Abstract— Fog Computing is a paradigm that extendsCloud computing and its services to the network. The new computational theorieshas brought up the data security challenges against several securitymechanisms.
When an unauthorized access is suspected and then a disinformationattack by returning large amounts of decoy information to the attacker isinitiated. This protects the user’s real data. Its distinctive characteristicsin the location sensitivity, wireless and geographical accessibility create newsecurity and forensics issues and challenges. Keywords— Fog Computing, Decoy System, DataSecurity, Cloud Computing. I.
Introduction IoT combines information and computingprocesses to control very large collections of different objects. In today’sworld the small as well as large organizations are using cloud computingtechnology to protect their data and to use the cloud resources as and whenthey need. The existing mechanisms only facilitate security features to dataand thereby don’t allow for detection of invalid access and thereby itsprevention to enable valid distribution of data.
The proposed mechanismfacilitates security features to data and thereby allows for detection ofinvalid access and thereby its prevention to enable valid distribution of data.Cloud computing, however, is not a one-size-_t-all”solution. There are still problems unsolved since IoT applications usuallyrequire mobility support, geo-distribution, location-awareness and low latency.Fog computing, a.k.
a edge computing, is proposed to enable computing directlyat the edge of the network, which can deliver new applications and services forbillions of connected devices 2. Fog devices are usually set-top-boxes,access points, road side units, cellular base stations, etc. End devices, fogand cloud are forming a three layer hierarchical service delivery model,supporting a range of applications such as web content delivery 4, augmentedreality 15, and big data analysis 6. A typical conceptual architecture offog infrastructure is shown in Figure. 1.Security and privacy issues will lag thepromotion of fog computing if not well addressed, according to the fact that74% of IT Executives and Chief Information Officers reject cloud in term of therisks in security and privacy 9. As fog computing is still in its infantstage, there is little work on security and privacy issues.
Since fog computingis proposed in the context of Internet of Things (IoT), and originated fromcloud computing, security and privacy issues of cloud are inherited in fogcomputing. While some issues can be addressed using existing schemes, there areother issues facing new challenges, due to the distinct characteristics of fogcomputing, such as hetero-geniality in fog node and fog network, requirement ofmobility support, massive scale geo-distributed nodes, location-awareness andlow latency. Fig 1. FOG Infrastructure Architecture II. LiteratureSurvey In March 2010, MuhammadKazim University ofDerby, United Kingdom Shao Ying Zhu University of Derby, UnitedKingdom, published a paper on the topic “Cloud Security Alliance,”Top Threat to Cloud Computing V1.0”.
According to this paper,cloud computing offers many advantages such as increased utilizationof hardware resources,scalability, reduced costs, and easy deployment. As a result, all themajor companies including Microsoft, Google and Amazon areusing cloud computing. Moreover, the number of customers movingtheir data to cloud services such as iCloud, Google Drive,Dropbox, Facebook and LinkedIn are increasing every day. (a) Ulteo Cloud:The vision is to enableorganizations to connect their employees with the applications andinformation they need tobe successful. By transforming the way applications and desktopsare delivered and accessed we help streamline IT delivery whileenabling new ways of working. Ulteo is a commercial open sourcevendor, our customers benefit from the ethos of the open sourcemodel with the security and backing of a commercial enterprise.
Ourmission is to delivernon-proprietary platforms built on innovation, independence andan open architecture. Ulteo offers the most cost efficient applicationdelivery platform to the market today, with Ulteo OVD Community Edition(free to use) and Ulteo Premium Edition giving administrators theability to seamlessly deliver applications or full desktop sessions toPCs, Macs, tablets,smart phones, laptops and thin clients from Windows, Linux andcloud environments.3(b) WargamingPublic Co Ltd is an international game developer and publisher.
The developed aMMO in 2012 with the name World of Tanks. This MMO is a server based game whichrequires the players to create a personal account and then they can play. Thegame consists of many skills which are complex to handle. There are alsovarious scripts which can be executed while playing the game which simplifiesthe game. These scripts work like hacks for the players and they can easilyspam their opponents. To avoid the players from doing this, War gaming releaseda patch in which the players using various scripts to hack the game were reportedby the players and their accounts would get deactivated.
III. Security Issuesin FOG In fogcomputing each and every layer should be addressed for security and privacy.Here we ask ourselves what is new about fog Computing security and privacy. 3.1 Trust and AuthenticationIn cloudcomputing deployment, data centers are usually owned by cloud service providers.However, fog service providers can be different parties due to different deploymentchoices: 1) Internetservice providers or wireless carriers, who have control of home gateways orcellular base stations, may build fog with their existing infrastructures; 2) Cloudservice providers, who want to expand their cloud services to the edge of thenetwork, may also build fog infrastructures; 3) End users,who own a local private cloud and want to reduce the cost of ownership, wouldlike to turn the local private cloud into fog and lease spare resources on thelocal private cloud. This exibility complicates the trust situation of fog. Trust Model: Reputationbased trust model 18 has been successful in ecommerce, peer-to-peer (P2P),user reviews and online social networks.
Damiani et al. 7 proposed a robustreputation system for resource selection in P2P networks using a distributedpolling algorithm to assess the reliability of a re- source before downloading.In designing a fog computing reputation-based reputation system, we may need totackle issues such as 1) how to achieve persistent, unique, and distinctidentity, 2) how to treat intentional and accidental misbehavior, 3) how toconduct punishment and redemption of reputation.
There are also trusting modelsbased on special hardware such as Secure Element (SE), Trusted ExecutionEnvironment (TEE), or Trusted Platform Module (TPM), which can provide trustutility in fog computing applications. Rouge node in Fog: Theexisting of fake fog node will be a big threat to user data security andprivacy. This problem is hard to address in fog computing due to severalreasons 1) complex trust situation calls for different trust managementschemes, 2) dynamic creating, deleting of virtual machine instance make it hardto maintain a blacklist of rogue nodes. Han et al.
16, 17 have proposed ameasurement-based method which enables a client to avoid connecting rogueaccess point (AP). IV. Securing clouds with fog Numerousproposals for cloud-based services describe methods to store documents, files,and media in a remote service that may be accessed wherever a user may connectto the Internet. A particularly vexing problem before such services are broadlyaccepted concerns guarantees for securing a user’s data in a manner where thatguarantees only the user and no one else can gain access to that data. Theproblem of providing security of confidential information remains a core securityproblem that, to date, has not provided the levels of assurance most peopledesire. Many proposals have been made to secure remote data in the Cloud usingencryption and standard access controls. It is fair to say all of thestandard approaches have been demonstrated to fail from time to time for avariety of reasons, including insider attacks, mis-configured services, faultyimplementations, buggy code, and the creative construction of effective andsophisticated attacks not envisioned by the implementers of securityprocedures. Building a trustworthy cloud computing environmentis not enough, because accidents continue to happen, and whenthey do, and information gets lost, there is no way to get it back.
One needs to prepare forsuch accidents. The basic idea is that we can limit the damage ofstolen data if we decrease the value of that stolen informationto the attacker. We can achieve this through a preventive?disinformation attack. 4 We posit that secure Cloud services canbe implemented giventwo additional security features: User Behavior Profiling: It is expected that access to a user’sinformation in the Cloud will exhibit a normal means of access. User profilingis a well-known technique that can be applied here to model how, when, and howmuch a user accesses their information in the Cloud. Such „normal user?behavior can be continuously checked to determine whether abnormal access to auser’s information is occurring. This method of behavior-based security iscommonly used in fraud detection applications.
Such profiles would naturallyinclude volumetric information, how many documents are typically read and how often.These simple user specific features can serve to detect abnormal Cloud accessbased partially upon the scale and scope of data transferred. V. Proposed System Proposedsystem uses user behavior profiling and decoy information Technology. Itfirstly deals with the user’s behavior, system checks that the user is legitimateor not. If system find unauthorized person then it sends decoy data and keepuser’s real data safe.
UBP Algorithm:1. Identifyoperation executed.2. Track userbehavior profile consisting of the following parameters: username, loginpassword specified, user key specified during document access, type of documentselected for access (valid or decoy).3. Duringlogin, login password specified is tracked4.
Duringdocument access, the user key specified is tracked along with the type ofoperation (valid or invalid).5. Classifyprofile as valid or invalid using the following analyzed using the followingmathematical operation: P (IV) =count (invalid operations of each type)/count (operationsof each type). If the value P (IV) is above a threshold parameter then theprofile is categorized as invalid and the user is redirected to the decoymodule. Advantage of placing decoyfiles in database are:1. Thedetection of unauthorized person’s activity.2.
Theconfusing the attacker with bogus data.3. Sending bogusfiles. Mathematical ModelLet G be thesuperset of all sets.G ? {input,output, operations, success, failure} Where, Input is set of parametersprovided as input to system. Input ? {U, S,DS, F}U is set ofusers. It is infinite set of users.
U ? {U1, U2, U3……………Un}S is set ofservers. It is finite set of servers. S ? {S1}DS is set ofdataset parameters. DS ? {P1, P2, P3, P4, P5} P1 ? Session Time P2 ?Duration P3 ? File upload count P4 ? File Download count P5? Blacklist countF is set offiles. It is Infinite set of files. F ?{F1, F2, F3…………………, Fn}Output is setof results. Output ? {Legal user/Unreal user, Decoydocument, Alert user via mail, OTP via SMS} Operations isset of functions.Operations ?{Op1, Op2, Op3, Op4, Op5, Op6, Op7, Op8, Op9} Op1 ? Request received Op2 ? Load user profile Op3 ? Apply mining & calculate currentrequest parameter Op4 ? if invalid user then send theDecoy/Bogus data Op5 ? Fetch file Op6 ? Calculate digital signature Op7 ? Compare with decoy file digitally Op8 ? If similar, Alert admin Op9 ? Update log, BlacklistSUCCESS ?Desired input generatedFAILURE ?Desired output not generated VI.
Conclusion We propose monitoring dataaccess patterns by profiling userbehavior to determine if and when a maliciousinsider illegitimately accesses someone’s documentsin a Cloud service. Decoy documents stored in the Cloudalongside the user’s real data also serve as sensors to detectillegitimate access. Once unauthorized data access or exposureis suspected, and later verified, with challenge questions forinstance, we inundate the malicious insider with bogusinformation in order to dilute the user’s real data. Suchpreventive attacks that rely on disinformation technology couldprovide unprecedented levels of security in the Cloud and insocial networks. References 1 Clinton Dsouza Gail-Joon AhnMarthony Taguinod, “Policy-Driven Security Management for Fog Computing: PreliminaryFramework and A Case Study,” Laboratory of Security Engineering for Future Computing(SEFCOM) School of Computing, Informatics, and Decision Systems EngineeringArizona State University. 2 Ryoichi Sasaki and Tetsutaro Uehara,Fog Computing: Issues and Challenges in Security and Forensics, CambridgeUniversity Press, Cambridge.3 Cloud Security Alliance, “Top Threatto Cloud Computing V1.0,” March 2010.
Online.4 M. Ben-Salem and S. J. Stolfo,”Modeling user search- behavior for masquerade detection,” in Proceedings of the14th International Symposium on Recent Advances in Intrusion Detection.Heidelberg: Springer.5 M.
Arrington, “In our inbox:Hundreds of confidential twitter documents,” Online.6 William Y Chang, Hosame Abu-amara,Jessica Stanford, “Transforming enterprise cloud services” (Book Form).7 Salvatore J. Stolfo, Malek BenSalem, Angelos D. Keromytis, “Fog Computing: Mitigating Insider Data theft Attacksin Cloud”.8 Ivan Stojmenovic, Sheng Wen, “TheFog Computing Paradigm: Scenarios andSecurity Issues” IEEE 20149D. C. Saste, P.
V. Madhwai, N. B.Lokhande, V. N. Chothe, “FOG COMPUTING: Comprehensive Approach for AvoidingData Theft Attack Using Decoy Technology”, IJCTA.
10 Thogaricheti Ashwini, Mrs.Anuradha.S.G, “Fog Computing toprotect real and sensitivity information inCloud”, IJECSE | SSN 2277-1956/V4N1-19-2911 Shanhe Yi, Cheng Li, Qun Li, “ASurvey of Fog Computing: Concepts, Applications and Issues, ACM 201512 Viraj G.
Mandlekar, VireshKumarMahale, Sanket S.Sancheti, Maaz S. Rais, “Survey on Fog Computing MitigatingData Theft Attacks in Cloud”, International Journal of Innovative Research inComputer Science & Technology (IJIRCST) ISSN: 2347-5552, Volume-2, Issue-6.13 Yongkun Li, Member, IEEE, and JohnC. S. Lui, Fellow, IEEE, “Friends or Foes: Distributed and Randomized Algorithmsto Determine Dishonest Recommenders in Online Social Networks”14 Manreet kaur, Monika Bharti, “FogComputing Providing Data Security: A Review”, International Journal of AdvancedResearch in Computer Science and Software Engineering, Volume 4, Issue 6.15 Divya Shrungar J, Priya M P, Asha SM, “Fog Computing: Security in Cloud Environment”, International Journal of AdvancedResearch in Computer Science and Software Engineering, Volume 5, Issue 8.
16 Younghee Park, Salvatore J. Stolfo,”Software Decoys for Insider Threat”, ACM.17Miss. Shafiyana Sayyad, Mr.AnilBhandare, Mr. Deepak Yelwande, “Fog Computing: Software decoys for insiderthreat”, Volume 2 issue 3 March 201518 Tom H. Longxiang Gao, Yang Xiang,Zhi Li, Limin Sun,”Fog Computing: Focusing on Mobile Users at the Edge” 6 Feb201519 Flavio Bonomi, Rodolfo Milito,Jiang Zhu, Sateesh Addepalli, “Fog Computing nd Its Role in the Internet ofThings”, ACM.
20 Manreet Kaur, monika Bharati,”Securing user data on cloud using Fog Computing and Decoy technique”, Volume2, Issue 10, October.
