Vijay Karnatak,Amit Kumar Mishra,Neha Tripathi,Mohammad Wazid,Jaskaran Singh,Ashok Kumar Das

DOI: https://doi.org/10.1002/spy2.353

2023-11-03

Security and Privacy

Abstract:Fog computing is a distributed computing architecture, as opposed to depending entirely on centralized cloud servers, which brings the processing of data, functionality of an application, and its storage closer to the network's edge, where it can be closer to the data source or an end‐user device. Some of the potential applications of the fog computing‐based Internet of Things (IoT)‐enabled system are smart healthcare, smart agriculture, smart manufacturing, intelligent transportation system, and smart cities (i.e., in parking management, lighting control, traffic control, and security of civilians). The fog computing‐based IoT‐enabled system is vulnerable to various attacks. Therefore, one needs to deploy security mechanisms, like authentication, access control, key management, and malware detection, in order to secure its communication. In this article, we design a signature‐based access control and key management scheme for fog computing‐based IoT‐enabled big data applications (in short, SBAC‐FC). A detailed security analysis and performance comparison of the SBAC‐FC with other similar existing schemes reveal that the SBAC‐FC surpasses the existing schemes in terms of security and functionality characteristics, as well as complexity overheads.

Yijian Lin,Xiaoming Wang,Qingqing Gan,Mengting Yao

DOI: https://doi.org/10.1016/j.jisa.2021.103022

IF: 4.96

2021-01-01

Journal of Information Security and Applications

Abstract:Nowadays, fog computing has become an emerging hot-topic for possessing the same advantages as cloud computing and the lower latency. Nevertheless, there are still many issues in fog computing that worth studying, the most importantly of which are key agreement and user authentication. In order to achieve secure communication among different entities, designing a secure key agreement and user authentication scheme becomes an urgent issue. Although many schemes have been investigated the key agreement and user authentication for cloud computing, these schemes cannot be directly applied to the fog computing due to efficiency and cost. To tackle this problem, we propose a secure and efficient key agreement and user authentication scheme for fog computing. Our scheme can establish secure sessions among different entities, and users can achieve cross-domain access to other fog server. Most importantly, Our scheme satisfies the perfect forward security and the complete anonymity. We prove that our scheme is secure in the random oracle model, and achieve formal security verification through the AVISPA tool. Finally, the performance analysis demonstrates that our scheme tends to be more efficient in comparison with similar schemes.

Thankaraja Raja Sree,R. Harish,T. Veni

DOI: https://doi.org/10.1002/cpe.8054

2024-03-02

Concurrency and Computation Practice and Experience

Abstract:Summary As opposed to cloud servers, fog servers, and fog users may be malicious, so developing a mutual identity‐preserving authentication mechanism between them is a crucial and difficult problem in fog computing. Such a technique must conceal the user's true identity from the adversary; otherwise, the adversary will be able to determine which fog user and fog server are in communication. This article suggests a secure and reliable anonymous mutual authentication system for use at the network's edge between fog users and fog servers. With the aid of the registration authority (RA) in our system, they can verify one another and decide on a new session key that will be used to encrypt messages throughout the session. Fog users don't need to re‐register with RA to wander freely over the network and authenticate to any fog server that is within their range. The proposed technique only needs a small number of symmetric encryption/decryption and one‐way hash functions, making it easy to implement for fog‐user devices with limited resources. The new scheme's performance is evaluated in comparison to the existing one, showing that it is more resilient to various types of assaults (such as known plaintext attacks, man‐in‐the‐middle attacks, session hijacking, etc.). The widely used Automated Validation of Internet Security Protocols and Applications tool is used to verify the proposed system. The outcomes demonstrate that our approach can safely withstand different attacks and accomplish the desired outcomes. Additionally, the proposed method is tested in real‐world scenarios with the NS3 simulator.

computer science, theory & methods, software engineering

Awaneesh Kumar Yadav,An Braeken,Manoj Misra

DOI: https://doi.org/10.1007/s11227-023-05064-y

IF: 3.3

2023-02-24

The Journal of Supercomputing

Abstract:Fog and dew computing represent relatively new computing paradigms in the literature. The main idea is to offload the computation processes from the device to a more nearby fog or dew server, who further forwards it to the central server. In the case of dew computing, the dew server is considered to lose connection with the central server and should be able to function autonomously most of the time. In the literature, several public-key-based tripartite schemes, offering a full set of security features, have been proposed that can serve the purpose. However, due to the large difference in performance between symmetric and public key-based cryptographic algorithms, this paper proposes a symmetric key-based authentication and key agreement protocol, consisting of a long and a short authentication process, addressing both fog and dew computing scenarios. Moreover, we conduct the informal and formal (ROR logic, GNY logic, and Scyther tool) security analysis to ensure that the scheme satisfies the most important security features described in the literature, in addition to offering protection against a semi-trusted third party. Furthermore, we assess the performance of the long and the short authentication phases in terms of computational, communication, storage costs, and energy consumption, revealing that it is less expensive than its competitors. Additionally, we show that when compared to its competitors, the long and the short authentication phases have less overhead when unknown attacks occur. We also use the NS2 network simulator tool to execute a real-time implementation of the long and the short authentication phase to ensure that it is realistic in practical implementation.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Hala Ali,Irfan Ahmed

DOI: https://doi.org/10.1016/j.cose.2024.103770

IF: 5.105

2024-02-23

Computers & Security

Abstract:Fog computing is a new computing model with limited resources located near the Internet of Things (IoT) devices to provide low transmission delay, mobility, and location awareness services. However, fog technology not only extends the cloud resources but also inherits the cloud properties and its security problems, such as device capture, man-in-the-middle, secret key compromise, identity impersonation, and message replay attacks. These vulnerabilities pose significant risks to the integrity of IoT-fog communications. However, the existing mutual authentication approaches either suffer from high computational overheads or fail to provide secure mutual authentication. To address this gap, this paper introduces LAAKA , a Lightweight Anonymous Authentication and Key Agreement scheme. LAAKA considers the constrained resources of IoT and fog devices through utilizing lightweight operations such as hash function and bitwise XOR. Its main objective is to facilitate mutual authentication and establish secure session keys between IoT devices and fog servers, making it useful for various IoT applications. We validate the robustness of LAAKA against various security threats by conducting comprehensive formal security analysis, including BAN logic and the Random Oracle Model (ROM), as well as informal analysis. The efficacy of our scheme is further demonstrated through evaluation with the Scyther tool. Compared to other proposed authentication approaches, the results demonstrate the superior performance and efficiency of our approach in enhancing the security features, minimizing the computational cost, and optimizing storage utilization.

computer science, information systems

Zhi Li,Yanzhu Liu,Di Liu,Chunyang Li,Wei Cui,Guanglin Hu

DOI: https://doi.org/10.1109/CC.2018.8543057

2018-01-01

China Communications

Abstract:Fog computing is a new paradigm supporting the stringent requirements of mobility applications by bridging cloud computing and smart devices. Since the smart devices may be deployed in dynamic areas where are out of strict monitoring and protection, fog computing requires security protections to ensure confidentiality and integrity. In this article, to deal with security requirements and considering the distinctive features, a key management based on hypergraph schemed is designed. Firstly, based on the key hypergraph, the three hierarchy architecture of fog computing is divided into two subnetworks. Furthermore, each key management process of both two subnetworks is designed to satisfy the operational and security requirements of fog computing. Finally, the performance evaluation and numerical simulation have been provided to validate the proposed scheme.

Xiaoying Jia,Debiao He,Neeraj Kumar,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1007/s11276-018-1759-3

IF: 2.701

2018-01-01

Wireless Networks

Abstract:The convergence of cloud computing and Internet of Things (IoT) is partially due to the pragmatic need for delivering extended services to a broader user base in diverse situations. However, cloud computing has its limitation for applications requiring low-latency and high mobility, particularly in adversarial settings (e.g. battlefields). To some extent, such limitations can be mitigated in a fog computing paradigm since the latter bridges the gap between remote cloud data center and the end devices (via some fog nodes). However, fog nodes are often deployed in remote and unprotected places. This necessitates the design of security solutions for a fog-based environment. In this paper, we investigate the fog-driven IoT healthcare system, focusing only on authentication and key agreement. Specifically, we propose a three-party authenticated key agreement protocol from bilinear pairings. We introduce the security model and present the formal security proof, as well as security analysis against common attacks. We then evaluate its performance, in terms of communication and computation costs.

Premkumar, N.,Kumar, B. Santhosh

DOI: https://doi.org/10.1007/s11277-024-11596-0

IF: 2.017

2024-11-06

Wireless Personal Communications

Abstract:Recently, Fog computing become a hot research area with the fast development of Internet of Things (IoT) which cannot be handled efficiently by the traditional cloud computing. The essence of Fog computing is to place some datacenters at the edge of the network called as Edge DataCenters (EDCs) or fog nodes with limited storage and processing capabilities, which is closer to the location of data sources, and located between cloud datacenter and the data source. This EDCs serve as a storage and processing point in the network and act as a middle layer between cloud datacenter and IoT in the fog hierarchy. Since most of the EDCs are positioned in isolated environments, the need for secure authentication is of major importance. Thus, ensuring that only legitimate EDCs are allowed in the environment become an attractive research problem. There are few techniques have been proposed in the past for authenticating EDCs to discover legitimate EDCs and permit secure communication. Unfortunately, such techniques involved memory intensive and complex calculations which pay no attention to the resource limitation nature of the EDCs. Thus, to address these challenges, a lightweight strong authentication algorithm has been proposed to ensure safe communication between EDCs. The computation costs of the proposed scheme is low compared to other solutions, thus it has been proved lightweight and can be a suitable solution for resource constrained devices.

telecommunications

Tong Chen,Lei Zhang,Kim-Kwang Raymond Choo,Rui Zhang,Xinyu Meng

DOI: https://doi.org/10.1109/jiot.2021.3050562

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:There are a number of benefits associated with the deployment of fog computing, for example, by analyzing and computing data from Internet-of-Things (IoT) devices at the fog nodes reduce the bandwidth, computational, and storage overheads at the cloud servers and improve user quality of experience (e.g., due to reduced latency). However, there are also additional security implications and requirements. For example, secure keys are needed to establish secure channels among these distributed fog nodes. Therefore, to facilitate fog nodes in managing secure keys and establishing secure group channels, we present a novel fog system and propose a blockchain-based group key management scheme that builds on an earlier work. We also design a new resource authentication mechanism based on Proof of Work (PoW), and when deployed in our fog system facilitates resource authentication (i.e., a fog node in a fog system can evaluate the capability of a fog device's computing power before the device is permitted to enter the system). Findings from our simulations and secure analysis demonstrate the utility of our system.

Gulshan Kumar,Rahul Saha,Mritunjay Kumar Rai,Reji Thomas,G. Geetha,Tai-Hoon Kim,Joel J. P. C. Rodrigues

DOI: https://doi.org/10.1109/jiot.2020.2991105

IF: 10.6

2020-01-01

IEEE Internet of Things Journal

Abstract:Interconnection and intercommunication between people, processes, and things have been enhanced with the development of the Internet of Things (IoT) and extended with fog computing for better efficiency. Fog computing improves the network services and circumvents the problem of escalated data management as an interface between cloud and terminal with the requirement of secure data transmission. In this article, a novel security framework is designed for fog computing intended for improving the security of IoT. This framework uses single point of aggregation from fog interface and lattice cryptographic approach to establish the security for the services. Azure cloud platform and Sage lattice cryptographic base have been employed to evaluate the performance of the framework. It is noticed that the Level 1-Level 2 (L1-L2) cache implementation in the system significantly improves the efficiency of the framework. The results show that the proposed framework is robust in preventing attacks on fog nodes and additionally provides an advantage for low communication overhead.

Baiyi Huang,Xiuzhen Cheng,Yuan Cao,Le Zhang

DOI: https://doi.org/10.1109/sec.2018.00059

2018-01-01

Abstract:Fog computing is a new paradigm that extends cloud computing to the network edges. As data processing, communications, and control are performed more closely to the end-user devices in fog computing, chances for the attackers to gain unauthorized accesses to sensitive data have been greatly increased. In this paper, we propose a new resource-efficient physical unclonable function (PUF) based authentication scheme to protect the security and privacy of the confidential information in edge devices. Unlike other PUF based lightweight authentication schemes, our proposed method remarkably increases the machine learning attack time without requiring a server to store a large amount of challenge response pairs (CRPs). Besides, a new strong PUF with feedback loop is employed in our scheme to further resist the machine learning attacks that have demonstrated efficacy in compromising strong PUFs. Our proof-of-concept implementation shows that the proposed scheme is suitable for resource-constrained end-user devices in terms of memory, computation, and security.

Abdullah Al-Noman Patwary,Anmin Fu,Sudheer Kumar Battula,Ranesh Kumar Naha,Saurabh Garg,Aniket Mahanti

DOI: https://doi.org/10.1016/j.comcom.2020.08.021

IF: 5.047

2020-01-01

Computer Communications

Abstract:Fog computing is an emerging computing paradigm which expands cloud-based computing services near the network edge. With this new computing paradigm, new challenges arise in terms of security and privacy. These concerns are due to the distributed ownership of Fog devices. Because of the large scale distributed nature of devices at the Fog layer, secure authentication for communication among these devices is a major challenge. The traditional authentication methods (password-based, certificate-based and biometric-based) are not directly applicable due to the unique architecture and characteristics of the Fog. Moreover, the traditional authentication methods consume significantly more computation power and incur high latency, and this does not meet the key requirements of the Fog. To fill this gap, this article proposes a secure decentralised location-based device to device (D2D) authentication model in which Fog devices can mutually authenticate each other at the Fog layer by using Blockchain. We considered an Ethereum Blockchain platform for the Fog device registration, authentication, attestation and data storage. We presented the overall system architecture, various participants and their transactions and message interaction between the participants. We validated the proposed model by comparing it with the existing method; results showed that the proposed authentication mechanism was efficient and secure. From the performance evaluation, it was found that the proposed method is computationally efficient and secure in a highly distributed Fog network.

Yongkai Fan,Guanqun Zhao,Xiaofeng Sun,Jinghan Wang,Xia Lei,Fanglue Xia

DOI: https://doi.org/10.1145/3338507.3358621

2019-01-01

Abstract:As an extension of cloud computing, fog computing environment as well as fog node plays an increasingly important role in internet of things (IoT). This technology provides IoT with more distributed and efficient applications and services. However, IoT nodes have so much variety and perform poorly, which leads to more security issues. For this situation, we initially design a security scheme for the IoT fog environment. Based on the combination of Blockchain and Trusted Execution Environment (TEE) technologies, the security of data storage and transmission from fog nodes to the cloud are ensured, thus ensuring the trustworthiness of the data source in the fog environment.

Lintao Dang,Mianxiong Dong,Kaoru Ota,Jun Wu,Jianhua Li,Gaolei Li

DOI: https://doi.org/10.1109/icc.2018.8422844

2018-01-01

Abstract:Recently, an accelerating number of studies are dedicated to deploying various IoT applications in the information centric network paradigm which has lower system complexity than traditional network architectures. However, such a paradigm poses a number of security challenges especially when it is applied in real-time e-health applications. Firstly, it is difficult to ensure security of sensitive data in such a distributed data caching environment because after the data is published in the form of a packet to the information centric network (ICN), it is no longer controlled by the data publisher. Secondly, in some real-time e-health applications, terminal medical sensors are usually resource-constrained, limiting the direct adoption of expensive cryptographic primitives. In order to address these challenges, a resource-efficient secure data sharing scheme in information centric e-health system is proposed, one that utilizes ciphertext-policy attribute based encryption (CP-ABE) and adapts it to the above-mentioned system with respect to necessary security requirements. It also exploits computation resources of fog nodes and employs outsourcing cryptography to improve system efficiency.The evaluation demonstrates that the scheme can significantly reduce the computation overheads of the resource-constrained terminal medical devices, and can better support the real-time e-health applications.

Ke Gu,Wenbin Zhang,Xiong Li,Weijia Jia

DOI: https://doi.org/10.1109/tnsm.2021.3123475

2021-01-01

IEEE Transactions on Network and Service Management

Abstract:Presently many searchable encryption schemes have been proposed for cloud and fog computing, which use fog nodes (or fog servers) to partly undertake some computational tasks. However, these related schemes still retain cloud servers to undertake most computational tasks, which result in large communication costs between edge devices and cloud servers. Therefore, in this paper we propose a self-verifiable attribute-based keyword search scheme for distributed data storage (SV-KSDS) in full fog computing, where each decryption operation on the data required by a user must meet the negotiated decryption rule between fog servers. Our SV-KSDS scheme first provides attribute-based distributed data storage among fog servers through the (w, sigma) threshold secret-sharing scheme, where fog servers can provide self-verifiable keyword search and data decryption for terminal users. Compared with the data storage in cloud computing, our scheme extends it to the distributed structure while providing fine-grained access control for distributed data storage through attribute-based encryption. The access control policy of our scheme is constructed on linear secret-sharing scheme, whose security is reduced to the decisional bilinear Diffie-Hellman assumption against chosen-keyword attack and the decisional q-parallel bilinear Diffie-Hellman assumption against chosen-plaintext attack in the standard model. Based on theoretical analysis and practical testing, our SV-KSDS scheme generates less computation and communication costs, which further unloads some computational tasks from terminal users to fog servers so as to reduce computing costs of terminal users.

Mayuresh Sunil Pardeshi,Ruey-Kai Sheu,Shyan-Ming Yuan

DOI: https://doi.org/10.3390/s22020607

2022-01-13

Abstract:Authentication is essential for the prevention of various types of attacks in fog/edge computing. Therefore, a novel mode-based hash chain for secure mutual authentication is necessary to address the Internet of Things (IoT) devices' vulnerability, as there have been several years of growing concerns regarding their security. Therefore, a novel model is designed that is stronger and effective against any kind of unauthorized attack, as IoT devices' vulnerability is on the rise due to the mass production of IoT devices (embedded processors, camera, sensors, etc.), which ignore the basic security requirements (passwords, secure communication), making them vulnerable and easily accessible. Furthermore, crackable passwords indicate that the security measures taken are insufficient. As per the recent studies, several applications regarding its requirements are the IoT distributed denial of service attack (IDDOS), micro-cloud, secure university, Secure Industry 4.0, secure government, secure country, etc. The problem statement is formulated as the "design and implementation of dynamically interconnecting fog servers and edge devices using the mode-based hash chain for secure mutual authentication protocol", which is stated to be an NP-complete problem. The hash-chain fog/edge implementation using timestamps, mode-based hash chaining, the zero-knowledge proof property, a distributed database/blockchain, and cryptography techniques can be utilized to establish the connection of smart devices in large numbers securely. The hash-chain fog/edge uses blockchain for identity management only, which is used to store the public keys in distributed ledger form, and all these keys are immutable. In addition, it has no overhead and is highly secure as it performs fewer calculations and requires minimum infrastructure. Therefore, we designed the hash-chain fog/edge (HCFE) protocol, which provides a novel mutual authentication scheme for effective session key agreement (using ZKP properties) with secure protocol communications. The experiment outcomes proved that the hash-chain fog/edge is more efficient at interconnecting various devices and competed favorably in the benchmark comparison.

Mohammed Alshehri,Brajendra Panda

DOI: https://doi.org/10.48550/arXiv.2001.04490

2020-01-13

Cryptography and Security

Abstract:People have used cloud computing approach to store their data remotely. As auspicious as this approach is, it brings forth many challenges: from data security to time latency issues with data computation as well as delivery to end users. Fog computing has emerged as an extension for cloud computing to bring data processing and storage close to end-users; however, it minimizes the time latency issue but still suffers from data security challenges. For instance, when a fog node providing services to end users is compromised, the users' data security can be violated. Thus, this paper proposes a secure and fine-grained data access control scheme by integrating the CP-ABE algorithm and blockchain concept to prevent fog nodes from violating end users' data security in a situation where a compromised fog node is being ousted. We also classify the fog nodes into fog federations, based on their attributes such as services and locations, to minimize the time latency and communication overhead between fog nodes and cloud server. Further, the exploitation and integration of the blockchain concept and the CP-ABE algorithm enables fog nodes in the same fog federation to perform the authorization process in a distributed manner. In addition, to solve time latency and communication overhead problems, we equip every fog node with an off-chain database to store most frequently accessed data files for specific time, and with an on-chain access control policies table (On-chain Files Tracking Table) which must be protected from being tampered by malicious (rogue) fog nodes. Therefore, blockchain plays a vital role here as it is tamper-proof by nature. We demonstrate our scheme's efficiency and feasibility by designing algorithms and conducting a security analysis. The provided analysis shows that the proposed scheme is efficient and feasible in ousting malicious (rogue) fog nodes.

Yimin Guo,Zhenfeng Zhang,Yajun Guo

DOI: https://doi.org/10.1016/j.comnet.2022.108818

IF: 5.493

2022-04-01

Computer Networks

Abstract:Fog computing is the best solution for IoT applications with low latency and real-time interaction. Fog can endow smart home with many smart functions and services. One of the most important services is that users can remotely access and control smart devices. Since remote users and smart homes communicate through insecure channels, it is necessary to design a secure and effective remote authentication scheme to guarantee secure communications. The existing authentication schemes designed for smart homes have some security issues and are not suitable for fog-enabled smart home environments. Therefore, this paper designs a secure remote user authentication scheme, SecFHome. It supports secure communication at the edge of the network and remote authentication in fog-enabled smart home systems. Specifically, We present an efficient authentication mode in the fog-enabled environment, which includes the edge negotiation phase and the authentication phase. SecFHome adds updated information to the authenticator, which can verify the message synchronization simultaneously with the authentication, thus improving the authentication efficiency. In addition, SecFHome does not store sensitive information of users and smart devices in the memory of the smart gateway, which can avoid various attacks caused by the compromised gateway. The formal security proof and informal security analysis show that the SecFHome is secure and can resist known attacks. Compared with the related authentication schemes, SecFHome only needs fewer communication costs and computation costs, and achieves more security features.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Tian Wang,Jiyuan Zhou,Minzhe Huang,Zakirul Alam Bhuiyan,Anfeng Liu,Wenzheng Xu,Mande Xie

DOI: https://doi.org/10.1016/j.future.2017.12.036

IF: 7.307

2018-01-01

Future Generation Computer Systems

Abstract:The recent emergence of cloud computing has drastically influenced everyone’s perception of infrastructure architectures, data transmission and other aspects. With the advent of both mobile networks and cloud computing, the computationally-intensive services are moving to the cloud, and the end user’s mobile device is used as an interface to access these services. However, cyber threats are also becoming various and sophisticated, which will endanger the security of users’ private data. In traditional service mode, users’ data is totally stored in the cloud, they lose the right of control on their data and face cyber threats such as data loss and malicious modification. To this end, we propose a novel cloud storage scheme based on fog computing. In our scheme, user’s private data is separately stored in the cloud and fog servers. By this way, the integrity, availability and confidentiality of user’s data can be ensured because the data is retrieved from cloud as well as fog, which is safer. We implement a system prototype and design a series of mechanisms. Extensive experiments results also validate the proposed scheme and methods.

Li, Xinghua,Chen, Ting,Cheng, Qingfeng,Ma, Jianfeng

DOI: https://doi.org/10.1007/s11704-021-0537-z

IF: 2.6688

2021-01-01

Frontiers of Computer Science

Abstract:Because of its closeness to users, fog computing responds faster than cloud computing. Thus, it has been deployed to various applications, such as healthcare system. Recently, to ensure the secure communication of the fog-based healthcare system, Jia et al. proposed an authenticated key agreement scheme. Moreover, in view of the high computation cost existing in Jia et al.’s scheme, Ma et al. presented an efficient one using elliptic curve cryptography. In this paper, we observe that both the two schemes may potentially risk ephemeral key compromise attacks and need improving. Therefore, to overcome this potential risk, we propose a new authenticated scheme based on Jia et al.’s scheme using elliptic curve computational Diffie-Hellman hypothesis and hash functions. Additionally, we provide provable security under the adopted adversarial model and ProVerif simulation, and also analyze the performance in terms of computation and communication costs by comparisons. The analysis results show that the improved scheme resists the common attacks, reduces computation overhead, and has a certain significance.