(Security and privacy issues)
Department of computer Science
Virtual University of Pakistan
Abstract: Fog computing is the latest form of cloud computing which extends networking, storage and facilities of computing toward the network edge while cloud data center offloading and decrease latency of service to the end users. Fog computing is the improved form of cloud computing. Some of fog computing challenges are derived from cloud computing because fog is the extension of cloud computing. Security techniques that are being used in cloud computing system many not work properly in fog computing environment due to its latest features such as heterogeneity, large-scale geo distribution and mobility. In this research paper we try to give overview of current privacy and security challenges especially for fog computing environment. In this paper we also try to find out the solution of security and privacy challenges and countermeasures.
Key words: Fog computing, malicious nodes, intruder, Fog architecture, fog applications.
Fog computing was introduced by networking leader CISCO. It is not easy to define fog computing before defining the cloud computing because it is the extension of cloud computing. It is a process that allows the user to store services and resources over the internet. User can utilize computing resources over internet at low cost. Cloud computing depends on heavy bandwidth.
Fog computing is the extension of cloud computing which allows the user to provide fast computation, software and storage devices. Basic purpose of fog computing is to provide computing services at low cost. Fog computing allows devices to connect directly with destination node and handle their connections. Fog computing boost service quality, decrease latency and improve user experience.
Fog computing comfortably helps the emerging internet of things specifications which are embedded with sensor to enable data sending and receiving. It can be implemented by using primary communication system. This advantage make easy to run real time, big data operation with ability to support billions nodes in highly dynamic diverse environments . Rest of this paper is organized as follows. In section II we will give overview of fog computing. In section three we will discuss some key technologies related to fog computing. In section IV we will discuss some security and privacy challenges. In section V we will try to mitigate these issues by some techniques. Finally in section VI we conclude our discussion.
- An overview of Fog computing
- Definition of Fog Computing
Fog computing is a new model of computing which have finite capabilities for example storing, network services and computing in scattered fashion between classic cloud computing and end devices. Fog computing introduce better solution for internet of things applications which are latency sensitive . Originally term fog computing was introduced by Cisco and later on many other researchers and organizations defined term fog computing their own perspective.
Yi et aldefine the cloud computing as following. According to author it is geographically scattered computer architecture having resource pool which have a lot of ubiquitously devices heterogeneously at the network edge and not completely seamlessly backed with cloud services help, to collaboratively offer elastic computation, communication and storage are isolated to scale up user in proximity.
Whilst, vaquero and Rodero-Marino  define fog computing in the following way. Fog computing is a scenario in which large number of heterogeneous devices such as wireless and often autonomous decentralized and ubiquitous device communicate potentially cooperating among them and network without third party intervention can perform processing and storage tasks. Applications that run in sandboxed fashion can gain support form theses tasks for required network function and new services.
Open Fog Consortium says that” fog computing is parallel architecture at system level that share resources and computing services, control of the storage and networking anywhere with continuum of cloud things”.
- Characteristics of fog computing
Fog computing have different characteristics some of these are discussed below.
- Heterogeneity: Fog computing is extremely virtualized platform which yields compute networking services, storage and end user devices and commonly nont located at the edge of the network. In fog computing and cloud computing storage, compute and network resources are called basic building blocks.
- Location of Edge: Fog origins can be derived to early suggestions to support endpoints with highly services with the network edge such as applications which required low latency for example gaming, video streaming etc.
- Geographical Distribution: In sharp distinction to a lot of centralized cloud, applications and services are targeted by the fog demand shared deployments. Fog computing play very important and active role for the delivery of high quality streaming for moving vehicles via proxies along with high ways and roads.
- Large scale sensor networks: In fog computing environment supervision of environment and smart grid are examples of shared system which are inherited from cloud computing, required shared computing and storing resources.
- Huge number of nodes: In fog computing environment huge amount of nodes are used which is distributed geographically as in sensor networks specially in smart grid and in general.
- Mobility support: In fog computing environment it is required to communicate directly with mobile devices for many fog applications and mobility support for example LISP protocol misplace identity of the host and location identity and need shared directory system.
- Real Time interactions: In fog computing environment applications are need real time interaction instead of batch processing because these applications are required to respond within certain amount of time.
- Federation and interoperability: Fog computing application requires the cooperation of die rent providers. In fog computing components must be able to interoperate and federated across domains services .
- Benefits of fog computing
- Malicious activity detection.
- Fog computing create more confusion for intruder and cost of recognition of actual information form rough data also increased.
- It play very important role for the detection of malicious activities that can be risk for the network. It is very hard to break the security system for intruders.
- In fog computing environment edge applications services minimized volume of data significantly that should be moved, traffic consequent, distance of data which minimized the data transmission cost, decrease latency and boost service quality.
- Edge computing reduce deemphasizes the major computing environment which reduce or eliminate main bottleneck and failure potential point.
- Security is also boosted in fog computing environment because data is mode backward and forth in encrypted form over the core network. In fog computing data is checked and passes through several security points such as protected firewalls and security points where data which has been affected by active hacker or compromised by virus can be detected at early stages.
- Fog computing have virtualization ability such as on demand logically group CPU capabilities, scalability extension basis on the real time. Fog computing market is derived on charge for network service basis, its model and those customers which are organizations want linear scale of business application.
- Devaluation of data movement over the network can reduce cost, latency , congestion and remove bottlenecks which arises from centralized computing systems boosted security by data encryption and boosted scalability of virtualized systems.
- Fog computing provide immediate response to end users and give reliability, fault tolerance and high level scalability.
- It uses less amount of bandwidth as compare to other one .
- Architecture of fog computing
Architecture of fog computing is described in fig.1.
- First of data is divided into small parts called chunks.
- These chunks are handover to the participating nodes.
- Before transmitting these chunks are queued.
- Channels are allotted bases on the queue that shows that idle channels are allotted first and rest of packets have to wait for free channel.
- The chunks which are processed first swapped by their time of finishing after shared processing.
- Allotted channels are released after their use and returned to the host.
- At final step these chunks are combined together by the host .
Design of fog node is also derived from fog computing architecture.
- Key technologies for fog computing
Fog computing is derived from some existing and common technologies for its application and deployment support. As we can see in the figure 2 it consist on communication, computing, storage technologies, resource management, security and privacy protection etc. To fulfill the fog computing application requirements these key technologies are considered very important. Fog computing provide more intelligent and adaptive services for users which are based on these technologies .
Now we will summarize these technologies in the perspective of fog computing as followings.
- Computing technologies
Fog codes serve local computation independently, autonomously and processing of data for user requests because fog computing is an intelligent computing system. In fog computing low latency of service and intelligent support required by some technologies.
- Computation offloading
In fog computing offload computation is a mechanism which can handle constraints of resource on edge devices, particularly for computation intensive task. It can boost the performance of the network and maximize lifetime of the batter. Computation offloading model was purposed by chen et al for problems in mobile-edge computing. This model was derived from game theoretic approach in which decision making problem of shared computation offloading was formulated for multi user offloading computation game. In case of numerous devices offload tasks are performed simultaneously by using wireless channel then only task which can save time and energy consumption is offloaded. Offloading decision of numerous users depends on value of total performance in multi channel wireless environment. Authors suggested probabilistic framework of computation offload that can offload parts of tasks nearest nodes for reduction of time and consumption of energy. Decision of offloading is based on level of energy on neighbor node power of computation and connection probability between them in later. If consumption of energy and time reduced after offloading then tasks will be offload successful and new node would ensure the task completion time.
- Latency management
The basics purpose of latency management in fog computing is to limit response time of the service in acceptable manner. This limit of latency is maximum tolerance level of latency which is required for quality of service. Author has suggested efficient initiation mechanism which can executes tasks collaboratively by numerous nodes within latency constraints. Computation and latency of computation can be decreased by sharing computing tasks and by workload balancing on client side and fog side nodes. Minimization of time completion task is transformed into mixed integer nonlinear programming problem that is solved by three stage algorithm with low complexity. For the verification of computing delay, delay of communication, mathematical model is used that can be used for nodes selection in fog network for minimum delay requirements.
- Communication technologies
The role of fog node is intermediate component of network according to the fog computing architecture which establish link between devices and end users, cloud and other fog nodes. It consists on three types of connections 1) connection among fog nodes wired/wireless. 2)End devices and fog nodes wireless connection 3)Connection between cloud data center and fog nodes via wired or wireless medium. Fog applications, particularly mobile fog computing is supported by common technologies such as 3G,4G, WiFi, wireless local area network(WLAN) Bluetooth and ZigBee etc. Some of other technologies are explained below.
- Software defined networking SDN
SDN is paradigm of networking and emergent computing which is implemented by using network virtualization method. To realize the network traffic control flexibility this architecture divides it into data plane and control plane. Centralized server decides communication path of node and dot its control. It has scalability, programmability and flexibility capability. We do not required to depend on underlying network devices such as switches, firewalls, routers and different heterogeneous underlying networks. Network user can define his own rules for transmission and routing of the network that makes communication intelligent and more flexible. SDN can help for solving issues in fog computing such as collision, connectivity and higher packet loss rate. Such as in vehicular network SDN can handle said issues and satisfy the requirements of latest vehicular networks applications.
- Network function virtualization NFV
The basic aim of network function virtualization is decoupled from hardware of physical dedicated network by leveraging device abstraction technology and virtualization. For the new service deployment and rapid development resource can be shared fully and flexibly. Fog computing can gain advantage from NFV in different ways such as gateways, firewalls that can be placed on fog nodes virtually. Deployment of new application can be implemented automatically and can be expanded flexibly on actual requirement based. For the achievement of high throughput and low latency virtualized network devices are coupled with efficient placement, instruction and migration technologies.
- The fifth (5G) generation wireless communication system
It is latest mobile communication technology which has the following benefits such as high network speed, high flux density, wider coverage of signal, high mobility and diversified applications. It reduce latency 5 time, improve energy efficiency 10 times and growth of throughput is 25 times better. It has capability of handling resource limitation bottleneck and resource intensive services for mobile users. 5G can also fulfill the requirements of high quality wireless communication and low latency services. It provides radio signal processing real time collaboration and flexible cooperation radio resource management.
- Content distribution network CDN
It is internet based cache network deployed on proxy servers at internet edge. Information regarding load, user distance and connection status shared on closer proxy server. It can help in congestion, less usage of bandwidth; reduce costs and higher content availability. It provides rapidly most desirable service to end users.
- Long-reach passive optical network LRPON
It is suggested for extension of network up to 100Km with huge amount of optical network units. It covers large area and simplifies network consolidation process. It is introduced to support bandwidth intensive and latency applications. It optimizes network design and provide optimal solution for large scale networks.
- Storage technologies
To fulfill the requirements of low latency pre-cache technology is used. It predicts user requirement and select desired contents to cache in the geo shared nodes. In this way download delay can be minimized and applications will be able to utilized storage resources efficiently. Device to device and social network communications are advantage to cache strategic contents. Heavy traffic can be minimized by predicting requirement and caching at edge devices and base stations. In fog computing pre cache strategy can be adopted to ensure the storage utilization.
- Naming, identification and resolution
In fog computing a lot of applications are running and provided services similar to domain name system of computer network, name identification, managing objects, controlling, objects discovery, authentication and services etc. In fog computing DNS can also fulfill the application requirements. This system is not flexible enough in some cases it creates some problems. For the support of fog computing new schemes are suggested such as named data networking, mobility first. Aim of this scheme is to boost efficiency, security, scalability and robustness of current internet state. Mobility first is suggested to handle wireless access and mobility demand of naming service in current internet. GUID is choosing for dynamically bind names and addresses.
- Resource management
Resource management should be given high priority to other services. These devices are energy constrained so there performance can be affected due to resource management. To enable mobility and low latency we are required to implement some resource management and scheduling techniques. Resource management method which is based on context awareness technology can save energy and boost resource performance. It can change automatically between flooding and centralized strategies to save energy.
- Security and privacy protection
Fog nodes are commonly deployed insecure areas. So there is a danger of malicious attack. Such as man in middle attack can replace fog nod by hijacking. Encryption and decryption schemes can be used to solve this problem. Fog devices shared large amount of data and transfer it to other nodes for storing and computing. Confidentiality and integrity can be achieved using light weight encryption algorithms.
- Security and privacy issues in fog computing
Fog networks expected to provide reliability and security to end users so trust on other nodes is required. For establishing relation between devices authentication play important role but it is not enough at all. Trust play bidirectional role in fog network. It is the responsibility of the fog node to identify that devices are genuine. A robust trust model is required to ensure reliability and security in fog network. End user required trust level which is provided by fog service provider. For achieving trust level between cloud service and end user service level Agreement is designed. If the service is implemented on fog layer a professional call licensed third party should monitor SLA verification for end user and for small organizations.
Authentication is the primary requirement of fog network. To access fog network services node should be authenticate first to the fog network. Unauthorized entry of node should be prevented. Common authentication schemes are not feasible due to resource constraints in fog devices. Other authentication protocols which are based on PKI using multicast authentication for secure communication. Like other services authentication should be offered as service for nearest nodes that may be the certifying authority (CA). This will restrict service requests from malicious nodes. The complexity of registering and re-authentication should not be huge overhead.
- SECURE COMMUNICATIONS IN FOG COMPUTING
As compared to other services security services cannot be offloaded because fog nodes required minimum security required. Fog devices are needed to interact only when they are need to offload processing or storage request. When fog nodes required to effectively manage network recourses or manage network these interact each other. If the fog device may not be aware about fog network so it’s sent message cannot be secured by using symmetric cryptographic schemes. PKI maintenance is needed to facilitate secure communication is main challenge. Other challenges are message overhead minimizing and other constraints. In fog computing nodes require end to end security but nodes involved in multi-hop path cannot be trustworthy.
- END USER’S PRIVACY
Fog computing reduce the total pressure of data center by sharing computation power. Privacy of end user is also a challenge such as sensitive data collection, utilities usage or location of end user as compared to cloud server which lies on core network. Centralized control is hard because fog nodes are distributed in large geographical area. Adversary can steal data related to user privacy which is being exchanged between nodes. Adversary can also observe user location, mobility, trajectory and user habits. Uploaded data by vehicles in fog nodes can be stored and analyzed temporarily. All privacy issues that arise required more countermeasures and sophisticated solutions.
- MALICIOUS ATTACKS
Fog computing network can be affected by several malicious attacks if security measures are not implemented properly. Denial of attack is a major malicious attack which can be launched easily on the network. Malfunctioning node can launch DOS attack and repeated storage and processing legitimate nodes. This attack can be launched by spoofing multiple nodes on the fog network. Common prevention schemes are not feasible in fog computing. Size of the fog network is also a challenge. All requests from compromised nodes are entertained as legitimate nodes. One of the malicious attacks is the data stealing attacks which exist inside the cloud provider. In fog computing end user have to trust on cloud service provider and failure of cloud provider authentication cause data stealing.
It is difficult to detect inside malicious user. For protection of data in fog computing various schemes are used such as access control, encryption, misconfigured service, bugs in code, faulty implementation restricts them to protect properly. User behavior profiling can be useful to monitor the amount and duration of user data access. It can help to detect the abnormal behavior of end-user, which can be further used to predict the malicious attacks. Such type of attacks can be detected by profiling the end user behavior .
- Security and privacy countermeasures
In this section we will discuss counter attacks for security and future directions. Fog network composed on three different layers with vulnerabilities and security attacks. To handle these attacks multi level approach that provides optimal layered protection .
- Authentication of device: When a new fog node wants to transmit data on fog network it is required to authenticate itself on fog network to ensure its identity correctly so that malicious devices can be detected properly. Different authentication schemes such as PKI, DSS and digital certificate are used.
- Integrity of data: To provide data integrity at each node in fog computing secure hash algorithm (SHA-1) is used. It ensures the integrity of data during transmission. We have also discussed more secure cryptographic hash functions for data integrity.
- Data confidentiality: To make sure the confidentiality of data Advance Encryption scheme (AES) should be used for encryption of data. The encryption should be implemented with less power processing and less computation power. To ensure the confidentiality of data various algorithm can be used.
- Network security: Fog network required three security countermeasures like as authentication, identity, data encryption and integrity of data. For sharing session keys among fog nodes group key agreement protocol is used.
- Secure booting: Each fog network software is designed and implemented security mechanism due to low computing and processing power.
- Anti-virus, anti-adware and anti-spyware: For the security, integrity, reliability and confidentiality of the fog system anti-spyware is very important.
- Anonymity: In fog network privacy of location and identity of node is anonym. Zero knowledge approach can be optimal solution for this but it requires high processing power and energy.
- Routing security: Security of routing is very important for the acceptance and sensor nodes for various fog applications. We have discussed various routing algorithm that improve the performance and security level of routing data.
- Security of data: Security of data is challenging task in fog network. Fog nodes are distributed over large geographical area that is difficult to centralize control. If the adversary enters the network he can steal user privacy information easily. To prevent such type of attacks cryptographic algorithm should be implemented properly to ensure the confidentiality.
- Access control lists (ACLs): Implementation of policies and permission is critical task to make sure the control and accessibility of the node. ACLS can control the incoming and outgoing traffic over the network.
- Firewalls: It is a effective tool for the network security when other security mechanism fail it block attacks. It can filter illegal and malicious packets of data and block them. Conclusion:
In this paper we have analyzed and reviews security and challenges of privacy being faced by fog computing. We also have defined definition of fog computing and architecture of fog computing. We also study different characteristics, advantages and key technologies that can support fog computing system. Furthermore we have study the different challenges of security and privacy in fog computing environment.
We have suggested some cryptographic techniques to ensure the security of fog computing such as authentication, confidentiality and reliability. In the lat we have given some suggestion to overcome these security and privacy challenges in the field of fog computing. These countermeasures can be helpful for fog computing security and future work.
- Introduction to Fog Computing – Intense School. (2016, February 25). Retrieved from http://resources.intenseschool.com/introduction-to-fog-computing/
- Atlam, H. F., Walters, R. J., & Wills, G. B. (2018). Fog Computing and the Internet of Things: A Review. Big Data and Cognitive Computing, 2(2), 10.
- Yi, S., Hao, Z., Qin, Z., & Li, Q. (2015, November). Fog computing: Platform and applications. In 2015 Third IEEE Workshop on Hot Topics in Web Systems and Technologies (HotWeb)(pp. 73-78). IEEE.
- Vaquero, L. M., & Rodero-Merino, L. (2014). Finding your way in the fog: Towards a comprehensive definition of fog computing. ACM SIGCOMM Computer Communication Review, 44(5), 27-32.
- Definition of Fog Computing. Available online: https://www.openfogconsortium.org/#definition-of-fogcomputing (accessed on 24 March 2018)
- Kumari, Shabnam, et al. “Fog Computing: Characteristics and Challenges.” International Journal of Application or Innovation in Engineering & Management, www.ijettcs.org/pabstract.php?vol=Volume6Issue2&pid=IJETTCS-2017-04-01-37.
- Liu, Y., Fieldsend, J. E., & Min, G. (2017). A framework of fog computing: Architecture, challenges, and optimization. IEEE Access, 5, 25445-25454.
- Hu, P., Dhelim, S., Ning, H., & Qiu, T. (2017). Survey on fog computing: architecture, key technologies, applications and open issues. Journal of Network and Computer Applications.
- Mukherjee, M., Matam, R., Shu, L., Maglaras, L., Ferrag, M. A., Choudhury, N., & Kumar, V. (2017). Security and privacy in fog computing: Challenges. IEEE Access, 5, 19293-19304.
- Veerraju, T., & K. Kiran Kumar, D. (2018). A survey on fog computing: research challenges in security and privacy issues. International Journal of Engineering & Technology, 7(2.7), 335. doi:10.14419/ijet.v7i2.7.10710
- Hu, P., Dhelim, S., Ning, H., & Qiu, T. (2017). Survey on fog computing: architecture, key technologies, applications and open issues. Journal of Network and Computer Applications.