This article surveys blockchain-based approaches for several security services. These services include authentication, confidentiality, privacy and access control list (ACL), data and resource provenance, and integrity assurance. All these services are critical for the current distributed applications, especially due to the large amount of data being processed over the networks and the use of cloud computing. Authentication ensures that the user is who he/she claims to be. Confidentiality guarantees that data cannot be read by unauthorized users. Privacy provides the users the ability to control who can access their data. Provenance allows an efficient tracking of the data and resources along with their ownership and utilization over the network. Integrity helps in verifying that the data has not been modified or altered. These services are currently managed by centralized controllers, for example, a certificate authority. Therefore, the services are prone to attacks on the centralized controller. On the other hand, blockchain is a secured and distributed ledger that can help resolve many of the problems with centralization. The objectives of this paper are to give insights on the use of security services for current applications, to highlight the state of the art techniques that are currently used to provide these services, to describe their challenges, and to discuss how the blockchain technology can resolve these challenges. Further, several blockchain-based approaches providing such security services are compared thoroughly. Challenges associated with using blockchain-based security services are also discussed to spur further research in this area.
Advancements in smart devices, wearable gadgets, sensors, and communication paradigm have enabled the vision of smart cities, pervasive healthcare, augmented reality and interactive multimedia, Internet of Every Thing (IoE), and cognitive assistance, to name a few. All of these visions have one thing in common, i.e., delay sensitivity and instant response. Various new technologies designed to work at the edge of the network, such as fog computing, cloudlets, mobile edge computing, and micro data centers have emerged in the near past. We use the name "edge computing" for this set of emerging technologies. Edge computing is a promising paradigm to offer the required computation and storage resources with minimal delays because of "being near" to the users or terminal devices. Edge computing aims to bring cloud resources and services at the edge of the network, as a middle layer between end user and cloud data centers, to offer prompt service response with minimal delay. Two major aims of edge computing can be denoted as: (a) minimize response delay by servicing the users' request at the network edge instead of servicing it at far located cloud data centers, and (b) minimize downward and upward traffic volumes in the network core. Minimization of network core traffic inherently brings energy efficiency and data cost reductions. Downward network traffic can be minimized by servicing set of users at network edge instead of service provider's data centers (e.g., multimedia and shared data) Content Delivery Networks (CDNs), and upward traffic can be minimized by processing and filtering raw data (e.g., sensors monitored data) and uploading the processed information to cloud. This survey presents a detailed overview of potentials, trends, and challenges of edge computing. The survey illustrates a list of most significant applications and potentials in the area of edge computing. State of the art literature on edge computing domain is included in the survey to guide readers towards the current trends and future opportunities in the area of edge computing.
Service Function Chaining (SFC) is the problem of deploying various network service instances over geographically distributed data centers and providing inter-connectivity among them. The goal is to enable the network traffic to flow smoothly through the underlying network, resulting in an optimal quality of experience to the end-users. Proper chaining of network functions leads to optimal utilization of distributed resources. This has been a de-facto model in the telecom industry with network functions deployed over underlying hardware. Though this model has served the telecom industry well so far, it has been adapted mostly to suit the static behavior of network services and service demands due to the deployment of the services directly over physical resources. This results in network ossification with larger delays to the end-users, especially with the data-centric model in which the computational resources are moving closer to end users. A novel networking paradigm, Network Function Virtualization (NFV), meets the user demands dynamically and reduces operational expenses (OpEx) and capital expenditures (CapEx), by implementing network functions in the software layer known as virtual network functions (VNFs). VNFs are then interconnected to form a complete end-toend service, also known as service function chains (SFCs). In this work, we study the problem of deploying service function chains over network function virtualized architecture. Specifically, we study virtual network function placement problem for the optimal SFC formation across geographically distributed clouds. We set up the problem of minimizing inter-cloud traffic and response time in a multi-cloud scenario as an ILP optimization problem, along with important constraints such as total deployment costs and service level agreements (SLAs). We consider link delays and computational delays in our model. The link queues are modeled as M/D/1 (single server/Poisson arrival/deterministic service times) and server queues as M/M/1 (single server/Poisson arrival/exponential service times) based on the statistical analysis. In addition, we present a novel affinity-based approach (ABA) to solve the problem for larger networks. We provide a performance comparison between the proposed heuristic and simple greedy approach (SGA) used in the state-of-the-art systems. Greedy approach has already been widely studied in the literature for the VM placement problem. Especially we compare our proposed heuristic with a greedy approach using first-fit decreasing (FFD) method. By observing the results, we conclude that the affinity-based approach for placing the service functions in the network produces better results compared against the simple greedy (FFD) approach in terms of both, total delays and total resource cost. We observe that with a little compromise (gap of less than 10% of the optimal) in the solution quality (total delays and cost), affinity-based heuristic can solve the larger problem more quickly than ILP.
Industrial Control System (ICS) is a general term that includes supervisory control & data acquisition (SCADA) systems, distributed control systems (DCS), and other control system configurations such as programmable logic controllers (PLC). ICSs are often found in the industrial sectors and critical infrastructures, such as nuclear and thermal plants, water treatment facilities, power generation, heavy industries, and distribution systems. Though ICSs were kept isolated from the Internet for so long, significant achievable business benefits are driving a convergence between ICSs and the Internet as well as information technology (IT) environments, such as cloud computing. As a result, ICSs have been exposed to the attack vectors used in the majority of cyber-attacks. However, ICS devices are inherently much less secure against such advanced attack scenarios. A compromise to ICS can lead to enormous physical damage and danger to human lives. In this work, we have a close look at the shift of the ICS from stand-alone systems to cloud-based environments. Then we discuss the major works, from industry and academia towards the development of the secure ICSs, especially applicability of the machine learning techniques for the ICS cyber-security. The work may help to address the challenges of securing industrial processes, particularly while migrating them to the cloud environments.
Cloud computing has been widely adopted by application service providers (ASPs) and enterprises to reduce both capital expenditures (CAPEX) and operational expenditures (OPEX). Applications and services previously running on private data centers are now being migrated to private or public clouds. Since most of the ASPs and enterprises have globally distributed user bases, their services need to be distributed across multiple clouds, spread across the globe which can achieve better performance in terms of latency, scalability and load balancing. The shift has eventually led the research community to study multi-cloud environments. However, the widespread acceptance of such environments has been hampered by major security concerns. Firewalls and traditional rule-based security protection techniques are not sufficient to protect user-data in multi-cloud scenarios. Recently, advances in machine learning techniques have attracted the attention of the research community to build intrusion detection systems (IDS) that can detect anomalies in the network traffic. Most of the research works, however, do not differentiate among different types of attacks. This is, in fact, necessary for appropriate countermeasures and defense against attacks. In this paper, we investigate both detecting and categorizing anomalies rather than just detecting, which is a common trend in the contemporary research works. We have used a popular publicly available dataset to build and test learning models for both detection and categorization of different attacks. To be precise, we have used two supervised machine learning techniques, namely linear regression (LR) and random forest (RF). We show that even if detection is perfect, categorization can be less accurate due to similarities between attacks. Our results demonstrate more than 99% detection accuracy and categorization accuracy of 93.6%, with the inability to categorize some attacks. Further, we argue that such categorization can be applied to multi-cloud environments using the same machine learning techniques.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.