Authentication, Access Control, Privacy, Threats and Trust ...

JOURNAL OF LATEX CLASS FILES, VOL. X, NO. X, X X 1

Authentication, Access Control, Privacy, Threatsand Trust Management Towards Securing Fog

Computing Environments: A ReviewAbdullah Al-Noman Patwary, Anmin Fu, Member, IEEE, Ranesh Kumar Naha, Member, IEEE, Sudheer Kumar

Battula, Saurabh Garg, Member, IEEE, Md Anwarul Kaium Patwary, Member, IEEE, and ErfanAghasian, Member, IEEE.

Abstract—Fog computing is an emerging computing paradigmthat has come into consideration for the deployment of IoTapplications amongst researchers and technology industries overthe last few years. Fog is highly distributed and consists of awide number of autonomous end devices, which contribute tothe processing. However, the variety of devices offered acrossdifferent users are not audited. Hence, the security of Fogdevices is a major concern in the Fog computing environment.Furthermore, mitigating and preventing those security measuresis a research issue. Therefore, to provide the necessary securityfor Fog devices, we need to understand what the security concernsare with regards to Fog. All aspects of Fog security, which havenot been covered by other literature works needs to be identifiedand need to be aggregate all issues in Fog security. It needs to benoted that computation devices consist of many ordinary users,and are not managed by any central entity or managing body.Therefore, trust and privacy is also a key challenge to gain marketadoption for Fog. To provide the required trust and privacy, weneed to also focus on authentication, threats and access controlmechanisms as well as techniques in Fog computing. In this paper,we perform a survey and propose a taxonomy, which presents anoverview of existing security concerns in the context of the Fogcomputing paradigm. We discuss the Blockchain-based solutionstowards a secure Fog computing environment and presentedvarious research challenges and directions for future research.

Index Terms—Fog security, IoT security, access control, Fogcomputing, authentication, trust management, privacy, threatsand attacks, auditing, Blockchain.

I. INTRODUCTION

THE computational world has become very broad andcomplicated as our expectation is going beyond con-

necting people. We are about to approach a new era, whereeverything will be connected. With the swift development oftechnology, many individuals and organizations are starting toprovide services to users with the help of their smart devicessuch as cell phones, home appliances, vehicles, wearableembedded devices, sensors, and actuators. The underlyingwork is performed by massive-scaled wireless sensor networksand realms of connected devices, which is aptly termed as

A. A. Patwary and A. Fu are with the School of Computer Science andEngineering, Nanjing University of Science and Technology, Nanjing 210094,China. e-mail: alnoman [email protected], [email protected]

R. K. Naha, S. K. Battula, S. Garg, M. A. K. Patwary and E. Aghasianis with School of Technology, Environments and Design, University ofTasmania, Hobart, TAS, Australia. e-mail: [email protected],[email protected], [email protected], [email protected], [email protected]

Manuscript received XXX XX, XXXX; revised XXX XX, XXXX.

the Internet of Things (IoT). IoT has achieved much attentionover the last couple of years and has been enumerated as thepredestination of the Internet. Technology consulting organi-zation Gartner highlighted that the total number of connecteddevices by the year-end of 2020 [1] would be more than20 billion devices that exist across various consumers andbusiness organizations. Moreover, Norton security organisationpredicted that by 2025 there will be more than 21 billiondevices [2]. As IoT continues to flourish, a huge number ofsensors have been devoted to diversified devices, which areswiftly leading to an increased amount of generated data andstorage requirements on a regular basis [3].

Although we are used to depending on the cloud forIoT application processing, the exponential growth of IoTdevices continues to generate huge amounts of data, whichmeans we will be unable to depend on any central entitysuch as the cloud computing paradigm to process these hugeamounts of data. The Fog computing paradigm is evolving toserve various services while simultaneously managing numer-ous sensors, actuators, users, processes, and connectivity byplacing processing facilities closer to users. Also, the edgedevices generate data from their designated areas and linkwith each other or transmit to the neighboring Fog nodes forsupplementary analytics and decisions. The Fog computingparadigm can solve the time-sensitive application processinglimitations of the cloud as well as supporting IoT applications.Fog devices reside at the network edge to facilitate computingservices near to the users and deliver services as well asapplications for billions of connected devices. This helps tosupport real-time processing, storage and networking facilitiesat the edge level [4].

Since smart devices or Fog devices are categorized asresource constraints, the Fog computing paradigm will facemany challenges such as the limitations of storage, bandwidth,battery, and computation power, which leads to obstruction inthe rise of IoT. To overcome the encumbrance of these limita-tions, the cloud computing paradigm is perceived as a talentedcomputing archetype, which can distribute services to the edgevia the cloud in terms of Infrastructure as a Service (IaaS),Platform as a Service (PaaS) and Software as a Service (SaaS)solutions which offer applications and services with resilientresources at low costs [5]. Over the last decennium, cloud com-puting has obtained an immense reputation among researchers.Real-time IoT application services and information access are

arX

iv:2

003.

0039

5v1

[cs

.CR

] 1

Mar

202

0


possible any time and anywhere via this paradigm. Cloudcomputing also offers diverse features to users such as easeof access to information, cost efficiency, quick deployment,backup, and recovery. Although cloud computing has fulfilledmost of the demands of modern technology, it may not bea suitable solution as there are still unresolved problems,whereas IoT devices and applications need to be processedswiftly. This is beyond the existing capabilities of cloud com-puting. Hence, security and privacy, data segregation, mobilitysupport, low latency, location-awareness, geo-distribution, andreal-time applications are required for IoT applications. WhileFog computing offers a much more advantageous system asopposed to cloud-based systems, there are several securityissues at hand which can cause interruptions to the waydeployment is carried out using Fog computing.

In reality, due to the associated privacy and security risksfor cloud-based systems, nearly 74% of Information and com-munications technology (ICT) executive officers have rejectedadopting cloud computing [6]. Fog computing is not at amature stage and continues to face new challenges due to itsexclusive features. In the Fog computing environment, mostdevices are managed and maintained across different users.The Fog computing paradigm uses idle resources generatedfrom user devices. These devices are not audited by anystandard body, which raises security concerns in the Fogenvironment. On the other hand, secure and fast authenticationmechanisms are required for Fog since many devices areinvolved in the Fog application processing. Furthermore, wehave to be very concerned about access control since most ofthe application processing is carried out in the user devices.The security issues across various layers of the Fog computingenvironment is presented in Fig. 1.

A. Existing related surveys on Fog computing security

There has been a variety of techniques proposed in theliterature to address the security issues of the emerging Fogcomputing. Most of these research papers either presentedFog security concerns or merely focused on one aspect ofFog security. Here, we have summarized and given a conciseoverview with regards to Fog security by combining theopinions across several of these research works.

Yi et al. [7] briefly examined various security issues andtried to identify various challenge domains corresponding tothe solutions of the Fog computing environment. Zhang etal. [8] discussed and analyzed the adhering potential securityand trust issues, and explored solutions which are currentlyavailable for those issues. Khan et al. [9] explored commonsecurity gaps in Fog computing from the existing surveys.Alrawais et al. [10] investigated and discussed the variousprivacy and security issues in Fog computing environments.Rauf et al. [11] discussed IoT, Fog and their security issues.Stojmenovic et al. [12] investigated intrusion detection andauthentication techniques in Fog computing. Wang et al. [13]presented and discussed the concerns and challenges in Fogforensics and security. Recently, Roman et al. [14] exploredpotential threats associated with the mobile edge, mobilecloud, and Fog computing.

In current literature, there is a gap in the aggregation ofall Fog security-related issues. None of the literary workspresented a critical evaluation of all aspects of Fog security,as has been done in this paper. Neither did they discussFog security issues from the auditing perspective. Differentstudies regarding Fog computing security and privacy did notcover the various security issues related to the Fog computingarchitecture and its environment. In this paper, we will exploreand explain various security concerns related to the Fog com-puting environment from the auditing perspective. Since Fogcomputing extends to the cloud system, therefore, most of thecloud computing security concerns [15] are being inherited andimpacts Fog computing as well. We have focused our attentionon significant security, threats and attack issues such as trustmanagement, privacy, authentication, and access control. Welinked these security concerns with Fog and explained howthese concerns could affect Fog security. In addition, wediscussed how blockchain could mitigate some Fog relatedsecurity issues. We have systematically focused our attentionon significant security and threat-attack issues from severalselected sets of papers to provide a detailed landscape in thisfield./

B. Research Motivation

Cloud computing is already recognized by its widespreaddeployment amongst its targeted environment. However, itfaces numerous obstacles such as latency, bandwidth, Qual-ity of Service (QoS), trust, security, privacy, trust, threats,and attacks, etc. during the early stages of its deployment.Therefore, privacy and security are the key challenges for thecloud computing paradigm. In the case of Fog computing, itwas inaugurated as a new computing paradigm, which hasemerged over the last few years as a bridge between clouddata centers and edge devices or IoT devices. The main aimof Fog computing is to improve the existing problems of cloudcomputing by improving the communication latency, real-timeprocessing, privacy and security. Nevertheless, Fog computingalso faces many privacy and security concerns as it is inits early stages. User devices and end devices are the maincomponents for computation in the Fog environment, whichis not usually audited by any security standard. Therefore, thekey aim of this work is to come up with a methodical reviewon state-of-the-art approaches and techniques in accostingFog computing security and privacy issues from the auditingperspective and pinpoint challenges as well as the possibledirection for researchers and application developers.

1) Paper Selection Approaches: To exploit the coverage ofthe searched literature in this work, we began by identifyingthe most used alternative words and synonyms in the researchquestionnaire. Therefore, we conducted our selection strategybased on our proposed taxonomy and Table I searchingcriteria. We first categorized the current research securityissues and challenges for Fog computing into six categories:1. Trust, 2. Privacy, 3. Authentication, 4. Access-Control, 5.Threats and Attacks, 6. Security Audit. We also looked intothe security issues and solutions of other areas such as cloud,edge computing, and blockchain which could suit the Fog


Fig. 1. Security issues and attacks at each layer

computing environment. In order to focus on the most relevantarticles based on the aims of our research, we also constructeddifferent search strings using Boolean AND and OR operators.Then, we conducted a manual search (Fog computing securityissue or privacy and security issue in Fog computing), usingdifferent search engines such as Google, Bing, Baidu etc. inthe area of cloud, Fog computing security based on the searchcriteria in Table I. The same approach was applied in renownedscientific research databases such as Google Scholar, ACMDigital Library, IEEE Xplore, Springer, Science Direct andResearchGate. Fig. 2 presents our paper selection approach.We used the tool Mendeley and Google Scholar to managecitations from all extracted articles. We conducted our paperselection and evaluation based on the various criteria as shownin Table I.

2) Evaluation of Results: After the initial exploration usingseveral search strings from the sources above, we found almost220 relevant papers and articles. After searching, filtering,inclusion and exclusion reviews, 127 articles were matchedfrom the first filtration. With respect to our taxonomy, we haveseparated all these papers into various partitions.

3) Research Questions: This work is going to answer thefollowing research questions:

Q1 What are the different security issues in Fog which needfurther investigation?

Q2 What are the all security aspects of Fog and how tocategorize them?

TABLE IPAPER SELECTION CRITERIA

Sl. No. Criteria

01 Relevant to study of the cloud or Fogcomputing

02 Directly or indirectly related to cloud and Fogcomputing security

03 Fog computing security issues04 Security and privacy issues in Fog computing05 Security and trust issues in Fog computing

06 Authentication and authorization in FogComputing

07 Authentication and access Control in FogComputing

08 Privacy preservation in Fog computing09 Threats and attacks issues in Fog computing10 Security auditing standards in Fog computing

Q3 How current research works addressed Fog security con-cerns? What are the other possible solution and what se-curity concerns need attention to the research community?

Section II to IV are answering our first two researchquestion. The third research question is answered by sectionIV, V and VI.


Fig. 2. Paper selection process.

C. Our Contributions

This survey is intended to provide an exhaustive reviewacross current studies by covering all related Fog securityissues and challenges. This work also concentrates on con-structing a review of Fog computing with a focus on the relatedchallenges and security issues from the auditing perspective.The principal contributions of this study can be recapped asfollows:

• Propose a taxonomy based on various security issues suchas authentication, access control, privacy preservation,trust management, threats, attacks, and security auditingwhich are challenging for the Fog environment.

• Highlight and discusses various threats and attacks whichmight be severe in the Fog environment.

• Discuss probable challenges and future research direc-tions in Fog computing with respect to security.

• Explain how blockchain and auditing could help to mit-igate Fog security challenges.

The rest of the paper is organized in the following manner- Section II provides an overview of Fog computing. SectionIII discusses the network and data security issues. Section IVdemonstrates the proposed taxonomy on security issues in Fogcomputing. Section V discussed blockchain technologies inFog and present how blockchain technology can be utilized toimprove Fog security. Section VI and VII present the researchchallenges, future research directions, and conclusions.

II. AN OVERVIEW OF FOG COMPUTING

Fog computing ideally demonstrates the concept of a dis-tributed network environment that connects two different en-vironments and is closely linked with cloud computing andIoT. This new computing paradigm was initially and formallyintroduced by Cisco to extend the cloud network to the edgeof the enterprise network [4]. The architecture of a Fogenvironment has three layers - the IoT layer, the Fog layer andthe Cloud layer, as shown in Fig. 3. The IoT layer consistsof a massive amount of sensors and end devices. This layer

Fig. 3. The Architecture of Fog Computing.

is liable for collecting and sending the data generated fromdevices to the Fog devices in the Fog layer. The Fog devicesin this layer then process the received data and send the resultsto the cloud to store for future use. Individuals or organizationsare providing Fog devices to process the applications in a Fogenvironment by contributing their idle resources. The providersshould compensate for their offered resources based on theusage in a way that both provider and user will be benefited[16].

In literature, there exist similar Fog like technologies suchas Edge Computing, Mobile Cloud Computing (MCC), CloudComputing, Mobile Edge Computing (MEC), Cloudlet, FogDew Computing, Dew Computing and Micro Data Centre[17], [9]. However, the key difference is that it creates anenormously virtualized platform that offers diversified compu-


TABLE IIEXAMPLES OF FOG APPLICATION

Applicationdomain

Applicationservice Description

Smartcity [18] [19]

Smart homeand Smartoffice

Provides automation control inhome to control the electricalappliances and security and alarmsystems

Electric-ity [20][21]

Smart gridand Smartmetering

Provides monitoring and trackingservice of energy hourly or daywise etc.

Health-care [22]

Smart healthmonitoring

Provides continuous monitoring ofglucose, blood pressure, pulse rateetc.

Entertainment

AugmentReality

Provides the best user experiencein Augmented Reality

[23]

Real-timevideostreamingand gamingsystem En-tertainment

Provides the best user experiencein video streaming and gamingsystems

Transportation

Smartvehicle Driverless vehicles

Smartnavigation

Suggests best routes and dynamicrerouting

[24] [25]Roadconditiondetection

Auto detects the condition ofroads and adjusts the parametersto drive according to it

Smart trafficlights

Reduce the traffic jams across thejunctions

tation, storage, and network services to its clients via unusedend-device resources. With the features and characteristics ofthe Fog computing continuing to improve, the performances ofa wide range of domains across different real-time IoT specificapplications such as City: smart office, smart home, smartwaste management; Electricity: smart grid; smart metering,Health: smart health care system, Transportation: smart vehicleaccident prevention; traffic flow maintenance; Smart TrafficLight System (STLS); Traffic control system, Entertainment:real-time video streaming and gaming systems are shown inTable II.

The features and characteristics of Fog computing are asfollows [4]:

• Support Geographic Distribution• Location Awareness• Low Latency• Heterogeneity• Decentralization• Large Scale QoS-aware IoT Application Support• Mobility Support• Interplay with Cloud• Context Awareness• Online Analytics• Predominance of Wireless Access• Close to the end users• Save storage space• Higher Scalability• Save Bandwidth• Real-time Interaction• Data security and privacy protection• Low energy consumption

However, Fog computing has provided numerous other is-sues and challenges such as security and privacy. The technicaldistinctions between Fog and cloud computing from a securityaspect are exhibited in Table III. The OpenFog Consortium,technology giants, researchers and developers are stronglytrying to mitigate these issues. Therefore, if they were ableto attenuate all these issues, then it would be deemed capableto deal with the constantly increasing number of networkedcomputational devices. This would then make the Fog platformthe future of computing.

In accordance with the study of Fog computing character-istics, we have illustrated a differential table based on cloudand Fog features - Table III. Finally, we have pointed outa few challenges that exist for the current cloud technology.Therefore, we have also illustrated a table and highlighted howFog eliminates these challenges - Table IV.

TABLE IIITECHNICAL DIFFERENCE BETWEEN FOG AND CLOUD IN A SECURITY

PERSPECTIVE

Attributes CloudComputing Fog Computing

Securitymanagement Centralized Distributed

Security concerns General servers Heterogeneousdevices

Attack and threatlevel Low High

Security domain Within theInternet

At the edge of thelocal network

Security patternNo userdefinedsecurity

User definedsecurity

Security Audit andAnalysis

Static ormanualapproach

Software basedautomateddynamic andreal-time approach

As Fog devices are much more distributed and belongs todifferent users, security auditing is very important. In orderto audit the security of Fog devices, we need to explore thenetwork and data security issues related to Fog.

III. FOG NETWORK AND DATA SECURITY

Ensuring security for both network and data in Fog is achallenging task due to the vastly distributed nature of Fogcomputing. Most of the Fog devices are wireless, and data isprocessing in the user’s devices. This section discussed thenetwork and data security of Fog in detail.

A. Network Security

Due to the massive deployment of wireless networks inthe Fog environment, ensuring security in these networksis a mandatory concern. Wireless networks are prone toattacks such as jamming, sniffers, spoofing, Man-in-the-middle(MITM), etc. These attacks can affect the wireless networksecurity of Fog computing, which can take place betweenthe cloud to things continuum. In general, the users trust thenetwork configurations and data generated by the network


TABLE IVSECURITY CHALLENGES AT FOG

Challenges Role of Fog

Security ofcomputing andaccess control

With Fog, the computation, process,storage and control of sensitive tasks aredone as near as possible to the end user’sdevice. In this distributed environment, allthreats and attacks first need to be facedas Fog nodes, where Fog nodes are ableto identify all illegitimate activity and canprevent any incidents before they arepassed through to the system.

Security of datastorage and usersprivacy

In Fog environments, data is originatedfrom, or to sent to the end-user deviceswhich are managed and preserved viasecure Fog nodes. Hence, the data wouldbe better preserved than stored in theuser’s device and more available than if itwas maintained in remote data centers.

Security ofcommunicationand networkingsystem

A Fog network is connected by animmense collection of Fog nodes, and itcan provide uninterrupted securecommunication and networking servicesby residing near the end user’s device.Fog reduces the chances of variousnetwork and communication attacks.

Security of theresource-constrained IoTdevices

A lot of IoT devices or end devices haslimited resources. Hence, due to theselimited resources, the IoT devices havelittle or no capability to defendthemselves from sophisticatedcyber-attacks. Fog nodes and cloudservers together can provide multi-levelprotection, i.e. ”defense-in-depth”.

Real-time incidentresponse services

In Fog networks, the Fog nodes are ableto provide real-time incident responseservices that notify the IoT systemwithout disruption of any services.

Security challengesin the edgenetwork

Because of the lack of available resourcesto end devices, Fog can manage andupdate security mechanisms such asauthentication, access control, trustmanagement, etc. Therefore it can alsoprotect devices that cannot protectthemselves adequately.

Securitycredentials andsoftware up to date

It is impractical to require that all thedevices are connected several times a dayto cloud for the security credentials andsoftware to be updated. However, Fognodes are able to manage securitycredentials and software updates on alarge number of devices simultaneously,based on their criteria without downtime.

Monitor thesecurity status

In the IoT environment, it is crucial to beable to notice trustworthy processes,whether the devices and systems areoperating safely and securely. Many oftoday’s hackers send false status messagesthat make operations appear normal. Fogprovides a scheme to monitor securitystatus in a trustworthy manner and candetect these types of attacks.

traffic which is usually managed manually by a networkadministrator [26]. As Fog nodes placed at the edge of thenetwork, therefore, it would be an unmanageable task forthe network administrator. In such a scenario, the SoftwareDefined Network (SDN) will increase the scalability of thenetwork and decrease the cost. Hence, SDN would be apreferable solution in Fog computing [7]. In Fog computing,SDN can provide features for network security, for examplemonitoring networks and Intrusion Detection System (IDS),as well as watching the traffic routes which is referred to asCloudWatch [27] and OpenFlow [28]. It also helps to isolatethe traffic and manage prioritization to prevent attacks fromnetwork resource access controls and congested networks.Klaedtke et al. [29] proposed a method for access control thatwas based on OpenFlow and for a network resource sharingsystem. The authors [30], proposed an OpenWifi, which gaveauthentication to the guest users by letting them have accessto the Fog node router in context with the security issues.

B. Data SecurityIn Fog computing, data generated by IoT or edge devices

are gradually increasing respectively with the number of IoTdevices. Due to a lack of adequate resources for IoT devices, itis hard to process all the data on IoT devices [10]. IoT devicessend the generated data to the nearby Fog node. After that,this node divides the generated data into several segments andforwards them to multiple Fog nodes for further processing.During this division and distribution time, the data could bealtered or manipulated by attackers. Therefore, the integrityof the data must be ensured. Hence, the encryption anddecryption process is not easy to implement due to associatedresource constraints. In this case, light-weight encryption anddecryption techniques would be a compatible solution [31].However, user data is being outsourced as well the user’sdata control which is handed over to the Fog node. This stillbrings about the same security threats associated with cloudcomputing. In this circumstance, there might be a chance tolose or modify the outsourced data. In addition, illegitimatethird parties with malicious interests might misuse the storeddata. To mitigate these threats, a proposed solution is topresent auditable data storage services, which are applicablefor cloud computing data protection. In the context of a cloudstorage system, a well-known technique is a homomorphicencryption and searchable encryption, which could be usedto accumulate and ensure integrity, confidentiality and veri-fiability to permit a client to investigate the data which isstored on untrusted servers [32]. Yang et al. [33] surveyedthe existing research work related to auditing data storageservices in the context of cloud computing. Eventually, fromthe circumstances above, there is still no proposed methodthat can meet the criteria based on a three-tier architecture forFog computing. Nonetheless, it is a challenging task to designa secure storage system, which will satisfy all requirements(dynamic processing, low-latency, high-scalability, etc.) andsupport smooth communication between the Fog and cloudenvironments. To detect network and data attacks in Fog weneed to employ an Intrusion Detection System (IDS) acrossvarious layers.


Intrusion Detection System (IDS) is extensively used incloud systems to identify and help protect from attacks, such asDenial of Service (DoS) attacks, insider attacks, port scanningattacks, flooding attacks on the VM (Virtual Machine), man-in-the-middle (MITM) attacks, hypervisors, as well as numeroussystems [34]. It can be deployed under Supervisory controland data acquisition (SCADA) [35], cloud [34], smart gridsystem [36] [37] etc. It can also monitor, detect intrusivebehavior of possible attackers, as well as analyze log files,access control (AC) policies, and user access credentials. Inthree-tier architecture Fog computing, IDS must be deployedin the cloud, Fog, edge for monitoring, analysis of trafficand intrusive activities of cloud servers, Fog nodes and edgedevices. However, establishing security alone is not enoughto provide the necessary protection against the propagation ofviruses or malware from vulnerable nodes to other parts ofthe system. With regard to this situation, there may arise chal-lenges such as corrective responses, alarm parallelization, falsealarm controls, and real-time notification [38]. A probablesolution could be to deploy a perimeter IDS that coordinatesdifferent IDS in the Fog system [39]. On the contrary, whileensuring security in the Fog computing environment throughIDS, several challenges may arise in terms of providing low-latency requirements [7].

C. Security Standards in Fog

Security standards form a vital part in maintaining protec-tion for information systems. These standards are responsibleto define the scope and security functions and features needed,as well as policies, in order to manage the information andhuman assets. Standards also help to evaluate the effectivenessof security measures and maintain the criteria for ongoingassessments of security. It is a necessity to consider propersecurity standards and commonly used security practices inthe Fog computing environment in order to develop a feasiblechoice for the enterprise community.

IEEE 1934 [40] is a standard reference architecture forFog to satisfy data-intensive application requirements. Thisarchitecture was proposed based on eight key attributes of thesystem, for example, RAS (reliability, availability, and ser-viceability), scalability, autonomy, openness, security, agility,hierarchy and programmability. For auditing purposes, weneed to figure out the taxonomy of Fog security issues. Bywhich, we can then identify what to audit and how to performauditing in Fog by following recommended standards.

IV. TAXONOMY OF SECURITY ISSUES IN FOG COMPUTING

Fog is an augmentation of cloud computing which has manysecurity issues. In this study, we have proposed a taxonomy,which is based on various security issues such as trust manage-ment, privacy assurance, authentication, access control, threats,attacks and vulnerabilities adhering to the Fog computingenvironment for auditing purposes. In the trust managementsection, we have discussed trust, the scope of trust, trustmodel and the potential attack on the trust computation area.In the privacy assurance section, we have discussed different

privacy issues and privacy preservation techniques. In authen-tication, our observation relates to authentication domains,methods and potential attacks on the authentication processes.In the access control section, we identified the controllingarea, requirements and access control methods. Finally, wesummarized several threats, attacks, and vulnerabilities. Thistaxonomy offers a better understanding of Fog security issuesto the research community and enterprises. Fig. 4 representsthe proposed taxonomy and concise derivation of each sectionin the taxonomy, which will be described in the followingsubsections.

A. Trust and Trust Management in Fog Computing

The definition of trust does vary across different fields.Trust is the level of undertaking that an entity will treat inan appeasing way [41]. Although this definition does notrepresent the proper trust definition according to the fieldof computing, it can be characterized as an “expectationthat a device or system will faithfully behave in a particularmanner to fulfill its intended purpose” [42]. Therefore, trustcan support the devices that failed to communicate with eachother and desire to establish a new connection. A Fog nodemight be considered safe or unsafe by relying on their trustlevel.

Trust management is considered in order to establish trustbetween entities. It is a system or mechanism that takes placebetween two nodes in a network to established trust. It wasfirst introduced by Blaze et al. [43]. They defined the problemof trust management as “the problem of figuring based onformulated security policies and security credentials if a set ofsecurity credentials of an entity satisfies the security policies”.Trust management examines the way of collecting and storinginformation to ensure the trustworthiness of an entity. It canbe measured with creation, updating or revoking the trust [44].

In Fog computing, the devices are responsible to providereliable and secured services for end-users. In this case,there must have a definite level of trust between all thedevices in the Fog network. Authentication plays an importantpart in forming a primary set of relations between the enduser’s device and Fog devices in the system. As devices canalways breakdown or become vulnerable to malicious attacks.Authentication alone is not adequate to fix these problems.Fog computing has an aim to elevate the trustworthiness of theoverall network. In cloud platform technology, the data centersare typically owned and maintained by cloud service providers.However, in the Fog platform, dissimilar parties may act asservice provides as diverse deployment options exist in suchsystems [7] such as Internet service providers, Cloud servicesproviders, and End-users. This flexibility makes obscure therequired trust for Fog computing. Therefore, based on thesecircumstances, numerous problems arise in the Fog computingenvironment as follows:

• In the Fog environment client is a node that can apply therequired services as presented by the Fog device. Hence,Fog devices are retained and upheld autonomously andoperated by various organizations or parties. In such acase, Fog clients are required to be more vigilant in


Fig. 4. A Taxonomy of Security Issues of Fog Computing.

the time of communication with Fog nodes. Generally,different possessors preserve security in different ways,and the security amongst Fog devices positioned in thesame organization may also be dissimilar in context.Therefore, from a Fog client’s observation, Fog nodesindicate a potentially great threat.

• From a Fog node’s perspective, the client is also consid-ered as a potential threat. These services can compriseof various scripts or harmful cipher with destructiveconsequences to the Fog node’s software or hardware.

• Data is collected from the Fog clients through the Fognetwork and it can be used for further work. However,after the data is collected from Fog clients, it might becorrupted or lost during the propagation process.

• Fog nodes can be deployed by anyone or any organiza-tion. Therefore, setting up a Fog node that may become athreat to the whole network may be complicated [12]. Arouge Fog device can send illegal data and run over theentire network, which can have undesirable influences onthe entire network performance and amplify the packetloss. This compromises Fog nodes or rouge nodes whichcan hamper the legitimate nodes in the Fog network.

• Usually, Fog nodes can be installed or deployed near theend-users, so that Fog nodes are easily accessible andcan be tampered with spontaneously. If node hardwareor software is tampered with, it will become a potentialthreat for the entire network. Therefore, data that is sharedwith the tampered Fog device can be exposed or revealedto unauthorized entities.

• Any Fog device which is compromised can be a sourcefrom which originates malicious objects which can im-pact the reliability of the whole Fog network.

In such scenarios, trust helps to maintain the relations builtupon preceding interactions of devices or entities. Trust mustplay a two-way responsibility in the Fog environment [45].First, the nodes that provide services to edge devices must becompetent to authenticate the service requests to comprehendif the request is fake or genuine. Second, the edge devicesthat send or request data must be competent to authenticatethe intentions of the node to guarantee its security. Therefore,applying the trust mechanism in the Fog environment permitsFog nodes, resource-limited IoT devices, and other Fog clientsto identify the future behavior of one another. When identifi-cation of future behavior becomes probable, then Fog clientscan easily choose a trusted Fog node that will provide the bestservices. As a sign of the problems presented in the solutionof trust management, for a Fog system, there is a need toidentify and detect all accidental or intentional behavior whichcan enable authorities to take the necessary action and rebuildthe trust formation instantaneously [7]. The key factors thatinfluence Fog computing are trust scope, trust characteristicsand trust evaluation models.

Trust Scope: Guo et al. [46] demonstrated current methodsof trust computation in the IoT system. They categorizedthe trust computing scheme into five scopes: aggregating,formation, update, propagation and trust composition. We canconsider this scope of trust for the Fog computing environmentas well. This segment will demonstrate each of these scopesin detail as below:

• Trust Aggregation: collect all the recommendationsfrom others and combine them with one’s own experi-ences in the trust computation which might be essential.Trust Aggregation elects how this is accomplished.

• Trust Formation: this defines the way to enable a


combination of trust properties by trust composition.Some methods just study one property, and others reflecta mixture of some properties.

• Trust Update: it shows how often the trust values areupdated. Periodical updates and Event-driven are two keymethods.

• Trust Propagation: it decides on how to select a dis-tributed or centralized process to compute and store thetrust.

• Trust Composition: it defines a group of trust properties.It chooses what components have been used in the trustcomputation process. Social trust and service quality arethe two key elements.

Characteristics of Trust in Fog Computing: This sectiondescribes the characteristics of trust in Fog computing. Variouscharacteristics of trust that help develop trust relationshipsrelated to the understanding of Fog computing much further.The authors [47] defined a few characteristics, which can beretained for the Fog environment.

• Is trust dynamic? Trust requires to be dynamic be-cause of two reasons. First, the Fog system networktopology is changing continuously as new devices joinor leave concurrently on the Fog network. Then, devicesin the network may deflect their behavior successively.Therefore, trust should be monitored uninterruptedly. Forexample, for the past year, entity A had a high trusttowards entity B. However, recently, entity A found thatentity B lied to entity A. Consequently, there is no trustbetween these two entities anymore.

• Is trust subjective? Although Fog networks are formedwith a wide range of objects or devices, its security re-quirements vary from object to object or device to device.So, their trust properties are different, which is carried outmore importantly over other properties. Having differenttypes of trust policies for different objects, the trust willbe subjective.

• Is trust transitive within a context? Following subjec-tive issues, each device has a distinct security policy ofits own. That is, if device A trusts device C, then deviceA may trust any device that device C trusts in the samecontext. However, this concludes that the trust might beexplicit and difficult to be measured.

• Is trust asymmetric? Trust is an asymmetric relationshipin nature. Being asymmetric in nature, trust is contrary tonon-mutual relationships. It means that if device A trustsdevice B, we must not suggest that device B trusts deviceA.

• Is trust context-dependent? Context is significant interms of Fog computing [48] and at the same time, it issignificant in terms of trust computing as well. Suppose,we might trust a friend to keep a secret, but not to keepour money with him. The same scenario can be appliedin the Fog environment. One Fog device can be trustedto accomplish a particular task for a client in the Fogenvironment, but for another task, it may not trust thesame Fog device. Therefore, in this situation trust needsto be context-dependent.

1) Trust Evaluation Models: Although Fog computing isvulnerable to any sort of illegitimate entity, it is important toensure an effective and secure trust model that is compatiblewith trust computation in Fog computing.

While trust is classified amongst the imperative securityrequirements in Fog, there is quite a limited range of studiesin the field. Most of the studies have just concentrated on thefield of cloud computing.

Till now, there is no strongly recommended trust model forFog computing, but we can enumerate already existing trustmodels from IoT and cloud computing. In this section, weare going to discuss a few renowned trust models which arecompetent for Fog computing.

• Reputation-based: The reputation-based trustmodel [49] is broadly applied in peer-to-peer (P2P),e-commerce services, social media, and user reviews.Occasionally, the fame of a service provider is beneficialto select amongst diverse service providers. Damiani etal. [50] demonstrated a reputation system model for P2Pnetworks by applying a distributed polling algorithm toevaluate the consistency of the model. As this modelsturdily relies on a general view, it is not appropriatein Fog computing as the nature of the end devices isdynamic. Moreover, Abhijit et al. [51] introduced atrust-based model to provide application layer securitythat can deal with the issues of user privacy, integrityand authentication. Hence, it will function as a trust-related safeguard in the Fog ecosystem for IoT relatedapplications.

• Plausibility-based: Soleymani et al. [52] proposed anexperienced and plausibility-based fuzzy trust model tosecure a vehicular network. In a vehicular network appli-cation, it is significant to establish a trust to keep integrityand reliability. Hence, in vehicular environments, a securetrust model can handle the uncertainty and risks originat-ing from defective information. Eventually, there are alsoseveral trusted models [7] regarding special hardware.

• Trusted execution environment (TEE): TEE is an iso-lated environment, which guarantees the confidentialityand integrity of code and data by executing in the securearea inside a processor.

• Secure element (SE): SE stores sensitive informationsecurely and run the apps in a microprocessor chip toprotect the data and application from malware attacks.

• Trusted platform module (TPM): TPM stores the hostidentification key pairs, which are used for hardwareauthentication inside a specialized chip. The data insidethis chip cannot be accessed by software.

2) Attacks on Trust Computation Environment: In Fogcomputing, while Fog nodes and clients are communicatingwith each other, they must establish a connection with greatertrust value in the Fog network. For Fog nodes and clients,the highly trusted nodes and clients will be selected andaccepted frequently rather than Fog nodes and clients withlower trust. It helps to speed up the overall performance ofthe Fog network [46]. Malicious intruders will impersonatetheir nodes as highly trusted nodes, so that, they can gain the


possibility of compromising a network. In this segment we aregoing to define several types of attacks which might occur inthe Fog network:

• Self-promotion attack (SPA): in SPA attack, the mali-cious Fog nodes increase their trust values to impersonatethemselves as the highest trusted nodes.

• Bad-mouthing attack (BMA): this attack works byspreading fictitious information. Several malicious Fognodes work together to provide depraved suggestionsabout a decent Fog node, which will damage the fame ofthose nodes. This is a form of a collision attack, and ithappens when numerous malicious nodes come togetherto spread false information.

• Ballot-stuffing attack (BSA): this attack is similar to thecollusion attack, where a malicious node transfers decentsuggestion regarding another wicked node to raise thefame of the malicious nodes.

• Opportunistic service attacks (OSA): after assumingthat the fame has been lowered down by the Fog node,it can achieve a great service to retrieve its reputation.

• On-off attack (OOA): A malicious Fog node can providebad and good services simultaneously to avoid beingrated as a low trusted node. The OOA attacker can alsobehave differently with different neighbors to achieve aninconsistent trust opinion of the same node.

In accordance with the study above and based on differentissues, we have illustrated, a summary table on the existingrelated research works related to trust issues are shown inTable V.

B. Privacy in Fog Computing

Privacy is a key issue in any distributed environment. Acrossavailable literature, there are many mechanisms, which havebeen proposed to ensure the privacy of the data, such asencryption and hashing. However, these techniques are notsuitable in the Fog, because it affects the latency and timeto process the application. The remaining part of the sectiondiscusses in detail the privacy assurance issues.

Privacy Assurance: Privacy assurance helps to preserveany private information, such as data, user, usage, locations,devices, network from unauthorized access [56] [57]. In FogComputing, all the data used comes from various sources likeIoT devices, wireless networks as well as cloud networks.These data might be meaningful or meaningless, but we needto preserve it. Thus, appropriate privacy assurance can betreated as a substantial security issue in the Fog environment.There are also a few encounters ascends for privacy preser-vation, as the nodes are located adjacent to the end-users andthey can gather sensitive information [7].

1) Privacy dimensions: Fog computing is used to workwith sensitive information which is generated from severalsources. For securing these types of sensitive information,privacy is one of the most significant problems in Fog com-puting. There are lots of privacy issues that arise in the Fogenvironment. In the following section, we are going to describeFog computing privacy issues from a different perspective:

• Users Privacy: usually Fog computing consists of a largecollection of IoT enabled devices which are connectedthrough sensor or wireless network. Therefore, IoT de-vices are used to generate sensitive data at the userlevel and upload it to Fog nodes for further processing.Sensitive data such as personal data, home-automateddata, business data, health data, etc. By analyzing all thissensitive information, an intruder can reveal a lot abouta user’s personal data and gain adequate knowledge.

• Data Privacy: as we already know that, Fog node worksat the edge plane of the network and it generally collectssensitive data that is generated by various sensing andend-user devices. Hence, Fog nodes are managed bythird parties. So, when all the unprocessed data are beingaggregated in the Fog layer, there might be a chance to(compromise, alter, miss-match, etc) the data. Under suchcircumstances, we need to indemnify the privacy of thesedata. Usually, Fog nodes send requests to the end-usersto send their private data to them, in order to furtherprocess it, store it temporarily, and finally, send data tothe cloud for permanent storage. Therefore, users will nothave control over the data where all the access and controlwill be transferred to the Fog or cloud service providers.Under such circumstances, service providers or maliciousinsiders can manipulate the stored data. This signifies aprivacy issue to the user’s data.

• Usage Privacy: this privacy issue arises when a Fogclient can avail of the required Fog services. For example,in a smart grid system, the reading of the smart meterreveals masses of information of a smart-house such asat the TV on and off time or when the home is vacant,which certainly brings privacy breaches for users [58].

• Network Privacy: wireless connectivity is comprehen-sive under the control of IoT as well as other edge devicesin a Fog computing environment. It is a big matter ofconcern, as wireless connectivity is prone to networkprivacy attacks. The maintenance cost is correlated withthe Fog nodes as it is positioned at the edge of theInternet, where network configurations are establishedmanually [7]. The breaches private data which is animportant issue while using Fog networks. The end-usersshare resources which contribute to Fog processing. Dueto this, information that is more sensitive is collectedby the Fog network as compared to a remote cloud. Toovercome these issues, an encryption scheme like HAN(Home-Area Network) might be useful.

• Location Privacy: in the Fog environment, the locationprivacy denotes to the protective techniques for breachesrelated to the client’s location. While the client uploads itsresponsibilities to the closest node, the uploaded node canassume that the client is contiguous and far away fromother Fog processing devices. Therefore, if a client in theFog environment uses multiple Fog application servicesfrom multiple locations, it may reveal its track directly tothe Fog nodes, to avoid collision amongst the Fog nodes.As Fog nodes are vulnerable to potential attacks, It iseasy to compromise the privacy by having the location


TABLE VTHE SUMMARY OF TRUST ISSUES IN FOG ENVIRONMENT FROM MAJOR SURVEY PAPERS

Reference Paper Highlights/Objectives Achievement and Limitation

Rauf et al. [11]

• Propose a risk-based trust model for the IoTenvironment.

• Dynamic domain adaptive security solution.• Parameters such as availability, reliability, re-

sponse time, etc. used.• Direct and indirect observation also used for trust

computation.

• The system can compute trust as well ascompute risk levels of the system.

• Layer-wise Various attacks discussed.• The system will provide trustworthy informa-

tion forwarding decision on the basis of trustand risk values.

Wang et al. [53]

• Performed a Fog-based hierarchical trust mecha-nism.

• Solve resource consumption problems.• Able to monitor the trust state of the whole

network.• Detect and recover data attacks and misjudgment

nodes respectively.

• Reduce consumption of the energy by thenetwork.

• Ensure the state of trust for network and edgenodes.

• Detect some attacks of hidden data.• Recover misjudgment nodes.

Rahman et al. [42]• A broker based trust mechanism approach in Fog.• Deliberate the trustworthy Fog service.• Request matching algorithm has been used.

• Applies fuzzy logic for trust evaluation.• Able to performed dynamic trust operation.• Simultaneously maintained a trust relation-

ship.

Soleymani etal. [52]

• Secure trust establishment among vehicles.• Fuzzy trust scheme based on plausibility and

experience.• Demonstrated a series of security checks.

• Can deal with uncertainties and risks.• Detects faulty nodes and malicious attackers.

Yuan et al. [54]

• Reliable and lightweight trust evaluation mecha-nism.

• More feasible against bad-mouthing attacks.• Employ fusion of Multi-source feedback infor-

mation.• Used objective information entropy theory.

• Suit for IoT edge computing on a large scale.• Facilitates low-overhead trust computing al-

gorithms.• Trust factors are weighted manually or sub-

jectively.• Gained computational efficiency and reliabil-

ity.

Dang et al. [55]

• A data protection scheme has been for Fog com-puting.

• Dynamic and can handle mobility managementservice.

• Introducing Fog-based region verification andprivacy-aware role-based access control tech-niques.

• Able to deliberate up-to-date location ser-vices.

• Efficient and feasible scheme.


credentials of the Fog clients. If the Fog clients areattached to an object or a person, then the location privacyis at risk. Whenever a Fog client frequently selects itsclosest Fog node, the node can certainly identify if theclient is using the resources residing nearby.

2) Privacy Preservation: In Fog computing, it is used tocollect and process user personal data which is desirable. So,it is evident that a proper privacy-preserving and securitymechanism is required to cope up with the Fog computingenvironment. As we know, Fog computing consists of variousdevices that are connected to IoT as well as Cloud. So, weshould apply privacy-preserving techniques between cloud andFog to maintain data privacy because both Fog and clouddevices are resourceful and have adequate storage and power.On the contrary, IoT devices have limited resources. So, it’sa difficult task to implement privacy-preserving techniquesbetween the Fog and IoT devices. It is significant because theusers and users’ may be concerned about their data whichis sensitive [59]. Different privacy preservation techniques,methods and schemes are proposed across many scenarios,including cloud [60], wireless network [61], smart grid [62],health-care systems [63], and online social network [64].

• Homomorphic encryption: There is a method forprivacy- preservation, which is homomorphic encryption(it is a method for operating encrypted data withoutdecrypting it), that can be implemented to retain theprivacy of transmitted data without decryption acrosslocal gateways [32].

• Differential privacy [65]: is to assure the privacy of ran-dom individual entries in the statistical data set. Althoughits computational overhead for such function is a big issuein Fog computing, it needs to be assiduous about theefficiency of the method.

• Identity obfuscation: There is a renowned techniquecalled identity obfuscation technique [66], where theFog node is able to recognize the Fog client is closeby, but it cannot recognize the Fog client. As such,identity obfuscation is a technique for preserving locationprivacy, as it has many methods inwardly. There is anelementary method to preserve the location privacy ofthe Fog client, whereby this client is allowed to uploadthe data between diversified Fog nodes. This methodis not efficient, because it would waste Fog resourcesand enhance the latency. As we already know, the Fogclient can choose its nearby Fog node to upload its data,so the Fog node is able to identify that the Fog clientis residing nearby, which helps to get the Fog client’slocation credentials.

• Trusted third party: Wei et al. [66] demonstrated amethod, where a trusted third party (TTP) generated afraudulent ID for each Fog client. As a matter of fact,it is not necessary that the Fog client has to choose anode which is nearby, in spite of that it can choose anynodes on the basis of a stipulated set of criteria such thatthe reputation, latency or load balancing is not affected.In this scenario, the Fog node can recognize the Fogclient’s rough location but cannot detect it exactly. In

addition, there could be a scenario whereby a Fog clientuses resources from multiple Fog nodes or the location ofthe client can be squeezed into a small region. As such,the location of the client must be within the coverage ofseveral Fog nodes. According to the described scenario,the authors [67], used a method to preserve locationprivacy.

• Data partitioning: Another probable method could beeffective for preserving user privacy by partitioning thedata into multiple Fog nodes. The usage pattern is anotherprivacy concern when clients are using Fog services. Inthis scenario, privacy-preservation techniques have beensuggested in smart metering [68], [62], but we cannot ap-ply these mechanisms in Fog computing directly, becausethere is no TTP (i.e., smart meters in the smart grid) or nobackup device. The Fogging device can accumulate thelist of tasks for user usage. The creation of bogus tasks bythe clients and uploading them to multiple nodes is onepossible solution while hiding actual tasks from the bogusones. However, this solution may not be operational as itraises the client’s expense and wastes resources.

According to the discussion above and based on differentcriteria for privacy-preservation, it has summarized into theTable VI.

C. Authentication in Fog Computing

Authentication helps to verify a user’s identity by verifyingif a user’s credentials match with the information in a databasevia the authentication server. In the context of Fog computing,authentication ensures and confirms an end user’s identity.This helps ensure that only legitimate end users can haveaccess to the Fog nodes who have met all the requirementsto be authenticated as an end-user. Authentication is one ofthe five pillars of Information Assurance (IA) [74]. In Fogcomputing, authentication of the end user’s devices permittedto Fog services is a significant requirement in the Fog network.In order to obtain the Fog services from the Fog infrastructure,an end user’s device must be authenticated to be a partof the Fog processing infrastructure by authenticating itself.Whereas it is also essential to defend against the access ofunauthorized entities. Fig. 5 shows the authentication issuesin Fog computing.

With the higher number of internet-enabled devices, au-thentication is getting more and more vital to permit securecommunication for IoT applications and home automation.Almost any object (entity) may be addressable and be ca-pable to exchange information over the network. Thus, it issignificant to comprehend that each device or application canbe potentially an intrusion point in the environment. So, it ismandatory to ensure a strong authentication mechanism foreach device or application in the Fog network system.

Although Fog computing eliminates many difficulties com-pared to primitive cloud computing, it also provides excellentservices such as mobility, geo-distribution, heterogeneity, real-time processing, etc. Similar to Cloud computing, Fog comput-ing also faces new security challenges. Due to heterogeneityand interaction of third party authorities in the Fog computing


TABLE VITHE SUMMARY OF PRIVACY ISSUES IN FOG ENVIRONMENT FROM MAJOR SURVEY PAPERS

Reference Paper Privacy Issues Highlights/Objectives Performances and Achievements

Wang et al. [69] Data Privacy,Identity Privacy

• Fog based public cloud computing.• The idea of anonymity and secure aggre-

gation techniques used.• Provide identity and data privacy.• Performed pseudonyms and homomor-

phic encryption techniques.

• Performed computation and com-munication effectively and effi-ciently.

• Can save the communicationbandwidth.

Yang et al. [70]Location privacy,

Locationverification

• Introduced secure positioning protocolsby preserving the location privacy.

• Position based advanced cryptographicprotocols have been introduced, whichpreserve the location privacy.

• Privacy is gained without uti-lizing additional computationaloverhead.

• The system is as efficient andquite practical in practice.

Kumar et al. [71] Location Privacy,Data Privacy

• Data confidentiality and location privacyare focused on.

• Discussed how to access user data.• The misconceptions about the rights of

users were discussed.• The concept of a decoy method with

some incorporation for data and locationprivacy.

• The concept of decoy methodfor data and location privacy hasbeen discussed.

• Different attackers and their inter-est in a user’s private data wasalso discussed.

Liu et al. [72] Location privacy,Identity privacy

• Fog based vehicular ad-hoc network(VANET)

• Secure and intelligent traffic light controlsystem using Fog.

• Location Based Encryption (LBE) andCryptographic computational DiffieHell-man puzzle has been used.

• Reduce the computation andcommunication overhead.

• Traffic light may efficiently verifythe authenticity of the vehicles.

• Fog device friendly and is ableto defend the Denial-of-Service(DoS) attack.

Lu et al. [73] Device Privacy,Data Privacy

• Employing lightweight privacy-preserving data aggregation method,for Fog and IoT systems.

• The homomorphic Paillier encryption,Chinese Remainder Theorem, and one-way hash chain techniques have beenapplied.

• Performed efficiently and aggre-gated hybrid IoT devices data intoone.

• Supported fault-tolerance(FT).• Prevents false data injection at-

tack by filtering injected falsedata at the network edge level.

• Computation and communicationcosts are very low.

Qin et al. [61]User’s privacy,

Network Privacy,Data Privacy

• Preservation of the privacy of the enduser’s over a radio network.

• Techniques used include commitmentschemes along with zero-knowledgeproof and random-checking monitoring topreserve the privacy of the end user andto protect the data flow over the radionetwork.

• Provides user’s privacy, data se-curity and network privacy in theFog computing environment

• Efficiency and accuracy is un-predictable in the Fog computingenvironment.


Fig. 5. Authentication issues arises in Fog Computing.

system, it leads to an increase in the scope of security breaches.In such a case, there might occur various renowned attacks(e.g. data loss, account traffic hijacking, man-in-the-middleattack, denial of service attack, malicious insider attack, etc).Therefore, it is a significant issue to think about secure Fognetworks by ensuring the security mechanism in every stage.In that case, authentication plays a key role in protectingthe Fog network. Therefore, ensuring proper authenticationmechanisms would be a suitable solution to prevent suchattacks. As Fog computing is used to provides various serviceswith low latency and cooperate with the edge devices as wellas cloud systems, by providing any authentication mechanism,there might be a chance to raise critical issues such as latency,scalability and efficiency which needs to be handled accordingto the demands of the Fog computing environment.

1) Authentication Factors in Fog computing: The authenti-cation factor refers to attributes or data that can be consideredto authenticate user access to a system. A legacy securitysystem has a few authentication factors such as the knowledgefactor, which is something users know, the possession factorwhich is something a user has and the inherent factor whichis something the user is. In recent years, other authenticationfactors have been added - location factor and time factor, alongwith the old authentication factor which are as follows:

• Knowledge Factor: the knowledge factor is any creden-tials that consist of information that the user holds, suchas Username, Password, Personal Identification Number(PIN) and answers to the secret questions [75].

• Authority Factor: the authority factor would be anycredentials that the user can own and carry with them,such as hardware devices like a mobile phone or asecurity token.

• Inherent Factor: the inherent factor is generally basedon biometric identification (fingerprints, facial, retina).

• Location Factor: the location factor itself cannot usually

refer to authentication, but it can be used with otherfactors. For example, a legitimate user normally canaccess a system from home or office in any organization’shome country. An attacker will try to access that systemfrom a remote geographical location. With the help of alocation factor, the system can prevent illegitimate userauthentication into a system or network.

• Time factor: similar to the location factor, the time factorcan be used as a supplement with other factors. It can beused together with the location factor. For example, anauthorized user can have access to a system in a specifictime period in an organization’s home country. On theother hand, an illegitimate user tries to access that systemfrom a remote geographical location of another country.Therefore, the authentication would be rejected based onthe time and location factor.

2) Authentication Measures in Fog Computing:• Lack of Transparency: The existence of SLA between

a Fog or cloud service and an end users is a vital issue inorder to establish trust. Although many SLAs have clearlydefined the privacy over the user’s sensitive data, users areunable to trust them in how the data is being governed.Hence, the SLA verification gets limited when the serviceis being directly used in the Fog layer by the end usersand a small organization, which should be monitored bya licensed third-party through SLA verification. Theremight be a lack of transparency that permits the usersto monitor their own data in the Fog or cloud system.

• Real-time Interaction: Fog nodes and end users interactwith a huge number of devices simultaneously. Differentservices needs different authentication mechanisms whereif the process takes a huge time to authenticate, it wouldbe a challenging task with respect to real-time interaction.

• Latency and Scalability: In accordance with the rapidgrowth of user devices and services, it is an ambitioustask to guarantee the efficiency of the authenticationmechanism. Whenever the latency of the authenticationprocess is high and incompatible with the service, scala-bility is a big concern.

• The scope of Exploitation: In the context of Fog or cloudsystem, there is a diversified authentication mechanismfor various services. These authentication methods can becompromised or exploited by the attacker and the attackercan appear to have gained administrative level access dueto the deficiency in the authentication mechanism. Theremight be a chance to breach the security of data, devicesas well as the Fog network system.

3) Authentication Techniques in the Fog Environment:Generally, users need to use various services simultaneously.Therefore, they need to use different authentication methodsfor different services where the performance of the authentica-tion methods are different in the context of latency, efficiencyand scalability. On the other hand, the user faces lots ofdifficulties to maintain access credentials for multiple services.Authentication is the most significant issue for the securityand privacy of Fog computing. An authentication mechanismthat is not secure might cause harm for the cloud, Fog


and end user’s devices, which is one of the main securityconcerns for Fog computing [76] as well. Therefore, differentauthentication techniques have been proposed for elevatingsecurity mechanisms in the Fog or cloud computing, but eachauthentication method has come up with its own dominanceand limitations. In this subsection, a few traditional authenti-cation techniques and their limitations as well as drawbacksaccording to the Fog environment has been described. We alsodescribed a few proposed solutions which meets with the Fogcomputing criteria.

• Password Based Authentication: In password authen-tication, the user must first give a password for everyservice, and the system administrator must keep trackof all usernames and passwords on the server. PasswordAuthentication is performed by accepting a key and pass-word for allowing a user into local and remote systems.Password authentication can be categorized dependingon its strength as weak authentication, stronger authenti-cation, and inconvenient authentication [77]. Therefore,password-based authentication has several applicationsand it is deployed in cloud computing [78] [79] [80], butit will face numerous drawbacks and limitations when itis considered for Fog computing:

– It takes an extensive computation to process. it’schallenging due to the limited end device resources.

– In the Fog network, end users frequently commu-nicate with various Fog nodes from different Fogenvironment. Therefore, it is inappropriate to keep apassword for each Fog node. In addition, it is not agood concept to set the most used password for eachFog node.

– Usually, a password does not provide high secu-rity because of numerous attacks [81], for example,vulnerability to off-line dictionary attacks.

• PKI Based Authentication: public key infrastructure(PKI) based authentication creates and upholds a reliablenetworking environment by offering certificate and keymanagement services that permit encryption and digitalsignature abilities between applications all in a way thatis transparent and easy to use. PKI offers confidentiality,authentication, integrity (CIA) and non-repudiation ofthe exchanged messages. In [12], the authors describedsecurity issues and focused on authentication issues atvarious levels of the Fog computing environment. There-fore, the traditional PKI-based authentication scheme isnot effective in the context of Fog computing due to thepoor scalability. In addition, the allocation of public keyscan be weighty due to the enormous scale of Fog nodesand end users. Another drawback is that, if the privatekeys cannot be well preserved, the security will be ruined.

On the other hand, the Diffie-Hellman [82] key exchangebased authentication scheme is not compatible with the Fogenvironment due to its slow and extensive computations.

Balfanz et al. [83] demonstrated a user-friendly, cheapand secure method to resolve the authentication issue for awireless networks based on pre-authentication of location-limited channel. Likewise, Nearfield communication (NFC) is

used in Cloudlet to simplify the authentication process [84].Ibrahim et el. [85] proposed a secure mutual authenticationmethod for the Fog environment, that allows authenticatingany Fog user with the Fog nodes mutually in the Fog network.The authors [86] proposed a method based on the multi-Tierauthentication scheme to Secure Login in Fog Computing.The authors [87] mentioned that Advance Encryption Standard(AES) is a compatible encryption algorithm for the Fogcomputing environment as it needs low hardware resourcesand fewer computations. The authors [76] demonstrated thatthe end user devices can initiate spoofing attacks and areprone to data tampering which can be preserved with theaid of PKI, DiffeHellman key exchange and monitoring byIntrusion detection techniques. Finally, the authors advicedthat the chances of such attacks can be prevented by deployinga secure authentication mechanism between the Fog platformand the end users.

• Biometric Authentication: is a technique of user identityverification based on various biological inputs throughscanning or analysis of some parts of the body. Biometricscanners scanning a user’s physical biometric characteris-tics such as fingerprint, voice recognition, iris scan, facerecognition, etc. Generally, biometric authentication takesplace to manage access to digital or physical resources.Biometric authentication is an upcoming technology andis already rapidly deployed in mobile computing as wellas cloud computing using fingerprint authentication, faceauthentication, keystroke-based authentication or touch-based authentication [7]. On the other hand, biometricauthentication techniques comparatively take a huge ex-ecution time and its security level remains constrainedwhen high-level security is required [85]. Therefore, inaccordance with the Fog computing environment, apply-ing biometric-based authentication techniques would be asuitable solution. Although still, it has a lot of limitationsand drawbacks - it takes more computational time duringthe process of execution and it provides constrainedlevels of security when high-level security is required.Therefore, to consider biometric based authentication forFog computing is still a research issue [7].

In accordance with the study above, and based on differentissues of authentication, this has been summarized in TableVII.

D. Access Control in Fog

Access control is a method of restrictive access to a systemor to a physical or virtual resource. In computing, it isdefined as a process by which users are granted privilegesfor retrieving information from the system, information orresources. In access control systems, individuals must havelegitimate credentials before access can be granted to them.The process of access control is shown in Fig. 6

By deploying Access Control in the Fog network system,it would be possible to conserve a user’s privacy and assureboth the user and system security maintain trust between theFog, cloud service providers and users. The authors in [95]highlighted a few Access Control (AC) problems in the area


TABLE VIITHE SUMMARY OF AUTHENTICATION ISSUE IN FOG ENVIRONMENT FROM MAJOR SURVEY PAPERS

Reference Paper Highlights/Objectives Performances and Achievements

Ibrahim et al. [85]

• An efficient and secure mutual authenticationmethod for the cloud-Fog-edge system architec-ture.

• Required to store one master secret key.• Does not need extra overheads such as re-

initialization or re-registration process.

• Required to perform fewer hash invocationsand symmetric encryptions/decryptions.

• In addition, simple countermeasures havebeen introduced.

• Suitable and can be deployed efficiently tothe Fog user’s smart device/card.

Wazid et al. [88]

• Fog devices security can be ensured through keymanagement and authentication schemes.

• Performed efficient and lightweight operations.• Bitwise exclusive-OR (XOR) and One-way cryp-

tographic hash function techniques have beenconsidered.

• Demonstrated using formal security verification.

• Performed low computation and communica-tion overheads.

• Ensure high security compare to another ex-isting method.

Dsouza et al. [89]

• Introduce a policy-based resources managementin Fog network.

• Support interoperability and secure collaborationamong various resources in Fog system.

• Server authentication, device authentication,data migration authentication and instanceauthentication has been observed for the se-cured Fog computing environment.

Alharbi et al. [90]

• Ensure secure communications among the vari-ous IoT devices.

• Performed challenge-response authenticationtechnique.

• Performed effectively and efficiently.• It can achieve very low response latency.• Protects the IoT system from DDoS attacks.

Amor et al. [91]

• Introduces anonymous mutual-authenticationamongst the Fog users and Fog servers.

• Cryptographic and mathematical have been per-formed to establish the session key.

• Can accomplish effectively and efficientlyand improved the security and privacy in Fognetwork.

• Can defend against various attacks such asman-in-the-middle attack, eavesdropping andreply attacks.

Hu et al. [92]

• Highlighted privacy-preservation and securitymethods for Fog based image processing appli-cations.

• Data encryption, the authentication and sessionkey agreement, and data integrity checking suchmethods have been proposed.

• Can perform effectively and solve the issuesof integrity, availability, and confidentiality.

• Increases a little computation and communi-cation overhead.

Ha et al. [93]

• An efficient and elliptic cryptographic basedmutual-authentication technique for an IoT basedresource constrained devices.

• Uses Implicit certificate and key management forsecure communication and mutual authentication.

• Achieved less execution time.• Suitable for resource constrained devices.

Gope et al. [94]

• Deliberated two-factor lightweight and privacy-preserving authentication method for resourceconstrained IoT devices.

• Provide resilient way of authentication.

• Very efficient computational capacity.• Can performed robustly against malicious at-

tacks.


Fig. 6. A Process of Access Control (AC).

of Fog computing and classified these problems into thefollowing types:

• The users should be authenticated by the Fog or cloudsystem if they wanted to use the services such as storageor computation, where several strategies must be used tocontrol access for both services and data as well.

• Security management is difficult to control, given thenumber of requirements.

• The cloud and Fog system needs mutual access control.• Access control mechanism helps to prevent attacks such

as side-channel in Virtual machines (VMs).• Resources are very limited to both the user and Fog

devices respectively.1) Access Control Models: Access control is the best meth-

ods to achieve preservation within the networks, devices andsystems. While it helps user’s admittance in the system, accesscontrol also supports efficient data protection from variouskinds of adversaries. Conventionally, access control models(ACM) are categorized [96] into the following forms.

• Discretionary access control (DAC): the object’s ownerelects access permissions to others. These models aretypically used in traditional applications of cloud andsuffers from significant overhead costs in managing themulti-user environment. The second category abstractrequires the need of resource-user mapping. So, comparedto DAC models, this model is more flexible for distributedsystems.

• Mandatory access control (MAC): The MAC modelsuse multi-level security systems. Here, the administratorof the system decides who has access to the system. Ina multi-level MAC model, both objects and subjects arerecognized with a security level classification (i.e. topsecret, secret, classified, and unclassified). The natureof Fog/cloud computing is outsourced, hence there is aneed to focus on access control models which can beeffectively applied in this computing environment.

• Role Based Model (RBAC): Designing a model foraccess control is a rudimentary challenge in a large scaleto secure mobile distributed applications and databasesystems as there is a need to provide dynamic privilegesfor checking systems in the environment. RBAC is afined grain model that offers more benefits compared

to previous models [97], such as regulating the user’saccess to applications and resources by identifying theactivities and the roles of users in the system [98]. RBACauthorizes the subject based on their responsibilities androles of individual users within the Fog-cloud computingenvironment [99] [96] [95] [100]. Roles may vary fromsubject (user) to subject (user). That means in this model,the responsibility of a subject is more vital than thesubject itself [101], [99].Limitations and Drawbacks of the RBAC Model:

– The RBAC model had been developed for allocatinguser permissions statically.

– It does not consider contextual information (e.g. lo-cation, time, device constrains) and dynamic/randombehavior of users.

– It cannot cope with dynamic segregation of duties.– It is coarse-grained. If you have a role called ad-

ministrator, then you would assign the administratorrole permission to “View employee record” (i.e ithas permissions to see all the records of employed)which denotes as an expansion of the role.

– It ignores meta-data of resources e.g. employee own-ers record.

– It is hard to manage and maintain within a largeadministrative domain.

– Access reviews are painful, error-prone and lengthy.– Permissions accompanying each role change or

delete is based on the change of the role.Therefore, RBAC in Fog, should ensure quicker grantingaccess permissions and minimize the above-mentionedlimitations and drawbacks.

• Attribute-based Access Control (ABAC): This modelis one of the latest methods of managing authoriza-tion. It is a talented alternative to conventional accesscontrol techniques and has attracted consideration fromboth academia and the industry. Comparatively, recentdevelopments of ABAC still leaves several unknowndifficulties such as delegation, administration, auditabilityand scalability.

• Attribute Based Encryption (ABE): This model is anencryption-based Access Control model and best suits ac-cess control problems in the Fog-cloud environment. TheAttribute-Based Encryption(ABE) [102] method catego-rized into two types. firstly, the encryption is based on thekey policy which is known as key policy attribute basedencryption (KP-ABE) [103] and secondly, the encryptionis based on Cipher-text policy which is known as Cipher-text policy Attribute-based Encryption (CP-ABE) [104].This model can preserve data privacy and enable dataowners to define a desirable set of policies directly [95].

– Key Policy Attribute-based Encryption (KP-ABE): Goyal et al. [103] proposed KP-ABE in theyear 2006, based on the classical ABE model anduses one of many communications. This techniqueachieves fine-grained access control with higher elas-ticity to control individuals compared to the tradi-tional scheme [97].


– Cipher-text Policy Attribute-based Encryption(CP-ABE): CP-ABE [104] was introduced as an-other alternative form of ABE. CP-ABE can providefine-grained and reliable access control for cloudstorage environment that is not trust worthy. Userscan access data only if their attributes match theaccess policies associated with the data. CP-ABEworks in a reverse compared to KP-ABE. In this,the key generated is attribute user set, where thecipher text is fixed by access policy [97]. However,CPABE has two main drawbacks [105]: policies arenot explained using standard languages and it cannotsupport non-monotonic policies.

Architecture of ABE : The architecture of the ABEmethod is categorized as centralized and decentralizedas well as hierarchical [100].

– Centralized: In a centralized architecture, the keyswill be served by a central authority center for theusers.

– Decentralized: In a decentralized architecture, theinformation will be shared by multi-authorized au-thorities based on the policies of various organiza-tions.

– Hierarchical: In hierarchical architecture, the scal-ability and flexibility is enhanced and assists thefeatures of one-to-many encryption for the users.

Revocation Types of ABE: The revocation types arecategorized into two types: attribute revocation and userrevocation.

– Attribute Revocation (AR): by using the AR mech-anism, the attribute from the user’s attributes list willbe removed by the revocation controller unit.

– User Revocation (UR): by using the UR mecha-nism, a user restricts data access via the revocationcontroller unit.

Revocation Method: There are various revocation meth-ods to revoke a user and attributes using the ABE method.Proxy re-encryption, time re-keying, an update key, lazyrevocation and LSSS matrix are the primary revocationmethods.Revocation Issue: Deploying the ABE method in cloudstorage systems to control data access brings about for-ward and backward revocation issues.Revocation Controller: The revocation controller issomeone who is designated to execute the user or theattribute revocation method. In general, the owner of datarevokes the attributes or the user but the data owner isable to confer the revocation duties to the server or theauthorized entity.Limitations and Drawbacks of ABE Based Model: :As we mentioned before, Fog computing extends cloudand the functionalities as well as the requirements ofFog computing, which are unique. So, the access controlstructure of cloud computing is not able to directlymeet the requirements of Fog computing. However, re-searchers [76] [106] recommended that ABE techniquessuits Fog computing, but still needs to improve and

meet some criteria such as fine-grained, cryptographi-cally enforces, latency and policy management problemswhich needs to be re-thought and considered for furtherresearch. Although the end device or user device in Fogcomputing is constrained resources. Therefore, there isno need for deploying data encryption-decryption andaccess control mechanisms at the user level. Because theFog devices are resourceful and used close to the end-user devices. Based on these circumstances, outsourcingaccess control methods would be the more appropriatesolution for Fog computing. On the other hand, as weknow already, Fog computing consists of a dynamicenvironment. Therefore, the ABE-based access controlshould support creating, updating, and revoking the userattributes and access structures with the management ofthe access policies according to the dynamic behavior ofFog computing [95].

2) Issues and Requirements for Access Control in FogComputing: To establish and ensure secure and efficient accesscontrol, policies must ensure confidentiality, accountabilityand integrity. However, due to the nature of the Fog computingenvironment, one should consider a few things to build asecure and strong Access Control (AC) [95] [107] which areas follows:

• Computation and Communication Latency: it indi-cates how long it takes for a single packet to travelfrom one designated node to another node. The senderconsiders sometimes latency as the time for sending apacket and getting an acknowledgement from the sender,where the round-trip time is taken as latency. As Fogcomputing is renowned for its faster accessibility, weneed to ensure low-latency for providing smooth servicesto the end users. We can indemnify the low-latency duringprocessing time so that the access decision can transpirewithin a reasonable time.

• Efficiency: efficiency is also correlated to latency. In Fogcomputing, there are two types of devices e.g. resourcerich (Smart Power Grid, Smart City, Smart TransportationSystem, E-Health etc.) and resource constrained (mobilephone, smart-watch, smart-glass, etc.). The proper imple-mentation of Access Control System in Fog computing isstill a challenging issue because of it’s low efficiency. Ifthe low efficiency occurs in a continuous manner, it canresult in undesirable latency, which can affects the otherparts of the network.

• Generality: with the distinction of hardware and soft-ware, we need to generalize all the systems and servicesof Fog computing.

• Data Aggregation: in Fog computing, users are geo-spatially distributed where Fog devices are used to collectdata from user devices. Therefore, it is necessary toaccumulate all Fog devices closer to the end users for re-ducing latency. The data generated from user devices willbe meaningful or meaningless but it should be handledintelligently and evenly. During the whole aggregationprocess, authority changes are a critical issue for dataaccess control.


• Privacy Desecration: as it is possible to exchange databetween one domain to another domain, administration ofthe decentralized architecture of Fog computing leads usto protect the privacy of data through Fog access control.So, it becomes a critical requirement to protect the user’sdata privacy.

• Network Availability: in Fog computing, network avail-ability must be defined in such a way that when thereis an issue of network unavailability, access control canalso deliver the predefined level of functionality.

• Context Awareness: when multiple operations like cap-turing, transferring, processing and storing are running,access control decisions should be managed competentlyto support all the contextual information (e.g. healthcondition, weather condition, temperature, time, trafficcondition, etc.) [81].

• Scalability: scalability is to facilitate the services accord-ing to the needs of the end users. In access control,scalability will provide the services that can grow orshrink according to the end user’s level of capacity.For scalability, the CloudPolice [108] have proposed adistributed solution, in which hypervisors are responsiblefor the communication with each other to install accesscontrol states.

• Resource Restriction/Constraints: in Fog computing,the user or the edge resources are limited. So, it becomestough to implement access control for Fog computing.

• Policy Management: it is an integral part of Fog com-puting architecture. So, the access control model needs tobe capable to support creating, invoking, releasing, anddeleting policy management. Dsouza et al. [89] developeda policy-driven security management framework, whichis capable to support secure communication and resourcesharing in the Fog environment.

• Accountability: in Fog computing, it is significant tokeep track of the suspicious activities of intruders. Thesetracks keeping should be handled intuitively across theadministrative domains.

3) Access Control Domains: : In the Fog computing arena,for defining access control system the contextual domains are1. Fog to Edge, 2. Fog to Fog, 3. Fog to Cloud. While edgedevices are communicating and sending data to Fog devicesduring the time that the Fog device uses to process all thedata in such a way, so that, if the necessity arises, it cansend all the processed data to the nearest Fog devices. Whenthe issues for storing data arise permanently, Fog devicesare able to send all the data to a data warehouse or cloudstorage. Therefore, process/store identity and access data inthe Fog/cloud computing by first ensuring secure Fog/cloudaccess control. Ensuring access control in the cloud/Fog envi-ronment is a crucial technique to enhances the user security.In this scenario, end-user/data privacy, faster communicationand computation, network and communication security, etc.Such requirements shall be applied for the above-mentioneddomains to enable the proper access control system. For this,all the primordial access control models are being advancedaccordingly.

In accordance with the above study, and based on differentaccess control method, it has been summarized into Table VIII.

E. Malicious Attacks and Threats in Fog Computing

Due to the isolated deployment of Fog nodes in someplaces, it fails to protect countermeasures and surveillances.As a result, it is very easy for intruders or malicious attackersto compromise the Fog networks through several maliciousattacks [115]. For example, a malicious user can compromisea Fog node with its own generated trust values, smart meter,smart grid, traffic system or spoof IP addresses [12] toruin sensitive information. In this segment, we will give anoverview of these potential threats and attacks issues.

1) Potential Threats:• Rogue Fog Node: Rouge Fog node is a one type of

Fog device in Fog computing environment which presentsitself as a legitimate node and persuades end users toconnect with it. It may happen in such a scenario,when a Fog administrator instantiates an insider attack,to identify the rogue Fog node or legitimate Fog node.Stojmenovic et al. [12] have proven that the data can betampered by a man-in-the-middle attack, with updatedor collected the data either in the Fog layer or cloudlayer. There is also the possibility to launch additionalattacks. So, in the context of privacy and security, thepresence of a rogue Fog node will be a potential threatin the Fog environment. It is not easy to detect a rogueFog node in Fog computing for various reasons. Oneof the main reasons is the diversified trust computingmechanism which brings about perplexed trust situations.On the other hand, we know that Fog computing isdynamic in nature, and consists of numerous deviceswhich leads to creating, deleting, and revoking simul-taneously. Therefore, for these various instances, it isdifficult to manage the blacklisted nodes. The authorsHan et al. [116] [117] have demonstrated measurement-based models which permit a client to escape connectingto rouge access points (AP). Ma et al. [118] introduceda framework to identify the existence of rogue APs inwireless networks. Detecting a rogue Fog node in anIoT network is cumbersome because of the networkcomplexity across different scenarios [10]. Nevertheless,by using trust measurement-based models in the IoTnetwork, it helps to detect rogue nodes. Although thismethod is not adequate, it can be considered for limitedsecurity protection.

• Fault Tolerance: Fog computing is an emerging dis-tributed computing platform which consists of a hugecollection of numerous devices which is widely geo-distributed and heterogeneous. Therefore, there might behigh chance of failure of devices, as compared to cloudcomputing. Fog computing is dynamic in nature, wherebythe Fog nodes or IoT devices connects or disconnectsto a Fog layer over and over. Because of this behavior,there might be a chance to bring about unexpectedfaults and failures in the Fog environment. Therefore, inthese circumstances, the Fog computing platform should


TABLE VIIITHE SUMMARY OF ACCESS CONTROL ISSUE IN THE FOG ENVIRONMENT ACROSS MAJOR SURVEY PAPERS

Reference Paper Highlights/Objectives Performances and Achievements

Zhang et al. [109]

• A promising CP-ABE based access control for aFog computing environment.

• Outsourcing and attribute update capability.• Encryption and decryption are outsourced.

• Perform heavy computation operations of en-cryption and decryption within a very smalland constant time period.

• Less computation cost and efficient attributeupdate.

• Suitable for resource-constrained IoT de-vices.

Vohra et al. [97]

• Fog based decentralized Multi-Authority attributebased data access control.

• Also based on CP-ABE method.• Performs fast offline-online encryption and par-

tial decryption method.

• Secure and performs effectively and effi-ciently.

• Ensures secure communication from un-trusted devices on the Fog network.

• Achieved authentication, access control, ver-ifiability and confidentiality.

Popa et al. [110]

• A distributed multi-tenancy approach access con-trol.

• Access control only suits in infrastructure levels- as physical hosts and hypervisors.

• Simpler, scalable and robust techniques.• Requires extra processing power.

Fan et al. [111]

• CP-ABE based multi-authority data access con-trol scheme in Fog-cloud computing systems.

• Outsourced encryption and decryption computa-tions.

• User and attribute revocation can be per-formed efficiently.

• Secure and highly efficient scheme.

Xiao et al. [112]

• A hybrid and fine-grained access control solution.• Most of the decryption process can be out-

sourced.• Secure and suitable in the Fog computing envi-

ronment.• Perfectly applicable for resource-constrained IoT

devices and applications.

• Efficiency of data access is improved.• Key management cost is greatly reduced.• The limitation and drawbacks of this method

is it can be applied only in centralized archi-tecture.

Yu et al. [113]

• Fine-grained access control and privacy is pro-vided for Fog computing.

• Can also guarantee security across side channelattacks.

• leakage-resilient functional encryptions frame-work have been developed.

• Highly secured and fine-grained access con-trol.

• Fully secure leakage-resilient functional en-cryption schemes have been presented.

Zaghdoudi etal. [114]

• Access control mechanisms proposed for Fogcomputing and ad-hoc MCC.

• Focused on measuring the system overhead withdifferent metrics.

• A different size of networks, different hash func-tion, and a variable responsible nodes percentagesuch metrics considered.

• A generic access control solution with fea-tures robust and scalable.

• Take overhead with the increase of nodes inthe network.


provide all the necessary services without interruptionif there is a failure occur in individual Fog devices,networks, applications, and services platforms [119]. Be-cause Fog applications should be capable to instantlyturn to other available nodes via some inbuilt mechanismif the services in an area become unusual. To mitigatethese issues, standards should be applied. Stream ControlTransmission Protocol (SCTP) is such example that candeal with such events and packet reliability in wirelesssensor networks [120].In general, fault tolerance ensures the availability ofdevices or applications in the event of a failure toprovide uninterrupted services. Nevertheless, on the basisof what service is being used, fault tolerance will changeaccording to one’s role and management privileges. In thecloud computing environment, fault tolerance is handledby applying three techniques - proactive, reactive andadaptive [121].Proactive fault tolerance policies refer to an escape res-cue from faulty components by anticipating and replacingthe failed components before it takes place.Reactive fault tolerance policies refer to the decreasein the influence of faulty components when the failureoccurs. In Adaptive fault tolerance, where the procedureis carried out according to the situation automatically.There are numerous fault tolerance techniques whichare often used in computing [122] [123] [124] suchas Replication, Job Migration, checkpoint, self-healing,Rescue workflow, Safety-bag checks, Task Resubmis-sion, Software Rejuvenation, Masking, Preemptive Mi-gration, and Resource Co-allocation. Nevertheless, inthis paper, fault tolerance is mostly discussed basedon the cloud computing environment as Fog comput-ing is a new computing paradigm. In recent researchworks [125] [126] [127] [128] [129], the context of cloudcomputing in such a scenario was discussed. Therefore,fault tolerance in Fog computing is still a research task.In order to provide a reliable and robust Fog comput-ing environment, failure handling of services should beeffectively considered.

2) Malicious Attacks: Fog computing comprises variousIoT or edge devices and collects the data from these de-vices by accomplishing latency conscious processes. Identi-fying malicious nodes is a complex task in the Fog envi-ronment [130]. As we know, Fog computing is a miniatureof cloud computing, as such, almost all types of maliciousattacks, which affected a cloud environment can also affectFog computing. For Example DDoS (Distributed Denial ofService), MITM, sniffing, side channel attacks, DoS (Denial ofService), malware injection, and authentication attacks attackare few of them. Therefore, in these circumstances, withoutan appropriate prevention mechanism, it can severely damagethe competency of the Fog system or network. In this portion,we are going to expose a few malicious attacks which mightoccur frequently and affect the Fog environment.

• Attacks from malicious Fog nodes and edge devices:As Fog nodes are compromised easily by any malicious

attacker, it is a very serious and potential threat forthe Fog network environment. The authors [31] mentionvarious unique security threats in their research, whichmight occur in the IoT and Fog environments. For de-livering services to the users, the received data from theIoT devices will be processed by Fog nodes. If someFog nodes are compromised by any intruders, it is aproblematic task to ensure the security of the data. Onepossible solution would be, by establishing trust betweenFog nodes themselves. In this case, an authenticationmechanism is mandatory for ensuring secure, trustedcommunication. Therefore, Fog nodes cannot manageeach other, so that it needs to trust only the cloud forauthenticity. Sequentially, after being authenticated by thecloud, it should be placed in a Fog environment to processheavy data. However, they are not able to give a suitablesolution for this attack. Li et al. [131], carried out researchand presented a solution.It is vital to identify malicious Fog devices in Fogcomputing. Due to the lack of resource and edge devices,it is difficult to deploy proper authorization mechanismsbetween Fog nodes and edge devices. So, it is hard toprevent all attacks completely because of granting a fewprivileges and processing of the data. Sohal et al. [132]tried to solve the problem by using intrusion detectionand virtual honeypot devices by introducing a Markovchain based framework.

• Man-in-the-Middle (MITM) Attack: All data trafficpassing through is protected through secure transmissionchannels between Fog nodes and edge devices in Fogcomputing. During this communication process, a user’sdata will be snooped or impersonated by an externalmalicious attacker prior to performing a global concealingprocess in the Fog node. Such a scenario correlateswith the MITM attack. In a MITM attack, a perpetratorsecretly relays and manipulates the data during commu-nication between two parties. Hence, MITM is a potentialattack method which can be used as a typical attack inFog computing. In Fog computing, an attacker can carryout sniffing or disrupt the packets between Fog devices.As mentioned earlier, in Fog computing, all devices areresource constrained. By having this problem, it is be-comes a challenging task to deploy secure communicationprotocols and encryption-decryption methods amongstFog nodes and IoT devices [76]. Stojmenovic et al. [76]proposed an authentication method which can possiblyavoid MITM attack. To mitigate MITM attacks, theanomaly detection is hardly applicable in Fog computingbecause these methods were being used in traditionalcloud computing. Therefore, to mitigate MITM attacksin Fog computing, a compatible solution still offers achallenge, which can be considered for further research.

• Distributed Denial of Service Attack (DDoS): In themodern epoch, Distributed Denial of Service or (DDoS)is one of the most renowned and challenging threatsfor cyberspace and other online services. As Fog nodesare made up of limited resources, it is troublesome to


manage a huge amount of requests simultaneously. Whena malicious attacker or intruder initiates a bunch of inap-propriate service requests towards the targeted device, ortries to spoof multiple devices concurrently using the IPaddresses, the Fog node will be occupied for a longerspan of time. Therefore, all the legitimate services ofFog devices will be inaccessible for legitimate users.As opposed to, Fog nodes which go on to compromisethemselves and get used for generating DDoS attacks. Adifferent plane of the Fog environment can be affectedby this kind of attack. Recently, malicious attackers havebeen able to compromise online home-automated smartdevices to execute a DDoS attack against popular onlinewebsites such as Twitter, Paypal and Reddit. After theseattacks, all of these websites were severely affected.Hackers have been trying to use internet-connected homeautomated equipment, such as Closed Circuit Television(CCTV) cameras, printers, refrigerator, etc. to performDDoS attacks on popular websites, such as Twitter,Spotify, PayPal, SoundCloud and Reddit [133] [134]. Inaccordance with the Fog network system, all smart ob-jects which are connected consists of more computationalpower and they have the ability to perform various tasksconcurrently. As compared to traditional DDoS attacks, inFog computing, various Fog devices apply DDoS attackswhich will become much more severe. Therefore, it is notpossible to mitigate a DDoS attack completely in the Fogcomputing environment. At the present moment, we canonly monitor them. Under these circumstances, currentDDoS issues may need new thinking and further researchwhich will classify DDoS issue much more precisely inthe context of the Fog computing environment.

• Malicious Insider Data Theft Attack: According tothe three-plane architecture of Fog computing, cloudcomputing is correlated to Fog computing. Hence, weshould be conscious of all the malicious attacks whichoccur in cloud computing frequently. One severe attackin cloud computing could be a malicious insider attackfor data theft purposes. On common terms, the end userswill have to trust the cloud service provider despite beingaware of this threat. It happens due to the deficiencyof cloud service provider’s authentication, authorization,and audit controls which allows attacks to spread outacross the cloud system. In this regard, a few incidentshave occurred which compromised corporate data, forexample, Twitter’s personal hacking [135], [136] aswell as the account hacking incident of U.S. PresidentBarack Obama [137] which was exposed as a maliciousintent to steal a user’s credentials. The authors Rocha etal. [138] revealed that a malicious insider can gain accessto the user’s data easily in a cloud computing system.The attackers carry out their attacks which are generatedfrom within cloud service providers. Therefore, the enduser is not able to detect unauthorized access. There arediversified approaches which would be useful in order tosecure data from faulty implementation, misconfiguredservice bugs in code by using encryption and access

control to restrict them as well as to give protection fromsophisticated attacks [139]. Another solution could beuser behavior profiling, where the system keeps track ofthe amount of user data access and the duration of datause. Hence, the system can identify anomalous activitiesof end users, which can be used to detect maliciousattacks. In this case, the authors Stolfo et al. [140] haveproposed a new approach to assure the security of cloudcomputing by using user behavior profiling and decoytechnology. There might still be few issues [45] whicharise, on how to deploy the decoy in Fog networksand how to develop an on-demand decoy information toreduce the portion of stolen data from being lost.

• Physical Attacks: In traditional data centers, physicalsecurity is being provided by on site security staff. Onthe other hand, by applying complex measures e.g. cardpunch, thumb impression, and retina scanning, physicalaccess control can be deployed much more convincingly.So, these issues are related to certification and audits toderive the necessary physical security measures which arerequired to meet the set standards. Basically, Fog nodesare widely distributed across various environments. Dueto point, it is impossible to implement traditional physicalsecurity measures in the Fog computing environment. Forexample, physical security measures can be applicable toplace the edge box at the top of the streetlight’s pole,which should be hidden from eye level as well as beingsurrounded with a fire-resistant coating to keep it safefrom vandalism. There is a lower probability of physicalattacks at the software level which enables the scope oftheoretical attacks.

In accordance with the study above, and based on differentissues regarding threats and attacks related to the Fog, it can besummarized in Table IX. The focus of this study is to addressauditing issues to secure the Fog computing environment. Thefollowing section discusses security auditing issues in Fog.

F. Security Auditing in Fog

In the traditional computing environment, it is often es-sential for technology experts to perform various securitytasks such as examining security configurations, regulatingpotential vulnerabilities and constructing new security config-urations with respect to every organization’s own security poli-cies [145]. On the other hand, it is getting much harder whennew computing paradigms like Fog computing are considered.Traditionally, organizations can enforce their access controlpolicies according to its employee’s roles and responsibilities,which is actually a challenging task for most administrators.Therefore, this challenge will be much more difficult in aFog computing environment where security policies can bedeployed across a huge number of devices residing at the edgesof the Fog network. Security administrators need adequateknowledge to accomplish multifarious administrative tasks.Therefore, in this section, we discuss the various issues ofFog computing security auditing.

Why is security auditing important for Fog?Fog computing is the latest computing paradigm in the modern


TABLE IXTHE SUMMARY OF THREATS AND ATTACKS ISSUES IN FOG ENVIRONMENT FROM MAJOR SURVEY PAPERS

Reference Paper Highlights/Objectives Achievement and Limitation

Stojmenovic etal. [76]

• Managed to conduct a MITM attack.• This attack is very stealthy and dangerous.

• An authentication scheme has been proposedto mitigate such attacks.

• Encrypted communication method may notwork always to protect from this kind ofattacks.

• On the other hand, complex encryption anddecryption techniques are not always compat-ible due to resource limitation.

Wang et al. [141]

• Fog based storage technology to mitigate thecyber threat in the cloud.

• Data stored separately in the Fog server as wellas in the cloud storage.

• Ensure the integrity, confidentiality, andavailability of data.

• Attackers unable to get any information aboutdata by using data fragment.

• Can protect the confidentiality of the user’sdata better than traditional ways.

• This approach is safe and feasible for cloudstorage.

Homayoun etal. [142]

• Fully automated and Fog node ransomware de-tection techniques for the Fog layer.

• Deep learning techniques can be applied.

• Detect and identify the ransomware withinvery short time execution of an application.

Han et al. [116],[117]

• The presence of fake Fog nodes or rogue Fognodes is a serious threat to the Fog network.

• A practical, timing based method for the endusers to avoid connecting to rogue AccessPoint.

Stolfo et al. [140] • Decoy technology and user behavior profilinghave been used for disguise detection.

• Mitigating insider data theft attacks.• Securing personal and business data.

Sandhu et al. [130]

• A framework which uses three technologies suchas an IDS, a Markov model, and a virtual hon-eypot device (VHD).

• Edge device classification depends on level ofdamage and frequency of attacks.

• Proposed system is able to identify maliciousFog nodes in Fog.

• Successfully identify the malicious devicesand also decreases IDS false alarm rates ofIDS.

Hosseinpour etal. [143]

• Lightweight and distributed IDS system based onan Artificial Immune System (AIS).

• Three-layered structure that includes the Fog,cloud, and edge layers.

• Smart data approach has been used to builda lightweight and efficient IDS for the Fogplatform.

• Can detect silent attacks such as botnet at-tacks in IoT-based systems.

Alharbi et al. [144]

• Security system based on Fog that defends theIoT system from malware attacks.

• Proposed challenge-response authentication toprotect IoT systems from further from DDoSattacks.

• Able to filter malicious attacks effectivelywhile response latency is very low and net-work bandwidth consumption is low.


Fig. 7. Life cycle of Security.

computing world. The life cycle of security is shown in Fig. 7.The risk level from user to system is shown in Fig. 8. In spiteof its substantial growth, there still remains lots of barriers formuch more widespread adopting of Fog computing servicesdue to security issues. Lack of auditability is a primary securityconcern in the Fog computing environment.

In the following section, we discuss several key aspects ofFog security auditing.

Why is traditional security auditing not enough for theFog?Fog computing has come up with numerous features and it isstrongly dynamic in nature. All communication processes, datatransmission, data analysis, user authentication, and resourcemanagement can be automated and dynamic with real-timeoperation. According to the nature of Fog computing, itssecurity auditing process would be dynamic and within areal-time process. However, the existing traditional securityauditing standards and the manner of auditing is very manual,where a technology specialist team or group of individualsperform their auditing processes using their traditional auditingstandard. The traditional approach is only applicable within asmall environment or with limited resource. However, it isa problematic approach because this approach provides onlylimited support to make an evaluation and the quality of theaudit heavily depends on auditor’s knowledge and experience.In such cases, several difficulties can be anticipated.

1) Security auditing expert’s knowledge can be inadequateor inappropriate.

2) To correctly configure out the Fog system’s security,many organizations or users, find it cumbersome becauseof the extensive expenditure to hire security professionals.

Therefore, a software-based automated auditing system,which can perform on a real-time basis, would be the bestsuited solution for the Fog computing environment.

How does Fog security auditing help to mitigate securitybreaches and privacy concerns?

Fig. 8. Risk level from user to system

Fog computing provides several security and privacy concernsfor the cloud and traditional computing as well as its ownsecurity flaws. In the Fog environment, there are extensiveamounts of devices, applications and resources which existsimultaneously and communicate with each other within ageographically distributed environment. Therefore, there existsa high opportunity for rapid security and privacy vulnerabili-ties. There are many security demonstrations which exists fortraditional or cloud computing, but these demonstrations arenot predominantly well-suited with respect to Fog computing.With the help of auditing Fog security configurations, we canmitigate these security issues as well as privacy-related issuesfor Fog nodes or Fog computing devices. Auditing securitymeasures are a way of examining for infringement whichpotentially exposes the vulnerability of a system.

So, when one focuses on Fog based auditing, there is a needto see these concern as core to the overall approach:

• To minimize or mitigate risks introduced by Fog• To identify new threats and defend them• To evaluate the efficiency of security controls related to

Fog• To continuously improve policies, processes, procedures

and tools• To perform knowledge based dynamic periodic auditing

processes1) Criteria and Current Solutions: Parkinson et al. [146]

proposed a novel Graph-based Security Anomaly Detec-tion (Graph- BAD) approach that translates the object-basedsecurity configurations into a graph model. Another tech-nique which was developed can identify vulnerabilities au-tonomously and perform security auditing of large systemswithout the need for expert knowledge.

Bleikertz et al. [147] proposed an algorithm to audit the


configuration network’s security and the policies of the multi-tier cloud architecture using Amazon’s EC2 public cloud.

Wang et al. [148] proposed an auditing system for datastorage security by implementing a privacy-preserving auditingprotocol using homomorphic authentication and random masktechniques for the preservation of privacy against TPA. It canaudit without requiring to have the knowledge of the user’sdata contents. A batch auditing protocol was also introducedin this study, which can be used to complete multiple auditingtasks across different users at the same time via TPA. A publicauditing system contains four algorithms such as, KeyGen,SigGen, GenProof, and VerifyProof. KeyGen is run by the userto set up the scheme, and to generate the required verificationmetadata, of which Siggen is used. GenProof is executedby the Cloud Server to provide proof of the data storage’scorrectness. VerifyProof is run by TPA to audit the proof fromCloud Server.

Cong et al. [149] recommended a set of characteristics forpublic auditing systems with the aim to focus on data storagesecurity in public cloud.

Shah et al. [150] proposed several public auditing protocolswhich helped not only to check data integrity from the serviceprovider, but also fraudulent customers. Privacy preservationis achieved through zero-knowledge, and by concealing datacontents from the auditor. Yang et al. [33] reviewed severalcurrent works on data storage security auditing service in cloudcomputing. Mohammed et al. [151] proposed a secure protocolby a Third Party Auditor (TPA) that ensures the data integrityin Fog computing. The main drawback of this method is thatthe user has to depend on a third party. There should be trustbetween the Third Party Auditor(TPA) and user.

2) Existing Security Auditing Standards and Frameworks:Implementing security governance and auditing frameworksmay support organizations to conduct and manage theirown security risk levels. Various organizations or technologygroups have created renowned frameworks and recommenda-tions based on the traditional computing or cloud computingstandards [152], [153] which are globally used. Therefore,the most popular and renowned security audit standards andframeworks are as follows:

• Service Organization Control (SOC) 2: which is con-sidered for auditing outsourced services sponsored by theAmerican Institute of CPAs

• ISO 27000 standards - ISO 27001:2005 and ISO27002:2005 : Traditional security audits sponsored byISO

• CobiT (Control Objectives of Information andrelated Technology): sponsored and introduced byISACA(Information System Audit and Control Associa-tion, www.isaca.org) and ITGI (IT Governance Institute,www.itgi.org). It is the most renowned and extensivelyaccepted information technology governance framework.

• NIST (www.nist.org) 800-53 revision 4: Federal gov-ernment audit sponsored by the National Institute ofStandards and Technology (NIST)

• Cloud Security Alliance (CSA): Cloud-specic auditwhich is presented to cloud security auditing terms spon-sored by CSA

• Payment Card Industry (PCI), Data Security Stan-dard (DSS): PCI Qualied Security Assessor cloud sup-plement which is sponsored by PCI DSS

• Basel II, ITIL, SANS(www.sans.org), (ISC)2 framework(www.isc2.org), etc organization which can audit andmanage the levels of IT security risks.

To be effective, the above-mentioned security audit stan-dards must confirm to a vast number of security concerns in thetraditional computing or cloud computing paradigm. However,using these traditional auditing standards and frameworks inthe Fog computing environment will not be well suited becauseall of these auditing standards and frameworks which aremanual approaches. They can only provide limited supportto make an evaluation and the audit’s quality heavily dependson an auditor’s experiences and knowledge which could beproblematic, whereas the Fog environment is mostly dynamicand distributed across a large scale geographically. Therefore,software based automated auditing standards and frameworkswhich can perform real-time approaches would be best suitedfor the Fog computing environment.

The principal necessity to introduce cooperative contextaware tools is extensively approved, and actions are beingtaken at the state level. Several studies have suggested howsoftware tools can be used to extract meaningful knowledge toaid security configurations, auditing, and digital investigations[154]. Therefore, such tools are context-dependent, in thattheir functionality is conducted to identify threats that areexpected. The only limitation of these tools is that each onerequires different knowledge and skills to translate their outputto obtain an understanding of why this extracted knowledgeis significant [155]. Security auditing can be performed in anautomated fashion by using Blockchain technology. The nextsection discusses Blockchain technology and what has beendone so far in Fog using Blockchain technology.

V. BLOCAKCHAIN TECHNOLOGY IN FOG

The Blockchain is more than a database technology. Theo-retically, a Blockchain is a ledger of the distributed databasethat can be programmed continuously to record a list of data.Blockchain is probably Bitcoin’s major innovation foundationfor a new decentralized and distributed system. Recently,Blockchain technology has been implemented across manyreal-time systems [156]. Blockchain is an evolving technologyto build a secure, scalable and openly coordinated platformglobally, which is not limited to currency or financial systems.Fog with Blockchain is shown in Fig. 9.

A. Security Features of Blockchain Technology

Blockchain technology has its own strong security be-cause there is no possibility of shutting down the system. Awell-known cryptocurrency - Bitcoin, was implemented usingBlockchain technology. However, the financial system wasstill hacked, of which it has never been subjected to before.The main strength of Bitcoin is its use of the Blockchainnetwork which is protected against attacks and threats by usingmultiple nodes which are committed to a single transaction bya consensus algorithm on this network. The transaction within


Blockchain includes digital signatures. Currently, Blockchainuses the ECDSA public key algorithm to generate a digitalsignature. Blockchain prevents a single point of failure be-cause it is a distributed system. It uses a hash function forblock generation, of which currentlyit uses the SHA-256 hashfunction.

Some of the main features of Blockchain are as follows:• Increased Capacity• Strong Security• Immutability• Faster Settlement• Decentralized System• Offers encryption and validation• Virtually impossible to hack• Can be private or public• Minting

B. Role of Blockchain to Improves Security in Fog

The Blockchain technology was introduced for the securedcryptocurrency application Bitcoin. A realization soon dawnedamongst many researchers that it possesses great securityfeatures which can be utilized in many real-world distributedapplications (e.g. Cloud, and Fog computing). Security hasbecome a key stumbling block toward the widespread adoptionor implementation of Fog. Therefore, security concerns in Fogcomputing can be improved using Blockchain technology 1 2.3

• Mitigate single point of failure• Highly encrypted network transactions• Node status tracking capabilities• Immutable TechnologyBlockchain can mitigate various threats and attacks in Fog

such as the man in the middle attack, DDoS attack, and datatampering 4 5 6 7.

C. Blockchain between Fog and Edge Environments

Fog computing is a decentralized distribution system whichaims to make cloud computing faster by creating data hubsor mini data processing centers which are hosted in smartdevices. Basically, they accomplish a less demanding task andreduce the communication between the cloud and the end user.Fog allows performing resource-constraints and short-termanalytics near to the edge of the network, whereas the cloudaccomplishes resource-intensive and longer-term analytics.

Fog computing faces enormous challenges and there areconstantly various issues which arise during its primary stages

1https://securitytraning.com/how-blockchain-can-improve-iot-security/2https://businessinsights.bitdefender.com/blockchain-improve-internet-of-

things-security3https://blogs.cisco.com/innovation/blockchain-and-Fog-made-for-each-

other4https://bdtechtalks.com/2017/01/11/how-blockchain-can-improve-

cybersecurity/5https://cybersecurityventures.com/how-blockchain-can-be-used-to-

improve-cybersecurity/6https://securitycurrent.com/four-ways-improve-security-blockchain/7https://www.esecurityplanet.com/network-security/blockchain-

security.html

Fig. 9. Fog with Blockchain

of development. For example, in a distributed computingenvironment it is a fact that how to protect its transactionsand network resources with an evenly distributed securityarchitecture is a challenge. It builds a kind of mesh networkwhere every Fog node takes part based on their strength. Dueto the distributed architecture of Fog computing, it is highlyrequired when trust and security must be distributed. This isparticularly significant where the Fog infrastructure, layers andFog nodes are managed and owned by diversified entities.

However, a significant question arises in managing trust ina distributed and decentralized manner amongst participantsthat do not need mutual trust. Blockchain technology in realityis built for this kind of challenge. Blockchain consensus algo-rithms have a suitability issue with regards to Fog applications.For instance, “Proof-of-Work” (PoW) consensus needs a hugecomputing capacity in order to solve a complex mathematicalpuzzle, so Fog devices are unable to host this mechanism. Butthere are plenty of other protocols such as “Proof of Stake”(PoS) which is susceptible to running on Fog nodes with asimilar capacity.

D. Recent Works that Used Blockchain for Fog

Tuli et al. [157] developed a framework which was basedon blockchain for the edge-Fog computing environment. Thisframework applied blockchain, encryption techniques and au-thentication which can perform secure operations across sensi-tive data. Although this framework is a lightweight and basedon a cross-platform, it has a few limitations and drawbacksbecause it takes comparatively higher computational overheadto carry out large scale deployments.

Sharma et al. [158] introduced a new and efficient dis-tributed blockchain cloud model based on three emerging tech-nologies: blockchain, Fog Computing and Software DefinedNetwork (SDN). This model was presented to support highscalability, security, high availability, resiliency, real-time datadelivery and low latency.

Jeong et al. [159] proposed a blockchain based secure Fogcomputing system. Their system can defend against variousattacks such as IP spoofing, Sybil attacks and single points of


failure. This system used the Blockchain method to guaranteesecure authentication and non-repudiation. It can also performwhen a Fog node is down.

Samaniego et al. [160] investigated the idea of virtualsoftware-defined IoT components known as virtual resourcesin combination with the use of blockchain technology.

Dorri et al. [161] introduced a secure, private andlightweight blockchain-based technology for the resource con-straints related to IoT devices which can handle most securityand privacy threats. It uses different kinds of blockchains basedon the network hierarchy and uses distributed trust methodsto assure a decentralized topology.

E. Blockchain Oriented Startups in Fog and IoT Environments

OpenFog Consortium is one of the most well-knownBlockchain oriented startups in the Fog environment. TheOpenFog consortium is in the process of building a compos-able and interoperable framework for Blockchain in the Fogdistributed system. That implies that the various entities inthe system that do not trust or are even known to each otherstill provide a meaningful consensus algorithm which is ableto make decisions in a Fog oriented distributed system. Theautonomy which is one of the eight pillars of OpenFog, issupported by the Consortium’s work.

Recently, there have been multiple Blockchain orientedstartups which have joined the OpenFog Consortium [162]they are as follows:

• iExec: It Is the first Blockchain-Based Decentralizedmarketplace for Cloud Computing. It provides distributedapplications that are secure, easily accessible and scalableto the services of computing resources for data-sets thatare needed as well as the systems running on Blockchain(DApps).

• KeyChain: A new Global Blockchain-based data secu-rity infrastructure. It provides secure decentralized dataauthentication for the enterprise, finance environments,industries, and IoT.

• Aetherworks: Brings original, high-quality technologiesto the market and provides original software for dis-tributed systems, including Fog computing and software-defined storages.

• Hyperchain: Provides an enterprise-level Blockchainnetwork-based solution for government agencies, supplychain, data trading, fraud prevention, and securities. Italso supports enterprises to rapidly deploy, expand andconfigure Blockchain networks based on the Blockchaincloud platform.

• SONM: Provides infrastructure and can run any decen-tralized application (Fog application) or host Blockchain-based services. It also provides Fog computing distributedcloud computing services such as IaaS and PaaS, whichare secured by Blockchain.

• Xage: The foremost Blockchain-protected security toolfor the industrial IoT. Traditionally, more points of se-curity vulnerability arise when there are more nodes andmore connections. Moreover, the centralization technol-ogy prevents industrial systems working independently

and in real time. Xage ensures that with the combinationsof Blockchain and encryption that more nodes mean moresecurity, not less.

VI. RESEARCH CHALLENGES AND FUTURE RESEARCHDIRECTION

In this section, we are going to present and highlight afew significant and considerable issues which are challengingtasks for Fog computing to cope with in cloud and edgeenvironments. Finally, we provide a synopsis of probableresearch directions based on the existing research challenges.

A. Trust Management

Identification of trusted Fog nodes is a challenging task inthe Fog platform. Usually, a Fog node is trusted or untrustedcan be identified by its malicious behavior. But in this case,the malicious nature is not defined earlier-on for a Fognode. Therefore, it is significant to define and categorize allmalicious characteristics in the Fog system. The Fog systemcan be susceptible to regulate if a Fog node is trusted oruntrusted. Hence, it is mandatory to enhance trust and afterall an exalted trust management model is highly required.

Another challenging research issue is, combining both dis-tributed and centralized environments which is must and im-portant in the context of cloud-Fog-IoT environments. There-fore, a centralized trust management is required for the IoTenvironment and it would be possible by using a Fog platform.Hence, it’s still a research issue.

Moreover, trust management in Fog platform is entirelydifferent compared to the cloud computing platform due tothe distinctions of the cloud and Fog platform architectureand services offering mechanism. As mentioned earlier, Fogis widely distributed, on the other hand, cloud is centralized.In that case it is easier to deploy trust management in the cloudenvironment because the cloud platform has its own in-placesecurity infrastructure, whereas the Fog platform is more open,and the in-place security mechanism is absent. As a result,the Fog is vulnerable to malicious attacks. In addition, trust inthe cloud environment is unidirectional, whereas trust in theFog environment would be bidirectional in nature. The Fognode and the IoT devices must maintain a trusted relationshipbetween one another before their interaction, as it is highlyrequired in the Fog platform. Hence, designing a bidirectionaltrust model in the context of Fog and the IoT platform is achallenging task as well.

B. Privacy Assurance

The Fog nodes hold sensitive or private information of users,as the Fog nodes are placed in the proximity of the endusers. Therefore, it is a challenging issue to assure trustedcommunication and make a secure computing environmentbetween the Fog and IoT devices. In such a case, we canconsider encrypting the user sensitive data before sending itto the Fog nodes. It is not viewed as a proper techniquein the context of IoT devices, since conventional encryptionand decryption mechanisms need much computational power,


whereas the IoT devices faces challenges to encrypt anddecrypt the user’s sensitive data due to the resource constraintsof IoT devices.

In another context, a single Fog node can manage sensitivedata which comes from different Fog users or across differentapplications. Therefore, there might be a chance to mix updifferent sources of data after the data aggregation step. Insuch a case, enforcing proper data encapsulation techniquesat the Fog API or middleware level would be the solution.Hence, more research is needed.

Another challenging issue is to provide context-aware ser-vices in the Fog environment to the end user devices whichare often involved in sharing sensitive resources such aslocation, as well as others personal information amongstother geographically connected devices. Therefore, in sucha scenario, it is highly required to ensure data protection ispresent. Hence, providing the identity and location privacy inthe Fog environment is a challenging task.

C. Authentication

It is an obvious fact that strong authentication and securecommunication protocols in the Fog platform are missing.It is a rather alarming message for the research community.There has not been much research about the authenticationmechanism in the area of Fog computing. Although, severalresearchers have already proposed several solutions which wedescribed earlier in the taxonomy section. However, thosesolutions are still not able to cope with the Fog platform.Therefore, to design and develop a new authentication methodfor Fog computing, one must consider the following criteriaand how that it can cope up with the Fog platform smoothly.

• Authentication mechanisms must be compatible with theFog user, end devices(IoT devices), application servicesand Fog Service providers on the cloud-Fog-IoT platform.

• Conventional authentication mechanisms are inefficient,and there is a necessity for a secure, environment-friendly,efficient, and scalable solution to cope up with extensiveamount of IoT devices which has limited resource tofacilitated scalability and efficiency.

• Security and performance are both highly required interms of different contextual devices and applications.

• Must meet the dynamic behavior of the Fog environment,where Fog nodes dynamically leave and join frequentlyin the Fog network.

• Must ensure low complexity-based authentication interms of scalability of the Fog network.

• Ensure smooth authentication and re-authentication meth-ods in a dynamic manner.

• Design an efficient authentication method, of which acryptographic lightweight encryption algorithm should beconsidered between the Fog system and the IoT devicesthat can easily cope with the low processing power ofIoT devices.

• Authentication should be less costly, as well as providehigh usability and in return should be user friendly.

D. Access Control

In terms of the authentication mechanisms, there has notbeen much research work about access control methods inthe Fog computing environment. However, plenty of workhas been done in this field. Therefore, we still need to beable to accomplish an efficient design to draw the right kindof potential access and control model, with the intention tofacilitate a secure platform within the heterogeneous devicesin the Fog environment.

In the description section of access control, we mentioneda few access control models, describing their various features,characteristics and in the context of the Fog environment, wealso highlighted numerous drawbacks and limitations. Manyresearchers have mentioned that Attribute Based Encryp-tion(ABE) would be suitable as a method of owning access tocontrol in the cloud, Fog and IoT environments. Because ofthe heterogeneous characteristics of the Fog system, the ABEmethod should be reconstructed in order to mitigate the ma-jor challenges (Latency, policy-management, fine-grained andenforced by the cryptographic method) amongst the Cloud-Fog-IoT computing environment users.

On the other hand, in the Fog system, data originates, isencrypted and decrypted by miniaturized devices with lowcomputational powers. In such a case, deploying access controlmechanisms in that devices would be a burden and wouldneed heavy computational powers to process the access controlmechanism. Meanwhile, Fog devices are being placed near enddevices. In addition, Fog devices are much more computation-ally powerful than end user IoT devices. Therefore, to over-come the limitations of IoT devices, an outsource capabilitylightweight ABE based access control would be compatiblewith the Fog environment. As opposed to, Fog computing,which is dynamic in nature, there are numerous devices whichjoin and leave simultaneously in the Fog network., So, theaccess control policy and attributes of the users would bechanged according to this dynamic characteristic. Therefore, itis highly required that ABE-based access control mechanismsmust have the capability to assist in creating, updating, aswell as revoking the attributes of the users. With ABE basedaccess control, designing the revocation process would facesnew challenges, and how Fog collaborates with the cloudenvironment during the revocation process would need to bepart of further research.

Therefore, to design a new access control method for theFog platform, one must consider a few characteristics whichare as follows:

• As we have mentioned earlier, Fog is a fully virtualizedplatform by nature and it provides diversified environ-ments for the Fog network. In this case, there might bea chance in which a side-channeled-attack occurs dueto the nature of sharing resources amongst untrustedtenants. Therefore, it is a significant concern in termsof designing an access control method which must becapable to synthesize within the virtualized platform andmultitenant environment efficiently, and securely.

• Access control should be secure and efficient for the Fogenvironment computing on the basis of multi-authority,


as well as attribute-based, considering low computationwith outsourcing capabilities as well as attributes havethe means to control user revocation capability.

• An access control method should be lightweight and fine-grained due to the resource constraints suffered amongstIoT devices.

• An access control method must be capable to perform inboth centralized and distributed architectural environmentaccordingly.

E. Threats and Attacks

As we mentioned earlier, Fog computing faces varioussecurity and privacy issues. Due to the distributed nature andextensive amount of devices connected with it, often, theremight be a chance for a threat or an attack to occur. Inthe description section, we have already highlighted severalthreats and attacks and their impact in the Fog environment.Detection, identification and mitigation of these threats andattacks would be a challenging task in terms of the dynamicFog computing environment. However, in order to build areliable and trustworthy Fog platform, there is a researchgap and the lack of security solutions available to detect andidentify these threats and attacks needs to be addressed. Basedon our review across various threats and attacks, we havesuggested the following issues which need to be addressedin the future to overcome these challenges:

• Complex trust situations and insecure authentication andauthorization systems.

• Dynamic behavior such as creating, deleting, joining andleaving of Fog nodes, or servers in the Fog layer.

• Detection of malicious nodes or rogue nodes is a chal-lenging task because of the dynamic nature of leavingand joining by the Fog nodes.

• Implementing IDS in large-scale, geo-distributed withlow-latency requirement with highly mobile Fog com-puting systems is a complex task.

• Due to the distributed environment, hybrid detectiontechniques are required to identify malicious activities.

• Due to the resource constraints of the Fog devices,designing a high security and low cost threat and attackdetection is the key problem in the Fog.

• Identification and mitigation threats and attacks fromboth the Fog node and Fog user at the same time ischallenging.

F. Security Auditing

Audit rights provide a crucial risk mitigation tool regardingsecurity issues related to the Fog. Auditing security configura-tions in the Fog platform is a complex task, as it is a gatewayto the cloud platform and heavily relies on expert knowledge,which is required for understanding the different securityconfigurations. However, these systems can be imperfect, andnot user friendly for the home users and small companies.

In this Section, we explore various unique challenges thatisolate Fog security auditing from the traditional securityauditing or cloud security auditing protocols. These challenges

represent the significance of special provisions for Fog securityauditing in current or evolving security auditing standards.

Challenges:• The Fog computing landscape is dynamic and consists

of huge resources, where traditional data encryption ordecryption needs heavy computational overhead.

• Without proper technological support, it is challenging tomanage extensive amounts of different contextual data.

• To identify new security threats and defend against thosethreats is also a challenging task

• Fog computing brings easy accessibility to our workand personal lives, but with that accessibility comes newsecurity risks and challenges

• Understanding the different contexts of the Fog com-puting environment is important. Different contexts withregards to the environment’s security issues would bringabout different.

Questions:• How to encrypt or decrypt data and how to access that

data simultaneously?• How to perform auditing processes across different envi-

ronment data contexts?• Do you use the same matrix for the edge environment or

cloud environment?• Can your current risk assessment capture the risks cor-

rectly?• How to perform and manage real-time processing and

auditing at the same time?In order to overcome the above-mentioned challenges and

questions, it is highly required to develop an automaticmethod, which can be capable to recognize and identifysecurity infringements as well as mitigate those security risksin Fog computing. Further research needs to be carried out byutilizing Blockchain technology to mitigate security issues inFog.

G. Secure 5G Enable Fog Network

In the near future, Fog devices will be connected throughthe 5G network. Connecting Fog devices with 5G networkemerging new security challenges in mainly in the authentica-tion. The traditional one-way or mutual authentication processis not useful due to the authentication process between the userand services [163]. In this case, a new hybrid authenticationmodel is required. Using 5G, Fog will be useful to talkwith things and devices. For example, in a smart home andsmart city environment, one citizen needs an ambulance whichwill direct him to a specialized hospital near to the locationof the user where a remote surgery can perform. Here, ahybrid security mechanism is required to secure the wholeapplication environment since many parties are involved inthis processing. Any emergency environment similar to thisrequires a strong and reliable authentication process. Userprivacy is also important in such 5G enable Fog computingenvironment. Because, user data may pass through the variousuntrusted, third-party devices, network equipment, and accessnetworks. Hence, we need to explore more about hybrid


authentication methods and privacy protection in 5G enableFog network.

VII. CONCLUSION

The main objective of this study is to review, investigate andanalyze the issues of the Fog computing platform to recognizetheir probable security flaws. The obvious fact is that, there arenumerous security issues that did not exists in the traditionalcloud computing environment, of which need to be considered,as well as significant developments in the Fog environment.We fill the gap of the current literature by aggregating allsecurity aspects of Fog computing paradigm. We have alsoinvestigated the main challenges, and tried to exhibit themotives as to why the security methods in the cloud platformcannot be employed directly in Fog computing when it comesto auditing. In this study, we have introduced a taxonomy, byconsidering numerous security issues and protection accordingto the Fog environment, as well as briefly introduced anddiscussed these issues retrospectively. In addition, we alsodiscussed how blockchain could help to provide solutions tosome of the data security concerns in the Fog environment.At the end, we highlighted several threats and attacks whichmight be occur frequently under the circumstances of the Fogcomputing network.

Interestingly the Fog is a new paradigm, which thereforerequires mitigation of the associated security issues which arestill challenging tasks. With regards to the system architectureof Fog computing, researchers need to do further future workand figure out the challenges with respect to security within thethree tier architecture of the cloud-Fog-IoT computing system.As Fog computing is an extension of cloud computing, in thispaper we only covered the security issues concepts related toFog. We did not consider the security-related issues in thecloud.

In the future, we will be investigating and comparing andother similarly distributed environments and present thesesecurity issues and suitable solutions for the Fog.

REFERENCES

[1] Gartner, “Gartner says 8.4 billion connected ”things” will bein use in 2017, up 31 percent from 2016,” 2017. [Online].Available: https://www.gartner.com/en/newsroom/press-releases/2017-02-07-gartner-says-8-billion-connected-things-will-be-in-use-in-2017-up-31-percent-from-2016

[2] S. Symanovich, “The future of iot: 10 predictions about the internetof things,” cyber Security Blog, Norton by Symantec, Accessed, pp.02–17, 2019.

[3] M. D. Assuncao, R. N. Calheiros, S. Bianchi, M. A. Netto, andR. Buyya, “Big data computing and clouds: Trends and future direc-tions,” Journal of Parallel and Distributed Computing, vol. 79, pp.3–15, 2015.

[4] F. Bonomi, R. Milito, J. Zhu, and S. Addepalli, “Fog computing andits role in the internet of things,” in Proceedings of the first editionof the MCC workshop on Mobile cloud computing. ACM, 2012, pp.13–16.

[5] D. Kapil, P. Tyagi, S. Kumar, and V. P. Tamta, “Cloud computing:overview and research issues,” in Green Informatics (ICGI), 2017International Conference on. IEEE, 2017, pp. 71–76.

[6] D. Zissis and D. Lekkas, “Addressing cloud computing security issues,”Future Generation computer systems, vol. 28, no. 3, pp. 583–592, 2012.

[7] S. Yi, Z. Qin, and Q. Li, “Security and privacy issues of fog computing:A survey,” in International conference on wireless algorithms, systems,and applications. Springer, 2015, pp. 685–695.

[8] P. Zhang, M. Zhou, and G. Fortino, “Security and trust issues in fogcomputing: A survey,” Future Generation Computer Systems, vol. 88,pp. 16–27, 2018.

[9] S. Khan, S. Parkinson, and Y. Qin, “Fog computing security: areview of current applications and security solutions,” Journal of CloudComputing, vol. 6, no. 1, p. 19, 2017.

[10] A. Alrawais, A. Alhothaily, C. Hu, and X. Cheng, “Fog computingfor the internet of things: Security and privacy issues,” IEEE InternetComputing, vol. 21, no. 2, pp. 34–42, 2017.

[11] A. Rauf, R. A. Shaikh, and A. Shah, “Security and privacy for iotand fog computing paradigm,” in Learning and Technology Conference(L&T), 2018 15th. IEEE, 2018, pp. 96–101.

[12] I. Stojmenovic and S. Wen, “The fog computing paradigm: Scenariosand security issues,” in Computer Science and Information Systems(FedCSIS), 2014 Federated Conference on. IEEE, 2014, pp. 1–8.

[13] Y. Wang, T. Uehara, and R. Sasaki, “Fog computing: Issues andchallenges in security and forensics,” in Computer Software andApplications Conference (COMPSAC), 2015 IEEE 39th Annual, vol. 3.IEEE, 2015, pp. 53–59.

[14] R. Roman, J. Lopez, and M. Mambo, “Mobile edge computing, fog etal.: A survey and analysis of security threats and challenges,” FutureGeneration Computer Systems, vol. 78, pp. 680–698, 2018.

[15] H. Takabi, J. B. Joshi, and G.-J. Ahn, “Security and privacy challengesin cloud computing environments,” IEEE Security & Privacy, no. 6,pp. 24–31, 2010.

[16] S. K. Battula, S. Garg, R. K. Naha, P. Thulasiraman, and R. Thulasiram,“A micro-level compensation-based cost model for resource allocationin a fog environment,” Sensors, vol. 19, no. 13, p. 2954, 2019.

[17] R. K. Naha, S. Garg, D. Georgakopoulos, P. P. Jayaraman, L. Gao,Y. Xiang, and R. Ranjan, “Fog computing: survey of trends, architec-tures, requirements, and research directions,” IEEE access, vol. 6, pp.47 980–48 009, 2018.

[18] M. Soliman, T. Abiodun, T. Hamouda, J. Zhou, and C.-H. Lung,“Smart home: Integrating internet of things with web services andcloud computing,” in 2013 IEEE 5th international conference on cloudcomputing technology and science, vol. 2. IEEE, 2013, pp. 317–320.

[19] A. Zanella, N. Bui, A. Castellani, L. Vangelista, and M. Zorzi, “Internetof things for smart cities,” IEEE Internet of Things journal, vol. 1, no. 1,pp. 22–32, 2014.

[20] D. Kyriazis, T. Varvarigou, D. White, A. Rossi, and J. Cooper, “Sus-tainable smart city iot applications: Heat and electricity management &eco-conscious cruise control for public transportation,” in 2013 IEEE14th International Symposium on” A World of Wireless, Mobile andMultimedia Networks”(WoWMoM). IEEE, 2013, pp. 1–5.

[21] W. Ejaz, M. Naeem, A. Shahid, A. Anpalagan, and M. Jo, “Efficientenergy management for the internet of things in smart cities,” IEEECommunications Magazine, vol. 55, no. 1, pp. 84–91, 2017.

[22] Y. Yuehong, Y. Zeng, X. Chen, and Y. Fan, “The internet of things inhealthcare: An overview,” Journal of Industrial Information Integra-tion, vol. 1, pp. 3–13, 2016.

[23] J. Xu, Y. Andrepoulos, Y. Xiao, and M. van Der Schaar, “Non-stationary resource allocation policies for delay-constrained videostreaming: Application to video over internet-of-things-enabled net-works,” IEEE Journal on Selected Areas in Communications, vol. 32,no. 4, pp. 782–794, 2014.

[24] S. Tammishetty, T. Ragunathan, S. K. Battula, B. V. Rani, P. RaviBabu,R. Nagireddy, V. Jorika, and V. M. Reddy, “Iot-based traffic signalcontrol technique for helping emergency vehicles,” in Proceedings ofthe First International Conference on Computational Intelligence andInformatics. Springer, 2017, pp. 433–440.

[25] M. Gerla, E.-K. Lee, G. Pau, and U. Lee, “Internet of vehicles: Fromintelligent grid to autonomous cars and vehicular clouds,” in 2014 IEEEworld forum on internet of things (WF-IoT). IEEE, 2014, pp. 241–246.

[26] M. Tsugawa, A. Matsunaga, and J. A. Fortes, “Cloud computingsecurity: What changes with software-defined networking?” in SecureCloud Computing. Springer, 2014, pp. 77–93.

[27] S. Shin and G. Gu, “Cloudwatcher: Network security monitoring usingopenflow in dynamic cloud networks (or: How to provide securitymonitoring as a service in clouds?),” in Network Protocols (ICNP),2012 20th IEEE International Conference on. IEEE, 2012, pp. 1–6.

[28] N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson,J. Rexford, S. Shenker, and J. Turner, “Openflow: enabling innovationin campus networks,” ACM SIGCOMM Computer CommunicationReview, vol. 38, no. 2, pp. 69–74, 2008.

[29] F. Klaedtke, G. O. Karame, R. Bifulco, and H. Cui, “Access control forsdn controllers,” in Proceedings of the third workshop on Hot topicsin software defined networking. ACM, 2014, pp. 219–220.

https://www.gartner.com/en/newsroom/press-releases/2017-02-07-gartner-says-8-billion-connected-things-will-be-in-use-in-2017-up-31-percent-from-2016

https://www.gartner.com/en/newsroom/press-releases/2017-02-07-gartner-says-8-billion-connected-things-will-be-in-use-in-2017-up-31-percent-from-2016


[30] G. Press, “Idc: Top 10 technology predictions for 2015,” 2014.[Online]. Available: http://goo.gl/zFujnE

[31] K. Lee, D. Kim, D. Ha, U. Rajput, and H. Oh, “On security and privacyissues of fog computing supported internet of things environment,” inNetwork of the Future (NOF), 2015 6th International Conference onthe. IEEE, 2015, pp. 1–3.

[32] R. Lu, X. Liang, X. Li, X. Lin, and X. Shen, “Eppa: An efficientand privacy-preserving aggregation scheme for secure smart grid com-munications,” IEEE Transactions on Parallel and Distributed Systems,vol. 23, no. 9, pp. 1621–1631, 2012.

[33] K. Yang and X. Jia, “Data storage auditing service in cloud computing:challenges, methods and opportunities,” World Wide Web, vol. 15, no. 4,pp. 409–428, 2012.

[34] C. Modi, D. Patel, B. Borisaniya, H. Patel, A. Patel, and M. Rajarajan,“A survey of intrusion detection techniques in cloud,” Journal ofnetwork and computer applications, vol. 36, no. 1, pp. 42–57, 2013.

[35] L. A. Maglaras, J. Jiang, and T. J. Cruz, “Combining ensemble methodsand social network metrics for improving accuracy of ocsvm onintrusion detection in scada systems,” Journal of Information Securityand Applications, vol. 30, pp. 15–26, 2016.

[36] J. Valenzuela, J. Wang, and N. Bissinger, “Real-time intrusion detectionin power system operations,” IEEE Transactions on Power Systems,vol. 28, no. 2, pp. 1052–1062, 2013.

[37] Z. Qin, Q. Li, and M.-C. Chuah, “Defending against unidentifiableattacks in electric power grids,” IEEE Transactions on Parallel andDistributed Systems, vol. 24, no. 10, pp. 1961–1971, 2013.

[38] S. Anwar, J. Mohamad Zain, M. F. Zolkipli, Z. Inayat, S. Khan,B. Anthony, and V. Chang, “From intrusion detection to an intrusionresponse system: fundamentals, requirements, and future directions,”Algorithms, vol. 10, no. 2, p. 39, 2017.

[39] T. Cruz, L. Rosa, J. Proenca, L. Maglaras, M. Aubigny, L. Lev, J. Jiang,and P. Simoes, “A cybersecurity detection framework for supervisorycontrol and data acquisition systems,” IEEE Transactions on IndustrialInformatics, vol. 12, no. 6, pp. 2236–2246, 2016.

[40] I. S. Association et al., “Ieee 1934-2018-ieee standard for adoption ofopenfog reference architecture for fog computing,” 2018.

[41] H. Li and M. Singhal, “Trust management in distributed systems,”Computer, vol. 40, no. 2, 2007.

[42] F. H. Rahman, T.-W. Au, S. S. Newaz, W. S. Suhaili, and G. M. Lee,“Find my trustworthy fogs: A fuzzy-based trust evaluation framework,”Future Generation Computer Systems, 2018.

[43] M. Blaze, J. Feigenbaum, and J. Lacy, “Decentralized trust man-agement,” in Security and Privacy, 1996. Proceedings., 1996 IEEESymposium on. IEEE, 1996, pp. 164–173.

[44] J.-H. Cho, A. Swami, and R. Chen, “A survey on trust management formobile ad hoc networks,” IEEE Communications Surveys & Tutorials,vol. 13, no. 4, pp. 562–583, 2011.

[45] M. Mukherjee, R. Matam, L. Shu, L. Maglaras, M. A. Ferrag,N. Choudhury, and V. Kumar, “Security and privacy in fog computing:Challenges,” IEEE Access, vol. 5, pp. 19 293–19 304, 2017.

[46] J. Guo, R. Chen, and J. J. Tsai, “A survey of trust computation modelsfor service management in internet of things systems,” ComputerCommunications, vol. 97, pp. 1–14, 2017.

[47] I. Pranata, G. Skinner, and R. Athauda, “A holistic review on trustand reputation management systems for digital environments,” Interna-tional Journal of Computer and Information Technology, vol. 1, no. 1,pp. 44–53, 2012.

[48] F. A. Kraemer, A. E. Braten, N. Tamkittikhun, and D. Palma, “Fogcomputing in healthcarea review and discussion,” IEEE Access, vol. 5,pp. 9206–9222, 2017.

[49] A. Jøsang, R. Ismail, and C. Boyd, “A survey of trust and reputa-tion systems for online service provision,” Decision support systems,vol. 43, no. 2, pp. 618–644, 2007.

[50] E. Damiani, D. C. di Vimercati, S. Paraboschi, P. Samarati, and F. Vi-olante, “A reputation-based approach for choosing reliable resources inpeer-to-peer networks,” in Proceedings of the 9th ACM conference onComputer and communications security. ACM, 2002, pp. 207–216.

[51] P. Abhijit J and D. G. Syam Prasad, “Trust based security model foriot and fog based applications.” International Journal of Engineeringand Technology, vol. 7, p. 691, 03 2018.

[52] S. A. Soleymani, A. H. Abdullah, M. Zareei, M. H. Anisi, C. Vargas-Rosales, M. K. Khan, and S. Goudarzi, “A secure trust model based onfuzzy logic in vehicular ad hoc networks with fog computing,” IEEEAccess, vol. 5, pp. 15 619–15 629, 2017.

[53] T. Wang, G. Zhang, M. Z. A. Bhuiyan, A. Liu, W. Jia, and M. Xie,“A novel trust mechanism based on fog computing in sensor–cloudsystem,” Future Generation Computer Systems, 2018.

[54] J. Yuan and X. Li, “A reliable and lightweight trust computing mecha-nism for iot edge devices based on multi-source feedback informationfusion,” IEEE Access, vol. 6, pp. 23 626–23 638, 2018.

[55] T. D. Dang and D. Hoang, “A data protection model for fog com-puting,” in 2017 Second International Conference on Fog and MobileEdge Computing (FMEC), May 2017, pp. 32–38.

[56] E. Aghasian, S. Garg, and J. Montgomery, “User’s privacy in recom-mendation systems applying online social network data, a survey andtaxonomy,” arXiv preprint arXiv:1806.07629, 2018.

[57] A. Fu, J. Song, S. Li, G. Zhang, and Y. Zhang, “A privacy-preservinggroup authentication protocol for machine-type communication inlte/lte-a networks,” Security and Communication Networks, vol. 9,no. 13, pp. 2002–2014, 2016.

[58] E. Aghasian, S. Garg, L. Gao, S. Yu, and J. Montgomery, “Scoringusers privacy disclosure across multiple online social networks,” IEEEaccess, vol. 5, pp. 13 118–13 130, 2017.

[59] D. Koo, Y. Shin, J. Yun, and J. Hur, “A hybrid deduplication for secureand efficient data outsourcing in fog computing,” in Cloud ComputingTechnology and Science (CloudCom), 2016 IEEE International Con-ference on. IEEE, 2016, pp. 285–293.

[60] N. Cao, C. Wang, M. Li, K. Ren, and W. Lou, “Privacy-preservingmulti-keyword ranked search over encrypted cloud data,” IEEE Trans-actions on parallel and distributed systems, vol. 25, no. 1, pp. 222–233,2014.

[61] Z. Qin, S. Yi, Q. Li, and D. Zamkov, “Preserving secondary users’privacy in cognitive radio networks,” in INFOCOM, 2014 ProceedingsIEEE. IEEE, 2014, pp. 772–780.

[62] A. Rial and G. Danezis, “Privacy-preserving smart metering,” inProceedings of the 10th annual ACM workshop on Privacy in theelectronic society. ACM, 2011, pp. 49–60.

[63] H. A. Al Hamid, S. M. M. Rahman, M. S. Hossain, A. Almogren, andA. Alamri, “A security model for preserving the privacy of medical bigdata in a healthcare cloud using a fog computing facility with pairing-based cryptography,” IEEE Access, vol. 5, pp. 22 313–22 328, 2017.

[64] E. Novak and Q. Li, “Near-pri: Private, proximity based locationsharing,” in INFOCOM, 2014 Proceedings IEEE. IEEE, 2014, pp.37–45.

[65] C. Dwork, H. van Tilborg, and S. Jajodia, “Differential privacy.encyclopedia of cryptography and security,” 2011.

[66] W. Wei, F. Xu, and Q. Li, “Mobishare: Flexible privacy-preservinglocation sharing in mobile online social networks,” in INFOCOM, 2012Proceedings IEEE. IEEE, 2012, pp. 2616–2620.

[67] Z. Gao, H. Zhu, Y. Liu, M. Li, and Z. Cao, “Location privacy indatabase-driven cognitive radio networks: Attacks and countermea-sures,” in INFOCOM, 2013 Proceedings IEEE. IEEE, 2013, pp.2751–2759.

[68] S. McLaughlin, P. McDaniel, and W. Aiello, “Protecting consumerprivacy from electric load monitoring,” in Proceedings of the 18th ACMconference on Computer and communications security. ACM, 2011,pp. 87–98.

[69] H. Wang, Z. Wang, and J. Domingo-Ferrer, “Anonymous and secureaggregation scheme in fog-based public cloud computing,” FutureGeneration Computer Systems, vol. 78, pp. 712–719, 2018.

[70] R. Yang, Q. Xu, M. H. Au, Z. Yu, H. Wang, and L. Zhou, “Positionbased cryptography with location privacy: A step for fog computing,”Future Generation Computer Systems, vol. 78, pp. 799–806, 2018.

[71] P. Kumar, N. Zaidi, and T. Choudhury, “Fog computing: Commonsecurity issues and proposed countermeasures,” in System Modeling &Advancement in Research Trends (SMART), International Conference.IEEE, 2016, pp. 311–315.

[72] J. Liu, J. Li, L. Zhang, F. Dai, Y. Zhang, X. Meng, and J. Shen, “Secureintelligent traffic light control using fog computing,” Future GenerationComputer Systems, vol. 78, pp. 817–824, 2018.

[73] R. Lu, K. Heung, A. H. Lashkari, and A. A. Ghorbani, “A lightweightprivacy-preserving data aggregation scheme for fog computing-enhanced iot,” IEEE Access, vol. 5, pp. 3302–3312, 2017.

[74] E. Ahmadizadeh, E. Aghasian, H. P. Taheri, and R. F. Nejad, “Anautomated model to detect fake profiles and botnets in online socialnetworks using steganography technique,” IOSR Journal of ComputerEngineering (IOSR-JCE), vol. 17, pp. 65–71, 2015.

[75] E. Aghasian, S. Garg, and J. Montgomery, “A privacy-enhanced friend-ing approach for users on multiple online social networks,” Computers,vol. 7, no. 3, p. 42, 2018.

[76] I. Stojmenovic, S. Wen, X. Huang, and H. Luan, “An overview offog computing and its security issues,” Concurrency and Computation:Practice and Experience, vol. 28, no. 10, pp. 2991–3005, 2016.

http://goo.gl/zFujnE


[77] S. Mohammed, L. Ramkumar, and V. Rajasekar, “Password-basedauthentication in computer security: Why is it still there?”

[78] J. L. Tsai, “Efficient nonce-based authentication scheme for sessioninitiation protocol.” IJ Network Security, vol. 9, no. 1, pp. 12–16, 2009.

[79] R. Lu, Z. Cao, Z. Chai, and X. Liang, “A simple user authenticationscheme for grid computing.” IJ Network Security, vol. 7, no. 2, pp.202–206, 2008.

[80] M. Kumar, “An enhanced remote user authentication scheme with smartcard.” IJ Network Security, vol. 10, no. 3, pp. 175–184, 2010.

[81] C.-C. Lee, C.-H. Liu, and M.-S. Hwang, “Guessing attacks on strong-password authentication protocol.” IJ Network Security, vol. 15, no. 1,pp. 64–67, 2013.

[82] Z. M. Fadlullah, M. M. Fouda, N. Kato, A. Takeuchi, N. Iwasaki, andY. Nozaki, “Toward intelligent machine-to-machine communications insmart grid,” IEEE Communications Magazine, vol. 49, no. 4, 2011.

[83] D. Balfanz, D. K. Smetters, P. Stewart, and H. C. Wong, “Talkingto strangers: Authentication in ad-hoc wireless networks.” in NDSS.Citeseer, 2002.

[84] S. Bouzefrane, A. F. B. Mostefa, F. Houacine, and H. Cagnon,“Cloudlets authentication in nfc-based mobile computing,” in MobileCloud Computing, Services, and Engineering (MobileCloud), 2014 2ndIEEE International Conference on. IEEE, 2014, pp. 267–272.

[85] M. H. Ibrahim, “Octopus: An edge-fog mutual authentication scheme.”IJ Network Security, vol. 18, no. 6, pp. 1089–1101, 2016.

[86] A. Manzoor, M. A.-u.-H. Tahir, A. Wahid, M. A. Shah, and A. Akhun-zada, “Secure login using multi-tier authentication schemes in fogcomputing.”

[87] A. Vishwanath, R. Peruri, and J. S. He, Security in fog computingthrough encryption. DigitalCommons@ Kennesaw State University,2016.

[88] M. Wazid, A. K. Das, N. Kumar, and A. V. Vasilakos, “Design of securekey management and user authentication scheme for fog computingservices,” Future Generation Computer Systems, vol. 91, pp. 475–492,2019.

[89] C. Dsouza, G.-J. Ahn, and M. Taguinod, “Policy-driven securitymanagement for fog computing: Preliminary framework and a casestudy,” in Information Reuse and Integration (IRI), 2014 IEEE 15thInternational Conference on. IEEE, 2014, pp. 16–23.

[90] S. Alharbi, P. Rodriguez, R. Maharaja, P. Iyer, N. Subaschandrabose,and Z. Ye, “Secure the internet of things with challenge responseauthentication in fog computing,” in Performance Computing andCommunications Conference (IPCCC), 2017 IEEE 36th International.IEEE, 2017, pp. 1–2.

[91] A. B. Amor, M. Abid, and A. Meddeb, “A privacy-preserving authenti-cation scheme in an edge-fog environment,” in Computer Systems andApplications (AICCSA), 2017 IEEE/ACS 14th International Conferenceon. IEEE, 2017, pp. 1225–1231.

[92] P. Hu, H. Ning, T. Qiu, H. Song, Y. Wang, and X. Yao, “Securityand privacy preservation scheme of face identification and resolutionframework using fog computing in internet of things,” IEEE Internetof Things Journal, vol. 4, no. 5, pp. 1143–1155, 2017.

[93] D. A. Ha, K. T. Nguyen, and J. K. Zao, “Efficient authenticationof resource-constrained iot devices based on ecqv implicit certificatesand datagram transport layer security protocol,” in Proceedings of theSeventh Symposium on Information and Communication Technology.ACM, 2016, pp. 173–179.

[94] P. Gope and B. Sikdar, “Lightweight and privacy-preserving two-factor authentication scheme for iot devices,” IEEE Internet of ThingsJournal, 2018.

[95] P. Zhang, J. K. Liu, F. R. Yu, M. Sookhak, M. H. Au, and X. Luo,“A survey on access control in fog computing,” IEEE CommunicationsMagazine, vol. 56, no. 2, pp. 144–149, Feb 2018.

[96] N. Meghanathan, “Review of access control models for cloud com-puting,” Computer Science & Information Science, vol. 3, no. 1, pp.77–85, 2013.

[97] K. Vohra and M. Dave, “Multi-authority attribute based data accesscontrol in fog computing,” Procedia Computer Science, vol. 132, pp.1449–1457, 2018.

[98] R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman, “Role-based access control models,” Computer, vol. 29, no. 2, pp. 38–47,1996.

[99] K. Punithasurya and S. Jeba Priya, “Analysis of different access controlmechanism in cloud,” International Journal of Applied InformationSystems (IJAIS), Foundation of Computer Science FCS, vol. 4, no. 2,2012.

[100] M. Sookhak, F. R. Yu, M. K. Khan, Y. Xiang, and R. Buyya, “Attribute-based data access control in mobile cloud computing: Taxonomy andopen issues,” Future Generation Computer Systems, vol. 72, pp. 273–287, 2017.

[101] C. Langaliya and R. Aluvalu, “Enhancing cloud security throughaccess control models: A survey,” International Journal of ComputerApplications, vol. 112, no. 7, 2015.

[102] A. Sahai and B. Waters, “Fuzzy identity-based encryption,” in AnnualInternational Conference on the Theory and Applications of Crypto-graphic Techniques. Springer, 2005, pp. 457–473.

[103] V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-based encryp-tion for fine-grained access control of encrypted data,” in Proceedingsof the 13th ACM conference on Computer and communications secu-rity. Acm, 2006, pp. 89–98.

[104] J. Bethencourt, A. Sahai, and B. Waters, “Ciphertext-policy attribute-based encryption,” in Security and Privacy, 2007. SP’07. IEEE Sym-posium on. IEEE, 2007, pp. 321–334.

[105] Y. Wang, L. Wei, X. Tong, X. Zhao, and M. Li, “Cp-abe based accesscontrol for cloud storage,” in Information Technology and IntelligentTransportation Systems. Springer, 2017, pp. 463–472.

[106] F. Li, Y. Rahulamathavan, M. Conti, and M. Rajarajan, “Robust accesscontrol framework for mobile cloud computing network,” ComputerCommunications, vol. 68, pp. 61–72, 2015.

[107] S. Salonikias, I. Mavridis, and D. Gritzalis, “Access control issues inutilizing fog computing for transport infrastructure,” in InternationalConference on Critical Information Infrastructures Security. Springer,2015, pp. 15–26.

[108] L. Popa, M. Yu, S. Y. Ko, S. Ratnasamy, and I. Stoica, “Cloudpolice:Taking access control out of the network,” p. 7, 01 2010.

[109] P. Zhang, Z. Chen, J. K. Liu, K. Liang, and H. Liu, “An efficientaccess control scheme with outsourcing capability and attribute updatefor fog computing,” Future Generation Computer Systems, vol. 78, pp.753–762, 2018.

[110] L. Popa, M. Yu, S. Y. Ko, S. Ratnasamy, and I. Stoica, “Cloudpolice:taking access control out of the network,” in Proceedings of the 9thACM SIGCOMM Workshop on Hot Topics in Networks. ACM, 2010,p. 7.

[111] K. Fan, J. Wang, X. Wang, H. Li, and Y. Yang, “A secure and verifiableoutsourced access control scheme in fog-cloud computing,” Sensors,vol. 17, no. 7, p. 1695, 2017.

[112] M. Xiao, J. Zhou, X. Liu, and M. Jiang, “A hybrid scheme for fine-grained search and access authorization in fog computing environment,”Sensors, vol. 17, no. 6, p. 1423, 2017.

[113] Z. Yu, M. H. Au, Q. Xu, R. Yang, and J. Han, “Towards leakage-resilient fine-grained access control in fog computing,” Future Gener-ation Computer Systems, vol. 78, pp. 763–777, 2018.

[114] B. Zaghdoudi, H. K.-B. Ayed, and W. Harizi, “Generic access controlsystem for ad hoc mcc and fog computing,” in International Conferenceon Cryptology and Network Security. Springer, 2016, pp. 400–415.

[115] P. Hu, S. Dhelim, H. Ning, and T. Qiu, “Survey on fog computing:architecture, key technologies, applications and open issues,” Journalof Network and Computer Applications, vol. 98, pp. 27–42, 2017.

[116] H. Han, B. Sheng, C. C. Tan, Q. Li, and S. Lu, “A measurement basedrogue ap detection scheme,” in INFOCOM 2009, IEEE. IEEE, 2009,pp. 1593–1601.

[117] H. Han, B. Sheng, C. C. Tan, Q. Li, and S. Lu, “A timing-based schemefor rogue ap detection,” IEEE Transactions on parallel and distributedSystems, vol. 22, no. 11, pp. 1912–1925, 2011.

[118] L. Ma, A. Y. Teymorian, and X. Cheng, “A hybrid rogue access pointprotection framework for commodity wi-fi networks,” in INFOCOM2008. The 27th Conference on Computer Communications. IEEE.IEEE, 2008, pp. 1220–1228.

[119] A. V. Dastjerdi and R. Buyya, “Fog computing: Helping the internetof things realize its potential,” Computer, vol. 49, no. 8, pp. 112–116,2016.

[120] H. Madsen, B. Burtschy, G. Albeanu, and F. Popentiu-Vladicescu,“Reliability in the utility computing era: Towards reliable fog comput-ing,” in Systems, Signals and Image Processing (IWSSIP), 2013 20thInternational Conference on. IEEE, 2013, pp. 43–46.

[121] P. K. Patra, H. Singh, and G. Singh, “Fault tolerance techniquesand comparative implementation in cloud computing,” InternationalJournal of Computer Applications, vol. 64, no. 14, 2013.

[122] P. Latchoumy and P. S. A. Khader, “Survey on fault tolerance in gridcomputing,” International Journal of Computer Science and Engineer-ing Survey, vol. 2, no. 4, p. 97, 2011.


[123] B. Lussier, A. Lampe, R. Chatila, J. Guiochet, F. Ingrand, M.-O.Killijian, and D. Powell, “Fault tolerance in autonomous systems: Howand how much?” in 4th IARP-IEEE/RAS-EURON Joint Workshop onTechnical Challenges for Dependable Robots in Human Environments(DRHE), 2005.

[124] A. Bala and I. Chana, “Fault tolerance-challenges, techniques and im-plementation in cloud computing,” International Journal of ComputerScience Issues (IJCSI), vol. 9, no. 1, p. 288, 2012.

[125] Y. Wu, H. Song, Y. Xiong, Z. Zheng, Y. Zhang, and G. Huang, “Modeldefined fault tolerance in cloud,” in Proceedings of the 6th Asia-PacificSymposium on Internetware on Internetware. ACM, 2014, pp. 116–119.

[126] M. S. A. Latiff et al., “A checkpointed league championship algorithm-based cloud scheduling scheme with secure fault tolerance responsive-ness,” Applied Soft Computing, vol. 61, pp. 670–680, 2017.

[127] F.-C. Jiang and C.-H. Hsu, “Fault-tolerant system design on cloudlogistics by greener standbys deployment with petri net model,” Neu-rocomputing, vol. 256, pp. 90–100, 2017.

[128] Y. Liu, J. E. Fieldsend, and G. Min, “A framework of fog computing:Architecture, challenges, and optimization,” IEEE Access, vol. 5, pp.25 445–25 454, 2017.

[129] Y. Sharma, B. Javadi, W. Si, and D. Sun, “Reliability and energyefficiency in cloud computing systems: Survey and taxonomy,” Journalof Network and Computer Applications, vol. 74, pp. 66–85, 2016.

[130] R. Sandhu, A. S. Sohal, and S. K. Sood, “Identification of maliciousedge devices in fog computing environments,” Information SecurityJournal: A Global Perspective, vol. 26, no. 5, pp. 213–228, 2017.

[131] Z. Li, X. Zhou, Y. Liu, H. Xu, and L. Miao, “A non-cooperativedifferential game-based security model in fog computing,” ChinaCommunications, vol. 14, no. 1, pp. 180–189, 2017.

[132] A. S. Sohal, R. Sandhu, S. K. Sood, and V. Chang, “A cybersecurityframework to identify malicious edge device in fog computing andcloud-of-things environments,” Computers & Security, vol. 74, pp.340–354, 2018.

[133] BBCNews, “Bbc, cyber attacks briefly knock out top sites,” 2016. [On-line]. Available: URLhttp://www.bbc.com/news/technology-37728015

[134] BBC, “Bbc, smart home devices used as weapons inwebsite attack,” 2016. [Online]. Available: http://www.bbc.com/news/technology-37738823

[135] M. Arrington, “In our inbox: Hundreds of confidential twitterdocuments,” July 2009.[Online]. Available: http://techcrunch.com/2009/07/14/in-our-inbox-hundreds-of-confidential-twitterdocuments, 2009.

[136] D. Takahashi, “French hacker who leaked twitter documentsto techcrunch is busted,” March 2010.[On-line]. Available:http://venturebeat. com/2010/03/24/french-hackerwho-leaked-twitter-documents-to-techcrunch-isbusted, 2010.

[137] P. Allen, “Obamas twitter password revealed after french hackerarrested for breaking into us presidents account,” March 2010, 2010.

[138] F. Rocha and M. Correia, “Lucy in the sky without diamonds: Stealingconfidential data in the cloud,” in Dependable Systems and NetworksWorkshops (DSN-W), 2011 IEEE/IFIP 41st International Conferenceon. IEEE, 2011, pp. 129–134.

[139] J. Pepitone, “Dropboxs password nightmare highlights cloud risks,”June 2011, 2011.

[140] S. J. Stolfo, M. B. Salem, and A. D. Keromytis, “Fog computing:Mitigating insider data theft attacks in the cloud,” in Security andPrivacy Workshops (SPW), 2012 IEEE Symposium on. IEEE, 2012,pp. 125–128.

[141] T. Wang, J. Zhou, M. Huang, M. Z. A. Bhuiyan, A. Liu, W. Xu, andM. Xie, “Fog-based storage technology to fight with cyber threat,”Future Generation Computer Systems, vol. 83, pp. 208–218, 2018.

[142] S. Homayoun, A. Dehghantanha, M. Ahmadzadeh, S. Hashemi,R. Khayami, K.-K. R. Choo, and D. E. Newton, “Drthis: Deepransomware threat hunting and intelligence system at the fog layer,”Future Generation Computer Systems, vol. 90, pp. 94–104, 2019.

[143] F. Hosseinpour, P. Vahdani Amoli, J. Plosila, T. Hamalainen, andH. Tenhunen, “An intrusion detection system for fog computing andiot based logistic systems using a smart data approach,” InternationalJournal of Digital Content Technology and its Applications, vol. 10,2016.

[144] S. Alharbi, P. Rodriguez, R. Maharaja, P. Iyer, N. Bose, and Z. Ye, “Fo-cus: A fog computing-based security system for the internet of things,”in Consumer Communications & Networking Conference (CCNC),2018 15th IEEE Annual. IEEE, 2018, pp. 1–5.

[145] A. Fu, S. Yu, Y. Zhang, H. Wang, and C. Huang, “Npp: a new privacy-aware public auditing scheme for cloud data sharing with group users,”IEEE Transactions on Big Data, 2017.

[146] S. Parkinson, Y. Qin, S. Khan, and M. Vallati, “Security auditing inthe fog,” in Proceedings of the Second International Conference onInternet of Things, Data and Cloud Computing, ser. ICC ’17. NewYork, NY, USA: ACM, 2017, pp. 191:1–191:9. [Online]. Available:http://doi.acm.org/10.1145/3018896.3056808

[147] S. Bleikertz, M. Schunter, C. W. Probst, D. Pendarakis, and K. Eriks-son, “Security audits of multi-tier virtual infrastructures in publicinfrastructure clouds,” in Proceedings of the 2010 ACM workshop onCloud computing security workshop. ACM, 2010, pp. 93–102.

[148] C. Wang, S. S. Chow, Q. Wang, K. Ren, and W. Lou, “Privacy-preserving public auditing for secure cloud storage,” IEEE Transactionson computers, vol. 62, no. 2, pp. 362–375, 2013.

[149] C. Wang, K. Ren, W. Lou, and J. Li, “Toward publicly auditable securecloud data storage services,” IEEE network, vol. 24, no. 4, 2010.

[150] M. A. Shah, R. Swaminathan, and M. Baker, “Privacy-preserving auditand extraction of digital contents.” IACR Cryptology ePrint Archive,vol. 2008, p. 186, 2008.

[151] L. A. Mohammed and K. Munir, “Secure third party auditor (tpa)for ensuring data integrity in fog computing,” International Journalof Network Security & Its Applications (IJNSA) Vol, vol. 10, 2018.

[152] M. Spremic, “Standards and frameworks for information system secu-rity auditing and assurance,” in World Congress on Engineering, 2011,pp. 978–988.

[153] J. Ryoo, S. Rizvi, W. Aiken, and J. Kissell, “Cloud security auditing:challenges and emerging approaches,” IEEE Security & Privacy, no. 1,pp. 1–1, 2014.

[154] U. Franke and J. Brynielsson, “Cyber situational awareness–a system-atic review of the literature,” Computers & Security, vol. 46, pp. 18–31,2014.

[155] S. L. Garfinkel, “Digital forensics research: The next 10 years,” digitalinvestigation, vol. 7, pp. S64–S73, 2010.

[156] G. Zyskind, O. Nathan et al., “Decentralizing privacy: Usingblockchain to protect personal data,” in Security and Privacy Workshops(SPW), 2015 IEEE. IEEE, 2015, pp. 180–184.

[157] S. Tuli, R. Mahmud, S. Tuli, and R. Buyya, “Fogbus: A blockchain-based lightweight framework for edge and fog computing,” arXivpreprint arXiv:1811.11978, 2018.

[158] P. K. Sharma, M.-Y. Chen, and J. H. Park, “A software defined fog nodebased distributed blockchain cloud architecture for iot,” IEEE Access,vol. 6, pp. 115–124, 2018.

[159] J. W. Jeong, B. Y. Kim, and J. W. Jang, “Security and device controlmethod for fog computer using blockchain,” in Proceedings of the 2018International Conference on Information Science and System. ACM,2018, pp. 234–238.

[160] M. Samaniego and R. Deters, “Using blockchain to push software-defined iot components onto edge hosts,” in Proceedings of the Inter-national Conference on Big Data and Advanced Wireless Technologies.ACM, 2016, p. 58.

[161] A. Dorri, S. S. Kanhere, and R. Jurdak, “Blockchain in internet ofthings: challenges and solutions,” arXiv preprint arXiv:1608.05187,2016.

[162] H. Antunes, “Blockchain and fog: Made for each other,” 2018.[Online]. Available: https://bit.ly/2BmIaRp

[163] L. Index, HUAWEI TECHNOLOGIES CO., “5g security: Forwardthinking huawei white paper,” 2015.

Abdullah Al-Noman Patwary is currently pursuingthe Master’s degree in the field of computer scienceand engineering from Nanjing University of Scienceand Technology. He is actually well-versed in mostthings network or information security related. Hisresearch interests include Fog Computing security,IoT security and Cloud Computing security. Hereceived the bachelor’s degree in computer scienceand engineering from State University of Bangladeshin 2014. Since 2014-2016, he has been working as asystem administrator at Creative IT Ltd, Bangladesh.

URL http://www.bbc.com/news/technology-37728015

http://www.bbc.com/news/technology-37738823

http://www.bbc.com/news/technology-37738823

http://doi.acm.org/10.1145/3018896.3056808

https://bit.ly/2BmIaRp


Anmin Fu is an associate professor and supervisorof Ph.D. students of Nanjing University of Scienceand Technology, China. He received his B.S. de-gree in Communication Engineering from LanzhouUniversity of Technology, China, in 2005. He re-ceived his M.S. and Ph.D. degrees in Cryptographyand Information Security from Xidian University in2008 and 2011, respectively. His research interestsinclude cloud computing security, wireless securityand applied cryptography.

Ranesh Kumar Naha is currently pursuing hisPh.D. studies on reliable resource allocation andscheduling in Fog computing environment with theUniversity of Tasmania. He has been awarded Tas-mania Graduate Research Scholarship (TGRS) forsupporting his studies. His research interests includewired and wireless network, parallel and distributedcomputing, Cloud computing, Internet of Things(IoT), and Fog computing. He received his Mas-ter of Science (M.Sc.) degree from Department ofCommunication Technology and Network, Faculty

of Computer Science and Information Technology, Universiti Putra Malaysia,in 2015. He received B.Sc. degree in Computer Science and Engineeringfrom State University of Bangladesh in 2008. During his master study he hasbeen awarded Commonwealth Scholarship provided by Ministry of HigherEducation, Malaysia. He served as Lecturer until 2011 in Daffodil Instituteof IT, Bangladesh.

Battula Sudheer Kumar received his Master ofTechnology degree in software engineering in 2012.He is currently pursuing his Ph.D. studies on re-source management in Fog computing environmentwith the University of Tasmania. He has beenawarded Tasmania Graduate Research Scholarship(TGRS) for supporting his studies. His researchinterests includes Fog computing, Distributed filesystems, Cloud computing, Internet of Things (IoT),and Big Data.

Dr. Saurabh Garg is currently a Lecturer with theUniversity of Tasmania, Australia. He is one of thefew Ph.D. students who completed in less than threeyears from the University of Melbourne. He hasauthored over 40 papers in highly cited journalsand conferences. During his Ph.D., he has beenreceived various special scholarships for his Ph.D.candidature. His research interests include resourcemanagement, scheduling, utility and grid comput-ing, Cloud computing, green computing, wirelessnetworks, and ad hoc networks.

Md Anwarul Kaium Patwary completed his Mas-ter of Science in Computer Science from the Uni-versiti Putra Malaysia. He is currently pursuing aPhD in Computer Engineering at the University ofTasmania. His research interests include dynamicgraph partitioning, graph algorithms, load balancing,and distributed computing.

Erfan Aghasian received the B.Eng. degree in in-formation technology from Qazvin Azad Universityand the M.Sc. degree in information technologymanagement from the University Technology ofMalaysia. He is currently pursuing the Ph.D. degreein information technology with the University ofTasmania. His research interests include computersystems and network security, data security and dataanonymisation.

Authentication, Access Control, Privacy, Threats and Trust ...

Documents