Secure Data Distribution Algorithm for Fog Computing
Abstract
The use of cloud computing is becoming an increasingly prominent way to access and store data, primarily because of its scalability and simplicity. Several techniques have been taken to increase cloud infrastructure security, such as employing a three-layer privacy-preserving cloud storage system so that the infrastructure is built so that even if an insider has access to the data, they will have access to only a fraction of it and cannot retrieve the rest. The current distribution algorithm focuses only on providing a fault-tolerant and data integrity module and has scope for security improvements. In order to solve this problem, we propose a stronger data fragmentation and data distribution algorithm to help increase data confidentiality and enhance encryption. When this enhancement is combined with the existing design, it will result in a highly secure and fault-tolerant system where users can protect their data. We describe the proposed design’s architecture and evaluate its security challenges.
Introduction
With increasing reliance on the cloud, consumers store the majority of their data on a cloud framework. As a result, the cloud is critical for data storage. This implies that cloud security is an incredibly essential concern.
With an increase in breaches comes an increase in security. But there have always been attacks and ways to access the data in spite of these extreme security measures. This gives us a reason to keep upgrading and improving our data.
Data breaches caused by internal attacks can take place for several reasons. Employees or contractors may misuse their privileges and steal or sell this data to unauthorized third-party users. Reasons like employee negligence, where they leave a system unlocked or fail to follow appropriate security measures, are also reasons for attackers to gain access.
To protect against these kinds of attacks, there have been several studies on how to improve cloud security. Methods like creating a three-layered architecture have all been inclusive in designing a constructive architecture for improving the security of the cloud. Studies have focused on implementing the idea that instead of putting all the data on one server, spreading it across various other servers would prevent the attacker from having access to all the data, if at all they do.
The distribution and fragmentation algorithms used in this paper have focused on dividing the data on three different servers, such as the local machine, the fog server, and the cloud server. The distribution the authors have designed is such that they have 1% of the data on the local machine, 4% on the fog server, and 95% on the cloud server. They have used the Hash Soloman code algorithm to separate the data, which primarily focuses on providing a fault-tolerant and data integrity module. However, when having 95% of the data on a single cloud server, it is important to understand that although the attacker does not have access to other servers, they still have access to 95% of the data, which is significantly large. So adding security and encryption as another layer of protection within each server is necessary and crucial to ensuring that the data distributed amongst these different servers is highly encrypted and unbreakable.
Therefore, we propose a stronger, more secure data distribution module in which the data is divided and encrypted in combination with the existing data fragmentation algorithm to maintain fault tolerance and add a layer of data confidentiality. The proposed algorithm focuses on restricting any kind of access to the data, whether it be a portion on a server or the entire data. Compared to previous methods, our method gives us an enhanced layer of security in combination with the Hash Soloman Code algorithm to provide a comprehensive security solution that addresses both data confidentiality and integrity.
Approach
The project aims to improve the data confidentiality that could be provided by the three-layer cloud storage system. By introducing an enhanced security algorithm to the existing infrastructure, we aim to create a more robust model to sort and distribute data across different servers, ensuring security. Adding the advanced encryption standard (AES) algorithm in combination with the Reed-Solomon Code algorithm helps us achieve this requirement. The existing data is processed through a distribution algorithm and passed through this new algorithm to create another layer of security.
To solve this, we take the data sent to the cloud and add redundant data to ensure data integrity, then jumble this data, and divide it into blocks. After this process, each block will be sent to the particular servers, i.e., cloud server, fog server, and local machine, based on the existing distribution algorithm. Before the data is sent to the respective servers, it undergoes AES encryption. The main part of our proposed algorithm lies in its combination with the Reed-Solomon Code algorithm with AES. For this, we make use of the PKCS7 padding to ensure that the input data is appropriately aligned and meets the block size as required by AES for the encryption and decryption processes. By using this padding, we are able to introduce false or misleading information that would essentially scramble the genuine data with the decoiled data, hence making it difficult for the malicious attackers to actually find the genuine data, which is hidden amongst the padding.
Since AES uses a symmetric key for encryption and decryption, it is important that we formulate a method such that only the user has access to the data on the cloud. To do this, we generate a private key that is only known to the user (using a secure key generation algorithm), and the symmetric key is encrypted using the secret key of the user. This algorithm ensures a fault-tolerant system and mitigates data loss and corruption. The use of AES makes it more difficult to breach and increases data confidentiality. Using this method is definitely an improvement over previous techniques since this algorithm ensures that the attacker will not have access to any portion of the data
For access to the entire paper, including the implementation, system design, performance evaluation and conclusions, please follow.
This is my Capstone Project for my Masters in Computer Science 2023 at the Rochester Institute of Technology. I want to fully thank Dr. M. Mustafa Rafique and Dr. Hans-Peter Bischof for their guidance and support throughout this process.
This paper talks about how to improve and build upon existing data distribution algorithms for a fog computing environment. It implements libraries from AES, Reed Solomon to improve the existing architecture.
This paper is also based off the existing research: ian Wang et al. A Three-Layer Privacy Preserving Cloud Storage Scheme Based on Computational Intelligence in Fog Computing in IEEE TETCI, vol. 2, no. 1, pp. 3–12, Feb. 2018 .
