Biblio

Fog Computing is one of the edge computing paradigms that envisages being the proximate processing and storage infrastructure for a multitude of IoT appliances. With its dynamic deployability as a medium level cloud service, fog nodes are enabling heterogeneous service provisioning infrastructure that features scalability, interoperability, and adaptability. Out of the various 5G based services possible with the fog computing platforms, security services are imperative but minimally investigated direct live. Thus, in this research, we are focused on launching security services in a fog node with an architecture capable of provisioning on-demand service requests. As the fog nodes are constrained on resources, our intention is to integrate light-weight virtualization technology such as Docker for forming the service provisioning infrastructure. We managed to launch multiple security instances configured to be Intrusion Detection and Prevention Systems (IDPSs) on the fog infrastructure emulated via a Raspberry Pi-4 device. This environment was tested with multiple network flows to validate its feasibility. In our proposed architecture, orchestration strategies performed by the security orchestrator were stated as guidelines for achieving pragmatic, dynamic orchestration with fog in IoT deployments. The results of this research guarantee the possibility of developing an ambient security service model that facilitates IoT devices with enhanced security.

Fog computing is a new distributed computing paradigm that extends the cloud to the network edge. Fog computing aims at improving quality of service, data access, networking, computation and storage. However, the security and privacy issues persist, even if many cloud solutions were proposed. Indeed, Fog computing introduces new challenges in terms of security and privacy, due to its specific features such as mobility, geo-distribution and heterogeneity etc. Blockchain is an emergent concept bringing efficiency in many fields. In this paper, we propose a new access control scheme based on blockchain technology for the fog computing with fault tolerance in the context of the Internet of Things. Blockchain is used to provide secure management authentication and access process to IoT devices. Each network entity authenticates in the blockchain via the wallet, which allows a secure communication in decentralized environment, hence it achieves the security objectives. In addition, we propose to establish a secure connection between the users and the IoT devices, if their attributes satisfy the policy stored in the blockchain by smart contract. We also address the blockchain transparency problem by the encryption of the users attributes both in the policy and in the request. An authorization token is generated if the encrypted attributes are identical. Moreover, our proposition offers higher scalability, availability and fault tolerance in Fog nodes due to the implementation of load balancing through the Min-Min algorithm.

Fog Computing provides users with the cloud facilities at the network edge. It may be assumed to be a virtual platform with adequate storage., computation and processing facilities for latency-sensitive applications. The basic difference lies with the fact that this platform is decentralized in nature. In addition., the fog systems or devices process data locally., are conveyable and are capable of being installed on heterogenous hardware. This versatility in its behavior and it being at the network edge turns the attention towards the security of the users sensitive data (in transition or at rest). In this paper., the authors have emphasized on the security of the fog level in typical Fog- IoT architecture. Various security factors (along with their subfactors) persisting at fog level are identified and discussed in detail. The authors have presented a hierarchy of fog computing security factors that is expected to help in considering security in a systematic and efficient manner. Further., the authors have also ranked the same through Analytical Hierarchy Process (AHP) and compared the results with Fuzzy-AHP (F-AHP). The results are found to be highly correlated.

The Fog is an emergent computing architecture that will support the mobility and geographic distribution of Internet of Things (IoT) nodes and deliver context-aware applications with low latency to end-users. It forms an intermediate layer between IoT devices and the Cloud. However, Fog computing brings many requirements that increase the cost of security management. It inherits the security and trust issues of Cloud and acquires some of the vulnerable features of IoT that threaten data and application confidentiality, integrity, and availability. Several existing solutions address some of the security challenges following adequate adaptation, but others require new and innovative mechanisms. These reflect the need for a Fog architecture that provides secure access, efficient authentication, reliable and secure communication, and trust establishment among IoT devices and Fog nodes. The Fog might be more convenient to deploy decentralized authentication solutions for IoT than the Cloud if appropriately designed. In this short survey, we highlight the Fog security challenges related to IoT security requirements and architectural design. We conduct a comparative study of existing Fog architectures then perform a critical analysis of different authentication schemes in Fog computing, which confirms some of the fundamental requirements for effective authentication of IoT devices based on the Fog, such as decentralization, less resource consumption, and low latency.

Fog computing was emerged as mini-clouds deployed close to the ground to reduce communication overhead and time latency between the cloud and end-users' devices. Because fog computing is an extension of cloud computing, it inherits the security and privacy issues cloud computing has faced. If a Fog Node (FN) serving end-devices goes rogue or becomes maliciously compromised, this would hinder individuals' and organizations' data security (e.g., Confidentiality, Integrity, and Availability). This paper presents a novel scheme based on the Ciphertext-Policy-Attribute-Based-Encryption (CP-ABE) and hashing cryptographic primitives to minimize the amount of data in danger of breach by rogue fog nodes with maintaining the fog computing services provided to end-users' devices. This scheme manages to oust rogue Fog Nodes (FNs) and to prevent them from violating end-users' data security while guarantying the features provided by the fog computing paradigm. We demonstrate our scheme's applicability and efficiency by carrying out performance analysis and analyzing its security, and communication overhead.

The most recent and important developments in the field of computer networks are cloud and fog computing. In this study, modern cloud computer networks comprising computers, internet of things (IoT), fog servers, and cloud servers for data transmission, is investigated. A cloud computer networks can be modeled as a network with nodes and arcs, in which each arc represents a transmission line, and each node represents an IoT device, a fog server, or a cloud server. Each transmission line has several possible capacities and is regarded as a multistate. The network is termed a multi-state cloud computer network (MCCN). this study firstly constructs the mathematic model to elucidate the flow relationship among the IoT devices, edge servers, and cloud servers and subsequently develop an algorithm to evaluate the performance of the MCCN by calculating network reliability which is defined as the probability of the data being successfully processed by the MCCN.

The advent of Internet and recent technological developments have paved the way for IoT devices in different sectors. The demand for real-time response led to the development of fog computing which is now a popular computing technique. It provides processing, computing and storage at the network edge for latency-sensitive applications such as banking transactions, healthcare etc. This has further led to the pool of user's sensitive data across the web that needs to be secured. In order to find an efficient security solution, it is mandatory to prioritize amongst different fog-level security factors. The authors have therefore, adopted a fuzzy-based Analytical Hierarchy Approach (AHP) for ranking the security attributes in fog-driven IoT environment. The results have also been compared to the ones obtained from classical-AHP and are found to be correlated.

Budding technologies like IoT requires minimum latency for performing real-time applications. The IoT devices collect a huge amount of big data and stores in the cloud environment, because of its on-demand services and scalability. But processing the needed information of the IoT devices from the cloud computing environment is found to be time-sensitive one. To eradicate this issue fog computing environment was created which acts an intermediate between the IoT devices and cloud computing environment. The fog computing performs intermediate computation and storage which is needed by IoT devices and it eliminates the drawbacks of latency and bandwidth limitation faced by directly using cloud computing for storage and accessing. The fog computing even though more advantageous it is more exposed to security issues by its architecture. This paper concentrates more on the security issues met by fog computing and the present methods used by the researchers to secure fog with their pros and cons.

Fog computing architecture allows the end-user devices of an Internet of Things (IoT) application to meet their latency and computation requirements by offloading tasks to a fog node in proximity. This fog node in turn may offload the task to a neighboring fog node or the cloud-based on an optimal node selection policy. Several such node selection policies have been proposed that facilitate the selection of an optimal node, minimizing delay and energy consumption. However, one crucial assumption of these schemes is that all the networked fog nodes are authorized part of the fog network. This assumption is not valid, especially in a cooperative fog computing environment like a smart city, where fog nodes of multiple applications cooperate to meet their latency and computation requirements. In this paper, we propose a secure task-offloading framework for a distributed fog computing environment based on smart-contracts on the blockchain. The proposed framework allows a fog-node to securely offload tasks to a neighboring fog node, even if no prior trust-relation exists. The security analysis of the proposed framework shows how non-authenticated fog nodes are prevented from taking up offloading tasks.

Fog computing or edge computing or fogging extends cloud computing to the edge of the network. It operates on the computing, storage and networking services between user-end devices and cloud computing data centres. However, in the process of caring out these operations, fog computing is faced with several security issues. These issues may be inherited from cloud computing systems or may arise due to fog computing systems alone. Some of the major gaps in providing a secure platform for the fog computing process arise from interim operational steps like authentication or identification, which often expands to large scale performance issues in fog computing. Thus, these issues and their implications on fog computing databases, and the possible available solutions are researched and provided for a better scope of future use and growth of fog computing systems by bridging the gaps of security issues in it.

Nowadays, the Internet of Things (IoT) is a consolidated reality. Smart homes are equipped with a growing number of IoT devices that capture more and more information about human beings lives. However, manufacturers paid little or no attention to security, so that various challenges are still in place. In this paper, we propose a novel approach to secure IoT systems that combines the concept of Security-by-Contract (S×C) with the Fog computing distributed paradigm. We define the pillars of our approach, namely the notions of IoT device contract, Fog node policy and contract-policy matching, the respective life-cycles, and the resulting S×C workflow. To better understand all the concepts of the S×C framework, and highlight its practical feasibility, we use a running case study based on a context-aware system deployed in a real smart home.

The increasing integration of information and communication technologies has undoubtedly boosted the efficiency of Critical Infrastructures (CI). However, the first wave of IoT devices, together with the management of enormous amount of data generated by modern CIs, has created serious architectural issues. While the emerging Fog and Multi-Access Edge Computing (FMEC) paradigms can provide a viable solution, they also bring inherent security issues, that can cause dire consequences in the context of CIs. In this paper, we analyze the applications of FMEC solutions in the context of CIs, with a specific focus on related security issues and threats for the specific while broad scenarios: a smart airport, a smart port, and a smart offshore oil and gas extraction field. Leveraging these scenarios, a set of general security requirements for FMEC is derived, together with crucial research challenges whose further investigation is cornerstone for a successful adoption of FMEC in CIs.

Medical Internet of Things (MIoT) offers innovative solutions to a healthier life, making radical changes in people's lives. Healthcare providers are enabled to continuously and remotely monitor their patients for many medial issues outside hospitals and healthcare providers' offices. MIoT systems and applications lead to increase availability, accessibility, quality and cost-effectiveness of healthcare services. On the other hand, MIoT devices generate a large amount of diverse real-time data, which is highly sensitive. Thus, securing medical data is an essential requirement when developing MIoT architectures. However, the MIoT architectures being developed in the literature have many security issues. To address the challenge of data security in MIoT, the integration of fog computing and MIoT is studied as an emerging and appropriate solution. By data security, it means that medial data is stored in fog nodes and transferred to the cloud in a secure manner to prevent any unauthorized access. In this paper, we propose a design for a secure fog-cloud based architecture for MIoT.

The paper presents a conceptual framework for security embedded task offloading requirements for IoT-Fog based future communication networks. The focus of the paper is to enumerate the need of embedded security requirements in this IoT-Fog paradigm including the middleware technologies in the overall architecture. Task offloading plays a significant role in the load balancing, energy and data management, security, reducing information processing and propagation latencies. The motivation behind introducing the embedded security is to meet the challenges of future smart networks including two main reasons namely; to improve the data protection and to minimize the internet disturbance and intrusiveness. We further discuss the middleware technologies such as cloudlets, mobile edge computing, micro datacenters, self-healing infrastructures and delay tolerant networks for security provision, optimized energy consumption and to reduce the latency. The paper introduces concepts of system virtualization and parallelism in IoT-Fog based systems and highlight the security features of the system. Some research opportunities and challenges are discussed to improve secure offloading from IoT into fog.

With the rapid development of Internet of things (IOT) and big data, the number of network terminal devices and big data transmission are increasing rapidly. Traditional cloud computing faces a great challenge in dealing with this massive amount of data. Fog computing which extends the computing at the edge of the network can provide computation and data storage. Attribute based-encryption can effectively achieve the fine-grained access control. However, the computational complexity of the encryption and decryption is growing linearly with the increase of the number of attributes. In order to reduce the computational cost and guarantee the confidentiality of data, distributed access control with outsourced computation in fog computing is proposed in this paper. In our proposed scheme, fog device takes most of computational cost in encryption and decryption phase. The computational cost of the receiver and sender can be reduced. Moreover, the private key of the user is generated by multi-authority which can enhance the security of data. The analysis of security and performance shows that our proposed scheme proves to be effective and secure.

Fog computing extends cloud computing technology to the edge of the infrastructure to support dynamic computation for IoT applications. Reduced latency and location awareness in objects' data access is attained by displacing workloads from the central cloud to edge devices. Doing so, it reduces raw data transfers from target objects to the central cloud, thus overcoming communication bottlenecks. This is a key step towards the pervasive uptake of next generation IoT-based services. In this work we study efficient orchestration of applications in fog computing, where a fog application is the cascade of a cloud module and a fog module. The problem results into a mixed integer non linear optimisation. It involves multiple constraints due to computation and communication demands of fog applications, available infrastructure resources and it accounts also the location of target IoT objects. We show that it is possible to reduce the complexity of the original problem with a related placement formulation, which is further solved using a greedy algorithm. This algorithm is the core placement logic of FogAtlas, a fog computing platform based on existing virtualization technologies. Extensive numerical results validate the model and the scalability of the proposed algorithm, showing performance close to the optimal solution with respect to the number of served applications.

Internet of Things (IoT) stack models differ in their architecture, applications and needs. Hence, there are different approaches to apply IoT; for instance, it can be based on traditional data center or based on cloud computing. In fact, Cloud-based IoT is gaining more popularity due to its high scalability and cost effectiveness; hence, it is becoming the norm. However, Cloud is usually located far from the IoT devices and some recent research suggests using Fog-Based IoT by using a nearby light-weight middleware to bridge the gap and to provide the essential support and communication between devices, sensors, receptors and the servers. Therefore, Fog reduces centrality and provides local processing for faster analysis, especially for the time-sensitive applications. Thus, processing is done faster, giving the system flexibility for faster response time. Fog-Based Internet of Things security architecture should be suitable to the environment and provide the necessary measures to improve all security aspects with respect to the available resources and within performance constraints. In this work, we discuss some of these challenges, analyze performance of Fog based IoT and propose a security scheme based on MQTT protocol. Moreover, we present a discussion on security-performance tradeoffs.

Several efforts are currently active in dealing with scenarios combining fog, cloud computing, out of which a significant proportion is devoted to control, and manage the resulting scenario. Certainly, although many challenging aspects must be considered towards the design of an efficient management solution, it is with no doubt that whatever the solution is, the quality delivered to the users when executing services and the security guarantees provided to the users are two key aspects to be considered in the whole design. Unfortunately, both requirements are often non-convergent, thus making a solution suitably addressing both aspects is a challenging task. In this paper, we propose a decoupled transversal security strategy, referred to as DCF, as a novel architectural oriented policy handling the QoS-Security trade-off, particularly designed to be applied to combined fog-to-cloud systems, and specifically highlighting its impact on the delivered QoS.

Since the term “Fog Computing” has been coined by Cisco Systems in 2012, security and privacy issues of this promising paradigm are still open challenges. Among various security challenges, Access Control is a crucial concern for all cloud computing-like systems (e.g. Fog computing, Mobile edge computing) in the IoT era. Therefore, assigning the precise level of access in such an inherently scalable, heterogeneous and dynamic environment is not easy to perform. This work defines the uncertainty challenge for authentication phase of the access control in fog computing because on one hand fog has a number of characteristics that amplify uncertainty in authentication and on the other hand applying traditional access control models does not result in a flexible and resilient solution. Therefore, we have proposed a novel prediction model based on the extension of Attribute Based Access Control (ABAC) model. Our data-driven model is able to handle uncertainty in authentication. It is also able to consider the mobility of mobile edge devices in order to handle authentication. In doing so, we have built our model using and comparing four supervised classification algorithms namely as Decision Tree, Naïve Bayes, Logistic Regression and Support Vector Machine. Our model can achieve authentication performance with 88.14% accuracy using Logistic Regression.

Fog-Cloud framework is being regarded as a more promising technology to provide performance guarantee for IoT applications, which not only have higher requirements on computation resources, but also are delay and/or security sensitive. In this framework, a delay and security-sensitive computation task is usually divided into several sub-tasks, which could be offloaded to either fog or cloud computing servers, referred to as offloading destinations. Sub-tasks may exchange information during their processing and then have requirement on transmission bandwidth. Different destinations produce different completion delays of a sub-task, affecting the corresponding task delay. The existing offloading approaches either considered only a single type of offloading destinations or ignored delay and/or security constraint. This paper studies a computation offloading problem in the fog-cloud scenario where not only computation and security capabilities of offloading destinations may be different, but also bandwidth and delay of links may be different. We first propose a joint offloading approach by formulating the problem as a form of Mixed Integer Programming Multi-Commodity Flow to maximize the fog-cloud provider's revenue without sacrificing performance and security requirements of users. We also propose a greedy algorithm for the problem. Extensive simulation results under various network scales show that the proposed computation offloading mechanism achieves higher revenue than the conventional single-type computation offloading under delay and security constraints.

Fog and Edge computing provide a large pool of resources at the edge of the network that may be used for distributed computing. Fog infrastructure heterogeneity also results in complex configuration of distributed applications on computing nodes. Linux containers are a mainstream technique allowing to run packaged applications and micro services. However, running applications on remote hosts owned by third parties is challenging because of untrusted operating systems and hardware maintained by third parties. To meet such challenges, we may leverage trusted execution mechanisms. In this work, we propose a model for distributed computing on Fog infrastructures using Linux containers secured by Intel's Software Guard Extensions (SGX) technology. We implement our model on a Docker and OpenSGX platform. The result is a secure and flexible approach for distributed computing on Fog infrastructures.

Augmented reality (AR) technologies are rapidly being adopted across multiple sectors, but little work has been done to ensure the security of such systems against potentially harmful or distracting visual output produced by malicious or bug-ridden applications. Past research has proposed to incorporate manually specified policies into AR devices to constrain their visual output. However, these policies can be cumbersome to specify and implement, and may not generalize well to complex and unpredictable environmental conditions. We propose a method for generating adaptive policies to secure visual output in AR systems using deep reinforcement learning. This approach utilizes a local fog computing node, which runs training simulations to automatically learn an appropriate policy for filtering potentially malicious or distracting content produced by an application. Through empirical evaluations, we show that these policies are able to intelligently displace AR content to reduce obstruction of real-world objects, while maintaining a favorable user experience.

Recently Vehicular Cloud Computing (VCC) has become an attractive solution that support vehicle's computing and storing service requests. This computing paradigm insures a reduced energy consumption and low traffic congestion. Additionally, VCC has emerged as a promising technology that provides a virtual platform for processing data using vehicles as infrastructures or centralized data servers. However, vehicles are deployed in open environments where they are vulnerable to various types of attacks. Furthermore, traditional cryptographic algorithms failed in insuring security once their keys compromised. In order to insure a secure vehicular platform, we introduce in this paper a new decoy technology DT and user behavior profiling (UBP) as an alternative solution to overcome data security, privacy and trust in vehicular cloud servers using a fog computing architecture. In the case of a malicious behavior, our mechanism shows a high efficiency by delivering decoy files in such a way making the intruder unable to differentiate between the original and decoy file.

Fog computing has emerged due to the problem that it becomes difficult to store every data to the cloud system as the number of Internet of Things increases. In this fog computing, a vast amount of data generated from the Internet of Things is transmitted to the cloud system located at a remote place, and is processed by a fog computer such as a sensor or a router located nearby, so that only the necessary data is transmitted to the cloud system. However, the above-mentioned fog computer has some drawbacks like being shut down due to an attack by a malicious user in advance, and a method of processing when a fog computer is down or restored. In this paper we describe a fog computing with blockchain that enables fog computers to share transaction generated by processing transaction information of a device controlled by a blockchain method to a security and device control method of a fog computer utilizing the technology. Furthemore by using security properties of blockchain such as authentication, non-repudiation and data integrity, fog computing using blockchain has advantage of security comparing to previous Cloud and fog computing system using centralized database or P2P networks.

In the past decade, the revolution in miniaturization (microprocessors, batteries, cameras etc.) and manufacturing of new type of sensors resulted in a new regime of applications based on smart objects called IoT. Majority of such applications or services are to ease human life and/or to setup efficient processes in automated environments. However, this convenience is coming up with new challenges related to data security and human privacy. The objects in IoT are resource constrained devices and cannot implement a fool-proof security framework. These end devices work like eyes and ears to interact with the physical world and collect data for analytics to make expedient decisions. The storage and analysis of the collected data is done remotely using cloud computing. The transfer of data from IoT to the computing clouds can introduce privacy issues and network delays. Some applications need a real-time decision and cannot tolerate the delays and jitters in the network. Here, edge computing or fog computing plays its role to settle down the mentioned issues by providing cloud-like facilities near the end devices. In this paper, we discuss IoT, fog computing, the relationship between IoT and fog computing, their security issues and solutions by different researchers. We summarize attack surface related to each layer of this paradigm which will help to propose new security solutions to escalate it acceptability among end users. We also propose a risk-based trust management model for smart healthcare environment to cope with security and privacy-related issues in this highly un-predictable heterogeneous ecosystem.