Improving Information Security in Smart City

Abstract:

With the introduction of the concept of smart city and the continuous advancement of its construction process, it makes people more intelligent and convenient in urban travel, shopping, medical treatment and parking. However, in the process of smart city construction, the application of big data, IoT, artificial intelligence and other information technologies, it not only makes the city more convenient, but also brings new information security risks. In order to improve the security of information in the smart city environment, this paper starts with the physical perception layer, network communication layer, computing & storage layer, data & service support layer and application layer that constitute the smart city. This paper uses literature analysis method to make a statistical analysis of the attack cases of each layer of the basic architecture of smart city, and analyzes the information security risks of each layer, such as security risks at the physical perception layer, network communication layer, application layer, and cloud service layer. In the cloud service layer, starting from the security threats faced by the cloud system, through the study of network traffic analysis technology, network intrusion detection, vulnerability assessment methods, etc.it is proposed to improve the throughput rate of the cloud system by using four-stage fluidization PF_RING processing method when analyzing and evaluating the traffic in the cloud system. The neural network analysis is used to check the security of cloud system, and the best selection algorithm is used to evaluate the security of cloud system. Experiments show that the method proposed in this paper can handle real-time network traffic capture and vulnerability detection in cloud system. Through calculation by the object of attack difficulty level to identify vulnerable object, according to the identity to enhance the level of protection, intrusion protection capacity up to 94.1% on average, to strengthen safety...

(Show More)

Published in:  2021 5th International Conference on Communication and Information Systems (ICCIS)

Date of Conference: 15-17 October 2021

Date Added to IEEE Xplore: 21 December 2021

ISBN Information:

INSPEC Accession Number: 21529471

DOI:  10.1109/ICCIS53528.2021.9645934

Publisher: IEEE

Conference Location: Chongqing, China

Funding Agency:

SECTION I.

Introduction

With the advancement of China's urbanization process, the number of urban population continues to increase, and the urban population density continues to rise. As the city grows in size, many resources in China's big cities are difficult to meet the needs of many residents, and the urban governance model is no longer suitable for the existing urban scale and urban development. In order to effectively solve urban problems such as environmental pollution, community management and traffic congestion, the smart cities can innovate urban governance models, which plays a positive role in optimizing urban operation process, improving urban operation efficiency and effectively utilizing various urban resources [1] .

The concept of smart city was first put forward by IBM, aiming to contribute to the urban development of the world and China [2] . Today's "smart city" uses information and other means to detect, analyze and integrate information in various areas of the city, so as to respond to various needs of urban traffic, environmental protection, medical safety and other needs, so as to achieve the goal of intelligent urban management. According to statistics, by the end of 2019, smart city construction had been carried out in nearly 800 cities in China, becoming a well-known smart city country in the world [3] .

However, with the gradual deepening of smart city construction, the problem of information security in smart city has become increasingly prominent. How to play the role of information sharing, collaboration and integration while providing information security and personal privacy protection to a certain extent has become the key to the sustainable development of smart cities [4] . The construction of smart city is inseparable from the computer network system, but there are still many risks in network security. Therefore, we should focus on analyzing the network security problems we may encounter, and take corresponding network security protection measures to ensure the safe operation of smart city. At present, most cities have not made corresponding top-level design for the construction of smart cities and lack necessary planning. There are many security risks in the construction process [5] .

This paper mainly starts from the cloud service layer composed of smart city. Aiming at the information security problems faced by the cloud system, the paper proposes a neural network-based analysis method and applies it to the security detection of the cloud system, so as to improve the security protection ability of the cloud system in the big data environment . So as to provide new quantitative research ideas for further promoting the research on information security in smart cities [6] . In order to improve the protection ability of information security in the environment of smart city and escort the development of smart city.

A. Basic Structure of Smart City

With the help of big data, artificial intelligence, cloud computing and other technologies, smart city integrates the important information in the urban public infrastructure system, tracks and understands the operation of the city, plans and manages all information resources, monitors and deals with various emergencies, so as to ensure the convenience and intelligence of the city operation [7] .

With the wide use of various electronic terminals, users will produce a large number of electronic data every day. These electronic data contain information resources that can be used. In the 2020s, smart cities will play a greater role in optimizing urban resource allocation by using digital economy [8] .

Smart city refers to the use of information and communication technology, the effective integration of various kinds of city management system, realize the city information resource sharing and business collaboration between each system, urban management and service wisdom, improve the operation management and public service level of the city and improve the urban residents' happiness and satisfaction, realize the sustainable development of an innovative city [9] . The basic architecture of smart city is shown in Fig. 1 [10] . It consists of five layers: physical perception layer, network communication layer, computing and storage layer, data &service support layer, and intelligent application layer.

Figure 1

Basic architecture of smart city

Show All

Physical sensing layer consists of many sensors and actuators. The sensor is used to collect data, and the actuator processes and responds to the collected data. The network communication layer interconnects thousands of nodes in a smart city, which can be the Internet based on IP protocol, or the Internet of Things and sensor networks based on proprietary protocols such as RFID, ZigBee, etc. These heterogeneous networks realize each other through specific adaptation layer and constitute the basic communication network of smart city. The computing and storage layer consists of servers, which store and compute software environment resources for smart cities. The data and service support layer is composed of two parts. One is the data support layer, which is used to process the perceived data, and the other is the service support layer, which mainly provides a unified data access entrance and an integrated environment for the upper-layer applications [11] . The intelligent application layer directly faces users and provides efficient, intelligent and practical services to users. Generally, smart government, smart transportation, smart education, smart medical care and so on belong to this application layer.

B. Information Security Challenges Faced by Smart Cities

With the wide application of cloud computing, big data, IoT and other technologies in the construction of smart city, the information stock is also showing exponential growth. Information is becoming more concentrated, more widely disseminated and more widely shared. As smart cities involve various business systems, the coupling network of urban information becomes more and more complex, and the hidden dangers of network security become more and more prominent. At present, the information security challenges facing smart cities in China mainly include the following aspects.

1) Security risks of IoT perception layer

According to the purpose of attack, the main attack types of IoT sensing layer can be divided into three categories. The first category is stealing user privacy. The main method is to break through the access control mechanism of Internet of Things devices by taking advantage of the inherent security loopholes of the system or the artificial omissions of users, so as to achieve the purpose of illegally obtaining user data.(Such as the current network of home camera account password selling phenomenon is such). The second is capturing IoT devices and turning them into tools to attack other targets. IoT devices are an order of magnitude higher than a normal computer, so a botnet of a large number of hack-controlled IoT devices can launch a much larger DDoS attack. Third, stealing computing power from IoT devices for cryptocurrency mining.

2) Security risks of IoT perception layer

The Internet of Things has the characteristics of wireless, short range, multi-hop and low rate, which is more vulnerable to eavesdropping, interference and message injection attacks [12] . Take WiFi and ZigBee, which are common in the Internet of Things, for example, WiFi is particularly vulnerable to intermediate attacks. Hackers can intercept the communication between terminal devices and WiFi hotspots, tamper with relevant information and lay traps. ZigBee is particularly vulnerable to replay attacks due to the lack of a mechanism to assess the "fresh degree " of communication packets [13] . The integration between the IoT and the Internet makes the relatively fragile Internet of Things easily become a springboard to attack the Internet, which greatly increases the security risks of smart cities.

3) Security risks in the application layer

The smart city application layer consists of many applications that directly provide services to users. At present, the application layer mainly covers smart government affairs, smart transportation, smart education, smart health and other fields. Currently, smart city applications are at almost the same level, so the security threats they face have a great deal of overlap. In addition, applications in various fields also face some personalized security threats.

4) Security risks in the cloud service layer

For the convenience of description, the computing & storage layer and the data and service support layer are collectively called cloud service layer. As the aggregation point of data and services in smart cities, attacks on cloud service layer not only threaten the personal privacy and personal safety of a large number of users, but also may interfere or even interrupt the normal operation of smart cities, causing incalculable losses.

The cloud service layer faces greater challenges to data security and privacy protection due to factors such as dynamics and data migration. First, the cloud service layer is more vulnerable to DDoS attacks due to the centrality of resources and the importance of functions. Second, the cloud service layer is more vulnerable to data theft attacks due to the huge amount of user data stored. Thirdly, the sharing characteristics of cloud service layer expand the attack interface of hackers. For example, thousands of virtual servers share the physical server, although it saves computing and storage resources, but any one virtual server under attack, will threaten other servers in the same virtual environment.

In addition, privacy security is also a focus for users of cloud services. When a large number of data related to the user's identity, hobbies, location, habits and health are collected and uploaded to the server through the perception layer, the subsequent viewing, use and circulation status becomes unknown, which causes common users' privacy anxiety. This paper mainly studies the methods to improve the information security defense of the smart city from the cloud service layer, so as to improve the security of the environmental information of the smart city.

In view of the information security problems faced by the cloud system, a method based on neural network analysis is proposed and applied to the security detection of the cloud system, so as to improve the security protection ability of the cloud system under the big data environment. Methods to improve information security in smart city environment are studied from the aspects of equipment security, technical security and institutional security, in order to provide new ideas for quantitative research to further promote the research on information security in smart city. In order to improve the protection ability of information security in the environment of smart city and escort the development of smart city.

SECTION II.

Methodolgy

A. The Basic Architecture of the Cloud System

In order to improve the information security in the smart city environment, the neural network-based analysis method is proposed and applied to the security detection of cloud system, so as to enhance the protection ability of cloud system security in the big data environment. The basic architecture of the cloud system is composed of three parts: the infrastructure layer, the application service layer and the client layer (as shown in Fig. 2 ). Its function is divided into two parts. The first part mainly completes the evaluation of system security. The second part evaluates the security or vulnerability of the equipment in the system according to the existing data on the basis of the first part. Traffic analysis, vulnerability detection and intrusion detection are deployed on the cloud platform as a kind of application to analyze the security status of virtual host in the cloud platform.

Figure 2

The basic architecture of the cloud system

Show All

B. Analysis and Evaluation of Traffic in the Cloud System

Figure 3

Four-Stage Fluidized PF_Ring Structure

Show All

By capturing the network traffic generated by the cloud in the cloud system, it is analyzed, and according to the configuration state of the server in the cloud system, the method is dynamically selected for protocol identification. The training sets used in protocol recognition based on BP network can be divided into the training based on existing standard data sets and the training based on existing data sets. The standard dataset was trained using the 08 SIMPLE dataset [14] provided by the University of Cambridge, UK, and the dataset provided by Wireshark, which contained major network protocol session data. The protocol recognition based on deep packet detection adopts the protocol feature packet provided by L7 filter, reads IP packet based on DFA protocol to match the application layer protocol, and expresses the protocol type as a regular expression.

In order to further improve the processing capacity of the cloud system, the paper proposes a four-level pipelinized PF_ring processing mode based on PF-Ring, as shown in Fig. 3 . The specific process is as follows: a) The network traffic is provided to the network session balancing hardware through the network card, and the PF-Ring thread queue is virtualized by the PF_RING thread queue which supports the flow; b) Preprocessing of task threads and network packets; c) Analyze and match network messages and use the results to analyze traffic; d) The output of the task process shows the results of traffic in a visual way.

For cloud traffic analysis, data sets provided by Cambridge University and Wireshark were selected to train BP neural network. Cloud intrusion detection selects the rule set provided by Snort for learning, and the specific algorithm description is shown in Algorithm 1 . The model structure of BP neural network is shown in Fig. 4 , consisting of 3 layers of neurons, including an input layer, a hidden layer and an output layer. The number of neurons in the input layer is determined by the type of input data. The number of neurons in the hidden layer is determined by (1) , M represent the number of output neurons and N represent the number of input layer, the activation function selects the logarithmic Sshaped function.

S=(M+2)N−−−−−−−−−√(1)

View Source

Algorithm 1

ANN training

Show All

Figure 4

BP Neural Network Structure

Show All

C. Cloud System Security Evaluation Algorithm

In view of the existing cloud system's inability to evaluate its own security state, the optimal attack selection algorithm is proposed. The algorithm considers the security of the attacked target from the perspective of the attacker, and then evaluates the overall security of the system, providing a basis for the management and reducing the success rate of the attacked system. The security evaluation algorithm of cloud system is composed of eight tuples (T, IT, OT, DI, VN, VV, V, D). The eight tuples represent the condition of a node, where T represents the average traffic of the node. It represents the entry flow of nodes; OT represents the outlet flow of a node; Di represents the importance level of a node, and its importance level is divided into three levels (important, medium and low), with a value range of (3,2,1). Vn represents the number of vulnerabilities in nodes; VV represents the comprehensive importance degree of node vulnerability; V represents the importance degree of a vulnerability in a node, and its importance degree is divided into four levels (dangerous, important, medium and low), with a value range of (4,3,2,1). D represents the relationship between the daily average traffic of nodes and the importance level of nodes.

The calculation of network traffic at nodes takes one calculation window per hour, and one day is divided into 24 periods. The calculation of traffic at nodes is as follows:

The average daily outlet flow of node I is calculated as shown in (2) .

OToutputi=∑24t=1OToutputi(t)24(2)

View Source

The average daily inlet flow of node I is calculated as shown in (3) .

ITinputi=∑24t=1ITinputi(t)24(3)

View Source

The average daily flow of node I is calculated as shown in (4) .

Ti=OToutputi+OTinputi2(4)

View Source

The proportion of the average daily flow of node I in the node's area is calculated as shown in (5) .

θi=Ti∑ni=1Ti(5)

View Source

The average vulnerability importance degree VV of node I is calculated as (6) , where t represents the importance value of a certain vulnerability.

VVi=∑t=1nVitn(6)

View Source

The relationship between the average daily traffic of node I and the importance level of node is shown in (7) .

Di=DIi×θi(7)

View Source

The aggressiveness calculation of node I is shown in (8) .

Chickeni=Di×VVi×VNi(8)

View Source

The optimal attack selection algorithm is shown in algorithm 2 .

Algorithm 2

Optimal attack selection algorithm

Show All

D. Experiment Environment

The security of a cloud system is determined by analyzing the network traffic, network intrusion behavior, and vm vulnerabilities of VMS on the cloud platform. The experimental topology is shown in Fig. 5 . Cloud A and Cloud B are two private Cloud platforms. There are four blade PCS on Cloud platform A, namely blade PC1, 2, 3 and 4, and four blade PCS on Cloud platform B, namely blade PC5,6,7 and 8. The Blade PC uses yinhe series. Each blade PC is equipped with two Itanidum processors and a memory capacity of 32GB. The CentOS 64-bit operating system is installed on it. Each port uses a 10Gb/s NIC.

Figure 5

Experimental topology of cloud system

Show All

SECTION III.

Result and Discussion

In order to improve the security of environmental information in smart cities, due to the limitations of time and space, this experiment only starts with the risks faced by the cloud service layer information in smart cities and tests the cloud system security assessment algorithm. First of all, NTAS [15] , WIRESHARK [16] and the packet capture capability of the algorithm in this paper are compared and tested on the cloud system under different network traffic environments (1Gb/s~10Gb/s), so as to expect the algorithm in this paper to achieve higher capture capability in high-speed network environment. Secondly, the intrusion prevention capability of Snort+TNAPI, Snort+PF_RING, Snort+Libpcap algorithms and the algorithm adopted in this paper are compared and tested in different network traffic environment, so as to wait until the algorithm in this paper has better protection capability.

A. Test of Cloud System Message Capture Ability

Packet capture provides a basis for analyzing packets and mastering packet information. In this test, the packet capture capability of NTAS, WIRESHARK and the system using the proposed algorithm is compared in different network traffic environments (1Gb/s~10Gb/s). The test results ( Fig. 6 ) show that the packet capture capability of the cloud system using the algorithm in this paper is better than that of Wireshark and NTAS. The packet capture capability of the Wireshark and NTAS decreases as the network port traffic increases. In particular, the packet capture capability of the Wireshark decreases when the network port traffic exceeds 5Gb/s, and the packet capture rate falls below 10%. However, the cloud system that selects the algorithm in this paper has no significant change in the packet capture rate with the increase of network port traffic, and its average packet capture rate is above 97.3%, which has the capability of real-time analysis and processing of network data in a high-speed network environment. It can be seen that the cloud system using the algorithm in this paper can effectively capture packets, which provides a basis for efficient and accurate packet analysis, and thus provides a guarantee for preventing the information security of the cloud system.

Figure 6

Message capture ability of different network traffic analysis systems

Show All

B. Security Intrusion Detection Test of Cloud System

Intrusion test mainly tests the system's ability to protect against system vulnerabilities and hacker intrusion. This test selects different network traffic (1GB/S~10GB/S) environment, selects Snort [17] intrusion test on TNAPI [18] , PF_RING [19] , LIBPCAP [20] two or three underlying modules, and compares it with the system using the algorithm in this paper. The experimental results (As shown in Fig. 7 ) show that when the network traffic is 1Gb/s, the intrusion prevention capabilities of the four methods have little difference, all above 89%. With the increase of port traffic, the protection capability of the other three algorithms decreases obviously, especially when the SNORT+Libpcap algorithm is over 5Gb/s, the protection capability of SNORT+Libpcap algorithm decreases to less than 8%, which shows that the SNORT+Libpcap algorithm is not suitable for high-speed network intrusion prevention. In the system using the proposed algorithm, its intrusion prevention capability does not change significantly with the increase of network traffic, and its average intrusion prevention capability reaches 97.83%, which can meet the protection requirements of information intrusion detection in the cloud system under the high-speed network environment. According to the statistics of the attack times of cloud A and Cloud B in different time periods within 24 hours, the cloud system using the algorithm in this paper can effectively reduce the number of successful intrusions and improve the security protection ability by 43.67% on average.

Figure 7

Comparison of intrusion detection performance tests

Show All

SECTION IV.

Conclusion

Based on the analysis of the security risks faced by smart city systems, this paper mainly starts with the security threats faced by cloud systems. Through the study of network traffic analysis technology, network packet capture, network intrusion detection and other algorithms, A four-stage pipelined PF_RING processing method is proposed to improve the throughput rate of the cloud system in the flow analysis and evaluation of the cloud system. The neural network analysis method is used to check the security of the cloud system, and the optimal selection algorithm is used to evaluate the security of the cloud system. Experimental results show that the method proposed in this paper can effectively capture packets in high-speed network environment, and the average packet capture rate is above 97.3%. It has the capability of real-time analysis and processing of network data in high-speed network environment. Through the intrusion detection capability test of the cloud system, the cloud system using the algorithm in this paper effectively improves the anti-attack capability, and the security protection capability is improved by 43.67% on average. In this way, the security of the cloud system is enhanced and a reference is provided for the protection of the cloud system. The next step is to continue to optimize the algorithm, improve the security of the cloud system, and escort the information security of the smart city system.

ACKNOWLEDGMENT

This paper is supported by the Project of National Natural Science Foundation of China (No 62073218) , the Key Research and Development Program of Xianyang City in 2020(No 2020K02-14), the Innovation and Entrepreneurship Program for College Students in Shaanxi Province (No S202110722086 ).