FOG COMPUTING
Chapter 1 INTRODUCTION 1.1 Introduction In this era, Cloud computing is achieving popularity every day. The ease of use and storage which is provided to users for personal and business purposes is increasing its demand. Although, cloud computing provides an environment through which managing and accessing of data becomes easier but it have consequences such as data leakage, data theft, insider attacks etc. Very common risks now days are data theft attacks. The Twitter incident is one example of a data theft attack from the Cloud. Several Twitter corporate and personal documents were ex-filtrated ex-filtrated to technological website Tech Crunch and customers’ accounts, including the account of U.S. President Barack Obama, were illegally accessed. The attacker used a Twitter administrator’s password to gain access to Twitter’s corporate documents, hosted on Google’s infrastructure as Google Docs. The damage was significant both for Twitter and for its customers. Van Dijk and Juels have shown that fully homomorphic encryption, often acclaimed as the solution to such threats, is not a sufficient data protection mechanism when used alone. To resolve these issues a mechanism which can detect such malicious activities is required. For this, Fog computing is paradigm which monitors the data and helps in detecting an unauthorized access.
1.2 Cloud Computing Cloud computing is a delivery platform which promises a new way of accessing and storing personal as well as business information. Cloud computing refers to the practice of transitioning computer services such as computation or data storage to multiple redundant offsite locations available on the Internet, which allows application software to be operated using internet-enabled devices. In Existing data data protection mechanisms such as encryption was failed in securing the data from the attacker. It does not verify whether the user was authorized or not. Cloud computing security does not focus on ways of secure the data from unauthorized access. Dept of CSE, JCE, Belagavi
Page 1
FOG COMPUTING In 2009 we have our own confidential documents in the cloud. This file does not have much security. So, hacker gains access the documents. Twitter incident is one example of a data theft attack in the Cloud.
1.3 Disadvantages
Nobody is identified when the attack is happen. happen.
It is complex to detect which user is attack.
We cannot detect which file was hacking.
Cloud Computing Issue: Bandwidth Transmitting and processing data requires bandwidth. The more data, the
more
bandwidth is needed. Current cloud computing models can’t keep up with the amount of bandwidth that will be needed.
1.4 Concept of fog computing Fog Computing is an extension of Cloud Computing. As in a Cloud, Fog computing also provides data, compute, storage, and application services to end-users. The difference is Fog provides proximity to its end users through dense geographical distribution and it also supports mobility. Fog computing improves the Quality of service and also reduces latency. We adopt a simple three level hierarchy hiera rchy as in Figure 1.
F i g1.Fog g1.F og betwee between n edge and cl oud
Dept of CSE, JCE, Belagavi
Page 2
FOG COMPUTING
In this framework, each smart thing is attached to one of Fog devices. Fog devices could be interconnected and each of them is linked to the Cloud .
As Fog computing is
implemented at the edge of the network, it provides low latency, location awareness, and improves quality-of-services (QoS) for streaming and real time applications. Typical examples include industrial automation, transportation and networks of sensors and actuators. The Fog paradigm is well positioned for real time big data analytics, supports densely distributed data collection points, and provides advantages in entertainment, advertising, personal computing and other applications. applications.
1.5 Characteristics of the fog are a) Low latency and location awareness. b) Wide-spread geographical distribution. c) Mobility. d) Very large number of nodes. e) Predominant role of wireless access. f) Strong presence of streaming and real time application. g) Heterogeneity.
F i g2. Repr Repre esents the edge edge network i n F og computi computi ng
Dept of CSE, JCE, Belagavi
Page 3
FOG COMPUTING The main Feature of Fog Computing is its ability to support applications that require low latency, location awareness and mobility. This ability made possible by fact that fog computing systems are developed closer to the End users in a widely disturbed manner.
1.6 Existing System Existing data protection mechanisms such as encryption was failed in securing the data from the attackers. It does not verify whether the user was authorized or not. Cloud computing security does not focus on ways of secure the data from unauthorized access. Encryption does not provide much security to our data. In 2009 We have our own confidential documents in the cloud. This files does not have much security. So, hacker gains access the documents. Twitter incident is one example of a data theft attack in the Cloud. Difficult to find the attacker. In 2010 and 2011 Cloud computing security was developed against attackers. Finding of hackers in the cloud. Additionally, it shows that recent research results that might be useful to protect data in the cloud.
1.7 Proposed System We proposed a completely complete ly new technique to secure user’s user’s data in cloud using user behavior and decoy information technology called as Fog Computing. We use this techniques to provide data security in the cloud . A different approach for securing data in the cloud using offensive decoy technology. We monitor data access in the cloud and detect abnormal data access patterns. In this technique when the unauthorized person try to access the data of the real user the system generates the fake documents in such a way that the unauthorized person was also not able to identify that the data is fake or real .It is identified thought a question which is entered by the real user at the time of filling the sign up form. If the answer of the question is wrong it means the user is not the real user and the system provide the fake document else original documents will be provided by the system to the real user.
Dept of CSE, JCE, Belagavi
Page 4
FOG COMPUTING
Chapter 2 LITERATURE REVIEW
Madsen.H and Albeanu [1]. G presented the challenges faced by current computing paradigms and discussed how Fog computing platforms are feasible with cloud and are reliable for real life projects. Fog computing is mainly done for the need of the geographical distribution of resources instead of having a centralized one. A multi-tier architecture is followed in Fog computing platforms. In first tire there is machine to machine communication and the higher tiers deal with visualization and reporting. The higher tier is represented by the Cloud. They said that building Fog computing projects are challenging. Z. Jiang et al. [2] Discussed Fog computing architecture and further used it for improving Web site's performance with the help of edge servers. They said that the emerging architecture of Fog Computing is highly virtualized. They presented that their idea that the Fog servers monitor the requests made by the users and keep a record of each request by using the user’s IP address or MAC address. Sabahi, F. [3] mentioned threats and response of cloud computing. He presented a comparison of the benefits and risks of compromised security and privacy. In this paper he has summarized reliability and availability related issues of cloud resources provided by the trusted third party. He discussed about the most common attacks nowadays are Distributed Denial of Service attacks. The solution to these attacks can be, cloud technology offering the benefit of flexibility, with the ability to provide resources almost instantaneously as necessary to avoid site shutdown . Considering all these requirements, this prototype is created which includes two main steps: first is to create users and generate patterns of their different access behaviors, next step is monitoring the user access patterns. Salvatore J. Stoflio et al. [4] introduced a new technology known as Fog computing. They implemented security by utilizing decoy information technology. They explained two methods i.e. User behaviour profiling and Decoy. In User behaviour profiling they examined how, when and how much amount of information a subscriber is accessing. They scanned their subscriber’s activity to examine for any abnormality in the data access nature of the subscriber. The second technique is decoy in which information which is bogus or we can say s ay fraud i.e., honey pots, honey files, etc. are utilized to confuse the intruder or malicious intruder by representing the information in such a way that it appears real.
Dept of CSE, JCE, Belagavi
Page 5
FOG COMPUTING Madsen.H and Albeanu. G [5] showed the challenges faced by current computing paradigms and explained how Fog computing platforms are viable with cloud and flexible for real life projects. Fog computing is primarily performed for the requirement of the geographical distribution of resources rather than having a centralized one. A multi-tier architecture is adopted in Fog computing platforms. In first tire there is machine to machine communication and the higher tiers handle visualization and reporting. The higher tier is shown by the Cloud. They said that making Fog computing projects are challenging [5] but there are algorithms and techniques exist that handle reliability and assure fault tolerance. With their support such real life projects are possible. Claycomb, W. R. (2012) [8] has featured a hierarchy of administrators within cloud service suppliers and also provide examples of attacks from real insider attack cases. They talked about how cloud architecture let intruders to breach the security. They have also shown two extra cloud related insider risks: the insider who exploits a cloud-related susceptibility to steal information from a cloud system, and the insider who utilizes cloud systems to carry out an attack on user’s local resource. They specified the key challenges faced by cloud suppliers and clients for protected t heir highly confidential data. Park, Y. Et al. (2012) [9] formulated a method that was a software decoy for protecting cloud data utilizing software. They introduced a software-based decoy system that purposes to deceive insiders, to determine the ex-filtration of proprietary source code. The system makes a Java code which seems as valuable information to the intruder. Further static obfuscation method is utilized to create and transform original software. Bogus programs are combined by software that is automatically transformed from actual source code, but designed to be dissimilar to the original[9].This deception method confuses the insider and also obfuscation supports the secure data by hiding it and making bogus information for insider. Beacons are also inserted into the bogus software to determine the ex-filtration and to build an alert if the decoy software is touched, compiled or executed.
Dept of CSE, JCE, Belagavi
Page 6
FOG COMPUTING
Chapter 3 METHEDOLOGY
In Fog computing, services can be hosted at end devices such as set-top-boxes or access points. The infrastructure of this new distributed computing allows applications to run as close as possible to sensed actionable and massive data, coming out of people, processes and things. Such Fog computing concept, actually a Cloud computing cl ose to the ground‘, creates automated response that drives the value. Both Cloud and Fog provide data, computation, storage and application services to end-users. However, Fog can be distinguished from Cloud by its proximity to end-users, the dense geographical distribution and its support for mobility. We adopt a simple three level hierarchy as in Figure 1. In this framework, each smart thing is attached to one or more of Fog nodes. Fog devices could be interconnected and each of them is linked to the Cloud. While Fog and Cloud use the same resources (networking, compute, and storage), and share many of the same mechanisms and attributes (virtualization, multi-tenancy) the extension is a non-trivial one in that there exist some fundamental differences. The Fog vision was conceived to address applications and services that do not fit well the paradigm of the Cloud. They include:
Applications that require very low and predictable latency — the the Cloud frees the user from many implementation details, including the precise knowledge of where the computation or storage takes place. This freedom from choice, welcome in many circumstances becomes a liability when latency is at premium (gaming, video conferencing). Geo-distributed applications (pipeline monitoring, sensor networks to monitor the environment). Fast mobile applications (smart connected vehicle, connected rail). Large-scale distributed control systems (smart grid, connected rail, smart traffic light systems).
Dept of CSE, JCE, Belagavi
Page 7
FOG COMPUTING
Chapter 4 SECURING CLOUDS WITH FOG
There are various ways to use cloud services to save or store files, documents and media in remote services that can be accessed whenever user connect to the Internet. The main problem in cloud is to maintain security for users data in way that guarantees only authenticated users and no one else gain access to that data. The issue of providing security to confidential information is core security problem, that it does not provide level of assurance most people desire. There are various methods to secure remote data in cloud using standard access control and encryption methods. It is good to say that all the standard approaches used for providing security have been demonstrated to fail from time to time for a variety of reasons, including faulty implementations, buggy code, insider attacks, mis-configured services, and the creative construction of effective and sophisticated attacks not envisioned by the implementers of security procedures. Building a secure and trustworthy cloud computing environment is not enough, because attacks on data continue to happen, and when they do, and information gets lost, there is no way to get it back. There is a need to get solutions to such accidents. The basic idea is that we can limit the damage of stolen data if we decrease the value of that stolen data to the attacker. We can achieve this through a preventive decoy (disinformation) attack. We can secure Cloud services by implementing given additional security features.
Dept of CSE, JCE, Belagavi
Page 8
FOG COMPUTING
Chapter 5 IMPLEMENTING SECURITY FEATURES
1. User Behavior Profiling:
It is expected that access to a user’s information in the Cloud will exhibit a normal means of access. User profiling is a well known technique that can be applied here to model how, when, and how much a user accesses their information in the Cloud. Such ‘normal user’ behavior can be continuously checked to determine whether abnormal access to a user’s information is occurring. This method of behavior -based -based security is commonly used in fraud detection applications. Such profiles would naturally include volumetric information, how many documents are typically read and how often. These simple user specific features can serve to detect abnormal Cloud access based partially upon the scale and scope of data transferred. 2. Decoy System:
Decoy data, such as decoy documents, honeypots and other bogus information can be generated on demand and used for detecting d etecting unauthorized access to information and to “poison” the thief’s ex-filtrated ex-filtrated information. Serving decoys will confuse an attacker into believing they have ex-filtrated ex -filtrated useful information, informatio n, when they have not. This technology may be integrated with user behavior profiling technology to secure secu re a user’s data in the Cloud. Whenever abnormal and unauthorized access to a cloud service is noticed, decoy information may be returned by the Cloud and delivered in such a way that it appear completely normal and legitimate. The legitimate user, who is the owner of the information, would readily identify when decoy information is being returned by the Cloud, and hence could alter the Cloud’s responses through a variety of means, such as challenge questions, to inform the Cloud security system that it has incorrectly detected an unauthorized access. In the case where the access is correctly identified as an unauthorized access, the Cloud security system would deliver unbounded amounts of bogus information to the attacker, thus securing the user’s true data from can be implemented by given two additional security features: 1) validating whether data access is authorized when abnormal information access is detected, and 2) Confusing the attacker with bogus information that is by b y providing decoy documents.
Dept of CSE, JCE, Belagavi
Page 9
FOG COMPUTING The decoy documents carry a keyed-Hash Message Authentication Code (HMAC), which is hidden in the header section of the document. The HMAC is computed over the file’s contents using a key unique to each user. When a decoy document is loaded into memory, we verify whether the document is a decoy document by computing a HMAC based on all the contents of that document. We compare it with HMAC embedded within the document. If the two HMACs match, the document is deemed a decoy and an alert i s issued.
F i g3.De g3.D ecoy System System
3. Combining the Two Techniques:
The correlation of search behavior anomaly detection with trap-based decoy files should provide stronger evidence of malfeasance, and therefore improve a detector’s accuracy. We hypothesize that detecting abnormal search operations performed prior to an unsuspecting user opening a decoy file will corroborate the suspicion that the user is indeed impersonating another victim user. This scenario covers the threat model of illegitimate access to Cloud data. Furthermore, an accidental opening of a decoy file by a legitimate user might be recognized as an accident if the search behavior is not deemed abnormal. In other words, detecting abnormal search and decoy traps together may make a very effective masquerade detection system. Combining the two techniques improves detection accuracy.
Dept of CSE, JCE, Belagavi
Page 10
FOG COMPUTING
F ig4. Archi tecture tecture of of F og Comp Computin utin g Fig4. states
the actual working of the fog computing .In two ways login is done in
system that are admin login and user login .When admin login to the system there are again two steps to follow: step1:Enter username step2:Enter the password . After successful login of admin he can perform all admin related tasks, but while downloading any file from fog he have to answer the security Question if he answer it correctly then only original file can be download. In other case, when admin or user answer incorrectly to the security question then decoy document (fake document) is provided to the fake user. Decoy technology work in the given manner if you have any word ,suppose “MADAM” in the document then some alphabets are replaced as M->A then the given given word become “AADAA” which have no meaning. In some Case, if attacker getting to t o know that “M” is replaced by “A” in “A” in the given document and by applying reverse engineering he get result as “MMDMM”. In any case he can’t judge content of document.
Dept of CSE, JCE, Belagavi
Page 11
FOG COMPUTING
When user login to the system he also have to follow the same procedure as admin. Operations like upload files/documents, download files/documents, view alerts, send message, read message, broadcast any message all these can be perform by the user. ALERT this stream provide the detail knowledge of attack done on their personal file/document with details like date, time, no of times the attacker trying to hack that file/document .Best thing of fog Computing is after each successful login the user get SMS on the mobile that „login successful‟. from this the user get alert when other else trying to gain access to his/her personal fog account and when attacker trying to download some files/documents then user also get SMS that contain attacker ip-address, attack er’s er’s server name, date, time details on his/her mobile so that become easy to catch attacker at tacker by tracing all these things. t hings.
Dept of CSE, JCE, Belagavi
Page 12
FOG COMPUTING
Chapter 6 APPLICATIONS
Connected car: Autonomous vehicle is the new trend taking place on the road. Tesla is
working on software to add automatic steering, enabling literal "hands free" operations of the vehicle. Starting out with testing and releasing self-parking features that don't require a person behind the wheel. Within 2017 all new cars on the road will have the capability to connect to cars nearby and internet. Fog computing will be the best option for all internet connected vehicles why because fog computing gives real time interaction. Cars, access point and traffic lights will be able to interact with each other and so it makes safe for all. At some point in time, the connected car will start saving lives by reducing automobile automobile accidents.
Smart Grids: Smart grid is another application where fog computing is been used. Based on
demand for energy, its obtainability and low cost, these smart devices can switch to other energies like solar and winds. The edge process the data collected by fog collectors and generate control command to the actuators. The filtered data are consumed locally and the balance to the higher tiers ti ers for visualization, real-time real -time reports and transactional analytics. Fog supports semi-permanent storage at the highest tier and momentary storage at the lowest tier.
Smart Traffic lights: Fog enables traffic signals to open lanes on sensing flashing lights of
the ambulance. It detects presence of pedestrian and bikers, and measures the distance and speed of the close by vehicles. Sensor lighting turns on, on indentifying movements and viceversa. Smart lights serves as fog devices synchronize to send warning signals to the approaching vehicles. The interactions between vehicle and access points are enhanced with WiFi, 3G, road side units and smart traffic lights.
Wireless Sensor and Actuator Networks : Traditional wireless sensor networks fall short in
applications that go beyond sensing and tracking, but require actuators to exert physical actions like opening, closing or even carrying sensors [2]. In this scenario, actuators serving as Fog devices can control the measurement process itself, the stability and the oscillatory behaviors by creating a closed-loop system.
Dept of CSE, JCE, Belagavi
Page 13
FOG COMPUTING Self Maintaining Train: Another application of fog computing is self maintaining trains. A
train ball-bearing monitoring sensor will sense the changes in the temperature level and any disorder will automatically alert the train operator and make maintenance according to. Thus we can avoid major disasters.
Smart Traffic Lights and Connected Vehicles: Video camera that senses an ambulance
flashing lights can automatically change street lights to open lanes for the vehicle to pass through traffic. Smart street lights interact locally with sensors and detect presence of pedestrian and bikers, and measure the distance and speed of approaching vehicles.
IoT and Cyber-physical systems (CPSs): Fog computing based systems are becoming an
important class of IoT and CPSs. Based on the traditional information carriers including Internet and telecommunication network, IoT is a network that can interconnect ordinary physical objects with identified address. CPSs feature a tight combination of the system’s computational and physical elements. CPSs also coordinate the integration of computer and information centric physical and engineered systems.
IoT and CPSs promise to transform our world with new relationships between computer-based control and communication systems, engineered systems and physical reality. Fog computing in this scenario is built on the concepts of embedded systems in which software programs and computers are embedded in devices for reasons other than computation alone. Examples of the devices include toys, cars, medical devices and machinery. The goal is to integrate the abstractions and precision of software and networking with the dynamics, uncertainty and noise in the physical environment. Using the emerging knowledge, principles and methods of CPSs, we will be able to develop new generations of intelligent medical devices and systems, ‘smart’ highways, buildings, factories, agricultural and robotic systems
Dept of CSE, JCE, Belagavi
Page 14
FOG COMPUTING
Chapter 7 CONCLUSION In this position paper, we present an approach to securing personal and business data in the Cloud. We propose monitoring data access patterns by profiling user behavior to determine if and when a malicious insider illegitimately accesses someone’s documen ts in a Cloud service. Decoy documents stored in the Cloud alongside the user’s real data also serve as sensors to detect illegitimate access. Once unauthorized data access or exposure is suspected, and later verified, with challenge questions for instance, we inundate the malicious insider with bogus information in order to dilute the user’s real data. Such preventive attacks that rely on disinformation technology could provide unprecedented levels of security in the Cloud and in social networks.
Dept of CSE, JCE, Belagavi
Page 15
FOG COMPUTING
REFERENCES
[1] Madsen, Henrik, et al. "Reliability in the utility computing era: Towards reliable Fog computing." Systems, Signals and Image Processing (IWSSIP), 2013 20th International Conference on. IEEE, 2013. [2] Zhu, Jiang,“Improving Web Sites Sites Performance Using Edge Servers in Fog Computing Architecture”, Service Oriented System Engineering (SOSE), IEEE. 2013. [3] Sabahi, F. “Cloud computing security threats and responses”, In Communication Software and Networks (ICCSN), 2011 IEEE 3rd International Conference on 2011,pp. 245-249. [4] Stolfo, Salvatore J., Malek Ben Salem, and Angelos D. Keromytis. "Fog computing: Mitigating insider data theft attacks in the cloud." Security and Privacy Workshops (SPW), 2012 IEEE Symposium on. IEEE, 2012 [5] Madsen, Henrik, et al. "Reliability in the utility computing era: Towards reliable Fog computing." Systems, Signals and Image Processing (IWSSIP), 2013 20th International Conference on. IEEE, 2013 [6] C. Wei, Z. Fadlullah, N. Kato, and I. Stojmenovic, “On opt imally reducing power loss in micro-grids micro-grids
with
power
storage
devices,”
IEEE
Journal
of
Selected
Areas
in
Communications, 2014 to appear. [7] Bonomi, Flavio, et al. "Fog computing and its role in the internet of things." Proceedings of the first edition of the MCC workshop on Mobile cloud computing. ACM, 2012, pp. 1316. [8] Claycomb, W. R., & Nicoll, A. “Insider Threats to Cloud Computing: Directions for New Research Challenges”, In Computer Software and Applications Conference (COMPSAC), IEEE 36th Annual, July, pp. 387-394, 2012 [9] Park, Y., & Stolfo, S. J. “Software decoys for insider threat”, In Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security, May, pp. 93-94, 2013
Dept of CSE, JCE, Belagavi
Page 16