Microservice Security Agent Based On API Gateway in Edge Computing

Internet of Things (IoT) devices are embedded with software, electronics, and sensors, and feature connectivity with constrained resources. They require the edge computing paradigm, with modular characteristics relying on microservices, to provide an extensible and lightweight computing framework at the edge of the network. Edge computing can relieve the burden of centralized cloud computing by performing certain operations, such as data storage and task computation, at the edge of the network. Despite the benefits of edge computing, it can lead to many challenges in terms of security and privacy issues. Thus, services that protect privacy and secure data are essential functions in edge computing. For example, the end user’s ownership and privacy information and control are separated, which can easily lead to data leakage, unauthorized data manipulation, and other data security concerns. Thus, the confidentiality and integrity of the data cannot be guaranteed and, so, more secure authentication and access mechanisms are required to ensure that the microservices are exposed only to authorized users. In this paper, we propose a microservice security agent to integrate the edge computing platform with the API gateway technology for presenting a secure authentication mechanism. The aim of this platform is to afford edge computing clients a practical application which provides user authentication and allows JSON Web Token (JWT)-based secure access to the services of edge computing. To integrate the edge computing platform with the API gateway, we implement a microservice security agent based on the open-source Kong in the EdgeX Foundry framework. Also to provide an easy-to-use approach with Kong, we implement REST APIs for generating new consumers, registering services, configuring access controls. Finally, the usability of the proposed approach is demonstrated by evaluating the round trip time (RTT). The results demonstrate the efficiency of the system and its suitability for real-world applications.

Download Full-text

Edge Architecture Integration of Technologies

Cases on Edge Computing and Analytics - Advances in Computational Intelligence and Robotics ◽

10.4018/978-1-7998-4873-8.ch001 ◽

2021 ◽

pp. 1-30

Author(s):

Sandhya Devi R. S. ◽

Vijaykumar V. R. ◽

Sivakumar P. ◽

Neeraja Lakshmi A. ◽

Vinoth Kumar B.

Keyword(s):

Data Privacy ◽

Response Times ◽

Management Strategies ◽

Cost Savings ◽

Edge Computing ◽

Battery Life ◽

Computing Platform ◽

Computing Paradigm ◽

Time Latency ◽

The Internet Of Things

The enormous growth of the internet of things (IoT) and cloud-based services have paved the way for edge computing, the new computing paradigm which processes the data at the edge of the network. Edge computing resolves issues related to response time, latency, battery life limitation, cost savings for bandwidth, as well as data privacy and protection. The architecture brings devices and data back to the consumer. This model of computing as a distributed IT system aims at satisfying end-user demands with faster response times by storing data closer to it. The enormous increase in individuals and locations, connected devices such as appliances, laptops, smartphones, and transport networks that communicate with each other has raised exponentially. Considering these factors in this chapter, edge computing architecture along with the various components that constitute the computing platform are discussed. The chapter also discusses resource management strategies deliberate for edge computing devices and integration of various computing technologies to support efficient IoT architecture.

Download Full-text

Authentication Protocol for Cloud Databases Using Blockchain Mechanism

Sensors ◽

10.3390/s19204444 ◽

2019 ◽

Vol 19 (20) ◽

pp. 4444 ◽

Cited By ~ 9

Author(s):

Gaurav Deep ◽

Rajni Mohana ◽

Anand Nayyar ◽

P. Sanjeevikumar ◽

Eklas Hossain

Keyword(s):

User Authentication ◽

Denial Of Service ◽

Formal System ◽

Authentication Mechanism ◽

Blockchain Technology ◽

Insider Attack ◽

Cloud Databases ◽

User Data ◽

User Access ◽

Secure Authentication

Cloud computing has made the software development process fast and flexible but on the other hand it has contributed to increasing security attacks. Employees who manage the data in cloud companies may face insider attack, affecting their reputation. They have the advantage of accessing the user data by interacting with the authentication mechanism. The primary aim of this research paper is to provide a novel secure authentication mechanism by using Blockchain technology for cloud databases. Blockchain makes it difficult to change user login credentials details in the user authentication process by an insider. The insider is not able to access the user authentication data due to the distributed ledger-based authentication scheme. Activity of insider can be traced and cannot be changed. Both insider and outsider user’s are authenticated using individual IDs and signatures. Furthermore, the user access control on the cloud database is also authenticated. The algorithm and theorem of the proposed mechanism have been given to demonstrate the applicability and correctness.The proposed mechanism is tested on the Scyther formal system tool against denial of service, impersonation, offline guessing, and no replay attacks. Scyther results show that the proposed methodology is secure cum robust.

Download Full-text

Gait-Based Implicit Authentication Using Edge Computing and Deep Learning for Mobile Devices

Sensors ◽

10.3390/s21134592 ◽

2021 ◽

Vol 21 (13) ◽

pp. 4592

Author(s):

Xin Zeng ◽

Xiaomei Zhang ◽

Shuqun Yang ◽

Zhicai Shi ◽

Chihung Chi

Keyword(s):

Deep Learning ◽

Mobile Devices ◽

User Authentication ◽

False Positive Rate ◽

True Positive Rate ◽

Edge Computing ◽

Behavior Modeling ◽

Security And Privacy ◽

Positive Rate ◽

Edge Based

Implicit authentication mechanisms are expected to prevent security and privacy threats for mobile devices using behavior modeling. However, recently, researchers have demonstrated that the performance of behavioral biometrics is insufficiently accurate. Furthermore, the unique characteristics of mobile devices, such as limited storage and energy, make it subject to constrained capacity of data collection and processing. In this paper, we propose an implicit authentication architecture based on edge computing, coined Edge computing-based mobile Device Implicit Authentication (EDIA), which exploits edge-based gait biometric identification using a deep learning model to authenticate users. The gait data captured by a device’s accelerometer and gyroscope sensors is utilized as the input of our optimized model, which consists of a CNN and a LSTM in tandem. Especially, we deal with extracting the features of gait signal in a two-dimensional domain through converting the original signal into an image, and then input it into our network. In addition, to reduce computation overhead of mobile devices, the model for implicit authentication is generated on the cloud server, and the user authentication process also takes place on the edge devices. We evaluate the performance of EDIA under different scenarios where the results show that i) we achieve a true positive rate of 97.77% and also a 2% false positive rate; and ii) EDIA still reaches high accuracy with limited dataset size.

Download Full-text

Data Security and Privacy-Preserving in Edge Computing Paradigm: Survey and Open Issues

IEEE Access ◽

10.1109/access.2018.2820162 ◽

2018 ◽

Vol 6 ◽

pp. 18209-18237 ◽

Cited By ~ 81

Author(s):

Jiale Zhang ◽

Bing Chen ◽

Yanchao Zhao ◽

Xiang Cheng ◽

Feng Hu

Keyword(s):

Data Security ◽

Privacy Preserving ◽

Edge Computing ◽

Security And Privacy ◽

Computing Paradigm ◽

Open Issues

Download Full-text

Artificial Intelligence for Securing IoT Services in Edge Computing: A Survey

Security and Communication Networks ◽

10.1155/2020/8872586 ◽

2020 ◽

Vol 2020 ◽

pp. 1-13

Author(s):

Zhanyang Xu ◽

Wentao Liu ◽

Jingwang Huang ◽

Chenyi Yang ◽

Jiawei Lu ◽

...

Keyword(s):

Artificial Intelligence ◽

Privacy Preservation ◽

Edge Computing ◽

Learning Ability ◽

Security And Privacy ◽

Model Parameters ◽

Paradigm Shifts ◽

Privacy Leakage ◽

Computing Paradigm ◽

Comprehensive Survey

With the explosive growth of data generated by the Internet of Things (IoT) devices, the traditional cloud computing model by transferring all data to the cloud for processing has gradually failed to meet the real-time requirement of IoT services due to high network latency. Edge computing (EC) as a new computing paradigm shifts the data processing from the cloud to the edge nodes (ENs), greatly improving the Quality of Service (QoS) for those IoT applications with low-latency requirements. However, compared to other endpoint devices such as smartphones or computers, distributed ENs are more vulnerable to attacks for restricted computing resources and storage. In the context that security and privacy preservation have become urgent issues for EC, great progress in artificial intelligence (AI) opens many possible windows to address the security challenges. The powerful learning ability of AI enables the system to identify malicious attacks more accurately and efficiently. Meanwhile, to a certain extent, transferring model parameters instead of raw data avoids privacy leakage. In this paper, a comprehensive survey of the contribution of AI to the IoT security in EC is presented. First, the research status and some basic definitions are introduced. Next, the IoT service framework with EC is discussed. The survey of privacy preservation and blockchain for edge-enabled IoT services with AI is then presented. In the end, the open issues and challenges on the application of AI in IoT services based on EC are discussed.

Download Full-text

Improved Performance for Secured Authentication in User Devices and Cloud Environment

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.e6329.018520 ◽

2020 ◽

Vol 8 (5) ◽

pp. 1760-1769

Keyword(s):

Data Storage ◽

User Authentication ◽

Cloud Environment ◽

Cloud Infrastructure ◽

Authentication Mechanism ◽

Security Parameter ◽

Storage Location ◽

Improved Performance ◽

And Performance ◽

Novel Model

In the last few years, various researchers have identified that securing the cloud environment requires quite a challenging decision to be made as identifying the correct security parameter is difficult. This paper presents” SRAAM: Secure Resource Access Authentication Mechanism”, a collaborative framework between user mobile device and cloud infrastructure, for authenticating user and device credentials. An experimental prototype is done for proof of concept and performance matrices are evaluated based on the important decision making parameters. Also, a novel model called as Integrated Framework for Cloud Security (IFCS) that performs mainly three task i) faster and robust user authentication, ii) maintaining anonymity of data storage location, and iii) securing the virtualization platform. An experimental approach is adopted in order to testify the proposed system. Total algorithm processing time in contrast to frequently adopted security protocols in existing system.

Download Full-text

HeartBioPortal2.0: new developments and updates for genetic ancestry and cardiometabolic quantitative traits in diverse human populations

Database ◽

10.1093/database/baaa115 ◽

2020 ◽

Vol 2020 ◽

Author(s):

Bohdan B Khomtchouk ◽

Christopher S Nelson ◽

Kasra A Vand ◽

Salvator Palmisano ◽

Robert L Grossman

Keyword(s):

Data Storage ◽

Web Application ◽

Quantitative Traits ◽

Large Scale ◽

Genome Wide Association Study ◽

User Authentication ◽

Ethnically Diverse ◽

Human Populations ◽

Diverse Populations ◽

Computing Platform

Abstract Cardiovascular disease (CVD) is the leading cause of death worldwide for all genders and across most racial and ethnic groups. However, different races and ethnicities exhibit different rates of CVD and its related cardiorenal and metabolic comorbidities, suggesting differences in genetic predisposition and risk of onset, as well as socioeconomic and lifestyle factors (diet, exercise, etc.) that act upon an individual’s unique underlying genetic background. Here, we present HeartBioPortal2.0, a major update to HeartBioPortal, the world’s largest CVD genetics data precision medicine platform for harmonized CVD-relevant genetic variants, which now enables search and analysis of human genetic information related to heart disease across ethnically diverse populations and cardiovascular/renal/metabolic quantitative traits pertinent to CVD pathophysiology. HeartBioPortal2.0 is structured as a cloud-based computing platform and knowledge portal that consolidates a multitude of CVD-relevant genomic data modalities into a single powerful query and browsing interface between data and user via a user-friendly web application publicly available to the scientific research community. Since its initial release, HeartBioPortal2.0 has added new cardiovascular/renal/metabolic disease–relevant gene expression data as well as genetic association data from numerous large-scale genome-wide association study consortiums such as CARDIoGRAMplusC4D, TOPMed, FinnGen, AFGen, MESA, MEGASTROKE, UK Biobank, CHARGE, Biobank Japan and MyCode, among other studies. In addition, HeartBioPortal2.0 now includes support for quantitative traits and ethnically diverse populations, allowing users to investigate the shared genetic architecture of any gene or its variants across the continuous cardiometabolic spectrum from health (e.g. blood pressure traits) to disease (e.g. hypertension), facilitating the understanding of CVD trait genetics that inform health-to-disease transitions and endophenotypes. Custom visualizations in the new and improved user interface, including performance enhancements and new security features such as user authentication, collectively re-imagine HeartBioPortal’s user experience and provide a data commons that co-locates data, storage and computing infrastructure in the context of studying the genetic basis behind the leading cause of global mortality. Database URL: https://www.heartbioportal.com/

Download Full-text

Lightweight Coap Based Authentication Scheme by Applying Two-Way Encryption for Secure Transmission

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.e3017.049620 ◽

2020 ◽

Vol 9 (6) ◽

pp. 404``-412

Keyword(s):

User Authentication ◽

Mutual Authentication ◽

Data Communication ◽

Data Encryption ◽

Security Threat ◽

Authentication Mechanism ◽

Iot Devices ◽

Lightweight Authentication ◽

Secure Authentication ◽

Secure Transmission

With the widespread popularity of the Internet of Things (IoT), different sectors-based applications are increasingly developed. One of the most popular application layer protocols is the Constrained Application Protocol (CoAP), and the necessity of ensuring data security in this layer is crucial. Moreover, attackers target the vulnerabilities of IoT to gain access to the system, which leads to a security threat and violate privacy. Typically, user authentication and data encryption are applied for securing data communication over a public channel between two or more participants. However, most of the existing solutions use cryptography for achieving security, with the exception of high computation cost. Hence, these solutions fail to satisfy the resource-constrained characteristics of IoT devices. Therefore, a lightweight security mechanism is required for achieving both secure transmission and better performance. This paper proposes a Lightweight Authentication with Two-way Encryption for Secure Transmission in CoAP Protocol (LATEST) that provides a secure transmission between the server and IoT devices. This mutual authentication mechanism uses ROT 18 Cipher with XoR operation and 128-bit AES based encryption for securing the data transmission. The ROT18 Cipher is a monoalphabetic substitution cipher, which is a combination of ROT13 and ROT5. The proposed scheme employs symmetric encryption in both client and server for ensuring secure authentication and mutually confirm each other identity. In addition, the proposed LATEST scheme ensures confidentiality and integrity by being resistant to replay attacks, impersonation attacks, and modification attacks. The experimental evaluation demonstrates that the proposed LATEST scheme is lightweight and provides better security compared to the existing scheme.

Download Full-text

Clustering Based Physical-Layer Authentication in Edge Computing Systems with Asymmetric Resources

Sensors ◽

10.3390/s19081926 ◽

2019 ◽

Vol 19 (8) ◽

pp. 1926 ◽

Cited By ~ 1

Author(s):

Yi Chen ◽

Hong Wen ◽

Jinsong Wu ◽

Huanhuan Song ◽

Aidong Xu ◽

...

Keyword(s):

User Authentication ◽

Computing System ◽

Physical Layer ◽

Edge Computing ◽

Small Integer ◽

Channel State ◽

Computing Systems ◽

Notable Increase ◽

Intelligent Devices ◽

Secure Authentication

In this paper, we propose a clustering based physical-layer authentication scheme (CPAS) to overcome the drawback of traditional cipher-based authentication schemes that suffer from heavy costs and are limited by energy-constrained intelligent devices. CPAS is a novel cross-layer secure authentication approach for edge computing system with asymmetric resources. The CPAS scheme combines clustering and lightweight symmetric cipher with physical-layer channel state information to provide two-way authentication between terminals and edge devices. By taking advantage of temporal and spatial uniqueness in physical layer channel responses, the non-cryptographic physical layer authentication techniques can achieve fast authentication. The lightweight symmetric cipher initiates user authentication at the start of a session to establish the trust connection. Based on theoretical analysis, the CPAS scheme is secure and simple, but there is no trusted party, while it can also resist small integer attacks, replay attacks, and spoofing attacks. Besides, experimental results show that the proposed scheme can boost the total success rate of access authentication and decrease the data frame loss rate, without notable increase in authentication latencies.

Download Full-text

An Overview of Fog Computing and Edge Computing Security and Privacy Issues

Sensors ◽

10.3390/s21248226 ◽

2021 ◽

Vol 21 (24) ◽

pp. 8226

Author(s):

Ahmed M. Alwakeel

Keyword(s):

Cloud Computing ◽

Fog Computing ◽

Edge Computing ◽

Security And Privacy ◽

Local Network ◽

Security Issues ◽

Computing Paradigm ◽

Edge And Fog Computing ◽

Cloud Technologies ◽

Privacy Issues

With the advancement of different technologies such as 5G networks and IoT the use of different cloud computing technologies became essential. Cloud computing allowed intensive data processing and warehousing solution. Two different new cloud technologies that inherit some of the traditional cloud computing paradigm are fog computing and edge computing that is aims to simplify some of the complexity of cloud computing and leverage the computing capabilities within the local network in order to preform computation tasks rather than carrying it to the cloud. This makes this technology fits with the properties of IoT systems. However, using such technology introduces several new security and privacy challenges that could be huge obstacle against implementing these technologies. In this paper, we survey some of the main security and privacy challenges that faces fog and edge computing illustrating how these security issues could affect the work and implementation of edge and fog computing. Moreover, we present several countermeasures to mitigate the effect of these security issues.

Download Full-text