Editing Chapter 6: Edge Security and Privacy (section)

==6.2 Data Privacy and Compliance in Edge Applications==

===Privacy Issues in Fog Computing===

====Attack Vectors====
----
Below are some of the major attack vectors that plague existing edge and fog networks.
; Forgery
:Forgery is a security threat where the attacker copies someone else's identities and behavior by producing fake information. This is a serious issue that degrades existing network resources for everyone in the network. 
;Tampering
: Attackers alter data that is to be sent to other websites. This is difficult to detect since users in an edge environment are mobile and we can't differentiate if the data has been tampered with or anomalous behavior is due to packet loss. 
;Spam
:Attackers send fake information that overwhelms the processing power of the edge devices. Similar to DoS, on a smaller scale.
;Sybil
:Attackers fake identity to control the performance of edge network. Falsifying their identity allows them to create fake crowdsensing reports, which affects the reliability of the whole network.
;Jamming
:Attackers generate large amounts of packets to jam transmission channels and occupy important resources
;Eavesdropping
:Attackers listen to confidential data of genuine users from transmission channel by pretending to be a part of the network
; Man in the Middle (MITM)
: MITM is a type of cyberattack where the attacker not only eavesdrops on communication between two devices, but also modifies the payload for destructive payloads.
;Collusion
:Multiple groups band together to mislead fog nodes
;Impersonation
:Attacker acts as real server to trick users to steal all their data

==== Privacy Issues in Fog Computing ====
# User privacy
## Fog computing contains large number of IoT devices that are inter-connected via sensors, which generate sensitive data and transmit to fog nodes for processing. This raises the question of guaranteeing user privacy in the case of a breach in a part of the system.
# Data Privacy
## User data can be exposed to network attacker who is trying to steam user's personal data from the transmission medium or relay nodes
# Usage privacy
## User's usage patterns for fog computing usage may get leaked. If the intruder knows when user is accessing the channel, they may target the user's confidential information when the user is not using the channel.
# Location Privacy
## Intruders accessing nodes' location information poses a risk for the user both physically and on the network.
# Network Privacy 
## Since most fog networks are connected over wireless networks, which are relatively insecure, this also poses a ever-present security risk for users. Moreover, maintenance of fog nodes on wireless networks is also challenging since they are present at edge of internet. Both these factors expand the attack surface which makes it more likely for a breach to occur

=== Security and Privacy issues for edge computing===
# nodes of edge connected to large number of IoT
## these have limited resources 
## heterogeneous internal components
## Key management for ensuring privacy of data is difficult

==== Issues ====
# Edge nodes are near to users which makes large amount of sensitive data, which might be stolen 
# Edge computing possess low network resources so doesn't support expensive encryption algos 
# Edge environment consists of dynamic env which is changing, which allows attackers multiple ways to join the network
  Also difficult to create securiy rules for a changing network

==== Attacks ====
; Eavesdropping: Monitor channel to steal data
;# DDoS
: interrupt normal services provided by different servers
;# Data Tampering
: Attacker can alter the data transmitted over comm channel 
;False data injection
:Attacker injects false code in network which brings all data to the attacker
;Physical attack
:Physical protection of edge infra is weak, which allows attackers to compromise the physical locations of edge devices.
; Rogue gateway
:inject large amounts of traffic into edge network infra, similar to MITM

==== Privacy issues in edge computing ====
# weak security techniques for system protection
# unsafe communication between devices
# difficult recovery and data backup
# no specific pattern of update reception 
# lack of proper network visibility
# lack of user's selective data collection

==== Countermeasures for Fog Computing ====
;Efficient encryption techniques
:Allows for resource constrained edge devices to encrypt communcations with complex algorithms  
;Decoy technique
:Authenticate data of user present the computing network by replacing original information with fake information that is provided to attackers
 When breached, the attackers find the decoy files 
;Intrusion detection system
:Detect and protect from attacks including DoS, insider attackers, port scanning attacks, flooding attacks on virtual machine, MITM
;Blockchain security for fog computing
:Blockchain is a way to cryptographically ensure the validity of a system while simultaneously increasing it's security. Using blockchain for edge computing reduces single point failure, increases network security and helps with tracking node status effectively.