Security architecture for Fog-To-Cloud continuum system

Nowadays, by increasing the number of connected devices to Internet rapidly, cloud computing cannot handle the real-time processing. Therefore, fog computing was emerged for providing data processing, filtering, aggregating, storing, network, and computing closer to the users. Fog computing provides real-time processing with lower latency than cloud. However, fog computing did not come to compete with cloud, it comes to complete the cloud. Therefore, a hierarchical Fog-to-Cloud (F2C) continuum system was introduced. The F2C system brings the collaboration between distributed fogs and centralized cloud. In F2C systems, one of the main challenges is security. Traditional cloud as security provider is not suitable for the F2C system due to be a single-point-of-failure; and even the increasing number of devices at the edge of the network brings scalability issues. Furthermore, traditional cloud security cannot be applied to the fog devices due to their lower computational power than cloud. On the other hand, considering fog nodes as security providers for the edge of the network brings Quality of Service (QoS) issues due to huge fog device’s computational power consumption by security algorithms. There are some security solutions for fog computing but they are not considering the hierarchical fog to cloud characteristics that can cause a no-secure collaboration between fog and cloud. In this thesis, the security considerations, attacks, challenges, requirements, and existing solutions are deeply analyzed and reviewed. And finally, a decoupled security architecture is proposed to provide the demanded security in hierarchical and distributed fashion with less impact on the QoS.Hoy en día, al aumentar rápidamente el número de dispositivos conectados a Internet, el cloud computing no puede gestionar el procesamiento en tiempo real. Por lo tanto, la informática de niebla surgió para proporcionar procesamiento de datos, filtrado, agregación, almacenamiento, red y computación más cercana a los usuarios. La computación nebulizada proporciona procesamiento en tiempo real con menor latencia que la nube. Sin embargo, la informática de niebla no llegó a competir con la nube, sino que viene a completar la nube. Por lo tanto, se introdujo un sistema continuo jerárquico de niebla a nube (F2C). El sistema F2C aporta la colaboración entre las nieblas distribuidas y la nube centralizada. En los sistemas F2C, uno de los principales retos es la seguridad. La nube tradicional como proveedor de seguridad no es adecuada para el sistema F2C debido a que se trata de un único punto de fallo; e incluso el creciente número de dispositivos en el borde de la red trae consigo problemas de escalabilidad. Además, la seguridad tradicional de la nube no se puede aplicar a los dispositivos de niebla debido a su menor poder computacional que la nube. Por otro lado, considerar los nodos de niebla como proveedores de seguridad para el borde de la red trae problemas de Calidad de Servicio (QoS) debido al enorme consumo de energía computacional del dispositivo de niebla por parte de los algoritmos de seguridad. Existen algunas soluciones de seguridad para la informática de niebla, pero no están considerando las características de niebla a nube jerárquica que pueden causar una colaboración insegura entre niebla y nube. En esta tesis, las consideraciones de seguridad, los ataques, los desafíos, los requisitos y las soluciones existentes se analizan y revisan en profundidad. Y finalmente, se propone una arquitectura de seguridad desacoplada para proporcionar la seguridad exigida de forma jerárquica y distribuida con menor impacto en la QoS.Postprint (published version

Video on Demand Streaming Using RL-based Edge Caching in 5G Networks

Edge caching can significantly improve the 5G networks' performance both in terms of delay and backhaul traffic. We use a reinforcement learning-based (RL-based) caching technique that can adapt to time-location-dependent popularity patterns for on-demand video contents. In a private 5G, we implement the proposed caching scheme as two virtual network functions (VNFs), edge and remote servers, and measure the cache hit ratio as a KPI. Combined with the HLS protocol, the proposed video-on-demand (VoD) streaming is a reliable and scalable service that can adapt to content popularity.Comment: 3 pages, 1 figure One page version of this paper has been accepted to 2022 IEEE Conference on Standards for Communications and Networking (CSCN) - Demo submission

Mobile Edge Vertical Applications Using ETSI MEC APIs and Sandbox

MEC Sandbox is an excellent tool that simulates wireless networks and deploys ETSI Multi-access Edge Computing (MEC) APIs on top of the simulated wireless network. In this demo, we consume these APIs using a decision engine (DE) to scale a video-on-demand (VoD) application located on the network edge, assuming that the average number of users is a good proxy of the demand. Specifically, the developed DE uses the ETSI MEC Location API and retrieves the number of users in a given zone. The DE then takes actions at the microservice scaling level and executes them through a custom-made Kubernetes-based OpenAPI.Comment: A one-page version of this paper is accepted in the 2022 IEEE Conference on Standards for Communications and Networking(CSCN)-Demo submission

SFDDM: a secure distributed database management in combined fog-to-cloud systems

© 2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.Technological revolutions have greatly increased the use of IoT devices for our daily life. Driving the fact that everything surrounding us is getting connected what turns into an unstoppable increase in the amount of data produced. This data represents the state of diverse environmental events and helps to control a large set of distinct activities. So, accurate and secure management of this data is essential for any computing platform. Moreover, in order to provide real-time services in a distributed system (i.e., smart city), the data should be properly and securely managed. It is well known that shifting these tasks to the edge (i.e., near to the end users), highly facilitates these two objectives. The recently proposed Fog-to-Cloud (F2C) model is intended to enable data processing near to the edge, which helps to get better latency-sensitive services. However, some challenges remain to accurately and securely manage this data over the system, mainly due to the distributed F2C nature. Thus, considering these facts and challenges, in this paper we propose an architectural solution aimed at building a secure distributed database for F2C systems. Then, considering a real-case scenario, we perform some tests to measure the performance of our proposing schema. Finally, by comparing the performance between traditional cloud, fog/edge based execution model and our proposing SFDDM, we validate the effectiveness of our proposing schema.This work has been supported by the Spanish Ministry of Science, Innovation and Universities and the European Regional Development Fund (FEDER) under contract RTI2018- 094532-B-I00, and by the H2020 European Union mF2C project with reference 730929.Peer ReviewedPostprint (author's final draft

Resource identification in fog-to-cloud systems: toward an identity management strategy

og-to-Cloud (F2C) is a novel paradigm aiming at extending the cloud computing capabilities to the edge of the network through the hierarchical and coordinated management of both, centralized cloud datacenters and distributed fog resources. It will allow all kinds of devices that are capable to connect to the F2C network to share its idle resources and access both, service provider and third parties’ resources to expand its own capabilities. However, despite the numerous advantages offered by the F2C model, such as the possibility of offloading delay-sensitive tasks to a nearby device and using the cloud infrastructure in the execution of resource-intensive tasks, the list of open challenges that needs to be addressed to have a deployable F2C system is pretty long. In this paper we focus on the resource identification challenge, proposing an identity management system (IDMS) solution that starts assigning identifiers (IDs) to the devices in the F2C network in a decentralized fashion using hashes and afterwards, manages the usage of those IDs applying a fragmentation technique. The obtained results during the validation phase show that our proposal not only meets the desired IDMS characteristics, but also that the fragmentation strategy is aligned with the constrained nature of the devices in the lowest tier of the network hierarchy.Peer ReviewedPostprint (author's final draft

Deploying fog-to-cloud towards a security architecture for critical infrastructure scenarios

Critical infrastructures are bringing security, and safety for people in terms of healthcare, water, electricity, industry, transportation, etc. The huge amount of data produced by CIs need to be aggregated, filtered, and stored. Cloud computing was merged into the CIs for utilizing cloud data centers as a pay-as-you-go online computing system for outsourcing services for data storage, filtering and aggregating. On the other hand, CIs need real-time processing for providing sophisticated services to people. Consequently, fog computing is merged into CIs aimed at providing services closer to the users, turning into a smooth real-time decision making and processing. When considering both, that is fog and cloud (for example, deploying the recently coined hierarchical fog-to-cloud F2C concept), new enriched features may be applied to the CIs. Security in CIs is one of the most essential challenges since any failure or attack can turn into a national wise disaster. Moreover, CIs also need to support quality of service (QoS) guarantees for users. Thus, bringing balanced QoS vs security is one of the main challenges for any CI infrastructure. In this paper, we illustrate the benefits of deploying an F2C system in CIs, particularly identifying specific F2C security requirements to be applied to CIs. Finally, we also introduce a decoupled security architecture specifically tailored to CIs that can bring security with reasonable QoS in terms of authentication and key distribution time delay.This work has been supported by the Spanish Ministry of Science, Innovation and Universities and the European Regional Development Fund (FEDER) under contract RTI2018-094532-B-I00, and by the H2020 European Union mF2C project with reference 730929.Peer ReviewedPostprint (author's final draft

Vertical-oriented 5G platform-as-a-service: user-generated content case study

5G realizes an impactful convergence, where Network Functions Virtualization (NFV) and cloud-native models become fundamental for profiting from the unprecedented capacity offered at the 5G Radio Access Network (RAN). For providing scalability and automation management over resources in 5G infrastructure, cloud-native and Platform as a service (PaaS) are proposed as solutions for paving the way for vertical applications in 5G. This paper leverages cloud-native models, PaaS, and virtual testbed instances to provide key platform provisioning and service life-cycle management features to a selected User Generated Content (UGC) scenario in multimedia applications. Specifically, this article and results show how service-level telemetry from a UGC cloud-native application is used to automatically scale system resources across the NFV infrastructure.Comment: Previous version of the paper is accepted in IEEE Future Networks World Forum (FNWF), Montreal, 202

An SDN-based architecture for security provisioning in Fog-to-Cloud (F2C) computing systems

The unstoppable adoption of cloud and fog computing is paving the way to developing innovative services, some requiring features not yet covered by either fog or cloud computing. Simultaneously, nowadays technology evolution is easing the monitoring of any kind of infrastructure, be it large or small, private or public, static or dynamic. The fog-to-cloud computing (F2C) paradigm recently came up to support foreseen and unforeseen services demands while simultaneously benefiting from the smart capacities of the edge devices. Inherited from cloud and fog computing, a challenging aspect in F2C is security provisioning. Unfortunately, security strategies employed by cloud computing require computation power not supported by devices at the edge of the network, whereas security strategies in fog are yet on their infancy. Put this way, in this paper we propose Software Defined Network (SDN)-based security management architecture based on a master/slave strategy. The proposed architecture is conceptually applied to a critical infrastructure (CI) scenario, thus analyzing the benefits F2C may bring for security provisioning in CIs.Peer ReviewedPostprint (published version

Accurate and Reliable Methods for 5G UAV Jamming Identification With Calibrated Uncertainty

Only increasing accuracy without considering uncertainty may negatively impact Deep Neural Network (DNN) decision-making and decrease its reliability. This paper proposes five combined preprocessing and post-processing methods for time-series binary classification problems that simultaneously increase the accuracy and reliability of DNN outputs applied in a 5G UAV security dataset. These techniques use DNN outputs as input parameters and process them in different ways. Two methods use a well-known Machine Learning (ML) algorithm as a complement, and the other three use only confidence values that the DNN estimates. We compare seven different metrics, such as the Expected Calibration Error (ECE), Maximum Calibration Error (MCE), Mean Confidence (MC), Mean Accuracy (MA), Normalized Negative Log Likelihood (NLL), Brier Score Loss (BSL), and Reliability Score (RS) and the tradeoffs between them to evaluate the proposed hybrid algorithms. First, we show that the eXtreme Gradient Boosting (XGB) classifier might not be reliable for binary classification under the conditions this work presents. Second, we demonstrate that at least one of the potential methods can achieve better results than the classification in the DNN softmax layer. Finally, we show that the prospective methods may improve accuracy and reliability with better uncertainty calibration based on the assumption that the RS determines the difference between MC and MA metrics, and this difference should be zero to increase reliability. For example, Method 3 presents the best RS of 0.65 even when compared to the XGB classifier, which achieves RS of 7.22.Comment: 6 pages, 4 figure

Towards an efficient key management and authentication strategy for combined fog-to-cloud continuum systems

© 2018 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes,creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.Fog-to-cloud systems have emerged as a novel concept intended to improve service performance by considering fog and cloud resources in a coordinated way. In such a heterogeneous scenario, security provisioning becomes necessary, hence novel security solutions must be designed to handle the highly distributed fog-to-cloud nature. In the security area, key distribution and authentication are referred to as two critical pillars for a successful security deployment. Unfortunately, traditional centralized key distribution and authentication approaches do not meet the particularities brought by a Fog-tocloud system due to its distributed nature. In this paper, we propose a novel distributed key management and authentication (DKMA) strategy to make Fog-to-cloud systems as secure as possible. The paper ends up presenting some results assessing the benefits of the proposed strategy in terms of traffic and delay reduction.Peer ReviewedPostprint (published version