FoNAC - An automated Fog Node Audit and Certification scheme

摘要

Meeting the security and privacy needs for IoT data becomes equally important in the newly introduced intermediary Fog Computing layer, as it was in its former technological layer - Cloud; but the accomplishment of such security is critical and challenging. While security assurance of the fog layer devices is imperative due to their exposure to the public Internet, it becomes even more complex, than the cloud layer, as it involves a large number of heterogeneous devices deployed hierarchically. Manual audit and certification schemes are unsuitable for large number of fog nodes thereby inhibiting the involved stakeholders to use manual security assurance schemes altogether. However, scalable and feasible security assurance can be provided by introducing automated and continuous monitoring and auditing of fog nodes to ensure a trusted, updated and vulnerability free fog layer. This paper presents such an solution in the form of an automated Fog Node Audit and Certification scheme (FoNAC) which guarantees a secure fog layer through the proposed fog layer assurance mechanism. FoNAC leverages Trusted Platform Module (TPM 2.0) capabilities to evaluate/audit the platform integrity of the operating fog nodes and grants certificate to the individual node after a successful security audit. FoNAC security is also validated through its formal security analysis performed using AVISPA under Dolev-Yao intruder model. The security analysis of FoNAC shows its resistance against cyber-attacks like impersonation, replay attack, forgery, Denial of Service(DoS) and MITM attack.