]>
3.2.3 Systemic Architecture of IoT–Fog–Cloud
3.2.4 Applications of IoT, Fog and Cloud Systems
The Internet of Things (IoT) has emerged to digitalize our daily tasks in various systems, for example, smart homes, smart cities, smart factories, smart grids and smart healthcare [1]. Since Cloud systems offer high computational infrastructure, power, bandwidth, software, platforms and storage, IoT applications integrate with Cloud systems across network systems [2, 3]. IoT networks include the communications of sensors, actuators and services, which require high computing resources for executing big-data analytics and cyber security applications. They still suffer from the drawbacks of scalability and operability, where heterogeneous data sources are collected and analyzed from the three layers of IoT, Fog and Cloud systems [1, 4, 5].
Cloud systems, in forms of software, platforms and infrastructure, would address the challenges of scalability and operability by providing services to users and organizations. However, Cloud systems suffer from lack of mobility support, latency, location-awareness and geo-distribution [1, 6]. The Fog/Edge paradigms have been proposed to tackle the demerits of Cloud systems and enable big-data analytics at the network’s edge [4]. The term ‘Fog computing’ was coined by the OpenFog Consortium [1, 5], which is an architecture that extends the main functions of the Cloud to provide services at the edge of a network and is an extremely virtualized architecture of the resource pool. The Fog is a decentralized infrastructure, where data is logged and analyzed between the clients and Cloud data centers. It is well located to apply real-time and big-data analysis techniques, which considerably supports distributed data management systems [1, 3, 4, 6].
Current research studies [4–9] proposed that the Fog technology will be designed in the future to offer an enhanced and trustworthy architecture for handling the ever-increasing use of interconnected appliances and services. The authors in [1, 3, 4, 6, 10, 11] suggested different methods for deploying security solutions, involving encryption, access control, firewall, authentication and intrusion detection and prevention systems at the Fog layer. Since the Fog depends on distributed architectures, which connect IoT and Cloud systems, Advanced Persistent Threats (APT) [12] could exploit Fog appliances and services if security systems are not well designed to effectively monitor and protect the Fog nodes [1, 5].
Azam et al. [13] developed a technique for connecting a smart communication and pre-processing data module in Cloud-IoT networks. The technique integrated a smart gateway with a Fog computing technique to reduce the computation overhead at the Cloud side. Alrawais et al. [14] proposed a Fog computing scheme to handle the authentication issues in IoT networks. The Fog computing device acts as a gateway to IoT devices for allocating the certificate revocation. Almadhor [15] used a Fog computing paradigm to secure Cloud-IoT platforms. Yassen et al. [16] utilized some Fog computing capabilities to develop an intrusion detection system for recognizing cyber attacks in wireless sensor networks. Dsouza et al. [17] proposed policy-based management to protect collaboration and interoperability between various customer requirements in the Fog nodes. In [18], the authors proposed a physical security framework for integrating the functions of IoT, Fog and Cloud systems. Sandhu et al. [19] proposed a framework to identify malicious activities from network edges.
In this chapter, a systemic IoT–Fog–Cloud architecture is proposed for improving the execution of big-data analytics and cyber security applications. Security threats, challenges, existing security solutions and future research directions in the Fog paradigm are also discussed. The description of the Fog architecture is described in Section 3.2. Section 3.3 explains security challenges and threats in the Fog. Security challenges and future directions of research are introduced in Section 3.4. Finally, the chapter is summarized in Section 3.5.
The Fog paradigm was initially proposed by Cisco to become an extension architecture of Cloud systems that provide computation, storage and communication services between Cloud servers and client systems [1, 5, 10]. It enables computations and data processing at the network edge. This means that the Fog is a complementing layer of Cloud systems, which offers the design of a distributed architecture. The architecture can handle heterogeneous data sources of IoT wireless access networks. Big-data analytics can be implemented at the network edges faster than the centralized Cloud systems [1, 17].
The OpenFog Consortium started in 2016 for designing standardized open Fog computing frameworks [20]. For instance, an Open-Machine-to-Machine (OpenM2M) framework was suggested for linking the Fog and IoT devices and services [21]. In the framework, Fog nodes were deployed at edge infrastructures with several M2M applications. In [22], another Fog architecture was proposed, where a set of application interfaces were designed for enabling virtual machines (VMs) to gain access for gathering information at Fog nodes.
Sang et al. [23] proposed a Fog framework, which is a context-aware infrastructure. The framework supports different edge technologies, including Wi-Fi and Bluetooth capabilities, which support Software Defined Networks (SDN) and virtualization tools. It is also suggested to deploy Airborne Fog systems, where air devices like drones can perform as Fog nodes for facilitating various applications and services to end-users [6].
Fog computing is relatively similar to Mobile-Edge Computing (MEC) and Mobile Cloud Computing (MCC) [4, 24, 25]. The MEC concentrates on Fog servers such as cloudlets that are implemented at the edge of mobile networks [25], while the MCC is an infrastructure in which both data processing and storage are executed outside of the mobile appliances [24]. The Fog has several properties that allow its integration with IoT and Cloud systems [4, 24, 25] as listed below:
It locates at the network’s edge and handles location-awareness and low latency, as Fog nodes offer a localization (i.e., a single hop from the device to Fog node) and support end-points with rich services at the edge of a network.
It enables dense and sparse geographical distribution, where the Fog services and application require distributed deployments.
It can use large-scale sensor networks to monitor Cloud and IoT systems.
It has a large number of nodes for demonstrating its capability of large-scale geographical distribution.
It facilitates the mobility use which assists Fog’s users to access information for improving the quality of services.
It enables real-time interaction for handling important Fog applications.
It supports the M2M wireless connectivity that consumes low power for supporting scalability and mobility.
It handles different dynamic and heterogeneous sources at various levels of the network hierarchy.
It provides flexible, inexpensive and portable deployment of hardware and software.
It can easily integrate IoT and Cloud applications for online big-data analytics.
Fog computing is mainly a virtualization technology that offers storage, computing and communication services between end devices and Cloud data centers [6, 26]. In Figure 3.1, a systemic architecture is proposed to show the connections of IoT, Fog and Cloud layers. An example of integrating IoT smart cities and smart factories, along with the Fog and Cloud elements, is presented. A set of IoT devices and sensors, such as green gas IoT and industrial IoT (IIoT) actuators, is connected to Message Queuing Telemetry Transport (MQTT) gateways to publish and subscribe to various topics, such as measuring temperature and humidity. As, in the near future, smart cities could be linked with smart factories to measure green gas emissions via IoT hubs. Therefore, it is expected that message services between various topics will be available to serve the community.
This architecture allows monitoring, filtering, inspecting, aggregating and exchanging data, resulting in saving time and computation resources for deploying and running big-data analytics and cyber security applications [1]. Fog offers Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), Infrastructure-as-a-Service (IaaS) like Cloud systems, as defined in Table 3.1, to end-user appliances [3, 4]. In the Fog, network edge infrastructures, such as routers, access points, set-top boxes and switches, should have high capabilities of CPU and GPU processors and storage [1, 3, 6]. Such infrastructures can offer computing resources as services near to customers, named Fog nodes. Edge devices are considered as Fog nodes, as they have computing, storage and network communications. The nodes are connected by a master–slave architecture, clustering or Peer-to-Peer networks [1, 4], such as the cloudlet [6].
Table 3.1 Services Provided By Fog/Cloud Systems.
Fog/Cloud services | Description |
---|---|
SaaS | Offers to a user or organization on-demand applications and software services via a Cloud infrastructure, excluding the cost of buying and maintaining these applications. Currently, Google, Amazon and Salesforce companies are the dominators of Cloud service |
PaaS | Delivers to a user or organization an application development and host client applications using libraries, services and tools, which are supported by a PaaS provider’s infrastructure |
IaaS | Offers storage, processing units, network capabilities and other fundamental computing resources via virtual machines (VMs) to service subscribers |
An example of the technical Fog architecture was proposed by Cisco shown in Figure 3.2 [1] to design the Fog architecture as IaaS. The Cisco IOx platform operates by hosting programs in an operating system that runs a hypervisor on a grid router. The IOx APIs allow the Fog to connect with IoT and Cloud systems by a user-identified protocol. For designing the Fog as PaaS or SaaS, the Cisco DSX was designed to establish a bridge between SaaS and different IoT devices for managing applications. This enables processing big-data at the Fog and Cloud layers for improving the computational resources of big-data analytics and cyber security applications such as firewalls, intrusion detection and prevention systems and access control systems [1, 6].
Although the distributed architecture of the Fog can improve the computational resources of big-data analytics and cyber security applications, the architecture could be breached by sophisticated cyber attacks, such as Distributed Denial of Service (DDoS) and ransomware, because the Fog nodes could be connected with unsecured and non-standard IoT sensors-based IP addresses. Therefore, different security systems should be deployed at the Fog nodes to mitigate the risk impacts of cyber threats.
The advantages of the Fog can be applied to different IoT and Cloud systems [4, 25]. This demonstrates how the Fog paradigms can be implemented in real-time and large-scale systems, as explained in the following applications:
Smart grid includes smart meters and micro-grids implemented at the edge of a network as energy load balancing services. The Fog can support processing smart grid nodes at the network edges. Data generated from IoT networks are stored at Fog nodes for running big-data analytics and cyber security applications [27].
Software-Defined Networks (SDN) is promising computing and network architecture. The Fog can be used for designing an SDN architecture to manage and control the SDN communication layers. The control unit is executed at a centralized server, where the nodes of SDN can execute a communication path specified by a server that requires distributed executions [25].
Linked vehicles and smart traffic systems are improved by the connection with the Fog nodes, such as a vehicle to access points or vice versa. The smart traffic systems interact with different sensors at the network edge to send warning lights to the coming cars for avoiding possible accidents. Connecting these smart grids with the Fog could address the drawbacks of low latency, low mobility support and geographical distributions [4, 13].
Wireless sensor and actuator networks are used for sensing and tracking different IoT applications, with the dependency on actuators to control physical systems. When actuators operate as Fog appliances, they can easily manage the performance of systems [16].
Industry 4.0 and Industrial IoT systems: Industry 4.0 systems include the applications of cyber-physical systems, IIoT and IoT. These systems aim to link physical devices to the Internet and Cloud systems. These systems can be used for rapidly processing and storing different heterogeneous sources at the network edges and improving security issues [28, 29].
Since Fog devices are connected with the Cloud and IoT systems, IoT networks could be exploited using different cyber threats. This is because the devices are deployed at unsecured locations which are not accurately monitored and protected. The open architecture of the Fog leads to loopholes and vulnerabilities that allow attackers to compromise the Fog devices and services, in addition to threatening the privacy of its big-data [30]. Different security issues could face the design of effective Fog–IoT–Cloud architecture as discussed below.
Authentication and authorization – Fog devices could be connected with the Cloud servers via a distributing authentication system, but this connection is relatively slow in smart grids [27]. The execution of authentication protocols, for example, directory access and remote authentication, are improper due to the limitation of connections. Moreover, using Cloud servers for authentication is not the right solution as they would be penetrated by brute-force and dictionary attacks for stealing user credentials [4].
Advanced Persistent Threats – Fog systems face various sophisticated attack types, such as botnets and ransomware, inherited from Cloud and IoT systems. These cyber attacks would expose Fog nodes, due to its distributed architecture [1, 4, 5, 13], as summarized in Table 3.2.
Suspicious Fog nodes – Since Fog nodes handle big-data collected from IoT devices, dividing workloads between the nodes is often heavy. In this sense, if an attacker compromises any of the nodes, it is hard to assert data integrity and privacy. Trust mechanisms should be deployed to ensure data transfer between Fog and Cloud systems [31].
Fog data management – Since Fog nodes are geographically distributed, it is difficult to know the location of data gathered from Cloud systems. It is hard for customers to identify either the node offers the same service or not [32]. Some Fog nodes often contain duplicated data with other nodes that consume resources, and attack events may be injected into this data using data poisoning techniques.
Privacy issues – Deal with concealing confidential information, such as what device was used in a particular time while enabling data summarizations to be exchanged between Fog nodes. Privacy preservation techniques should hide details of sensitive information about Fog devices and services, for example, what devices are used at a certain time. Existing Fog appliances cannot encrypt and decrypt the readings of smart meters. Therefore, those appliances could expose sensitive information while transmitting and receiving data flows across network nodes [4, 33].
Table 3.2 Attack Types That Could Exploit Elements Of IoT–Fog–Cloud.
Attack types | Description |
---|---|
Insider intruders | Refer to authorized Cloud users who attempt to gain unauthorized rights, penetrating Cloud resources with no privileges |
Attacks on virtual machines (VMs) or hypervisor | When the virtual layer of hypervisor is compromised using zero-day attacks, attackers can control the installed VMs and physical hosts |
Flooding attacks | An attacker attempts to flood a victim by sending a lot of packets via DoS and DDoS from a computer host in a network (i.e., zombie) to breach VMs |
Service abuses | Can be hijacked by malicious activities, for example, using Cloud/Fog computing resources to violate an encryption key to launch an attack |
Advanced Persistent Threats (APT) | Penetrate systems to launch a footprint attack, then stealthily infiltrate data and intellectual property continually |
Port scanning | Finds a list of all open ports, closed ports and filtered ports in a network. Attackers searching for finding open ports to get access to a particular system |
Backdoor attacks | Are passive attacks in which a hacker bypasses a stealthy normal authentication mechanism to protect unauthorized remote access to a device. An attacker could control a victim’s resources and make it as a zombie to initiate DoS/DDoS attacks |
Various security solutions have been employed, for example, authentication, access control, encryption, firewall, as well as intrusion detection and prevention systems, for addressing different security and privacy challenges at the IoT–Fog–Cloud architecture. Each security tool can be utilized for handling a specific security challenge described in Table 3.3 and explained below:
Authentication technique is the process of identifying users with different methods. Fog computing should include biometric authentication that involves face, fingerprint, balm, touch-based or keystroke-based methods. They are promising solutions compared with traditional methods, such as password-based authentication [34]. In [4], the authors stated that one of the key security challenges for Fog computing is authentication mechanisms at various levels of Fog nodes using public-key techniques. In [31, 37], the trusted execution mechanism should have its potential in Fog computing to decrease the complexity of authentication.
Access control is a trustworthy mechanism installed at IoT and Cloud devices that guarantee authentication and authorization to end-users and workstations, along with servers [31]. In Fog, a policy-based control was proposed to protect the cooperation between heterogeneous sources [38]. There is still a challenge of how to design an effective access control system for clients in IoT networks to protect systems at different levels.
An intrusion detection system (IDS) can be installed in the Fog layer to recognize suspicious events by inspecting audit traces of the client-side. It can also be installed at the Fog side to identify suspicious attacks by analyzing network traffic [35, 36]. In [39], the authors suggested a cloudlet mesh based on a security framework that can identify attacks from Cloud and Fog systems. There are still the challenges of implementing scalable and adaptive intrusion detection at the Fog layer to achieve the low latency requirements [31].
Privacy and encryption techniques – Various privacy-preserving mechanisms have been suggested in the Cloud, smart grids and wireless networks for protecting user information which is one of the biggest issues in IoT, Fog and Cloud systems. These mechanisms could be implemented between the Cloud and Fog layers to prohibit tampering big-data transmitted between the two layers. Encryption techniques should be applied to obfuscate data exchange between different network nodes [31]. However, because of the distributions of network nodes, privacy techniques need further research for protecting the sensitive information of users.
Table 3.3 Threats, Advantages and Disadvantages of Existing Security Solutions.
Solutions | Threats | Advantages | Disadvantages |
---|---|---|---|
Authentication techniques [34] | Insider attacks, including brute force and dictionary attacks |
|
|
Access control systems [31] | Birthday, sniffer, spoofing and phishing attacks |
|
|
Intrusion detection systems [35, 36] | Insider attacks, flooding, VM attacks, APT, U2R attacks, backdoor and port scanning attacks |
|
|
Privacy and encryption techniques [31] | Flooding attacks and service abuses |
|
|
This chapter has introduced an architecture to illustrate the interactions of IoT, Cloud and Fog layers for effectively running big-data analytics and cyber security applications. Since the devices and services in the three layers generate heterogeneous data sources, the Cloud systems have been used to process, compute and store such data at centralized locations. However, the mobility support, location-awareness, low latency and geographical location are still the key challenges in the Cloud layer that could be tackled using the Fog paradigms by processing computational tasks at the edge of the network. The use of Fog technology still faces security and privacy challenges that originate from the connection with the open architecture of IoT and Cloud systems. The security problems in existing security tools and future research directions are introduced to improve the security of the IoT–Fog–Cloud architecture.
34.228.40.212