Risk Management and Risk Countermeasure Portfolio of Fog Computing for Improving IoT Security
Abstract
In the era of Digital Transformation (DX), as the Internet continues to become more and more widespread, various devices are now connected to it and the number of IoT devices is increasing. Data generated by IoT devices has traditionally been aggregated in the cloud and processed over time. However, there are two issues with using the cloud. The first is the response delay caused by the long distance between the IoT device and the cloud, and the second is the difficulty of implementing sufficient security measures on the IoT device side due to the limited resources of the IoT device. To address these issues, fog computing, which is positioned in the middle between IoT devices and the cloud, has been attracting attention as a new network component. However, the risks associated with the introduction of fog computing have not yet been fully investigated.
In this study, we conducted a risk assessment of fog computing, which is newly established to promote the use of IoT devices, and identified 24 risk factors. The main countermeasures include the gradual introduction of connected IoT connection protocols and security policy matching. We also demonstrated the effectiveness of the proposed risk countermeasures by evaluating the risk values. Furthermore, from a practical viewpoint, the portfolio for the proposed risk countermeasures is mentioned to ensure a more practical risk assessment result. As a result, the proposed risk countermeasures for fog computing will contribute to the safe and secure use of IoT devices.
References
Ministry of Internal Affairs and Communications, White Paper on Information and Commu- nications 2018, The rapid spread of IoT devices, 2018, (Japanese Edition), [Online]. Available from: http://www.soumu.go.jp/johotsusintokei/whitepaper/ja/h30/html/nd111200.html
M. Niwa et al., Study on the IoT system using fog computing, CSEC-83, 1-7, ISPJ, 2018, (Japanese Edition)
CISCO, Fog computing, (Japanese Edition), [Online]. Available from:
https://www.cisco.com/c/m/ja_jp/solutions/internet-of-things/iot-system-fog-computing.html
M. Saito, Alternative Blog, The three-layered structure of the IoT [Revised Edition], (Japanese Edition), [Online]. Available from: https://blogs.itmedia.co.jp/itsolutionjuku/2017/10/iot_iot.html
S. Tanimoto, et al., Proposal of a perimeter line management method for fog and edge computing with SDP concept, Advances in Networked-Based Information Systems, AISC 1264, pp.290-302, Springer, 2020
KEYENCE, glossary of terms, Fog Computing, (Japanese Edition), [Online]. Available from:
https://www.keyence.co.jp/ss/general/iot-glossary/fog-computing.jsp
S. Khan, S. Parkinson, and Y. Qin, Fog computing security: a review of current applications and security solutions, Journal of Cloud Computing: Advances, Systems and Applications. DOI 10.1186/s13677-017-0090-3, 6(19)(2017)
I. Stojmenovic, S. Wen, X. Huang, and H. Luan, “An overview of Fog computing and its security issues,” Concurrency Comput. Pract. Exp., vol. 28, no. 10, pp. 2991–3005, Jul. 2015
P. Zhang, M. Zhou, and G. Fortino, “Security and trust issues in fog computing: A survey,” Future Generation Computer Systems, vol. 88, pp. 16–27, 2018
S. Yi, Z. Qin, Q. Li, Security and privacy issues of fog computing: A survey, in: Wireless Algorithms, Systems, and Applications the 10th International Conference on, 2015, pp. 1–10
H. Yokota et al., Edge Computing Technologies to Connect the Missing Link of IoT, NEC Technical Journal, Vol.12, No.1, pp.24-28, 2017
P. Chertchom, et al., Data Management Portfolio for Improvement of Privacy in Fog-tocloud Computing Systems, 2019 8th International Congress on Advanced Applied Informatics (IIAI-AAI), pp.884-889, 2019.
P. Chertchom, et al., "Edge Computing Platform Management: Design for F2C and F2F for Small Businesses to Reduce Costs," 2019 8th International Congress on Advanced Applied Informatics (IIAI-AAI), pp.890-895, 2019.
Risk Breakdown Structure, [Online]. Available from: http://www.justgetpmp.com/2011/12/risk-breakdown-structure-rbs.html
S. Tanimoto, et al., Risk Management of Fog Computing for Improving IoT Security, 2021 10th International Congress on Advanced Applied Informatics (IIAI-AAI), pp.703-709, 2021
Cox's risk matrix theorem and its implications for project risk management, [Online]. Available from: http://eight2late.wordpress.com/2009/07/01/cox%E2%80%99s-risk-matrixtheorem-and-its-implications-for-project-risk-management/
ISMS Risk Assessment Manual v1.4, [Online]. Available from: https://www.igt.hscic.gov.uk/KnowledgeBaseNew/ISMS%20Risk%20Assessment%20Manual%20v1.4.p
df, 2015.1.4
H. Sato, et al., Information Security Infrastructure, Kyoritsu Shuppan Co., Ltd., 2010, (Japanese Edition)
S. Tanimoto, et al., A Study of Risk Assessment Quantification in Cloud Computing, 8th International Workshop on Advanced Distributed and Parallel Network Applications (ADPNA-2014), pp. 426-431, Sep. 2014
S. Tanimoto, et al., Risk Assessment Quantification of Ambient Service, ICDS 2015 : The Ninth International Conference on Digital Society, pp. 70-75, Lisbon, Feb. 2015
J. Wiik, et al., Effectiveness of Proactive CSIRT Services, In 18th Annual FIRST Conference on Computer Security Incident Handling, 2006
Y. Kenmoku, et al., A Study of Assurance Level in Information Security Management - LoA Introducing Method for CSIRT Deployment -, 6th International Conference on Project Management (ProMAC 2012), 2012
C Mican, et al., A method for project portfolio risk assessment considering risk interdependencies–a network perspective, Elsevier, Procedia Computer Science, 196(2022) 948–955
F.J. Joubert, et al., Using Monte Carlo simulation to quantify the cost impact of systemic risk factors in a project portfolio: a case study, South African Journal of Industrial Engineering, vol.32, n.4, pp.67-82, 2021
S. C. Geuther, et al., BBN-Based Portfolio Risk Assessment for NASA Technology R&D Outcome, International Annual Conference of the American Society for Engineering Management ''Energizing Engineering Management'', [Online]. Available from: https://ntrs.nasa.gov/api/citations/20160013839/downloads/20160013839.pdf