Securing combined Fog-to-Cloud systems: challenges and directions

Nowadays, fog computing is emerged for providing computational power closer to the users. Fog computing brings real-time processing, lowlatency, geo-distributed and etc. Although, fog computing do not come to compete cloud computing, it comes to collaborate. Recently, Fog-To-Cloud (F2C) continuum system is introduced to provide hierarchical computing system and facilitates fog-cloud collaboration. This F2C continuum system might encounter security issues and challenges due to their hierarchical and distributed nature. In this paper, we analyze attacks in different layer of F2C system and identify most potential security requirements and challenges for the F2C continuum system. Finally, we introduce the most remarkable efforts and trends for bringing secure F2C system.This work is supported by the H2020 projects mF2C (730929). It is also supported by the Spanish Ministry of Economy and Competitiveness and the European Regional Development Fund both under contract RTI2018-094532-B-100.Peer ReviewedPostprint (author's final draft

Resource identification in fog-to-cloud systems: toward an identity management strategy

og-to-Cloud (F2C) is a novel paradigm aiming at extending the cloud computing capabilities to the edge of the network through the hierarchical and coordinated management of both, centralized cloud datacenters and distributed fog resources. It will allow all kinds of devices that are capable to connect to the F2C network to share its idle resources and access both, service provider and third parties’ resources to expand its own capabilities. However, despite the numerous advantages offered by the F2C model, such as the possibility of offloading delay-sensitive tasks to a nearby device and using the cloud infrastructure in the execution of resource-intensive tasks, the list of open challenges that needs to be addressed to have a deployable F2C system is pretty long. In this paper we focus on the resource identification challenge, proposing an identity management system (IDMS) solution that starts assigning identifiers (IDs) to the devices in the F2C network in a decentralized fashion using hashes and afterwards, manages the usage of those IDs applying a fragmentation technique. The obtained results during the validation phase show that our proposal not only meets the desired IDMS characteristics, but also that the fragmentation strategy is aligned with the constrained nature of the devices in the lowest tier of the network hierarchy.Peer ReviewedPostprint (author's final draft

Security architecture for Fog-To-Cloud continuum system

Nowadays, by increasing the number of connected devices to Internet rapidly, cloud computing cannot handle the real-time processing. Therefore, fog computing was emerged for providing data processing, filtering, aggregating, storing, network, and computing closer to the users. Fog computing provides real-time processing with lower latency than cloud. However, fog computing did not come to compete with cloud, it comes to complete the cloud. Therefore, a hierarchical Fog-to-Cloud (F2C) continuum system was introduced. The F2C system brings the collaboration between distributed fogs and centralized cloud. In F2C systems, one of the main challenges is security. Traditional cloud as security provider is not suitable for the F2C system due to be a single-point-of-failure; and even the increasing number of devices at the edge of the network brings scalability issues. Furthermore, traditional cloud security cannot be applied to the fog devices due to their lower computational power than cloud. On the other hand, considering fog nodes as security providers for the edge of the network brings Quality of Service (QoS) issues due to huge fog device’s computational power consumption by security algorithms. There are some security solutions for fog computing but they are not considering the hierarchical fog to cloud characteristics that can cause a no-secure collaboration between fog and cloud. In this thesis, the security considerations, attacks, challenges, requirements, and existing solutions are deeply analyzed and reviewed. And finally, a decoupled security architecture is proposed to provide the demanded security in hierarchical and distributed fashion with less impact on the QoS.Hoy en día, al aumentar rápidamente el número de dispositivos conectados a Internet, el cloud computing no puede gestionar el procesamiento en tiempo real. Por lo tanto, la informática de niebla surgió para proporcionar procesamiento de datos, filtrado, agregación, almacenamiento, red y computación más cercana a los usuarios. La computación nebulizada proporciona procesamiento en tiempo real con menor latencia que la nube. Sin embargo, la informática de niebla no llegó a competir con la nube, sino que viene a completar la nube. Por lo tanto, se introdujo un sistema continuo jerárquico de niebla a nube (F2C). El sistema F2C aporta la colaboración entre las nieblas distribuidas y la nube centralizada. En los sistemas F2C, uno de los principales retos es la seguridad. La nube tradicional como proveedor de seguridad no es adecuada para el sistema F2C debido a que se trata de un único punto de fallo; e incluso el creciente número de dispositivos en el borde de la red trae consigo problemas de escalabilidad. Además, la seguridad tradicional de la nube no se puede aplicar a los dispositivos de niebla debido a su menor poder computacional que la nube. Por otro lado, considerar los nodos de niebla como proveedores de seguridad para el borde de la red trae problemas de Calidad de Servicio (QoS) debido al enorme consumo de energía computacional del dispositivo de niebla por parte de los algoritmos de seguridad. Existen algunas soluciones de seguridad para la informática de niebla, pero no están considerando las características de niebla a nube jerárquica que pueden causar una colaboración insegura entre niebla y nube. En esta tesis, las consideraciones de seguridad, los ataques, los desafíos, los requisitos y las soluciones existentes se analizan y revisan en profundidad. Y finalmente, se propone una arquitectura de seguridad desacoplada para proporcionar la seguridad exigida de forma jerárquica y distribuida con menor impacto en la QoS.Postprint (published version

A resource identity management strategy for combined fog-to-cloud systems

Fog-to-Cloud (F2C) is an emerging architecture intended to manage the resources continuum from far datacenters up to the near edge, putting together the cloud and fog concepts. It aims to obtain both, an efficient utilization of the entire set of available resources and an optimal execution of highly demanding services, supported by the deployment of highly skilled IoT devices at the edge. Many research efforts are pushing for the creation of a widely accepted F2C framework architecture aimed at controlling and managing the resources integrating the F2C network in a hierarchical and distributed fashion. To that end however, many research challenges remain unsolved. This paper puts the focus on one of these challenges, particularly the identity management and proposes a novel strategy that, based on fragmenting the full resource identifier, uses portions of the full resource name to identify the resources in the network without losing the uniqueness property. The presented results show that by using fragments instead of the full identifier, the lookup time and database size in the F2C aggregator nodes are both notably reduced, what undoubtedly enables a fast resource identification.Postprint (published version

A resource identity management strategy for combined fog-to-cloud systems

Fog-to-Cloud (F2C) is an emerging architecture intended to manage the resources continuum from far datacenters up to the near edge, putting together the cloud and fog concepts. It aims to obtain both, an efficient utilization of the entire set of available resources and an optimal execution of highly demanding services, supported by the deployment of highly skilled IoT devices at the edge. Many research efforts are pushing for the creation of a widely accepted F2C framework architecture aimed at controlling and managing the resources integrating the F2C network in a hierarchical and distributed fashion. To that end however, many research challenges remain unsolved. This paper puts the focus on one of these challenges, particularly the identity management and proposes a novel strategy that, based on fragmenting the full resource identifier, uses portions of the full resource name to identify the resources in the network without losing the uniqueness property. The presented results show that by using fragments instead of the full identifier, the lookup time and database size in the F2C aggregator nodes are both notably reduced, what undoubtedly enables a fast resource identification