City Research Online

Abstract

The next generation of fog-enabled cyber physical systems (Fog-CPS) face numerous security, privacy and trust challenges. Establishing trustworthy and dependable Fog-CPS systems demand an integrated approach that adapts a multi-faceted and multi dimensional solution strategy to countermeasure the challenges faced by the Fog-CPS systems. However, to the best of this researcher’s knowledge, none of the existing studies had adopted an integrated approach to solve the challenges faced by the Fog-CPS systems. Considering the limitations of the existing studies, this research proposes an integrated framework for fog-CPS systems that addresses their security and trust challenges.
The proposed framework is comprised of two main components, 1) security component (SC) and 2) trust management system (TMS). The SC component guarantees that all entities of a Fog-CPS system i.e. fog nodes and cyber physical system (CPS) devices, have unique identities and only authorized parties can access the fog resources. The TMS component ensures that Fog-CPS entities are trustworthy. To be more specific, fog nodes are providing the acceptable quality of service based on the requirements of a specific Fog-CPS use case under consideration. Moreover, it also guarantees that CPS devices are not compromised and reporting actual communication parameters, namely, energy consumption, bandwidth and response time. The parameters reported by CPS devices are subsequently used as an evidence in trust computation for fog nodes.
As part of the SC, a novel lightweight encryption scheme based on elliptic curve cryptography is proposed to enforce robust authentication and authorization. The proposed scheme uses the inherent attributes of CPS devices to generate the cryptographic key pairs. The attributes belonging to CPS devices enables robust authentication and authorization. Unlike existing attribute based encryption (ABE) and identity based encryption (IBE) schemes, in the proposed scheme, each entity/CPS device generates its own public/secret key pair and does not need a certification authority (CA) to authenticate the public keys of other entities. Each CPS device can calculate each other’s public keys, which are based on a shared attribute set.
Moreover, in the case of key revocation, the proposed scheme considers a light and efficient approach wherein the new keys are generated by incurring an overhead of only one extra component. The experimental results of the proposed scheme demonstrate that it is computationally efficient compared to existing ABE schemes which are based on bilinear pairing and elliptic curves.
The TMS, the second component of the proposed framework, evaluates the performance of Fog-CPS entities based on a set of QoS parameters and network communication features. It subsequently computes their trust. Trust computation is formulated as a statistical regression problem, and the random forest regression is employed to solve it.
A Fog-CPS system is an inherently open and distributed, it is therefore vulnerable to collusion, self-promotion, bad mouthing, ballot-stuffing and opportunistic service attacks. The compromised entities can impact the accuracy of trust computation model by increasing/ decreasing the trust of other nodes. These challenges are addressed by designing a generic trust credibility model which can countermeasures the compromise of both CPS devices and fog nodes. The credibility of each newly computed trust value is evaluated and subsequently adjusted by correlating it with a standard deviation threshold. The standard deviation is quantified by computing the trust in two configurations of hostile environments and subsequently comparing it with the trust value in a legitimate/normal environment. Trust computation results demonstrate that credibility model successfully countermeasures the malicious behaviour of all Fog-CPS entities i.e. CPS devices and fog nodes.
The trust computed by the TMS component is incorporated in access control policies and ensures that only trusted entities are granted access to fog resources and collaborate with other entities in the system. The integration of two components, SC and TMS ensures that security and trust challenges of Fog-CPS systems are adequately addressed.

Publication Type:	Thesis (Doctoral)
Subjects:	Q Science > QA Mathematics Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Departments:	Doctoral Theses School of Science & Technology > School of Science & Technology Doctoral Theses School of Science & Technology > Computer Science

Export

Downloads