Authentication, Access Control, Privacy, Threats and Trust Management Towards Securing Fog Computing Environments: A Review

To exploit the coverage of the searched literature in this work, we began by identifying the most used alternative words and synonyms in the research questionnaire. Therefore, we conducted our selection strategy based on our proposed taxonomy and Table I searching criteria. We first categorized the current research security issues and challenges for Fog computing into six categories: 1. Trust, 2. Privacy, 3. Authentication, 4. Access-Control, 5. Threats and Attacks, 6. Security Audit. We also looked into the security issues and solutions of other areas such as cloud, edge computing, and blockchain which could suit the Fog computing environment. In order to focus on the most relevant articles based on the aims of our research, we also constructed different search strings using Boolean AND and OR operators. Then, we conducted a manual search (Fog computing security issue or privacy and security issue in Fog computing), using different search engines such as Google, Bing, Baidu etc. in the area of cloud, Fog computing security based on the search criteria in Table I. The same approach was applied in renowned scientific research databases such as Google Scholar, ACM Digital Library, IEEE Xplore, Springer, Science Direct and ResearchGate. Fig. 2 presents our paper selection approach. We used the tool Mendeley and Google Scholar to manage citations from all extracted articles. We conducted our paper selection and evaluation based on the various criteria as shown in Table I.

After the initial exploration using several search strings from the sources above, we found almost 220 relevant papers and articles. After searching, filtering, inclusion and exclusion reviews, 127 articles were matched from the first filtration. With respect to our taxonomy, we have separated all these papers into various partitions.

This work is going to answer the following research questions:

1. Q1

   What are the different security issues in Fog which need further investigation?

2. Q2

   What are the all security aspects of Fog and how to categorize them?

3. Q3

   How current research works addressed Fog security concerns? What are the other possible solution and what security concerns need attention to the research community?

Section II to IV are answering our first two research question. The third research question is answered by section IV, V and VI.

Although Fog computing is vulnerable to any sort of illegitimate entity, it is important to ensure an effective and secure trust model that is compatible with trust computation in Fog computing.

While trust is classified amongst the imperative security requirements in Fog, there is quite a limited range of studies in the field. Most of the studies have just concentrated on the field of cloud computing.

Till now, there is no strongly recommended trust model for Fog computing, but we can enumerate already existing trust models from IoT and cloud computing. In this section, we are going to discuss a few renowned trust models which are competent for Fog computing.

• •

  Reputation-based: The reputation-based trust model [49] is broadly applied in peer-to-peer (P2P), e-commerce services, social media, and user reviews. Occasionally, the fame of a service provider is beneficial to select amongst diverse service providers. Damiani et al. [50] demonstrated a reputation system model for P2P networks by applying a distributed polling algorithm to evaluate the consistency of the model. As this model sturdily relies on a general view, it is not appropriate in Fog computing as the nature of the end devices is dynamic. Moreover, Abhijit et al. [51] introduced a trust-based model to provide application layer security that can deal with the issues of user privacy, integrity and authentication. Hence, it will function as a trust-related safeguard in the Fog ecosystem for IoT related applications.

• •

  Plausibility-based: Soleymani et al. [52] proposed an experienced and plausibility-based fuzzy trust model to secure a vehicular network. In a vehicular network application, it is significant to establish a trust to keep integrity and reliability. Hence, in vehicular environments, a secure trust model can handle the uncertainty and risks originating from defective information. Eventually, there are also several trusted models [7] regarding special hardware.

• •

  Trusted execution environment (TEE): TEE is an isolated environment, which guarantees the confidentiality and integrity of code and data by executing in the secure area inside a processor.

• •

  Secure element (SE): SE stores sensitive information securely and run the apps in a microprocessor chip to protect the data and application from malware attacks.

• •

  Trusted platform module (TPM): TPM stores the host identification key pairs, which are used for hardware authentication inside a specialized chip. The data inside this chip cannot be accessed by software.

In Fog computing, while Fog nodes and clients are communicating with each other, they must establish a connection with greater trust value in the Fog network. For Fog nodes and clients, the highly trusted nodes and clients will be selected and accepted frequently rather than Fog nodes and clients with lower trust. It helps to speed up the overall performance of the Fog network [46]. Malicious intruders will impersonate their nodes as highly trusted nodes, so that, they can gain the possibility of compromising a network. In this segment we are going to define several types of attacks which might occur in the Fog network:

• •

  Self-promotion attack (SPA): in SPA attack, the malicious Fog nodes increase their trust values to impersonate themselves as the highest trusted nodes.

• •

  Bad-mouthing attack (BMA): this attack works by spreading fictitious information. Several malicious Fog nodes work together to provide depraved suggestions about a decent Fog node, which will damage the fame of those nodes. This is a form of a collision attack, and it happens when numerous malicious nodes come together to spread false information.

• •

  Ballot-stuffing attack (BSA): this attack is similar to the collusion attack, where a malicious node transfers decent suggestion regarding another wicked node to raise the fame of the malicious nodes.

• •

  Opportunistic service attacks (OSA): after assuming that the fame has been lowered down by the Fog node, it can achieve a great service to retrieve its reputation.

• •

  On-off attack (OOA): A malicious Fog node can provide bad and good services simultaneously to avoid being rated as a low trusted node. The OOA attacker can also behave differently with different neighbors to achieve an inconsistent trust opinion of the same node.

In accordance with the study above and based on different issues, we have illustrated, a summary table on the existing related research works related to trust issues are shown in Table V.

Fog computing is used to work with sensitive information which is generated from several sources. For securing these types of sensitive information, privacy is one of the most significant problems in Fog computing. There are lots of privacy issues that arise in the Fog environment. In the following section, we are going to describe Fog computing privacy issues from a different perspective:

• •

  Users Privacy: usually Fog computing consists of a large collection of IoT enabled devices which are connected through sensor or wireless network. Therefore, IoT devices are used to generate sensitive data at the user level and upload it to Fog nodes for further processing. Sensitive data such as personal data, home-automated data, business data, health data, etc. By analyzing all this sensitive information, an intruder can reveal a lot about a user’s personal data and gain adequate knowledge.

• •

  Data Privacy: as we already know that, Fog node works at the edge plane of the network and it generally collects sensitive data that is generated by various sensing and end-user devices. Hence, Fog nodes are managed by third parties. So, when all the unprocessed data are being aggregated in the Fog layer, there might be a chance to (compromise, alter, miss-match, etc) the data. Under such circumstances, we need to indemnify the privacy of these data. Usually, Fog nodes send requests to the end-users to send their private data to them, in order to further process it, store it temporarily, and finally, send data to the cloud for permanent storage. Therefore, users will not have control over the data where all the access and control will be transferred to the Fog or cloud service providers. Under such circumstances, service providers or malicious insiders can manipulate the stored data. This signifies a privacy issue to the user’s data.

• •

  Usage Privacy: this privacy issue arises when a Fog client can avail of the required Fog services. For example, in a smart grid system, the reading of the smart meter reveals masses of information of a smart-house such as at the TV on and off time or when the home is vacant, which certainly brings privacy breaches for users [58].

• •

  Network Privacy: wireless connectivity is comprehensive under the control of IoT as well as other edge devices in a Fog computing environment. It is a big matter of concern, as wireless connectivity is prone to network privacy attacks. The maintenance cost is correlated with the Fog nodes as it is positioned at the edge of the Internet, where network configurations are established manually [7]. The breaches private data which is an important issue while using Fog networks. The end-users share resources which contribute to Fog processing. Due to this, information that is more sensitive is collected by the Fog network as compared to a remote cloud. To overcome these issues, an encryption scheme like HAN (Home-Area Network) might be useful.

• •

  Location Privacy: in the Fog environment, the location privacy denotes to the protective techniques for breaches related to the client’s location. While the client uploads its responsibilities to the closest node, the uploaded node can assume that the client is contiguous and far away from other Fog processing devices. Therefore, if a client in the Fog environment uses multiple Fog application services from multiple locations, it may reveal its track directly to the Fog nodes, to avoid collision amongst the Fog nodes. As Fog nodes are vulnerable to potential attacks, It is easy to compromise the privacy by having the location credentials of the Fog clients. If the Fog clients are attached to an object or a person, then the location privacy is at risk. Whenever a Fog client frequently selects its closest Fog node, the node can certainly identify if the client is using the resources residing nearby.

In Fog computing, it is used to collect and process user personal data which is desirable. So, it is evident that a proper privacy-preserving and security mechanism is required to cope up with the Fog computing environment. As we know, Fog computing consists of various devices that are connected to IoT as well as Cloud. So, we should apply privacy-preserving techniques between cloud and Fog to maintain data privacy because both Fog and cloud devices are resourceful and have adequate storage and power. On the contrary, IoT devices have limited resources. So, it’s a difficult task to implement privacy-preserving techniques between the Fog and IoT devices. It is significant because the users and users’ may be concerned about their data which is sensitive [59]. Different privacy preservation techniques, methods and schemes are proposed across many scenarios, including cloud [60], wireless network [61], smart grid [62], health-care systems [63], and online social network [64].

• •

  Homomorphic encryption: There is a method for privacy- preservation, which is homomorphic encryption (it is a method for operating encrypted data without decrypting it), that can be implemented to retain the privacy of transmitted data without decryption across local gateways [32].

• •

  Differential privacy [65]: is to assure the privacy of random individual entries in the statistical data set. Although its computational overhead for such function is a big issue in Fog computing, it needs to be assiduous about the efficiency of the method.

• •

  Identity obfuscation: There is a renowned technique called identity obfuscation technique [66], where the Fog node is able to recognize the Fog client is close by, but it cannot recognize the Fog client. As such, identity obfuscation is a technique for preserving location privacy, as it has many methods inwardly. There is an elementary method to preserve the location privacy of the Fog client, whereby this client is allowed to upload the data between diversified Fog nodes. This method is not efficient, because it would waste Fog resources and enhance the latency. As we already know, the Fog client can choose its nearby Fog node to upload its data, so the Fog node is able to identify that the Fog client is residing nearby, which helps to get the Fog client’s location credentials.

• •

  Trusted third party: Wei et al.  [66] demonstrated a method, where a trusted third party (TTP) generated a fraudulent ID for each Fog client. As a matter of fact, it is not necessary that the Fog client has to choose a node which is nearby, in spite of that it can choose any nodes on the basis of a stipulated set of criteria such that the reputation, latency or load balancing is not affected. In this scenario, the Fog node can recognize the Fog client’s rough location but cannot detect it exactly. In addition, there could be a scenario whereby a Fog client uses resources from multiple Fog nodes or the location of the client can be squeezed into a small region. As such, the location of the client must be within the coverage of several Fog nodes. According to the described scenario, the authors [67], used a method to preserve location privacy.

• •

  Data partitioning: Another probable method could be effective for preserving user privacy by partitioning the data into multiple Fog nodes. The usage pattern is another privacy concern when clients are using Fog services. In this scenario, privacy-preservation techniques have been suggested in smart metering [68, 62], but we cannot apply these mechanisms in Fog computing directly, because there is no TTP (i.e., smart meters in the smart grid) or no backup device. The Fogging device can accumulate the list of tasks for user usage. The creation of bogus tasks by the clients and uploading them to multiple nodes is one possible solution while hiding actual tasks from the bogus ones. However, this solution may not be operational as it raises the client’s expense and wastes resources.

According to the discussion above and based on different criteria for privacy-preservation, it has summarized into the Table VI.

The authentication factor refers to attributes or data that can be considered to authenticate user access to a system. A legacy security system has a few authentication factors such as the knowledge factor, which is something users know, the possession factor which is something a user has and the inherent factor which is something the user is. In recent years, other authentication factors have been added - location factor and time factor, along with the old authentication factor which are as follows:

• •

  Knowledge Factor: the knowledge factor is any credentials that consist of information that the user holds, such as Username, Password, Personal Identification Number (PIN) and answers to the secret questions [75].

• •

  Authority Factor: the authority factor would be any credentials that the user can own and carry with them, such as hardware devices like a mobile phone or a security token.

• •

  Inherent Factor: the inherent factor is generally based on biometric identification (fingerprints, facial, retina).

• •

  Location Factor: the location factor itself cannot usually refer to authentication, but it can be used with other factors. For example, a legitimate user normally can access a system from home or office in any organization’s home country. An attacker will try to access that system from a remote geographical location. With the help of a location factor, the system can prevent illegitimate user authentication into a system or network.

• •

  Time factor: similar to the location factor, the time factor can be used as a supplement with other factors. It can be used together with the location factor. For example, an authorized user can have access to a system in a specific time period in an organization’s home country. On the other hand, an illegitimate user tries to access that system from a remote geographical location of another country. Therefore, the authentication would be rejected based on the time and location factor.

• •

  Lack of Transparency: The existence of SLA between a Fog or cloud service and an end users is a vital issue in order to establish trust. Although many SLAs have clearly defined the privacy over the user’s sensitive data, users are unable to trust them in how the data is being governed. Hence, the SLA verification gets limited when the service is being directly used in the Fog layer by the end users and a small organization, which should be monitored by a licensed third-party through SLA verification. There might be a lack of transparency that permits the users to monitor their own data in the Fog or cloud system.

• •

  Real-time Interaction: Fog nodes and end users interact with a huge number of devices simultaneously. Different services needs different authentication mechanisms where if the process takes a huge time to authenticate, it would be a challenging task with respect to real-time interaction.

• •

  Latency and Scalability: In accordance with the rapid growth of user devices and services, it is an ambitious task to guarantee the efficiency of the authentication mechanism. Whenever the latency of the authentication process is high and incompatible with the service, scalability is a big concern.

• •

  The scope of Exploitation: In the context of Fog or cloud system, there is a diversified authentication mechanism for various services. These authentication methods can be compromised or exploited by the attacker and the attacker can appear to have gained administrative level access due to the deficiency in the authentication mechanism. There might be a chance to breach the security of data, devices as well as the Fog network system.

Generally, users need to use various services simultaneously. Therefore, they need to use different authentication methods for different services where the performance of the authentication methods are different in the context of latency, efficiency and scalability. On the other hand, the user faces lots of difficulties to maintain access credentials for multiple services. Authentication is the most significant issue for the security and privacy of Fog computing. An authentication mechanism that is not secure might cause harm for the cloud, Fog and end user’s devices, which is one of the main security concerns for Fog computing  [76] as well. Therefore, different authentication techniques have been proposed for elevating security mechanisms in the Fog or cloud computing, but each authentication method has come up with its own dominance and limitations. In this subsection, a few traditional authentication techniques and their limitations as well as drawbacks according to the Fog environment has been described. We also described a few proposed solutions which meets with the Fog computing criteria.

• •

  Password Based Authentication: In password authentication, the user must first give a password for every service, and the system administrator must keep track of all usernames and passwords on the server. Password Authentication is performed by accepting a key and password for allowing a user into local and remote systems. Password authentication can be categorized depending on its strength as weak authentication, stronger authentication, and inconvenient authentication [77]. Therefore, password-based authentication has several applications and it is deployed in cloud computing [78] [79] [80], but it will face numerous drawbacks and limitations when it is considered for Fog computing:

  • –

    It takes an extensive computation to process. it’s challenging due to the limited end device resources.

  • –

    In the Fog network, end users frequently communicate with various Fog nodes from different Fog environment. Therefore, it is inappropriate to keep a password for each Fog node. In addition, it is not a good concept to set the most used password for each Fog node.

  • –

    – Usually, a password does not provide high security because of numerous attacks [81], for example, vulnerability to off-line dictionary attacks.

• •

  PKI Based Authentication: public key infrastructure (PKI) based authentication creates and upholds a reliable networking environment by offering certificate and key management services that permit encryption and digital signature abilities between applications all in a way that is transparent and easy to use. PKI offers confidentiality, authentication, integrity (CIA) and non-repudiation of the exchanged messages. In [12], the authors described security issues and focused on authentication issues at various levels of the Fog computing environment. Therefore, the traditional PKI-based authentication scheme is not effective in the context of Fog computing due to the poor scalability. In addition, the allocation of public keys can be weighty due to the enormous scale of Fog nodes and end users. Another drawback is that, if the private keys cannot be well preserved, the security will be ruined.

On the other hand, the Diffie-Hellman [82] key exchange based authentication scheme is not compatible with the Fog environment due to its slow and extensive computations.

Balfanz et al. [83] demonstrated a user-friendly, cheap and secure method to resolve the authentication issue for a wireless networks based on pre-authentication of location-limited channel. Likewise, Nearfield communication (NFC) is used in Cloudlet to simplify the authentication process [84]. Ibrahim et el. [85] proposed a secure mutual authentication method for the Fog environment, that allows authenticating any Fog user with the Fog nodes mutually in the Fog network. The authors [86] proposed a method based on the multi-Tier authentication scheme to Secure Login in Fog Computing. The authors [87] mentioned that Advance Encryption Standard (AES) is a compatible encryption algorithm for the Fog computing environment as it needs low hardware resources and fewer computations. The authors [76] demonstrated that the end user devices can initiate spoofing attacks and are prone to data tampering which can be preserved with the aid of PKI, DiffeHellman key exchange and monitoring by Intrusion detection techniques. Finally, the authors adviced that the chances of such attacks can be prevented by deploying a secure authentication mechanism between the Fog platform and the end users.

• •

  Biometric Authentication: is a technique of user identity verification based on various biological inputs through scanning or analysis of some parts of the body. Biometric scanners scanning a user’s physical biometric characteristics such as fingerprint, voice recognition, iris scan, face recognition, etc. Generally, biometric authentication takes place to manage access to digital or physical resources. Biometric authentication is an upcoming technology and is already rapidly deployed in mobile computing as well as cloud computing using fingerprint authentication, face authentication, keystroke-based authentication or touch-based authentication [7]. On the other hand, biometric authentication techniques comparatively take a huge execution time and its security level remains constrained when high-level security is required [85]. Therefore, in accordance with the Fog computing environment, applying biometric-based authentication techniques would be a suitable solution. Although still, it has a lot of limitations and drawbacks - it takes more computational time during the process of execution and it provides constrained levels of security when high-level security is required. Therefore, to consider biometric based authentication for Fog computing is still a research issue [7].

In accordance with the study above, and based on different issues of authentication, this has been summarized in Table VII.

Access control is the best methods to achieve preservation within the networks, devices and systems. While it helps user’s admittance in the system, access control also supports efficient data protection from various kinds of adversaries. Conventionally, access control models (ACM) are categorized [96] into the following forms.

• •

  Discretionary access control (DAC): the object’s owner elects access permissions to others. These models are typically used in traditional applications of cloud and suffers from significant overhead costs in managing the multi-user environment. The second category abstract requires the need of resource-user mapping. So, compared to DAC models, this model is more flexible for distributed systems.

• •

  Mandatory access control (MAC): The MAC models use multi-level security systems. Here, the administrator of the system decides who has access to the system. In a multi-level MAC model, both objects and subjects are recognized with a security level classification (i.e. top secret, secret, classified, and unclassified). The nature of Fog/cloud computing is outsourced, hence there is a need to focus on access control models which can be effectively applied in this computing environment.

• •

  Role Based Model (RBAC): Designing a model for access control is a rudimentary challenge in a large scale to secure mobile distributed applications and database systems as there is a need to provide dynamic privileges for checking systems in the environment. RBAC is a fined grain model that offers more benefits compared to previous models [97], such as regulating the user’s access to applications and resources by identifying the activities and the roles of users in the system [98]. RBAC authorizes the subject based on their responsibilities and roles of individual users within the Fog-cloud computing environment [99] [96] [95] [100]. Roles may vary from subject (user) to subject (user). That means in this model, the responsibility of a subject is more vital than the subject itself [101, 99].

  Limitations and Drawbacks of the RBAC Model:

  • –

    The RBAC model had been developed for allocating user permissions statically.

  • –

    It does not consider contextual information (e.g. location, time, device constrains) and dynamic/random behavior of users.

  • –

    It cannot cope with dynamic segregation of duties.

  • –

    – It is coarse-grained. If you have a role called administrator, then you would assign the administrator role permission to “View employee record” (i.e it has permissions to see all the records of employed) which denotes as an expansion of the role.

  • –

    It ignores meta-data of resources e.g. employee owners record.

  • –

    It is hard to manage and maintain within a large administrative domain.

  • –

    Access reviews are painful, error-prone and lengthy.

  • –

    Permissions accompanying each role change or delete is based on the change of the role.

  Therefore, RBAC in Fog, should ensure quicker granting access permissions and minimize the above-mentioned limitations and drawbacks.

• •

  Attribute-based Access Control (ABAC): This model is one of the latest methods of managing authorization. It is a talented alternative to conventional access control techniques and has attracted consideration from both academia and the industry. Comparatively, recent developments of ABAC still leaves several unknown difficulties such as delegation, administration, auditability and scalability.

• •

  Attribute Based Encryption (ABE): This model is an encryption-based Access Control model and best suits access control problems in the Fog-cloud environment. The Attribute-Based Encryption(ABE) [102] method categorized into two types. firstly, the encryption is based on the key policy which is known as key policy attribute based encryption (KP-ABE) [103] and secondly, the encryption is based on Cipher-text policy which is known as Cipher-text policy Attribute-based Encryption (CP-ABE) [104].

  This model can preserve data privacy and enable data owners to define a desirable set of policies directly [95].

  • –

    Key Policy Attribute-based Encryption (KP-ABE): Goyal et al. [103] proposed KP-ABE in the year 2006, based on the classical ABE model and uses one of many communications. This technique achieves fine-grained access control with higher elasticity to control individuals compared to the traditional scheme [97].

  • –

    Cipher-text Policy Attribute-based Encryption (CP-ABE): CP-ABE [104] was introduced as another alternative form of ABE. CP-ABE can provide fine-grained and reliable access control for cloud storage environment that is not trust worthy. Users can access data only if their attributes match the access policies associated with the data. CP-ABE works in a reverse compared to KP-ABE. In this, the key generated is attribute user set, where the cipher text is fixed by access policy [97]. However, CPABE has two main drawbacks [105]: policies are not explained using standard languages and it cannot support non-monotonic policies.

  Architecture of ABE : The architecture of the ABE method is categorized as centralized and decentralized as well as hierarchical [100].

  • –

    Centralized: In a centralized architecture, the keys will be served by a central authority center for the users.

  • –

    Decentralized: In a decentralized architecture, the information will be shared by multi-authorized authorities based on the policies of various organizations.

  • –

    Hierarchical: In hierarchical architecture, the scalability and flexibility is enhanced and assists the features of one-to-many encryption for the users.

  Revocation Types of ABE: The revocation types are categorized into two types: attribute revocation and user revocation.

  • –

    Attribute Revocation (AR): by using the AR mechanism, the attribute from the user’s attributes list will be removed by the revocation controller unit.

  • –

    User Revocation (UR): by using the UR mechanism, a user restricts data access via the revocation controller unit.

  Revocation Method: There are various revocation methods to revoke a user and attributes using the ABE method. Proxy re-encryption, time re-keying, an update key, lazy revocation and LSSS matrix are the primary revocation methods.

  Revocation Issue: Deploying the ABE method in cloud storage systems to control data access brings about forward and backward revocation issues.

  Revocation Controller: The revocation controller is someone who is designated to execute the user or the attribute revocation method. In general, the owner of data revokes the attributes or the user but the data owner is able to confer the revocation duties to the server or the authorized entity.

  Limitations and Drawbacks of ABE Based Model: : As we mentioned before, Fog computing extends cloud and the functionalities as well as the requirements of Fog computing, which are unique. So, the access control structure of cloud computing is not able to directly meet the requirements of Fog computing. However, researchers [76] [106] recommended that ABE techniques suits Fog computing, but still needs to improve and meet some criteria such as fine-grained, cryptographically enforces, latency and policy management problems which needs to be re-thought and considered for further research. Although the end device or user device in Fog computing is constrained resources. Therefore, there is no need for deploying data encryption-decryption and access control mechanisms at the user level. Because the Fog devices are resourceful and used close to the end-user devices. Based on these circumstances, outsourcing access control methods would be the more appropriate solution for Fog computing. On the other hand, as we know already, Fog computing consists of a dynamic environment. Therefore, the ABE-based access control should support creating, updating, and revoking the user attributes and access structures with the management of the access policies according to the dynamic behavior of Fog computing [95].

To establish and ensure secure and efficient access control, policies must ensure confidentiality, accountability and integrity. However, due to the nature of the Fog computing environment, one should consider a few things to build a secure and strong Access Control (AC) [95] [107] which are as follows:

• •

  Computation and Communication Latency: it indicates how long it takes for a single packet to travel from one designated node to another node. The sender considers sometimes latency as the time for sending a packet and getting an acknowledgement from the sender, where the round-trip time is taken as latency. As Fog computing is renowned for its faster accessibility, we need to ensure low-latency for providing smooth services to the end users. We can indemnify the low-latency during processing time so that the access decision can transpire within a reasonable time.

• •

  Efficiency: efficiency is also correlated to latency. In Fog computing, there are two types of devices e.g. resource rich (Smart Power Grid, Smart City, Smart Transportation System, E-Health etc.) and resource constrained (mobile phone, smart-watch, smart-glass, etc.). The proper implementation of Access Control System in Fog computing is still a challenging issue because of it’s low efficiency. If the low efficiency occurs in a continuous manner, it can result in undesirable latency, which can affects the other parts of the network.

• •

  Generality: with the distinction of hardware and software, we need to generalize all the systems and services of Fog computing.

• •

  Data Aggregation: in Fog computing, users are geo-spatially distributed where Fog devices are used to collect data from user devices. Therefore, it is necessary to accumulate all Fog devices closer to the end users for reducing latency. The data generated from user devices will be meaningful or meaningless but it should be handled intelligently and evenly. During the whole aggregation process, authority changes are a critical issue for data access control.

• •

  Privacy Desecration: as it is possible to exchange data between one domain to another domain, administration of the decentralized architecture of Fog computing leads us to protect the privacy of data through Fog access control. So, it becomes a critical requirement to protect the user’s data privacy.

• •

  Network Availability: in Fog computing, network availability must be defined in such a way that when there is an issue of network unavailability, access control can also deliver the predefined level of functionality.

• •

  Context Awareness: when multiple operations like capturing, transferring, processing and storing are running, access control decisions should be managed competently to support all the contextual information (e.g. health condition, weather condition, temperature, time, traffic condition, etc.) [81].

• •

  Scalability: scalability is to facilitate the services according to the needs of the end users. In access control, scalability will provide the services that can grow or shrink according to the end user’s level of capacity. For scalability, the CloudPolice [108] have proposed a distributed solution, in which hypervisors are responsible for the communication with each other to install access control states.

• •

  Resource Restriction/Constraints: in Fog computing, the user or the edge resources are limited. So, it becomes tough to implement access control for Fog computing.

• •

  Policy Management: it is an integral part of Fog computing architecture. So, the access control model needs to be capable to support creating, invoking, releasing, and deleting policy management. Dsouza et al. [89] developed a policy-driven security management framework, which is capable to support secure communication and resource sharing in the Fog environment.

• •

  Accountability: in Fog computing, it is significant to keep track of the suspicious activities of intruders. These tracks keeping should be handled intuitively across the administrative domains.

: In the Fog computing arena, for defining access control system the contextual domains are 1. Fog to Edge, 2. Fog to Fog, 3. Fog to Cloud. While edge devices are communicating and sending data to Fog devices during the time that the Fog device uses to process all the data in such a way, so that, if the necessity arises, it can send all the processed data to the nearest Fog devices. When the issues for storing data arise permanently, Fog devices are able to send all the data to a data warehouse or cloud storage. Therefore, process/store identity and access data in the Fog/cloud computing by first ensuring secure Fog/cloud access control. Ensuring access control in the cloud/Fog environment is a crucial technique to enhances the user security. In this scenario, end-user/data privacy, faster communication and computation, network and communication security, etc. Such requirements shall be applied for the above-mentioned domains to enable the proper access control system. For this, all the primordial access control models are being advanced accordingly.

In accordance with the above study, and based on different access control method, it has been summarized into Table VIII.

• •

  Rogue Fog Node: Rouge Fog node is a one type of Fog device in Fog computing environment which presents itself as a legitimate node and persuades end users to connect with it. It may happen in such a scenario, when a Fog administrator instantiates an insider attack, to identify the rogue Fog node or legitimate Fog node. Stojmenovic et al. [12] have proven that the data can be tampered by a man-in-the-middle attack, with updated or collected the data either in the Fog layer or cloud layer. There is also the possibility to launch additional attacks. So, in the context of privacy and security, the presence of a rogue Fog node will be a potential threat in the Fog environment. It is not easy to detect a rogue Fog node in Fog computing for various reasons. One of the main reasons is the diversified trust computing mechanism which brings about perplexed trust situations. On the other hand, we know that Fog computing is dynamic in nature, and consists of numerous devices which leads to creating, deleting, and revoking simultaneously. Therefore, for these various instances, it is difficult to manage the blacklisted nodes. The authors Han et al. [116] [117] have demonstrated measurement-based models which permit a client to escape connecting to rouge access points (AP). Ma et al. [118] introduced a framework to identify the existence of rogue APs in wireless networks. Detecting a rogue Fog node in an IoT network is cumbersome because of the network complexity across different scenarios [10]. Nevertheless, by using trust measurement-based models in the IoT network, it helps to detect rogue nodes. Although this method is not adequate, it can be considered for limited security protection.

• •

  Fault Tolerance: Fog computing is an emerging distributed computing platform which consists of a huge collection of numerous devices which is widely geo-distributed and heterogeneous. Therefore, there might be high chance of failure of devices, as compared to cloud computing. Fog computing is dynamic in nature, whereby the Fog nodes or IoT devices connects or disconnects to a Fog layer over and over. Because of this behavior, there might be a chance to bring about unexpected faults and failures in the Fog environment. Therefore, in these circumstances, the Fog computing platform should provide all the necessary services without interruption if there is a failure occur in individual Fog devices, networks, applications, and services platforms [119]. Because Fog applications should be capable to instantly turn to other available nodes via some inbuilt mechanism if the services in an area become unusual. To mitigate these issues, standards should be applied. Stream Control Transmission Protocol (SCTP) is such example that can deal with such events and packet reliability in wireless sensor networks [120].

  In general, fault tolerance ensures the availability of devices or applications in the event of a failure to provide uninterrupted services. Nevertheless, on the basis of what service is being used, fault tolerance will change according to one’s role and management privileges. In the cloud computing environment, fault tolerance is handled by applying three techniques - proactive, reactive and adaptive [121].

  Proactive fault tolerance policies refer to an escape rescue from faulty components by anticipating and replacing the failed components before it takes place.
  Reactive fault tolerance policies refer to the decrease in the influence of faulty components when the failure occurs. In Adaptive fault tolerance, where the procedure is carried out according to the situation automatically.

  There are numerous fault tolerance techniques which are often used in computing [122] [123] [124] such as Replication, Job Migration, checkpoint, self-healing, Rescue workflow, Safety-bag checks, Task Resubmission, Software Rejuvenation, Masking, Preemptive Migration, and Resource Co-allocation. Nevertheless, in this paper, fault tolerance is mostly discussed based on the cloud computing environment as Fog computing is a new computing paradigm. In recent research works [125] [126] [127] [128] [129], the context of cloud computing in such a scenario was discussed. Therefore, fault tolerance in Fog computing is still a research task. In order to provide a reliable and robust Fog computing environment, failure handling of services should be effectively considered.

Fog computing comprises various IoT or edge devices and collects the data from these devices by accomplishing latency conscious processes. Identifying malicious nodes is a complex task in the Fog environment [130]. As we know, Fog computing is a miniature of cloud computing, as such, almost all types of malicious attacks, which affected a cloud environment can also affect Fog computing. For Example DDoS (Distributed Denial of Service), MITM, sniffing, side channel attacks, DoS (Denial of Service), malware injection, and authentication attacks attack are few of them. Therefore, in these circumstances, without an appropriate prevention mechanism, it can severely damage the competency of the Fog system or network. In this portion, we are going to expose a few malicious attacks which might occur frequently and affect the Fog environment.

• •

  Attacks from malicious Fog nodes and edge devices: As Fog nodes are compromised easily by any malicious attacker, it is a very serious and potential threat for the Fog network environment. The authors [31] mention various unique security threats in their research, which might occur in the IoT and Fog environments. For delivering services to the users, the received data from the IoT devices will be processed by Fog nodes. If some Fog nodes are compromised by any intruders, it is a problematic task to ensure the security of the data. One possible solution would be, by establishing trust between Fog nodes themselves. In this case, an authentication mechanism is mandatory for ensuring secure, trusted communication. Therefore, Fog nodes cannot manage each other, so that it needs to trust only the cloud for authenticity. Sequentially, after being authenticated by the cloud, it should be placed in a Fog environment to process heavy data. However, they are not able to give a suitable solution for this attack. Li et al. [131], carried out research and presented a solution.

  It is vital to identify malicious Fog devices in Fog computing. Due to the lack of resource and edge devices, it is difficult to deploy proper authorization mechanisms between Fog nodes and edge devices. So, it is hard to prevent all attacks completely because of granting a few privileges and processing of the data. Sohal et al. [132] tried to solve the problem by using intrusion detection and virtual honeypot devices by introducing a Markov chain based framework.

• •

  Man-in-the-Middle (MITM) Attack: All data traffic passing through is protected through secure transmission channels between Fog nodes and edge devices in Fog computing. During this communication process, a user’s data will be snooped or impersonated by an external malicious attacker prior to performing a global concealing process in the Fog node. Such a scenario correlates with the MITM attack. In a MITM attack, a perpetrator secretly relays and manipulates the data during communication between two parties. Hence, MITM is a potential attack method which can be used as a typical attack in Fog computing. In Fog computing, an attacker can carry out sniffing or disrupt the packets between Fog devices. As mentioned earlier, in Fog computing, all devices are resource constrained. By having this problem, it is becomes a challenging task to deploy secure communication protocols and encryption-decryption methods amongst Fog nodes and IoT devices [76]. Stojmenovic et al. [76] proposed an authentication method which can possibly avoid MITM attack. To mitigate MITM attacks, the anomaly detection is hardly applicable in Fog computing because these methods were being used in traditional cloud computing. Therefore, to mitigate MITM attacks in Fog computing, a compatible solution still offers a challenge, which can be considered for further research.

• •

  Distributed Denial of Service Attack (DDoS): In the modern epoch, Distributed Denial of Service or (DDoS) is one of the most renowned and challenging threats for cyberspace and other online services. As Fog nodes are made up of limited resources, it is troublesome to manage a huge amount of requests simultaneously. When a malicious attacker or intruder initiates a bunch of inappropriate service requests towards the targeted device, or tries to spoof multiple devices concurrently using the IP addresses, the Fog node will be occupied for a longer span of time. Therefore, all the legitimate services of Fog devices will be inaccessible for legitimate users. As opposed to, Fog nodes which go on to compromise themselves and get used for generating DDoS attacks. A different plane of the Fog environment can be affected by this kind of attack. Recently, malicious attackers have been able to compromise online home-automated smart devices to execute a DDoS attack against popular online websites such as Twitter, Paypal and Reddit. After these attacks, all of these websites were severely affected. Hackers have been trying to use internet-connected home automated equipment, such as Closed Circuit Television (CCTV) cameras, printers, refrigerator, etc. to perform DDoS attacks on popular websites, such as Twitter, Spotify, PayPal, SoundCloud and Reddit [133] [134]. In accordance with the Fog network system, all smart objects which are connected consists of more computational power and they have the ability to perform various tasks concurrently. As compared to traditional DDoS attacks, in Fog computing, various Fog devices apply DDoS attacks which will become much more severe. Therefore, it is not possible to mitigate a DDoS attack completely in the Fog computing environment. At the present moment, we can only monitor them. Under these circumstances, current DDoS issues may need new thinking and further research which will classify DDoS issue much more precisely in the context of the Fog computing environment.

• •

  Malicious Insider Data Theft Attack: According to the three-plane architecture of Fog computing, cloud computing is correlated to Fog computing. Hence, we should be conscious of all the malicious attacks which occur in cloud computing frequently. One severe attack in cloud computing could be a malicious insider attack for data theft purposes. On common terms, the end users will have to trust the cloud service provider despite being aware of this threat. It happens due to the deficiency of cloud service provider’s authentication, authorization, and audit controls which allows attacks to spread out across the cloud system. In this regard, a few incidents have occurred which compromised corporate data, for example, Twitter’s personal hacking  [135], [136] as well as the account hacking incident of U.S. President Barack Obama [137] which was exposed as a malicious intent to steal a user’s credentials. The authors Rocha et al. [138] revealed that a malicious insider can gain access to the user’s data easily in a cloud computing system. The attackers carry out their attacks which are generated from within cloud service providers. Therefore, the end user is not able to detect unauthorized access. There are diversified approaches which would be useful in order to secure data from faulty implementation, misconfigured service bugs in code by using encryption and access control to restrict them as well as to give protection from sophisticated attacks [139]. Another solution could be user behavior profiling, where the system keeps track of the amount of user data access and the duration of data use. Hence, the system can identify anomalous activities of end users, which can be used to detect malicious attacks. In this case, the authors Stolfo et al. [140] have proposed a new approach to assure the security of cloud computing by using user behavior profiling and decoy technology. There might still be few issues [45] which arise, on how to deploy the decoy in Fog networks and how to develop an on-demand decoy information to reduce the portion of stolen data from being lost.

• •

  Physical Attacks: In traditional data centers, physical security is being provided by on site security staff. On the other hand, by applying complex measures e.g. card punch, thumb impression, and retina scanning, physical access control can be deployed much more convincingly. So, these issues are related to certification and audits to derive the necessary physical security measures which are required to meet the set standards. Basically, Fog nodes are widely distributed across various environments. Due to point, it is impossible to implement traditional physical security measures in the Fog computing environment. For example, physical security measures can be applicable to place the edge box at the top of the streetlight’s pole, which should be hidden from eye level as well as being surrounded with a fire-resistant coating to keep it safe from vandalism. There is a lower probability of physical attacks at the software level which enables the scope of theoretical attacks.

In accordance with the study above, and based on different issues regarding threats and attacks related to the Fog, it can be summarized in Table IX. The focus of this study is to address auditing issues to secure the Fog computing environment. The following section discusses security auditing issues in Fog.

Parkinson et al. [146] proposed a novel Graph-based Security Anomaly Detection (Graph- BAD) approach that translates the object-based security configurations into a graph model. Another technique which was developed can identify vulnerabilities autonomously and perform security auditing of large systems without the need for expert knowledge.

Bleikertz et al. [147] proposed an algorithm to audit the configuration network’s security and the policies of the multi-tier cloud architecture using Amazon’s EC2 public cloud.

Wang et al. [148] proposed an auditing system for data storage security by implementing a privacy-preserving auditing protocol using homomorphic authentication and random mask techniques for the preservation of privacy against TPA. It can audit without requiring to have the knowledge of the user’s data contents. A batch auditing protocol was also introduced in this study, which can be used to complete multiple auditing tasks across different users at the same time via TPA. A public auditing system contains four algorithms such as, KeyGen, SigGen, GenProof, and VerifyProof. KeyGen is run by the user to set up the scheme, and to generate the required verification metadata, of which Siggen is used. GenProof is executed by the Cloud Server to provide proof of the data storage’s correctness. VerifyProof is run by TPA to audit the proof from Cloud Server.

Cong et al. [149] recommended a set of characteristics for public auditing systems with the aim to focus on data storage security in public cloud.

Shah et al. [150] proposed several public auditing protocols which helped not only to check data integrity from the service provider, but also fraudulent customers. Privacy preservation is achieved through zero-knowledge, and by concealing data contents from the auditor. Yang et al. [33] reviewed several current works on data storage security auditing service in cloud computing. Mohammed et al. [151] proposed a secure protocol by a Third Party Auditor (TPA) that ensures the data integrity in Fog computing. The main drawback of this method is that the user has to depend on a third party. There should be trust between the Third Party Auditor(TPA) and user.

Implementing security governance and auditing frameworks may support organizations to conduct and manage their own security risk levels. Various organizations or technology groups have created renowned frameworks and recommendations based on the traditional computing or cloud computing standards [152, 153] which are globally used. Therefore, the most popular and renowned security audit standards and frameworks are as follows:

• •

  Service Organization Control (SOC) 2: which is considered for auditing outsourced services sponsored by the American Institute of CPAs

• •

  ISO 27000 standards - ISO 27001:2005 and ISO 27002:2005 : Traditional security audits sponsored by ISO

• •

  CobiT (Control Objectives of Information and related Technology): sponsored and introduced by ISACA(Information System Audit and Control Association, www.isaca.org) and ITGI (IT Governance Institute, www.itgi.org). It is the most renowned and extensively accepted information technology governance framework.

• •

  NIST (www.nist.org) 800-53 revision 4: Federal government audit sponsored by the National Institute of Standards and Technology (NIST)

• •

  Cloud Security Alliance (CSA): Cloud-specific audit which is presented to cloud security auditing terms sponsored by CSA

• •

  Payment Card Industry (PCI), Data Security Standard (DSS): PCI Qualified Security Assessor cloud supplement which is sponsored by PCI DSS

• •

  Basel II, ITIL, SANS(www.sans.org), (ISC)2 framework (www.isc2.org), etc organization which can audit and manage the levels of IT security risks.

To be effective, the above-mentioned security audit standards must confirm to a vast number of security concerns in the traditional computing or cloud computing paradigm. However, using these traditional auditing standards and frameworks in the Fog computing environment will not be well suited because all of these auditing standards and frameworks which are manual approaches. They can only provide limited support to make an evaluation and the audit’s quality heavily depends on an auditor’s experiences and knowledge which could be problematic, whereas the Fog environment is mostly dynamic and distributed across a large scale geographically. Therefore, software based automated auditing standards and frameworks which can perform real-time approaches would be best suited for the Fog computing environment.

The principal necessity to introduce cooperative context aware tools is extensively approved, and actions are being taken at the state level. Several studies have suggested how software tools can be used to extract meaningful knowledge to aid security configurations, auditing, and digital investigations [154]. Therefore, such tools are context-dependent, in that their functionality is conducted to identify threats that are expected. The only limitation of these tools is that each one requires different knowledge and skills to translate their output to obtain an understanding of why this extracted knowledge is significant [155]. Security auditing can be performed in an automated fashion by using Blockchain technology. The next section discusses Blockchain technology and what has been done so far in Fog using Blockchain technology.