Beruflich Dokumente
Kultur Dokumente
Chapter 1
INTRODUCTION
1.1 Introduction
In this era, Cloud computing is achieving popularity every day. The ease of use and
storage which is provided to users for personal and business purposes is increasing its
demand.
Although, cloud computing provides an environment through which managing and
accessing of data becomes easier but it have consequences such as data leakage, data theft,
insider attacks etc. Very common risks now days are data theft attacks. The Twitter incident
is one example of a data theft attack from the Cloud. Several Twitter corporate and personal
documents were ex-filtrated to technological website Tech Crunch and customers accounts,
including the account of U.S. President Barack Obama, were illegally accessed. The attacker
used a Twitter administrators password to gain access to Twitters corporate documents,
hosted on Googles infrastructure as Google Docs. The damage was significant both for
Twitter and for its customers.
Van Dijk and Juels have shown that fully homomorphic encryption, often acclaimed
as the solution to such threats, is not a sufficient data protection mechanism when used alone.
To resolve these issues a mechanism which can detect such malicious activities is required.
For this, Fog computing is paradigm which monitors the data and helps in detecting an
unauthorized access.
Cloud computing is a delivery platform which promises a new way of accessing and
storing personal as well as business information. Cloud computing refers to the practice of
transitioning computer services such as computation or data storage to multiple redundant
offsite locations available on the Internet, which allows application software to be operated
using internet-enabled devices.
In Existing data protection mechanisms such as encryption was failed in securing the
data from the attacker. It does not verify whether the user was authorized or not.
Cloud computing security does not focus on ways of secure the data from
unauthorized access.
In 2009 we have our own confidential documents in the cloud. This file does not have
much security. So, hacker gains access the documents. Twitter incident is one example of a
data theft attack in the Cloud.
1.3 Disadvantages
Nobody is identified when the attack is happen.
It is complex to detect which user is attack.
We cannot detect which file was hacking.
Cloud Computing Issue: Bandwidth
Transmitting and processing data requires bandwidth. The more data, the more
bandwidth is needed. Current cloud computing models cant keep up with the amount of
bandwidth that will be needed.
In this framework, each smart thing is attached to one of Fog devices. Fog devices
could be interconnected and each of them is linked to the Cloud. As Fog computing is
implemented at the edge of the network, it provides low latency, location awareness, and
improves quality-of-services (QoS) for streaming and real time applications. Typical
examples include industrial automation, transportation and networks of sensors and actuators.
The Fog paradigm is well positioned for real time big data analytics, supports densely
distributed data collection points, and provides advantages in entertainment, advertising,
personal computing and other applications.
The main Feature of Fog Computing is its ability to support applications that require
low latency, location awareness and mobility. This ability made possible by fact that fog
computing systems are developed closer to the End users in a widely disturbed manner.
Existing data protection mechanisms such as encryption was failed in securing the
data from the attackers. It does not verify whether the user was authorized or not. Cloud
computing security does not focus on ways of secure the data from unauthorized access.
Encryption does not provide much security to our data. In 2009 We have our own
confidential documents in the cloud. This files does not have much security. So, hacker gains
access the documents. Twitter incident is one example of a data theft attack in the Cloud.
Difficult to find the attacker. In 2010 and 2011 Cloud computing security was developed
against attackers. Finding of hackers in the cloud. Additionally, it shows that recent research
results that might be useful to protect data in the cloud.
We proposed a completely new technique to secure users data in cloud using user
behavior and decoy information technology called as Fog Computing. We use this techniques
to provide data security in the cloud . A different approach for securing data in the cloud
using offensive decoy technology. We monitor data access in the cloud and detect abnormal
data access patterns. In this technique when the unauthorized person try to access the data of
the real user the system generates the fake documents in such a way that the unauthorized
person was also not able to identify that the data is fake or real .It is identified thought a
question which is entered by the real user at the time of filling the sign up form. If the answer
of the question is wrong it means the user is not the real user and the system provide the fake
document else original documents will be provided by the system to the real user.
Chapter 2
LITERATURE REVIEW
Madsen.H and Albeanu [1]. G presented the challenges faced by current computing
paradigms and discussed how Fog computing platforms are feasible with cloud and are
reliable for real life projects. Fog computing is mainly done for the need of the geographical
distribution of resources instead of having a centralized one. A multi-tier architecture is
followed in Fog computing platforms. In first tire there is machine to machine
communication and the higher tiers deal with visualization and reporting. The higher tier is
represented by the Cloud. They said that building Fog computing projects are challenging.
Z. Jiang et al. [2] Discussed Fog computing architecture and further used it for
improving Web site's performance with the help of edge servers. They said that the emerging
architecture of Fog Computing is highly virtualized. They presented that their idea that the
Fog servers monitor the requests made by the users and keep a record of each request by
using the users IP address or MAC address.
Sabahi, F. [3] mentioned threats and response of cloud computing. He presented a
comparison of the benefits and risks of compromised security and privacy. In this paper he
has summarized reliability and availability related issues of cloud resources provided by the
trusted third party. He discussed about the most common attacks nowadays are Distributed
Denial of Service attacks. The solution to these attacks can be, cloud technology offering the
benefit of flexibility, with the ability to provide resources almost instantaneously as necessary
to avoid site shutdown . Considering all these requirements, this prototype is created which
includes two main steps: first is to create users and generate patterns of their different access
behaviors, next step is monitoring the user access patterns.
Salvatore J. Stoflio et al. [4] introduced a new technology known as Fog computing.
They implemented security by utilizing decoy information technology. They explained two
methods i.e. User behaviour profiling and Decoy. In User behaviour profiling they examined
how, when and how much amount of information a subscriber is accessing. They scanned
their subscribers activity to examine for any abnormality in the data access nature of the
subscriber. The second technique is decoy in which information which is bogus or we can say
fraud i.e., honey pots, honey files, etc. are utilized to confuse the intruder or malicious
intruder by representing the information in such a way that it appears real.
Madsen.H and Albeanu. G [5] showed the challenges faced by current computing
paradigms and explained how Fog computing platforms are viable with cloud and flexible for
real life projects. Fog computing is primarily performed for the requirement of the
geographical distribution of resources rather than having a centralized one. A multi-tier
architecture is adopted in Fog computing platforms. In first tire there is machine to machine
communication and the higher tiers handle visualization and reporting. The higher tier is
shown by the Cloud. They said that making Fog computing projects are challenging [5] but
there are algorithms and techniques exist that handle reliability and assure fault tolerance.
With their support such real life projects are possible.
Claycomb, W. R. (2012) [8] has featured a hierarchy of administrators within cloud
service suppliers and also provide examples of attacks from real insider attack cases. They
talked about how cloud architecture let intruders to breach the security. They have also
shown two extra cloud related insider risks: the insider who exploits a cloud-related
susceptibility to steal information from a cloud system, and the insider who utilizes cloud
systems to carry out an attack on users local resource. They specified the key challenges
faced by cloud suppliers and clients for protected their highly confidential data.
Park, Y. Et al. (2012) [9] formulated a method that was a software decoy for
protecting cloud data utilizing software. They introduced a software-based decoy system that
purposes to deceive insiders, to determine the ex-filtration of proprietary source code. The
system makes a Java code which seems as valuable information to the intruder. Further static
obfuscation method is utilized to create and transform original software. Bogus programs are
combined by software that is automatically transformed from actual source code, but
designed to be dissimilar to the original[9].This deception method confuses the insider and
also obfuscation supports the secure data by hiding it and making bogus information for
insider. Beacons are also inserted into the bogus software to determine the ex-filtration and to
build an alert if the decoy software is touched, compiled or executed.
Chapter 3
METHEDOLOGY
Applications that require very low and predictable latency the Cloud frees the user
from many implementation details, including the precise knowledge of where the
computation or storage takes place. This freedom from choice, welcome in many
circumstances becomes a liability when latency is at premium (gaming, video
conferencing).
Large-scale distributed control systems (smart grid, connected rail, smart traffic light
systems).
Chapter 4
SECURING CLOUDS WITH FOG
There are various ways to use cloud services to save or store files, documents and
media in remote services that can be accessed whenever user connect to the Internet. The
main problem in cloud is to maintain security for users data in way that guarantees only
authenticated users and no one else gain access to that data. The issue of providing security to
confidential information is core security problem, that it does not provide level of assurance
most people desire. There are various methods to secure remote data in cloud using standard
access control and encryption methods. It is good to say that all the standard approaches used
for providing security have been demonstrated to fail from time to time for a variety of
reasons, including faulty implementations, buggy code, insider attacks, mis-configured
services, and the creative construction of effective and sophisticated attacks not envisioned
by the implementers of security procedures. Building a secure and trustworthy cloud
computing environment is not enough, because attacks on data continue to happen, and when
they do, and information gets lost, there is no way to get it back. There is a need to get
solutions to such accidents. The basic idea is that we can limit the damage of stolen data if we
decrease the value of that stolen data to the attacker. We can achieve this through a
preventive decoy (disinformation) attack. We can secure Cloud services by implementing
given additional security features.
Chapter 5
IMPLEMENTING SECURITY FEATURES
Fig3.Decoy System
Fig4. states the actual working of the fog computing .In two ways login is done in
system that are admin login and user login .When admin login to the system there are again
two steps to follow: step1:Enter username step2:Enter the password . After successful login
of admin he can perform all admin related tasks, but while downloading any file from fog he
have to answer the security Question if he answer it correctly then only original file can be
download. In other case, when admin or user answer incorrectly to the security question then
decoy document (fake document) is provided to the fake user. Decoy technology work in the
given manner if you have any word ,suppose MADAM in the document then some
alphabets are replaced as M->A then the given word become AADAA which have no
meaning. In some Case, if attacker getting to know that M is replaced by A in the given
document and by applying reverse engineering he get result as MMDMM. In any case he
cant judge content of document.
When user login to the system he also have to follow the same procedure as admin.
Operations like upload files/documents, download files/documents, view alerts, send
message, read message, broadcast any message all these can be perform by the user. ALERT
this stream provide the detail knowledge of attack done on their personal file/document with
details like date, time, no of times the attacker trying to hack that file/document .Best thing of
fog Computing is after each successful login the user get SMS on the mobile that login
successful. from this the user get alert when other else trying to gain access to his/her
personal fog account and when attacker trying to download some files/documents then user
also get SMS that contain attacker ip-address, attackers server name, date, time details on
his/her mobile so that become easy to catch attacker by tracing all these things.
Chapter 6
APPLICATIONS
Connected car: Autonomous vehicle is the new trend taking place on the road. Tesla is
working on software to add automatic steering, enabling literal "hands free" operations of the
vehicle. Starting out with testing and releasing self-parking features that don't require a
person behind the wheel. Within 2017 all new cars on the road will have the capability to
connect to cars nearby and internet. Fog computing will be the best option for all internet
connected vehicles why because fog computing gives real time interaction. Cars, access point
and traffic lights will be able to interact with each other and so it makes safe for all. At some
point in time, the connected car will start saving lives by reducing automobile accidents.
Smart Grids: Smart grid is another application where fog computing is been used. Based on
demand for energy, its obtainability and low cost, these smart devices can switch to other
energies like solar and winds. The edge process the data collected by fog collectors and
generate control command to the actuators. The filtered data are consumed locally and the
balance to the higher tiers for visualization, real-time reports and transactional analytics. Fog
supports semi-permanent storage at the highest tier and momentary storage at the lowest tier.
Smart Traffic lights: Fog enables traffic signals to open lanes on sensing flashing lights of
the ambulance. It detects presence of pedestrian and bikers, and measures the distance and
speed of the close by vehicles. Sensor lighting turns on, on indentifying movements and vice-
versa. Smart lights serves as fog devices synchronize to send warning signals to the
approaching vehicles. The interactions between vehicle and access points are enhanced with
WiFi, 3G, road side units and smart traffic lights.
Wireless Sensor and Actuator Networks: Traditional wireless sensor networks fall short in
applications that go beyond sensing and tracking, but require actuators to exert physical
actions like opening, closing or even carrying sensors [2]. In this scenario, actuators serving
as Fog devices can control the measurement process itself, the stability and the oscillatory
behaviors by creating a closed-loop system.
Self Maintaining Train: Another application of fog computing is self maintaining trains. A
train ball-bearing monitoring sensor will sense the changes in the temperature level and any
disorder will automatically alert the train operator and make maintenance according to. Thus
we can avoid major disasters.
Smart Traffic Lights and Connected Vehicles: Video camera that senses an ambulance
flashing lights can automatically change street lights to open lanes for the vehicle to pass
through traffic. Smart street lights interact locally with sensors and detect presence of
pedestrian and bikers, and measure the distance and speed of approaching vehicles.
IoT and Cyber-physical systems (CPSs): Fog computing based systems are becoming an
important class of IoT and CPSs. Based on the traditional information carriers including
Internet and telecommunication network, IoT is a network that can interconnect ordinary
physical objects with identied address. CPSs feature a tight combination of the systems
computational and physical elements. CPSs also coordinate the integration of computer and
information centric physical and engineered systems.
IoT and CPSs promise to transform our world with new relationships between
computer-based control and communication systems, engineered systems and physical
reality. Fog computing in this scenario is built on the concepts of embedded systems in which
software programs and computers are embedded in devices for reasons other than
computation alone. Examples of the devices include toys, cars, medical devices and
machinery. The goal is to integrate the abstractions and precision of software and networking
with the dynamics, uncertainty and noise in the physical environment. Using the emerging
knowledge, principles and methods of CPSs, we will be able to develop new generations of
intelligent medical devices and systems, smart highways, buildings, factories, agricultural
and robotic systems
Chapter 7
CONCLUSION
In this position paper, we present an approach to securing personal and business data
in the Cloud. We propose monitoring data access patterns by profiling user behavior to
determine if and when a malicious insider illegitimately accesses someones documents in a
Cloud service. Decoy documents stored in the Cloud alongside the users real data also serve
as sensors to detect illegitimate access. Once unauthorized data access or exposure is
suspected, and later verified, with challenge questions for instance, we inundate the malicious
insider with bogus information in order to dilute the users real data. Such preventive attacks
that rely on disinformation technology could provide unprecedented levels of security in the
Cloud and in social networks.
REFERENCES
[1] Madsen, Henrik, et al. "Reliability in the utility computing era: Towards reliable Fog
computing." Systems, Signals and Image Processing (IWSSIP), 2013 20th International
Conference on. IEEE, 2013.
[2] Zhu, Jiang,Improving Web Sites Performance Using Edge Servers in Fog Computing
Architecture, Service Oriented System Engineering (SOSE), IEEE. 2013.
[3] Sabahi, F. Cloud computing security threats and responses, In Communication Software
and Networks (ICCSN), 2011 IEEE 3rd International Conference on 2011,pp. 245-249.
[4] Stolfo, Salvatore J., Malek Ben Salem, and Angelos D. Keromytis. "Fog computing:
Mitigating insider data theft attacks in the cloud." Security and Privacy Workshops (SPW),
2012 IEEE Symposium on. IEEE, 2012
[5] Madsen, Henrik, et al. "Reliability in the utility computing era: Towards reliable Fog
computing." Systems, Signals and Image Processing (IWSSIP), 2013 20th International
Conference on. IEEE, 2013
[6] C. Wei, Z. Fadlullah, N. Kato, and I. Stojmenovic, On optimally reducing power loss in
micro-grids with power storage devices, IEEE Journal of Selected Areas in
Communications, 2014 to appear.
[7] Bonomi, Flavio, et al. "Fog computing and its role in the internet of things." Proceedings
of the first edition of the MCC workshop on Mobile cloud computing. ACM, 2012, pp. 13-
16.
[8] Claycomb, W. R., & Nicoll, A. Insider Threats to Cloud Computing: Directions for New
Research Challenges, In Computer Software and Applications Conference (COMPSAC),
IEEE 36th Annual, July, pp. 387-394, 2012
[9] Park, Y., & Stolfo, S. J. Software decoys for insider threat, In Proceedings of the 7th
ACM Symposium on Information, Computer and Communications Security, May, pp. 93-94,
2013