The security issues of Fog networks- A bridge between Cloud and IoT (Part 3)

In the last part, we have discussed on the basic architecture of Fog Layer in an IoT-cloud network. Here, we will understand the security vulnerabilities of Fog layers in the data, network, access control and privacy aspects.

As Fog is a modern time concept, it is still in its developing phase. In addition, Fog handles IoT applications and Cloud and has its distinct features such as mobility support, location awareness, and Geo distribution [1]. Therefore, Fog can be prone to security issues. These issues can be categorized into four main sections.

  1. Network Security

When different nodes are connected in a network and data is transferred between them, there is a high possibility of transmitting threats. Plus, users completely rely on the network administrators for network configuration due to data traffic. Therefore, Fog network can be affected by attacks like hacking, spoofing, jamming etc. Hence, proper security techniques are necessary to ensure the reliability of the whole system. Intrusion Detection systems and network monitoring [2] can help to reduce the attacks. Traffic isolation and prioritization of fog nodes prevents attacks for shared resources in the fog network. Software Defined Networks (SDNs) are used in Fog for low level abstraction, management and scalability. Therefore, Network resource access control systems can also be used to control SDNs in Fog network to ensure network security.

Network security management aspects

2. Data Security

In Fog Computing, user data is controlled by fog nodes. As the nodes provide temporary storage and processing of data, there is a tendency of data modification and data loss at fog nodes. Additionally, Data at fog nodes are vulnerable to 3rd party access. This can violate the integrity, confidentiality and verifiability of data which should be maintained in a network. The reliability of the Fog network will be negatively affected if it cannot ensure data privacy of the user. To sort out this problem, encryption techniques (Homomorphic/searchable encryption) are used on user data. Although, designing a storage system with dynamic operations and high data security is still a challenge for Fog network.

3. Access Control

When numerous fog nodes are interconnected in a network, there is a necessary of ensuring the reliability off each node in the system. Each and every node must be defined whether it is righteous to access the network for information. Access Control helps to ensure the system security and to manage heterogeneous nature of Fog Computing. Access control can be implemented through encryption and authorization/ authentication techniques. Designing a proper Access Control structure is still difficult due to resource constraints.

4. Privacy

As Fog supports mobility in IoT, high amount of data about user personal and location can be recorded in the nodes. Fog also enables the delivery of these data to the end nodes of the network. Therefore, it becomes a challenge to preserve privacy of the user. Data privacy preserving algorithms are proposed to rectify this issue. But, it prohibits resource delivery at the edge of the Fog network [1]. Homomorphic encryption and generating dummy traffic are some of the methods used for data privacy. Identity Obstruction is a new technique to maintain location privacy. As numerous fog nodes can be connected within high proximity in IoT, location data is still vulnerable for privacy attacks.

According to the attacks on user data in Fog networks, the attackers are divided into 3 main categories; Cloud Service Providers, the Government and hackers. The service providers and the government legally access the user data for their own benefits. Service providers are authorized by the user through the terms & conditions and they use the data for their service improvement and advertising purposes. Government uses the user data surveillance and to ensure national security by forcing Service providers to give user information. Hackers are the people illegally access the user data in a network for their own gains.

Available Solutions by researchers

Due to the threat of security attacks, many techniques are proposed to ensure the reliability of the Fog system. Decoy technique [2] is one of the common method which uses to deceive attackers through fake fog nodes and fake data. User Behavior profiling [3] is also commonly used to identify attackers in Intrusion Detecting Systems (IDS) through identifying the unexpected behavior of users to prevent attacks from Fog network.

To prevent from user privacy attacks especially between service providers and client users, a user privacy mechanism is proposed [4]. The mechanism ensures that only certain information of the client user (which does not violate user privacy) is available for providers for their service analysis.

The orchestration layer of Fog infrastructure is fundamentally driven by policies. Therefore, by giving attention in managing policies it is possible to ensure several aspects of Fog security; authorization, authentication, data security etc. The system proposed by C.Dsouza et al [5] considers the policy definition, management and maintenance as the key aspects that can be configured by Fog owners and administrators.

According to the above solutions, there are efficient ways to overcome the security issues of Fog network. Though, each of the solution considers only a specific security issue. Therefore it is still necessary to find a proper mechanism that covers all the issues (or most common issues) of Fog network as a whole.

Even though, the concept of Fog computing acquire some of the above shortcomings that are common in large networks, it still contains its own advantages. Therefore, Fog computing is the effective solution that gives support to the cloud to handle the enormous data generated from the Internet of Things with increased business agility, higher service levels, and improved safety.[6]

References

[1]. B. Z. Abbasi and M. A. Shah, “Fog computing: Security issues, solutions and robust practices,” 2017 23rd International Conference on Automation and Computing (ICAC), 2017.

[2]. P. Kumar, N. Zaidi, and T. Choudhury, “Fog computing: Common security issues and proposed countermeasures,” 2016 International Conference System Modeling & Advancement in Research Trends (SMART), 2016.

[3]. “Mitigating Internal Data Theft Attack In Cloud Using Fog Computing,” International Journal of Recent Trends in Engineering and Research, vol. 3, no. 2, pp. 27–30, Sep. 2017.

[4]. Z. Qin, S. Yi, Q. Li, and D. Zamkov, “Preserving secondary users’ privacy in cognitive radio networks,” Proc. — IEEE INFOCOM, pp. 772–780, 2014.

[5]. C. Dsouza, G. J. Ahn, and M. Taguinod, “Policy-driven security management for fog computing: Preliminary framework and a case study,” Proc. 2014 IEEE 15th Int. Conf. Inf. Reuse Integr. IEEE IRI 2014, pp. 16–23, 2014.

[6]. Cisco.com. (2018). [online] Available at: https://www.cisco.com/c/dam/en_us/solutions/trends/iot/docs/computing-overview.pdf [Accessed 18 Sep. 2018].

Software Engineer at WSO2 , BSc.(Hons.) in Information Technology, University of Moratuwa.