Security Mechanisms for fog cOmputinG
Spanish Ministry of Economy and Competitiveness (TIN2016-79095-C2-1-R)
At present, there are several interesting applications and use cases, such as outsourcing of mobile services, augmented reality systems, and several object interconnection systems (e.g., vehicular networks, cyber-physical systems) which require very specific attributes that are not provided by traditional centralized cloud services: low latency, access to local context information, and high scalability, among others. For this reason, a novel paradigm known as fog computing has emerged very recently. Fog computing is mainly based on the deployment of virtualization services on the network periphery: from Internet routers and 5G infrastructures to local servers. This allows the creation of an infrastructure that complements both the cloud infrastructure and the existing local infrastructures.
However, this semi-distributed nature of fog computing, alongside with other features such as the collaboration between entities and service/infrastructure providers, and the heterogeneity of devices and services, makes security in the context of fog computing a very complex issue that is difficult to solve; even more if we take into account the existence of attackers at all levels - from external adversaries to resources controlled by malicious users. In fact, currently, the security of fog computing has been considered in a limited and isolated manner only. On the one hand, it is necessary to protect the fog infrastructure itself, offering security services that enable secure communication between authorized items, protection of virtualized environments, and mechanisms to inspect and monitor the fog environment, among others. Moreover, it is also necessary to protect the interactions between users and their devices and the fog ecosystem, offering services that guarantee (through a contract) the outsourcing and the delegation of tasks, plus an adequate data management.
Beyond these risks, fog computing also offers a unique opportunity. The fog infrastructure itself can provide services, such as distributed decision making services through the use of cryptographic mechanisms, that can be used to support a trusted interaction between entities in a fog ecosystem. Furthermore, fog computing can be used as foundation for deploying security services (e.g., collaborative monitoring, positioning of safety and security information) that otherwise could not be used by user devices, and that could provide an added value in comparison with local security services.
It is in this context of the needs and opportunities of fog computing security where the SMOG project is framed. To consider all the aspects of fog security in a more efficient way, the project is divided into two subprojects: SMOG-CORE and SMOG-DEV. Thus, SMOG-CORE is responsible for analyzing and developing security services related to the fog infrastructure, while SMOG-DEV aims to develop security solutions in the interactions between user devices and the fog ecosystem. The synergy between the two subprojects will allow us to achieve a level of protection that not only will strengthen the robustness of the infrastructure, but will also allow service providers and users to have more control over their interactions with the fog. This result will prevent the fog to become a vulnerable and unreliable ecosystem--and, therefore, a failed paradigm.