Authentication, Access Control, Privacy, Threats and Trust

Home , Home automation

JOURNAL OF LATEX CLASS FILES, VOL. X, NO. X, X X 1 Authentication, Access Control, Privacy, Threats and Trust Management Towards Securing Fog Computing Environments: A Review Abdullah Al-Noman Patwary, Anmin Fu, Member, IEEE, Ranesh Kumar Naha, Member, IEEE, Sudheer Kumar Battula, Saurabh Garg, Member, IEEE, Md Anwarul Kaium Patwary, Member, IEEE, and Erfan Aghasian, Member, IEEE.

Abstract—Fog computing is an emerging computing paradigm the Internet of Things (IoT). IoT has achieved much attention that has come into consideration for the deployment of IoT over the last couple of years and has been enumerated as the applications amongst researchers and technology industries over predestination of the Internet. Technology consulting organi- the last few years. Fog is highly distributed and consists of a wide number of autonomous end devices, which contribute to zation Gartner highlighted that the total number of connected the processing. However, the variety of devices offered across devices by the year-end of 2020 [1] would be more than different users are not audited. Hence, the security of Fog 20 billion devices that exist across various consumers and devices is a major concern in the Fog computing environment. business organizations. Moreover, Norton security organisation Furthermore, mitigating and preventing those security measures predicted that by 2025 there will be more than 21 billion is a research issue. Therefore, to provide the necessary security for Fog devices, we need to understand what the security concerns devices [2]. As IoT continues to flourish, a huge number of are with regards to Fog. All aspects of Fog security, which have sensors have been devoted to diversified devices, which are not been covered by other literature works needs to be identified swiftly leading to an increased amount of generated data and and need to be aggregate all issues in Fog security. It needs to be storage requirements on a regular basis [3]. noted that computation devices consist of many ordinary users, Although we are used to depending on the cloud for and are not managed by any central entity or managing body. Therefore, trust and privacy is also a key challenge to gain market IoT application processing, the exponential growth of IoT adoption for Fog. To provide the required trust and privacy, we devices continues to generate huge amounts of data, which need to also focus on authentication, threats and access control means we will be unable to depend on any central entity mechanisms as well as techniques in Fog computing. In this paper, such as the cloud computing paradigm to process these huge we perform a survey and propose a taxonomy, which presents an amounts of data. The Fog computing paradigm is evolving to overview of existing security concerns in the context of the Fog computing paradigm. We discuss the Blockchain-based solutions serve various services while simultaneously managing numer- towards a secure Fog computing environment and presented ous sensors, actuators, users, processes, and connectivity by various research challenges and directions for future research. placing processing facilities closer to users. Also, the edge Index Terms—Fog security, IoT security, access control, Fog devices generate data from their designated areas and link computing, authentication, trust management, privacy, threats with each other or transmit to the neighboring Fog nodes for and attacks, auditing, Blockchain. supplementary analytics and decisions. The Fog computing paradigm can solve the time-sensitive application processing I.INTRODUCTION limitations of the cloud as well as supporting IoT applications. Fog devices reside at the network edge to facilitate computing HE computational world has become very broad and arXiv:2003.00395v1 [cs.CR] 1 Mar 2020 services near to the users and deliver services as well as complicated as our expectation is going beyond con- T applications for billions of connected devices. This helps to necting people. We are about to approach a new era, where support real-time processing, storage and networking facilities everything will be connected. With the swift development of at the edge level [4]. technology, many individuals and organizations are starting to Since smart devices or Fog devices are categorized as provide services to users with the help of their smart devices resource constraints, the Fog computing paradigm will face such as cell phones, home appliances, vehicles, wearable many challenges such as the limitations of storage, bandwidth, embedded devices, sensors, and actuators. The underlying battery, and computation power, which leads to obstruction in work is performed by massive-scaled wireless sensor networks the rise of IoT. To overcome the encumbrance of these limita- and realms of connected devices, which is aptly termed as tions, the cloud computing paradigm is perceived as a talented A. A. Patwary and A. Fu are with the School of Computer Science and computing archetype, which can distribute services to the edge Engineering, Nanjing University of Science and Technology, Nanjing 210094, via the cloud in terms of Infrastructure as a Service (IaaS), China. e-mail: alnoman [email protected], [email protected] R. K. Naha, S. K. Battula, S. Garg, M. A. K. Patwary and E. Aghasian Platform as a Service (PaaS) and Software as a Service (SaaS) is with School of Technology, Environments and Design, University of solutions which offer applications and services with resilient Tasmania, Hobart, TAS, Australia. e-mail: [email protected], resources at low costs [5]. Over the last decennium, cloud com- [email protected], [email protected], mdanwarulka- [email protected], [email protected] puting has obtained an immense reputation among researchers. Manuscript received XXX XX, XXXX; revised XXX XX, XXXX. Real-time IoT application services and information access are JOURNAL OF LATEX CLASS FILES, VOL. X, NO. X, X X 2 possible any time and anywhere via this paradigm. Cloud In current literature, there is a gap in the aggregation of computing also offers diverse features to users such as ease all Fog security-related issues. None of the literary works of access to information, cost efficiency, quick deployment, presented a critical evaluation of all aspects of Fog security, backup, and recovery. Although cloud computing has fulfilled as has been done in this paper. Neither did they discuss most of the demands of modern technology, it may not be Fog security issues from the auditing perspective. Different a suitable solution as there are still unresolved problems, studies regarding Fog computing security and privacy did not whereas IoT devices and applications need to be processed cover the various security issues related to the Fog computing swiftly. This is beyond the existing capabilities of cloud com- architecture and its environment. In this paper, we will explore puting. Hence, security and privacy, data segregation, mobility and explain various security concerns related to the Fog com- support, low latency, location-awareness, geo-distribution, and puting environment from the auditing perspective. Since Fog real-time applications are required for IoT applications. While computing extends to the cloud system, therefore, most of the Fog computing offers a much more advantageous system as cloud computing security concerns [15] are being inherited and opposed to cloud-based systems, there are several security impacts Fog computing as well. We have focused our attention issues at hand which can cause interruptions to the way on significant security, threats and attack issues such as trust deployment is carried out using Fog computing. management, privacy, authentication, and access control. We In reality, due to the associated privacy and security risks linked these security concerns with Fog and explained how for cloud-based systems, nearly 74% of Information and com- these concerns could affect Fog security. In addition, we munications technology (ICT) executive officers have rejected discussed how blockchain could mitigate some Fog related adopting cloud computing [6]. Fog computing is not at a security issues. We have systematically focused our attention mature stage and continues to face new challenges due to its on significant security and threat-attack issues from several exclusive features. In the Fog computing environment, most selected sets of papers to provide a detailed landscape in this devices are managed and maintained across different users. field./ The Fog computing paradigm uses idle resources generated from user devices. These devices are not audited by any B. Research Motivation standard body, which raises security concerns in the Fog environment. On the other hand, secure and fast authentication Cloud computing is already recognized by its widespread mechanisms are required for Fog since many devices are deployment amongst its targeted environment. However, it involved in the Fog application processing. Furthermore, we faces numerous obstacles such as latency, bandwidth, Qual- have to be very concerned about access control since most of ity of Service (QoS), trust, security, privacy, trust, threats, the application processing is carried out in the user devices. and attacks, etc. during the early stages of its deployment. The security issues across various layers of the Fog computing Therefore, privacy and security are the key challenges for the environment is presented in Fig. 1. cloud computing paradigm. In the case of Fog computing, it was inaugurated as a new computing paradigm, which has emerged over the last few years as a bridge between cloud A. Existing related surveys on Fog computing security data centers and edge devices or IoT devices. The main aim There has been a variety of techniques proposed in the of Fog computing is to improve the existing problems of cloud literature to address the security issues of the emerging Fog computing by improving the communication latency, real-time computing. Most of these research papers either presented processing, privacy and security. Nevertheless, Fog computing Fog security concerns or merely focused on one aspect of also faces many privacy and security concerns as it is in Fog security. Here, we have summarized and given a concise its early stages. User devices and end devices are the main overview with regards to Fog security by combining the components for computation in the Fog environment, which opinions across several of these research works. is not usually audited by any security standard. Therefore, the Yi et al. [7] briefly examined various security issues and key aim of this work is to come up with a methodical review tried to identify various challenge domains corresponding to on state-of-the-art approaches and techniques in accosting the solutions of the Fog computing environment. Zhang et Fog computing security and privacy issues from the auditing al. [8] discussed and analyzed the adhering potential security perspective and pinpoint challenges as well as the possible and trust issues, and explored solutions which are currently direction for researchers and application developers. available for those issues. Khan et al. [9] explored common 1) Paper Selection Approaches: To exploit the coverage of security gaps in Fog computing from the existing surveys. the searched literature in this work, we began by identifying Alrawais et al. [10] investigated and discussed the various the most used alternative words and synonyms in the research privacy and security issues in Fog computing environments. questionnaire. Therefore, we conducted our selection strategy Rauf et al. [11] discussed IoT, Fog and their security issues. based on our proposed taxonomy and Table I searching Stojmenovic et al. [12] investigated intrusion detection and criteria. We first categorized the current research security authentication techniques in Fog computing. Wang et al. [13] issues and challenges for Fog computing into six categories: presented and discussed the concerns and challenges in Fog 1. Trust, 2. Privacy, 3. Authentication, 4. Access-Control, 5. forensics and security. Recently, Roman et al. [14] explored Threats and Attacks, 6. Security Audit. We also looked into potential threats associated with the mobile edge, mobile the security issues and solutions of other areas such as cloud, cloud, and Fog computing. edge computing, and blockchain which could suit the Fog JOURNAL OF LATEX CLASS FILES, VOL. X, NO. X, X X 3

Fig. 1. Security issues and attacks at each layer computing environment. In order to focus on the most relevant TABLE I articles based on the aims of our research, we also constructed PAPER SELECTION CRITERIA different search strings using Boolean AND and OR operators. Sl. No. Criteria Then, we conducted a manual search (Fog computing security Relevant to study of the cloud or Fog 01 issue or privacy and security issue in Fog computing), using computing different search engines such as Google, Bing, Baidu etc. in Directly or indirectly related to cloud and Fog 02 the area of cloud, Fog computing security based on the search computing security criteria in Table I. The same approach was applied in renowned 03 Fog computing security issues scientific research databases such as Google Scholar, ACM 04 Security and privacy issues in Fog computing Digital Library, IEEE Xplore, Springer, Science Direct and 05 Security and trust issues in Fog computing Authentication and authorization in Fog 06 ResearchGate. Fig. 2 presents our paper selection approach. Computing We used the tool Mendeley and Google Scholar to manage Authentication and access Control in Fog 07 citations from all extracted articles. We conducted our paper Computing selection and evaluation based on the various criteria as shown 08 Privacy preservation in Fog computing in Table I. 09 Threats and attacks issues in Fog computing 2) Evaluation of Results: After the initial exploration using 10 Security auditing standards in Fog computing several search strings from the sources above, we found almost 220 relevant papers and articles. After searching, filtering, inclusion and exclusion reviews, 127 articles were matched from the first filtration. With respect to our taxonomy, we have separated all these papers into various partitions. Q3 How current research works addressed Fog security concerns? What are the other possible solution and what se- 3) Research Questions: This work is going to answer the curity concerns need attention to the research community? following research questions: Q1 What are the different security issues in Fog which need further investigation? Section II to IV are answering our first two research Q2 What are the all security aspects of Fog and how to question. The third research question is answered by section categorize them? IV, V and VI. JOURNAL OF LATEX CLASS FILES, VOL. X, NO. X, X X 4

Fig. 2. Paper selection process.

C. Our Contributions This survey is intended to provide an exhaustive review across current studies by covering all related Fog security issues and challenges. This work also concentrates on constructing a review of Fog computing with a focus on the related challenges and security issues from the auditing perspective. The principal contributions of this study can be recapped as follows: • Propose a taxonomy based on various security issues such as authentication, access control, privacy preservation, trust management, threats, attacks, and security auditing which are challenging for the Fog environment. • Highlight and discusses various threats and attacks which might be severe in the Fog environment. • Discuss probable challenges and future research directions in Fog computing with respect to security. • Explain how blockchain and auditing could help to mitigate Fog security challenges. The rest of the paper is organized in the following manner - Section II provides an overview of Fog computing. Section Fig. 3. The Architecture of Fog Computing. III discusses the network and data security issues. Section IV demonstrates the proposed taxonomy on security issues in Fog computing. Section V discussed blockchain technologies in is liable for collecting and sending the data generated from Fog and present how blockchain technology can be utilized to devices to the Fog devices in the Fog layer. The Fog devices improve Fog security. Section VI and VII present the research in this layer then process the received data and send the results challenges, future research directions, and conclusions. to the cloud to store for future use. Individuals or organizations are providing Fog devices to process the applications in a Fog II.AN OVERVIEW OF FOG COMPUTING environment by contributing their idle resources. The providers Fog computing ideally demonstrates the concept of a dis- should compensate for their offered resources based on the tributed network environment that connects two different en- usage in a way that both provider and user will be beneﬁted vironments and is closely linked with cloud computing and [16]. IoT. This new computing paradigm was initially and formally In literature, there exist similar Fog like technologies such introduced by Cisco to extend the cloud network to the edge as Edge Computing, Mobile Cloud Computing (MCC), Cloud of the enterprise network [4]. The architecture of a Fog Computing, Mobile Edge Computing (MEC), Cloudlet, Fog environment has three layers - the IoT layer, the Fog layer and Dew Computing, Dew Computing and Micro Data Centre the Cloud layer, as shown in Fig. 3. The IoT layer consists [17], [9]. However, the key difference is that it creates an of a massive amount of sensors and end devices. This layer enormously virtualized platform that offers diversiﬁed compu- JOURNAL OF LATEX CLASS FILES, VOL. X, NO. X, X X 5

TABLE II However, Fog computing has provided numerous other is- EXAMPLESOF FOG APPLICATION sues and challenges such as security and privacy. The technical distinctions between Fog and cloud computing from a security Application Application Description domain service aspect are exhibited in Table III. The OpenFog Consortium, Provides automation control in technology giants, researchers and developers are strongly Smart home Smart home to control the electrical and Smart trying to mitigate these issues. Therefore, if they were able city [18] [19] appliances and security and alarm office systems to attenuate all these issues, then it would be deemed capable Smart grid Provides monitoring and tracking to deal with the constantly increasing number of networked Electric- and Smart service of energy hourly or day ity [20][21] computational devices. This would then make the Fog platform metering wise etc. Provides continuous monitoring of the future of computing. Health- Smart health glucose, blood pressure, pulse rate In accordance with the study of Fog computing character- care [22] monitoring etc. istics, we have illustrated a differential table based on cloud Augment Provides the best user experience Reality in Augmented Reality and Fog features - Table III. Finally, we have pointed out Entertainment Real-time a few challenges that exist for the current cloud technology. video Provides the best user experience Therefore, we have also illustrated a table and highlighted how streaming [23] in video streaming and gaming and gaming Fog eliminates these challenges - Table IV. systems system En- tertainment TABLE III Smart Driverless vehicles TECHNICAL DIFFERENCE BETWEEN FOGANDCLOUDINASECURITY vehicle PERSPECTIVE Smart Suggests best routes and dynamic Transportation navigation rerouting Cloud Road Auto detects the condition of Attributes Fog Computing [24] [25] condition roads and adjusts the parameters Computing Security detection to drive according to it Centralized Distributed Smart traffic Reduce the traffic jams across the management lights junctions Heterogeneous Security concerns General servers devices Attack and threat Low High level tation, storage, and network services to its clients via unused Within the At the edge of the Security domain end-device resources. With the features and characteristics of Internet local network the Fog computing continuing to improve, the performances of No user User defined Security pattern defined a wide range of domains across different real-time IoT specific security applications such as City: smart office, smart home, smart security Software based waste management; Electricity: smart grid; smart metering, Static or Security Audit and automated manual Health: smart health care system, Transportation: smart vehicle Analysis dynamic and approach accident prevention; traffic flow maintenance; Smart Traffic real-time approach Light System (STLS); Traffic control system, Entertainment: real-time video streaming and gaming systems are shown in As Fog devices are much more distributed and belongs to Table II. different users, security auditing is very important. In order The features and characteristics of Fog computing are as to audit the security of Fog devices, we need to explore the follows [4]: network and data security issues related to Fog. • Support Geographic Distribution • Location Awareness III.FOG NETWORKAND DATA SECURITY • Low Latency Ensuring security for both network and data in Fog is a • Heterogeneity challenging task due to the vastly distributed nature of Fog • Decentralization computing. Most of the Fog devices are wireless, and data is • Large Scale QoS-aware IoT Application Support processing in the user’s devices. This section discussed the • Mobility Support network and data security of Fog in detail. • Interplay with Cloud • Context Awareness • Online Analytics A. Network Security • Predominance of Wireless Access Due to the massive deployment of wireless networks in • Close to the end users the Fog environment, ensuring security in these networks • Save storage space is a mandatory concern. Wireless networks are prone to • Higher Scalability attacks such as jamming, sniffers, spoofing, Man-in-the-middle • Save Bandwidth (MITM), etc. These attacks can affect the wireless network • Real-time Interaction security of Fog computing, which can take place between • Data security and privacy protection the cloud to things continuum. In general, the users trust the • Low energy consumption network configurations and data generated by the network JOURNAL OF LATEX CLASS FILES, VOL. X, NO. X, X X 6

traffic which is usually managed manually by a network administrator [26]. As Fog nodes placed at the edge of the network, therefore, it would be an unmanageable task for TABLE IV SECURITY CHALLENGES AT FOG the network administrator. In such a scenario, the Software Defined Network (SDN) will increase the scalability of the Challenges Role of Fog network and decrease the cost. Hence, SDN would be a With Fog, the computation, process, preferable solution in Fog computing [7]. In Fog computing, storage and control of sensitive tasks are done as near as possible to the end user’s SDN can provide features for network security, for example Security of device. In this distributed environment, all monitoring networks and Intrusion Detection System (IDS), computing and threats and attacks first need to be faced as well as watching the traffic routes which is referred to as access control as Fog nodes, where Fog nodes are able CloudWatch [27] and OpenFlow [28]. It also helps to isolate to identify all illegitimate activity and can the traffic and manage prioritization to prevent attacks from prevent any incidents before they are passed through to the system. network resource access controls and congested networks. In Fog environments, data is originated Klaedtke et al. [29] proposed a method for access control that from, or to sent to the end-user devices was based on OpenFlow and for a network resource sharing Security of data which are managed and preserved via system. The authors [30], proposed an OpenWifi, which gave storage and users secure Fog nodes. Hence, the data would authentication to the guest users by letting them have access privacy be better preserved than stored in the user’s device and more available than if it to the Fog node router in context with the security issues. was maintained in remote data centers. A Fog network is connected by an B. Data Security immense collection of Fog nodes, and it Security of In Fog computing, data generated by IoT or edge devices can provide uninterrupted secure communication are gradually increasing respectively with the number of IoT communication and networking services and networking by residing near the end user’s device. devices. Due to a lack of adequate resources for IoT devices, it system Fog reduces the chances of various is hard to process all the data on IoT devices [10]. IoT devices network and communication attacks. send the generated data to the nearby Fog node. After that, A lot of IoT devices or end devices has this node divides the generated data into several segments and limited resources. Hence, due to these forwards them to multiple Fog nodes for further processing. Security of the limited resources, the IoT devices have During this division and distribution time, the data could be resource- little or no capability to defend constrained IoT themselves from sophisticated altered or manipulated by attackers. Therefore, the integrity devices cyber-attacks. Fog nodes and cloud of the data must be ensured. Hence, the encryption and servers together can provide multi-level decryption process is not easy to implement due to associated protection, i.e. ”defense-in-depth”. resource constraints. In this case, light-weight encryption and In Fog networks, the Fog nodes are able decryption techniques would be a compatible solution [31]. Real-time incident to provide real-time incident response response services services that notify the IoT system However, user data is being outsourced as well the user’s without disruption of any services. data control which is handed over to the Fog node. This still Because of the lack of available resources brings about the same security threats associated with cloud to end devices, Fog can manage and computing. In this circumstance, there might be a chance to Security challenges update security mechanisms such as lose or modify the outsourced data. In addition, illegitimate in the edge authentication, access control, trust network management, etc. Therefore it can also third parties with malicious interests might misuse the stored protect devices that cannot protect data. To mitigate these threats, a proposed solution is to themselves adequately. present auditable data storage services, which are applicable It is impractical to require that all the for cloud computing data protection. In the context of a cloud devices are connected several times a day storage system, a well-known technique is a homomorphic to cloud for the security credentials and Security software to be updated. However, Fog encryption and searchable encryption, which could be used credentials and nodes are able to manage security to accumulate and ensure integrity, confidentiality and veri- software up to date credentials and software updates on a fiability to permit a client to investigate the data which is large number of devices simultaneously, stored on untrusted servers [32]. Yang et al. [33] surveyed based on their criteria without downtime. the existing research work related to auditing data storage In the IoT environment, it is crucial to be able to notice trustworthy processes, services in the context of cloud computing. Eventually, from whether the devices and systems are the circumstances above, there is still no proposed method operating safely and securely. Many of that can meet the criteria based on a three-tier architecture for Monitor the today’s hackers send false status messages security status Fog computing. Nonetheless, it is a challenging task to design that make operations appear normal. Fog a secure storage system, which will satisfy all requirements provides a scheme to monitor security status in a trustworthy manner and can (dynamic processing, low-latency, high-scalability, etc.) and detect these types of attacks. support smooth communication between the Fog and cloud environments. To detect network and data attacks in Fog we need to employ an Intrusion Detection System (IDS) across various layers. JOURNAL OF LATEX CLASS FILES, VOL. X, NO. X, X X 7

Intrusion Detection System (IDS) is extensively used in privacy issues and privacy preservation techniques. In authen- cloud systems to identify and help protect from attacks, such as tication, our observation relates to authentication domains, Denial of Service (DoS) attacks, insider attacks, port scanning methods and potential attacks on the authentication processes. attacks, flooding attacks on the VM (Virtual Machine), man-in- In the access control section, we identified the controlling the-middle (MITM) attacks, hypervisors, as well as numerous area, requirements and access control methods. Finally, we systems [34]. It can be deployed under Supervisory control summarized several threats, attacks, and vulnerabilities. This and data acquisition (SCADA) [35], cloud [34], smart grid taxonomy offers a better understanding of Fog security issues system [36] [37] etc. It can also monitor, detect intrusive to the research community and enterprises. Fig. 4 represents behavior of possible attackers, as well as analyze log files, the proposed taxonomy and concise derivation of each section access control (AC) policies, and user access credentials. In in the taxonomy, which will be described in the following three-tier architecture Fog computing, IDS must be deployed subsections. in the cloud, Fog, edge for monitoring, analysis of traffic and intrusive activities of cloud servers, Fog nodes and edge A. Trust and Trust Management in Fog Computing devices. However, establishing security alone is not enough to provide the necessary protection against the propagation of The definition of trust does vary across different fields. viruses or malware from vulnerable nodes to other parts of Trust is the level of undertaking that an entity will treat in the system. With regard to this situation, there may arise chal- an appeasing way [41]. Although this definition does not lenges such as corrective responses, alarm parallelization, false represent the proper trust definition according to the field alarm controls, and real-time notification [38]. A probable of computing, it can be characterized as an “expectation solution could be to deploy a perimeter IDS that coordinates that a device or system will faithfully behave in a particular different IDS in the Fog system [39]. On the contrary, while manner to fulfill its intended purpose” [42]. Therefore, trust ensuring security in the Fog computing environment through can support the devices that failed to communicate with each IDS, several challenges may arise in terms of providing low- other and desire to establish a new connection. A Fog node latency requirements [7]. might be considered safe or unsafe by relying on their trust level. Trust management is considered in order to establish trust C. Security Standards in Fog between entities. It is a system or mechanism that takes place Security standards form a vital part in maintaining protec- between two nodes in a network to established trust. It was tion for information systems. These standards are responsible first introduced by Blaze et al. [43]. They defined the problem to define the scope and security functions and features needed, of trust management as “the problem of figuring based on as well as policies, in order to manage the information and formulated security policies and security credentials if a set of human assets. Standards also help to evaluate the effectiveness security credentials of an entity satisfies the security policies”. of security measures and maintain the criteria for ongoing Trust management examines the way of collecting and storing assessments of security. It is a necessity to consider proper information to ensure the trustworthiness of an entity. It can security standards and commonly used security practices in be measured with creation, updating or revoking the trust [44]. the Fog computing environment in order to develop a feasible In Fog computing, the devices are responsible to provide choice for the enterprise community. reliable and secured services for end-users. In this case, IEEE 1934 [40] is a standard reference architecture for there must have a definite level of trust between all the Fog to satisfy data-intensive application requirements. This devices in the Fog network. Authentication plays an important architecture was proposed based on eight key attributes of the part in forming a primary set of relations between the end system, for example, RAS (reliability, availability, and ser- user’s device and Fog devices in the system. As devices can viceability), scalability, autonomy, openness, security, agility, always breakdown or become vulnerable to malicious attacks. hierarchy and programmability. For auditing purposes, we Authentication alone is not adequate to fix these problems. need to figure out the taxonomy of Fog security issues. By Fog computing has an aim to elevate the trustworthiness of the which, we can then identify what to audit and how to perform overall network. In cloud platform technology, the data centers auditing in Fog by following recommended standards. are typically owned and maintained by cloud service providers. However, in the Fog platform, dissimilar parties may act as service provides as diverse deployment options exist in such IV. TAXONOMYOF SECURITY ISSUESIN FOG COMPUTING systems [7] such as Internet service providers, Cloud services Fog is an augmentation of cloud computing which has many providers, and End-users. This flexibility makes obscure the security issues. In this study, we have proposed a taxonomy, required trust for Fog computing. Therefore, based on these which is based on various security issues such as trust manage- circumstances, numerous problems arise in the Fog computing ment, privacy assurance, authentication, access control, threats, environment as follows: attacks and vulnerabilities adhering to the Fog computing • In the Fog environment client is a node that can apply the environment for auditing purposes. In the trust management required services as presented by the Fog device. Hence, section, we have discussed trust, the scope of trust, trust Fog devices are retained and upheld autonomously and model and the potential attack on the trust computation area. operated by various organizations or parties. In such a In the privacy assurance section, we have discussed different case, Fog clients are required to be more vigilant in JOURNAL OF LATEX CLASS FILES, VOL. X, NO. X, X X 8

Fig. 4. A Taxonomy of Security Issues of Fog Computing.

the time of communication with Fog nodes. Generally, In such scenarios, trust helps to maintain the relations built different possessors preserve security in different ways, upon preceding interactions of devices or entities. Trust must and the security amongst Fog devices positioned in the play a two-way responsibility in the Fog environment [45]. same organization may also be dissimilar in context. First, the nodes that provide services to edge devices must be Therefore, from a Fog client’s observation, Fog nodes competent to authenticate the service requests to comprehend indicate a potentially great threat. if the request is fake or genuine. Second, the edge devices • From a Fog node’s perspective, the client is also consid- that send or request data must be competent to authenticate ered as a potential threat. These services can comprise the intentions of the node to guarantee its security. Therefore, of various scripts or harmful cipher with destructive applying the trust mechanism in the Fog environment permits consequences to the Fog node’s software or hardware. Fog nodes, resource-limited IoT devices, and other Fog clients • Data is collected from the Fog clients through the Fog to identify the future behavior of one another. When identifi- network and it can be used for further work. However, cation of future behavior becomes probable, then Fog clients after the data is collected from Fog clients, it might be can easily choose a trusted Fog node that will provide the best corrupted or lost during the propagation process. services. As a sign of the problems presented in the solution of trust management, for a Fog system, there is a need to • Fog nodes can be deployed by anyone or any organiza- identify and detect all accidental or intentional behavior which tion. Therefore, setting up a Fog node that may become a can enable authorities to take the necessary action and rebuild threat to the whole network may be complicated [12]. A the trust formation instantaneously [7]. The key factors that rouge Fog device can send illegal data and run over the influence Fog computing are trust scope, trust characteristics entire network, which can have undesirable influences on and trust evaluation models. the entire network performance and amplify the packet loss. This compromises Fog nodes or rouge nodes which Trust Scope: Guo et al. [46] demonstrated current methods can hamper the legitimate nodes in the Fog network. of trust computation in the IoT system. They categorized the trust computing scheme into five scopes: aggregating, • Usually, Fog nodes can be installed or deployed near the end-users, so that Fog nodes are easily accessible and formation, update, propagation and trust composition. We can can be tampered with spontaneously. If node hardware consider this scope of trust for the Fog computing environment or software is tampered with, it will become a potential as well. This segment will demonstrate each of these scopes threat for the entire network. Therefore, data that is shared in detail as below: with the tampered Fog device can be exposed or revealed • Trust Aggregation: collect all the recommendations to unauthorized entities. from others and combine them with one’s own experi- • Any Fog device which is compromised can be a source ences in the trust computation which might be essential. from which originates malicious objects which can im- Trust Aggregation elects how this is accomplished. pact the reliability of the whole Fog network. • Trust Formation: this defines the way to enable a JOURNAL OF LATEX CLASS FILES, VOL. X, NO. X, X X 9

combination of trust properties by trust composition. 1) Trust Evaluation Models: Although Fog computing is Some methods just study one property, and others reflect vulnerable to any sort of illegitimate entity, it is important to a mixture of some properties. ensure an effective and secure trust model that is compatible • Trust Update: it shows how often the trust values are with trust computation in Fog computing. updated. Periodical updates and Event-driven are two key While trust is classified amongst the imperative security methods. requirements in Fog, there is quite a limited range of studies • Trust Propagation: it decides on how to select a dis- in the field. Most of the studies have just concentrated on the tributed or centralized process to compute and store the field of cloud computing. trust. Till now, there is no strongly recommended trust model for • Trust Composition: it defines a group of trust properties. Fog computing, but we can enumerate already existing trust It chooses what components have been used in the trust models from IoT and cloud computing. In this section, we computation process. Social trust and service quality are are going to discuss a few renowned trust models which are the two key elements. competent for Fog computing.

Characteristics of Trust in Fog Computing: This section • Reputation-based: The reputation-based trust describes the characteristics of trust in Fog computing. Various model [49] is broadly applied in peer-to-peer (P2P), characteristics of trust that help develop trust relationships e-commerce services, social media, and user reviews. related to the understanding of Fog computing much further. Occasionally, the fame of a service provider is beneficial The authors [47] defined a few characteristics, which can be to select amongst diverse service providers. Damiani et retained for the Fog environment. al. [50] demonstrated a reputation system model for P2P networks by applying a distributed polling algorithm to • Is trust dynamic? Trust requires to be dynamic because of two reasons. First, the Fog system network evaluate the consistency of the model. As this model topology is changing continuously as new devices join sturdily relies on a general view, it is not appropriate or leave concurrently on the Fog network. Then, devices in Fog computing as the nature of the end devices is in the network may deflect their behavior successively. dynamic. Moreover, Abhijit et al. [51] introduced a Therefore, trust should be monitored uninterruptedly. For trust-based model to provide application layer security example, for the past year, entity A had a high trust that can deal with the issues of user privacy, integrity towards entity B. However, recently, entity A found that and authentication. Hence, it will function as a trust- entity B lied to entity A. Consequently, there is no trust related safeguard in the Fog ecosystem for IoT related between these two entities anymore. applications. • Plausibility-based: Soleymani et al. [52] proposed an • Is trust subjective? Although Fog networks are formed with a wide range of objects or devices, its security re- experienced and plausibility-based fuzzy trust model to quirements vary from object to object or device to device. secure a vehicular network. In a vehicular network appli- So, their trust properties are different, which is carried out cation, it is significant to establish a trust to keep integrity more importantly over other properties. Having different and reliability. Hence, in vehicular environments, a secure types of trust policies for different objects, the trust will trust model can handle the uncertainty and risks originat- be subjective. ing from defective information. Eventually, there are also several trusted models [7] regarding special hardware. • Is trust transitive within a context? Following subjective issues, each device has a distinct security policy of • Trusted execution environment (TEE): TEE is an iso- its own. That is, if device A trusts device C, then device lated environment, which guarantees the confidentiality A may trust any device that device C trusts in the same and integrity of code and data by executing in the secure context. However, this concludes that the trust might be area inside a processor. explicit and difficult to be measured. • Secure element (SE): SE stores sensitive information securely and run the apps in a microprocessor chip to • Is trust asymmetric? Trust is an asymmetric relationship in nature. Being asymmetric in nature, trust is contrary to protect the data and application from malware attacks. non-mutual relationships. It means that if device A trusts • Trusted platform module (TPM): TPM stores the host device B, we must not suggest that device B trusts device identification key pairs, which are used for hardware A. authentication inside a specialized chip. The data inside this chip cannot be accessed by software. • Is trust context-dependent? Context is significant in terms of Fog computing [48] and at the same time, it is 2) Attacks on Trust Computation Environment: In Fog significant in terms of trust computing as well. Suppose, computing, while Fog nodes and clients are communicating we might trust a friend to keep a secret, but not to keep with each other, they must establish a connection with greater our money with him. The same scenario can be applied trust value in the Fog network. For Fog nodes and clients, in the Fog environment. One Fog device can be trusted the highly trusted nodes and clients will be selected and to accomplish a particular task for a client in the Fog accepted frequently rather than Fog nodes and clients with environment, but for another task, it may not trust the lower trust. It helps to speed up the overall performance of same Fog device. Therefore, in this situation trust needs the Fog network [46]. Malicious intruders will impersonate to be context-dependent. their nodes as highly trusted nodes, so that, they can gain the JOURNAL OF LATEX CLASS FILES, VOL. X, NO. X, X X 10

possibility of compromising a network. In this segment we are • Users Privacy: usually Fog computing consists of a large going to define several types of attacks which might occur in collection of IoT enabled devices which are connected the Fog network: through sensor or wireless network. Therefore, IoT de- • Self-promotion attack (SPA): in SPA attack, the mali- vices are used to generate sensitive data at the user cious Fog nodes increase their trust values to impersonate level and upload it to Fog nodes for further processing. themselves as the highest trusted nodes. Sensitive data such as personal data, home-automated data, business data, health data, etc. By analyzing all this • Bad-mouthing attack (BMA): this attack works by spreading fictitious information. Several malicious Fog sensitive information, an intruder can reveal a lot about nodes work together to provide depraved suggestions a user’s personal data and gain adequate knowledge. about a decent Fog node, which will damage the fame of • Data Privacy: as we already know that, Fog node works those nodes. This is a form of a collision attack, and it at the edge plane of the network and it generally collects happens when numerous malicious nodes come together sensitive data that is generated by various sensing and to spread false information. end-user devices. Hence, Fog nodes are managed by third parties. So, when all the unprocessed data are being • Ballot-stuffing attack (BSA): this attack is similar to the collusion attack, where a malicious node transfers decent aggregated in the Fog layer, there might be a chance to suggestion regarding another wicked node to raise the (compromise, alter, miss-match, etc) the data. Under such fame of the malicious nodes. circumstances, we need to indemnify the privacy of these data. Usually, Fog nodes send requests to the end-users • Opportunistic service attacks (OSA): after assuming to send their private data to them, in order to further that the fame has been lowered down by the Fog node, process it, store it temporarily, and finally, send data to it can achieve a great service to retrieve its reputation. the cloud for permanent storage. Therefore, users will not • On-off attack (OOA): A malicious Fog node can provide have control over the data where all the access and control bad and good services simultaneously to avoid being will be transferred to the Fog or cloud service providers. rated as a low trusted node. The OOA attacker can also Under such circumstances, service providers or malicious behave differently with different neighbors to achieve an insiders can manipulate the stored data. This signifies a inconsistent trust opinion of the same node. privacy issue to the user’s data. In accordance with the study above and based on different • Usage Privacy: this privacy issue arises when a Fog issues, we have illustrated, a summary table on the existing client can avail of the required Fog services. For example, related research works related to trust issues are shown in in a smart grid system, the reading of the smart meter Table V. reveals masses of information of a smart-house such as at the TV on and off time or when the home is vacant, B. Privacy in Fog Computing which certainly brings privacy breaches for users [58]. Privacy is a key issue in any distributed environment. Across • Network Privacy: wireless connectivity is comprehen- available literature, there are many mechanisms, which have sive under the control of IoT as well as other edge devices been proposed to ensure the privacy of the data, such as in a Fog computing environment. It is a big matter of encryption and hashing. However, these techniques are not concern, as wireless connectivity is prone to network suitable in the Fog, because it affects the latency and time privacy attacks. The maintenance cost is correlated with to process the application. The remaining part of the section the Fog nodes as it is positioned at the edge of the discusses in detail the privacy assurance issues. Internet, where network configurations are established Privacy Assurance: Privacy assurance helps to preserve manually [7]. The breaches private data which is an any private information, such as data, user, usage, locations, important issue while using Fog networks. The end-users devices, network from unauthorized access [56] [57]. In Fog share resources which contribute to Fog processing. Due Computing, all the data used comes from various sources like to this, information that is more sensitive is collected IoT devices, wireless networks as well as cloud networks. by the Fog network as compared to a remote cloud. To These data might be meaningful or meaningless, but we need overcome these issues, an encryption scheme like HAN to preserve it. Thus, appropriate privacy assurance can be (Home-Area Network) might be useful. treated as a substantial security issue in the Fog environment. • Location Privacy: in the Fog environment, the location There are also a few encounters ascends for privacy preser- privacy denotes to the protective techniques for breaches vation, as the nodes are located adjacent to the end-users and related to the client’s location. While the client uploads its they can gather sensitive information [7]. responsibilities to the closest node, the uploaded node can 1) Privacy dimensions: Fog computing is used to work assume that the client is contiguous and far away from with sensitive information which is generated from several other Fog processing devices. Therefore, if a client in the sources. For securing these types of sensitive information, Fog environment uses multiple Fog application services privacy is one of the most significant problems in Fog com- from multiple locations, it may reveal its track directly to puting. There are lots of privacy issues that arise in the Fog the Fog nodes, to avoid collision amongst the Fog nodes. environment. In the following section, we are going to describe As Fog nodes are vulnerable to potential attacks, It is Fog computing privacy issues from a different perspective: easy to compromise the privacy by having the location JOURNAL OF LATEX CLASS FILES, VOL. X, NO. X, X X 11

TABLE V THE SUMMARY OF TRUST ISSUESIN FOG ENVIRONMENT FROM MAJOR SURVEY PAPERS

Reference Paper Highlights/Objectives Achievement and Limitation

• Propose a risk-based trust model for the IoT • The system can compute trust as well as environment. compute risk levels of the system. • Dynamic domain adaptive security solution. • Layer-wise Various attacks discussed. Rauf et al. [11] • Parameters such as availability, reliability, re- • The system will provide trustworthy informa- sponse time, etc. used. tion forwarding decision on the basis of trust • Direct and indirect observation also used for trust and risk values. computation.

• Performed a Fog-based hierarchical trust mecha- • Reduce consumption of the energy by the nism. network. • Solve resource consumption problems. • Ensure the state of trust for network and edge Wang et al. [53] • Able to monitor the trust state of the whole nodes. network. • Detect some attacks of hidden data. • Detect and recover data attacks and misjudgment • Recover misjudgment nodes. nodes respectively.

• Applies fuzzy logic for trust evaluation. • A broker based trust mechanism approach in Fog. • Able to performed dynamic trust operation. Rahman et al. [42] • Deliberate the trustworthy Fog service. • Simultaneously maintained a trust relation- • Request matching algorithm has been used. ship.

• Secure trust establishment among vehicles. Soleymani et • Fuzzy trust scheme based on plausibility and • Can deal with uncertainties and risks. al. [52] experience. • Detects faulty nodes and malicious attackers. • Demonstrated a series of security checks.

• Suit for IoT edge computing on a large scale. • Reliable and lightweight trust evaluation mecha- • Facilitates low-overhead trust computing al- nism. gorithms. • More feasible against bad-mouthing attacks. Yuan et al. [54] • Trust factors are weighted manually or sub- • Employ fusion of Multi-source feedback infor- jectively. mation. • Gained computational efﬁciency and reliabil- • Used objective information entropy theory. ity.

• A data protection scheme has been for Fog computing. • Dynamic and can handle mobility management • Able to deliberate up-to-date location ser- Dang et al. [55] service. vices. • Introducing Fog-based region veriﬁcation and • Efﬁcient and feasible scheme. privacy-aware role-based access control techniques. JOURNAL OF LATEX CLASS FILES, VOL. X, NO. X, X X 12

credentials of the Fog clients. If the Fog clients are addition, there could be a scenario whereby a Fog client attached to an object or a person, then the location privacy uses resources from multiple Fog nodes or the location of is at risk. Whenever a Fog client frequently selects its the client can be squeezed into a small region. As such, closest Fog node, the node can certainly identify if the the location of the client must be within the coverage of client is using the resources residing nearby. several Fog nodes. According to the described scenario, the authors [67], used a method to preserve location 2) Privacy Preservation: In Fog computing, it is used to privacy. collect and process user personal data which is desirable. So, • Data partitioning: Another probable method could be it is evident that a proper privacy-preserving and security effective for preserving user privacy by partitioning the mechanism is required to cope up with the Fog computing data into multiple Fog nodes. The usage pattern is another environment. As we know, Fog computing consists of various privacy concern when clients are using Fog services. In devices that are connected to IoT as well as Cloud. So, we this scenario, privacy-preservation techniques have been should apply privacy-preserving techniques between cloud and suggested in smart metering [68], [62], but we cannot ap- Fog to maintain data privacy because both Fog and cloud ply these mechanisms in Fog computing directly, because devices are resourceful and have adequate storage and power. there is no TTP (i.e., smart meters in the smart grid) or no On the contrary, IoT devices have limited resources. So, it’s backup device. The Fogging device can accumulate the a difficult task to implement privacy-preserving techniques list of tasks for user usage. The creation of bogus tasks by between the Fog and IoT devices. It is significant because the the clients and uploading them to multiple nodes is one users and users’ may be concerned about their data which possible solution while hiding actual tasks from the bogus is sensitive [59]. Different privacy preservation techniques, ones. However, this solution may not be operational as it methods and schemes are proposed across many scenarios, raises the client’s expense and wastes resources. including cloud [60], wireless network [61], smart grid [62], health-care systems [63], and online social network [64]. According to the discussion above and based on different criteria for privacy-preservation, it has summarized into the • Homomorphic encryption: There is a method for Table VI. privacy- preservation, which is homomorphic encryption (it is a method for operating encrypted data without decrypting it), that can be implemented to retain the C. Authentication in Fog Computing privacy of transmitted data without decryption across Authentication helps to verify a user’s identity by verifying local gateways [32]. if a user’s credentials match with the information in a database • Differential privacy [65]: is to assure the privacy of ran- via the authentication server. In the context of Fog computing, dom individual entries in the statistical data set. Although authentication ensures and confirms an end user’s identity. its computational overhead for such function is a big issue This helps ensure that only legitimate end users can have in Fog computing, it needs to be assiduous about the access to the Fog nodes who have met all the requirements efficiency of the method. to be authenticated as an end-user. Authentication is one of • Identity obfuscation: There is a renowned technique the five pillars of Information Assurance (IA) [74]. In Fog called identity obfuscation technique [66], where the computing, authentication of the end user’s devices permitted Fog node is able to recognize the Fog client is close to Fog services is a significant requirement in the Fog network. by, but it cannot recognize the Fog client. As such, In order to obtain the Fog services from the Fog infrastructure, identity obfuscation is a technique for preserving location an end user’s device must be authenticated to be a part privacy, as it has many methods inwardly. There is an of the Fog processing infrastructure by authenticating itself. elementary method to preserve the location privacy of Whereas it is also essential to defend against the access of the Fog client, whereby this client is allowed to upload unauthorized entities. Fig. 5 shows the authentication issues the data between diversified Fog nodes. This method in Fog computing. is not efficient, because it would waste Fog resources With the higher number of internet-enabled devices, au- and enhance the latency. As we already know, the Fog thentication is getting more and more vital to permit secure client can choose its nearby Fog node to upload its data, communication for IoT applications and home automation. so the Fog node is able to identify that the Fog client Almost any object (entity) may be addressable and be ca- is residing nearby, which helps to get the Fog client’s pable to exchange information over the network. Thus, it is location credentials. significant to comprehend that each device or application can • Trusted third party: Wei et al. [66] demonstrated a be potentially an intrusion point in the environment. So, it is method, where a trusted third party (TTP) generated a mandatory to ensure a strong authentication mechanism for fraudulent ID for each Fog client. As a matter of fact, each device or application in the Fog network system. it is not necessary that the Fog client has to choose a Although Fog computing eliminates many difficulties com- node which is nearby, in spite of that it can choose any pared to primitive cloud computing, it also provides excellent nodes on the basis of a stipulated set of criteria such that services such as mobility, geo-distribution, heterogeneity, real- the reputation, latency or load balancing is not affected. time processing, etc. Similar to Cloud computing, Fog comput- In this scenario, the Fog node can recognize the Fog ing also faces new security challenges. Due to heterogeneity client’s rough location but cannot detect it exactly. In and interaction of third party authorities in the Fog computing JOURNAL OF LATEX CLASS FILES, VOL. X, NO. X, X X 13

TABLE VI THE SUMMARY OF PRIVACY ISSUES IN FOG ENVIRONMENT FROM MAJOR SURVEY PAPERS

Reference Paper Privacy Issues Highlights/Objectives Performances and Achievements

• Fog based public cloud computing. • Performed computation and com- • The idea of anonymity and secure aggre- munication effectively and efﬁ- Data Privacy, gation techniques used. Wang et al. [69] ciently. Identity Privacy • Provide identity and data privacy. • Can save the communication • Performed pseudonyms and homomor- bandwidth. phic encryption techniques.

• Introduced secure positioning protocols • Privacy is gained without uti- Location privacy, by preserving the location privacy. lizing additional computational Yang et al. [70] Location • Position based advanced cryptographic overhead. veriﬁcation protocols have been introduced, which • The system is as efﬁcient and preserve the location privacy. quite practical in practice.

• Data conﬁdentiality and location privacy are focused on. • The concept of decoy method • Discussed how to access user data. for data and location privacy has Location Privacy, Kumar et al. [71] • The misconceptions about the rights of been discussed. Data Privacy users were discussed. • Different attackers and their inter- • The concept of a decoy method with est in a user’s private data was some incorporation for data and location also discussed. privacy.

• Fog based vehicular ad-hoc network • Reduce the computation and (VANET) communication overhead. Location privacy, • Secure and intelligent traffic light control • Traffic light may efficiently verify Liu et al. [72] Identity privacy system using Fog. the authenticity of the vehicles. • Location Based Encryption (LBE) and • Fog device friendly and is able Cryptographic computational DiffieHell- to defend the Denial-of-Service man puzzle has been used. (DoS) attack.

• Performed efﬁciently and aggre- • Employing lightweight privacy- gated hybrid IoT devices data into preserving data aggregation method, one. Device Privacy, for Fog and IoT systems. • Supported fault-tolerance(FT). Lu et al. [73] Data Privacy • The homomorphic Paillier encryption, • Prevents false data injection at- Chinese Remainder Theorem, and one- tack by ﬁltering injected false way hash chain techniques have been data at the network edge level. applied. • Computation and communication costs are very low.

• Preservation of the privacy of the end user’s over a radio network. • Provides user’s privacy, data se- User’s privacy, • Techniques used include commitment curity and network privacy in the Qin et al. [61] Network Privacy, schemes along with zero-knowledge Fog computing environment Data Privacy proof and random-checking monitoring to • Efﬁciency and accuracy is un- preserve the privacy of the end user and predictable in the Fog computing to protect the data ﬂow over the radio environment. network. JOURNAL OF LATEX CLASS FILES, VOL. X, NO. X, X X 14

refer to authentication, but it can be used with other factors. For example, a legitimate user normally can access a system from home or office in any organization’s home country. An attacker will try to access that system from a remote geographical location. With the help of a location factor, the system can prevent illegitimate user authentication into a system or network. • Time factor: similar to the location factor, the time factor can be used as a supplement with other factors. It can be used together with the location factor. For example, an authorized user can have access to a system in a specific time period in an organization’s home country. On the other hand, an illegitimate user tries to access that system from a remote geographical location of another country. Therefore, the authentication would be rejected based on the time and location factor. 2) Authentication Measures in Fog Computing: • Lack of Transparency: The existence of SLA between a Fog or cloud service and an end users is a vital issue in Fig. 5. Authentication issues arises in Fog Computing. order to establish trust. Although many SLAs have clearly defined the privacy over the user’s sensitive data, users are unable to trust them in how the data is being governed. system, it leads to an increase in the scope of security breaches. Hence, the SLA verification gets limited when the service In such a case, there might occur various renowned attacks is being directly used in the Fog layer by the end users (e.g. data loss, account traffic hijacking, man-in-the-middle and a small organization, which should be monitored by attack, denial of service attack, malicious insider attack, etc). a licensed third-party through SLA verification. There Therefore, it is a significant issue to think about secure Fog might be a lack of transparency that permits the users networks by ensuring the security mechanism in every stage. to monitor their own data in the Fog or cloud system. In that case, authentication plays a key role in protecting • Real-time Interaction: Fog nodes and end users interact the Fog network. Therefore, ensuring proper authentication with a huge number of devices simultaneously. Different mechanisms would be a suitable solution to prevent such services needs different authentication mechanisms where attacks. As Fog computing is used to provides various services if the process takes a huge time to authenticate, it would with low latency and cooperate with the edge devices as well be a challenging task with respect to real-time interaction. as cloud systems, by providing any authentication mechanism, • Latency and Scalability: In accordance with the rapid there might be a chance to raise critical issues such as latency, growth of user devices and services, it is an ambitious scalability and efficiency which needs to be handled according task to guarantee the efficiency of the authentication to the demands of the Fog computing environment. mechanism. Whenever the latency of the authentication 1) Authentication Factors in Fog computing: The authenti- process is high and incompatible with the service, scala- cation factor refers to attributes or data that can be considered bility is a big concern. to authenticate user access to a system. A legacy security • The scope of Exploitation: In the context of Fog or cloud system has a few authentication factors such as the knowledge system, there is a diversified authentication mechanism factor, which is something users know, the possession factor for various services. These authentication methods can be which is something a user has and the inherent factor which compromised or exploited by the attacker and the attacker is something the user is. In recent years, other authentication can appear to have gained administrative level access due factors have been added - location factor and time factor, along to the deficiency in the authentication mechanism. There with the old authentication factor which are as follows: might be a chance to breach the security of data, devices • Knowledge Factor: the knowledge factor is any creden- as well as the Fog network system. tials that consist of information that the user holds, such 3) Authentication Techniques in the Fog Environment: as Username, Password, Personal Identification Number Generally, users need to use various services simultaneously. (PIN) and answers to the secret questions [75]. Therefore, they need to use different authentication methods • Authority Factor: the authority factor would be any for different services where the performance of the authentica- credentials that the user can own and carry with them, tion methods are different in the context of latency, efficiency such as hardware devices like a mobile phone or a and scalability. On the other hand, the user faces lots of security token. difficulties to maintain access credentials for multiple services. • Inherent Factor: the inherent factor is generally based Authentication is the most significant issue for the security on biometric identification (fingerprints, facial, retina). and privacy of Fog computing. An authentication mechanism • Location Factor: the location factor itself cannot usually that is not secure might cause harm for the cloud, Fog JOURNAL OF LATEX CLASS FILES, VOL. X, NO. X, X X 15 and end user’s devices, which is one of the main security used in Cloudlet to simplify the authentication process [84]. concerns for Fog computing [76] as well. Therefore, different Ibrahim et el. [85] proposed a secure mutual authentication authentication techniques have been proposed for elevating method for the Fog environment, that allows authenticating security mechanisms in the Fog or cloud computing, but each any Fog user with the Fog nodes mutually in the Fog network. authentication method has come up with its own dominance The authors [86] proposed a method based on the multi-Tier and limitations. In this subsection, a few traditional authenti- authentication scheme to Secure Login in Fog Computing. cation techniques and their limitations as well as drawbacks The authors [87] mentioned that Advance Encryption Standard according to the Fog environment has been described. We also (AES) is a compatible encryption algorithm for the Fog described a few proposed solutions which meets with the Fog computing environment as it needs low hardware resources computing criteria. and fewer computations. The authors [76] demonstrated that • Password Based Authentication: In password authen- the end user devices can initiate spoofing attacks and are tication, the user must first give a password for every prone to data tampering which can be preserved with the service, and the system administrator must keep track aid of PKI, DiffeHellman key exchange and monitoring by of all usernames and passwords on the server. Password Intrusion detection techniques. Finally, the authors adviced Authentication is performed by accepting a key and pass- that the chances of such attacks can be prevented by deploying word for allowing a user into local and remote systems. a secure authentication mechanism between the Fog platform Password authentication can be categorized depending and the end users. on its strength as weak authentication, stronger authenti- • Biometric Authentication: is a technique of user identity cation, and inconvenient authentication [77]. Therefore, verification based on various biological inputs through password-based authentication has several applications scanning or analysis of some parts of the body. Biometric and it is deployed in cloud computing [78] [79] [80], but scanners scanning a user’s physical biometric characteris- it will face numerous drawbacks and limitations when it tics such as fingerprint, voice recognition, iris scan, face is considered for Fog computing: recognition, etc. Generally, biometric authentication takes – It takes an extensive computation to process. it’s place to manage access to digital or physical resources. challenging due to the limited end device resources. Biometric authentication is an upcoming technology and – In the Fog network, end users frequently commu- is already rapidly deployed in mobile computing as well nicate with various Fog nodes from different Fog as cloud computing using fingerprint authentication, face environment. Therefore, it is inappropriate to keep a authentication, keystroke-based authentication or touch- password for each Fog node. In addition, it is not a based authentication [7]. On the other hand, biometric good concept to set the most used password for each authentication techniques comparatively take a huge ex- Fog node. ecution time and its security level remains constrained – Usually, a password does not provide high secu- when high-level security is required [85]. Therefore, in rity because of numerous attacks [81], for example, accordance with the Fog computing environment, apply- vulnerability to off-line dictionary attacks. ing biometric-based authentication techniques would be a suitable solution. Although still, it has a lot of limitations • PKI Based Authentication: public key infrastructure and drawbacks - it takes more computational time during (PKI) based authentication creates and upholds a reliable the process of execution and it provides constrained networking environment by offering certificate and key levels of security when high-level security is required. management services that permit encryption and digital Therefore, to consider biometric based authentication for signature abilities between applications all in a way that Fog computing is still a research issue [7]. is transparent and easy to use. PKI offers confidentiality, authentication, integrity (CIA) and non-repudiation of In accordance with the study above, and based on different the exchanged messages. In [12], the authors described issues of authentication, this has been summarized in Table security issues and focused on authentication issues at VII. various levels of the Fog computing environment. There- fore, the traditional PKI-based authentication scheme is D. Access Control in Fog not effective in the context of Fog computing due to the Access control is a method of restrictive access to a system poor scalability. In addition, the allocation of public keys or to a physical or virtual resource. In computing, it is can be weighty due to the enormous scale of Fog nodes defined as a process by which users are granted privileges and end users. Another drawback is that, if the private for retrieving information from the system, information or keys cannot be well preserved, the security will be ruined. resources. In access control systems, individuals must have On the other hand, the Diffie-Hellman [82] key exchange legitimate credentials before access can be granted to them. based authentication scheme is not compatible with the Fog The process of access control is shown in Fig. 6 environment due to its slow and extensive computations. By deploying Access Control in the Fog network system, Balfanz et al. [83] demonstrated a user-friendly, cheap it would be possible to conserve a user’s privacy and assure and secure method to resolve the authentication issue for a both the user and system security maintain trust between the wireless networks based on pre-authentication of location- Fog, cloud service providers and users. The authors in [95] limited channel. Likewise, Nearfield communication (NFC) is highlighted a few Access Control (AC) problems in the area JOURNAL OF LATEX CLASS FILES, VOL. X, NO. X, X X 16

TABLE VII THE SUMMARY OF AUTHENTICATION ISSUEIN FOG ENVIRONMENT FROM MAJOR SURVEY PAPERS

Reference Paper Highlights/Objectives Performances and Achievements

• An efﬁcient and secure mutual authentication • Required to perform fewer hash invocations method for the cloud-Fog-edge system architec- and symmetric encryptions/decryptions. Ibrahim et al. [85] ture. • In addition, simple countermeasures have • Required to store one master secret key. been introduced. • Does not need extra overheads such as re- • Suitable and can be deployed efﬁciently to initialization or re-registration process. the Fog user’s smart device/card.

• Fog devices security can be ensured through key management and authentication schemes. • Performed low computation and communica- • Performed efﬁcient and lightweight operations. tion overheads. Wazid et al. [88] • Bitwise exclusive-OR (XOR) and One-way cryp- • Ensure high security compare to another ex- tographic hash function techniques have been isting method. considered. • Demonstrated using formal security veriﬁcation.

• Introduce a policy-based resources management • Server authentication, device authentication, Dsouza et al. [89] in Fog network. data migration authentication and instance • Support interoperability and secure collaboration authentication has been observed for the se- among various resources in Fog system. cured Fog computing environment.

• Ensure secure communications among the vari- • Performed effectively and efﬁciently. ous IoT devices. Alharbi et al. [90] • It can achieve very low response latency. • Performed challenge-response authentication • Protects the IoT system from DDoS attacks. technique.

• Can accomplish effectively and efﬁciently • Introduces anonymous mutual-authentication and improved the security and privacy in Fog Amor et al. [91] amongst the Fog users and Fog servers. network. • Cryptographic and mathematical have been per- • Can defend against various attacks such as formed to establish the session key. man-in-the-middle attack, eavesdropping and reply attacks.

• Highlighted privacy-preservation and security methods for Fog based image processing appli- • Can perform effectively and solve the issues Hu et al. [92] cations. of integrity, availability, and conﬁdentiality. • Data encryption, the authentication and session • Increases a little computation and communi- key agreement, and data integrity checking such cation overhead. methods have been proposed.

• An efﬁcient and elliptic cryptographic based mutual-authentication technique for an IoT based • Achieved less execution time. Ha et al. [93] resource constrained devices. • Suitable for resource constrained devices. • Uses Implicit certiﬁcate and key management for secure communication and mutual authentication.

• Deliberated two-factor lightweight and privacy- • Very efﬁcient computational capacity. preserving authentication method for resource Gope et al. [94] • Can performed robustly against malicious at- constrained IoT devices. tacks. • Provide resilient way of authentication. JOURNAL OF LATEX CLASS FILES, VOL. X, NO. X, X X 17

to previous models [97], such as regulating the user’s access to applications and resources by identifying the activities and the roles of users in the system [98]. RBAC authorizes the subject based on their responsibilities and roles of individual users within the Fog-cloud computing environment [99] [96] [95] [100]. Roles may vary from subject (user) to subject (user). That means in this model, the responsibility of a subject is more vital than the subject itself [101], [99]. Limitations and Drawbacks of the RBAC Model: – The RBAC model had been developed for allocating user permissions statically.

Fig. 6. A Process of Access Control (AC). – It does not consider contextual information (e.g. location, time, device constrains) and dynamic/random behavior of users. of Fog computing and classified these problems into the – It cannot cope with dynamic segregation of duties. following types: – It is coarse-grained. If you have a role called ad- • The users should be authenticated by the Fog or cloud ministrator, then you would assign the administrator system if they wanted to use the services such as storage role permission to “View employee record” (i.e it or computation, where several strategies must be used to has permissions to see all the records of employed) control access for both services and data as well. which denotes as an expansion of the role. • Security management is difficult to control, given the – It ignores meta-data of resources e.g. employee own- number of requirements. ers record. • The cloud and Fog system needs mutual access control. – It is hard to manage and maintain within a large • Access control mechanism helps to prevent attacks such administrative domain. as side-channel in Virtual machines (VMs). – Access reviews are painful, error-prone and lengthy. • Resources are very limited to both the user and Fog – Permissions accompanying each role change or devices respectively. delete is based on the change of the role. 1) Access Control Models: Access control is the best meth- Therefore, RBAC in Fog, should ensure quicker granting ods to achieve preservation within the networks, devices and access permissions and minimize the above-mentioned systems. While it helps user’s admittance in the system, access limitations and drawbacks. control also supports efficient data protection from various • Attribute-based Access Control (ABAC): This model kinds of adversaries. Conventionally, access control models is one of the latest methods of managing authoriza- (ACM) are categorized [96] into the following forms. tion. It is a talented alternative to conventional access • Discretionary access control (DAC): the object’s owner control techniques and has attracted consideration from elects access permissions to others. These models are both academia and the industry. Comparatively, recent typically used in traditional applications of cloud and developments of ABAC still leaves several unknown suffers from significant overhead costs in managing the difficulties such as delegation, administration, auditability multi-user environment. The second category abstract and scalability. requires the need of resource-user mapping. So, compared • Attribute Based Encryption (ABE): This model is an to DAC models, this model is more flexible for distributed encryption-based Access Control model and best suits ac- systems. cess control problems in the Fog-cloud environment. The • Mandatory access control (MAC): The MAC models Attribute-Based Encryption(ABE) [102] method catego- use multi-level security systems. Here, the administrator rized into two types. firstly, the encryption is based on the of the system decides who has access to the system. In key policy which is known as key policy attribute based a multi-level MAC model, both objects and subjects are encryption (KP-ABE) [103] and secondly, the encryption recognized with a security level classification (i.e. top is based on Cipher-text policy which is known as Cipher- secret, secret, classified, and unclassified). The nature text policy Attribute-based Encryption (CP-ABE) [104]. of Fog/cloud computing is outsourced, hence there is a This model can preserve data privacy and enable data need to focus on access control models which can be owners to define a desirable set of policies directly [95]. effectively applied in this computing environment. – Key Policy Attribute-based Encryption (KP- • Role Based Model (RBAC): Designing a model for ABE): Goyal et al. [103] proposed KP-ABE in the access control is a rudimentary challenge in a large scale year 2006, based on the classical ABE model and to secure mobile distributed applications and database uses one of many communications. This technique systems as there is a need to provide dynamic privileges achieves fine-grained access control with higher elas- for checking systems in the environment. RBAC is a ticity to control individuals compared to the tradi- fined grain model that offers more benefits compared tional scheme [97]. JOURNAL OF LATEX CLASS FILES, VOL. X, NO. X, X X 18

– Cipher-text Policy Attribute-based Encryption meet some criteria such as fine-grained, cryptographi- (CP-ABE): CP-ABE [104] was introduced as an- cally enforces, latency and policy management problems other alternative form of ABE. CP-ABE can provide which needs to be re-thought and considered for further fine-grained and reliable access control for cloud research. Although the end device or user device in Fog storage environment that is not trust worthy. Users computing is constrained resources. Therefore, there is can access data only if their attributes match the no need for deploying data encryption-decryption and access policies associated with the data. CP-ABE access control mechanisms at the user level. Because the works in a reverse compared to KP-ABE. In this, Fog devices are resourceful and used close to the end- the key generated is attribute user set, where the user devices. Based on these circumstances, outsourcing cipher text is fixed by access policy [97]. However, access control methods would be the more appropriate CPABE has two main drawbacks [105]: policies are solution for Fog computing. On the other hand, as we not explained using standard languages and it cannot know already, Fog computing consists of a dynamic support non-monotonic policies. environment. Therefore, the ABE-based access control Architecture of ABE : The architecture of the ABE should support creating, updating, and revoking the user method is categorized as centralized and decentralized attributes and access structures with the management of as well as hierarchical [100]. the access policies according to the dynamic behavior of – Centralized: In a centralized architecture, the keys Fog computing [95]. will be served by a central authority center for the 2) Issues and Requirements for Access Control in Fog users. Computing: To establish and ensure secure and efficient access – Decentralized: In a decentralized architecture, the control, policies must ensure confidentiality, accountability information will be shared by multi-authorized au- and integrity. However, due to the nature of the Fog computing thorities based on the policies of various organiza- environment, one should consider a few things to build a tions. secure and strong Access Control (AC) [95] [107] which are – Hierarchical: In hierarchical architecture, the scal- as follows: ability and flexibility is enhanced and assists the • Computation and Communication Latency: it indi- features of one-to-many encryption for the users. cates how long it takes for a single packet to travel Revocation Types of ABE: The revocation types are from one designated node to another node. The sender categorized into two types: attribute revocation and user considers sometimes latency as the time for sending a revocation. packet and getting an acknowledgement from the sender, – Attribute Revocation (AR): by using the AR mech- where the round-trip time is taken as latency. As Fog anism, the attribute from the user’s attributes list will computing is renowned for its faster accessibility, we be removed by the revocation controller unit. need to ensure low-latency for providing smooth services – User Revocation (UR): by using the UR mecha- to the end users. We can indemnify the low-latency during nism, a user restricts data access via the revocation processing time so that the access decision can transpire controller unit. within a reasonable time. Revocation Method: There are various revocation meth- • Efficiency: efficiency is also correlated to latency. In Fog ods to revoke a user and attributes using the ABE method. computing, there are two types of devices e.g. resource Proxy re-encryption, time re-keying, an update key, lazy rich (Smart Power Grid, Smart City, Smart Transportation revocation and LSSS matrix are the primary revocation System, E-Health etc.) and resource constrained (mobile methods. phone, smart-watch, smart-glass, etc.). The proper imple- Revocation Issue: Deploying the ABE method in cloud mentation of Access Control System in Fog computing is storage systems to control data access brings about for- still a challenging issue because of it’s low efficiency. If ward and backward revocation issues. the low efficiency occurs in a continuous manner, it can Revocation Controller: The revocation controller is result in undesirable latency, which can affects the other someone who is designated to execute the user or the parts of the network. attribute revocation method. In general, the owner of data • Generality: with the distinction of hardware and soft- revokes the attributes or the user but the data owner is ware, we need to generalize all the systems and services able to confer the revocation duties to the server or the of Fog computing. authorized entity. • Data Aggregation: in Fog computing, users are geo- Limitations and Drawbacks of ABE Based Model: : spatially distributed where Fog devices are used to collect As we mentioned before, Fog computing extends cloud data from user devices. Therefore, it is necessary to and the functionalities as well as the requirements of accumulate all Fog devices closer to the end users for re- Fog computing, which are unique. So, the access control ducing latency. The data generated from user devices will structure of cloud computing is not able to directly be meaningful or meaningless but it should be handled meet the requirements of Fog computing. However, re- intelligently and evenly. During the whole aggregation searchers [76] [106] recommended that ABE techniques process, authority changes are a critical issue for data suits Fog computing, but still needs to improve and access control. JOURNAL OF LATEX CLASS FILES, VOL. X, NO. X, X X 19

• Privacy Desecration: as it is possible to exchange data In accordance with the above study, and based on different between one domain to another domain, administration of access control method, it has been summarized into Table VIII. the decentralized architecture of Fog computing leads us to protect the privacy of data through Fog access control. E. Malicious Attacks and Threats in Fog Computing So, it becomes a critical requirement to protect the user’s data privacy. Due to the isolated deployment of Fog nodes in some places, it fails to protect countermeasures and surveillances. • Network Availability: in Fog computing, network avail- As a result, it is very easy for intruders or malicious attackers ability must be defined in such a way that when there to compromise the Fog networks through several malicious is an issue of network unavailability, access control can attacks [115]. For example, a malicious user can compromise also deliver the predefined level of functionality. a Fog node with its own generated trust values, smart meter, • Context Awareness: when multiple operations like cap- smart grid, traffic system or spoof IP addresses [12] to turing, transferring, processing and storing are running, ruin sensitive information. In this segment, we will give an access control decisions should be managed competently overview of these potential threats and attacks issues. to support all the contextual information (e.g. health 1) Potential Threats: condition, weather condition, temperature, time, traffic • Rogue Fog Node: Rouge Fog node is a one type of condition, etc.) [81]. Fog device in Fog computing environment which presents • Scalability: scalability is to facilitate the services accord- itself as a legitimate node and persuades end users to ing to the needs of the end users. In access control, connect with it. It may happen in such a scenario, scalability will provide the services that can grow or when a Fog administrator instantiates an insider attack, shrink according to the end user’s level of capacity. to identify the rogue Fog node or legitimate Fog node. For scalability, the CloudPolice [108] have proposed a Stojmenovic et al. [12] have proven that the data can be distributed solution, in which hypervisors are responsible tampered by a man-in-the-middle attack, with updated for the communication with each other to install access or collected the data either in the Fog layer or cloud control states. layer. There is also the possibility to launch additional • Resource Restriction/Constraints: in Fog computing, attacks. So, in the context of privacy and security, the the user or the edge resources are limited. So, it becomes presence of a rogue Fog node will be a potential threat tough to implement access control for Fog computing. in the Fog environment. It is not easy to detect a rogue • Policy Management: it is an integral part of Fog com- Fog node in Fog computing for various reasons. One puting architecture. So, the access control model needs to of the main reasons is the diversified trust computing be capable to support creating, invoking, releasing, and mechanism which brings about perplexed trust situations. deleting policy management. Dsouza et al. [89] developed On the other hand, we know that Fog computing is a policy-driven security management framework, which dynamic in nature, and consists of numerous devices is capable to support secure communication and resource which leads to creating, deleting, and revoking simul- sharing in the Fog environment. taneously. Therefore, for these various instances, it is • Accountability: in Fog computing, it is significant to difficult to manage the blacklisted nodes. The authors keep track of the suspicious activities of intruders. These Han et al. [116] [117] have demonstrated measurement- tracks keeping should be handled intuitively across the based models which permit a client to escape connecting administrative domains. to rouge access points (AP). Ma et al. [118] introduced 3) Access Control Domains: : In the Fog computing arena, a framework to identify the existence of rogue APs in for defining access control system the contextual domains are wireless networks. Detecting a rogue Fog node in an 1. Fog to Edge, 2. Fog to Fog, 3. Fog to Cloud. While edge IoT network is cumbersome because of the network devices are communicating and sending data to Fog devices complexity across different scenarios [10]. Nevertheless, during the time that the Fog device uses to process all the by using trust measurement-based models in the IoT data in such a way, so that, if the necessity arises, it can network, it helps to detect rogue nodes. Although this send all the processed data to the nearest Fog devices. When method is not adequate, it can be considered for limited the issues for storing data arise permanently, Fog devices security protection. are able to send all the data to a data warehouse or cloud • Fault Tolerance: Fog computing is an emerging dis- storage. Therefore, process/store identity and access data in tributed computing platform which consists of a huge the Fog/cloud computing by first ensuring secure Fog/cloud collection of numerous devices which is widely geo- access control. Ensuring access control in the cloud/Fog envi- distributed and heterogeneous. Therefore, there might be ronment is a crucial technique to enhances the user security. high chance of failure of devices, as compared to cloud In this scenario, end-user/data privacy, faster communication computing. Fog computing is dynamic in nature, whereby and computation, network and communication security, etc. the Fog nodes or IoT devices connects or disconnects Such requirements shall be applied for the above-mentioned to a Fog layer over and over. Because of this behavior, domains to enable the proper access control system. For this, there might be a chance to bring about unexpected all the primordial access control models are being advanced faults and failures in the Fog environment. Therefore, in accordingly. these circumstances, the Fog computing platform should JOURNAL OF LATEX CLASS FILES, VOL. X, NO. X, X X 20

TABLE VIII THE SUMMARY OF ACCESS CONTROL ISSUEINTHE FOG ENVIRONMENT ACROSS MAJOR SURVEY PAPERS

Reference Paper Highlights/Objectives Performances and Achievements

• Perform heavy computation operations of encryption and decryption within a very small • A promising CP-ABE based access control for a and constant time period. Fog computing environment. Zhang et al. [109] • Less computation cost and efﬁcient attribute • Outsourcing and attribute update capability. update. • Encryption and decryption are outsourced. • Suitable for resource-constrained IoT devices.

• Secure and performs effectively and effi- • Fog based decentralized Multi-Authority attribute ciently. based data access control. • Ensures secure communication from un- Vohra et al. [97] • Also based on CP-ABE method. trusted devices on the Fog network. • Performs fast offline-online encryption and par- • Achieved authentication, access control, ver- tial decryption method. ifiability and confidentiality.

• A distributed multi-tenancy approach access con- Popa et al. [110] trol. • Simpler, scalable and robust techniques. • Access control only suits in infrastructure levels • Requires extra processing power. - as physical hosts and hypervisors.

• CP-ABE based multi-authority data access con- • User and attribute revocation can be per- trol scheme in Fog-cloud computing systems. Fan et al. [111] formed efﬁciently. • Outsourced encryption and decryption computa- • Secure and highly efﬁcient scheme. tions.

• A hybrid and ﬁne-grained access control solution. • Most of the decryption process can be out- • Efﬁciency of data access is improved. sourced. • Key management cost is greatly reduced. Xiao et al. [112] • Secure and suitable in the Fog computing envi- • The limitation and drawbacks of this method ronment. is it can be applied only in centralized archi- • Perfectly applicable for resource-constrained IoT tecture. devices and applications.

• Fine-grained access control and privacy is provided for Fog computing. • Highly secured and ﬁne-grained access con- Yu et al. [113] • Can also guarantee security across side channel trol. attacks. • Fully secure leakage-resilient functional en- • leakage-resilient functional encryptions frame- cryption schemes have been presented. work have been developed.

• Access control mechanisms proposed for Fog computing and ad-hoc MCC. • A generic access control solution with fea- • Focused on measuring the system overhead with Zaghdoudi et tures robust and scalable. different metrics. al. [114] • Take overhead with the increase of nodes in • A different size of networks, different hash func- the network. tion, and a variable responsible nodes percentage such metrics considered. JOURNAL OF LATEX CLASS FILES, VOL. X, NO. X, X X 21

provide all the necessary services without interruption attacker, it is a very serious and potential threat for if there is a failure occur in individual Fog devices, the Fog network environment. The authors [31] mention networks, applications, and services platforms [119]. Be- various unique security threats in their research, which cause Fog applications should be capable to instantly might occur in the IoT and Fog environments. For de- turn to other available nodes via some inbuilt mechanism livering services to the users, the received data from the if the services in an area become unusual. To mitigate IoT devices will be processed by Fog nodes. If some these issues, standards should be applied. Stream Control Fog nodes are compromised by any intruders, it is a Transmission Protocol (SCTP) is such example that can problematic task to ensure the security of the data. One deal with such events and packet reliability in wireless possible solution would be, by establishing trust between sensor networks [120]. Fog nodes themselves. In this case, an authentication In general, fault tolerance ensures the availability of mechanism is mandatory for ensuring secure, trusted devices or applications in the event of a failure to communication. Therefore, Fog nodes cannot manage provide uninterrupted services. Nevertheless, on the basis each other, so that it needs to trust only the cloud for of what service is being used, fault tolerance will change authenticity. Sequentially, after being authenticated by the according to one’s role and management privileges. In the cloud, it should be placed in a Fog environment to process cloud computing environment, fault tolerance is handled heavy data. However, they are not able to give a suitable by applying three techniques - proactive, reactive and solution for this attack. Li et al. [131], carried out research adaptive [121]. and presented a solution. Proactive fault tolerance policies refer to an escape res- It is vital to identify malicious Fog devices in Fog cue from faulty components by anticipating and replacing computing. Due to the lack of resource and edge devices, the failed components before it takes place. it is difficult to deploy proper authorization mechanisms Reactive fault tolerance policies refer to the decrease between Fog nodes and edge devices. So, it is hard to in the influence of faulty components when the failure prevent all attacks completely because of granting a few occurs. In Adaptive fault tolerance, where the procedure privileges and processing of the data. Sohal et al. [132] is carried out according to the situation automatically. tried to solve the problem by using intrusion detection There are numerous fault tolerance techniques which and virtual honeypot devices by introducing a Markov are often used in computing [122] [123] [124] such chain based framework. as Replication, Job Migration, checkpoint, self-healing, • Man-in-the-Middle (MITM) Attack: All data traffic Rescue workflow, Safety-bag checks, Task Resubmis- passing through is protected through secure transmission sion, Software Rejuvenation, Masking, Preemptive Mi- channels between Fog nodes and edge devices in Fog gration, and Resource Co-allocation. Nevertheless, in computing. During this communication process, a user’s this paper, fault tolerance is mostly discussed based data will be snooped or impersonated by an external on the cloud computing environment as Fog comput- malicious attacker prior to performing a global concealing ing is a new computing paradigm. In recent research process in the Fog node. Such a scenario correlates works [125] [126] [127] [128] [129], the context of cloud with the MITM attack. In a MITM attack, a perpetrator computing in such a scenario was discussed. Therefore, secretly relays and manipulates the data during commu- fault tolerance in Fog computing is still a research task. nication between two parties. Hence, MITM is a potential In order to provide a reliable and robust Fog comput- attack method which can be used as a typical attack in ing environment, failure handling of services should be Fog computing. In Fog computing, an attacker can carry effectively considered. out sniffing or disrupt the packets between Fog devices. 2) Malicious Attacks: Fog computing comprises various As mentioned earlier, in Fog computing, all devices are IoT or edge devices and collects the data from these de- resource constrained. By having this problem, it is be- vices by accomplishing latency conscious processes. Identi- comes a challenging task to deploy secure communication fying malicious nodes is a complex task in the Fog envi- protocols and encryption-decryption methods amongst ronment [130]. As we know, Fog computing is a miniature Fog nodes and IoT devices [76]. Stojmenovic et al. [76] of cloud computing, as such, almost all types of malicious proposed an authentication method which can possibly attacks, which affected a cloud environment can also affect avoid MITM attack. To mitigate MITM attacks, the Fog computing. For Example DDoS (Distributed Denial of anomaly detection is hardly applicable in Fog computing Service), MITM, sniffing, side channel attacks, DoS (Denial of because these methods were being used in traditional Service), malware injection, and authentication attacks attack cloud computing. Therefore, to mitigate MITM attacks are few of them. Therefore, in these circumstances, without in Fog computing, a compatible solution still offers a an appropriate prevention mechanism, it can severely damage challenge, which can be considered for further research. the competency of the Fog system or network. In this portion, • Distributed Denial of Service Attack (DDoS): In the we are going to expose a few malicious attacks which might modern epoch, Distributed Denial of Service or (DDoS) occur frequently and affect the Fog environment. is one of the most renowned and challenging threats • Attacks from malicious Fog nodes and edge devices: for cyberspace and other online services. As Fog nodes As Fog nodes are compromised easily by any malicious are made up of limited resources, it is troublesome to JOURNAL OF LATEX CLASS FILES, VOL. X, NO. X, X X 22

manage a huge amount of requests simultaneously. When control to restrict them as well as to give protection from a malicious attacker or intruder initiates a bunch of inap- sophisticated attacks [139]. Another solution could be propriate service requests towards the targeted device, or user behavior profiling, where the system keeps track of tries to spoof multiple devices concurrently using the IP the amount of user data access and the duration of data addresses, the Fog node will be occupied for a longer use. Hence, the system can identify anomalous activities span of time. Therefore, all the legitimate services of of end users, which can be used to detect malicious Fog devices will be inaccessible for legitimate users. attacks. In this case, the authors Stolfo et al. [140] have As opposed to, Fog nodes which go on to compromise proposed a new approach to assure the security of cloud themselves and get used for generating DDoS attacks. A computing by using user behavior profiling and decoy different plane of the Fog environment can be affected technology. There might still be few issues [45] which by this kind of attack. Recently, malicious attackers have arise, on how to deploy the decoy in Fog networks been able to compromise online home-automated smart and how to develop an on-demand decoy information to devices to execute a DDoS attack against popular online reduce the portion of stolen data from being lost. websites such as Twitter, Paypal and Reddit. After these • Physical Attacks: In traditional data centers, physical attacks, all of these websites were severely affected. security is being provided by on site security staff. On Hackers have been trying to use internet-connected home the other hand, by applying complex measures e.g. card automated equipment, such as Closed Circuit Television punch, thumb impression, and retina scanning, physical (CCTV) cameras, printers, refrigerator, etc. to perform access control can be deployed much more convincingly. DDoS attacks on popular websites, such as Twitter, So, these issues are related to certification and audits to Spotify, PayPal, SoundCloud and Reddit [133] [134]. In derive the necessary physical security measures which are accordance with the Fog network system, all smart ob- required to meet the set standards. Basically, Fog nodes jects which are connected consists of more computational are widely distributed across various environments. Due power and they have the ability to perform various tasks to point, it is impossible to implement traditional physical concurrently. As compared to traditional DDoS attacks, in security measures in the Fog computing environment. For Fog computing, various Fog devices apply DDoS attacks example, physical security measures can be applicable to which will become much more severe. Therefore, it is not place the edge box at the top of the streetlight’s pole, possible to mitigate a DDoS attack completely in the Fog which should be hidden from eye level as well as being computing environment. At the present moment, we can surrounded with a fire-resistant coating to keep it safe only monitor them. Under these circumstances, current from vandalism. There is a lower probability of physical DDoS issues may need new thinking and further research attacks at the software level which enables the scope of which will classify DDoS issue much more precisely in theoretical attacks. the context of the Fog computing environment. In accordance with the study above, and based on different issues regarding threats and attacks related to the Fog, it can be • Malicious Insider Data Theft Attack: According to summarized in Table IX. The focus of this study is to address the three-plane architecture of Fog computing, cloud auditing issues to secure the Fog computing environment. The computing is correlated to Fog computing. Hence, we following section discusses security auditing issues in Fog. should be conscious of all the malicious attacks which occur in cloud computing frequently. One severe attack in cloud computing could be a malicious insider attack F. Security Auditing in Fog for data theft purposes. On common terms, the end users In the traditional computing environment, it is often es- will have to trust the cloud service provider despite being sential for technology experts to perform various security aware of this threat. It happens due to the deficiency tasks such as examining security configurations, regulating of cloud service provider’s authentication, authorization, potential vulnerabilities and constructing new security config- and audit controls which allows attacks to spread out urations with respect to every organization’s own security poli- across the cloud system. In this regard, a few incidents cies [145]. On the other hand, it is getting much harder when have occurred which compromised corporate data, for new computing paradigms like Fog computing are considered. example, Twitter’s personal hacking [135], [136] as Traditionally, organizations can enforce their access control well as the account hacking incident of U.S. President policies according to its employee’s roles and responsibilities, Barack Obama [137] which was exposed as a malicious which is actually a challenging task for most administrators. intent to steal a user’s credentials. The authors Rocha et Therefore, this challenge will be much more difficult in a al. [138] revealed that a malicious insider can gain access Fog computing environment where security policies can be to the user’s data easily in a cloud computing system. deployed across a huge number of devices residing at the edges The attackers carry out their attacks which are generated of the Fog network. Security administrators need adequate from within cloud service providers. Therefore, the end knowledge to accomplish multifarious administrative tasks. user is not able to detect unauthorized access. There are Therefore, in this section, we discuss the various issues of diversified approaches which would be useful in order to Fog computing security auditing. secure data from faulty implementation, misconfigured Why is security auditing important for Fog? service bugs in code by using encryption and access Fog computing is the latest computing paradigm in the modern JOURNAL OF LATEX CLASS FILES, VOL. X, NO. X, X X 23

TABLE IX THE SUMMARY OF THREATS AND ATTACKS ISSUES IN FOG ENVIRONMENT FROM MAJOR SURVEY PAPERS

Reference Paper Highlights/Objectives Achievement and Limitation

• An authentication scheme has been proposed to mitigate such attacks. • Encrypted communication method may not Stojmenovic et • Managed to conduct a MITM attack. work always to protect from this kind of al. [76] • This attack is very stealthy and dangerous. attacks. • On the other hand, complex encryption and decryption techniques are not always compatible due to resource limitation.

• Ensure the integrity, conﬁdentiality, and availability of data. • Fog based storage technology to mitigate the • Attackers unable to get any information about Wang et al. [141] cyber threat in the cloud. data by using data fragment. • Data stored separately in the Fog server as well • Can protect the conﬁdentiality of the user’s as in the cloud storage. data better than traditional ways. • This approach is safe and feasible for cloud storage.

• Fully automated and Fog node ransomware de- Homayoun et • Detect and identify the ransomware within tection techniques for the Fog layer. al. [142] very short time execution of an application. • Deep learning techniques can be applied.

• A practical, timing based method for the end Han et al. [116], • The presence of fake Fog nodes or rogue Fog users to avoid connecting to rogue Access [117] nodes is a serious threat to the Fog network. Point.

Stolfo et al. [140] • Decoy technology and user behavior proﬁling • Mitigating insider data theft attacks. have been used for disguise detection. • Securing personal and business data.

• A framework which uses three technologies such • Proposed system is able to identify malicious as an IDS, a Markov model, and a virtual hon- Fog nodes in Fog. Sandhu et al. [130] eypot device (VHD). • Successfully identify the malicious devices • Edge device classiﬁcation depends on level of and also decreases IDS false alarm rates of damage and frequency of attacks. IDS.

• Smart data approach has been used to build • Lightweight and distributed IDS system based on a lightweight and efﬁcient IDS for the Fog Hosseinpour et an Artiﬁcial Immune System (AIS). platform. al. [143] • Three-layered structure that includes the Fog, • Can detect silent attacks such as botnet at- cloud, and edge layers. tacks in IoT-based systems.

• Security system based on Fog that defends the IoT system from malware attacks. • Able to ﬁlter malicious attacks effectively Alharbi et al. [144] • Proposed challenge-response authentication to while response latency is very low and net- protect IoT systems from further from DDoS work bandwidth consumption is low. attacks. JOURNAL OF LATEX CLASS FILES, VOL. X, NO. X, X X 24

Fig. 7. Life cycle of Security. computing world. The life cycle of security is shown in Fig. 7. Fig. 8. Risk level from user to system The risk level from user to system is shown in Fig. 8. In spite of its substantial growth, there still remains lots of barriers for much more widespread adopting of Fog computing services Fog computing provides several security and privacy concerns due to security issues. Lack of auditability is a primary security for the cloud and traditional computing as well as its own concern in the Fog computing environment. security flaws. In the Fog environment, there are extensive In the following section, we discuss several key aspects of amounts of devices, applications and resources which exist Fog security auditing. simultaneously and communicate with each other within a Why is traditional security auditing not enough for the geographically distributed environment. Therefore, there exists Fog? a high opportunity for rapid security and privacy vulnerabili- Fog computing has come up with numerous features and it is ties. There are many security demonstrations which exists for strongly dynamic in nature. All communication processes, data traditional or cloud computing, but these demonstrations are transmission, data analysis, user authentication, and resource not predominantly well-suited with respect to Fog computing. management can be automated and dynamic with real-time With the help of auditing Fog security configurations, we can operation. According to the nature of Fog computing, its mitigate these security issues as well as privacy-related issues security auditing process would be dynamic and within a for Fog nodes or Fog computing devices. Auditing security real-time process. However, the existing traditional security measures are a way of examining for infringement which auditing standards and the manner of auditing is very manual, potentially exposes the vulnerability of a system. where a technology specialist team or group of individuals So, when one focuses on Fog based auditing, there is a need perform their auditing processes using their traditional auditing to see these concern as core to the overall approach: standard. The traditional approach is only applicable within a • To minimize or mitigate risks introduced by Fog small environment or with limited resource. However, it is • To identify new threats and defend them a problematic approach because this approach provides only • To evaluate the efficiency of security controls related to limited support to make an evaluation and the quality of the Fog audit heavily depends on auditor’s knowledge and experience. • To continuously improve policies, processes, procedures In such cases, several difficulties can be anticipated. and tools 1) Security auditing expert’s knowledge can be inadequate • To perform knowledge based dynamic periodic auditing or inappropriate. processes 2) To correctly configure out the Fog system’s security, 1) Criteria and Current Solutions: Parkinson et al. [146] many organizations or users, find it cumbersome because proposed a novel Graph-based Security Anomaly Detec- of the extensive expenditure to hire security professionals. tion (Graph- BAD) approach that translates the object-based Therefore, a software-based automated auditing system, security configurations into a graph model. Another tech- which can perform on a real-time basis, would be the best nique which was developed can identify vulnerabilities au- suited solution for the Fog computing environment. tonomously and perform security auditing of large systems How does Fog security auditing help to mitigate security without the need for expert knowledge. breaches and privacy concerns? Bleikertz et al. [147] proposed an algorithm to audit the JOURNAL OF LATEX CLASS FILES, VOL. X, NO. X, X X 25

configuration network’s security and the policies of the multi- • Payment Card Industry (PCI), Data Security Stan- tier cloud architecture using Amazon’s EC2 public cloud. dard (DSS): PCI Qualied Security Assessor cloud sup- Wang et al. [148] proposed an auditing system for data plement which is sponsored by PCI DSS storage security by implementing a privacy-preserving auditing • Basel II, ITIL, SANS(www.sans.org), (ISC)2 framework protocol using homomorphic authentication and random mask (www.isc2.org), etc organization which can audit and techniques for the preservation of privacy against TPA. It can manage the levels of IT security risks. audit without requiring to have the knowledge of the user’s To be effective, the above-mentioned security audit stan- data contents. A batch auditing protocol was also introduced dards must confirm to a vast number of security concerns in the in this study, which can be used to complete multiple auditing traditional computing or cloud computing paradigm. However, tasks across different users at the same time via TPA. A public using these traditional auditing standards and frameworks in auditing system contains four algorithms such as, KeyGen, the Fog computing environment will not be well suited because SigGen, GenProof, and VerifyProof. KeyGen is run by the user all of these auditing standards and frameworks which are to set up the scheme, and to generate the required verification manual approaches. They can only provide limited support metadata, of which Siggen is used. GenProof is executed to make an evaluation and the audit’s quality heavily depends by the Cloud Server to provide proof of the data storage’s on an auditor’s experiences and knowledge which could be correctness. VerifyProof is run by TPA to audit the proof from problematic, whereas the Fog environment is mostly dynamic Cloud Server. and distributed across a large scale geographically. Therefore, Cong et al. [149] recommended a set of characteristics for software based automated auditing standards and frameworks public auditing systems with the aim to focus on data storage which can perform real-time approaches would be best suited security in public cloud. for the Fog computing environment. Shah et al. [150] proposed several public auditing protocols The principal necessity to introduce cooperative context which helped not only to check data integrity from the service aware tools is extensively approved, and actions are being provider, but also fraudulent customers. Privacy preservation taken at the state level. Several studies have suggested how is achieved through zero-knowledge, and by concealing data software tools can be used to extract meaningful knowledge to contents from the auditor. Yang et al. [33] reviewed several aid security configurations, auditing, and digital investigations current works on data storage security auditing service in cloud [154]. Therefore, such tools are context-dependent, in that computing. Mohammed et al. [151] proposed a secure protocol their functionality is conducted to identify threats that are by a Third Party Auditor (TPA) that ensures the data integrity expected. The only limitation of these tools is that each one in Fog computing. The main drawback of this method is that requires different knowledge and skills to translate their output the user has to depend on a third party. There should be trust to obtain an understanding of why this extracted knowledge between the Third Party Auditor(TPA) and user. is significant [155]. Security auditing can be performed in an 2) Existing Security Auditing Standards and Frameworks: automated fashion by using Blockchain technology. The next Implementing security governance and auditing frameworks section discusses Blockchain technology and what has been may support organizations to conduct and manage their done so far in Fog using Blockchain technology. own security risk levels. Various organizations or technology groups have created renowned frameworks and recommenda- V. BLOCAKCHAIN TECHNOLOGYIN FOG tions based on the traditional computing or cloud computing standards [152], [153] which are globally used. Therefore, The Blockchain is more than a database technology. Theo- the most popular and renowned security audit standards and retically, a Blockchain is a ledger of the distributed database frameworks are as follows: that can be programmed continuously to record a list of data. Blockchain is probably Bitcoin’s major innovation foundation • Service Organization Control (SOC) 2: which is con- for a new decentralized and distributed system. Recently, sidered for auditing outsourced services sponsored by the Blockchain technology has been implemented across many American Institute of CPAs real-time systems [156]. Blockchain is an evolving technology • ISO 27000 standards - ISO 27001:2005 and ISO to build a secure, scalable and openly coordinated platform 27002:2005 : Traditional security audits sponsored by globally, which is not limited to currency or financial systems. ISO Fog with Blockchain is shown in Fig. 9. • CobiT (Control Objectives of Information and related Technology): sponsored and introduced by ISACA(Information System Audit and Control Associa- A. Security Features of Blockchain Technology tion, www.isaca.org) and ITGI (IT Governance Institute, Blockchain technology has its own strong security be- www.itgi.org). It is the most renowned and extensively cause there is no possibility of shutting down the system. A accepted information technology governance framework. well-known cryptocurrency - Bitcoin, was implemented using • NIST (www.nist.org) 800-53 revision 4: Federal gov- Blockchain technology. However, the financial system was ernment audit sponsored by the National Institute of still hacked, of which it has never been subjected to before. Standards and Technology (NIST) The main strength of Bitcoin is its use of the Blockchain • Cloud Security Alliance (CSA): Cloud-specic audit network which is protected against attacks and threats by using which is presented to cloud security auditing terms spon- multiple nodes which are committed to a single transaction by sored by CSA a consensus algorithm on this network. The transaction within JOURNAL OF LATEX CLASS FILES, VOL. X, NO. X, X X 26

Blockchain includes digital signatures. Currently, Blockchain uses the ECDSA public key algorithm to generate a digital signature. Blockchain prevents a single point of failure because it is a distributed system. It uses a hash function for block generation, of which currentlyit uses the SHA-256 hash function. Some of the main features of Blockchain are as follows: • Increased Capacity • Strong Security • Immutability • Faster Settlement • Decentralized System • Offers encryption and validation • Virtually impossible to hack • Can be private or public • Minting Fig. 9. Fog with Blockchain

B. Role of Blockchain to Improves Security in Fog of development. For example, in a distributed computing The Blockchain technology was introduced for the secured environment it is a fact that how to protect its transactions cryptocurrency application Bitcoin. A realization soon dawned and network resources with an evenly distributed security amongst many researchers that it possesses great security architecture is a challenge. It builds a kind of mesh network features which can be utilized in many real-world distributed where every Fog node takes part based on their strength. Due applications (e.g. Cloud, and Fog computing). Security has to the distributed architecture of Fog computing, it is highly become a key stumbling block toward the widespread adoption required when trust and security must be distributed. This is or implementation of Fog. Therefore, security concerns in Fog particularly significant where the Fog infrastructure, layers and computing can be improved using Blockchain technology 1 2. 3 Fog nodes are managed and owned by diversified entities. However, a significant question arises in managing trust in • Mitigate single point of failure a distributed and decentralized manner amongst participants • Highly encrypted network transactions that do not need mutual trust. Blockchain technology in reality • Node status tracking capabilities is built for this kind of challenge. Blockchain consensus algo- • Immutable Technology rithms have a suitability issue with regards to Fog applications. Blockchain can mitigate various threats and attacks in Fog For instance, “Proof-of-Work” (PoW) consensus needs a huge such as the man in the middle attack, DDoS attack, and data computing capacity in order to solve a complex mathematical tampering 4 5 6 7. puzzle, so Fog devices are unable to host this mechanism. But there are plenty of other protocols such as “Proof of Stake” C. Blockchain between Fog and Edge Environments (PoS) which is susceptible to running on Fog nodes with a Fog computing is a decentralized distribution system which similar capacity. aims to make cloud computing faster by creating data hubs or mini data processing centers which are hosted in smart D. Recent Works that Used Blockchain for Fog devices. Basically, they accomplish a less demanding task and Tuli et al. [157] developed a framework which was based reduce the communication between the cloud and the end user. on blockchain for the edge-Fog computing environment. This Fog allows performing resource-constraints and short-term framework applied blockchain, encryption techniques and au- analytics near to the edge of the network, whereas the cloud thentication which can perform secure operations across sensi- accomplishes resource-intensive and longer-term analytics. tive data. Although this framework is a lightweight and based Fog computing faces enormous challenges and there are on a cross-platform, it has a few limitations and drawbacks constantly various issues which arise during its primary stages because it takes comparatively higher computational overhead 1https://securitytraning.com/how-blockchain-can-improve-iot-security/ to carry out large scale deployments. 2https://businessinsights.bitdefender.com/blockchain-improve-internet-of- Sharma et al. [158] introduced a new and efficient dis- things-security tributed blockchain cloud model based on three emerging tech- 3 https://blogs.cisco.com/innovation/blockchain-and-Fog-made-for-each- nologies: blockchain, Fog Computing and Software Defined other 4https://bdtechtalks.com/2017/01/11/how-blockchain-can-improve- Network (SDN). This model was presented to support high cybersecurity/ scalability, security, high availability, resiliency, real-time data 5https://cybersecurityventures.com/how-blockchain-can-be-used-to- delivery and low latency. improve-cybersecurity/ Jeong et al. [159] proposed a blockchain based secure Fog 6https://securitycurrent.com/four-ways-improve-security-blockchain/ 7https://www.esecurityplanet.com/network-security/blockchain- computing system. Their system can defend against various security.html attacks such as IP spoofing, Sybil attacks and single points of JOURNAL OF LATEX CLASS FILES, VOL. X, NO. X, X X 27 failure. This system used the Blockchain method to guarantee and in real time. Xage ensures that with the combinations secure authentication and non-repudiation. It can also perform of Blockchain and encryption that more nodes mean more when a Fog node is down. security, not less. Samaniego et al. [160] investigated the idea of virtual software-defined IoT components known as virtual resources VI.RESEARCH CHALLENGESAND FUTURE RESEARCH in combination with the use of blockchain technology. DIRECTION Dorri et al. [161] introduced a secure, private and In this section, we are going to present and highlight a lightweight blockchain-based technology for the resource con- few significant and considerable issues which are challenging straints related to IoT devices which can handle most security tasks for Fog computing to cope with in cloud and edge and privacy threats. It uses different kinds of blockchains based environments. Finally, we provide a synopsis of probable on the network hierarchy and uses distributed trust methods research directions based on the existing research challenges. to assure a decentralized topology.

A. Trust Management E. Blockchain Oriented Startups in Fog and IoT Environments Identification of trusted Fog nodes is a challenging task in OpenFog Consortium is one of the most well-known the Fog platform. Usually, a Fog node is trusted or untrusted Blockchain oriented startups in the Fog environment. The can be identified by its malicious behavior. But in this case, OpenFog consortium is in the process of building a compos- the malicious nature is not defined earlier-on for a Fog able and interoperable framework for Blockchain in the Fog node. Therefore, it is significant to define and categorize all distributed system. That implies that the various entities in malicious characteristics in the Fog system. The Fog system the system that do not trust or are even known to each other can be susceptible to regulate if a Fog node is trusted or still provide a meaningful consensus algorithm which is able untrusted. Hence, it is mandatory to enhance trust and after to make decisions in a Fog oriented distributed system. The all an exalted trust management model is highly required. autonomy which is one of the eight pillars of OpenFog, is Another challenging research issue is, combining both dis- supported by the Consortium’s work. tributed and centralized environments which is must and im- Recently, there have been multiple Blockchain oriented portant in the context of cloud-Fog-IoT environments. There- startups which have joined the OpenFog Consortium [162] fore, a centralized trust management is required for the IoT they are as follows: environment and it would be possible by using a Fog platform. • iExec: It Is the first Blockchain-Based Decentralized Hence, it’s still a research issue. marketplace for Cloud Computing. It provides distributed Moreover, trust management in Fog platform is entirely applications that are secure, easily accessible and scalable different compared to the cloud computing platform due to to the services of computing resources for data-sets that the distinctions of the cloud and Fog platform architecture are needed as well as the systems running on Blockchain and services offering mechanism. As mentioned earlier, Fog (DApps). is widely distributed, on the other hand, cloud is centralized. • KeyChain: A new Global Blockchain-based data secu- In that case it is easier to deploy trust management in the cloud rity infrastructure. It provides secure decentralized data environment because the cloud platform has its own in-place authentication for the enterprise, finance environments, security infrastructure, whereas the Fog platform is more open, industries, and IoT. and the in-place security mechanism is absent. As a result, • Aetherworks: Brings original, high-quality technologies the Fog is vulnerable to malicious attacks. In addition, trust in to the market and provides original software for dis- the cloud environment is unidirectional, whereas trust in the tributed systems, including Fog computing and software- Fog environment would be bidirectional in nature. The Fog defined storages. node and the IoT devices must maintain a trusted relationship • Hyperchain: Provides an enterprise-level Blockchain between one another before their interaction, as it is highly network-based solution for government agencies, supply required in the Fog platform. Hence, designing a bidirectional chain, data trading, fraud prevention, and securities. It trust model in the context of Fog and the IoT platform is a also supports enterprises to rapidly deploy, expand and challenging task as well. configure Blockchain networks based on the Blockchain cloud platform. • SONM: Provides infrastructure and can run any decen- B. Privacy Assurance tralized application (Fog application) or host Blockchain- The Fog nodes hold sensitive or private information of users, based services. It also provides Fog computing distributed as the Fog nodes are placed in the proximity of the end cloud computing services such as IaaS and PaaS, which users. Therefore, it is a challenging issue to assure trusted are secured by Blockchain. communication and make a secure computing environment • Xage: The foremost Blockchain-protected security tool between the Fog and IoT devices. In such a case, we can for the industrial IoT. Traditionally, more points of se- consider encrypting the user sensitive data before sending it curity vulnerability arise when there are more nodes and to the Fog nodes. It is not viewed as a proper technique more connections. Moreover, the centralization technol- in the context of IoT devices, since conventional encryption ogy prevents industrial systems working independently and decryption mechanisms need much computational power, JOURNAL OF LATEX CLASS FILES, VOL. X, NO. X, X X 28 whereas the IoT devices faces challenges to encrypt and D. Access Control decrypt the user’s sensitive data due to the resource constraints In terms of the authentication mechanisms, there has not of IoT devices. been much research work about access control methods in In another context, a single Fog node can manage sensitive the Fog computing environment. However, plenty of work data which comes from different Fog users or across different has been done in this field. Therefore, we still need to be applications. Therefore, there might be a chance to mix up able to accomplish an efficient design to draw the right kind different sources of data after the data aggregation step. In of potential access and control model, with the intention to such a case, enforcing proper data encapsulation techniques facilitate a secure platform within the heterogeneous devices at the Fog API or middleware level would be the solution. in the Fog environment. Hence, more research is needed. In the description section of access control, we mentioned Another challenging issue is to provide context-aware ser- a few access control models, describing their various features, vices in the Fog environment to the end user devices which characteristics and in the context of the Fog environment, we are often involved in sharing sensitive resources such as also highlighted numerous drawbacks and limitations. Many location, as well as others personal information amongst researchers have mentioned that Attribute Based Encryp- other geographically connected devices. Therefore, in such tion(ABE) would be suitable as a method of owning access to a scenario, it is highly required to ensure data protection is control in the cloud, Fog and IoT environments. Because of present. Hence, providing the identity and location privacy in the heterogeneous characteristics of the Fog system, the ABE the Fog environment is a challenging task. method should be reconstructed in order to mitigate the major challenges (Latency, policy-management, fine-grained and enforced by the cryptographic method) amongst the Cloud- C. Authentication Fog-IoT computing environment users. On the other hand, in the Fog system, data originates, is It is an obvious fact that strong authentication and secure encrypted and decrypted by miniaturized devices with low communication protocols in the Fog platform are missing. computational powers. In such a case, deploying access control It is a rather alarming message for the research community. mechanisms in that devices would be a burden and would There has not been much research about the authentication need heavy computational powers to process the access control mechanism in the area of Fog computing. Although, several mechanism. Meanwhile, Fog devices are being placed near end researchers have already proposed several solutions which we devices. In addition, Fog devices are much more computation- described earlier in the taxonomy section. However, those ally powerful than end user IoT devices. Therefore, to over- solutions are still not able to cope with the Fog platform. come the limitations of IoT devices, an outsource capability Therefore, to design and develop a new authentication method lightweight ABE based access control would be compatible for Fog computing, one must consider the following criteria with the Fog environment. As opposed to, Fog computing, and how that it can cope up with the Fog platform smoothly. which is dynamic in nature, there are numerous devices which join and leave simultaneously in the Fog network., So, the • Authentication mechanisms must be compatible with the access control policy and attributes of the users would be Fog user, end devices(IoT devices), application services changed according to this dynamic characteristic. Therefore, it and Fog Service providers on the cloud-Fog-IoT platform. is highly required that ABE-based access control mechanisms • Conventional authentication mechanisms are inefficient, must have the capability to assist in creating, updating, as and there is a necessity for a secure, environment-friendly, well as revoking the attributes of the users. With ABE based efficient, and scalable solution to cope up with extensive access control, designing the revocation process would faces amount of IoT devices which has limited resource to new challenges, and how Fog collaborates with the cloud facilitated scalability and efficiency. environment during the revocation process would need to be • Security and performance are both highly required in part of further research. terms of different contextual devices and applications. Therefore, to design a new access control method for the • Must meet the dynamic behavior of the Fog environment, Fog platform, one must consider a few characteristics which where Fog nodes dynamically leave and join frequently are as follows: in the Fog network. • Must ensure low complexity-based authentication in • As we have mentioned earlier, Fog is a fully virtualized terms of scalability of the Fog network. platform by nature and it provides diversified environ- • Ensure smooth authentication and re-authentication meth- ments for the Fog network. In this case, there might be ods in a dynamic manner. a chance in which a side-channeled-attack occurs due • Design an efficient authentication method, of which a to the nature of sharing resources amongst untrusted cryptographic lightweight encryption algorithm should be tenants. Therefore, it is a significant concern in terms considered between the Fog system and the IoT devices of designing an access control method which must be that can easily cope with the low processing power of capable to synthesize within the virtualized platform and IoT devices. multitenant environment efficiently, and securely. • Authentication should be less costly, as well as provide • Access control should be secure and efficient for the Fog high usability and in return should be user friendly. environment computing on the basis of multi-authority, JOURNAL OF LATEX CLASS FILES, VOL. X, NO. X, X X 29

as well as attribute-based, considering low computation represent the significance of special provisions for Fog security with outsourcing capabilities as well as attributes have auditing in current or evolving security auditing standards. the means to control user revocation capability. Challenges: • An access control method should be lightweight and fine- • The Fog computing landscape is dynamic and consists grained due to the resource constraints suffered amongst of huge resources, where traditional data encryption or IoT devices. decryption needs heavy computational overhead. • An access control method must be capable to perform in • Without proper technological support, it is challenging to both centralized and distributed architectural environment manage extensive amounts of different contextual data. accordingly. • To identify new security threats and defend against those threats is also a challenging task • Fog computing brings easy accessibility to our work E. Threats and Attacks and personal lives, but with that accessibility comes new As we mentioned earlier, Fog computing faces various security risks and challenges security and privacy issues. Due to the distributed nature and • Understanding the different contexts of the Fog com- extensive amount of devices connected with it, often, there puting environment is important. Different contexts with might be a chance for a threat or an attack to occur. In regards to the environment’s security issues would bring the description section, we have already highlighted several about different. threats and attacks and their impact in the Fog environment. Questions: Detection, identification and mitigation of these threats and attacks would be a challenging task in terms of the dynamic • How to encrypt or decrypt data and how to access that Fog computing environment. However, in order to build a data simultaneously? reliable and trustworthy Fog platform, there is a research • How to perform auditing processes across different envi- gap and the lack of security solutions available to detect and ronment data contexts? identify these threats and attacks needs to be addressed. Based • Do you use the same matrix for the edge environment or on our review across various threats and attacks, we have cloud environment? suggested the following issues which need to be addressed • Can your current risk assessment capture the risks cor- in the future to overcome these challenges: rectly? • How to perform and manage real-time processing and • Complex trust situations and insecure authentication and auditing at the same time? authorization systems. • Dynamic behavior such as creating, deleting, joining and In order to overcome the above-mentioned challenges and leaving of Fog nodes, or servers in the Fog layer. questions, it is highly required to develop an automatic • Detection of malicious nodes or rogue nodes is a chal- method, which can be capable to recognize and identify lenging task because of the dynamic nature of leaving security infringements as well as mitigate those security risks and joining by the Fog nodes. in Fog computing. Further research needs to be carried out by • Implementing IDS in large-scale, geo-distributed with utilizing Blockchain technology to mitigate security issues in low-latency requirement with highly mobile Fog com- Fog. puting systems is a complex task. • Due to the distributed environment, hybrid detection G. Secure 5G Enable Fog Network techniques are required to identify malicious activities. • Due to the resource constraints of the Fog devices, In the near future, Fog devices will be connected through designing a high security and low cost threat and attack the 5G network. Connecting Fog devices with 5G network detection is the key problem in the Fog. emerging new security challenges in mainly in the authentica- • Identification and mitigation threats and attacks from tion. The traditional one-way or mutual authentication process both the Fog node and Fog user at the same time is is not useful due to the authentication process between the user challenging. and services [163]. In this case, a new hybrid authentication model is required. Using 5G, Fog will be useful to talk with things and devices. For example, in a smart home and F. Security Auditing smart city environment, one citizen needs an ambulance which Audit rights provide a crucial risk mitigation tool regarding will direct him to a specialized hospital near to the location security issues related to the Fog. Auditing security configura- of the user where a remote surgery can perform. Here, a tions in the Fog platform is a complex task, as it is a gateway hybrid security mechanism is required to secure the whole to the cloud platform and heavily relies on expert knowledge, application environment since many parties are involved in which is required for understanding the different security this processing. Any emergency environment similar to this configurations. However, these systems can be imperfect, and requires a strong and reliable authentication process. User not user friendly for the home users and small companies. privacy is also important in such 5G enable Fog computing In this Section, we explore various unique challenges that environment. Because, user data may pass through the various isolate Fog security auditing from the traditional security untrusted, third-party devices, network equipment, and access auditing or cloud security auditing protocols. These challenges networks. Hence, we need to explore more about hybrid JOURNAL OF LATEX CLASS FILES, VOL. X, NO. X, X X 30 authentication methods and privacy protection in 5G enable [8] P. Zhang, M. Zhou, and G. Fortino, “Security and trust issues in fog Fog network. computing: A survey,” Future Generation Computer Systems, vol. 88, pp. 16–27, 2018. [9] S. Khan, S. Parkinson, and Y. Qin, “Fog computing security: a VII.CONCLUSION review of current applications and security solutions,” Journal of Cloud Computing, vol. 6, no. 1, p. 19, 2017. The main objective of this study is to review, investigate and [10] A. Alrawais, A. Alhothaily, C. Hu, and X. Cheng, “Fog computing for the internet of things: Security and privacy issues,” IEEE Internet analyze the issues of the Fog computing platform to recognize Computing, vol. 21, no. 2, pp. 34–42, 2017. their probable security flaws. The obvious fact is that, there are [11] A. Rauf, R. A. Shaikh, and A. Shah, “Security and privacy for iot numerous security issues that did not exists in the traditional and fog computing paradigm,” in Learning and Technology Conference (L&T), 2018 15th. IEEE, 2018, pp. 96–101. cloud computing environment, of which need to be considered, [12] I. Stojmenovic and S. Wen, “The fog computing paradigm: Scenarios as well as significant developments in the Fog environment. and security issues,” in Computer Science and Information Systems We fill the gap of the current literature by aggregating all (FedCSIS), 2014 Federated Conference on. IEEE, 2014, pp. 1–8. [13] Y. Wang, T. Uehara, and R. Sasaki, “Fog computing: Issues and security aspects of Fog computing paradigm. We have also challenges in security and forensics,” in Computer Software and investigated the main challenges, and tried to exhibit the Applications Conference (COMPSAC), 2015 IEEE 39th Annual, vol. 3. motives as to why the security methods in the cloud platform IEEE, 2015, pp. 53–59. [14] R. Roman, J. Lopez, and M. Mambo, “Mobile edge computing, fog et cannot be employed directly in Fog computing when it comes al.: A survey and analysis of security threats and challenges,” Future to auditing. In this study, we have introduced a taxonomy, by Generation Computer Systems, vol. 78, pp. 680–698, 2018. considering numerous security issues and protection according [15] H. Takabi, J. B. Joshi, and G.-J. Ahn, “Security and privacy challenges in cloud computing environments,” IEEE Security & Privacy, no. 6, to the Fog environment, as well as briefly introduced and pp. 24–31, 2010. discussed these issues retrospectively. In addition, we also [16] S. K. Battula, S. Garg, R. K. Naha, P. Thulasiraman, and R. Thulasiram, discussed how blockchain could help to provide solutions to “A micro-level compensation-based cost model for resource allocation in a fog environment,” Sensors, vol. 19, no. 13, p. 2954, 2019. some of the data security concerns in the Fog environment. [17] R. K. Naha, S. Garg, D. Georgakopoulos, P. P. Jayaraman, L. Gao, At the end, we highlighted several threats and attacks which Y. Xiang, and R. Ranjan, “Fog computing: survey of trends, architec- might be occur frequently under the circumstances of the Fog tures, requirements, and research directions,” IEEE access, vol. 6, pp. 47 980–48 009, 2018. computing network. [18] M. Soliman, T. Abiodun, T. Hamouda, J. Zhou, and C.-H. Lung, Interestingly the Fog is a new paradigm, which therefore “Smart home: Integrating internet of things with web services and requires mitigation of the associated security issues which are cloud computing,” in 2013 IEEE 5th international conference on cloud computing technology and science, vol. 2. IEEE, 2013, pp. 317–320. still challenging tasks. With regards to the system architecture [19] A. Zanella, N. Bui, A. Castellani, L. Vangelista, and M. Zorzi, “Internet of Fog computing, researchers need to do further future work of things for smart cities,” IEEE Internet of Things journal, vol. 1, no. 1, and figure out the challenges with respect to security within the pp. 22–32, 2014. [20] D. Kyriazis, T. Varvarigou, D. White, A. Rossi, and J. Cooper, “Sus- three tier architecture of the cloud-Fog-IoT computing system. tainable smart city iot applications: Heat and electricity management & As Fog computing is an extension of cloud computing, in this eco-conscious cruise control for public transportation,” in 2013 IEEE paper we only covered the security issues concepts related to 14th International Symposium on” A World of Wireless, Mobile and Multimedia Networks”(WoWMoM). IEEE, 2013, pp. 1–5. Fog. We did not consider the security-related issues in the [21] W. Ejaz, M. Naeem, A. Shahid, A. Anpalagan, and M. Jo, “Efficient cloud. energy management for the internet of things in smart cities,” IEEE In the future, we will be investigating and comparing and Communications Magazine, vol. 55, no. 1, pp. 84–91, 2017. [22] Y. Yuehong, Y. Zeng, X. Chen, and Y. Fan, “The internet of things in other similarly distributed environments and present these healthcare: An overview,” Journal of Industrial Information Integra- security issues and suitable solutions for the Fog. tion, vol. 1, pp. 3–13, 2016. [23] J. Xu, Y. Andrepoulos, Y. Xiao, and M. van Der Schaar, “Non- stationary resource allocation policies for delay-constrained video REFERENCES streaming: Application to video over internet-of-things-enabled networks,” IEEE Journal on Selected Areas in Communications, vol. 32, [1] Gartner, “Gartner says 8.4 billion connected ”things” will be no. 4, pp. 782–794, 2014. in use in 2017, up 31 percent from 2016,” 2017. [Online]. [24] S. Tammishetty, T. Ragunathan, S. K. Battula, B. V. Rani, P. RaviBabu, Available: https://www.gartner.com/en/newsroom/press-releases/ R. Nagireddy, V. Jorika, and V. M. Reddy, “Iot-based traffic signal 2017-02-07-gartner-says-8-billion-connected-things-will-be-in-use-in-2017-up-31-percent-from-2016control technique for helping emergency vehicles,” in Proceedings of [2] S. Symanovich, “The future of iot: 10 predictions about the internet the First International Conference on Computational Intelligence and of things,” cyber Security Blog, Norton by Symantec, Accessed, pp. Informatics. Springer, 2017, pp. 433–440. 02–17, 2019. [25] M. Gerla, E.-K. Lee, G. Pau, and U. Lee, “Internet of vehicles: From [3] M. D. Assunçao,˜ R. N. Calheiros, S. Bianchi, M. A. Netto, and intelligent grid to autonomous cars and vehicular clouds,” in 2014 IEEE R. Buyya, “Big data computing and clouds: Trends and future direc- world forum on internet of things (WF-IoT). IEEE, 2014, pp. 241–246. tions,” Journal of Parallel and Distributed Computing, vol. 79, pp. [26] M. Tsugawa, A. Matsunaga, and J. A. Fortes, “Cloud computing 3–15, 2015. security: What changes with software-defined networking?” in Secure [4] F. Bonomi, R. Milito, J. Zhu, and S. Addepalli, “Fog computing and Cloud Computing. Springer, 2014, pp. 77–93. its role in the internet of things,” in Proceedings of the first edition [27] S. Shin and G. Gu, “Cloudwatcher: Network security monitoring using of the MCC workshop on Mobile cloud computing. ACM, 2012, pp. openflow in dynamic cloud networks (or: How to provide security 13–16. monitoring as a service in clouds?),” in Network Protocols (ICNP), [5] D. Kapil, P. Tyagi, S. Kumar, and V. P. Tamta, “Cloud computing: 2012 20th IEEE International Conference on. IEEE, 2012, pp. 1–6. overview and research issues,” in Green Informatics (ICGI), 2017 [28] N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, International Conference on. IEEE, 2017, pp. 71–76. J. Rexford, S. Shenker, and J. Turner, “Openflow: enabling innovation [6] D. Zissis and D. Lekkas, “Addressing cloud computing security issues,” in campus networks,” ACM SIGCOMM Computer Communication Future Generation computer systems, vol. 28, no. 3, pp. 583–592, 2012. Review, vol. 38, no. 2, pp. 69–74, 2008. [7] S. Yi, Z. Qin, and Q. Li, “Security and privacy issues of fog computing: [29] F. Klaedtke, G. O. Karame, R. Bifulco, and H. Cui, “Access control for A survey,” in International conference on wireless algorithms, systems, sdn controllers,” in Proceedings of the third workshop on Hot topics and applications. Springer, 2015, pp. 685–695. in software defined networking. ACM, 2014, pp. 219–220. JOURNAL OF LATEX CLASS FILES, VOL. X, NO. X, X X 31

[30] G. Press, “Idc: Top 10 technology predictions for 2015,” 2014. [54] J. Yuan and X. Li, “A reliable and lightweight trust computing mecha- [Online]. Available: http://goo.gl/zFujnE nism for iot edge devices based on multi-source feedback information [31] K. Lee, D. Kim, D. Ha, U. Rajput, and H. Oh, “On security and privacy fusion,” IEEE Access, vol. 6, pp. 23 626–23 638, 2018. issues of fog computing supported internet of things environment,” in [55] T. D. Dang and D. Hoang, “A data protection model for fog com- Network of the Future (NOF), 2015 6th International Conference on puting,” in 2017 Second International Conference on Fog and Mobile the. IEEE, 2015, pp. 1–3. Edge Computing (FMEC), May 2017, pp. 32–38. [32] R. Lu, X. Liang, X. Li, X. Lin, and X. Shen, “Eppa: An efficient [56] E. Aghasian, S. Garg, and J. Montgomery, “User’s privacy in recom- and privacy-preserving aggregation scheme for secure smart grid com- mendation systems applying online social network data, a survey and munications,” IEEE Transactions on Parallel and Distributed Systems, taxonomy,” arXiv preprint arXiv:1806.07629, 2018. vol. 23, no. 9, pp. 1621–1631, 2012. [57] A. Fu, J. Song, S. Li, G. Zhang, and Y. Zhang, “A privacy-preserving [33] K. Yang and X. Jia, “Data storage auditing service in cloud computing: group authentication protocol for machine-type communication in challenges, methods and opportunities,” World Wide Web, vol. 15, no. 4, lte/lte-a networks,” Security and Communication Networks, vol. 9, pp. 409–428, 2012. no. 13, pp. 2002–2014, 2016. [34] C. Modi, D. Patel, B. Borisaniya, H. Patel, A. Patel, and M. Rajarajan, [58] E. Aghasian, S. Garg, L. Gao, S. Yu, and J. Montgomery, “Scoring “A survey of intrusion detection techniques in cloud,” Journal of users privacy disclosure across multiple online social networks,” IEEE network and computer applications, vol. 36, no. 1, pp. 42–57, 2013. access, vol. 5, pp. 13 118–13 130, 2017. [35] L. A. Maglaras, J. Jiang, and T. J. Cruz, “Combining ensemble methods [59] D. Koo, Y. Shin, J. Yun, and J. Hur, “A hybrid deduplication for secure and social network metrics for improving accuracy of ocsvm on and efficient data outsourcing in fog computing,” in Cloud Computing intrusion detection in scada systems,” Journal of Information Security Technology and Science (CloudCom), 2016 IEEE International Con- and Applications, vol. 30, pp. 15–26, 2016. ference on. IEEE, 2016, pp. 285–293. [36] J. Valenzuela, J. Wang, and N. Bissinger, “Real-time intrusion detection [60] N. Cao, C. Wang, M. Li, K. Ren, and W. Lou, “Privacy-preserving in power system operations,” IEEE Transactions on Power Systems, multi-keyword ranked search over encrypted cloud data,” IEEE Trans- vol. 28, no. 2, pp. 1052–1062, 2013. actions on parallel and distributed systems, vol. 25, no. 1, pp. 222–233, [37] Z. Qin, Q. Li, and M.-C. Chuah, “Defending against unidentifiable 2014. attacks in electric power grids,” IEEE Transactions on Parallel and [61] Z. Qin, S. Yi, Q. Li, and D. Zamkov, “Preserving secondary users’ Distributed Systems, vol. 24, no. 10, pp. 1961–1971, 2013. privacy in cognitive radio networks,” in INFOCOM, 2014 Proceedings [38] S. Anwar, J. Mohamad Zain, M. F. Zolkipli, Z. Inayat, S. Khan, IEEE. IEEE, 2014, pp. 772–780. B. Anthony, and V. Chang, “From intrusion detection to an intrusion [62] A. Rial and G. Danezis, “Privacy-preserving smart metering,” in response system: fundamentals, requirements, and future directions,” Proceedings of the 10th annual ACM workshop on Privacy in the Algorithms, vol. 10, no. 2, p. 39, 2017. electronic society. ACM, 2011, pp. 49–60. [39] T. Cruz, L. Rosa, J. Proença, L. Maglaras, M. Aubigny, L. Lev, J. Jiang, [63] H. A. Al Hamid, S. M. M. Rahman, M. S. Hossain, A. Almogren, and and P. Simoes, “A cybersecurity detection framework for supervisory A. Alamri, “A security model for preserving the privacy of medical big control and data acquisition systems,” IEEE Transactions on Industrial data in a healthcare cloud using a fog computing facility with pairing- Informatics, vol. 12, no. 6, pp. 2236–2246, 2016. based cryptography,” IEEE Access, vol. 5, pp. 22 313–22 328, 2017. [40] I. S. Association et al., “Ieee 1934-2018-ieee standard for adoption of [64] E. Novak and Q. Li, “Near-pri: Private, proximity based location openfog reference architecture for fog computing,” 2018. sharing,” in INFOCOM, 2014 Proceedings IEEE. IEEE, 2014, pp. [41] H. Li and M. Singhal, “Trust management in distributed systems,” 37–45. Computer, vol. 40, no. 2, 2007. [65] C. Dwork, H. van Tilborg, and S. Jajodia, “Differential privacy. [42] F. H. Rahman, T.-W. Au, S. S. Newaz, W. S. Suhaili, and G. M. Lee, encyclopedia of cryptography and security,” 2011. “Find my trustworthy fogs: A fuzzy-based trust evaluation framework,” [66] W. Wei, F. Xu, and Q. Li, “Mobishare: Flexible privacy-preserving Future Generation Computer Systems, 2018. location sharing in mobile online social networks,” in INFOCOM, 2012 [43] M. Blaze, J. Feigenbaum, and J. Lacy, “Decentralized trust man- Proceedings IEEE. IEEE, 2012, pp. 2616–2620. agement,” in Security and Privacy, 1996. Proceedings., 1996 IEEE Symposium on. IEEE, 1996, pp. 164–173. [67] Z. Gao, H. Zhu, Y. Liu, M. Li, and Z. Cao, “Location privacy in [44] J.-H. Cho, A. Swami, and R. Chen, “A survey on trust management for database-driven cognitive radio networks: Attacks and countermea- mobile ad hoc networks,” IEEE Communications Surveys & Tutorials, sures,” in INFOCOM, 2013 Proceedings IEEE. IEEE, 2013, pp. vol. 13, no. 4, pp. 562–583, 2011. 2751–2759. [45] M. Mukherjee, R. Matam, L. Shu, L. Maglaras, M. A. Ferrag, [68] S. McLaughlin, P. McDaniel, and W. Aiello, “Protecting consumer N. Choudhury, and V. Kumar, “Security and privacy in fog computing: privacy from electric load monitoring,” in Proceedings of the 18th ACM Challenges,” IEEE Access, vol. 5, pp. 19 293–19 304, 2017. conference on Computer and communications security. ACM, 2011, [46] J. Guo, R. Chen, and J. J. Tsai, “A survey of trust computation models pp. 87–98. for service management in internet of things systems,” Computer [69] H. Wang, Z. Wang, and J. Domingo-Ferrer, “Anonymous and secure Communications, vol. 97, pp. 1–14, 2017. aggregation scheme in fog-based public cloud computing,” Future [47] I. Pranata, G. Skinner, and R. Athauda, “A holistic review on trust Generation Computer Systems, vol. 78, pp. 712–719, 2018. and reputation management systems for digital environments,” Interna- [70] R. Yang, Q. Xu, M. H. Au, Z. Yu, H. Wang, and L. Zhou, “Position tional Journal of Computer and Information Technology, vol. 1, no. 1, based cryptography with location privacy: A step for fog computing,” pp. 44–53, 2012. Future Generation Computer Systems, vol. 78, pp. 799–806, 2018. [48] F. A. Kraemer, A. E. Braten, N. Tamkittikhun, and D. Palma, “Fog [71] P. Kumar, N. Zaidi, and T. Choudhury, “Fog computing: Common computing in healthcarea review and discussion,” IEEE Access, vol. 5, security issues and proposed countermeasures,” in System Modeling & pp. 9206–9222, 2017. Advancement in Research Trends (SMART), International Conference. [49] A. Jøsang, R. Ismail, and C. Boyd, “A survey of trust and reputa- IEEE, 2016, pp. 311–315. tion systems for online service provision,” Decision support systems, [72] J. Liu, J. Li, L. Zhang, F. Dai, Y. Zhang, X. Meng, and J. Shen, “Secure vol. 43, no. 2, pp. 618–644, 2007. intelligent traffic light control using fog computing,” Future Generation [50] E. Damiani, D. C. di Vimercati, S. Paraboschi, P. Samarati, and F. Vi- Computer Systems, vol. 78, pp. 817–824, 2018. olante, “A reputation-based approach for choosing reliable resources in [73] R. Lu, K. Heung, A. H. Lashkari, and A. A. Ghorbani, “A lightweight peer-to-peer networks,” in Proceedings of the 9th ACM conference on privacy-preserving data aggregation scheme for fog computing- Computer and communications security. ACM, 2002, pp. 207–216. enhanced iot,” IEEE Access, vol. 5, pp. 3302–3312, 2017. [51] P. Abhijit J and D. G. Syam Prasad, “Trust based security model for [74] E. Ahmadizadeh, E. Aghasian, H. P. Taheri, and R. F. Nejad, “An iot and fog based applications.” International Journal of Engineering automated model to detect fake profiles and botnets in online social and Technology, vol. 7, p. 691, 03 2018. networks using steganography technique,” IOSR Journal of Computer [52] S. A. Soleymani, A. H. Abdullah, M. Zareei, M. H. Anisi, C. Vargas- Engineering (IOSR-JCE), vol. 17, pp. 65–71, 2015. Rosales, M. K. Khan, and S. Goudarzi, “A secure trust model based on [75] E. Aghasian, S. Garg, and J. Montgomery, “A privacy-enhanced friend- fuzzy logic in vehicular ad hoc networks with fog computing,” IEEE ing approach for users on multiple online social networks,” Computers, Access, vol. 5, pp. 15 619–15 629, 2017. vol. 7, no. 3, p. 42, 2018. [53] T. Wang, G. Zhang, M. Z. A. Bhuiyan, A. Liu, W. Jia, and M. Xie, [76] I. Stojmenovic, S. Wen, X. Huang, and H. Luan, “An overview of “A novel trust mechanism based on fog computing in sensor–cloud fog computing and its security issues,” Concurrency and Computation: system,” Future Generation Computer Systems, 2018. Practice and Experience, vol. 28, no. 10, pp. 2991–3005, 2016. JOURNAL OF LATEX CLASS FILES, VOL. X, NO. X, X X 32

[77] S. Mohammed, L. Ramkumar, and V. Rajasekar, “Password-based [100] M. Sookhak, F. R. Yu, M. K. Khan, Y. Xiang, and R. Buyya, “Attribute- authentication in computer security: Why is it still there?” based data access control in mobile cloud computing: Taxonomy and [78] J. L. Tsai, “Efficient nonce-based authentication scheme for session open issues,” Future Generation Computer Systems, vol. 72, pp. 273– initiation protocol.” IJ Network Security, vol. 9, no. 1, pp. 12–16, 2009. 287, 2017. [79] R. Lu, Z. Cao, Z. Chai, and X. Liang, “A simple user authentication [101] C. Langaliya and R. Aluvalu, “Enhancing cloud security through scheme for grid computing.” IJ Network Security, vol. 7, no. 2, pp. access control models: A survey,” International Journal of Computer 202–206, 2008. Applications, vol. 112, no. 7, 2015. [80] M. Kumar, “An enhanced remote user authentication scheme with smart [102] A. Sahai and B. Waters, “Fuzzy identity-based encryption,” in Annual card.” IJ Network Security, vol. 10, no. 3, pp. 175–184, 2010. International Conference on the Theory and Applications of Crypto- [81] C.-C. Lee, C.-H. Liu, and M.-S. Hwang, “Guessing attacks on strong- graphic Techniques. Springer, 2005, pp. 457–473. password authentication protocol.” IJ Network Security, vol. 15, no. 1, [103] V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-based encryp- pp. 64–67, 2013. tion for fine-grained access control of encrypted data,” in Proceedings [82] Z. M. Fadlullah, M. M. Fouda, N. Kato, A. Takeuchi, N. Iwasaki, and of the 13th ACM conference on Computer and communications secu- Y. Nozaki, “Toward intelligent machine-to-machine communications in rity. Acm, 2006, pp. 89–98. smart grid,” IEEE Communications Magazine, vol. 49, no. 4, 2011. [104] J. Bethencourt, A. Sahai, and B. Waters, “Ciphertext-policy attribute- [83] D. Balfanz, D. K. Smetters, P. Stewart, and H. C. Wong, “Talking based encryption,” in Security and Privacy, 2007. SP’07. IEEE Sym- to strangers: Authentication in ad-hoc wireless networks.” in NDSS. posium on. IEEE, 2007, pp. 321–334. Citeseer, 2002. [105] Y. Wang, L. Wei, X. Tong, X. Zhao, and M. Li, “Cp-abe based access [84] S. Bouzefrane, A. F. B. Mostefa, F. Houacine, and H. Cagnon, control for cloud storage,” in Information Technology and Intelligent “Cloudlets authentication in nfc-based mobile computing,” in Mobile Transportation Systems. Springer, 2017, pp. 463–472. Cloud Computing, Services, and Engineering (MobileCloud), 2014 2nd [106] F. Li, Y. Rahulamathavan, M. Conti, and M. Rajarajan, “Robust access IEEE International Conference on. IEEE, 2014, pp. 267–272. control framework for mobile cloud computing network,” Computer [85] M. H. Ibrahim, “Octopus: An edge-fog mutual authentication scheme.” Communications, vol. 68, pp. 61–72, 2015. IJ Network Security, vol. 18, no. 6, pp. 1089–1101, 2016. [107] S. Salonikias, I. Mavridis, and D. Gritzalis, “Access control issues in [86] A. Manzoor, M. A.-u.-H. Tahir, A. Wahid, M. A. Shah, and A. Akhun- utilizing fog computing for transport infrastructure,” in International zada, “Secure login using multi-tier authentication schemes in fog Conference on Critical Information Infrastructures Security. Springer, computing.” 2015, pp. 15–26. [87] A. Vishwanath, R. Peruri, and J. S. He, Security in fog computing [108] L. Popa, M. Yu, S. Y. Ko, S. Ratnasamy, and I. Stoica, “Cloudpolice: through encryption. DigitalCommons@ Kennesaw State University, Taking access control out of the network,” p. 7, 01 2010. 2016. [109] P. Zhang, Z. Chen, J. K. Liu, K. Liang, and H. Liu, “An efficient [88] M. Wazid, A. K. Das, N. Kumar, and A. V. Vasilakos, “Design of secure access control scheme with outsourcing capability and attribute update key management and user authentication scheme for fog computing for fog computing,” Future Generation Computer Systems, vol. 78, pp. services,” Future Generation Computer Systems, vol. 91, pp. 475–492, 753–762, 2018. 2019. [110] L. Popa, M. Yu, S. Y. Ko, S. Ratnasamy, and I. Stoica, “Cloudpolice: [89] C. Dsouza, G.-J. Ahn, and M. Taguinod, “Policy-driven security taking access control out of the network,” in Proceedings of the 9th management for fog computing: Preliminary framework and a case ACM SIGCOMM Workshop on Hot Topics in Networks. ACM, 2010, study,” in Information Reuse and Integration (IRI), 2014 IEEE 15th p. 7. International Conference on. IEEE, 2014, pp. 16–23. [111] K. Fan, J. Wang, X. Wang, H. Li, and Y. Yang, “A secure and verifiable [90] S. Alharbi, P. Rodriguez, R. Maharaja, P. Iyer, N. Subaschandrabose, outsourced access control scheme in fog-cloud computing,” Sensors, and Z. Ye, “Secure the internet of things with challenge response vol. 17, no. 7, p. 1695, 2017. authentication in fog computing,” in Performance Computing and [112] M. Xiao, J. Zhou, X. Liu, and M. Jiang, “A hybrid scheme for fine- Communications Conference (IPCCC), 2017 IEEE 36th International. grained search and access authorization in fog computing environment,” IEEE, 2017, pp. 1–2. Sensors, vol. 17, no. 6, p. 1423, 2017. [91] A. B. Amor, M. Abid, and A. Meddeb, “A privacy-preserving authenti- [113] Z. Yu, M. H. Au, Q. Xu, R. Yang, and J. Han, “Towards leakage- cation scheme in an edge-fog environment,” in Computer Systems and resilient fine-grained access control in fog computing,” Future Gener- Applications (AICCSA), 2017 IEEE/ACS 14th International Conference ation Computer Systems, vol. 78, pp. 763–777, 2018. on. IEEE, 2017, pp. 1225–1231. [114] B. Zaghdoudi, H. K.-B. Ayed, and W. Harizi, “Generic access control [92] P. Hu, H. Ning, T. Qiu, H. Song, Y. Wang, and X. Yao, “Security system for ad hoc mcc and fog computing,” in International Conference and privacy preservation scheme of face identification and resolution on Cryptology and Network Security. Springer, 2016, pp. 400–415. framework using fog computing in internet of things,” IEEE Internet [115] P. Hu, S. Dhelim, H. Ning, and T. Qiu, “Survey on fog computing: of Things Journal, vol. 4, no. 5, pp. 1143–1155, 2017. architecture, key technologies, applications and open issues,” Journal [93] D. A. Ha, K. T. Nguyen, and J. K. Zao, “Efficient authentication of Network and Computer Applications, vol. 98, pp. 27–42, 2017. of resource-constrained iot devices based on ecqv implicit certificates [116] H. Han, B. Sheng, C. C. Tan, Q. Li, and S. Lu, “A measurement based and datagram transport layer security protocol,” in Proceedings of the rogue ap detection scheme,” in INFOCOM 2009, IEEE. IEEE, 2009, Seventh Symposium on Information and Communication Technology. pp. 1593–1601. ACM, 2016, pp. 173–179. [117] H. Han, B. Sheng, C. C. Tan, Q. Li, and S. Lu, “A timing-based scheme [94] P. Gope and B. Sikdar, “Lightweight and privacy-preserving two- for rogue ap detection,” IEEE Transactions on parallel and distributed factor authentication scheme for iot devices,” IEEE Internet of Things Systems, vol. 22, no. 11, pp. 1912–1925, 2011. Journal, 2018. [118] L. Ma, A. Y. Teymorian, and X. Cheng, “A hybrid rogue access point [95] P. Zhang, J. K. Liu, F. R. Yu, M. Sookhak, M. H. Au, and X. Luo, protection framework for commodity wi-fi networks,” in INFOCOM “A survey on access control in fog computing,” IEEE Communications 2008. The 27th Conference on Computer Communications. IEEE. Magazine, vol. 56, no. 2, pp. 144–149, Feb 2018. IEEE, 2008, pp. 1220–1228. [96] N. Meghanathan, “Review of access control models for cloud com- [119] A. V. Dastjerdi and R. Buyya, “Fog computing: Helping the internet puting,” Computer Science & Information Science, vol. 3, no. 1, pp. of things realize its potential,” Computer, vol. 49, no. 8, pp. 112–116, 77–85, 2013. 2016. [97] K. Vohra and M. Dave, “Multi-authority attribute based data access [120] H. Madsen, B. Burtschy, G. Albeanu, and F. Popentiu-Vladicescu, control in fog computing,” Procedia Computer Science, vol. 132, pp. “Reliability in the utility computing era: Towards reliable fog comput- 1449–1457, 2018. ing,” in Systems, Signals and Image Processing (IWSSIP), 2013 20th [98] R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman, “Role- International Conference on. IEEE, 2013, pp. 43–46. based access control models,” Computer, vol. 29, no. 2, pp. 38–47, [121] P. K. Patra, H. Singh, and G. Singh, “Fault tolerance techniques 1996. and comparative implementation in cloud computing,” International [99] K. Punithasurya and S. Jeba Priya, “Analysis of different access control Journal of Computer Applications, vol. 64, no. 14, 2013. mechanism in cloud,” International Journal of Applied Information [122] P. Latchoumy and P. S. A. Khader, “Survey on fault tolerance in grid Systems (IJAIS), Foundation of Computer Science FCS, vol. 4, no. 2, computing,” International Journal of Computer Science and Engineer- 2012. ing Survey, vol. 2, no. 4, p. 97, 2011. JOURNAL OF LATEX CLASS FILES, VOL. X, NO. X, X X 33

[123] B. Lussier, A. Lampe, R. Chatila, J. Guiochet, F. Ingrand, M.-O. [145] A. Fu, S. Yu, Y. Zhang, H. Wang, and C. Huang, “Npp: a new privacy- Killijian, and D. Powell, “Fault tolerance in autonomous systems: How aware public auditing scheme for cloud data sharing with group users,” and how much?” in 4th IARP-IEEE/RAS-EURON Joint Workshop on IEEE Transactions on Big Data, 2017. Technical Challenges for Dependable Robots in Human Environments [146] S. Parkinson, Y. Qin, S. Khan, and M. Vallati, “Security auditing in (DRHE), 2005. the fog,” in Proceedings of the Second International Conference on [124] A. Bala and I. Chana, “Fault tolerance-challenges, techniques and im- Internet of Things, Data and Cloud Computing, ser. ICC ’17. New plementation in cloud computing,” International Journal of Computer York, NY, USA: ACM, 2017, pp. 191:1–191:9. [Online]. Available: Science Issues (IJCSI), vol. 9, no. 1, p. 288, 2012. http://doi.acm.org/10.1145/3018896.3056808 [125] Y. Wu, H. Song, Y. Xiong, Z. Zheng, Y. Zhang, and G. Huang, “Model [147] S. Bleikertz, M. Schunter, C. W. Probst, D. Pendarakis, and K. Eriks- defined fault tolerance in cloud,” in Proceedings of the 6th Asia-Pacific son, “Security audits of multi-tier virtual infrastructures in public Symposium on Internetware on Internetware. ACM, 2014, pp. 116– infrastructure clouds,” in Proceedings of the 2010 ACM workshop on 119. Cloud computing security workshop. ACM, 2010, pp. 93–102. [126] M. S. A. Latiff et al., “A checkpointed league championship algorithm- [148] C. Wang, S. S. Chow, Q. Wang, K. Ren, and W. Lou, “Privacy- based cloud scheduling scheme with secure fault tolerance responsive- preserving public auditing for secure cloud storage,” IEEE Transactions ness,” Applied Soft Computing, vol. 61, pp. 670–680, 2017. on computers, vol. 62, no. 2, pp. 362–375, 2013. [127] F.-C. Jiang and C.-H. Hsu, “Fault-tolerant system design on cloud [149] C. Wang, K. Ren, W. Lou, and J. Li, “Toward publicly auditable secure logistics by greener standbys deployment with petri net model,” Neu- cloud data storage services,” IEEE network, vol. 24, no. 4, 2010. rocomputing, vol. 256, pp. 90–100, 2017. [150] M. A. Shah, R. Swaminathan, and M. Baker, “Privacy-preserving audit and extraction of digital contents.” IACR Cryptology ePrint Archive, [128] Y. Liu, J. E. Fieldsend, and G. Min, “A framework of fog computing: vol. 2008, p. 186, 2008. Architecture, challenges, and optimization,” IEEE Access, vol. 5, pp. [151] L. A. Mohammed and K. Munir, “Secure third party auditor (tpa) 25 445–25 454, 2017. for ensuring data integrity in fog computing,” International Journal [129] Y. Sharma, B. Javadi, W. Si, and D. Sun, “Reliability and energy of Network Security & Its Applications (IJNSA) Vol, vol. 10, 2018. Journal efficiency in cloud computing systems: Survey and taxonomy,” [152] M. Spremic, “Standards and frameworks for information system secu- of Network and Computer Applications , vol. 74, pp. 66–85, 2016. rity auditing and assurance,” in World Congress on Engineering, 2011, [130] R. Sandhu, A. S. Sohal, and S. K. Sood, “Identification of malicious pp. 978–988. edge devices in fog computing environments,” Information Security [153] J. Ryoo, S. Rizvi, W. Aiken, and J. Kissell, “Cloud security auditing: Journal: A Global Perspective, vol. 26, no. 5, pp. 213–228, 2017. challenges and emerging approaches,” IEEE Security & Privacy, no. 1, [131] Z. Li, X. Zhou, Y. Liu, H. Xu, and L. Miao, “A non-cooperative pp. 1–1, 2014. differential game-based security model in fog computing,” China [154] U. Franke and J. Brynielsson, “Cyber situational awareness–a system- Communications, vol. 14, no. 1, pp. 180–189, 2017. atic review of the literature,” Computers & Security, vol. 46, pp. 18–31, [132] A. S. Sohal, R. Sandhu, S. K. Sood, and V. Chang, “A cybersecurity 2014. framework to identify malicious edge device in fog computing and [155] S. L. Garfinkel, “Digital forensics research: The next 10 years,” digital cloud-of-things environments,” Computers & Security, vol. 74, pp. investigation, vol. 7, pp. S64–S73, 2010. 340–354, 2018. [156] G. Zyskind, O. Nathan et al., “Decentralizing privacy: Using [133] BBCNews, “Bbc, cyber attacks briefly knock out top sites,” 2016. [On- blockchain to protect personal data,” in Security and Privacy Workshops line]. Available: URLhttp://www.bbc.com/news/technology-37728015 (SPW), 2015 IEEE. IEEE, 2015, pp. 180–184. [134] BBC, “Bbc, smart home devices used as weapons in [157] S. Tuli, R. Mahmud, S. Tuli, and R. Buyya, “Fogbus: A blockchain- website attack,” 2016. [Online]. Available: http://www.bbc.com/ based lightweight framework for edge and fog computing,” arXiv news/technology-37738823 preprint arXiv:1811.11978, 2018. [135] M. Arrington, “In our inbox: Hundreds of confidential twitter [158] P. K. Sharma, M.-Y. Chen, and J. H. Park, “A software defined fog node documents,” July 2009.[Online]. Available: http://techcrunch. based distributed blockchain cloud architecture for iot,” IEEE Access, com/2009/07/14/in-our-inbox-hundreds-of-confidential- vol. 6, pp. 115–124, 2018. twitterdocuments, 2009. [159] J. W. Jeong, B. Y. Kim, and J. W. Jang, “Security and device control [136] D. Takahashi, “French hacker who leaked twitter documents method for fog computer using blockchain,” in Proceedings of the 2018 to techcrunch is busted,” March 2010.[On-line]. Available: International Conference on Information Science and System. ACM, http://venturebeat. com/2010/03/24/french-hackerwho-leaked-twitter- 2018, pp. 234–238. documents-to-techcrunch-isbusted, 2010. [160] M. Samaniego and R. Deters, “Using blockchain to push software- [137] P. Allen, “Obamas twitter password revealed after french hacker defined iot components onto edge hosts,” in Proceedings of the Inter- arrested for breaking into us presidents account,” March 2010, 2010. national Conference on Big Data and Advanced Wireless Technologies. [138] F. Rocha and M. Correia, “Lucy in the sky without diamonds: Stealing ACM, 2016, p. 58. confidential data in the cloud,” in Dependable Systems and Networks [161] A. Dorri, S. S. Kanhere, and R. Jurdak, “Blockchain in internet of Workshops (DSN-W), 2011 IEEE/IFIP 41st International Conference things: challenges and solutions,” arXiv preprint arXiv:1608.05187, on. IEEE, 2011, pp. 129–134. 2016. [162] H. Antunes, “Blockchain and fog: Made for each other,” 2018. [139] J. Pepitone, “Dropboxs password nightmare highlights cloud risks,” [Online]. Available: https://bit.ly/2BmIaRp June 2011, 2011. [163] L. Index, HUAWEI TECHNOLOGIES CO., “5g security: Forward [140] S. J. Stolfo, M. B. Salem, and A. D. Keromytis, “Fog computing: thinking huawei white paper,” 2015. Mitigating insider data theft attacks in the cloud,” in Security and Privacy Workshops (SPW), 2012 IEEE Symposium on. IEEE, 2012, pp. 125–128. [141] T. Wang, J. Zhou, M. Huang, M. Z. A. Bhuiyan, A. Liu, W. Xu, and M. Xie, “Fog-based storage technology to fight with cyber threat,” Future Generation Computer Systems, vol. 83, pp. 208–218, 2018. [142] S. Homayoun, A. Dehghantanha, M. Ahmadzadeh, S. Hashemi, Abdullah Al-Noman Patwary is currently pursuing R. Khayami, K.-K. R. Choo, and D. E. Newton, “Drthis: Deep the Master’s degree in the field of computer science ransomware threat hunting and intelligence system at the fog layer,” and engineering from Nanjing University of Science Future Generation Computer Systems, vol. 90, pp. 94–104, 2019. and Technology. He is actually well-versed in most [143] F. Hosseinpour, P. Vahdani Amoli, J. Plosila, T. Ham¨ al¨ ainen,¨ and things network or information security related. His H. Tenhunen, “An intrusion detection system for fog computing and research interests include Fog Computing security, iot based logistic systems using a smart data approach,” International IoT security and Cloud Computing security. He Journal of Digital Content Technology and its Applications, vol. 10, received the bachelor’s degree in computer science 2016. and engineering from State University of Bangladesh [144] S. Alharbi, P. Rodriguez, R. Maharaja, P. Iyer, N. Bose, and Z. Ye, “Fo- in 2014. Since 2014-2016, he has been working as a cus: A fog computing-based security system for the internet of things,” system administrator at Creative IT Ltd, Bangladesh. in Consumer Communications & Networking Conference (CCNC), 2018 15th IEEE Annual. IEEE, 2018, pp. 1–5. JOURNAL OF LATEX CLASS FILES, VOL. X, NO. X, X X 34

Anmin Fu is an associate professor and supervisor Md Anwarul Kaium Patwary completed his Mas- of Ph.D. students of Nanjing University of Science ter of Science in Computer Science from the Uni- and Technology, China. He received his B.S. de- versiti Putra Malaysia. He is currently pursuing a gree in Communication Engineering from Lanzhou PhD in Computer Engineering at the University of University of Technology, China, in 2005. He re- Tasmania. His research interests include dynamic ceived his M.S. and Ph.D. degrees in Cryptography graph partitioning, graph algorithms, load balancing, and Information Security from Xidian University in and distributed computing. 2008 and 2011, respectively. His research interests include cloud computing security, wireless security and applied cryptography.

Ranesh Kumar Naha is currently pursuing his Ph.D. studies on reliable resource allocation and scheduling in Fog computing environment with the University of Tasmania. He has been awarded Tas- mania Graduate Research Scholarship (TGRS) for supporting his studies. His research interests include wired and wireless network, parallel and distributed computing, Cloud computing, Internet of Things (IoT), and Fog computing. He received his Mas- ter of Science (M.Sc.) degree from Department of Communication Technology and Network, Faculty of Computer Science and Information Technology, Universiti Putra Malaysia, in 2015. He received B.Sc. degree in Computer Science and Engineering from State University of Bangladesh in 2008. During his master study he has been awarded Commonwealth Scholarship provided by Ministry of Higher Education, Malaysia. He served as Lecturer until 2011 in Daffodil Institute of IT, Bangladesh.

Erfan Aghasian received the B.Eng. degree in information technology from Qazvin Azad University and the M.Sc. degree in information technology Battula Sudheer Kumar received his Master of management from the University Technology of Technology degree in software engineering in 2012. Malaysia. He is currently pursuing the Ph.D. degree He is currently pursuing his Ph.D. studies on re- in information technology with the University of source management in Fog computing environment Tasmania. His research interests include computer with the University of Tasmania. He has been systems and network security, data security and data awarded Tasmania Graduate Research Scholarship anonymisation. (TGRS) for supporting his studies. His research interests includes Fog computing, Distributed ﬁle systems, Cloud computing, Internet of Things (IoT), and Big Data.

Dr. Saurabh Garg is currently a Lecturer with the University of Tasmania, Australia. He is one of the few Ph.D. students who completed in less than three years from the University of Melbourne. He has authored over 40 papers in highly cited journals and conferences. During his Ph.D., he has been received various special scholarships for his Ph.D. candidature. His research interests include resource management, scheduling, utility and grid computing, Cloud computing, green computing, wireless networks, and ad hoc networks.