Fog-Sec: Secure end-to-end communication in fog-enabled IoT network using permissioned blockchain system

IF 1.5 4区计算机科学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Network Management Pub Date : 2023-08-28 DOI:10.1002/nem.2248

Erukala Suresh Babu, Mekala Srinivasa Rao, Gandharba Swain, A. Kousar Nikhath, Rajesh Kaluri

{"title":"Fog-Sec: Secure end-to-end communication in fog-enabled IoT network using permissioned blockchain system","authors":"Erukala Suresh Babu, Mekala Srinivasa Rao, Gandharba Swain, A. Kousar Nikhath, Rajesh Kaluri","doi":"10.1002/nem.2248","DOIUrl":null,"url":null,"abstract":"<p>The technological integration of the Internet of Things (IoT)-Cloud paradigm has enabled intelligent linkages of things, data, processes, and people for efficient decision making without human intervention. However, it poses various challenges for IoT networks that cannot handle large amounts of operation technology (OT) data due to physical storage shortages, excessive latency, higher transfer costs, a lack of context awareness, impractical resiliency, and so on. As a result, the fog network emerged as a new computing model for providing computing capacity closer to IoT edge devices. The IoT-Fog-Cloud network, on the other hand, is more vulnerable to multiple security flaws, such as missing key management problems, inappropriate access control, inadequate software update mechanism, insecure configuration files and default passwords, missing communication security, and secure key exchange algorithms over unsecured channels. Therefore, these networks cannot make good security decisions, which are significantly easier to hack than to defend the fog-enabled IoT environment. This paper proposes the cooperative flow for securing edge devices in fog-enabled IoT networks using a permissioned blockchain system (pBCS). The proposed fog-enabled IoT network provides efficient security solutions for key management issues, communication security, and secure key exchange mechanism using a blockchain system. To secure the fog-based IoT network, we proposed a mechanism for identification and authentication among fog, gateway, and edge nodes that should register with the blockchain network. The fog nodes maintain the blockchain system and hold a shared smart contract for validating edge devices. The participating fog nodes serve as validators and maintain a distributed ledger/blockchain to authenticate and validate the request of the edge nodes. The network services can only be accessed by nodes that have been authenticated against the blockchain system. We implemented the proposed pBCS network using the private Ethereum 2.0 that enables secure device-to-device communication and demonstrated performance metrics such as throughput, transaction delay, block creation response time, communication, and computation overhead using state-of-the-art techniques. Finally, we conducted a security analysis of the communication network to protect the IoT edge devices from unauthorized malicious nodes without data loss.</p>","PeriodicalId":14154,"journal":{"name":"International Journal of Network Management","volume":"33 5","pages":""},"PeriodicalIF":1.5000,"publicationDate":"2023-08-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Network Management","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/nem.2248","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The technological integration of the Internet of Things (IoT)-Cloud paradigm has enabled intelligent linkages of things, data, processes, and people for efficient decision making without human intervention. However, it poses various challenges for IoT networks that cannot handle large amounts of operation technology (OT) data due to physical storage shortages, excessive latency, higher transfer costs, a lack of context awareness, impractical resiliency, and so on. As a result, the fog network emerged as a new computing model for providing computing capacity closer to IoT edge devices. The IoT-Fog-Cloud network, on the other hand, is more vulnerable to multiple security flaws, such as missing key management problems, inappropriate access control, inadequate software update mechanism, insecure configuration files and default passwords, missing communication security, and secure key exchange algorithms over unsecured channels. Therefore, these networks cannot make good security decisions, which are significantly easier to hack than to defend the fog-enabled IoT environment. This paper proposes the cooperative flow for securing edge devices in fog-enabled IoT networks using a permissioned blockchain system (pBCS). The proposed fog-enabled IoT network provides efficient security solutions for key management issues, communication security, and secure key exchange mechanism using a blockchain system. To secure the fog-based IoT network, we proposed a mechanism for identification and authentication among fog, gateway, and edge nodes that should register with the blockchain network. The fog nodes maintain the blockchain system and hold a shared smart contract for validating edge devices. The participating fog nodes serve as validators and maintain a distributed ledger/blockchain to authenticate and validate the request of the edge nodes. The network services can only be accessed by nodes that have been authenticated against the blockchain system. We implemented the proposed pBCS network using the private Ethereum 2.0 that enables secure device-to-device communication and demonstrated performance metrics such as throughput, transaction delay, block creation response time, communication, and computation overhead using state-of-the-art techniques. Finally, we conducted a security analysis of the communication network to protect the IoT edge devices from unauthorized malicious nodes without data loss.

Abstract Image

查看原文本刊更多论文

Fog‐Sec：使用许可的区块链系统在启用Fog的物联网网络中进行安全的端到端通信

物联网（IoT）-云模式的技术集成实现了物、数据、流程和人员的智能连接，从而实现了无需人工干预的高效决策。然而，由于物理存储短缺、延迟过大、传输成本较高、缺乏上下文感知、弹性不切实际等原因，它给无法处理大量操作技术（OT）数据的物联网网络带来了各种挑战。因此，雾网络成为了一种新的计算模型，用于提供更接近物联网边缘设备的计算能力。另一方面，IoT‐Fog‐Cloud网络更容易受到多种安全缺陷的影响，如密钥管理问题缺失、访问控制不当、软件更新机制不足、配置文件和默认密码不安全、通信安全缺失以及不安全通道上的安全密钥交换算法。因此，这些网络无法做出良好的安全决策，这比保护雾状物联网环境要容易得多。本文提出了使用许可区块链系统（pBCS）在启用雾的物联网网络中保护边缘设备的合作流程。所提出的支持雾的物联网网络使用区块链系统为密钥管理问题、通信安全和安全密钥交换机制提供了高效的安全解决方案。为了确保基于雾的物联网网络的安全，我们提出了一种在雾、网关和边缘节点之间进行识别和认证的机制，这些节点应该在区块链网络中注册。雾节点维护区块链系统，并持有用于验证边缘设备的共享智能合约。参与的雾节点充当验证器，并维护分布式账本/区块链，以验证边缘节点的请求。网络服务只能由经过区块链系统验证的节点访问。我们使用私有以太坊2.0实现了所提出的pBCS网络，该网络实现了安全的设备对设备通信，并使用最先进的技术展示了吞吐量、事务延迟、块创建响应时间、通信和计算开销等性能指标。最后，我们对通信网络进行了安全分析，以保护物联网边缘设备免受未经授权的恶意节点的攻击，而不会丢失数据。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

International Journal of Network Management COMPUTER SCIENCE, INFORMATION SYSTEMS-TELECOMMUNICATIONS

CiteScore

5.10

自引率

6.70%

发文量

审稿时长

>12 weeks

期刊介绍： Modern computer networks and communication systems are increasing in size, scope, and heterogeneity. The promise of a single end-to-end technology has not been realized and likely never will occur. The decreasing cost of bandwidth is increasing the possible applications of computer networks and communication systems to entirely new domains. Problems in integrating heterogeneous wired and wireless technologies, ensuring security and quality of service, and reliably operating large-scale systems including the inclusion of cloud computing have all emerged as important topics. The one constant is the need for network management. Challenges in network management have never been greater than they are today. The International Journal of Network Management is the forum for researchers, developers, and practitioners in network management to present their work to an international audience. The journal is dedicated to the dissemination of information, which will enable improved management, operation, and maintenance of computer networks and communication systems. The journal is peer reviewed and publishes original papers (both theoretical and experimental) by leading researchers, practitioners, and consultants from universities, research laboratories, and companies around the world. Issues with thematic or guest-edited special topics typically occur several times per year. Topic areas for the journal are largely defined by the taxonomy for network and service management developed by IFIP WG6.6, together with IEEE-CNOM, the IRTF-NMRG and the Emanics Network of Excellence.