Models of Information System Security
People who use the application will be made to install different levels of gateways and smart meters in their homes. The main security issue occurs at the authentication of these gateways and smart meters. Each smart device will be provided with an IP address. Attack can happen on these devices by reporting false readings on the smart meters, spoofing the IP address. There are some solution for the authentication problem. Public key infrastructure can be used in this case. Dieffie-Hellman key exchange proposes that smart meters can encrypt the data before it sends it to fog devices, Then the device are made to decrypt the data. Intrusions in smart grid can be detected by using a signature based method where any discrepancy in the pattern can be detected and raise a flag on possible misbehaviors.
Biometric authentication is the most beneficial authentication method that could be used to provide accessibility. Biometric authentication like fingerprint authentication, facial recognition, eye retina recognition, etc. can be used in fog computing based authentication. There could be discrepancy in the authentication through man in the middle attack, mitigation of data theft, etc. Techniques based on infrastructure such as Public Key Infrastructure (PKI) could be made to solve the problem, trusted executed environment (TEE) can also be considered in fog cloud computing. Measurement based method can be used to filter fake or unqualified fog cloud that is not within the vicinity of the end users which in turn will reduce the authentication cost.
4.2 USER ACCESS AND INTRUSION DETECTION
Providing a control to access smart devices and cloud has always been a reliable tool which ensure the security of the system. Access control on cloud is achieved by exploiting techniques of several encryption schemes to build a access control in cloud computing. Intrusion detection techniques have been applied to mitigate attacks on virtual machine or hypervisor. Those intrusion detection systems can be applied on host machine to detect intrusions.
4.3 PRIVACY
Since storage and computation are sufficient for both sides in a fog cloud , privacy-preserving techniques can be proposed. Privacy preservation algorithms can be run in between the fog and cloud since computation and storage are sufficient for both sides. We need privacy preserving techniques because users these days are more concerned about the risk of privacy leakage. Fog node usually collects data generated by sensor and end devices. Techniques like homomorphic encryption can be used to allow privacy-preserving aggregation at the local gateways without decryption. For statistical queries differential privacy method can be applied to ensure privacy of an arbitrary single entry in the data set.
4.4 TRUST MODEL
In services like eCommerce, peer-to-peer (P2P), user reviews and online social networks reputation based trust model can be successfully implemented. Reputation based trust model is a simple method where parties are made rate each other after parties give their ratings a trust or reputation score is derived from the rates. A robust reputation system was proposed for resource selection in P2P networks using a distributed polling algorithm to assess the reliability of a resource. We will have to tackle issues like , how to achieve persistent , unique and distinct identity , how to treat intentional and accidental misbehavior. Apart from the models discussed above there are also trusting models based on special hardware such as Secure Element (SE), trusted Execution Environment (TEE) , or Trusted Platform Module (TPM), which can provide trust utility in fog computing applications.
4.5 POLICY DRIVEN SECURITY
Policy collaboration is an important component in the middle layer of a fog computing model. Policy collaboration is introduced to support secure sharing and communication in a distributed environment. Since fog computing also involves communication with a physical component interaction this requirement gives rise to a new set of security problems which involves identity management, resource access management, dynamic load balancing, quality of service etc. Policy driven framework consists if the following modules.
Policy decision engine : This module is programmed to make aggregated decisions on data provided by all components. Based on service requested by the target user, this engine analyzes the rules defined in policy repository and generates a decision which is later on enforced.
Application administrator : The multi-tenant nature of the fog computing paradigm raises the requirement for an administrator to define policies and rules that bind a user to applications and allow secure collaboration and migration of client data across multiple functions that are owned by the application.
Policy repository : A secure repository consisting of rules and policies which are referred by the Policy Decision engine while policy decision is made is called policy repository.
Policy enforcer : policy enforcer is the most active component of the policy management framework . It resides within a virtual instance or cloud computing data center or within physical device such as mobile device , GPS system and connected vehicles.
4.6 MAN IN THE MIDDLE ATTACK:
This is the most typical attack in fog computing. In this type of attack gateways serving as fog devices may be compromised or replaced by fake ones.
Environment settings of stealth test: Man in the middle attack can be very stealthy in fog computing paradigm. This type of attack will consume very less resource in fog devices like , negligible CPU utilization and negligible memory consumption. Therefore traditional methods cannot expose
man in the middle attack.
Man in the middle attack is simple to be launched but difficult to be addressed. Many applications running in fog computing environment are vulnerable to man in the middle attack. In future work is needed to address man-in-the middle attack in fog computing
4.7 MITIGATION OF DATA THEFT:
Cloud computing faces new data security challenges. Existing protection mechanisms like encryption haven’t reached their mark in preventing theft attacks. To overcome it , a new technique was proposed monitor data access in the cloud and detect abnormal data access patterns. When unauthorized access is suspected and then verified using challenge question , a disinformation attack by returning large amounts of tricky information to the attacker. This protects against the misuse of the user’s real data.
User behavior profiling : owners or authorized users of a computer systems are usually familiar with the files on the system .So any search on the files is limited and will have a pattern. When the data is accessed illegitimately there might be a familiar structure in contents of file system. This abnormal search behaviors that exhibit variations are monitored.
Decoy technology: Trap files are placed within the file system. The trap files are downloaded by user are placed in highly conspicuous locations that are not like to cause interference with normal activity of the system. User who is not familiar with the file system is most likely to access the decoy files ,if the user is in for sensitive documents. So they can be trapped by using bait files.
In some cases both these techniques can be combined to safeguard the data from theft.