Wednesday, June 5, 2019
Models of Information System Security
Models of Information System SecurityPeople who use the application provide be made to pose different levels of gateways and smart meters in their homes. The main security issue occurs at the stylemark of these gateways and smart meters. Each smart device will be provided with an IP address. Attack can happen on these devices by reporting false readings on the smart meters, spoofing the IP address. There are some solution for the credentials problem. Public key infrastructure can be used in this case. Dieffie-Hellman key exchange proposes that smart meters can encrypt the data before it sends it to blur devices, Then the device are made to decrypt the data. Intrusions in smart grid can be detected by victimization a jot based method where any discrepancy in the pattern can be detected and raise a flag on possible mis looks.Biometric au then(prenominal)tication is the most beneficial authentication method that could be used to provide accessibility. Biometric authentication like fingerprint authentication, facial recognition, eye retina recognition, etc. can be used in fog reckon based authentication. There could be discrepancy in the authentication through man in the middle antiaircraft gun, mitigation of data theft, etc. Techniques based on infrastructure such as Public Key Infrastructure (PKI) could be made to solve the problem, trusted put to death environment (TEE) can also be considered in fog cloud computing. Measurement based method can be used to filter thespian or unqualified fog cloud that is not indoors the vicinity of the end users which in turn will reduce the authentication cost.4.2 USER glide path AND INTRUSION DETECTIONProviding a fake to access smart devices and cloud has always been a reliable tool which ensure the security of the dodging. Access control on cloud is achieved by exploiting techniques of several encryption schemes to build a access control in cloud computing. Intrusion detection techniques have been utilise to mi tigate labialises on virtual machine or hypervisor. Those intrusion detection systems can be applied on host machine to detect intrusions.4.3 concealingSince storage and computation are sufficient for both sides in a fog cloud , privacy-preserving techniques can be proposed. Privacy preservation algorithms can be run in between the fog and cloud since computation and storage are sufficient for both sides. We need privacy preserving techniques because users these days are more than concerned about the risk of privacy leakage. Fog node usually collects data generated by sensor and end devices. Techniques like homomorphic encryption can be used to allow privacy-preserving aggregation at the local gateways without decryption. For statistical queries differential privacy method can be applied to ensure privacy of an dogmatic single entry in the data set.4.4 TRUST MODELIn emoluments like eCommerce, peer-to-peer (P2P), user reviews and online social networks reputation based trust cl ay sculpture can be successfully implemented. Reputation based trust model is a simple method where parties are made rate each other after parties give their ratings a trust or reputation score is derived from the rates. A robust reputation system was proposed for resource selection in P2P networks using a distributed polling algorithm to assess the reliability of a resource. We will have to tackle issues like , how to achieve persistent , unique and distinct identity , how to get over intentional and accidental misbehavior. Apart from the models discussed above there are also trusting models based on special hardware such as watertight Element (SE), trusted Execution Environment (TEE) , or Trusted Platform Module (TPM), which can provide trust utility in fog computing applications.4.5 POLICY DRIVEN SECURITYPolicy collaboration is an important component in the middle layer of a fog computing model. Policy collaboration is introduced to support secure sharing and communication in a distributed environment. Since fog computing also involves communication with a physical component interaction this sine qua non gives rise to a new set of security problems which involves identity management, resource access management, dynamic load balancing, quality of service etc. Policy drive framework consists if the following modules.Policy decision engine This module is programmed to make aggregated decisions on data provided by all components. Based on service requested by the target user, this engine analyzes the rules defined in policy repository and generates a decision which is later on enforced.Application administrator The multi-tenant nature of the fog computing paradigm raises the requirement for an administrator to define policies and rules that bind a user to applications and allow secure collaboration and migration of client data crossways multiple functions that are owned by the application.Policy repository A secure repository consisting of rules and p olicies which are referred by the Policy Decision engine bit policy decision is made is called policy repository.Policy enforcer policy enforcer is the most active component of the policy management framework . It resides within a virtual instance or cloud computing data center or within physical device such as roving device , GPS system and connected vehicles.4.6 MAN IN THE MIDDLE ATTACKThis is the most typical attack in fog computing. In this type of attack gateways serving as fog devices may be compromised or re displace by fake ones.Environment settings of stealth test Man in the middle attack can be very stealthy in fog computing paradigm. This type of attack will consume very less resource in fog devices like , negligible CPU utilization and negligible memory consumption. Therefore traditional methods cannot exposeman in the middle attack.Man in the middle attack is simple to be launched but difficult to be addressed. Many applications running in fog computing environment a re unsafe to man in the middle attack. In future work is needed to address man-in-the middle attack in fog computing4.7 MITIGATION OF information THEFTCloud computing faces new data security challenges. Existing protection mechanisms like encryption havent reached their mark in preventing theft attacks. To overcome it , a new technique was proposed monitor data access in the cloud and detect abnormal data access patterns. When unauthorized access is suspected and then verified using challenge question , a disinformation attack by returning large amounts of tricky information to the attacker. This protects against the misuse of the users real data.User behavior profiling owners or authorized users of a computer systems are usually familiar with the files on the system .So any wait on the files is limited and will have a pattern. When the data is accessed illegitimately there might be a familiar structure in contents of file system. This abnormal search behaviors that exhibit vari ations are monitored.Decoy technology Trap files are placed within the file system. The trap files are downloaded by user are placed in highly conspicuous locations that are not like to cause interference with normal activity of the system. User who is not familiar with the file system is most likely to access the decoy files ,if the user is in for sensitive documents. So they can be trapped by using bait files.In some cases both these techniques can be combined to safeguard the data from theft.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.