres. However, in the process of caring out these operations, fog computing is faced with several security issues. These issues may be inherited from cloud computing systems or may arise due to fog computing systems alone. Some of the major gaps in providing a secure platform for the fog computing process arise from interim operational steps like authentication or identification, which often expands to large scale performance issues in fog computing. Thus, these issues and their implications on fog computing databases, and the possible available solutions are researched and provided for a better scope of future use and growth of fog computing systems by bridging the gaps of security issues in it.

In today's smart healthcare system, medical records of patients are exposed to a large number of users for various purposes, from monitoring the patients' health to data analysis. Preserving the privacy of a patient has become an important and challenging issue. outsourced Ciphertext-Policy Attribute-Based Encryption (CP-ABE) provides a solution for the data sharing and privacy preservation problem in the healthcare system in fog environment. However, the high computational cost in case of frequent attribute updates renders it infeasible for providing access control in healthcare systems. In this paper, we propose an efficient method to overcome the frequent attribute update problem of outsourced CP-ABE. In our proposed approach, we generate two keys for each user (a static key and a dynamic key) based on the constant and changing attributes of the users. Therefore, in case of an attribute change for a user, only the dynamic key is updated. Also, the key update is done at the fog nodes without compromising the security of the system. Thus, both the communication and the computational overhead associated with the key update in the outsourced CP-ABE scheme are reduced, making it an ideal solution for data access control in healthcare systems. The efficacy of our proposed approach is shown through theoretical analysis and experimentation.

The current trend of IoT user is toward the use of services and data externally due to voluminous processing, which demands resourceful machines. Instead of relying on the cloud of poor connectivity or a limited bandwidth, the IoT user prefers to use a cloudlet-based fog computing. However, the choice of cloudlet is solely dependent on its trust and reliability. In practice, even though a cloudlet possesses a required trusted platform module (TPM), we argue that the presence of a TPM is not enough to make the cloudlet trustworthy as the TPM supports only the primitive security of the bootstrap. Besides uncertainty in security, other uncertain conditions of the network (e.g. network bandwidth, latency and expectation time to complete a service request for cloud-based services) may also prevail for the cloudlets. Therefore, in order to evaluate the trust value of multiple cloudlets under uncertainty, this paper broadly proposes the empirical process for evaluation of trust. This will be followed by a measure of trust-based reputation of cloudlets through computational intelligence such as fuzzy logic and ant colony optimization (ACO). In the process, fuzzy logic-based inference and membership evaluation of trust are presented. In addition, ACO and its pheromone communication across different colonies are being modeled with multiple cloudlets. Finally, a measure of affinity or popular trust and reputation of the cloudlets is also proposed. Together with the context of application under multiple cloudlets, the computationally intelligent approaches have been investigated in terms of performance. Hence the contribution is subjected towards building a trusted cloudlet-based fog platform.

In recent days the attention of the researchers has been grabbed by the advent of fog computing which is found to be a conservatory of cloud computing. The fog computing is found to be more advantageous and it solves mighty issues of the cloud namely higher delay and also no proper mobility awareness and location related awareness are found in the cloud environment. The IoT devices are connected to the fog nodes which support the cloud services to accumulate and process a component of data. The presence of Fog nodes not only reduces the demands of processing data, but it had improved the quality of service in real time scenarios. Nevertheless the fog node endures from challenges of false data injection, privacy violation in IoT devices and violating integrity of data. This paper is going to address the key issues related to homomorphic encryption algorithms which is used by various researchers for providing data integrity and authenticity of the devices with their merits and demerits.

Nowadays, Fog Computing gets more attention due to its characteristics. Fog computing provides more advantages in related to apply with the latest technology. On the other hand, there is an issue about the data security over processing of data. Fog Computing encounters many security challenges like false data injection, violating privacy in edge devices and integrity of data, etc. An encryption scheme called Homomorphic Encryption (HME) technique is used to protect the data from the various security threats. This homomorphic encryption scheme allows doing manipulation over the encrypted data without decrypting it. This scheme can be implemented in many systems with various crypto-algorithms. This homomorphic encryption technique is mainly used to retain the privacy and to process the stored encrypted data on a remote server. This paper addresses the terminologies of Fog Computing, work flow and properties of the homomorphic encryption algorithm, followed by exploring the application of homomorphic encryption in various public key cryptosystems such as RSA and Pailier. It focuses on various homomorphic encryption schemes implemented by various researchers such as Brakerski-Gentry-Vaikuntanathan model, Improved Homomorphic Cryptosystem, Upgraded ElGamal based Algebric homomorphic encryption scheme, In-Direct rapid homomorphic encryption scheme which provides integrity of data.

The recent trend of military is to combined Internet of Things (IoT) knowledge to their field for enhancing the impact in battlefield. That's why Internet of battlefield (IoBT) is our concern. This paper discusses how Fog Radio Access Network(F-RAN) can provide support for local computing in Industrial IoT and IoBT. F-RAN can play a vital role because of IoT devices are becoming popular and the fifth generation (5G) communication is also an emerging issue with ultra-low latency, energy consumption, bandwidth efficiency and wide range of coverage area. To overcome the disadvantages of cloud radio access networks (C-RAN) F-RAN can be introduced where a large number of F-RAN nodes can take part in joint distributed computing and content sharing scheme. The F-RAN in IoBT is effective for enhancing the computing ability with fog computing and edge computing at the network edge. Since the computing capability of the fog equipment are weak, to overcome the difficulties of fog computing in IoBT this paper illustrates some challenging issues and solutions to improve battlefield efficiency. Therefore, the distributed computing load balancing problem of the F-RAN is researched. The simulation result indicates that the load balancing strategy has better performance for F-RAN architecture in the battlefield.

The extensive increase in the number of IoT devices and the massive data generated and sent to the cloud hinder the cloud abilities to handle it. Further, some IoT devices are latency-sensitive. Such sensitivity makes it harder for far clouds to handle the IoT needs in a timely manner. A new technology named "Fog computing" has emerged as a solution to such problems. Fog computing relies on close by computational devices to handle the conventional cloud load. However, Fog computing introduced additional problems related to the trustworthiness and safety of such devices. Unfortunately, the suggested architectures did not consider such problem. In this paper we present a novel self-configuring fog architecture to support IoT networks with security and trust in mind. We realize the concept of Moving-target defense by mobilizing the applications inside the fog using live migrations. Performance evaluations using a benchmark for mobilized applications showed that the added overhead of live migrations is very small making it deployable in real scenarios. Finally, we presented a mathematical model to estimate the survival probabilities of both static and mobile applications within the fog. Moreover, this work can be extended to other systems such as mobile ad-hoc networks (MANETS) or in vehicular cloud computing (VCC).

Industrial Control systems traditionally achieved security by using proprietary protocols to communicate in an isolated environment from the outside. This paradigm is changed with the advent of the Industrial Internet of Things that foresees flexible and interconnected systems. In this contribution, a device acting as a connection between the operational technology network and information technology network is proposed. The device is an intrusion detection system related to legacy systems that is able to collect and reporting data to and from industrial IoT devices. It is based on the common signature based intrusion detection system developed in the information technology domain, however, to cope with the constraints of the operation technology domain, it exploits anomaly based features. Specifically, it is able to analyze the traffic on the network at application layer by mean of deep packet inspection, parsing the information carried by the proprietary protocols. At a later stage, it collect and aggregate data from and to IoT domain. A simple set up is considered to prove the effectiveness of the approach.

The advancement and penetration of distributed energy resources (DERs) and renewable energy sources (RES) are transforming legacy energy systems in an attempt to reduce carbon emissions and energy waste. Demand Response (DR) has been identified as a key enabler of integrating these, and other, Smart Grid technologies, while, simultaneously, ensuring grid stability and secure energy supply. The massive deployment of smart meters, IoT devices and DERs dictate the need to move to decentralized, or even localized, DR schemes in the face of the increased scale and complexity of monitoring and coordinating the actors and devices in modern smart grids. Furthermore, there is an inherent need to guarantee interoperability, due to the vast number of, e.g., hardware and software stakeholders, and, more importantly, promote trust and incentivize the participation of customers in DR schemes, if they are to be successfully deployed.In this work, we illustrate the design of an energy system that addresses all of the roadblocks that hinder the large scale deployment of DR services. Our DR framework incorporates modern Smart Grid technologies, such as fog-enabled and IoT devices, DERs and RES to, among others, automate asset handling and various time-consuming workflows. To guarantee interoperability, our system employs OpenADR, which standardizes the communication of DR signals among energy stakeholders. Our approach acknowledges the need for decentralization and employs blockchains and smart contracts to deliver a secure, privacy-preserving, tamper-resistant, auditable and reliable DR framework. Blockchains provide the infrastructure to design innovative DR schemes and incentivize active consumer participation as their aforementioned properties promote transparency and trust. In addition, we harness the power of smart contracts which allows us to design and implement fully automated contractual agreements both among involved stakeholders, as well as on a machine-to-machine basis. Smart contracts are digital agents that "live" in the blockchain and can encode, execute and enforce arbitrary agreements. To illustrate the potential and effectiveness of our smart contract-based DR framework, we present a case study that describes the exchange of DR signals and the autonomous instantiation of smart contracts among involved participants to mediate and monitor transactions, enforce contractual clauses, regulate energy supply and handle payments/penalties.

With the challenge of the vast amount of data generated by devices at the edge of networks, new architecture needs a well-established data service model that accounts for privacy concerns. This paper presents an architecture of data transmission and a data portfolio with privacy for fog-to-cloud (DPPforF2C). We would like to propose a practical data model with privacy from a digitalized information perspective at fog nodes. In addition, we also propose an architecture for implicating the privacy of DPPforF2C used in fog computing. Technically, we design a data portfolio based on the Message Queuing Telemetry Transport (MQTT) and the Advanced Message Queuing Protocol (AMQP). We aim to propose sample data models with privacy architecture because there are some differences in the data obtained from IoT devices and sensors. Thus, we propose an architecture with the privacy of DPPforF2C for publishing data from edge devices to fog and to cloud servers that could be applied to fog architecture in the future.

With the development of cloud computing technology in the Internet of Things (IoT), the trajectory privacy in location-based services (LBSs) has attracted much attention. Most of the existing work adopts point-to-point and centralized models, which will bring a heavy burden to the user and cause performance bottlenecks. Moreover, previous schemes did not consider both online and offline trajectory protection and ignored some hidden background information. Therefore, in this paper, we design a trajectory protection scheme based on fog computing and k-anonymity for real-time trajectory privacy protection in continuous queries and offline trajectory data protection in trajectory publication. Fog computing provides the user with local storage and mobility to ensure physical control, and k-anonymity constructs the cloaking region for each snapshot in terms of time-dependent query probability and transition probability. In this way, two k-anonymity-based dummy generation algorithms are proposed, which achieve the maximum entropy of online and offline trajectory protection. Security analysis and simulation results indicate that our scheme can realize trajectory protection effectively and efficiently.

Statistics suggests, proceeding towards IoT generation, is increasing IoT devices at a drastic rate. This will be very challenging for our present-day network infrastructure to manage, this much of data. This may risk, both security and traffic collapsing. We have proposed an infrastructure with Fog Computing. The Fog layer consists two layers, using the concepts of Service oriented Architecture (SOA) and the Agent based composition model which ensures the traffic usage reduction. In order to have a robust and secured system, we have modified the Fog based agent model by replacing the SOA with secured Named Data Network (NDN) protocol. Knowing the fact that NDN has the caching layer, we are combining NDN and with Fog, as it can overcome the forwarding strategy limitation and memory constraints of NDN by the Agent Society, in the Middle layer along with Trust management.

Video surveillance system is an important application system on the ubiquitous SG-eIoT. A comparative analysis of the traditional video surveillance scheme and the unified video surveillance solution in the eIoT environment is made. Network load and service latency parameters under the two schemes are theoretically modeled and simulated. Combined with the simulation results, the corresponding suggestions for the access of video terminals in the ubiquitous eIoT are given.

With the increasing popularity and adoption of IoT technology, fog computing has been used as an advancement to cloud computing. Although trust management issues in cloud have been addressed, there are still very few studies in a fog area. Trust is needed for collaborating among fog nodes and trust can further improve the reliability by assisting in selecting the fog nodes to collaborate. To address this issue, we present a provenance based trust mechanism that traces the behavior of the process among fog nodes. Our approach adopts the completion rate and failure rate as the process provenance in trust scores of computing workload, especially obvious measures of trustworthiness. Simulation results demonstrate that the proposed system can effectively be used for collaboration in a fog environment.

Bio-modalities are ideal for user authentication in Medical Cyber-Physical Systems. Various forms of bio-modalities, such as the face, iris, fingerprint, are commonly used for secure user authentication. Concurrently, various spoofing approaches have also been developed over time which can fail traditional bio-modality detection systems. Image synthesis with play-doh, gelatin, ecoflex etc. are some of the ways used in spoofing bio-identifiable property. Since the bio-modality detection sensors are small and resource constrained, heavy-weight detection mechanisms are not suitable for these sensors. Recently, Fog based architectures are proposed to support sensor management in the Medical Cyber-Physical Systems (MCPS). A thin software client running in these resource-constrained sensors can enable communication with fog nodes for better management and analysis. Therefore, we propose a fog-based security application to detect bio-modality spoofing in a Fog based MCPS. In this regard, we propose a machine learning based security algorithm run as an application at the fog node using a binarized multi-factor boosted ensemble learner algorithm coupled with feature selection. Our proposal is verified on real datasets provided by the Replay Attack, Warsaw and LiveDet 2015 Crossmatch benchmark for face, iris and fingerprint modality spoofing detection used for authentication in an MCPS. The experimental analysis shows that our approach achieves significant performance gain over the state-of-the-art approaches.

One of the main pillars of connected health is the application of technology to provide healthcare services remotely. Electronic health records are integrated with remote patient monitoring systems using various sensors. However, these ecosystems raise many privacy and security concerns. This paper analyzes and proposes a fog-based solution to address privacy and security challenges in connected health. Privacy protection is investigated for two types of data: less invasive sensors, such as sleep monitor; and highly invasive sensors, such as microphones. In this paper, we show how adding computing resources in the edge can improve privacy and data security, while reducing the computational and bandwidth cost in the cloud.

Smart mobility management would be an important prerequisite for future fog computing systems. In this research, we propose a learning-based handover optimization for the Internet of Vehicles that would assist the smooth transition of device connections and offloaded tasks between fog nodes. To accomplish this, we make use of machine learning algorithms to learn from vehicle interactions with fog nodes. Our approach uses a three-layer feed-forward neural network to predict the correct fog node at a given location and time with 99.2 % accuracy on a test set. We also implement a dual stacked recurrent neural network (RNN) with long short-term memory (LSTM) cells capable of learning the latency, or cost, associated with these service requests. We create a simulation in JAMScript using a dataset of real-world vehicle movements to create a dataset to train these networks. We further propose the use of this predictive system in a smarter request routing mechanism to minimize the service interruption during handovers between fog nodes and to anticipate areas of low coverage through a series of experiments and test the models' performance on a test set.

With the rapid development of Internet of Things applications, the power Internet of Things technologies and applications covering the various production links of the power grid "transmission, transmission, transformation, distribution and use" are becoming more and more popular, and the terminal, network and application security risks brought by them are receiving more and more attention. Combined with the architecture and risk of power Internet of Things, this paper first proposes the overall security protection technology system and strategy for power Internet of Things; then analyzes terminal identity authentication and authority control, edge area autonomy and data transmission protection, and application layer cloud fog security management. And the whole process real-time security monitoring; Finally, through the analysis of security risks and protection, the technical difficulties and directions for the security protection of the Internet of Things are proposed.

Designing secure, scalable, and resilient IoT networks is a challenging task because of resource-constrained devices and no guarantees of reliable network connectivity. Fog computing improves the resiliency of IoT, but its security model assumes that fog nodes are fully trusted. We relax this latter constraint by proposing a solution that guarantees confidentiality of messages exchanged through semi-honest fog nodes thanks to a lightweight proxy re-encryption scheme. We demonstrate the feasibility of the solution by applying it to IoT networks of low-power devices through experiments on microcontrollers and ARM-based architectures.

As an extension of cloud computing, fog computing environment as well as fog node plays an increasingly important role in internet of things (IoT). This technology provides IoT with more distributed and efficient applications and services. However, IoT nodes have so much variety and perform poorly, which leads to more security issues. For this situation, we initially design a security scheme for the IoT fog environment. Based on the combination of Blockchain and Trusted Execution Environment (TEE) technologies, the security of data storage and transmission from fog nodes to the cloud are ensured, thus ensuring the trustworthiness of the data source in the fog environment.

Edge and Fog Computing will be increasingly pervasive in the years to come due to the benefits they bring in many specific use-case scenarios over traditional Cloud Computing. Nevertheless, the security concerns Fog and Edge Computing bring in have not been fully considered and addressed so far, especially when considering the underlying technologies (e.g. virtualization) instrumental to reap the benefits of the adoption of the Edge paradigm. In particular, these virtualization technologies (i.e. Containers, Real Time Operating Systems, and Unikernels), are far from being adequately resilient and secure. Aiming at shedding some light on current technology limitations, and providing hints on future research security issues and technology development, in this paper we introduce the main technologies supporting the Edge paradigm, survey existing issues, introduce relevant scenarios, and discusses benefits and caveats of the different existing solutions in the above introduced scenarios. Finally, we provide a discussion on the current security issues in the introduced context, and strive to outline future research directions in both security and technology development in a number of Edge/Fog scenarios.

The Information-Centric Network possessing the content-centric features, is the innovative architecture of the next generation of network. Collaborating with fog computing characterized by its strong edge power, ICN will become the development trend of the future network. The emergence of Information-Centric Multimedia Network (ICMN) can meet the increasing demand for transmission of multimedia streams in the current Internet environment. The data transmission has become more delay-constrained and convenient because of the distributed storage, the separation between the location of information and terminals, and the strong cacheability of each node in ICN. However, at the same time, the security of the multimedia streams in the delivery process still requires further protection against wiretapping, interception or attacking. In this paper, we propose the delay-constrained green security communications for ICMN based on chaotic encryption and fog computing so as to transmit multimedia streams in a more secure and time-saving way. We adapt a chaotic cryptographic method to ICMN, implementing the encryption and decryption of multimedia streams. Meanwhile, the network edge capability to process the encryption and decryption is enhanced. Thanks to the fog computing, the strengthened transmission speed of the multimedia streams can fulfill the need for short latency. The work in the paper is of great significance to improve the green security communications of multimedia streams in ICMN.

Nowadays, the Internet of Things (IoT) is a consolidated reality. Smart homes are equipped with a growing number of IoT devices that capture more and more information about human beings lives. However, manufacturers paid little or no attention to security, so that various challenges are still in place. In this paper, we propose a novel approach to secure IoT systems that combines the concept of Security-by-Contract (S×C) with the Fog computing distributed paradigm. We define the pillars of our approach, namely the notions of IoT device contract, Fog node policy and contract-policy matching, the respective life-cycles, and the resulting S×C workflow. To better understand all the concepts of the S×C framework, and highlight its practical feasibility, we use a running case study based on a context-aware system deployed in a real smart home.

The increasing integration of information and communication technologies has undoubtedly boosted the efficiency of Critical Infrastructures (CI). However, the first wave of IoT devices, together with the management of enormous amount of data generated by modern CIs, has created serious architectural issues. While the emerging Fog and Multi-Access Edge Computing (FMEC) paradigms can provide a viable solution, they also bring inherent security issues, that can cause dire consequences in the context of CIs. In this paper, we analyze the applications of FMEC solutions in the context of CIs, with a specific focus on related security issues and threats for the specific while broad scenarios: a smart airport, a smart port, and a smart offshore oil and gas extraction field. Leveraging these scenarios, a set of general security requirements for FMEC is derived, together with crucial research challenges whose further investigation is cornerstone for a successful adoption of FMEC in CIs.