A survey on Iot security: Application Areas, Security Threats, and Solution Architectures
E. SECURITY CHALLENGES AND SOLUTIONS IN FOG
tải về 6.16 Mb. Chế độ xem pdf
|
thong-tin-so bao-cao-qpsk-1 - [cuuduongthancong.com]
| E. SECURITY CHALLENGES AND SOLUTIONS IN FOG
LAYER Although fog layer provides various features and security aspects for IoT applications, the movement of data and computation to fog layer creates new vulnerabilities [120]. Therefore, before implementing fog-assisted IoT applica- tions, these security and privacy goals of fog computing are required to be studied. In this section, various features provided by fog layer, privacy and security challenges faced, and proposed solutions to overcome them are discussed. Table 5 summarizes these issues and proposed solutions. 1. Real-Time Services: Fog computing tends to provide a near real-time service in the IoT systems by perform- ing computation near the data generation points. • Intrusion detection: Policy violations and mali- cious activities on fog nodes and IoT devices will not be discovered if no proper intrusion detection mechanism is implemented. The attacks might not impact the whole architecture of fog computing, but the attacker can control the local services. Attacks targeting local services can be detected by fog nodes by collaborating with their adja- cent nodes. By observing program behavior and host file systems, the atack on the cloud can be detected [163]. • Identity authentication: There are various entities involved in the process of offering and accessing real-time services like fog nodes, service providers and users. Trusting all the entities involved is an arduous task, and creates security challenges for IoT services and user’s data. Accessibility of ser- vices should be given only to authentic and cred- ible users; otherwise, attackers may compromise the server and exploit services and user privacy. Therefore, to prevent attackers from illegitimately accessing services, identity authentication mech- anisms are needed. To provide secure services, some efficient identity authentication mechanisms have been proposed in the past [164]–[169]. 2. Transient Storage: Users can store and maintain their data on fog nodes temporarily with the help of transient storage. On the one hand, it helps in managing data easily on local storage, but on the other hand, it creates new challenges and security issues, especially for maintaining data privacy. • Identifying and protecting sensitive data: Data stored in IoT devices may include social events, traffic conditions, personal activities, temperature and so on. Some of the data might be personal or sensitive while some data may be made public. Furthermore, for different users, the same data has different security levels. Therefore, it is important to identify and protect the sensitive data from the large volume of information. • Sharing data securely: To provide security, data uploaded on fog nodes is first encrypted. No one other than its owner can read that data once it is encrypted. This creates a problem for data shar- ing. To overcome this challenge, some crypto- graphic techniques such as key-aggregate encryp- tion, proxy re-encryption, and attribute-sharing, VOLUME x, 2019 15 This work is licensed under a Creative Commons Attribution 3.0 License. For more information, see http://creativecommons.org/licenses/by/3.0/. This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2019.2924045, IEEE Access Vikas Hassija et al.: A Survey on IoT Security: Application Areas, Security Threats, and Solution Architectures have been proposed in [170]. 3. Data Dissemination: The data cannot be transferred to the fog node without encryption, due to security issues. Due to this movement of encrypted data to the fog node, many desirable features are sacrificed such as sharing, searching, and aggregation. • Searching data securely: As discussed in transient storage, data is encrypted before uploading. How- ever, once it is encrypted, searching or retrieving on the ciphertext becomes difficult for owners as well as other entities. In order to retrieve the information from encrypted text, search-able en- cryption and its privacy levels are defined in [171]. A dynamic symmetric search-able scheme is intro- duced in [172]. • Data aggregation: Fog nodes might need to aggre- gate the data in certain cases to prevent data leak- age and reduce communication overhead. It is im- portant to develop secure aggregation algorithms to prevent data thefts. Various homomorphic en- cryption schemes, such as BGN encryption [173] and Paillier encryption [174], have been proposed to achieve secure data aggregation. 4. Decentralized Computation: The data stored on the fog nodes can be processed and analyzed for better re- sults. However, such computations have several threats and risks associated with them. For example, attackers can not only control the analyzed results, but can also expose processed data. • Server-aided computation: Tasks which cannot be executed by IoT devices themselves are com- puted with the help of fog nodes. However, this can lead to exposure of data to attackers, if the fog nodes which received data from IoT are al- ready compromised. Server-aided computation is one such method whose aim is to provide secure computation [175]. • Verifiable computation: Users rely on the fog nodes to compute their data. There must be a se- cure mechanism to verify the computation results coming from the fog node. Authors in [176], [177] have proposed certain multi-user mechanisms that help with verifiable computation. tải về 6.16 Mb. Chia sẻ với bạn bè của bạn:
|