No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Bulwark Security in an Edge Cloud Model
ResearchGate has not been able to resolve any citations for this publication.
The explosive growth of the Internet of Things (IoT) devices raises serious concerns for a user’s privacy and security because the existing software framework on these devices often support various default features and generate large data sets. Moreover, many IoT devices incorporate a manufacturer-owned cloud-based back-end support to process and store the generated data while simultaneously sharing with third parties. Clearly, in such an industry-driven environment with the desire to use the IoT data as a revenue stream, it is a challenge for users to control IoT data. Device manufacturers utilize an opaque software design where user data is generated and stored with little transparency. Manufacturers use EULAs as a legal construct to protect a manufacturer’s legal standing and to explain a device’s behavior, however this explanation is vague and lacks the necessary details for a user to determine a device’s acceptable use and it has become increasingly difficult for users to secure and maintain their data. Fortunately, as the privacy minded user base of IoT devices grows, the manufacturers will be forced to implement a new framework that can enable users to have more control on the creation of their IoT data, and to store/disseminate such data in a secure and private manner. In this paper, we address this lack of transparency from manufacturers and address the issues of privacy and security by proposing a new framework called Bulwark, for manufacturer use on IoT devices and mobile applications. Proposed framework enables the user to generate and manage a set of data controlling rules, and store the result in their personal cloud account, while providing a dashboard data reporting tool enabling data transparency and supporting good user choices. The user’s ability to access, disseminate and secure IoT generated data, is now available within our proposed framework. Using reverse engineering, simulation and implementation of open source solutions, we demonstrate support for a set of common devices. Each device executed the framework, while communicating with a mobile application and cloud services. Rules were generated for each message and telemetry was returned to the mobile application for dashboard rendering. We stored generated data in the cloud using our own account, while maintaining the free tier for each of the cloud services. Network usage increased between 4% and 9% while storage size grew between 0% and 2% larger, as compared to using the device without the framework. Our framework demonstrates support for a multitude of devices, by either open source or support for similar feature sets. This framework is easy to integrate and we anticipate wide spread adoption.
Agriculture 4.0 is a domain of IoT in full growth which produces large amounts of data from machines , robots and sensors networks. This data must be able to be processed very quickly, especially for systems that need to make real-time decisions. The Kappa architecture provides a way to process Agriculture 4.0 data at high speed in the cloud and thus meet the requirements for processing speed. This paper presents an optimized Kappa architecture for the management of data in Agriculture. It optimized the classical Kappa architecture in order to improve memory management and processing speed. It fine tuned parameters of the Kappa architecture to process data from a concrete use case. It is showed the impact of the parameters tweaking on the speed of treatment. It is discovered that the combination of Apache Samza with Apache Druid offers the better performances.
Containers are a form of software virtualization, rapidly becoming the de facto way of providing edge computing services. Research on container-based edge computing is plentiful, and this has been buoyed by the increasing demand for single digit, milliseconds latency computations. A container scheduler is part of the architecture that is used to manage and orchestrate multiple container-based applications on heterogenous computing nodes. The scheduler decides how incoming computing requests are allocated to containers, which edge nodes the containers are placed on, and where already deployed containers are migrated to. This paper aims to clarify the concept of container placement and migration in edge servers and the scheduling models that have been developed for this purpose. The study illuminates the frameworks and algorithms upon which the scheduling models are built. To convert the problem to one that can be solved using an algorithm, the container placement problem in mostly abstracted using multi-objective optimization models or graph network models. The scheduling algorithms are predominantly heuristic-based algorithms, which are able to arrive at sub-optimal solutions very quickly. There is paucity of container scheduling models that consider distributed edge computing tasks. Research in decentralized scheduling systems is gaining momentum and the future outlook is in scheduling containers for mobile edge nodes.
The Internet of Things (IoT) introduces a new challenge for Database Management Systems (DBMS). In IoT, large numbers of sensors are used in daily lives. These sensors generate a huge amount of heterogeneous data that needs to be handled by the appropriate DBMS. The IoT has a challenge for the DBMS in evaluating how to store and manipulate a huge amount of heterogeneous data. DBMS can be categorized into two main types: The Relational DBMSs and the Non-relational DBMSs. This paper aims to provide a thorough comparative evaluation of two popular open-source DBMSs: MySQL as a Relational DBMS and MongoDB as a Non-relational DBMS. This comparison is based on evaluating the performance of inserting and retrieving a huge amount of IoT data and evaluating the performance of the two types of databases to work on resources with different specifications in cloud computing. This paper also proposes two prediction models and differentiates between them to estimate the response time in terms of the size of the database and the specifications of the cloud instance. These models help to select the appropriate DBMS to manage and store a certain size of data on an instance with particular specifications based on the estimated response time. The results indicate that MongoDB outperforms MySQL in terms of latency and the database size through increasing the amount of tested data. Moreover, MongoDB can save resources better than MySQL that needs resources with high capabilities to work with less performance.
The IInternet of Thiings (IoT) introoduces a new challenge for DDatabase Manaagement Systeems (DBMMS). In IoT, laarge numbers oof sensors are uused in daily livves. These sennsors generate aa huge amountt of heterrogeneous dataa that needs to be handled by the appropriiate DBMS. TThe IoT has a challenge for the DBMMS in evaluatinng how to storre and manipuulate a huge ammount of heterrogeneous datta. DBMS can be categgorized into twwo main types: The Relationaal DBMSs andd the Non-relattional DBMSs.. This paper aiims to proovide a thorough comparativve evaluation of two popular oopen-source DDBMSs: MySQQL as a Relatioonal DBMMS and MongoDDB as a Non-rrelational DBMMS. This compaarison is basedd on evaluatingg the performannce of insserting and rettrieving a hugee amount of IooT data and evvaluating the performance off the two typess of databbases to work oon resources wwith different sspecifications iin cloud compuuting. This papper also propooses two pprediction moddels and differeentiates betweeen them to estimmate the respoonse time in terrms of the sizee of the ddatabase and tthe specificatioons of the clooud instance. TThese models help to selecct the appropriiate DBMMS to manage aand store a cerrtain size of data on an instannce with particuular specificatiions based on the estimmated response time. The resuults indicate thhat MongoDB outperforms MMySQL in termms of latency aand the ddatabase size thhrough increassing the amounnt of tested daata. Moreover, MongoDB caan save resourrces betterr than MySQLL that needs resources with higgh capabilities to work with lless performannce.
Cloud-edge-collaborative storage (CECS) is a promising framework to process data of the internet of things (IoT). It allows edge servers to process IoT data in real-time and stores them on a cloud server. Hence, it can rapidly respond to the requests of IoT devices, provide a massive volume of cloud storage for IoT data, and conveniently share IoT data with users. However, due to the vulnerability of edge and cloud servers, CECS suffers from the risk of data leakage. Existing secure CECS schemes are secure only if all edge servers are trusted. In other words, if any edge server is compromised, all cloud data (generated by IoT devices) will be leaked. Additionally, it is costly to request expected data from the cloud, which is linear with respect to the number of edge servers. To address the above problems, we propose a new secure data search and sharing scheme for CECS. Our scheme improves the existing secure CECS scheme in the following two ways. First, it enables users to generate a public-and-private key pair and manage private keys by themselves. In contrast, the existing solution requires edge servers to manage users’ private keys. Second, it uses searchable public-key encryption to achieve more secure, efficient, and flexible data searching. In terms of security, our scheme ensures the confidentiality of cloud data and secure data sharing and searching and avoids a single point of breakthrough. In terms of performance, the experimental results show that our scheme significantly reduces users’ computing costs by delegating most of the cryptographic operations to edge servers. Especially, our scheme reduces the computing and communication overhead for generating a search trapdoor compared with the existing secure CECS scheme.
Edge Computing (EC) became popular again with the rise of IoT, Cloud Computing, and Industry 4.0. In this paper, difficulties of application development in the EC environment are discussed and a container-based solution using remote debugging at the edge is proposed. This container allows application developers to write code in the production environment. Our implementation increases the development speed and facilitates in-place debugging for EC environments.
The rapid proliferation of Internet-of-Things (IoT) devices has brought great challenges of data management, i.e., storing, retrieving and manipulating a large volume of IoT data. Conventional IoT systems rely on centralized architectures to manage IoT data, hence suffering from limited scalability, lack of transparency, and single point failure issues. As such, we employ blockchain as a distributed ledger to support the decentralized approach of data management in IoT systems, where IoT data are stored in the deployed blockchain for further utilization, e.g., retrieve and audit. A general architecture combining blockchain and IoT systems is presented. Nevertheless, as the resource constraints of IoT devices may still exist during the process of data transmissions from IoT devices to the blockchain network, we propose a case study of learning-assisted resource allocation method to support intelligent data management. The numerical results show that the proposed scheme achieves superior performance compared with baseline solutions.
The drastically increasing volume and the growing trend on the types of data have brought in the possibility of realizing advanced applications such as enhanced driving safety, and have enriched existing vehicular services through data sharing among vehicles and data analysis. Due to limited resource of vehicles, mobile edge computing integrated with vehicular networks gives rise to Vehicular Edge COmputing and Networks (VECONs) for providing powerful computing and massive storage resources. However, vehicular edge computing servers consisted of roadside units cannot be fully trusted, which may result in serious security and privacy challenges. We exploit consortium blockchain and smart contract technologies to achieve secure data storage and sharing in vehicular edge networks. These technologies efficiently prevent data sharing without authorization. In addition, we propose a reputation based data sharing scheme to ensure high-quality data sharing among vehicles. A three-weight subjective logic model is utilized for precisely managing reputation of the vehicles. Numerical results based on a real dataset show that our schemes achieve reasonable efficiency and high-level security for data sharing in VECONs.
The recent edge computing infrastructure introduces a new computing model that works as a complement of the traditional cloud computing. The edge nodes in the infrastructure reduce the network latency of the cloud computing model and increase data privacy by offloading the sensitive computation from the cloud to the edge. Recent research focuses on the applications and performance of the edge computing, but less attention is paid to the security of this new computing paradigm. Inspired by the recent move of hardware vendors that introducing hardware-assisted Trusted Execution Environment (TEE), we believe applying these TEEs on the edge nodes would be a natural choice to secure the computation and sensitive data on these nodes. In this paper, we investigate the typical hardware-assisted TEEs and evaluate the performance of these TEEs to help analyze the feasibility of deploying them on the edge platforms. Our experiments show that the performance overhead introduced by the TEEs is low, which indicates that integrating these TEEs into the edge nodes can efficiently mitigate security loopholes with a low performance overhead.
Edge clouds face challenges of resource assignment and load balancing due to variability of user location (mobility), server load and network state. Dynamic resource migration techniques are considered necessary to achieve load balance, fault tolerance and system maintenance objectives. Container migration is emerging as a potential solution that enables dynamic resource migration in virtualized networks and mobile edge cloud (MEC) systems. This paper proposes a traffic aware container migration approach and validates it with an end-to-end system implementation using a pure container hypervisor called LXD (Linux Container Hypervisor). The container migration model is then evaluated for real-time applications such as license plate recognition running in a mobile edge cloud scenario based on city-scale mobility traces from taxicabs in San Francisco. The system evaluation considers key metrics associated with application quality-of-experience (QoE) and network efficiency such as the average system response time and the migration cost for different combinations of load, compute resources, inter-edge cloud bandwidth, network and user latency. A specific compute resource and network-aware distributed resource migration algorithm called "ShareOn" is proposed and compared with alternative techniques using the San Francisco MEC model.
System design where cyber-physical applications are securely coordinated from the cloud may simplify the development process. However, all private data are then pushed to these remote “swamps,” and human users lose actual control as compared to when the applications are executed directly on their devices. At the same time, computing at the network edge is still lacking support for such straightforward multidevice development, which is essential for a wide range of dynamic cyber-physical services. This article proposes a novel programming model as well as contributes the associated secure-connectivity framework for leveraging safe coordinated device proximity as an additional degree of freedom between the remote cloud and the safety-critical network edge, especially under uncertain environment constraints. This article is part of a special issue on Software Safety and Security Risk Mitigation in Cyber-physical Systems.
Lightweight virtualization technologies have revolutionized the world of software development by introducing flexibility and innovation to this domain. Although the benefits introduced by these emerging solutions have been widely acknowledged in cloud computing, recent advances have led to the spread of such technologies in different contexts. As an example, the Internet of Things (IoT) and Mobile Edge Computing (MEC) benefit from container-virtualization by exploiting the possibility of using these technologies not only in data centers but also on devices, which are characterized by fewer computational resources such as single-board computers. This has led to a growing trend to more efficiently redesign the critical components of IoT/Edge scenarios (e.g., gateways) to enable the concept of device virtualization. The possibility for efficiently deploying virtualized instances on single-board computers has already been addressed in recent studies; however, these studies considered only a limited number of devices and omitted important performance metrics from their empirical assessments. This paper seeks to fill this gap and to provide insights for future deployments through a comprehensive performance evaluation that aims to show the strengths and weaknesses of several low-power devices when handling container-virtualized instances.
The vision of SMARTIE (Secure and sMARter ciTIEs data management) is to create a distributed framework for IoT-based applications storing, sharing and processing large volumes of heterogeneous information. This framework is envisioned to enable end-to-end security and trust in information delivery for decision-making purposes following the data owner's privacy requirements. SMARTIE follows a data-centric paradigm, which will offer highly scalable and secure information for smart city applications. The heart of this paradigm will be the 'information management and services' plane as a unifying umbrella, which will operate above heterogeneous network devices and data sources, and will provide advanced secure information services enabling powerful higher-layer applications.
High latency, network congestion and network bottleneck are some of problems in cloud computing. Moving from centralized to decentralized paradigm, Edge computing could offload the processing to the edge which indirectly reduces application response time and improves overall user experience. This paper evaluate Docker, a container based technology as a platform for Edge Computing. 4 fundamental criteria were evaluated 1) deployment and termination, 2) resource & service management, 3) fault tolerance and 4) caching. Based on our evaluation and experiment Docker provides fast deployment, small footprint and good performance which make it potentially a viable Edge Computing platform.
Fog Computing extends the Cloud Computing paradigm to the edge of the network, thus enabling a new breed of applications and services. Defining characteristics of the Fog are: a) Low latency and location awareness; b) Wide-spread geographical distribution; c) Mobility; d) Very large number of nodes, e) Predominant role of wireless access, f) Strong presence of streaming and real time applications, g) Heterogeneity. In this paper we argue that the above characteristics make the Fog the appropriate platform for a number of critical Internet of Things (IoT) services and applications, namely, Connected Vehicle, Smart Grid, Smart Cities, and, in general, Wireless Sensors and Actuators Networks (WSANs).
This paper presents MAUI, a system that enables fine-grained energy-aware offload of mobile code to the infrastructure. Previous approaches to these problems either relied heavily on programmer support to partition an application, or they were coarse-grained re- quiring full process (or full VM) migration. MAUI uses the benefits of a managed code environment to offer the best of both worlds: it supports fine-grained code offload to maximize energy savings with minimal burden on the programmer. MAUI decides at run- time which methods should be remotely executed, driven by an op- timization engine that achieves the best energy savings possible un- der the mobile device's current connectivity constrains. In our eval- uation, we show that MAUI enables: 1) a resource-intensive face recognition application that consumes an order of magnitude less energy, 2) a latency-sensitive arcade game application that doubles its refresh rate, and 3) a voice-based language translation applica- tion that bypasses the limitations of the smartphone environment by executing unsupported components remotely.
Mobile computing continuously evolve through the sustained effort of many researchers. It seamlessly augments users' cognitive abilities via compute-intensive capabilities such as speech recognition, natural language processing, etc. By thus empowering mobile users, we could transform many areas of human activity. This article discusses the technical obstacles to these transformations and proposes a new architecture for overcoming them. In this architecture, a mobile user exploits virtual machine (VM) technology to rapidly instantiate customized service software on a nearby cloudlet and then uses that service over a wireless LAN; the mobile device typically functions as a thin client with respect to the s
5a8
ervice. A cloudlet is a trusted, resource-rich computer or cluster of computers that's well-connected to the Internet and available for use by nearby mobile devices. Our strategy of leveraging transiently customized proximate infrastructure as a mobile device moves with its user through the physical world is called cloudlet-based, resource-rich, mobile computing. Crisp interactive response, which is essential for seamless augmentation of human cognition, is easily achieved in this architecture because of the cloudlet's physical proximity and one-hop network latency. Using a cloudlet also simplifies the challenge of meeting the peak bandwidth demand of multiple users interactively generating and receiving media such as high-definition video and high-resolution images. Rapid customization of infrastructure for diverse applications emerges as a critical requirement, and our results from a proof-of-concept prototype suggest that VM technology can indeed help meet this requirement.
Internet of Things (IoT) is an innovative paradigm envisioned to provide massive applications that are now part of our daily lives. Millions of smart devices are deployed within complex networks to provide vibrant functionalities including communications, monitoring, and controlling of critical infrastructures. However, this massive growth of IoT devices and the corresponding huge data traffic generated at the edge of the network created additional burdens on the state-of-the-art centralized cloud computing paradigm due to the bandwidth and resources scarcity. Hence, edge computing (EC) is emerging as
an innovative strategy that brings data processing and storage near to the end users, leading to what is called EC-assisted IoT. Although this paradigm provides unique features and enhanced quality of service (QoS), it also introduces huge risks in data security and privacy aspects. This paper conducts a comprehensive survey on security and privacy issues in the context of EC-assisted IoT. In particular, we first present an overview of EC-assisted IoT including definitions, applications, architecture, advantages,
and challenges. Second, we define security and privacy in the context of EC-assisted IoT. Then, we extensively discuss the major classifications of attacks in EC-assisted IoT and provide possible solutions and countermeasures along with the related research efforts. After that, we further classify some security and privacy issues as discussed in the literature based on security services and based on security objectives and functions. Finally, several open challenges and future research directions for secure EC-assisted IoT paradigm are also extensively provided.
Industrial applications generate big data with redundant information that are transmitted over heterogeneous networks. The transmission of big data with redundant information not only increases the overall end-to-end delay but also increases the computational load on servers which affects the performance of industrial applications. To address these challenges, we propose an intelligent framework for Reliable and Secure multi-level Edge Computing (RaSEC) in industrial environments. This framework operates in three phases. In the first phase, level-one edge devices apply a lightweight aggregation technique on the generated data. This technique not only reduces the size of the generated data, but also helps in preserving the privacy of data sources. In the second phase, a multi-step process is used to register Level-Two Edge Devices (LTEDs) with High-Level Edge Devices (HLEDs). Due to the registration process, only legitimate LTEDs can forward data to the HLEDs, and as a result, the computational load on HLEDs decreases. In the third phase, the HLEDs use a convolutional neural network to detect the presence of moving objects in the data forwarded by LTEDs. If a movement is detected, the data are uploaded to the cloud servers for further analysis otherwise the data are discarded which minimizes the use of computational resources on cloud computing platforms. Simulation results show that our proposed framework is highly resilient against security and privacy threats. The proposed framework also helps in increasing the response time by forwarding useful information to the cloud servers and can be utilized by various industrial applications.
Internet of Things (IoT) is gaining increasing popularity. Overwhelming volumes of data are generated by IoT devices. Those data after analytics provide significant information that could greatly benefit IoT applications. Different from traditional applications, IoT applications such as environmental monitoring, smart navigation and smart healthcare come with new requirements such as mobility, real-time response, and location awareness. However, traditional cloud computing paradigm cannot satisfy these demands due to centralized processing and being far away from local devices. Hence, edge computing was introduced to perform data processing and storage in the edge of networks, which is closer to data sources than cloud computing, thus efficient and location-aware. Unfortunately, edge computing brings new security and privacy challenges when applied to data analytics. The literature still lacks a thorough review on the recent advances in secure data analytics in edge computing. In this paper, we first introduce the concept and features of edge computing, and then propose a number of requirements for its secure data analytics by analyzing potential security threats in edge computing. Furthermore, we give a comprehensive review on the pros and cons of the existing works on data analytics in edge computing based on our proposed requirements. Based on our literature survey, we highlight current open issues and propose future research directions.
Internet of Things (IoT) allows billions of physical objects to be connected to collect and exchange data for offering various applications, such as environmental monitoring, infrastructure management and home automation. On the other hand, IoT has unsupported features (e.g., low latency, location awareness and geographic distribution) that are critical for some IoT applications, including smart traffic lights, home energy management and augmented reality. To support these features, fog computing is integrated into IoT to extend computing, storage and networking resources to the network edge. Unfortunately, it is confronted with various security and privacy risks, which raise serious concerns towards users. In this survey, we review the architecture and features of fog computing and study critical roles of fog nodes, including real-time services, transient storage, data dissemination and decentralized computation. We also examine fog-assisted IoT applications based on different roles of fog nodes. Then, we present security and privacy threats towards IoT applications and discuss the security and privacy requirements in fog computing. Further, we demonstrate potential challenges to secure fog computing and review the state-of-the-art solutions used to address security and privacy issues in fog computing for IoT applications. Finally, by defining several open research issues, it is expected to draw more attention and efforts into this new architecture. Keywords: Fog computing, Internet of Things, edge computing, security and privacy.
The data centers used to create cloud services represent a significant investment in capital outlay and ongoing costs. Accordingly, we first examine the costs of cloud service data centers today. The cost breakdown reveals the importance of optimizing work completed per dollar invested. Unfortunately, the resources inside the data centers often operate at low utilization due to resource stranding and fragmentation. To attack this first problem, we propose (1) increasing network agility, and (2) providing appropriate incentives to shape resource consumption. Second, we note that cloud service providers are building out geo-distributed networks of data centers. Geo-diversity lowers latency to users and increases reliability in the presence of an outage taking out an entire site. However, without appropriate design and management, these geo-diverse data center networks can raise the cost of providing service. Moreover, leveraging geo-diversity requires services be designed to benefit from it. To attack this problem, we propose (1) joint optimization of network and data center resources, and (2) new systems and mechanisms for geo-distributing state.
Internet of Things (IoT) is an important part of the new generation information technology. Data management for IoT plays a crucial role in its effective operations and has become a key research topic of IoT. Much work has been done to enable effective and intelligent data processing and analysis when IoT is evolving from Radio Frequency Identification (RFID), Wireless Sensor Network (WSN) and other related technologies. In this paper, we start from the core definition and architecture of IoT, aiming at examining current research effort to derive a holistic view of existing literatures. We present a layered reference model for IoT data management and elaborate the related research topics and solutions in each layer. Based on our analysis, we identify research challenges and opportunities for future work.
Safe, secure executions at the network edge: Coordinating cloud, edge, and fog computing
- N Mkitalo
- A Ometov
- J Kannisto
- S Andreev
- Y Koucheryavy
- T Mikkonen
Smartie project: Secure iot data management for smart cities
- J.-M Bohli
- A Skarmeta
- M Victoria Moreno
- D Garca
- P Langendrfer
Accelerator-aware kubernetes scheduler for dnn tasks on edge computing environment
- J Park
- U Choi
- S Kum
- J Moon
- K Lee