Mobile, Embedded, & Wireless Security

Proximal Domains: Mediated Fog Computing Model for Security in the Internet of Everything


The IoT is fundamentally different than the Internet. For one, the notion of domains in the IoT is more closely aligned with physical proximity. For example, in a smart space a diverse set of devices, applications, and service providers, managed by and serving various groups of individuals would still fall under same domain. Further, the messages shared in the IoT are highly context-dependent. From the perspective of a service, the relevance of a particular message has more to do with the spatiotemporal context that generated it than the logical relationship of network elements. These unique aspects of the IoT present a challenge to cloud-centric trust models and to traditional software security paradigms. In this work, we replace the client in the client-server model with proximal domains which are defined as the set of co-located connected devices managed by fog computer clusters.

Cafe Proximal Domain Fog Mediation Overview

We further explore how fog computing and trusted computing principles may be applied to unique security challenges of the Internet of Things (IoT). Fog computers are trusted resource-rich well-connected computer clusters available nearby. The focus of this work is on fog mediation -- i.e., establishing trusted execution environments on fog computing nodes. Fog computing was originally introduced as Cloudlets and formalized as VM technology by Carnegie Mellon Professor Mahadev Satyanarayanan. In its most general definition, the notion of fog computing refers both to integrating clouds as part of the network and to deploying cloud computing resources near the edge of the network. We observe that the fog computing node is well positioned to act as grounds for mediating trust between the cloud and the edge of the network, i.e., extending the security guarantees of an isolated execution environment to the diverse set of resource-constrained embedded devices comprising the Internet of Things.

Acknowledgements


This project is partially supported by our Cisco IoT Security Grand Challenge award. The views and conclusions contained in print and online are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of CMU or Cisco.