Adaptive Contextual Risk-Based Model to Tackle Confidentiality-Based Attacks in Fog-IoT Paradigm
Abstract
:1. Introduction
2. Background and Literature Review
- Decentralisation—fog nodes are an independent entity which can manage the resource and services and do not require a centralised server to control the system [4].
- Low latency—fog node is closer to the Fog-IoT end devices. Thus the latency is lowered compared to when accessing to the cloud directly [4].
- Large scale IoT applications support—Fog computing supports large-scale IoT applications such as environmental monitoring and climate change monitoring, which bring heavy management overhead to the centralised cloud.
- Heterogeneity—fog computing is a virtualised platform that offers computational, networking, and storage services between cloud computing and end devices. It serves as a building block, as it exists in different forms, and can be deployed in wide-ranging environments.
- Interplay with cloud—cloud computing is a central global entity, and the fog node focuses on localised data processing. Big Data analysis and machine learning use both cloud and fog computing to perform data analysis.
- Predominance of wireless access—cloud layer provides global coverage, which is used as a repository to store years of data. This information is typically used in machine learning analysis and metric systems using indicators.
- Online analytics—many applications require both Fog localisation and Cloud globalisation, mainly for analytics and Big Data. This first tier of the Fog, designed for machine-to-machine (M2M) interaction, collects and processes the data and issues control commands to the actuators. It also filters the data to be consumed locally and sends the rest to the higher tiers. The second and third-tier deal with visualisation and reporting (human-to-machine (HMI) interactions), as well as systems and processes (M2M). The timescales of these interactions range from seconds to minutes (real-time analytics) and even days (transactional analytics). Some data relates to protection and control loops that require real-time processing (from milliseconds to sub-seconds).
- Mobility support—fog computing applications enable direct communication with mobile devices using protocols such as Cisco’s Locator/ID Separation Protocol that decouples host identity from location identity using a distributed directory system.
- Geographic distribution—fog computing must support different storage levels from the lowest tier to the highest tier. The higher the level, the broader geographical coverage, and the longer the time scale.
- Location awareness—the location of fog nodes can be traced actively or passively to support devices with rich services at the network edge. Fog computing dedicates to local IoT applications accessible for the devices in certain areas via specific fog nodes. Therefore, it is aware of the devices’ regions based on the locations of fog nodes [4].
2.1. Security Attacks
2.2. Access Control in Fog-IoT
2.3. Risk-Based Access Control Model
2.4. Authentication in Fog-IoT
Evaluation of MQTT Authentication
3. Research Methodology
3.1. Evaluation Metrics
3.1.1. MQTT Plugin vs. MQTT
3.1.2. Risk Model and Factor Quantification
3.1.3. Case Scenario of Testing the Proposed Model against Man-in-the-Middle Attack
4. Adaptive Contextual Risk-Based Model
4.1. Proposed Contextual Risk-Based Model Operation Flow
- End Device Layer—this layer is similar to the physical layer of the Open Standard Interconnection (OSI) model. It consists of sensors, actuators, and microcontrollers. The motive of this layer is to gather data from IoT devices, and then these data are transmitted to fog nodes through a communication channel such as WiFi. These devices are limited with a resource such as power and storage. The data or the connection can be monitored and managed in the same Local Area Network (LAN) using a monitoring dashboard or tools. In this study, the temperature and humidity sensor is used to test the Fog-IoT. The sensors are plugged into the NodeMCU IoT platform, and the data are transmitted using a WiFi network. MQTT protocol version 5.1.1 is used in this layer to publish the data. The publisher is programmed using the C/C++ programming language by Arduino IDE.
- Gateway and Switching Layer—the motive of this layer is to transmit the information from the end devices to the fog node or obtain the response from the fog node to the end device. In this study, the NodeMCU with a dht22 sensor is connected to the fog layer using the IEEE802.11n access point.
- Fog Node Layer—this layer consists of three sections: Fog Node Manager, known as an MQTT broker, the adaptive monitoring security agent, and the actual fog node, which are analysed based on the data. This layer considers the “middle man” and obtains the temperature and humidity data from the dht22 sensor. Then, the fog server does the data filtering and sends the data to the cloud server. The fog node uses the EMQX broker to subscribe to the data from the sensors using the Node.js Application Program Interface (API). These data are temporarily stored in the fog server before sending it to the cloud. EMQX broker applies the adaptive security framework to authenticate the clients.
- Cloud Layer—this layer aims to store important data permanently. In this study, the Google cloud server database is used to store the data. The data are pushed from the fog layer whenever needed.
4.2. Adaptive MQTT Broker for Communications
- Broker—in this study, the EMQX broker is used to set up the localhost machine. This is to allow for the complete control of the broker. The broker provides a web dashboard and backend access. NodeMCU with dht22 sensors are connected directly to the broker and can publish the temperature and humidity data. The fog server can authenticate the broker to obtain the data.
- Authentication Plugin—the MQTT server controls the client access authentication step. The EMQX allows authentication setup in a different layer, such as the transport layer and application layer. It allows the support of different layers. The MySQL authentication technique is used to enhance the current authentication scheme. MySQL script plugin is used to set up the MySQL database connection and query filtering. The SQL query provides results, and the results are validated against the rules check in the configuration file. The broker uses a hardcoded token to check the allowed device list to authenticate. This token is used by the device as well; if the selected user exists and the risk is less than 0.3, the device can authenticate.
- MySQL—the devices and the broker communicate with this user table, which contains the username, password, risk factor value, and IP address to validate the info.
- Publisher—after the MQTT client establishes the connection with the broker, the client can publish messages. MQTT filters the messages using a topic on the broker. Every message contains a topic which the broker helps to send to the subscribed clients. Every MQTT packet payload contains the data to transmit in byte format. The use case of the client decides on the payload structure. The client can publish the data in binary data, text data, or even XML or JSON. NodeMCU uses the dht22 sensor to establish a connection and publish the data EMQX. The MQTT packet of a published message has several attributes.
- Subscriber—the client receives the data from the broker known as a subscriber. A subscriber usually presents in an IoT network as some entity that needs to acquire the data. The client needs to send a subscription message on the topic of interest to the MQTT broker. The subscription message contains a unique identifier and a list of subscriptions— in this research, the client subscription to the fog server. Once the data is obtained, it performs the data filtering algorithm and selectively pushes it to the cloud.
4.3. Access Control Construction with Risk Assessment
- A sensor or a device that communicates with other devices denotes a client by S.
- Client, S, executes an action, A.
- An outcome, O, of an action, A, is a consequence.
- Context, k, is information related to the current action.
- Consequence, c(O), is a function for calculating the cost of each outcome, O.
- Risk, RV (O, a), is a function for calculating risk value.
4.4. Access Control Construction Using Fuzzy Logic
5. Results and Findings
5.1. Evaluation of Proposed Contextual Risk Model
5.2. Study of Security Analysis
6. Discussion
6.1. Enhanced MQTT Authentication Method in Fog-IoT Network
6.2. Contextual Risk Model to Quantify Risk
6.3. Adaptive Monitoring Security Agent
6.4. Evaluation of Proposed Architecture
6.5. Benchmarking Analysis
7. Conclusions and Future Work
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
Appendix A
Input Variable: Time | ||
---|---|---|
Value | Notation | Range |
Low | L | [0 0 0.5] |
Medium | M | [0 0.5 1] |
High | H | [0.5 1 1] |
Input Variable: Network Type | ||
Value | Notation | Range |
Low | L | [0 0 1] |
High | H | [0 1 1] |
Input Variable: Device Info | ||
Value | Notation | Range |
Low | L | [0 0 0.5] |
Medium | M | [0 0.5 1] |
High | H | [0.5 1 1] |
Input Variable: Location | ||
Value | Notation | Range |
Low | L | [0 0 1] |
High | H | [0 1 1] |
Input Variable: Action | ||
Value | Notation | Range |
Low | L | [0 0 0.25 0.4] |
Medium | M | [0.35 0.5 0.7] |
High | H | [0.6 0.7 1 1] |
Input Variable: Past Risk | ||
Value | Notation | Range |
Low | L | [0 0 0.4] |
Medium | M | [0.3 0.5 0.7] |
High | H | [0.6 1 1] |
Output Variable: Risk | ||
Value | Notation | Range |
Negligible | N | [0 0.01455 0.179 0.3] |
Low | L | [0.1 0.3 0.4] |
Medium | M | [0.2 0.343 0.517 0.6] |
High | H | [0.4 0.6 0.8] |
Very high | VH | [0.743 0.793 0.941 1] |
References
- Al Agha, K.; Pujolle, G.; Ali-Yahiya, T. Mobile and Wireless Networks; John Wiley Sons: Hoboken, NJ, USA, 2016; Volume 2, pp. 283–306. [Google Scholar]
- Grover, K.; Lim, A. A survey of broadcast authentication schemes for wireless networks. Ad Hoc Netw. 2015, 24, 288–316. [Google Scholar] [CrossRef]
- Grammatikis, P.I.R.; Sarigiannidis, P.G.; Moscholios, I.D. Securing the Internet of Things: Challenges, threats and solutions. Internet Things 2019, 5, 41–70. [Google Scholar] [CrossRef]
- Atlam, H.F.; Walters, R.J.; Wills, G.B. Fog Computing and the Internet of Things: A Review. Big Data Cogn. Comput. 2018, 2, 10. [Google Scholar] [CrossRef] [Green Version]
- Gartner. Gartner Adaptive Security Architecture Model. Gartner Presentation. 2016. Available online: https://www.gigamon.com/lp/gartner-adaptive-security-architecture-model.html (accessed on 20 August 2021).
- Wilson, Y.; Hingnikar, A. OpenID Connect. In Solving Identity Management in Modern Applications; Apress: New York, NY, USA, 2019; pp. 77–97. [Google Scholar] [CrossRef]
- Mohanapriya, M.; Krishnamurthi, I. Modified DSR protocol for detection and removal of selective black hole attack in MANET. Comput. Electr. Eng. 2014, 40, 530–538. [Google Scholar] [CrossRef]
- Aziz, B.A. On the security of the MQTT protocol. Eng. Secur. Internet Things Syst. 2016, 159–178. [Google Scholar] [CrossRef]
- Agoni, A.; Dlodlo, E.M. IP Spoofing Detection for Preventing DDoS Attack in Fog Computing. In Proceedings of the 6th Global Wireless Summit (GWS) 2018, Chiang Rai, Thailand, 25–28 November 2018; pp. 43–46. [Google Scholar] [CrossRef]
- Stojmenovic, I.; Wen, S. The Fog computing paradigm: Scenarios and security issues. In Proceedings of the 2014 Federated Conference on Computer Science and Information Systems, Warsaw, Poland, 7–10 September 2014. [Google Scholar] [CrossRef] [Green Version]
- Kartheek, D.N.; Bhushan, B. Security Issues in Fog Computing for Internet of Things. In Architecture and Security Issues in Fog Computing Applications; IGI Global: Hershey, PA, USA, 2019. [Google Scholar]
- Diep, N.N.; Lee, S.; Lee, Y.K.; Lee, H. Contextual risk-based access control. In Proceedings of the International Conference on Security & Management, SAM 2007, Las Vegas, NV, USA, 25–28 June 2007; CSREA: Las Vegas, NV, USA; pp. 406–412. [Google Scholar]
- Bonomi, F.; Milito, R.; Zhu, J.; Addepalli, S. Fog Computing and Its Role in the Internet of Things. In Advancing Consumer-Centric Fog Computing Architectures; Munir, K., Ed.; IGI Global: Hershey, PA, USA, 2012; pp. 63–71. [Google Scholar] [CrossRef]
- Khan, S.; Parkinson, S.; Qin, Y. Fog computing security: A review of current applications and security solutions. J. Cloud Comput. 2017, 6, 1–22. [Google Scholar] [CrossRef]
- Vaquero, L.M.; Rodero-Merino, L. Finding your Way in the Fog. ACM SIGCOMM Comput. Commun. Rev. 2014, 44, 27–32. [Google Scholar] [CrossRef]
- Liu, J.; Xiao, Y.; Chen, C.L.P. Authentication and access control in the Internet of things. In Proceedings of the 2012 32nd International Conference on Distributed Computing Systems Workshops, Macau, China, 18–21 June 2012; pp. 588–592. [Google Scholar] [CrossRef]
- Alrawais, A.; Alhothaily, A.; Hu, C.; Cheng, X. Fog. Computing for the Internet of Things: Security and Privacy Issues. IEEE Internet Comput. 2017, 21, 34–42. [Google Scholar] [CrossRef]
- Cheng, P.C.; Rohatgi, P.; Keser, C.; Karger, P.A.; Wagner, G.M.; Reninger, A.S. Fuzzy Multi-Level Security: An experiment on quantified risk-adaptive access control. In Proceedings of the 2007 IEEE Symposium on Security and Privacy (SP ‘07), Berkeley, CA, USA, 20–23 May 2007; pp. 222–227. [Google Scholar] [CrossRef]
- Li, J.; Bai, Y.; Zaman, N.A. fuzzy modeling approach for risk-based access control in eHealth cloud. In Proceedings of the 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Melbourne, VIC, Australia, 16–18 July 2013; pp. 17–23. [Google Scholar] [CrossRef]
- Ni, Q.; Bertino, E.; Lobo, J. Risk-based access control systems built on fuzzy inferences. In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, Beijing, China, 13 April 2010; pp. 250–260. [Google Scholar] [CrossRef]
- Khambhammettu, H.; Boulares, S.; Adi, K.; Logrippo, L. A framework for risk assessment in access control systems. Comput. Secur. 2013, 39, 86–103. [Google Scholar] [CrossRef]
- Shaikh, R.A.; Adi, K.; Logrippo, L. Dynamic risk-based decision methods for access control systems. Comput. Secur. 2014, 31, 447–464. [Google Scholar] [CrossRef]
- Rajbhandari, L.; Snekkenes, E.A. Using Game Theory to Analyse Risk to Privacy: An Initial Insight. IFIP Adv. Inf. Commun. Technol. 2010, 352, 41–51. [Google Scholar] [CrossRef] [Green Version]
- Sharma, M.; Bai, Y.; Chung, S.; Dai, L. Using risk in access control for cloud-assisted ehealth. In Proceedings of the 2012 IEEE 14th International Conference on High Performance Computing and Communication & 2012 IEEE 9th International Conference on Embedded Software and Systems, Liverpool, UK, 25–7 June 2012; pp. 1047–1052. [Google Scholar] [CrossRef]
- Diep, N.N.; Hung, L.X.; Zhung, Y.; Lee, S.; Lee, Y.K.; Lee, H. Enforcing access control using risk assessment. In Proceedings of the Fourth European Conference on Universal Multiservice Networks (ECUMN’07), Toulouse, France, 14–16 February 2007; pp. 419–424. [Google Scholar] [CrossRef] [Green Version]
- Ficco, M.; Esposito, C.; Xiang, Y.; Palmieri, F. Pseudo-Dynamic Testing of Realistic Edge-Fog Cloud Ecosystems. IEEE Commun. Mag. 2017, 55, 98–104. [Google Scholar] [CrossRef]
- Ahmadi, P.; Islam, K.; Maco, T.; Katam, M. A Survey on Internet of Things Security Issues and Applications. In Proceedings of the 2018 International Conference on Computational Science and Computational Intelligence (CSCI) 2018, Las Vegas, NV, USA, 12–14 December 2018. [Google Scholar] [CrossRef]
- Xu, X. Study on security problems and key technologies of the internet of things. In Proceedings of the 2013 International Conference on Computational and Information Sciences, Shiyang, China, 21–23 June 2013; pp. 407–410. [Google Scholar] [CrossRef]
- Babar, S.; Stango, A.; Prasad, N.; Sen, J.; Prasad, R. Proposed embedded security framework for Internet Things (IoT). In Proceedings of the International Conference on Wireless Communication, Vehicular Technology, Information Theory and Aerospace and Electronic Systems Technology (Wireless VITAE), Chennai, India, 28 February–3 March 2011. [Google Scholar] [CrossRef]
- Dos Santos, D.R.; Westphall, C.M.; Westphall, C.B. A dynamic risk-based access control architecture for cloud computing. In Proceedings of the 2014 IEEE Network Operations and Management Symposium (NOMS), Krakow, Poland, 5–9 May 2014. [Google Scholar] [CrossRef]
- Al-Zewairi, M.; Suleiman, D.; Shaout, A. Multilevel Fuzzy Inference System for Risk Adaptive Hybrid RFID Access Control System. In Proceedings of the 2016 Cybersecurity and Cyberforensics Conference (CCC), Amman, Jordan, 2–4 August 2016; pp. 1–7. [Google Scholar] [CrossRef]
- Lakshmi, H.; Namitha, S.; Seemanthini; Gopalan, S.; Sanjay, H.A.; Chandrashekaran, K.; Bhaskar, A. Risk based access control in cloud computing. In Proceedings of the 2015 International Conference on Green Computing and Internet of Things (ICGCIoT), Greater Noida, India, 8–10 October 2015. [Google Scholar] [CrossRef]
Level of Attacks | Types of Attacks | Countermeasures |
---|---|---|
Node-level attacks | Node capture attacks Node jamming Malicious code injection on node Physical damage of the node RF interferences and Eavesdropping False data injection attacks Replay attacks Crypt analysis attacks Sleep deprivation attacks | Device Authentication Data Confidentiality Data Integrity Secure booting by using low power cryptographic hash functions Data Anonymity Access Control Devices Physical barriers Monitoring devices |
Network-level attacks | Denial of Services (DoS) Spoofing attacks Sinkhole attacks Man-in-the-Middle attacks Routing information attacks Sybil attacks Unauthorised access RFID cloning Traffic analysis attacks | Network Authentication mechanisms Confidentiality and integrity of transmitted data Implementation of routing security Secure user data on devices by using encryption and cryptographic mechanisms |
Application-level attacks | Phishing attacks Malicious Virus/Worms Trojan horse Ransomware Spyware | Access control lists Firewalls Protective softwares Intrusion detection mechanisms Trust management |
Author(s) | Risk Estimation Technique | Risk Factors | Limitations |
---|---|---|---|
[16] | Risk Assessment | Outcomes of actions | Risk factors are limited and lack of adaptive approach |
[17] | Fuzzy MLS Model | Subject security level and object security level differences | History of user behaviour not used to predict the future |
[18] | Fuzzy Model | Data sensitivity, action severity, and user risk history | No clear risk estimation and lack of adaptive approach |
[19] | Fuzzy Interference | Object security level and subject security level | Inefficient fuzz inference and lack of adaptive method |
[20] | Risk Assessment | Object sensitivity, subject trust, and the difference between them | Past risk history not counted in the access control model |
[21] | Risk Assessment | History of reward and penalty points | No predictive risk technique used |
[22] | Game Theory | Access benefits of the subject | Risk factors are limited, and the adaptive approach not used |
[23] | Mathematics Functions | Data Sensitivity, action severity, and risk history | Lack of risk prediction method |
[24] | Risk Assessment | Outcomes of actions | Risk factors are limited and lack of risk prediction technique |
[25] | Mathematics Functions | Risk policies | Risk factors are limited and lack of prediction |
Techniques of Authentication | Descriptions |
---|---|
Username and password authentication |
|
MySQL authentication |
|
Redis authentication |
|
MongoDB authentication |
|
Input Type | Risk Values |
---|---|
User Action | RVA = 1 × 0.14 |
RVC = 1 × 0.13 | |
RVI = 0 × 0.13 | |
RVACI = 0.27 | |
Time | RVT = 0 × 0.11 |
Home Network | RVN = 0 × 0.11 |
Allowed/Blocked List | RVD = 0 × 0.11 |
Location | RVL = 0 × 0.11 |
Device Provenance | Device Past Risk = 0.3 |
RVPv 0.3 × 0.15 = 0.045 |
Case | Time | Network Type | Device Info | Location | Action | Past Risk | Risk Assessment Score | Fuzzy System Score |
---|---|---|---|---|---|---|---|---|
1 | 7 a.m.–3 p.m. | Public network | New device | Other location | Generate sensor data | 0.34 | 0.35 | 0.41 |
2 | 7 a.m.–3 p.m. | House network | Allowed list | Penang | Generate sensor data | 0.28 | 0.06 | 0.14 |
3 | 7 a.m.–3 p.m. | House network | Blacklisted device | Penang | Generate sensor data | 0.67 | 0.17 | 0.36 |
4 | 3.p m.–11 p.m. | Public network | Allowed list | Penang | Generate sensor data | 0.34 | 0.19 | 0.15 |
5 | 3 p.m.–11 p.m. | House network | Blacklisted device | Penang | Generate sensor data | 0.67 | 0.23 | 0.60 |
6 | 11 p.m.–7 a.m. | Public network | New device | Penang | Generate sensor data | 0.11 | 0.34 | 0.60 |
7 | 11 p.m.–7 a.m. | House network | Allowed list | Other location | Generate sensor data | 0.13 | 0.24 | 0.87 |
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Selvan, S.; Mahinderjit Singh, M. Adaptive Contextual Risk-Based Model to Tackle Confidentiality-Based Attacks in Fog-IoT Paradigm. Computers 2022, 11, 16. https://doi.org/10.3390/computers11020016
Selvan S, Mahinderjit Singh M. Adaptive Contextual Risk-Based Model to Tackle Confidentiality-Based Attacks in Fog-IoT Paradigm. Computers. 2022; 11(2):16. https://doi.org/10.3390/computers11020016
Chicago/Turabian StyleSelvan, Satiaseelan, and Manmeet Mahinderjit Singh. 2022. "Adaptive Contextual Risk-Based Model to Tackle Confidentiality-Based Attacks in Fog-IoT Paradigm" Computers 11, no. 2: 16. https://doi.org/10.3390/computers11020016
APA StyleSelvan, S., & Mahinderjit Singh, M. (2022). Adaptive Contextual Risk-Based Model to Tackle Confidentiality-Based Attacks in Fog-IoT Paradigm. Computers, 11(2), 16. https://doi.org/10.3390/computers11020016