Managing Anonymous Keys in a Fog-Computing Platform

Fog Computing is a decentralized infrastructure layer between Cloud and Edge Devices moving the computation closer to the edge, allowing good latency and bandwidth even for large-scale Internet of Things deployments. Still, devices using fog services are exposed to the immediate application environment and potentially malicious users, thus security, privacy, and trust are critical issues. To provide trust and privacy within fog infrastructures, enabling the secured execution of future Internet of Things services, lightweight collective and distributed attestation mechanism for the bulk attestation of the edge devices and the fog infrastructure can be used, especially leveraging Direct Anonymous Attestation, an anonymous attestation signature that allows attesting to the state of the host system, without violating the specified privacy of the host. As in all cryptographic schemes the management and protection of keys is of the highest significance. We present key management for a fog architecture in the context of the RAINBOW fog platform and show how the computations of a recently published proof-of-concept implementation of Direct Anonymous Attestation can be distributed in our specific fog environment. We provide details on an embedded system-level implementation and performance benchmarks for Internet of Things applications keys stored with proper hardware-based protection within a Trusted Platform Module.