How to Troubleshoot Apps for the Modern Connected Worker
Cloud Security with Fog Computing
1. 1
1. ABSTRACT
Cloud is basically a clusters of multiple dedicated servers attached within a
network. Cloud Computing is a network based environment that focuses on sharing
computations or resources. In cloud customers only pay for what they use and have
not to pay for local resources which they need such as storage or infrastructure. so
this is the main advantage of cloud computing and main reason for gaining popularity
in todays world Also..But in cloud the main problem that occurs is security. And now
a day’s security and privacy both are main concern that needed to be considered. To
overcome the problem of security we are introducing the new technique which is
called as Fog Computing .Fog Computing is not a replacement of cloud it is just
extends the cloud computing by providing security in the cloud environment. With
Fog services we are able to enhance the cloud experience by isolating user’s data that
need to live on the edge. The main aim of fog computing is to place the data close to
the end user.
2. 2
2. INTRODUCTION
In today's worlds the small as well as big -big organizations are using cloud computing
technology to protect their data and to use the cloud resources as and when they need.
Cloud is a subscription based service .Cloud computing is a shared pool of resources. The
way of use computers and store our personal and business information can arises new
data security challenges. Encryption mechanisms not protect the data in the cloud from
unauthorized access. As we know that the traditional database system are usually
deployed in closed environment where user can access the system only through a
restricted network or internet. With the fast growth of W.W.W user can access virtually
any database for which they have proper access right from anywhere in the world . By
registering into cloud the users are ready to get the resources from cloud providers and
the organization can access their data from anywhere and at any time when they need.
But this comfortness comes with certain type of risk like security and privacy. To
overcome by this problem we are using a new technique called as fog computing. Fog
computing provides security in cloud environment in a greater extend to get the benefit of
this technique a user need to get registered with the fog. once the user is ready by filling
up the sign up form he will get the message or email that he is ready to take the services
from fog computing.
2.1 Existing System
Existing data protection mechanisms such as encryption was failed in securing the
data from the attackers. It does not verify whether the user was authorized or not. Cloud
computing security does not focus on ways of secure the data from unauthorized access.
Encryption does not provide much security to our data. In 2009.We have our own
confidential documents in the cloud. This files does not have much security. So, hacker
gains access the documents. Twitter incident is one example of a data theft attack in the
Cloud. Difficult to find the attacker. In 2010 and 2011 Cloud computing security was
developed against attackers. Finding of hackers in the cloud. Additionally, it shows that
recent research results that might be useful to protect data in the cloud.
3. 3
2.2 Proposed System
We proposed a completely new technique to secure user’s data in cloud using user
behavior and decoy information technology called as Fog Computing. We use this
technique to provide data security in the cloud. A different approach for securing data in
the cloud using offensive decoy technology. We monitor data access in the cloud and
detect abnormal data access patterns. In this technique when the unauthorized person try
to access the data of the real user the system generates the fake documents in such a way
that the unauthorized person was also not able to identify that the data is fake or real .It is
identified thought a question which is entered by the real user at the time of filling the
sign up form. If the answer of the question is wrong it means the user is not the real user
and the system provide the fake document else original documents will be provided by
the system to the real user.
4. 4
3. SYSTEM OVERVIEW
3.1 Cloud Architecture
In Cloud architecture, the systems architecture(A system architecture or systems
architecture is the conceptual model that defines the structure, behavior, and more views
of a system. An architecture description is a formal description and representation of a
system) of the software systems(The term software system is often used as a synonym of
computer program or software.) involved in the delivery of cloud computing, typically
involves multiple cloud components communicating with each other over application
programming interfaces, usually web services. This resembles the Unix philosophy of
having multiple programs each doing one thing well and working together over universal
interfaces. Complexity is controlled and the resulting systems are more manageable than
their monolithic counterparts.
Fig 1 :Cloud Computing Sample Architecture
5. 5
3.2 Cloud computing Services:
Cloud computing is a model for enabling convenient, on demand network access
to a shared pool of configurable computing resources (for example, networks, servers,
storage, applications, and services) that can be rapidly provisioned and released with
minimal management effort or service-provider interaction. It is divide into three types.
1. Application as a service.
2. Infrastructure as a service.
3. Platform as a service.
Fig 2: Cloud computing Services
Cloud computing exhibits the following key characteristics:
1. Agility:
improves with users' ability to re-provision technological infrastructure resources.
6. 6
2. Cost:
Cost is claimed to be reduced and in a public cloud delivery model capital
expenditure is converted to operational expenditure. This is purported to
lower barriers to entry, as infrastructure is typically provided by a third-party and
does not need to be purchased for one-time or infrequent intensive computing tasks.
Pricing on a utility computing basis is fine-grained with usage-based options and
fewer IT skills are required for implementation. The e-FISCAL project's state of the
art repository contains several articles looking into cost aspects in more detail, most
of them concluding that costs savings depend on the type of activities supported and
the type of infrastructure available in-house.
3. Virtualization:
Technology allows servers and storage devices to be shared and utilization be
increased. Applications can be easily migrated from one physical server to another.
4. Multi tenancy:
Enables sharing of resources and costs across a large pool of users thus allowing
for.
5. Centralization:
Centralization of infrastructure in locations with lower costs. (such as real estate,
electricity, etc.)
6. Utilization and efficiency:
Improvements for systems that are often only 10–20% utilized.
7. Reliability:
Reliability is improved if multiple redundant sites are used, which makes well-
designed cloud computing suitable for business continuity and disaster recovery.
7. 7
8. Performance:
Performance is monitored and consistent and loosely coupled architectures are
constructed using web services as the system interface.
9. Security:
Could improve due to centralization of data, increased security-focused resources,
etc., but concerns can persist about loss of control over certain sensitive data, and
the lack of security for stored kernels. Security is often as good as or better than
other traditional systems, in part because providers are able to devote resources to
solving security issues that many customers cannot afford. However, the
complexity of security is greatly increased when data is distributed over a wider
area or greater number of devices and in multi-tenant systems that are being shared
by unrelated users. In addition, user access to security audit logs may be difficult or
impossible. Private cloud installations are in part motivated by users' desire to retain
control over the infrastructure and avoid losing control of information security.
10. Maintenance:
Maintenance of cloud computing applications is easier, because they do not need to
be installed on each user's computer and can be accessed from different places.
Fig 3: Represents The Benefit
8. 8
3.3 Security Issues in Service Model
Cloud computing having three delivery models through which services are
delivered to end users. These models are SaaS, IaaS and PaaS which provide software,
Infrastructure and platform assets to the users. They have different level of security
requirements.
Fig 4 : Security Issues in Service Model
Security issues in SaaS:
Software as service is a model, where the software applications are hosted slightly by the
service provider and available to users on request, over the internet. In SaaS, client data is
available on the internet and may be visible to other users, it is the responsibility of
provider to set proper security checks for data protection. This is the major security risk,
which create a problem in secure data migration and storage. The following security
measures should be counted in SaaS application improvement process such that Data
Security, Data locality, Data integrity, Data separation, Data access, Data confidentiality,
Data breaches, Network Security, Authentication and authorization, Web application
security, Identity management process. The following are the basics issues through which
malicious user get access and violate the data Aruna et al., International Journal of SQL
Injection flaw, Cross-site request forgery, Insecure storage, Insecure configuration.
9. 9
Security issues in PaaS:
PaaS is the layer above the IaaS. It deals with operating system, middleware, etc. It
provides set of service through which a developer can complete a development process
from testing to maintenance. It is complete platform where user can complete
development task without any hesitation. In PaaS, the service provider give some
command to customer over some application on platform. But still there can be the
problem of security like intrusion etc, which must be assured that data may not be
accessible between applications.
Security issues in IaaS:
IaaS introduce the traditional concept of development, spending a huge amount on data
centers or managing hosting forum and hiring a staff for operation. Now the IaaS give an
idea to use the infrastructure of any one provider, get services and pay only for resources
they use. IaaS and other related services have enable set up and focus on business
improvement without worrying about the organization infrastructure. The IaaS provides
basic security firewall, load balancing, etc. In IaaS there is better control over the
security, and there is no security gap in virtualization manager. The main security
problem in IaaS is the trustworthiness of data that is stored within the provider’s
hardware.
3.4 Cloud Computing Security Threats and solution
Top seven security threats to cloud computing discovered by “Cloud Security
Alliance” (CSA) are:
i. Abuse and Nefarious Use of Cloud Computing:
Abuse and nefarious use of cloud computing is the top threat identified by the CSA. A
simple example of this is the use of botnets to spread spam and malware. Attackers can
10. 10
infiltrate a public cloud, for example, and find a way to upload malware to thousands of
computers and use the power of the cloud infrastructure to attack other machines.
Suggested remedies by the CSA to lessen this threat:
Stricter initial registration and validation processes.
Enhanced credit card fraud monitoring and coordination.
Comprehensive introspection of customer network traffic.
Monitoring public blacklists for one’s own network blocks.
ii. Insecure Application Programming Interfaces:
As software interfaces or APIs are what customers use to interact with cloud services,
those must have extremely secure authentication, access control, encryption and activity
monitoring mechanisms - especially when third parties start to build on them. Suggested
remedies by CSA to lessen this threat:
Analyze the security model of cloud provider interfaces.
Ensure strong authentication and access controls are implemented in concert with
encrypted transmission.
Understand the dependency chain associated with the API.
iii. Malicious Insiders:
The malicious insider threat is one that gains in importance as many providers still don't
reveal how they hire people, how they grant them access to assets or how they monitor
them. Transparency is, in this case, vital to a secure cloud offering, along with
compliance reporting and breach notification. Suggested remedies by CSA to lessen this
threat:
Enforce strict supply chain management and conduct a comprehensive supplier
assessment.
12. 12
Analyze data protection at both design and run time.
Implement strong key generation, storage and management, and destruction
practices.
Contractually demand providers to wipe persistent media before it is released into
the pool.
Contractually specify provider backup and retention strategies.
vi. Account, Service & Traffic Hijacking:
Account service and traffic hijacking is another issue that cloud users need to be aware
of. These threats range from man-in the-middle attacks, to phishing and spam campaigns,
to denial-of service attacks. Suggested remedies by CSA to lessen this threat:
Prohibit the sharing of account credentials between users and services.
Leverage strong two-factor authentication techniques where possible.
Employ proactive monitoring to detect unauthorized activity.
Understand cloud provider security policies and SLAs.
vii. Unknown Risk Profile:
Security should be always in the upper portion of the priority list. Code updates, security
practices, vulnerability profiles, intrusion attempts – all things that should always be kept
in mind ,Suggested remedies by CSA to lessen this threat:
Disclosure of applicable logs and data.
Partial/full disclosure of infrastructure details (e.g., patch levels, firewalls, etc).3
Monitoring and alerting on necessary information.
13. 13
4. SECURING CLOUDS USING FOG
4.1 Fog Computing:
Below is the reference architecture of a Fog computing environment in an enterprise.
You can see that the Fog network is close to the smart devices, data processing is
happening closer to the devices and the processed information is passed to the cloud
computing environment.
Fig 5: Reference Architecture
Just got comfortable with the concept of cloud computing Well, that is now in past.
Cloud computing has now been overtaken by a new concept called fog computing
which is certainly much better and bigger than the cloud.
Fog computing is quite similar to cloud and just like cloud computing it also
provides its users with data, storage, compute and application services. The thing that
distinguishes fog from cloud is its support for mobility, its proximity to its end-users
14. 14
and its dense geographical distribution. Its services are hosted at the network edge or
even on devices such as set-top-boxes or access points. By doing this, fog computing
helps in reducing service latency and even improves QoS, which further result in a
superior user experience.
Fog computing even supports emerging Internet of Things (IoT) applications that
require real time or predictable latency. A thing in Internet of Things is referred to as
any natural or manmade object that can be assigned an Internet Protocol (IP) address
and provided with an ability to transfer data over a network. Some of these can end up
creating a lot of data. Cisco here provides us with an example of a jet engine, which is
capable of creating 10 terabytes of data about its condition and performance that too in
half-hour. Transmitting all this data to the cloud and then transmitting response data
back ends up creating a huge demand on bandwidth. This process further requires a
considerable amount of time to take place and can suffer from latency.
In fog computing, much of the processing takes place in a router. This type of
computing creates a virtual platform that provides networking, compute and
storage services between traditional cloud computing data centers and end devices.
These services are central to both fog and cloud computing. They are also important
for supporting the emerging Internet deployments. Fog computing also has the
capability of enabling a new breed of aggregated services and applications, such as the
smart energy distribution. In smart energy distribution, all the energy load balancing
apps will run on network edge devices that will automatically switch to alternative
energies like wind and solar etc., based on availability, demand and lowest price.
The usage of fog computing can accelerate the innovation process in ways that
has never been seen before. This includes self-healing, self-organising and self-
learning apps for industrial networks. products.
15. 15
Fig 6 : Without Fog Computing and With Fog Computing in Grid
16. 16
4.2 Real-Time Large Scale Distributed Fog Computing
"Fog Computing" is a highly distributed broadly decentralized "cloud" that operates
close to the operational level, where data is created and most often used. Fog
computing at the ground-level is an excellent choice for applications that need
computing near use that is fit for purpose, where there is high volume real-time and/or
time-critical local data, where data has the greatest meaning within its context, where
fast localized turn around of results is important, where sending an over abundance of
raw data to an enterprise "cloud" is unnecessary, undesireable or bandwidth is
expensive or limited.
Example applications of fog computing within an industrial context are
analytics, optimization and advanced control at a manufacturing work center, unit-
operation, across and between unit-operations where sensors, controllers, historians,
analytical engines all share data interactively in real-time. At the upper edges of the
"fog" is local site-wide computing, such manufacturing plant systems that span work
centers and unit operations, higher yet would be regional clouds and finally the cloud at
the enterprise level. Fog computing is not independent of enterprise cloud computing,
but connected to it sending cleansed summarized information and in return receiving
enterprise information needed locally.
Fog computing places data management, compute power, performance,
reliability and recovery in the hands of the people who understand the needs; the
operators, engineers and IT staff for a unit operation, an oil and gas platform, or other
localized operation, so that it can be tailored for "fit-for-purpose" in a high speed real-
time environment.
Fog computing reduces bandwidth needs, as 80% of all data is needed within the
local context, such as; pressures, temperatures, materials charges, flow rates. To send
such real-time information into the enterprise cloud would be burdensome in bandwidth
and centralized storage. Enterprise data base bloat would occur for information rarely
17. 17
used at that level. In this way a limited amount of summarized information can be
transmitted up to the cloud and also down from the cloud to the local operation, such as
customer product performance feedback to the source of those products.
Fig 7 : Real-Time Large Scale Distributed Fog Computing
We place computing where it is needed, and performant, suited for the purpose, sitting
where it needs to be, at a work center, inside a control panel, at a desk, in a lab, in a rack
in a data center, anywhere and everywhere, all sharing related data to understand and
improve your performance. While located throughout your organization, a fog computing
system operates as a single unified resource, a distributed low level cloud that integrates
with centralized clouds to obtain market and customer feedback, desires and behavior’s
that reflect product performance in the eyes of the customer.
18. 18
The characteristics of a fog computing system are:
A Highly Distributed Concurrent Computing (HDCC) System.
A peer-to-peer mesh of computational nodes in a virtual hierarchical structure
that matches your organization
Communicates with smart sensors, controllers, historians, quality and materials
control systems and others as peers
Runs on affordable, off the shelf computing technologies
Supports multiple operating platforms; Unix, Windows, Mac
Employs simple, fast and standardized IoT internet protocols (TCP/IP, Sockets,
etc.)
Browser user experience, after all, it is the key aspect of an "Industrial Internet of
Things"
Built on field-proven high performance distributed computing technologies.
Capturing,historizing,validating,cleaning and filtering, integrating, analyzing, predicting,
adapting and optimizing performance at lower levels across the enterprise in real-time
requires High Performance Computing (HPC) power. This does not necessarily mean
high expense, as commercial off the shelf standard PCs with the power of a typical laptop
computer will suffice and the software running the system need not be expensive.
To architect such a system, we draw upon the experiences, architectures, tools and
successes of such computing giants as Google, Amazon, YouTube, Facebook , Twitter
and others. They have created robust high performance computing architectures that span
global data centers. They have provided development tools and languages such as
Google's GO (golang) that are well suited for high speed concurrent distributed
processing and robust networking and web services. Having a similar need, but more
finely distributed, we can adopt similar high performance computing architectures to
deliver and share results where they are needed in real-time.
19. 19
There are various ways to use cloud services to save or store files, documents and
media in remote services that can be accessed whenever user connect to the Internet. The
main problem in cloud is to maintain security for user’s data in way that guarantees only
authenticated users and no one else gain access to that data. The issue of providing
security to confidential information is core security problem, that it does not provide level
of assurance most people desire. There are various methods to secure remote data in
cloud using standard access control and encryption methods. It is good to say that all the
standard approaches used for providing security have been demonstrated to fail from time
to time for a variety of reasons, including faulty implementations, buggy code, insider
attacks, misconfigured services, and the creative construction of effective and
sophisticated attacks not envisioned by the implementers of security procedures. Building
a secure and trustworthy cloud computing environment is not enough, because attacks on
data continue to happen, and when they do, and information gets lost, there is no way to
get it back. There is needs to get solutions to such accidents. The basic idea is that we can
limit the damage of stolen data if we decrease the value of that stolen data to the attacker.
We can achieve this through a preventive decoy (disinformation) attack. We can secure
Cloud services by implementing given additional security features.
The basic idea is that we can limit the damage of stolen data if we decrease the
value of that stolen information to the attacker. We can achieve this through a
‘preventive’ disinformation attack. We posit that secure Cloud services can be
implemented given two additional security features:
4.3 User Behavior Profiling
It is expected that access to a user’s information in the Cloud will exhibit a normal
means of access. User profiling is a well known technique that can be applied here to
model how, when, and how much a user accesses their information in the Cloud. Such
‘normal user’ behavior can be continuously checked to determine whether abnormal
access to a user’s information is occurring. This method of behavior-based security is
commonly used in fraud detection applications. Such profiles would naturally include
20. 20
volumetric information, how many documents are typically read and how often. These
simple userspecific features can serve to detect abnormal Cloud access based partially
upon the scale and scope of data transferred.
4.4 : Decoy System
Decoy data, such as decoy documents, honey pots and other bogus information
can be generated on demand and used for detecting unauthorized access to information
and to „poison‟ the thief’s ex-filtrated information. Serving decoys will confuse an
attacker into believing they have ex-filtrated useful information, when they have not. This
technology may be integrated with user behavior profiling technology to secure a user’s
data in the Cloud. . Whenever abnormal and unauthorized access to a cloud service is
noticed, decoy information may be returned by the Cloud and delivered in such a way
that it appear completely normal and legitimate. The legitimate user, who is the owner of
the information, would readily identify when decoy information is being returned by the
Cloud, and hence could alter the Cloud’s responses through a variety of means, such as
challenge questions, to inform the Cloud security system that it has incorrectly detected
an unauthorized access. In the case where the access is correctly identified as an
unauthorized access, the Cloud security system would deliver unbounded amounts of
bogus information to the attacker, thus securing the user’s true data from can be
implemented by given two additional security features: (1) validating whether data access
is authorized when abnormal information access is detected, and (2) confusing the
attacker with bogus information that is by providing decoy documents. We have applied
above concepts to detect unauthorized data access to data stored on a local file system by
masqueraders, i.e. attackers who view of legitimate users after stealing their credentials.
Our experimental results in a local file system setting show that combining both
techniques can yield better detection results .This results suggest that this approach may
work in a Cloud environment, to make cloud system more transparent to the user as a
local file system.
21. 21
Fig 8: Decoy system
Anomaly Detection :
The current logged in user access behavior is compared with the past behavior of the
user.If the user behavior is exceeding the threshold value or a limit, then the remote user
is suspected to be anomaly. If the current user behavior is as the past behavior, the user is
allowed to operate on the original data.
Challenge Request :
If the current user‘s behavior seems anomalous, then the user is asked for randomly
selected secret questions. If the user fails to provide correct answers for a certain limits or
threshold, the user is provided with decoy files. If the user provided correct answers for a
limit, the user is treated as normal user. Sub subsection .
22. 22
Algorithm Details :
AES ( Advanced Encryption Standards)
The Advanced Encryption Standard (AES) is a symmetric-key encryption standard
approved by NSA for top secret information and is adopted by the U.S. government. AES
is based on a design principle known as a substitution permutation network. The standard
comprises three block ciphers: AES-128, AES-192 and AES-256. Each of these ciphers
has a 128-bit block size, with key sizes of 128, 192 and 256 bits, respectively. The AES
ciphers have been analyzed extensively and are now used worldwide; AES was selected
due to the level of security it offers and its well documented implementation and
optimization techniques. Furthermore, AES is very efficient in terms of both time and
memory requirements. The block ciphers have high computation intensity and
independent workloads (apply the same steps to different blocks of plain text).
Explanations:
AES is based on a design principle known as a Substitution permutation network. It is
fast in both software and hardware. Unlike its predecessor, DES, AES does not use a
Feistelnetwork.AES has a fixed block size of 128 bits and a key size of 128, 192, or 256
bits, whereas Rijndael can be specified with block and key sizes in any multiple of 32
bits, with a minimum of 128 bits. The block size has a maximum of 256 bits, but the key
size has no theoretical maximum.AES operates on a 4×4 column-major order matrix of
bytes, termed the state (versions of Rijndael with a larger block size have additional
columns in the state). Most AES calculations are done in a special field. The AES cipher
is specified as a number of repetitions of transformation rounds that convert the input
plaintext into the final output of cipher text. Each round consists of several processing
23. 23
steps, including one that depends on the encryption key. A set of reverse rounds are
applied to transform cipher text back into the original plaintext using the same encryption
key.
High-level description of the algorithm
1. Key Expansion: Round keys are derived from the cipher key using Rijndael's key
schedule.
2. Initial Round
AddRoundKey: Each byte of the state is combined with the round key using bitwise xor.
3. Rounds
1. SubBytes—a non-linear substitution step were each byte is replaced with
another according to alookup table.
2. ShiftRows—a transposition step where each row of the state is shifted
cyclically a certain number of steps.
3. MixColumns—a mixing operation which operates on the columns of the state,
combining the four bytes in each column.
4. AddRoundKey Final Round (no MixColumns)
5. SubBytes
6. ShiftRows
7. AddRoundKey
24. 24
5. APPLICATIONS OF FOG COMPUTING
We elaborate on the role of Fog computing in the following six motivating scenarios. The
advantages of Fog computing satisfy the requirements of applications in these scenarios.
Fog computing in Smart Grid:
Energy load balancing applications may run on network edge devices, such as smart
meters and micro-grids . Based on energy demand, availability and the lowest price, these
devices automatically switch to alternative energies like solar and wind.
Fog computing in smart traffic lights and connected vehicles:
Video camera that senses an ambulance flashing lights can automatically change street
lights to open lanes for the vehicle to pass through traffic. Smart street lights interact
locally with sensors and detect presence of pedestrian and bikers, and measure the
distance and speed of approaching vehicles.
Wireless Sensor and Actuator Networks:
Traditional wireless sensor networks fall short in applications that go beyond sensing and
tracking, but require actuators to exert physical actions like opening, closing or even
carrying sensors. In this scenario, actuators serving as Fog devices can control the
measurement process itself, the stability and the oscillatory behaviours by creating a
closed-loop system. For example, in the scenario of self-maintaining trains, sensor
monitoring on a train’s ball-bearing can detect heat levels, allowing applications to send
an automatic alert to the train operator to stop the train at next station for emergency
maintenance and avoid potential derailment. In lifesaving air vents scenario, sensors on
vents monitor air conditions flowing in and out of mines and automatically change air-
flow if conditions become dangerous to miners.
25. 25
Decentralized Smart Building Control:
The applications of this scenario are facilitated by wireless sensors deployed to measure
temperature, humidity, or levels of various gases in the building atmosphere. In this case,
information can be exchanged among all sensors in a floor, and their readings can be
combined to form reliable measurements.The system components may then work
together to lower the temperature, inject fresh air or open windows. Air conditioners can
remove moisture from the air or increase the humidity. Sensors can also trace and react to
movements (e.g, by turning light on or off). Fog devices could be assigned at each floor
and could collaborate on higher level of actuation. With Fog computing applied in this
scenario, smart buildings can maintain their fabric, external and internal environments to
conserve energy, water and other resources.
IoT and Cyber-physical systems (CPSs):
Fog computing based systems are becoming an important class of IoT and CPSs. Based
on the traditional information carriers including Internet and telecommunication network,
IoT is a network that can interconnect ordinary physical objects with identified addresses.
CPSs feature a tight combination of the system’s computational and physical elements.
CPSs also coordinate the integration of computer and information centric physical and
engineered systems. IoT and CPSs promise to transform our world with new relationships
between computer-based control and communication systems, engineered systems and
physical reality. Fog computing in this scenario is built on the concepts of embedded
systems in which software programs and computers are embedded in devices for reasons
other than computation alone. Examples of the devices include toys, cars, medical
devices and machinery. The goal is to integrate the abstractions and precision of software
and networking with the dynamics, uncertainty and noise in the physical environment.
Using the emerging knowledge, principles and methods of CPSs, we will be able to
develop new generations of intelligent medical devices and systems, ‘smart’ highways,
buildings, factories, agricultural and robotic systems.
26. 26
Software Defined Networks (SDN):
SDN is an emergent computing and networking paradigm, and became one of the most
popular topics in IT industry. It separates control and data communication layers. Control
is done at a central. ized server, and nodes follow communication path decided by the
server. The centralized server may need distributed implementation. SDN concept was
studied in WLAN, wireless sensor and mesh networks, but they do not involve multihop
wireless communication, multi-hop routing. Moreover, there is no communication
between peers in this scenario. SDN concept together with Fog computing will resolve
the main issues in vehicular networks, intermittent connectivity, collisions and high
packet loss rate, by augmenting vehicleto-vehicle with vehicle-to-infrastructure
communications and centralized control. SDN concept for vehicular networks is first
proposed in.
27. 27
6. SECURITY AND PRIVACY IN FOG COMPUTING
Security and privacy issues were not studied in the context of fog computing.
They were studied in the context of smart grids and machine-to-machine
communications .There are security solutions for Cloud computing. However, they may
not suit for Fog computing because Fog devices work at the edge of networks. The
working surroundings of Fog devices will face with many threats which do not exist in
well managed Cloud. In this section, we discuss the security and privacy issues in Fog
Computing.
Security Issues
The main security issues are authentication at different levels of gateways as well as (in
case of smart grids) at the smart meters installed in the consumer’s home. Each smart
meter and smart appliance has an IP address. A malicious user can either tamper with its
own smart meter, report false readings, or spoof IP addresses. There are some solutions
for the authentication problem. The work elaborated public key infrastructure (PKI)
based solutions which involve multicast authentication. Some authentication techniques
using Diffie-Hellman key exchange have been discussed in . Smart meters encrypt the
data and send to the Fog device, such as a home-area network (HAN) gateway. HAN
then decrypts the data, aggregates the results and then passes them forward. Intrusion
detection techniques can also be applied in Fog computing [28]. Intrusion in smart grids
can be detected using either a signature-based method in which the patterns of behaviour
are observed and checked against an already existing database of possible misbehaviours.
Intrusion can also be captured by using an anomaly-based method in which an observed
behaviour is compared with expected behaviour to check if there is a deviation. The work
develops an algorithm that monitors power flow results and detects anomalies in the input
values that could have been modified by attacks. The algorithm detects intrusion by using
principal component analysis to separate power flow variability into regular and irregular
subspaces.
28. 28
7. Combining User Behavior Profiling and Decoy
Technology
We posit that the combination of these two security features will provide
unprecedented levels of security for the Cloud. No current Cloud security mechanism
is available that provides this level of security. We have applied these concepts to
detect illegitimate data access to data stored on a local file system by masqueraders,
i.e. attackers who impersonate legitimate users after stealing their credentials. One
may consider illegitimate access to Cloud data by a rogue insider as the malicious act
of a masquerader. Our experimental results in a local file system setting show that
combining both techniques can yield better detection results, and our results suggest
that this approach may work in a Cloud environment, as the Cloud is intended to be
as transparent to the user as a local file system. In the following we review briefly
some of the experimental results achieved by using this approach to detect
masquerade activity in a local file setting. A. Combining User Behavior Profiling and
Decoy Technology for Masquerade Detection.
7.1 User Behavior Profiling
Legitimate users of a computer system are familiar with the files on that
system and where they are located. Any search for specific files is likely to be
targeted and limited. A masquerader, however, who gets access to the victim’s system
illegitimately, is unlikely to be familiar with the structure and contents of the file
system. Their search is likely to be widespread and untargeted. Based on this key
assumption, we profiled user search behavior and developed user models trained with
a oneclass modeling technique, namely one-class support vector machines. The
importance of using one-class modeling stems from the ability of building a classifier
without having to share data from different users. The privacy of the user and their
data is therefore preserved. We monitor for abnormal search behaviors that exhibit
deviations from the user baseline. According to our assumption, such deviations
29. 29
signal a potential masquerade attack. Our previous experiments validated our
assumption and demonstrated that we could reliably detect all simulated masquerade
attacks using this approach with a very low false positive rate of 1.12% .
7.2 Decoy Technology
We placed traps within the file system. The traps are decoy files downloaded
from a Fog computing site, an automated service that offers several types of decoy
documents such as tax return forms, medical records, credit card statements, e-bay
receipts, etc. [10]. The decoy files are downloaded by the legitimate user and placed
in highly-conspicuous locations that are not likely to cause any interference with the
normal user activities on the system. A masquerader, who is not familiar with the file
system and its contents, is likely to access these decoy files, if he or she is in search
for sensitive information, such as the bait information 126embedded in these decoy
files. Therefore, monitoring access to the decoy files should signal masquerade
activity on the system. The decoy documents carry a keyed-Hash Message
Authentication Code (HMAC), which is hidden in the header section of the
document. The HMAC is computed over the file’s contents using a key unique to
each user. When a decoy document is loaded into memory, we verify whether the
document is a decoy document by computing a HMAC based on all the contents of
that document. We compare it with HMAC embedded within the document. If the
two HMACs match, the document is deemed a decoy and an alert is issued.
7.3 Combining the Two Techniques
The correlation of search behavior anomaly detection with trap-based decoy
files should provide stronger evidence of malfeasance, and therefore improve a
detector’s accuracy. We hypothesize that detecting abnormal search operations
performed prior to an unsuspecting user opening a decoy file will corroborate the
suspicion that the user is indeed impersonating another victim user. This scenario
covers the threat model of illegitimate access to Cloud data. Furthermore, an
30. 30
accidental opening of a decoy file by a legitimate user might be recognized as an
accident if the search behavior is not deemed abnormal. In other words, detecting
abnormal search and decoy traps together may make a very effective masquerade
detection system. Combining the two techniques improves detection accuracy. We
use decoys as an oracle for validating the alerts issued by the sensor monitoring the
user’s file search and access behavior. In our experiments, we did not generate the
decoys on demand at the time of detection when the alert was issued. Instead, we
made sure that the decoys were conspicuous enough for the attacker to access them if
they were indeed trying to steal information by placing them in highly conspicuous
directories and by giving them enticing names. With this approach, we were able to
improve the accuracy of our detector. Crafting the decoys on demand improves the
accuracy of the detector even further. Combining the two techniques, and having the
decoy documents act as an oracle for our detector when abnormal user behavior is
detected may lower the overall false positive rate of detector. We trained eighteen
classifiers with computer usage data from 18 computer science students collected
over a period of 4 days on average. The classifiers were trained using the search
behavior anomaly detection described in a prior paper. We also trained another 18
classifiers using a detection approach that combines user behavior profiling with
monitoring access to decoy files placed in the local file system, as described above.
We tested these classifiers using simulated masquerader data. Figure 1 displays the
AUC scores achieved by both detection approaches by user model1. The results show
that the models using the combined detection approach achieve equal or better results
than the search profiling approach alone.
31. 31
8. FOG COMPUTING ARCHITECTURE
Fog Computing system is trying to work against the attacker specially malicious
insider. Here malicious insider means Insider attacks can be performed by malicious
employees at the providers or users site. Malicious insider can access the confidential
data of cloud users. A malicious insider can easily obtain passwords, cryptographic keys
and files. The threat of malicious attacks has increased due to lack of transparency in
cloud providers processes and procedures .It means that a provider may not know how
employees are granted access and how this access is monitored or how reports as well as
policy compliances are analyzed.
Fig 9: Fog Computing Architecture
32. 32
Above fig. states the actual working of the fog computing. In two ways login is done in
system that are admin login and user login .When admin login to the system there are
again two steps to follow: step1:Enter username step2:Enter the password . After
successful login of admin he can perform all admin related tasks, but while downloading
any file from fog he have to answer the security Question if he answer it correctly then
only original file can be download. In other case, when admin or user answer incorrectly
to the security question then decoy document (fake document) is provided to the fake
user.
Decoy technology work in the given manner if you have any word ,suppose
“MADAM” in the document then some alphabets are replaced as M->A then the given
word become “AADAA” which have no meaning. In some Case, if attacker getting to
know that, M is replaced by A in the given document and by applying reverse
engineering he get result as “MMDMM”. In any case he can’t judge content of
document.When user login to the system he also have to follow the same procedure as
admin. Operations like upload files/documents, download files/documents, view alerts,
send message, read message, broadcast any message all these can be perform by the user.
ALERT this stream provide the detail knowledge of attack done on their personal
file/document with details like date, time, no of times the attacker trying to hack that
file/document .Best thing of fog Computing is after each successful login the user get
SMS on the mobile that „login successful‟. from this the user get alert when other else
trying to gain access to his/her personal fog account and when attacker trying to
download some files/documents then user also get SMS that contain attacker ip-
address, attacker’s server name, date, time details on his/her mobile so that become easy
to catch attacker by tracing all these things. In this way fog computing is more secure
than the traditional cloud computing.
33. 33
9. ADVANTAGES AND DISADVANTAGES
ADVANTAGES
The advantages of placing decoys in a file system are threefold:
The detection of masquerade activity.
The confusion of the attacker and the additional costs incurred to distinguish
real from bogus information.
The deterrence effect which, although hard to measure, plays a significant role
in preventing masquerade activity by risk-averse attackers.
DISADVANTAGES
Nobody is identified when the attack is happen.
It is complex to detect which user is attack.
We cannot detect which file was hacking.
34. 34
10. CONCLUSION
With the increase of data theft attacks the security of user data security is
becoming a serious issue for cloud service providers for which Fog Computing is a
paradigm which helps in monitoring the behavior of the user and providing security to the
user’s data. The system was developed only with email provision but we have also
implemented the SMS technique. In Fog Computing we presenting a new approach for
solving the problem of insider data theft attacks in a cloud using dynamically generated
decoy files and also saving storage required for maintaining decoy files in the cloud. So
by using decoy technique in Fog can minimize insider attacks in cloud. Could provide
unprecedented levels of security in the Cloud and in social networks.
35. 35
11. SCOPE FUTURE ENHANCEMENTS
In our future work, this security system as we have explained is applicable only
for single cloud ownership system. If the cloud owner has a more than one clouds to
operate then our security system will not be applicable for providing security, therefore in
the future enhancement we can enhance our existing application to manage a cloud
environment which has more than one cloud architecture. Cloud computing is the future
for organizations.The considerable benefits that provide will make eventually all the
organizations totally move their processes and data to the Cloud. A lot of effort will be
put in return to provision the appropriate security to make business on cloud
environments. Although virtualization is already established, virtualization in the Cloud
is still an immature area. The focus of future works should aim to harden the security of
virtualization in multi-tenant environments. Possible lines of research are the
development of reliable and efficient virtual network securities to monitor the
communications between virtual machines in the same physical host. To achieve secure
virtualized environments, isolation between the different tenants is needed. Future
researches should aim to provide new architectures and techniques to harden the different
resources shared between tenants. The hypervisor is the most critical component of
virtualized environments. If compromised, the host and guest OSs could potentially be
compromised too. Hypervisor architectures that aim to minimize the code and, at the
same time, maintain the functionalities, provide an interesting future research to secure
virtualized environments and the Cloud, especially to prevent against future hypervisor
root kits.
36. 36
12. REFERENCES
Cloud Security Alliance, “Top Threat to Cloud Computing V1.0,” March 2010.
[Online].Available: https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf
Prevention Of Malicious Insider In The Cloud Using Decoy Documents by S.
Muqtyar Ahmed, P. Namratha, C. Nagesh
Cloud Security: Attacks and Current Defenses Gehana Booth, Andrew Soknacki,
and Anil Somayaji.
Overview of Attacks on Cloud Computing by Ajey Singh, Dr. Maneesh
Shrivastava.
D.Jamil and H. Zaki, “Security Issues in Cloud Computing and
Countermeasures,” International Journal of Engineering Science and Technology,
Vol. 3 No. 4, pp. 2672-2676, April 2011.
K. Zunnurhain and S. Vrbsky, “Security Attacks and Solutions in Clouds,” 2nd
IEEE InternationalConference on Cloud Computing Technology and Science,
Indianapolis, December 2010.
W. A. Jansen, “Cloud Hooks: Security and Privacy Issues in Cloud Computing,”
44th Hawaii International Conference on System Sciences, pp. 1–10, Koloa,
Hawaii, January 2011.
F. Bonomi, “Connected vehicles, the internet of things, and fog computing,”in
The Eighth ACM International Workshop on Vehicular Inter-Networking
(VANET), Las Vegas, USA, 2011.
http ://cnc.ucr.edu/security/glossary.
http://technet.microsoft.com/enus/library/cc959354.aspx
Cisco Cloud Computing -Data Center Strategy, Architecture,and Solutions
http://www.cisco.com/web/strategy/docs/gov/CiscoCloudComputing_WP.pdf.
Fog Computing: Mitigating Insider Data Theft Attacks in The
Cloud.[Online].Available:http://ids.cs.columbia.edu/sites/default/files/Fog_Comut
ing_Position_Paper_WRIT_2012.pdf
M. Van Dijk and A. Juels, “On the impossibility of cryptography alone for
privacy-preserving cloud computing,” in Proceedings of the 5th USENIX
37. 37
conference on Hot topics in security, ser. HotSec’10. ”Berkeley, CA, USA”:
”USENIX Association”, 2010, pp. 1–8.
J. A. Iglesias, P. Angelov, A. Ledezma, and A. Sanchis, “Creating evolving user
behavior profiles automatically,” IEEE Trans. on Knowl. and Data Eng., vol. 24,
no. 5, pp. 854–867, May 2012.
F. Rocha and M. Correia, “Lucy in the sky without diamonds: Stealing
confidential data in the cloud,” in Proceedings of the 2011 IEEE/IFIP 41st
International Conference on Dependable Systems and Networks Workshops, ser.
DSNW ’11. Washington, DC, USA: IEEE Computer Society, 2011, pp. 129–134.
M. B. Salem and S. J. Stolfo, “Modeling user search behavior for masquerade
detection,” in Proceedings of the 14th international conference on Recent
Advances in Intrusion Detection, ser. RAID’11. Berlin, Heidelberg:
SpringerVerlag, 2011, pp. 181–200.
S. et al, “Decoy document deployment for effective masquerade attack detection,”
in Proceedings of the 8th international conference on Detection of intrusions and
malware, and vulnerability assessment, ser. DIMVA’11. Berlin, Heidelberg:
Springer-Verlag, 2011
