A blockchain-enabled security management framework for mobile edge computing

Mobile edge computing (MEC) integrates mobile and edge computing technologies to provide efficient computing services with low latency. It includes several Internet of Things (IoT) and edge devices that process the user data at the network's edge. The architectural characteristic of MEC supports many internet-based services, which attract more number of users, including attackers. The safety and privacy of the MEC environment, especially user information is a significant concern. A lightweight accessing and sharing protocol is required because edge devices are resource constraints. This paper addresses this issue by proposing a blockchain-enabled security management framework for MEC environments. This approach provides another level of security and includes blockchain security features like temper resistance, immutable, transparent, traceable, and distributed ledger in the MEC environment. The framework guarantees secure data storage in the MEC environment. The contributions of this paper are twofold: (1) We propose a blockchain-enabled security management framework for MEC environments that address the security and privacy concerns, and (2) we demonstrate through simulations that the framework has high performance and is suitable for resource-constrained MEC devices. In addition, a smart contract-based access and sharing mechanism is proposed. Our research uses a combination of theoretical analysis and simulation experiments to demonstrate that the proposed framework offers high security, low latency, legitimate access, high throughput, and low operations cost.     

An efficient authentication system of smart device using multi factors in mobile cloud service architecture

Mobile cloud computing environments have overcome the performance limitation of mobile devices and provide use environments not restricted by places. However, user information protection mechanisms are required because of both the security vulnerability of mobile devices and the security vulnerability of cloud computing. In this paper, a multifactor mobile device authentication system is proposed to provide safety, efficiency, and user convenience for mobile device use in cloud service architectures. This system improves security by reinforcing the user authentication required before using cloud computing services. Furthermore, to reinforce user convenience, the system proposed increases the strength of authentication keys by establishing multiple factors for authentication. For efficient entries in mobile device use environments, this system combines mobile device identification number entries, basic ID/password type authentication methods, and the authentication of diverse user bio‐information. This system also enhances authentication efficiency by processing the authentication factors of a user's authentication attempt in a lump instead of one by one in the cloud computing service environment. These authentication factors can be continuously added, and this authentication system provides authentication efficiency even when authentication factors are added. The main contribution is to improve high security level by through authentication of mobile devices with multifactors simultaneously and to use the mobile cloud service architecture for its efficient processing with respect to execution time of it. Copyright © 2013 John Wiley & Sons, Ltd.     

Users' experience matter: Delay sensitivity-aware computation offloading in mobile edge computing

As a promising computing paradigm, Mobile Edge Computing (MEC) provides communication and computing capability at the edge of the network to address the concerns of massive computation requirements, constrained battery capacity and limited bandwidth of the Internet of Things (IoT) systems. Most existing works on mobile edge task ignores the delay sensitivities, which may lead to the degraded utility of computation offloading and dissatisfied users. In this paper, we study the delay sensitivity-aware computation offloading by jointly considering both user's tolerance towards delay of task execution and the network status under computation and communication constraints. Specifically, we use a specific multi-user and multi-server MEC system to define the latency sensitivity of task offloading based on the analysis of delay distribution of task categories. Then, we propose a scoring mechanism to evaluate the sensitivity-dependent utility of task execution and devise a Centralized Iterative Redirection Offloading (CIRO) algorithm to collect all information in the MEC system. By starting with an initial offloading strategy, the CIRO algorithm enables IoT devices to cooperate and iteratively redirect task offloading decisions to optimize the offloading strategy until it converges. Extensive simulation results show that our method can significantly improve the utility of computation offloading in MEC systems and has lower time complexity than existing algorithms.     

An architecture for digital hate content reduction with mobile edge computing

Mobile devices with social media applications are the prevalent user equipment to generate and consume digital hate content. The objective of this paper is to propose a mobile edge computing architecture for regulating and reducing hate content at the user's level. In this regard, the profiling of hate content is obtained from the results of multiple studies by quantitative and qualitative analyses. Profiling resulted in different categories of hate content caused by gender, religion, race, and disability. Based on this information, an architectural framework is developed to regulate and reduce hate content at the user's level in the mobile computing environment. The proposed architecture will be a novel idea to reduce hate content generation and its impact.     

An enhanced authentication with key agreement scheme for satellite communication systems

To ensure secure communication in satellite communication systems, recently, Zhang et al presented an authentication with key agreement scheme and claimed that their scheme satisfies various security requirements. However, this paper demonstrates that Zhang et al's scheme is insecure against the stolen‐verifier attack and the denial of service attack. Furthermore, to authenticate a user, Zhang et al's scheme requires large computational load to exhaustively retrieve the user's identity and password from the account database according to a temporary identity and then update the temporary identity in the database. To overcome the weaknesses existing in Zhang et al's scheme, we proposed an enhanced authentication with key agreement scheme for satellite communication systems. The analyses of our proposed scheme show that the proposed scheme possesses perfect security properties and eliminates the weaknesses of Zhang et al's scheme well. Therefore, from the authors' viewpoints, the proposed scheme is more suitable for the authentication scheme of mobile satellite communication systems.     

基于TPM的云计算平台双向认证方案

为了解决云计算服务环境中用户和云服务器之间的双向认证问题,提出一种基于可信平台模块的云计算平台双向认证方案。将可信计算技术和传统的智能卡口令认证方法相结合应用于云计算服务平台,实现云计算中双方身份的认证,协商生成会话密钥,同时对云服务器的平台可信状况进行了验证。实验分析表明,该方案可以抵抗常见的各种攻击,安全性较高。计算时间复杂度在云计算服务中能够满足要求。     

UCAP:a PCL secure user authentication protocol in cloud computing

As the combine of cloud computing and Internet breeds many flexible IT services,cloud computing becomes more and more significant.In cloud computing,a user should be authenticated by a trusted third party or a certification authority before using cloud applications and services.Based on this,a protocol composition logic (PCL) secure user authentication protocol named UCAP for cloud computing was proposed.The protocol used a symmetric encryption symmetric encryption based on a trusted third party to achieve the authentication and confidentiality of the protocol session,which comprised the initial authentication phase and the re-authentication phase.In the initial authentication phase,the trusted third party generated a root communication session key.In the re-authentication phase,communication users negotiated a sub session key without the trusted third party.To verify the security properties of the protocol,a sequential compositional proof method was used under the protocol composition logic model.Compared with certain related works,the proposed protocol satisfies the PCL security.The performance of the initial authentication phase in the proposed scheme is slightly better than that of the existing schemes,while the performance of the re-authentication phase is better than that of other protocols due to the absence of the trusted third party.Through the analysis results,the proposed protocol is suitable for the mutual authentication in cloud computing.     

边缘计算产业现状与发展建议

随着5G商用,以及IoT和AI的发展,边缘计算的规模和业务复杂度显著增加,边缘实时计算、边缘实时分析和边缘智能等新型业务不断涌现,对边缘基础设施的效率、可靠性和资源利用率有了更高的要求。如何结合云计算发展趋势打造边缘基础设施成为一个新课题。梳理了边缘计算发展现状,包括边缘计算产业规模、国际国内电信运营商在边缘计算领域的试点工作,讨论了"多云混合"对边缘计算的影响,分析了边缘计算存在的问题和挑战,并结合项目实践给出了相应的发展建议。     

Cryptanalysis and improvement of ‘an improved authentication with key agreement scheme on elliptic curve cryptosystem for global mobility networks’

Authentication schemes assure that authorised user can fraudulently obtain his/her required services from home domains. Recently, Li et al. (International Journal of Network Management, 2013; 23(5):311–324) proposed a remote user authentication scheme. They claimed that their protocol is secure against known security attacks. However, in this paper, we indicate that Li et al.'s scheme is insecure against user impersonation attack. We show that an active adversary can easily masquerade as a legitimate user without knowing the user's secret information. As a remedy, we also proposed an improved authentication scheme to overcome the security weaknesses of Li et al.'s scheme. To show the security of our scheme, we prove its security the random oracle model. The implementation results show that our improved scheme offers a reduction of 58% in computational cost and a communication cost reduction of 48% with respect to Li et al.'s scheme. Copyright © 2014 John Wiley & Sons, Ltd.     

Secure personal data sharing in cloud computing using attribute-based broadcast encryption

The ciphertext-policy (CP) attribute-based encryption (ABE) (CP-ABE) emergings as a promising technology for allowing users to conveniently access data in cloud computing. Unfortunately, it suffers from several drawbacks such as decryption overhead, user revocation and privacy preserving. The authors proposed a new efficient and privacy-preserving attribute-based broadcast encryption (BE) (ABBE) named EP-ABBE, that can reduce the decryption computation overhead by partial decryption, and protect user privacy by obfuscating access policy of ciphertext and user's attributes. Based on EP-ABBE, a secure and flexible personal data sharing scheme in cloud computing was presented, in which the data owner can enjoy the flexibly of encrypting personal data using a specified access policy together with an implicit user index set. With the proposed scheme, efficient user revocation is achieved by dropping revoked user's index from the user index set, which is with very low computation cost. Moreover, the privacy of user can well be protected in the scheme. The security and performance analysis show that the scheme is secure, efficient and privacy-preserving.     

An enhanced two-factor user authentication in wireless sensor networks

Since wireless sensor networks (WSN) are often deployed in an unattended environment and sensor nodes are equipped with limited computing power modules, user authentication is a critical issue when a user wants to access data from sensor nodes. Recently, M.L. Das proposed a two-factor user authentication scheme in WSN and claimed that his scheme is secure against different kinds of attack. Later, Khan and Alghathbar (K-A) pointed out that Das’ scheme has some security pitfalls and showed several improvements to overcome these weaknesses. However, we demonstrate that in the K-A-scheme, there is no provision of non-repudiation, it is susceptible to the attack due to a lost smart card, and mutual authentication between the user and the GW-node does not attained. Moreover, the GW-node cannot prove that the first message comes from the user. To overcome these security weaknesses of the K-A-scheme, we propose security patches and prove our scheme.     

Computation energy efficiency maximization based resource allocation scheme in wireless powered mobile edge computing network

For wireless powered mobile edge computing (MEC) network,a system computation energy efficiency (CEE) maximization scheme by considering the limited computation capacity at the MEC server side was proposed.Specifically,a CEE maximization optimization problem was formulated by jointly optimizing the computing frequencies and execution time of the MEC server and the edge user(EU),the transmit power and offloading time of each EU,the energy harvesting time and the transmit power of the power beacon.Since the formulated optimization problem was a non-convex fractional optimization problem and hard to solve,the formulated problem was firstly transformed into a non-convex subtraction problem by means of the generalized fractional programming theory and then transform the subtraction problem into an equivalent convex problem by introducing a series of auxiliary variables.On this basis,an iterative algorithm to obtain the optimal solutions was proposed.Simulation results verify the fast convergence of the proposed algorithm and show that the proposed resource allocation scheme can achieve a higher CEE by comparing with other schemes.     

移动边缘计算安全研究

移动边缘计算具有靠近用户、业务本地处理、灵活路由等特点,成为满足5G低时延业务需求的关键技术之一。由于移动边缘计算靠近用户、处于相对不安全的环境、核心网控制能力减弱等,存在非授权访问、敏感数据泄露、(D)DoS攻击等安全风险。本文在介绍边缘计算概念、应用场景的基础上,分析移动边缘计算的安全威胁、安全防护框架、安全防护方案,并展望后续研究方向。     

区块链在轨道交通边缘计算网络中的应用

多接入边缘计算（multi-access edge computing,MEC）能为城市轨道交通中的计算密集型业务和时延敏感型业务提供高质量的服务能力,然而轨道交通边缘计算网络中的大量边缘设施暴露在开放式环境中,其隐私保护和传输安全面临着很大的挑战。区块链（blockchain）具有分布式账本、共识机制、智能合约、去中心化应用等功能特性,因此,区块链技术可以为分布式轨道交通边缘计算网络构建系统性的安全防护机制,从而保障网络安全和数据安全,实现高质量的城市轨道交通服务。首先,介绍了区块链的基本概念;其次,设计了轨道交通边缘计算网络架构,提出了融合区块链的轨道交通边缘计算网络安全防护机制和应用实例;最后,对该安全防护机制面临的问题和挑战进行了分析和展望。     

移动边缘计算卸载技术综述

移动边缘计算(Mobile Edge Computing,MEC)将云服务器的计算资源扩展到更靠近用户一侧的网络边缘,使得用户可以将任务卸载到边缘服务器,从而克服原先云计算中将任务卸载到云服务器所带来的高时延问题。首先介绍了移动边缘计算的基本概念、基本框架和应用场景,然后围绕卸载决策、联合资源分配的卸载决策分别从单MEC服务器和多MEC服务器两种场景总结了任务卸载技术的研究现状,最后结合当前MEC卸载技术中存在的不足展望了未来MEC卸载技术的研究。     

Survey on data security and privacy-preserving for the research of edge computing

With the rapid development and extensive application of the Internet of things (IoT),big data and 5G network architecture,the massive data generated by the edge equipment of the network and the real-time service requirements are far beyond the capacity if the traditional cloud computing.To solve such dilemma,the edge computing which deploys the cloud services in the edge network has envisioned to be the dominant cloud service paradigm in the era of IoT.Meanwhile,the unique features of edge computing,such as content perception,real-time computing,parallel processing and etc.,has also introduced new security problems especially the data security and privacy issues.Firstly,the background and challenges of data security and privacy-preserving in edge computing were described,and then the research architecture of data security and privacy-preserving was presented.Secondly,the key technologies of data security,access control,identity authentication and privacy-preserving were summarized.Thirdly,the recent research advancements on the data security and privacy issues that may be applied to edge computing were described in detail.Finally,some potential research points of edge computing data security and privacy-preserving were given,and the direction of future research work was pointed out.     

Virtual reality compressing and transmitting system based on mobile edge computing

In order to solve the problem of the high requirements of data transmission rate and sensitivity to transmission delay in virtual reality (VR) based on cloud services,a Cloud VR system with MEC (mobile edge computing) was proposed,mainly including viewpoint-based VR processing and HDA (hybrid digital-analog) transmission optimization.Firstly,a dynamic streaming method based on user viewpoint and pyramid projection was used to implement a complete edge cloud VR system.Then,HDA transmission was introduced to optimize the transmission,and a heuristic algorithm for resource allocation was given.Finally,the base station protocol stack was transformed,and the MEC was integrated into the LTE (long term evolution) system to implement a complete mobile edge cloud VR system.Experimental results demonstrate that the proposed scheme has good robustness and efficient transmission by comparing with the existing schemes.     

移动边缘网络中基于用户移动的服务功能链迁移策略

移动边缘计算(Mobile Edge Computing,MEC)通过在网络边缘部署服务器,提供计算和存储资源,可为用户提供超低时延和高带宽业务。网络功能虚拟化(Network Function Virtualization,NFV)与MEC技术相结合,可在MEC服务器上提供服务功能链(Service Function Chain,SFC),提升用户的业务体验。为了保证移动用户的服务质量,需要在用户跨基站移动时将SFC迁移到合适的边缘服务器上。主要以最小化用户服务的端到端时延和运行成本为目标,提出了MEC网络中具有资源容量约束的SFC迁移策略,以实现移动用户业务的无缝迁移。仿真结果表明,与现有方案相比,该策略具有更好的有效性和高效性。     

ID-Based User Authentication Scheme for Cloud Computing

In cloud computing environments, user authentication is an important security mechanism because it provides the fundamentals of authentication, authorization, and accounting (AAA). In 2009, Wang et al. proposed an identity-based (ID-based) authentication scheme to deal with the user login problem for cloud computing. However, Wang et al.'s scheme is insecure against message alteration and impersonation attacks. Besides, their scheme has large computation costs for cloud users. Therefore, we propose a novel ID-based user authentication scheme to solve the above mentioned problems. The proposed scheme provides anonymity and security for the user who accesses different cloud servers. Compared with the related schemes, the proposed scheme has less computation cost so it is very efficient for cloud computing in practice.     

An efficient two‐party authentication key exchange protocol for mobile environment

The primary goal of this research is to ensure secure communications by client‐server architectures in mobile environment. Although various two‐party authentication key exchange protocols are proposed and claimed to be resistant to a variety of attacks, studies have shown that various loopholes exist in these protocols. What's more, many two‐party authentication key exchange protocols use timestamp to prevent the replay attack and transmit the user's identity in plaintext form. Obviously, these methods will lead to the clock synchronization problem and user's anonymity problem. Fortunately, the three‐way challenged‐response handshake technique and masking user's original identity with a secret hash value used in our study address these problems well. Of course, the proposed protocol based on elliptic curve cryptography supports flawless mutual authentication of participants, agreement of session key, impersonation attack resistance, replay attack resistance, and prefect forward secrecy, as well. The analyses in the aspects of efficiency and security show that the proposed protocol is a better choice for mobile users.