Abstract— points, road side units, cellular base stations, etc.

Abstract— Fog Computing is a paradigm that extends
Cloud computing and its services to the network. The new computational theories
has brought up the data security challenges against several security
mechanisms. When an unauthorized access is suspected and then a disinformation
attack by returning large amounts of decoy information to the attacker is
initiated. This protects the user’s real data. Its distinctive characteristics
in the location sensitivity, wireless and geographical accessibility create new
security and forensics issues and challenges.

 

Keywords— Fog Computing, Decoy System, Data
Security, Cloud Computing.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

 

 

 

 

                                                                                                                                                       
I.           
Introduction

 

IoT combines information and computing
processes to control very large collections of different objects. In today’s
world the small as well as large organizations are using cloud computing
technology to protect their data and to use the cloud resources as and when
they need. The existing mechanisms only facilitate security features to data
and thereby don’t allow for detection of invalid access and thereby its
prevention to enable valid distribution of data. The proposed mechanism
facilitates security features to data and thereby allows for detection of
invalid access and thereby its prevention to enable valid distribution of data.

Cloud computing, however, is not a one-size-_t-all”
solution. There are still problems unsolved since IoT applications usually
require mobility support, geo-distribution, location-awareness and low latency.
Fog computing, a.k.a edge computing, is proposed to enable computing directly
at the edge of the network, which can deliver new applications and services for
billions of connected devices 2. Fog devices are usually set-top-boxes,
access points, road side units, cellular base stations, etc. End devices, fog
and cloud are forming a three layer hierarchical service delivery model,
supporting a range of applications such as web content delivery 4, augmented
reality 15, and big data analysis 6. A typical conceptual architecture of
fog infrastructure is shown in Figure. 1.

Security and privacy issues will lag the
promotion of fog computing if not well addressed, according to the fact that
74% of IT Executives and Chief Information Officers reject cloud in term of the
risks in security and privacy 9. As fog computing is still in its infant
stage, there is little work on security and privacy issues. Since fog computing
is proposed in the context of Internet of Things (IoT), and originated from
cloud computing, security and privacy issues of cloud are inherited in fog
computing. While some issues can be addressed using existing schemes, there are
other issues facing new challenges, due to the distinct characteristics of fog
computing, such as hetero-geniality in fog node and fog network, requirement of
mobility support, massive scale geo-distributed nodes, location-awareness and
low latency.

 

Fig 1. FOG
Infrastructure Architecture

 

                                                                                                                                            
II.           
Literature
Survey

 

In March 2010, Muhammad
Kazim University of
Derby, United Kingdom Shao Ying Zhu University of Derby, United
Kingdom, published a paper on the topic “Cloud Security Alliance,
“Top Threat to Cloud Computing V1.0”. According to this paper,
cloud computing offers many advantages such as increased utilization
of hardware resources,
scalability, reduced costs, and easy deployment. As a result, all the
major companies including Microsoft, Google and Amazon are
using cloud computing. Moreover, the number of customers moving
their data to cloud services such as iCloud, Google Drive,
Dropbox, Facebook and LinkedIn are increasing every day.

 

(a) Ulteo Cloud:

The vision is to enable
organizations to connect their employees with the applications and
information they need to
be successful. By transforming the way applications and desktops
are delivered and accessed we help streamline IT delivery while
enabling new ways of working. Ulteo is a commercial open source
vendor, our customers benefit from the ethos of the open source
model with the security and backing of a commercial enterprise. Our
mission is to deliver
non-proprietary platforms built on innovation, independence and
an open architecture. Ulteo offers the most cost efficient application
delivery platform to the market today, with Ulteo OVD Community Edition
(free to use) and Ulteo Premium Edition giving administrators the
ability to seamlessly deliver applications or full desktop sessions to
PCs, Macs, tablets,
smart phones, laptops and thin clients from Windows, Linux and
cloud environments.3

(b) Wargaming
Public Co Ltd is an international game developer and publisher. The developed a
MMO in 2012 with the name World of Tanks. This MMO is a server based game which
requires the players to create a personal account and then they can play. The
game consists of many skills which are complex to handle. There are also
various scripts which can be executed while playing the game which simplifies
the game. These scripts work like hacks for the players and they can easily
spam their opponents. To avoid the players from doing this, War gaming released
a patch in which the players using various scripts to hack the game were reported
by the players and their accounts would get deactivated.

 

                                                                                                                                      
III.           
Security Issues
in FOG

 

In fog
computing each and every layer should be addressed for security and privacy.
Here we ask ourselves what is new about fog Computing security and privacy.

 

3.1 Trust and Authentication

In cloud
computing deployment, data centers are usually owned by cloud service providers.
However, fog service providers can be different parties due to different deployment
choices:

1) Internet
service providers or wireless carriers, who have control of home gateways or
cellular base stations, may build fog with their existing infrastructures;

2) Cloud
service providers, who want to expand their cloud services to the edge of the
network, may also build fog infrastructures;

3) End users,
who own a local private cloud and want to reduce the cost of ownership, would
like to turn the local private cloud into fog and lease spare resources on the
local private cloud. This exibility complicates the trust situation of fog.

 

Trust Model: Reputation
based trust model 18 has been successful in ecommerce, peer-to-peer (P2P),
user reviews and online social networks. Damiani et al. 7 proposed a robust
reputation system for resource selection in P2P networks using a distributed
polling algorithm to assess the reliability of a re- source before downloading.
In designing a fog computing reputation-based reputation system, we may need to
tackle issues such as 1) how to achieve persistent, unique, and distinct
identity, 2) how to treat intentional and accidental misbehavior, 3) how to
conduct punishment and redemption of reputation. There are also trusting models
based on special hardware such as Secure Element (SE), Trusted Execution
Environment (TEE), or Trusted Platform Module (TPM), which can provide trust
utility in fog computing applications.

 

Rouge node in Fog: The
existing of fake fog node will be a big threat to user data security and
privacy. This problem is hard to address in fog computing due to several
reasons 1) complex trust situation calls for different trust management
schemes, 2) dynamic creating, deleting of virtual machine instance make it hard
to maintain a blacklist of rogue nodes. Han et al. 16, 17 have proposed a
measurement-based method which enables a client to avoid connecting rogue
access point (AP).

 

 

                                                                                                                                
IV.           
Securing clouds with fog

 

Numerous
proposals for cloud-based services describe methods to store documents, files,
and media in a remote service that may be accessed wherever a user may connect
to the Internet. A particularly vexing problem before such services are broadly
accepted concerns guarantees for securing a user’s data in a manner where that
guarantees only the user and no one else can gain access to that data. The
problem of providing security of confidential information remains a core security
problem that, to date, has not provided the levels of assurance most people
desire. Many proposals have been made to secure remote data in the Cloud using
encryption and standard access controls. It is fair to say all of the
standard approaches have been demonstrated to fail from time to time for a
variety of reasons, including insider attacks, mis-configured services, faulty
implementations, buggy code, and the creative construction of effective and
sophisticated attacks not envisioned by the implementers of security
procedures. Building a trustworthy cloud computing environment
is not enough, because accidents continue to happen, and when
they do, and information gets lost, there is no way to get it back.
One needs to prepare for
such accidents. The basic idea is that we can limit the damage of
stolen data if we decrease the value of that stolen information
to the attacker. We can achieve this through a preventive?
disinformation attack. 4 We posit that secure Cloud services can
be implemented given
two additional security features:

 

User Behavior Profiling:

   It is expected that access to a user’s
information in the Cloud will exhibit a normal means of access. User profiling
is a well-known technique that can be applied here to model how, when, and how
much a user accesses their information in the Cloud. Such „normal user?
behavior can be continuously checked to determine whether abnormal access to a
user’s information is occurring. This method of behavior-based security is
commonly used in fraud detection applications. Such profiles would naturally
include volumetric information, how many documents are typically read and how often.
These simple user specific features can serve to detect abnormal Cloud access
based partially upon the scale and scope of data transferred.

 

                                                                                                                                                
V.           
Proposed System

 

Proposed
system uses user behavior profiling and decoy information Technology. It
firstly deals with the user’s behavior, system checks that the user is legitimate
or not. If system find unauthorized person then it sends decoy data and keep
user’s real data safe.

 

UBP Algorithm:

1. Identify
operation executed.

2. Track user
behavior profile consisting of the following parameters: username, login
password specified, user key specified during document access, type of document
selected for access (valid or decoy).

3. During
login, login password specified is tracked

4. During
document access, the user key specified is tracked along with the type of
operation (valid or invalid).

5. Classify
profile as valid or invalid using the following analyzed using the following
mathematical operation: P (IV) =count (invalid operations of each type)/count (operations
of each type). If the value P (IV) is above a threshold parameter then the
profile is categorized as invalid and the user is redirected to the decoy
module.

 

Advantage of placing decoy
files in database are:

1. The
detection of unauthorized person’s activity.

2. The
confusing the attacker with bogus data.

3. Sending bogus
files.

 

Mathematical Model

Let G be the
superset of all sets.

G ? {input,
output, operations, success, failure} Where, Input is set of parameters
provided as input to system.

 

Input ? {U, S,
DS, F}

U is set of
users. It is infinite set of users.

    U ? {U1, U2, U3……………Un}

S is set of
servers. It is finite set of servers.

    S ? {S1}

DS is set of
dataset parameters.

    DS ? {P1, P2, P3, P4, P5}

    P1 ? Session Time

    P2 ?
Duration

    P3 ? File upload count

    P4 ? File Download count

    P5? Blacklist count

F is set of
files. It is Infinite set of files.

    F ?
{F1, F2, F3…………………, Fn}

Output is set
of results.

    Output ? {Legal user/Unreal user, Decoy
document, Alert user via mail, OTP via SMS}

 

Operations is
set of functions.

Operations ?
{Op1, Op2, Op3, Op4, Op5, Op6, Op7, Op8, Op9}

 Op1 ? Request received

 Op2 ? Load user profile

 Op3 ? Apply mining & calculate current
request parameter

 Op4 ? if invalid user then send the
Decoy/Bogus data

 Op5 ? Fetch file

 Op6 ? Calculate digital signature

 Op7 ? Compare with decoy file digitally

 Op8 ? If similar, Alert admin

 Op9 ? Update log, Blacklist

SUCCESS ?
Desired input generated

FAILURE ?
Desired output not generated

 

                                                                                                                                                      
VI.           
Conclusion

 

We propose monitoring data
access patterns by profiling user
behavior to determine if and when a malicious
insider illegitimately accesses someone’s documents
in a Cloud service. Decoy documents stored in the Cloud
alongside the user’s real data also serve as sensors to detect
illegitimate access. Once unauthorized data access or exposure
is suspected, and later verified, with challenge questions for
instance, we inundate the malicious insider with bogus
information in order to dilute the user’s real data. Such
preventive attacks that rely on disinformation technology could
provide unprecedented levels of security in the Cloud and in
social networks.

 

References

 

1 Clinton Dsouza Gail-Joon Ahn
Marthony Taguinod, “Policy-Driven Security Management for Fog Computing: Preliminary
Framework and A Case Study,” Laboratory of Security Engineering for Future Computing
(SEFCOM) School of Computing, Informatics, and Decision Systems Engineering
Arizona State University.

2 Ryoichi Sasaki and Tetsutaro Uehara,
Fog Computing: Issues and Challenges in Security and Forensics, Cambridge
University Press, Cambridge.

3 Cloud Security Alliance, “Top Threat
to Cloud Computing V1.0,” March 2010. Online.

4 M. Ben-Salem and S. J. Stolfo,
“Modeling user search- behavior for masquerade detection,” in Proceedings of the
14th International Symposium on Recent Advances in Intrusion Detection.
Heidelberg: Springer.

5 M. Arrington, “In our inbox:
Hundreds of confidential twitter documents,” Online.

6 William Y Chang, Hosame Abu-amara,
Jessica Stanford, “Transforming enterprise cloud services” (Book Form).

7 Salvatore J. Stolfo, Malek Ben
Salem, Angelos D. Keromytis, “Fog Computing: Mitigating Insider Data theft Attacks
in Cloud”.

8 Ivan Stojmenovic, Sheng Wen, “The
Fog Computing Paradigm: Scenarios andSecurity Issues” IEEE 2014

9D. C. Saste, P. V. Madhwai, N. B.
Lokhande, V. N. Chothe, “FOG COMPUTING: Comprehensive Approach for Avoiding
Data Theft Attack Using Decoy Technology”, IJCTA.

10 Thogaricheti Ashwini, Mrs.
Anuradha.S.G, “Fog Computing toprotect real and sensitivity information in
Cloud”, IJECSE | SSN 2277-1956/V4N1-19-29

11 Shanhe Yi, Cheng Li, Qun Li, “A
Survey of Fog Computing: Concepts, Applications and Issues, ACM 2015

12 Viraj G. Mandlekar, VireshKumar
Mahale, Sanket S.Sancheti, Maaz S. Rais, “Survey on Fog Computing Mitigating
Data Theft Attacks in Cloud”, International Journal of Innovative Research in
Computer Science & Technology (IJIRCST) ISSN: 2347-5552, Volume-2, Issue-6.

13 Yongkun Li, Member, IEEE, and John
C. S. Lui, Fellow, IEEE, “Friends or Foes: Distributed and Randomized Algorithms
to Determine Dishonest Recommenders in Online Social Networks”

14 Manreet kaur, Monika Bharti, “Fog
Computing Providing Data Security: A Review”, International Journal of Advanced
Research in Computer Science and Software Engineering, Volume 4, Issue 6.

15 Divya Shrungar J, Priya M P, Asha S
M, “Fog Computing: Security in Cloud Environment”, International Journal of Advanced
Research in Computer Science and Software Engineering, Volume 5, Issue 8.

16 Younghee Park, Salvatore J. Stolfo,
“Software Decoys for Insider Threat”, ACM.

17Miss. Shafiyana Sayyad, Mr.Anil
Bhandare, Mr. Deepak Yelwande, “Fog Computing: Software decoys for insider
threat”, Volume 2 issue 3 March 2015

18 Tom H. Longxiang Gao, Yang Xiang,
Zhi Li, Limin Sun,”Fog Computing: Focusing on Mobile Users at the Edge” 6 Feb
2015

19 Flavio Bonomi, Rodolfo Milito,
Jiang Zhu, Sateesh Addepalli, “Fog Computing nd Its Role in the Internet of
Things”, ACM.

20 Manreet Kaur, monika Bharati,
“Securing user data on cloud using Fog Computing and Decoy technique”, Volume
2, Issue 10, October.