Security Challenges in

Fog Computing
Presented by:
Nida Adnan Info.Tech15047
Farwa Arshad Info.Tech15034
Sumaira Amanat Info.Tech15062
Kanwal Saqlain Info.Tech15073
Madiha Akram Info.Tech15023
Ayeza Shahid Info.Tech15021
Department:
BS IT Semester 7th
Course Title:
Network Security
Instructor:
Sir Usman Ashraf
TITLE AND CONTENT LIST

• Introduction of Fog computing

• Scope
• Security Challenges
• Techniques
FOG, CLOUD COMPUTING, IOT DEFINITIONS:
CLOUD COMPUTING: “CLOUD COMPUTING INCLUDES SOME INTRINSIC CAPABILITIES
SUCH AS ON DEMAND COMPUTING, RESOURCE SHARING, SCALABILITY, PLIABLE
PRICING (PAY-PER-USE), REDUCED EFFORTS FOR MANAGEMENT, SERVICES
PROVISIONING AND REMOTE ACCESS ANYWHERE ANYTIME”.

INTERNET OF THINGS (IOT): “THE CONCEPT OF THE INTERNET OF THINGS (IOT)

BELONGS TO THE ENVIRONMENT IN WHICH INTERCONNECTED OBJECTS ARE
COMMUNICATED THROUGH INTERNET WITHOUT INVOLVEMENT OR INTERRUPTION OF
HUMANS ”.

FOG COMPUTING: FOG COMPUTING OR FOGGING COINED BY “CISCO” IS A

DISTRIBUTED INFRASTRUCTURE IN WHICH CERTAIN APPLICATION PROCESSES OR
SERVICES ARE MANAGED AT THE EDGE OF THE NETWORK BY A SMART DEVICE, BUT
OTHERS ARE STILL MANAGED IN THE CLOUD.
NEED OF FOGGING

As IoT has limitations in its storage and processing power, it is also suffering from
many issues like security, privacy, reliability and performance. To defeat these issues
Internet of Things is integrated with cloud known as “Cloud of Things (CoT)”.
 IoT applications generate large amount of data from devices so sending this
massive amount of data to cloud requires overly high network bandwidth.
Fog computing is a middle layer between the cloud and the hardware device to
enable more efficient data processing, analysis and storage, which is achieved by
reducing the amount of data which needs to be transported to the cloud.
 CLOUD-FOG INTEGRATION:
Like Cloud systems, a Fog system consists of Infrastructure,
Platform, and Software service layers respectively, along
with the addition of Data services.
Because of momentous physical distance between cloud
service provider’s and end users, cloud computing
endures considerable end-to-end delay, processing of
huge amount of data, traffic congestion and
communication expense.
 A fog-cloud integrated interface is hoped to provide
end-to-end services including how the cloud will distribute
services to the fog.
Fog computing functions in offloading the cloud data
centers and reducing service latency to the end users.
However, the characteristics of fog computing originates
new security challenges.
 SCOPE:
In fog computing, security should be provided at the edge or in
the devoted locations of fog nodes, contrasted to the centrally-
developed security procedures in dedicated buildings for data
centers of cloud.
Fog computing is a decentralized computing architecture
whereby data is processed and stored between the source of
origin and a cloud infrastructure
Fog computing paradigm will lead to deploy driverless cars that
will rely completely on automated input to perform navigations.
Fog systems can be used to make device data secure in-house
and encapsulated from vulnerable public networks. Data
backups can then be safely performed by deploying reliable
backup services.
ADVANCE PERSISTENT THREAT:

An advanced persistent threat (APT) is a prolonged cyberattack in which an attacker

accesses a network and remains undetected for a long period of time.
 The main goal of APT is to gain and maintain access to the targeted network rather
than to get in or out of the network as soon as possible.

Technique: Wireless Security

• Fog nodes can increase their mobility in secure manner, enables more IoT devices to
connect from anywhere and allows the Fog platform to become more cost-effective
alarms.
ACCESS CONTROL ISSUES:
Access control seeks to prevent such activities that could lead to breach of securityby making
sure in general that accesses to system’s resources and services occur according to the rules
defined in corresponding security policies.
Access Control issues cause poor management and any malicious user will become able to access
data and privilege to install software and change configurations, this will lead to malicious
security attacks.

Technique: Access Control System

• The access control in cloud computing is usually cryptographically implemented for outsourced
data. Symmetric key based solution is not scalable in key management. Several public key-based
solutions are proposed trying to achieve fine-grained access control. Yu et al have proposed a fine-
grained data access control scheme constructed on attribute-based encryption (ABE).
• [Limitations: The IoT (internet of things) devices that send data should be able to verify whether
the intended fog nodes are indeed secure]
DATA LOSS:

Data Loss is when data is unwillingly or accidentally deleted from the system by the user. This
issue can occur due to natural disaster but doesn’t result from a cyber security criminal.
Along with the damage to brand’s reputation, a loss could impact employees, business partners
and customers morale and trust too.
Loss of essence intellectual property could lead to weak and unstable financial conditions.
Technique: Elliptic Curve Cryptography
They can be used for Data loss and encryption by merging the key simultaneousness with a
symmetric encryption plot. They are similarly applied in a rare number of factorization
calculations dependent on elliptic bends that have applications in cryptography.
AUTHENTICATION:
Authentication is the process of verifying the identity of a user. It will be vital for fog and
cloud individual components which are independent, to register and then identify themselves
before conducting transactions.
If successful, this would provide access to backend processes and vast data stores.
Technique: Decoy Technique
A decoy framework offers an abundance of highlights that can help with insight information
gathering and system crime scene investigation These highlights provide or generate alerts in
response to the measurement results notice. [Limitations: Only one attack could be cured.
Others are ignored.]
Technique: Hook
Hook is a capacity of placing key into a machine bring to change it.
Technique: Intrusion Detection System
An intrusion detection system (IDS) is a device or software application that monitors a
network or systems for malicious activity or policy violations.
ACCOUNT OR SERVICE HIJACKING:
Account hijacking occurs when an attacker aims to hijack the personal users
accounts for despiteful activities. Phishing and spoofing are strong account hijacking
techniques.
If an attacker is succeeded to access your credentials, they can eavesdrop on your
secret transactions, alternate information, brings you falsified information, and
redirect your clients to outlawed sites.
Technique: Decoy Technique
A decoy framework offers an abundance of highlights that can help with insight
information gathering and system crime scene investigation These highlights provide
or generate alerts in response to the measurement results notice.
[Limitations: Only one attack could be cured. Others are ignored.]
BANDWIDTH:
Bandwidth is a range within a band of wavelengths, frequencies, or energies. It’s especially a
range of radio frequencies that is obtained by a modulated carrier wave and is assigned to a
service, or over which a device can operate.
Technique: Simulation Modelling
In simulation technique researcher consider a network, which consists of one geostationary
Earth orbit (GEO) satellite, 10 Low Earth Orbit (LEO) satellites, and three UAVs. When the
simulation starts, the source nodes (ground stations) begin to transmit packets to the
destination nodes. Applying UAV scenarios for data transmission accurately use network
resources such as increasing bandwidth and reduces end to end delay of communication. To
estimate the security criteria of UAV network, they use false data injection attacks to show the
impact of cyber-attack. The bandwidth deceiving attack is known as disruption.
[Limitations: The existing privacy measurements for cloud computing cannot be directly
applied to the fog computing due to its features, such as mobility, heterogeneity, and large-
scale geo-distribution.]
DATA BREACHES:
Data Breaches occur when secured sensitive or confidential data is stolen or revealed
by an attacker.
Data breach is another big issue in which credential data of customers of any
institution is accessed by an attacker and this data is provided to illegal persons to
make wrong usage of this data.
Technique: Multifaceted Verification MFA
• Multifaceted verification (MFA) is a technique that joins at least two free
certifications known to the client and is intended to ensure the system if either
accreditation have been endangered.
 DISTRIBUTED DENIAL OF SERVICE:
 Denial of Service arises when legitimate or authorized users faces hindrance from using data and applications
by creating resistance over a system’s finite resources.
 The DDoS attack is mainly an attack on availability i.e. victim machine becomes unavailable to the valid users
trying to establish a connection with it.
 But when a DDoS attack arises in a cloud environment it washes up all the resources of the target victim
machine and overloaded it.
 Technique: Filtering Routers
 In this technique all incoming and leaving packets in the network are filtered from attacks directed by
adjoining networks. This approach involves installing egress and ingress packet filters on every router.
 Technique: Load Balancing
• This approach is used perform prolongation of services after disaster of one or more modules. Although the
purpose of load balancer is to lessen the resource feasting, save cost and allow scalability.
 Technique: Applying Security Patches
• This approach is used to provide protection for denial of service attacks for that purpose host computers must be
modernized with up-to-date security patches and techniques.
 ENCRYPTION:
 The process of converting delicate information or data into a code or meaningless text, especially to prevent unauthorized
access. It is a process of translating simple text information into meaningless text that looks to be random.
 Technique: Advanced Encryption Standard AES
• AES is thought for style based mostly standard that has replacement and variations and is alleged to be quick in each
software system additionally as hardware In fog at this time AES secret writing formula is taken into account as associate
model Advanced Encryption Standard(AES) formula consisting encryption in 1st part and forwarding corresponding
knowledge to fog engine for additional analysis in second whereas in third part it offers decipherment(decryption) of
encrypted knowledge to induce valid knowledge .
• [Limitations: For encrypting the data AES algorithm requires more processing time along with complex security
overhead.]
 Technique: Emoticons
 In this approach, the emoticons that are typically utilized in chats, short message services and comments, are used as
cover media to deliver the information in a hidden manner. These are popularly used icons particularly wherever there’s a
restriction on the quantity of characters.
 [Limitations: It requires lots of memory since encrypting the data using cover text (emoticons) requires additional
memory.]
 INSECURE API:
Many cloud-fog providers disclose a set of software interfaces and Application Programming
Interfaces (APIs) for their customers.
 In many cloud systems, these APIs are the only vital asset within the trusted organizational
boundary, so they are the priority for many attackers trying to breach an organization.
Only rely on weak interfaces and APIs subject organizations to several security issues related to
confidentiality, integrity, availability and accountability.
Technique: Secure Multitenancy
Multi tenancy is a design in which a single request of a software application aids numerous
customers. It deals with secure data association between accepted user, avoidance of memory
escaping/hopping attacks to protect each user’s space and increase in efficient use and allocation of
fog resources.
[Limitations: Multitenancy needs to be defined before deployment]
 INTEGRITY:
 Integrity is the declaration that digital information is faultless and can only be
accessed or modified by those users authorized to do so.
 Integrity involves maintaining the firmness, validity and consistency of data.
Technique: Biometric Verification
• Biometric authentication technique identifies the credential of an input sample when
compared to a template, used in cases to identify particular people by specific
characteristics.
• [Limitations: Service provider can change or delete data, but client cannot directly
access the data on server]
 MALICIOUS INSIDER:
Malicious Insider is a user who has legitimate access to the network and system but has
intentionally decided to act in a malicious manner.
Data stealing attacks are enlarged if the attacker is a malicious insider. This is thought as one
of the severe threat to cloud computing by the Cloud Security Alliance.
 After stealing a customer’s password and private key, the malicious insider becomes able to
access all user data, while the user has no means of acknowledging this unauthorized access.
Technique: User Behavior Profiling
• User profiling is a well-known technique that may be applied to test how, when a lot of a user
accesses their data within the Cloud and fog.
• Such ‘normal user’ behavior will be incessantly checked to see whether abnormal access to a
user’s data is happening. This methodology is usually utilized in fraud detection applications.
 NETWORK MANAGEMENT:
Wireless network security is major concern in fog networking, due to the dominant use of
wireless networking in fog computing.
Cloud computing model involves multiple data centers across multiple locations and each
data center is shared with many customers and their data needs, which makes investigating
and detecting of unauthorized or inappropriate activity significantly difficult in a cloud
environment.
Technique: Radio Security
• This approach makes use of commitment scheme along with 0 information proof to preserve
the privacy of cease person and to defend the records glide over the radio community.
• Technique: SDN
SDN method in fog computing will bring fog networking security new possibilities.
 SHARED TECHNOLOGY ISSUES:
This issue occurs due to sharing of hardware devices, storage, platforms or applications.
]. Infrastructure vendors provide their services in an ascendable manner by sharing
infrastructure.
The underneath components that build up this infrastructure were not designed to render
strong separation properties for a multi-tenant architecture.
To fill up this gap, a virtualization hypervisor intermediates access between guest operating
systems and the compute resources
Technique: Multitenancy
• Multi tenancy is a design in which a single request of a software application aids numerous
customers. It deals with secure data association between accepted user, avoidance of memory
escaping/hopping attacks to protect each user’s space and increase in efficient use and
allocation of fog resources.
 TRUST:
Internet of things expected to be required safe and reliable data communication
services to the users. This requires all individual nodes that are part of the fog system
to have a specific aspect of trust on one another.
Technique: TPM
• Module consists of an extra root key that is shared between the end device and
the cloud. TPM focuses on optimizing making plans and scheduling.
Availability, performance and yield are different factors that affect productivity.
• [Limitations: Other security aspects are not considered]
 CONCLUSION:
Fog platform is relatively a modern and recent area of research. The intention of this
survey was to examine and analyze the security challenges in fog computing occurs
specially when integrated with cloud. We have discussed the security challenges in
depth and techniques too, which are specified by many researchers to overcome these
challenges. Also, we have discussed the integration of cloud and fog, along with the
involvement of Internet of Things (IoT) in fog and cloud (CoT Cloud of Things). So,
this paper will be helpful for new readers, researchers and developers to recognize
security challenges and the useful measures to remove these security issues. Our goal
was to provide a starting point for developing secure data communication services in
fog computer.