Does Software defined networks mitigate Fog

Computing security problems? A review

aashiali33
May 2021

1 Introduction
1.1 SDN
SDN is gaining value by providing benefits with magical features like Openness,
rapid innovation, programmable and global view. SDN is capturing the atten-
tion of network designers because of its phenomenal features like programmable,
rapid innovation, abstraction, openness, centralized control and virtualization.
SDN can be comprehensively defined as the control and data plane separation,
central access to control logic, destination-based forwarding decisions are re-
placed with flow-based decisions. Networking Operating System (NOS) makes
possible the running of a software application for network programming[3]. SDN
has infrastructure layer, the control layer and application layer. In the light of
SDN features, it is simple and less error-prone to update policies of network
environment by using software or by gaining the advantage of programmability.
Now security specific program can be installed on the controller that alarm the
system in case of any intruder activity, sophisticated network functions can be
easily implemented with the help of global view due to the centralization of the
control. In SDN, the centralized controller sends configuration information to
network devices (router, OpenFlow switches). Multiple devices attach through
a single controller which receives switch’s information of the network to operate
flow rules according to the instructions . Once topology creation has been done
and all devices become the part of that network, the controller sends flow entries
to switches for operation. If a packet with no flow entry arrives at a switch, it
would be sent to the controller which generates a forwarding rule for the switch
to allow the transmission of that packet [4].

1.2 SDN architecture

SDN has five main architectural components: Application plane - this layer is
able to provide services and applications like the load balancer, security mon-

1
itoring, deep packet inspection etc. Northbound Interface - it is responsible
for communication between application and control plane and provides a global
view of the network. This interface has an open APIs for ensuring scalability in
network behavior. Along with this feature, it can act as an ad hoc for SDN due
to the absence of any other SDN API. Control Plane - this plane has logically
centralized controller for establishing and terminating flows and paths in SDN.
All the policies and methods are implemented with the help of programmability,
making SDN programmable and manageable. Southbound Interface - it is the
link between the control plane and data plane for maintaining communication
between controller and switch. Controlling decisions are carried towards data 2
plane for traffic handling by using southbound APIs [5]. SDN uses OpenFlow as
the most trustable protocol than Cisco’s Open Networking Environment Plat-
form Kit. Data Plane - it has forwarding network devices (switch/routers) used
for management tasks accomplishment. Forwarding devices like Switches as-
sist data plane to collect network information and send to control plane using
southbound API.

1.3 Fog computing

Fog computing is a decentralized computing infrastructure in which comput-
ing resources such as data, computers, storage, and applications are located
between the data source and the fog. Fog computing uses the concept of ‘fog
nodes.’ These fog nodes are located closer to the data source and have higher
processing and storage capabilities. Fog nodes can process the data far quicker
than sending the request to the fog for centralized processing. The fog is get-
ting cluttered due to the enormous number of devices connecting to the internet.
Since fog computing is not viable in some cases, it has become necessary to use
fog computing for IoT devices [6]. It can handle the enormous data generated
by these devices. When implemented, fog-empowered devices locally analyze
time-critical data that includes alarm status, device status, fault warnings, and
so on. This minimizes latency and prevents major damage. Fog computing can
effectively reduce the amount of bandwidth required, which in turn speeds up
the communication with the fog and various sensors.

2 GOALS AND RESEARCH QUESTIONS

For doing this systematic literature review on Fog computing security issues
and the use of SDN to protect fog computing, we are working on achieving the
following goals: We want to categorize the present research efforts on fog com-
puting security and list modern research trends on fog computing security

I. In fog computing security, we identify which Journals, Workgroups, Con-

ferences, Teams and group of the researcher are doing the fabulous job and at
which domain they are working at frequent rate.
II. To show fog computing security challenges and opportunities to new re-

2
searchers.
III. To identify, does SDN is really a good solution specifically for security en-
forcement? To get the answers of above-defined goals, we made below questions
which we deeply investigate in the SLR on fog computing security. We also dig
deep by dividing some of the research questions into sub-questions.

R1: Which was the most trending fog computing security areas analyzed from
published papers?
R2: In fog computing security, which issues are not investigated yet?
R3: Does SDN mitigate the fog computing security issue? How?

2.1 ARTICLE SELECTION

During the Systematic Literature Review (SLR), one important step for getting
the answer of research questions is the right selection of articles. We perform
following steps for article selection:

2.1.1 Article Identification

For the article selection on fog computing security, we perform several combina-
tions of searches with keywords in these research libraries: ACM Digital Library,
Elsevier, CiteSeerX, Science Direct, IEEE Xplore, Springer and Google Scholar.
Our search keywords are fog computing, fog computing security, security in fog
computing, fog computing architecture for network security, Security issues in
fog computing, use of SDN in fog computing. After putting these key-terms on
different research libraries, we get the following numbers of paper as the results
of our query. We get 123 papers from IEEE Xplore, 7,921 from ACM, Springer
has 310 publications, Citeseer is with 158 and lastly, ScienceDirect gives us 292
research contributions for fog computing security combined.

2.1.2 Exclusion Criteria

We apply exclusion on the basis of following criteria.
1. We exclude papers that were published before 2014 by assuming the papers
before this time are just giving the basis of fog computing and they are not
much emphasizing on security issues in fog computing and the use of SDN in
fog computing.
2. We exclude the paper that are less relevant to fog computing security.
3. We exclude the web pages and presentation even they have important infor-
mation and effective working.

3
2.1.3 Inclusion Criteria
We give more attention to the research publication that tied best with fog
computing, and security and trending issues of fog computing security. We are
adding 60 papers in our SLR and maximum papers are from IEEE Xplore, ACM
and Springer searched from Google scholar.

2.1.4 Final Article Set

We formulate our final article set after noticing several issues for making a
list of top papers, authors and their publications. We calculate the difference
in several websites to get the most authenticate results. We encounter that
different publications are indexed on different priority policy. For maintaining
top authors, their publication and citation counts, we are using a combination
of top five website and research libraries.

2.2 ITERATIVE DEVELOPMENT OF LITERATURE MAP-

PING
We are using iterative approach for evaluating different statistics. To get the
answer of formulated research questions, we are making systematic review specif-
ically focusing on that problem. The results of this paper are generated after
the last data, we had gathered for fog computing security. We acknowledge, fog
computing is getting much attraction among researchers and our statistics may
have slightly difference after the publication of the paper.

3 SOFTWARE, STORAGE AND INFRASTRUC-

TURE SECURITY IN FOG COMPUTING
1. Software security:

Software security means that the software must continue to function under the
heavy attack of the malicious code. It is the main challenge as the cloud com-
puting is mainly used to provide Software-as-a-Service. If the software security
fails then the clients will experience many implementation bugs, buffer overflow
[9]
2. Infrastructure security:

The greatest fundamental challenge experienced by the cloud providers is to

show that the physical and the virtual set-up of the cloud is trustable. The
third-party verification is not enough to get the trust of the corporate company
owner and data managers that deals with acute business method [1]. It’s impor-
tant for the business to get the verification that either this cloud infrastructure
is capable and trustable enough to manage all the corporate requests that the
primary business is demanding.

4
3. Capacity security:

The putting away plan of distributed computing stores the information of the
end clients end client stores the information in the cloud and never again pos-
sesses the information and where it’s put away. This dependably has been a
critical part of nature of administration. It guarantees the accuracy of client’s
information with appropriated confirmation of deletion coded information[7].
Capacity security worries about information purification, cryptography, infor-
mation Permanence, information spillage, snooping of information accessibility
and malware.
Today Fog security demands researcher’s attention as it is getting admiration
due to increasing internet connectivity, However, at the same time, this adds
a threat for the services offered by the fog computing. Latest wireless network
utilities are now being preferred on Fog technology. Attacker sends fake multiple
service requirement requests that overflow table entries and results in DoS or
other attacks in fog layer.

4 SECURITY ATTACKS IN FOG

This section explains fog computing security threats and attacks. The com-
munity working on fog security is showing deliberation because fog computing
is not fairly exposed to them. The paper is not trying to develop a sense to
network engineers that fog computing has security lacks and it is worse than
current network environment [7]. The aim is to detect some threats and discuss
the possible solutions by using the software defined network, the work encour-
ages security researchers to focus attention on fog computing security vectors
to make it more effective for future that no one dreamed before.
Fog computing is becoming the choice for enterprise due to features available in
it, so its security needs to be addressed at highest priority. We have developed
many protocols and strategies; however, we know that this field is its developing
stage. We need the experts that understands the capabilities of fog nodes and
work for the enforcement of secure module at the edge nodes. The attacker gets
the advantage of this gap and gets into the network with all the rights. Some
of the fog computing attacks are mention below.
1. Denial of Service:
This attack is the popular data plane attack. An attacker gets into the network
by using already connected host and gain unauthorized access to perform DoS
(Denial of Service).
2. Man in the Middle Attack:
It can be possible if an intruder can cross the firewall rules and appear as a
middle man. He steers traffic in defined direction.
3. Malicious Traffic Injection: By using OpenFlow (OF), Open Vswitch Database
Management Protocol, PCEP and many other, the attacker can inject new flow
rules in flow tables.

5
4. Relay Attack:
By performing flow eavesdropping techniques on southbound communication,
the attacker tries to dispatch a relay Attack.
5. DoS Attack at DCI Connections:
In this attack, the attacker creates spoofed traffic that traverse Data Center In-
terconnect (DCI) links and DCI stations to cause DoS. fog computing is getting
the involvement in data center network design for better performance at low
cost and less complexity. Currently, data centers are using DCI Protocols and
these protocols have not a satisfactory mechanism for data packet encryption
along with weak protocol design that increases vulnerabilities. These are mak-
ing fog computing-enabled data center less secure [8].

All the fog computing security policies can be bypassed by the attackers by
spoof the controller flows at the edge nodes of the system. Resource consump-
tion of the controller slows down the response time of many events like PacketIn
event or PacketOut messages. Attackers try to fail the controller and he applies
a resource consumption attack to down the controller performance.

1. Vulnerable Security Configuration:

fog computing engineers mainly give less attention to the security configura-
tion of the controller. Many controllers are deployed to the data center without
proper configuration of passwords and security settings. In short, fog computing
controller that have to perform higher responsibilities than others are itself op-
erating with vulnerable configurations. Secondly, all fog computing Controller
require an operation system to run on, usually it is Linux, but the operating
system has their own vulnerabilities that affect the controller operations.
2. Rouge Controller Implementation:
Rouge controller are created by attackers, by using these controllers, they add
desired entries to the flow tables and fog computing engineers never detect the
fake working of the controller. Implementation of this controller gives a full
control of the network to the attacker.
Some attacks may encourage attackers due to trust gap between controller and
management applications. This communication has high significance for the
attacker to theft data. Security community agrees that TLS/SSL has no secure
communication mechanism inside fog computing. Main security in TLS/SSL is
the trust between controller and network device (router OpenFlow Switch) and
PKI infrastructure 32]. If attacker access control plane, it can launch Distributed
Denial of Service (DDoS) attack. This trust creates a Black Hole Network using
OpenFlow slicing techniques.

3. KYE - (Know Your Enemy):

KYE - (Know Your Enemy) attack proceed with the aim of vulnerable infor-
mation collection along intelligence gathering on distributed policy enforcement
mechanism. KYE can only prosperous if pioneer gets configuration policy of
switch installed. This leads attacker to access intrusion detection/prevention
system then he can stop its working.

6
 Some of the fog computing areas demands researcher’s attention for security
concerns. These are mentioned below:

1. Virtual machine disconnection:

It can prompt information spillage and cross-VMs assault. So the disengagement
procedure ought to be arranged deliberately while conveying virtual machine in
fog framework.

2. Programmability:
In a fog domain, business switches utilize propelled usefulness (e.g., bookkeep-
ing, blocking, peculiarity location, and so forth.) for programmable processor
bundle on each port. The key test of utilizing this gadget in arrange processor
is to execute parcel checking usefulness for creating programming. Numerous
product situations in organize handling utilize a low level of reflection to accom-
plish high throughput execution.

3. SNMP Server:
It is straightforward system administration convention, which intended to give
a low-overhead component to gather the information from organize gadgets.
Diverse developers in an alternate dialect compose the product and a large
number of the programming dialects have vulnerabilities. In this area, we will
talk about distinctive assortments of utilization issues in distributed computing.

4. User front end:

The security of front-end ought to resemble an onion structure yet there is the
specific high likelihood of an approved access and inadequate setup in the prod-
uct application. A software engineer has to know the security angles of the web
creating dialect like HTML/CSS/PHP/JS. Subhasini and Kavita [6] expressed
that the seclusion hindrance can break by escape clause or infusion veiled code.
Assume that if an interloper has just traded off the database, there ought to be
a legitimate front end to keep the mistake.

5. Framework:
IBM characterized five practical security subsystems that are: review and con-
sistence, get to control, stream control, personality administration and arrange-
ment trustworthiness. The structure has planned in java and .net for confine-
ment and asset bookkeeping however they fizzled with string end. Multitasking
Virtual Machine (MVM) gave nonspecific API.

6. License:
While moving in the fog, the real issue is the authorizing of the applications.
It is an exceptionally complex issue merchants still have not discovered a legit-
imate arrangement. The Copy, Sell, Sharing or Distribution of programming
unlawfully is called programming theft. Progressively change the quantity of
servers facilitating an assortment of use request uptime, versatile scaling, un-

7
wavering quality, execution, and solidness. Indeed, even today, in the realm of
PC clients utilize 57 % pilfered programming, this is a major issue from a secu-
rity perspective. There are numerous conceivable assaults on this unapproved
pilfered programming.

7. Service Availability:
Technically, there are such huge numbers of approaches to accomplish high ac-
cessibility in the fog. In view of the vacillation in the fog condition, application
and framework level need high accessibility and adaptability. Actually, there is
a shot of accessibility assault like DoS or Botnet DDoS. Subhashini S. et al. [6]
examined multi-level engineering to receive and giving ’security as an adminis-
tration’ structure.

8. Parallel application:
Parallel application enhanced the execution of the framework, yet there are a
few difficulties while sending it. While executing numerous applications paral-
lel there is an issue of common confirmation among them and because of this
weakness a few assaults are conceivable. Because of high non-uniform informa-
tion conveyance, the parallel calculation is agitated by disastrous load uneven
characters .

9. Data Alternation:
This is the main aim for Man-In-The-Middle attacks, attackers bring change in
the flow rules to modify the packets. Control plane, southbound interface and
data plane have to bear its consequences.

10. DoS/DDoS:
Attackers cause controller-switch communication flooding in control layer, South-
bound APIs and data plane in particular, has a risk of switches flow table flood-
ing for Denial of Services. DDoS attack governs with multiple bots (hosts used
for DDoS attack). Intruder use these bots to send fake traffic but at minimal
volume to make a sense of original traffic, as many bots are requesting for the
same resources, they hijack the controller services which results in DDoS at-
tack29].

11. Data Emanation:

Attacker tries to find flow rules by using side channel attack on input buffer and
get credential management information about keys and communication certifica-
tion for the logical network at data plane. Control plane, southbound Interface
and data plane have security issues by an attacker if he gets the forwarding
policy by using time analysis data required for packet processing.

12. Weak Configuration policies:

Entire cloud computing architecture becomes vulnerable if the network has a
weak TLS adoption schemes30]. Application plane, the controller and north-
bound interface will be highly affected by the weak focus on policy enforcement.

8
5 SOLUTIONS
1. Software-Defined Fog Security (SDFSec) design

1.1 Vigorous Flow Control:

By using OpenFlow Switch and router, fog computing eliminates the need for
any firewall or other middle boxes to attain in-line access control and give the
ability to handle network flows at diverse granularity. Ehad el al. make use of
fog computing features to protect it against attackers by introducing the new
technique called OpenFlow Random Host Mutation. This architecture provides
mutation of hosts IP addresses for the security of intended host. Similarly, Duan
et al. 34] present random route mutation in routes for the defense of DDoS and
DoS.

1.2 Global Visibility:

Traditionally, network devices and links can be monitor through proper instal-
lation and setting of monitoring sensors, but fog computing assists us in this
regard by providing wide visibility of the network. Using centralized control,
we can monitor network activities, collect statistics and can receive flow request
messages. Now network applications send request messages, this helps network
administrator for statistics collection. Holistic network view detects the mali-
cious activities and provides network defense against attacks.

1.3 Unravel Data plane:

As data plane is completely disparate from the control plane and is extend-
able for security enhancement by adding new logical and physical components.
AvantGuard is a scalable data plane. OFX focuses on OpenFlow switches by
implementing new protection functionality and manage controller according to
the add-on features. OpenSDWN extends OFX and introduce similar features
on a wireless access point with virtual middle-boxes.
SDFSec comes into view for security competence by disparate control plane
from processing and forwarding planes. This leads fog computing environment
towards dynamic distributed system with virtualized network security enforced
functions.
1. Controller redesign from software: After the long discussion and researcher
working efforts we come in the stage to design the controller for getting best
features.
Steps for controller improvement are:
• Lock down the controller to the possible extent for external access.
• Limited and secure entry and outgoing of anything that has less need of con-
troller interaction.
2. Steadily controller updating:

9
• The controller must be updated at constant fashion.
• Record maintenance for memory usage, interface statistic and CPU utilization.

1.3 Record Analysis: Analyze records for the settlement of threshold and alarms
on centralized controller. Current research on fog computing security demands
virtualization on different layers of fog computing, so that attacker can’t access
the actual network. OpenFlow networking community is trying to experiment
on virtualization on each plane with different techniques of IDS (Intrusion De-
tection System), traffic analysis, auditing data flow on fog computing at its
centralize controller.

2. Secure fog computing architecture designing

Fog computing security must be delivered as a service for resource and informa-
tion protection, and to grant secure availability, privacy and integrity. A secure
fog computing architecture must have these features:

2.1 Secure controller: Controller must be inaccessible for unauthorized users

and all the working of the controller will be divided into redundant layers and
then the output goes to master entry in the controller. Global Availability of
fog computing controller is mainly responsible for the working of the network,
so, be sure that controller will be available at 24 by 7 along with highly secured
protocols.

2.2 Performance Checking Framework: fog computing architecture must have

a sound support for check and balance on fog computing controller to judge
whether its performance is same as it actually designs to perform.

2.3 Detection and Remediation of Abnormality: If any unusual event occurs

and as a result, network behaves abnormally then the system has the ability
to diagnose what is the issue, how to retrieve actual state environment and
suggest protection mechanism for future defense. Along with architecture, fog
computing environment is still looking for manageability and scalability after
implementation.

3. The solution for unauthorized access:

1) The untheorized host must be prevented from accessing fog computing. In
AuthFlow, this issue is resolved by using host credential checking mechanism.
2) SE. Floodlight gave OpenFlow control layer by using role-based authoriza-
tion to overcome security lacks between controller, data plane communication
and OpenFlow applications.
3) We can use authentication resilience, a new architecture to reconstruct fog
computing for security enhancement by introducing the concept of a hierarchi-
cal system of switches or controller to minimize failure.
4) Distributed control security is possible by the use of the signature algorithm
for the transmission and installation of flow rules.

10
4. DoS/DDoS protection:
Protection against DoS /DDoS is also possible by using artificial neural net-
works called Self-Organizing Maps. They monitor OpenFlow switches to get
the record of a number of average packet per flow, average bytes of data per
flow and then identify traffic as usual or suspicious. By using DDoS Block Ap-
plications (DBA), DDoS attacks can be blocked. DBA monitor flow metrics at
the controller, if it identifies any fake traffic, it retransmitted it to the controller
with a new IP address, by this, all compromised hosts (Bots) are blocked. More
advanced, DDoS defender helps in DDoS attacks detection and response. This
makes the use of OpenFlow and Locator to indicate protocols working to dif-
ferentiate authorized and unauthorized sources [2]. Host have fixed identifier
and changeable locator that changes at every move. Network analyst use fog
computing analysis mechanism at the controller for detecting traffic volume, if
it crosses the threshold, it must be detected by the controller and it enforced to
drop the packet.

6 CONCLUSION
SDN offering tremendous benefits to the modern networks including fog com-
puting as many enterprises are introducing SDN for gaining agility in IT infras-
tructure. Latest network designs are getting much advantage of the centralized
control with data plane and control plane separation. Two properties make
SDN more suitable choice for the security maintenance of fog computing than
any traditional network. First is the network controlling with software and SDN
controller have centralized network intelligence. By integrating the SDN poli-
cies with the fog layer, the malicious users never get the full network control
by accessing the servers for network controlling. For the protection of resources
within fog layer, we need to enforce tough security rules for giving availability
and integrity using novel mechanism that are being possible to design using the
software defined networks.
Advanced features of SDN makes it dynamic and productive. It has been no-
ticed that SDN is paving the way for network engineers and researchers towards
networking excellence. The study gives a comprehensive knowledge on fog com-
puting vulnerabilities, possible security breaches. After examining possible at-
tacks, we are giving some solutions for the mitigation of those attacks. The
study concludes that SDN secure architecture design is the need of time and
network engineers and security experts can dig deep for improving the security
of fog computing, especially at the enterprise level in the data centers.
The study encourages the future research for the utilization of SDN features
to protect fog layer. Flow control of network traffic is possible with security
monitoring services to provide the network-wide view. Programmability gives
support for the development of novel security functions with the advantage of
testing the prototype. In future, research is required in improving security ser-
vices, intelligent defense system and secure policy design with efficient resource

11
management. This study will not serve as initial understanding on fog comput-
ing security, rather it acts as an initiator for foster development in the security
of fog computing.

7 REFERENCES
References
[1] Songqing Chen, Tao Zhang, and Weisong Shi. Fog computing. IEEE Internet
Computing, 21(2):4–6, 2017.
[2] Samuel Kofi Erskine and Khaled M Elleithy. Real-time detection of dos
attacks in ieee 802.11 p using fog computing for a secure intelligent vehicular
network. Electronics, 8(7):776, 2019.

[3] Hamid Farhady, HyunYong Lee, and Akihiro Nakao. Software-defined net-
working: A survey. Computer Networks, 81:79–95, 2015.
[4] Diego Kreutz, Fernando MV Ramos, Paulo Esteves Verissimo, Christian Es-
teve Rothenberg, Siamak Azodolmolky, and Steve Uhlig. Software-defined
networking: A comprehensive survey. Proceedings of the IEEE, 103(1):14–
76, 2014.
[5] Yong Li and Min Chen. Software-defined network function virtualization:
A survey. IEEE Access, 3:2542–2553, 2015.
[6] Redowan Mahmud, Ramamohanarao Kotagiri, and Rajkumar Buyya. Fog
computing: A taxonomy, survey and future directions. In Internet of every-
thing, pages 103–130. Springer, 2018.
[7] Mithun Mukherjee, Rakesh Matam, Lei Shu, Leandros Maglaras, Mo-
hamed Amine Ferrag, Nikumani Choudhury, and Vikas Kumar. Security
and privacy in fog computing: Challenges. IEEE Access, 5:19293–19304,
2017.

[8] Mithun Mukherjee, Rakesh Matam, Lei Shu, Leandros Maglaras, Mo-
hamed Amine Ferrag, Nikumani Choudhury, and Vikas Kumar. Security
and privacy in fog computing: Challenges. IEEE Access, 5:19293–19304,
2017.

[9] PeiYun Zhang, MengChu Zhou, and Giancarlo Fortino. Security and trust
issues in fog computing: A survey. Future Generation Computer Systems,
88:16–27, 2018.

12