A hybrid fog-cloud approach for securing the Internet of Things

Abstract

As the Internet of Things (IoT) continues to grow, there arises concerns and challenges with regard to the security and privacy of the IoT. Malicious attacks such as man-in-the-middle and distributed denial of service (DDoS) are typical threats to the IoT systems. In this paper, we propose a FOg CompUting-based Security (FOCUS) system to provide security for IoT systems against those malicious attacks. The proposed FOCUS system applies a threefold protection mechanism: Firstly, it makes use of the virtual private network (VPN) to secure the communication channels for the IoT devices; Secondly, it applies machine learning-based traffic analysis unit to classify the traffic to be trusted, untrusted and suspicious; Thirdly, it adopts a challenge-response authentication to validate the suspicious traffic source so as to protect the VPN server against potential DDoS attacks. Such a threefold protection mechanism is effective in mitigating various malicious attacks and can provide a high standard security for the IoT system. Furthermore, to improve the system performance, FOCUS is implemented in a hybrid fog-cloud model that achieves a low latency and system response time. In the hybrid fog-cloud model, a selected amount of the protection and validation requests are addressed in the fog that is close to the end users, while the excessive requests are addressed in the cloud. Through this, FOCUS can effectively avoid the long queuing delay caused by the limited computational capacity in the fog implementation. The experimental results show that FOCUS can effectively filter out malicious attacks with low response time and small network cost (e.g., network bandwidth consumption).