Security and trust issues in Fog computing: A survey

https://doi.org/10.1016/j.future.2018.05.008Get rights and content

Highlights

  • We discuss and analyze the architectures of Fog computing, and indicate the related potential security and trust issues.

  • We analyze how such issues have been tackled in the existing investigations.

  • We indicate the open challenges, research trends and future topics of security and trust in Fog computing.

Abstract

Fog computing uses one or more collaborative end users or near-user edge devices to perform storage, communication, control, configuration, measurement and management functions. It can well solve latency and bandwidth limitation problems encountered by using cloud computing. First, this work discusses and analyzes the architectures of Fog computing, and indicates the related potential security and trust issues. Then, how such issues have been tackled in the existing literature is comprehensively reported. Finally, the open challenges, research trends and future topics of security and trust in Fog computing are discussed.

Introduction

Cloud computing (the Cloud in brief) has drastically changed the landscape of information technology (IT) by providing some major benefits to IT users, including eliminating upfront IT investment, scalability, proportional costs, and so on [[1], [2], [3], [4], [5]]. However, as more and more devices are connected, latency-sensitive applications seriously face the problem of large latency. In addition, Cloud computing is unable to meet the requirements of mobility support and location awareness. To overcome these problems, a new paradigm called Fog computing (the Fog in brief) was proposed in 2012 [[6], [7]].

According to Bonomi et al. [8], the Fog is a highly virtualized platform that provides storage, computing and networking services between the Cloud data centers and end devices. Both Cloud and Fog provide data, computation, storage and application services to end users [9]. However, the latter is distinguished from the former by its decentralization, processing large amounts of data locally, software installation on heterogeneous hardware [10], proximity to end-users, dense geographical distribution, and support for mobility [11].

Here, we show an example of a traffic light system to discuss the relationship between them when dealing with latency. In a traffic light system without the Fog, there may be 34 hops from the monitoring probe to the server in the Cloud. Hence, real-time decisions cannot be made immediately and the system faces the challenge of network latency. However, by using the Fog, the monitoring probe acts as a sensor, and the traffic lights act as an actuator. The Fog node can send conventional compressed video that may endure some time latency to the Cloud. When the Fog node detects an ambulance’s headlight flashing, it makes an immediate decision to turn on the corresponding traffic lights, so as to let the ambulance go through without any delay. However, the Fog cannot replace the Cloud but supplements it.

Many companies and institutes, such as ARM, Cisco, Dell, Intel, Microsoft Corp., Cloudlet, Intelligent Edge by Intel and the Princeton University Edge Laboratory are devoted to research and development of the Fog. OpenFog (Found in 2015) Consortium workgroups are working towards creating an open architecture for the Fog to enable its interoperability and scalability [12]. Network equipment like switches and gateways is provided by Cisco, Huawei, Ericsson, etc. The current research trends reflect the tremendous potential of the Fog.

The Fog features with location awareness, low latency and edge location [13]. It fits to a scenario where a huge number of heterogeneous ubiquitous and decentralized devices communicate, need to cooperate, and perform storage and processing tasks [6]. Users can visit their Fog anytime by using any device that can be connected to the Fog network. The Fog has many applications in such areas as smart city [[14], [15], [16]] and healthcare [[17], [18], [19], [20]]. It can also provide better Quality of Service (QoS) in terms of fast response and small energy consumption [[21], [22]].

The Fog uses network devices (named Fog nodes in this paper) for latency-aware processing of data collected from Internet of Thing (IoT) [23]. Fog nodes are denoted as heterogeneous components deployed in an edge network in Fog environments. They include gateways, routers, switchers, access points, base stations, and specific Fog servers [24]. The Fog facilitates uniform and seamless resource management including computation, networking and storage allocation [25]. Fog nodes are often the first set of processors that data encounter in IoT, and have the resources to implement a full hardware root of trust. This root of trust can be extended to all the processes and applications running on them, and then to the Cloud [26]. Without a hardware root of trust, various attack scenarios can compromise the software infrastructures of the Fog, allowing hackers to gain a foothold. The requirements of life safety-critical systems mandate the sorts of security capabilities available on the Fog [27]. Hence, new security and trust challenges emerge with the rise of the Fog. The existing methods cannot be directly applied to the Fog because of its mobility, heterogeneity, large-scale geo-distribution [12]. This work reviews these concerns in the Fog and the existing solutions. Differing from other survey papers about Fog computing, this paper focuses on its security and trust issues, especially in the region of the Fog.

The rest of this paper is organized as follows. Section 2 reveals a Fog architecture as well as related security and trust issues. Section 3 summarizes the related work to cope with security and trust issues. Section 4 presents open research problems. Section 5 discusses the future work. Finally, Section 6 concludes this survey paper.

Section snippets

General architecture

Based on the modern computing architecture with three layers [[11], [21]]: the Cloud, the Fog and the Edge, we provide a comprehensive fog architecture as shown in Fig. 1. Between the Cloud and the Fog lies a core network to offer network services. From it we can see that the Cloud lies at the upper core level and is far away from edge devices. The Fog lies at the middle level and is closer to edge devices than the Cloud. Each Fog node is connected to the Cloud. Each edge device is connected to

Existing surveys and their overview

We have retrieved 86 references about security and trust in the Fog, including eight survey papers. We summarize their covered security issues and characteristics in Table 1. These studies mainly focus on the security issues. Since their publications, we have seen some new security issues emerging, e.g., context-aware and data-dependent security ones. As a vitally important issue, trust has drawn much attention. Hence, this work intends to write a new survey paper about the security and trust

Open research issues

Offering high security and trust is important to the Fog customers. Several open research issues remain.

Future work

Based on the current research results, we propose the following issues to be addressed in the future:

Conclusions

The Fog is a highly virtualized platform but not a replacement of Cloud computing. It provides storage, computing and networking services among edge devices as well as traditional Cloud computing data centers [13]. It mainly solves the problems of low latency, mobility support and location awareness in many cyber–physical systems [[92], [93]]. However, its distributed and open structure makes it vulnerable and weak to security threats.

This work analyzes the architectures of the Fog from a

Acknowledgments

The work was supported by National Natural Science Foundation of China under Grants 61472005, 61201252; CERNET Innovation Project, China under Grant NGII20160207, FDCT (Fundo para oDesenvolvimento das Ciencias e da Tecnologia) under Grant 119/2014/A3, and the European Union through the INTER-IoT, Research and Innovation action - Horizon 2020 European Projectunder Grant Agreement #687283.

Peiyun Zhang (M’16-S’17) received her B.S. degree from Anhui Normal University, Wuhu, China in 1998, M.S. degree from Northwest University, Xi’an, China in 2005, and Ph.D. degree from the School of Computer Science and Technology, Nanjing University of Science and Technology, Nanjing, China in 2008. She did post-doctoral research in University of Science & Technology China, Hefei, China, from 2010 to 2013, and was a Visiting Scholar with the New Jersey Institute of Technology, Newark, NJ, USA

References (95)

  • WuJ. et al.

    Crowd sensing-enabling security service recommendation for social fog computing systems

    Sensors

    (2017)
  • ZhangY. et al.

    A variant of password authenticated key exchange protocol

    Future Gener. Comput. Syst.

    (2018)
  • GhahramaniM.H. et al.

    Toward cloud computing QoS architecture: Analysis of cloud systems and cloud services

    IEEE/CAA J. Autom. Sin.

    (2017)
  • XiaY. et al.

    Stochastic modeling and quality evaluation of Infrastructure-as-a-Service clouds

    IEEE Trans. Autom. Sci. Eng.

    (2015)
  • YuanH. et al.

    TTSA: An effective scheduling approach for delay bounded tasks in hybrid clouds

    IEEE Trans. Cybernet.

    (2017)
  • ZhangP.Y. et al.

    Dynamic cloud task scheduling based on a two-stage strategy

    IEEE Trans. Autom. Sci. Eng.

    (2017)
  • ZhengW.B. et al.

    Percentile performance estimation of unreliable IaaS clouds and their cost-optimal capacity decision

    IEEE Access

    (2017)
  • LuoG. et al.

    ZTE communications special issue on cloud computing, fog computing, and dew computing

    ZTE Commun.

    (2017)
  • T.H. Luan, L. Gao, Z. Li, L. Sun, Fog computing: Focusing on mobile users at the edge, 2015. arXiv preprint...
  • F. Bonomi, inConnected vehicles, the Internet of Things, and fog computing, in: Proc. VANET, Las Vegas, CA, USA, Sep....
  • S. Ivan, W. Sheng, The fog computing paradigm scenarios and security issues, in: Proc. of the 2014 Federated Conference...
  • KhanS. et al.

    Fog computing security: a review of current applications and security solutions

    J. Cloud Comput. Adv. Syst. Appl.

    (2017)
  • F. Bonomi, R. Milito, J. Zhu, S. Addepalli, Fog computing and its role in the Internet of Things, in: Proc. of MCC’12,...
  • MukherjeeM. et al.

    Security and privacy in fog computing: Challenges

    IEEE Access

    (2017)
  • BonomiF. et al.

    Fog computing: A platform for Internet of Things and analytics

  • TangB. et al.

    Incorporating intelligence in fog computing for big data analysis in smart cities

    IEEE Trans. Ind. Inform.

    (2017)
  • MolinaB. et al.

    Empowering smart cities through interoperable sensor network enablers

  • Al HamidH.A. et al.

    A security model for preserving the privacy of medical big data in a healthcare cloud using a fog computing facility with pairing-based cryptography

    IEEE Access

    (2017)
  • ElmiseryA.M. et al.

    A fog based middleware for automated compliance with OECD privacy principles in internet of healthcare things

    IEEE Access

    (2016)
  • MoosaviaS.R. et al.

    End-to-end security scheme for mobility enabled healthcare Internet of Things

    Future Gener. Comput. Syst.

    (2016)
  • LiZ. et al.

    A non-cooperative differential game-based security model in fog computing

    China Commun.

    (2017)
  • SharmaV. et al.

    SACA: Self-aware communication architecture for IoT using mobile fog servers

    Mobile Inf. Syst.

    (2017)
  • KangJ. et al.

    Privacy-preserved pseudonym scheme for fog computing supported internet of vehicles

    IEEE Trans. Intell. Transp. Syst.

    (2017)
  • HuaP. et al.

    Survey on fog computing: architecture, key technologies, applications and open issues

    J. Netw. Comput. Appl.

    (2017)
  • C. Dsouza, G.J. Ahn, M. Taguinod, Policy-driven security management for fog computing: Preliminary framework and a case...
  • FortinoG. et al.

    Integration of agent-based and cloud computing for the smart objects-oriented IoT

  • ByersC.C.

    Architectural imperatives for fog computing: Use cases, requirements, and architectural techniques for fog-enabled IoT networks

    IEEE Commun. Mag.

    (2017)
  • R. Mahmud, R. Buyyar, Fog computing: A taxonomy, survey and future directions, 2016....
  • M. Lafferty, Edge computing vs. fog computing....
  • OkaforK.C. et al.

    Leveraging fog computing for scalable IoT datacenter using spine-leaf network topology

    J. Electr. Comput. Eng.

    (2017)
  • Y. Shi, S. Abhilash, K. Hwang, Cloudlet mesh for securing mobile clouds from intrusions and network attacks, in: Proc....
  • RomanaR. et al.

    Mobile edge computing, Fog et al.: A survey and analysis of security threats and challenges

    Future Gener. Comput. Syst.

    (2018)
  • AlrawaisA. et al.

    An attribute-based encryption scheme to secure fog communications

    IEEE Access

    (2017)
  • G. Fortino, W. Russo, C. Savaglio, M. Viroli, M. Zhou, Modeling opportunistic IoT services in open IoT ecosystems, in:...
  • WenZ. et al.

    Fog orchestration for internet of things services

    IEEE Internet Comput.

    (2017)
  • M. Aazam, E.N. Huh, Fog computing and smart gateway based communication for cloud of things, in: Proc. of 2014...
  • M. Fazio, A. Celesti, M. Villari, A. Puliafito, The need of a hybrid storage approach for IoT in PaaS cloud federation,...
  • Cited by (0)

    Peiyun Zhang (M’16-S’17) received her B.S. degree from Anhui Normal University, Wuhu, China in 1998, M.S. degree from Northwest University, Xi’an, China in 2005, and Ph.D. degree from the School of Computer Science and Technology, Nanjing University of Science and Technology, Nanjing, China in 2008. She did post-doctoral research in University of Science & Technology China, Hefei, China, from 2010 to 2013, and was a Visiting Scholar with the New Jersey Institute of Technology, Newark, NJ, USA in 2016. She is currently a Professor with the School of Mathematics and Computer Science, Anhui Normal University, Wuhu, China. Her research interests include cloud computing, big data, trust computing, Web service and intelligent information processing. She has published over 50 papers in her research areas.

    MengChu Zhou (S’88-M’90-SM’93-F’03) received his B.S. degree in Control Engineering from Nanjing University of Science and Technology, Nanjing, China in 1983, M.S. degree in Automatic Control from Beijing Institute of Technology, Beijing, China in 1986, and Ph.D. degree in Computer and Systems Engineering from Rensselaer Polytechnic Institute, Troy, NY in 1990. He joined New Jersey Institute of Technology (NJIT), Newark, NJ in 1990, and is now a Distinguished Professor of Electrical and Computer Engineering. His research interests are in Petri nets, intelligent automation, Internet of Things, big data, and intelligent transportation. He has over 700 publications including 12 books, 400+ journal papers (over 290 in IEEE transactions), and 28 book-chapters. He was the recipient of NSF’s Research Initiation Award, CIM University-LEAD Award from Society of Manufacturing Engineers, Perlis Research Award and Fenster Innovation in Engineering Education Award from NJIT, Humboldt Research Award for US Senior Scientists, Leadership Award and Academic Achievement Award from Chinese Association for Science and Technology-USA, Distinguished Lecturership, Franklin V. Taylor Memorial Award and the Norbert Wiener Award from IEEE SMC Society, and Distinguished Service Award from IEEE Robotics and Automation Society. He has been among most highly cited scholars for years and ranked top one in the field of engineering worldwide in 2012 by Web of Science/Thomson Reuters. He is a life member of Chinese Association for Science and Technology-USA and served as its President in 1999. He is Fellow of IEEE, International Federation of Automatic Control (IFAC), American Association for the Advancement of Science (AAAS), and Chinese Association of Automation (CAA).

    Giancarlo Fortino (SM’12) received the Laurea (B.S. and M.S.) and Ph.D. degrees in computer engineering from the University of Calabria, Rende, Italy, in 1995 and 2000, respectively. He has been with the Department of Informatics, Modeling, Electronics, and Systems, University of Calabria, since 2006, where he is currently an Associate Professor of Computer Engineering. He holds the Scientific National Italian Habilitation for Full Professor, and is also an Adjunct Full Professor of Computer Engineering with the Wuhan University of Technology, Wuhan, China, in the framework of high-end foreign experts in China and an Adjunct Senior Researcher with the Italian National Research Council. He is the Co-Founder and the CEO of SenSysCal S.r.l., a spin-off of the University of Calabria, where he is involved in the advanced applied Research and Development of IoT systems. He has authored over 300 publications in journals, conferences, body area networks and books. His current research interests include distributed computing, wireless sensor networks, software agents, IoT technology, and cloud computing. He is currently an Associate Editor of the IEEE T RANSACTIONS ON A FFECTIVE C OMPUTING, the IEEE T RANSACTIONS ON Human–Machine, IEEE Sensors Journal, IEEE Access, Information Fusion, Engineering Application of Artificial Intelligence, the Journal of Network, and Computer Applications. He is the chair of the Italian Chapter of the IEEE SMC society.

    View full text