FoNAC - An automated Fog Node Audit and Certification scheme
2020 (English)In: Computers & security (Print), ISSN 0167-4048, E-ISSN 1872-6208, Vol. 93, article id 101759Article in journal (Refereed) Published
Abstract [en]
Meeting the security and privacy needs for IoT data becomes equally important in the newly introduced intermediary Fog Computing layer, as it was in its former technological layer - Cloud; but the accomplishment of such security is critical and challenging. While security assurance of the fog layer devices is imperative due to their exposure to the public Internet, it becomes even more complex, than the cloud layer, as it involves a large number of heterogeneous devices deployed hierarchically. Manual audit and certification schemes are unsuitable for large number of fog nodes thereby inhibiting the involved stakeholders to use manual security assurance schemes altogether. However, scalable and feasible security assurance can be provided by introducing automated and continuous monitoring and auditing of fog nodes to ensure a trusted, updated and vulnerability free fog layer. This paper presents such an solution in the form of an automated Fog Node Audit and Certification scheme (FoNAC) which guarantees a secure fog layer through the proposed fog layer assurance mechanism. FoNAC leverages Trusted Platform Module (TPM 2.0) capabilities to evaluate/audit the platform integrity of the operating fog nodes and grants certificate to the individual node after a successful security audit. FoNAC security is also validated through its formal security analysis performed using AVISPA under Dolev-Yao intruder model. The security analysis of FoNAC shows its resistance against cyber-attacks like impersonation, replay attack, forgery, Denial of Service(DoS) and MITM attack.
Place, publisher, year, edition, pages
Elsevier Ltd , 2020. Vol. 93, article id 101759
Keywords [en]
Certification, Cloud computing, Continuous auditing, Edge, Fog, Remote attestation, Security, SLA, TPM 2.0, Automation, Fog computing, Network security, Security systems, Trusted computing, Denial-of-service attack
National Category
Natural Sciences
Identifiers
URN: urn:nbn:se:ri:diva-44444DOI: 10.1016/j.cose.2020.101759Scopus ID: 2-s2.0-85081116437OAI: oai:DiVA.org:ri-44444DiVA, id: diva2:1415135
Note
Funding details: VINNOVA, 2019-01305; Funding details: 830927; Funding text 1: This research has been supported by the funding for H2020 CONCORDIA (grant agreement No 830927) and from VINNOVA Sweden (grant agreement no 2019-01305).
2020-03-172020-03-172023-06-08Bibliographically approved