Treasure Collection on Foggy Islands : Building Secure Network Archives for Internet of Things

Research output: Journal Publications and Reviews (RGC: 21, 22, 62)21_Publication in refereed journalpeer-review

1 Scopus Citations
View graph of relations

Author(s)

Detail(s)

Original languageEnglish
Pages (from-to)2637-2650
Journal / PublicationIEEE Internet of Things Journal
Volume6
Issue number2
Online published27 Sep 2018
Publication statusPublished - Apr 2019

Abstract

Fog computing has emerged as a promising paradigm in overcoming the growing challenges (e.g., low latency, location awareness, and geographic distribution) arising from many real-world Internet of Things (IoT) applications, by extending the cloud to the network edge. With the widespread deployment of fog-assisted IoT applications, unprecedentedly huge volumes of network traffic from massive IoT devices would continuously arrive at the fog nodes. Archiving the network traffic can be highly beneficial to fog computing, which forms the basis of forensic, monitoring, troubleshooting, and many other critical tasks. Such high value, however, constantly renders traffic archives the first-order target to experienced attackers. This mandates the traffic archives to be built in a trustworthy way and stayed encrypted at rest. Security aside, it is yet highly desirable to retain the utility of the encrypted traffic archives, in particular by making them privately queryable. In this paper, we take the first research attempt and explore a new design point to delicately bridge trusted hardware and searchable encryption for building trustworthy, encrypted, yet queryable network traffic archives for fog-assisted IoT applications. We take a systematic approach to address several key challenges, which are unsolvable by synthesizing out-of-box techniques, from ground up. Extensive evaluations show that our system can achieve stable archiving throughput of 350Mbps with one core, and saturate a 1Gbps link with four cores; for a real trace, it outperforms a baseline system without any of our designs by over 110⨉.