移动边缘计算安全研究

移动边缘计算具有靠近用户、业务本地处理、灵活路由等特点,成为满足5G低时延业务需求的关键技术之一。由于移动边缘计算靠近用户、处于相对不安全的环境、核心网控制能力减弱等,存在非授权访问、敏感数据泄露、(D)DoS攻击等安全风险。本文在介绍边缘计算概念、应用场景的基础上,分析移动边缘计算的安全威胁、安全防护框架、安全防护方案,并展望后续研究方向。     

Survey on computation offloading in mobile edge computing

Computation offloading in mobile edge computing would transfer the resource intensive computational tasks to the edge network.It can not only solve the shortage of mobile user equipment in resource storage,computation performance and energy efficiency,but also deal with the problem of resource occupation,high latency and network load compared to cloud computing.Firstly the architecture of MEC was introduce and a comparative analysis was made according to various deployment schemes.Then the key technologies of computation offloading was studied from three aspects of decision on computation offloading,allocation of computing resource within MEC and system implement of MEC.Based on the analysis of MEC deployment scheme in 5G,two optimization schemes on computation offloading was proposed in 5G MEC.Finally,the current challenges in the mobility management was summarized,interference management and security of computation offloading in MEC.     

移动边缘计算卸载技术综述

移动边缘计算(Mobile Edge Computing,MEC)将云服务器的计算资源扩展到更靠近用户一侧的网络边缘,使得用户可以将任务卸载到边缘服务器,从而克服原先云计算中将任务卸载到云服务器所带来的高时延问题。首先介绍了移动边缘计算的基本概念、基本框架和应用场景,然后围绕卸载决策、联合资源分配的卸载决策分别从单MEC服务器和多MEC服务器两种场景总结了任务卸载技术的研究现状,最后结合当前MEC卸载技术中存在的不足展望了未来MEC卸载技术的研究。     

云计算中数据隐私保护研究进展

由于社会分工和资源共享的必然,公共云平台必将成为和电网、互联网等同等重要的国家基础设施。云计算面临的安全问题制约着云计算的广泛使用。数据安全在云计算中尤为重要,如何保证数据的安全性是云计算安全的核心。从数据的隐私保护计算、数据处理结果的完整性认证、数据访问权限控制以及数据的物理安全4个方面对已有研究工作进行了分类和总结,为后续云计算中数据的安全性研究提供参照。     

PSMECS: A provably secure ID-based communication in mobile edge computing

Human-centered systems play an important role in the modern world, for example, driverless car, autonomous and smart vehicles, drones, and robotics. The internet of things environment demands a faster real-time response depending on the applications processed in a particular duration. Mobile edge computing (MEC) allows a user to get a real-time response as compared with cloud computing (CC), although ensuring a number of security attributes in MEC environment remains challenging. In this article, a protocol is designed to achieve mutual authentication, anonymous communication, and security against traceability, as these are very crucial factors to ensure the security of data and user's privacy. Moreover, the proposed scheme ensures mutual authentication between a mobile user and an edge server along with the user's anonymity and untraceability. The proof of security and evaluation of performance of the scheme validates that it ensures security attributes and improves efficiency in terms of communication and computation overheads.     

5G边缘计算节点部署方法研究

随着5G商用的到来,基于5G三大应用场景的业务需求,现有核心网集中式部署不能满足新的需求,网络随业务流向边缘迁移是产业发展趋势。移动边缘计算靠近用户侧部署,能提供更短时延和保护隐私等功能。本文通过分析移动边缘计算面向的重点行业和重点领域等业务发展需求,协同构建客户的业务、无线和局房资源视图,匹配出移动边缘计算部署机房位置及资源储备。     

区块链在轨道交通边缘计算网络中的应用

多接入边缘计算（multi-access edge computing,MEC）能为城市轨道交通中的计算密集型业务和时延敏感型业务提供高质量的服务能力,然而轨道交通边缘计算网络中的大量边缘设施暴露在开放式环境中,其隐私保护和传输安全面临着很大的挑战。区块链（blockchain）具有分布式账本、共识机制、智能合约、去中心化应用等功能特性,因此,区块链技术可以为分布式轨道交通边缘计算网络构建系统性的安全防护机制,从而保障网络安全和数据安全,实现高质量的城市轨道交通服务。首先,介绍了区块链的基本概念;其次,设计了轨道交通边缘计算网络架构,提出了融合区块链的轨道交通边缘计算网络安全防护机制和应用实例;最后,对该安全防护机制面临的问题和挑战进行了分析和展望。     

云计算环境中支持隐私保护的数字版权保护方案简

针对云计算环境中数字内容安全和用户隐私保护的需求,提出了一种云计算环境中支持隐私保护的数字版权保护方案。设计了云计算环境中数字内容版权全生命周期保护和用户隐私保护的框架,包括系统初始化、内容加密、许可授权和内容解密4个主要协议;采用基于属性基加密和加法同态加密算法的内容加密密钥保护和分发机制,保证内容加密密钥的安全性;允许用户匿名向云服务提供商订购内容和申请授权,保护用户的隐私,并且防止云服务提供商、授权服务器和密钥服务器等收集用户使用习惯等敏感信息。与现有的云计算环境中数字版权保护方案相比,该方案在保护内容安全和用户隐私的同时,支持灵活的访问控制,并且支持在线和超级分发应用模式,在云计算环境中具有较好的实用性。     

边缘计算中的网络建设需求分析

文章系统介绍了移动边缘计算关键技术,详细分析了MEC网络平台架构及功能,对于典型与应用场景中的数据分流业务进行了论述和介绍。在5G网络应用中,MEC技术通过为移动网边缘,无线接入网提供IT服务,同时提供强大的云计算能力,满足了本地化业务、近距离部署的功能要求,极大地提高了用户体验。     

Distributed privacy protection strategy for MEC enhanced wireless body area networks

With the rapid development and widespread application of Wireless Body Area Networks (WBANs), the traditional centralized system architecture cannot handle the massive data generated by the edge devices. Meanwhile, in order to ensure the security of physiological privacy data and the identity privacy of patients, this paper presents a privacy protection strategy for Mobile Edge Computing(MEC) enhanced WBANs, which leverages the blockchain-based decentralized MEC paradigm to support efficient transmission of privacy information with low latency, high reliability within a high-demand data security scenario. On this basis, the Merkle tree optimization model is designed to authenticate nodes and to verify the source of physiological data. Furthermore, a hybrid signature algorithm is devised to guarantee the node anonymity with unforgeability, data integrity and reduced delay. The security performance analysis and simulation results show that our proposed strategy not only reduces the delay, but also secures the privacy and transmission of sensitive WBANs data.     

Secure multi‐factor remote user authentication scheme for Internet of Things environments

Because of the exponential growth of Internet of Things (IoT), several services are being developed. These services can be accessed through smart gadgets by the user at any place, every time and anywhere. This makes security and privacy central to IoT environments. In this paper, we propose a lightweight, robust, and multi‐factor remote user authentication and key agreement scheme for IoT environments. Using this protocol, any authorized user can access and gather real‐time sensor data from the IoT nodes. Before gaining access to any IoT node, the user must first get authenticated by the gateway node as well as the IoT node. The proposed protocol is based on XOR and hash operations, and includes: (i) a 3‐factor authentication (ie, password, biometrics, and smart device); (ii) mutual authentication ; (iii) shared session key ; and (iv) key freshness . It satisfies desirable security attributes and maintains acceptable efficiency in terms of the computational overheads for resource constrained IoT environment. Further, the informal and formal security analysis using AVISPA proves security strength of the protocol and its robustness against all possible security threats. Simulation results also prove that the scheme is secure against attacks.     

MEC系统中基于多智能体深度增强学习的协作式任务卸载和资源分配

移动边缘计算(MEC)通过将计算任务卸载到MEC服务器上,在缓解智能移动设备计算负载的同时,可以降低服务时延。然而目前在MEC系统中,关于任务卸载和资源分配仍然存在以下问题：1)边缘节点间缺乏协作;2)计算任务到达与实际环境中动态变化的特征不匹配;3)协作式任务卸载和资源分配动态联合优化问题。为解决上述问题,文章在协作式MEC架构的基础上,提出了一种基于多智能体的深度确定性策略梯度算法(MADDPG)的任务卸载和资源分配算法,最小化系统中所有用户的长期平均成本。仿真结果表明,该算法可以有效降低系统的时延及能耗。     

边缘云的技术发展与应用思考

在云网融合的背景下,传统中心云业务在用户边缘位置无法满足超低时延、高带宽、高安全等业务需求现象.为解决此问题,首先对5G网络向边缘云分流方式和分流策略智能化进行研究;其次,对边缘云网融合的算力需求定制化和异构化进行深挖;最后,通过验证和归纳总结,制定出一整套综合解决方案解决或缓解边缘计算应用网络延迟和算力异构化问题的方...     

Secure personal data sharing in cloud computing using attribute-based broadcast encryption

The ciphertext-policy (CP) attribute-based encryption (ABE) (CP-ABE) emergings as a promising technology for allowing users to conveniently access data in cloud computing. Unfortunately, it suffers from several drawbacks such as decryption overhead, user revocation and privacy preserving. The authors proposed a new efficient and privacy-preserving attribute-based broadcast encryption (BE) (ABBE) named EP-ABBE, that can reduce the decryption computation overhead by partial decryption, and protect user privacy by obfuscating access policy of ciphertext and user's attributes. Based on EP-ABBE, a secure and flexible personal data sharing scheme in cloud computing was presented, in which the data owner can enjoy the flexibly of encrypting personal data using a specified access policy together with an implicit user index set. With the proposed scheme, efficient user revocation is achieved by dropping revoked user's index from the user index set, which is with very low computation cost. Moreover, the privacy of user can well be protected in the scheme. The security and performance analysis show that the scheme is secure, efficient and privacy-preserving.     

Querying in Packs: Trustworthy Data Management in Ad Hoc Networks

We describe a trust-based data management framework enabling mobile devices to access the distributed computation, storage, and sensory resources available in pervasive computing environments. Available resources include those in the fixed surrounding infrastructure as well as services offered by other nearby mobile devices. We take a holistic approach that considers data trust, security, and privacy and focus on the collaborative mechanisms providing a trustworthy data management platform in an ad hoc network. The framework is based on a pack formation mechanism that enables collaborative peer interactions using context information and landmarks. A pack provides a routing substrate allowing devices to find reliable information sources and coordinated pro-active and reactive mechanisms to detect and respond to malicious activity. Consequently, a pack forms a foundation for distributed trust management and data intensive interactions. We describe our data management framework with an emphasis on pack formation in mobile ad hoc networks and present preliminary results from simulation experiments.     

Deep Q-network-based auto scaling for service in a multi-access edge computing environment

In 5G networks, it is necessary to provide services while meeting various service requirements, such as high data rates and low latency, in response to dynamic network conditions. Multi-access edge computing (MEC) is a promising concept to meet these requirements. The MEC environment enables service providers to deploy their low latency services that are composed of multiple components. However, operating a service manually and attempting to satisfy the quality of service (QoS) requirements is difficult because many factors need to be considered in an MEC scenario. In this paper, we propose an auto-scaling method using deep Q-networks (DQN), which is a reinforcement learning algorithm, to resize the number of instances assigned to service. In our evaluation, compared to other baseline methods, the proposed approach maintains the appropriate number of instances effectively in response to dynamic traffic change while satisfying QoS and minimizing the cost of operating the service in the MEC environment. The proposed method was implemented as a module running in OpenStack and published as open-source software.     

云计算安全威胁分析

随着云计算技术应用的进一步深入,云安全也成为业界关注的焦点.云安全不仅是广大用户选择云计算服务的首要考虑因素,也是云计算实现健康可持续发展的基础.为了能更好地了解、掌握云计算环境下的安全问题,详细分析了云环境在基础设施、数据、身份及访问管理、安全管理、隐私、审计与合规等方面面临的安全威胁,认为只有云计算服务提供商以及用户双方协力合作,在提供及监测安全功能方面取得一致认同,并重新调整传统的安全模式,才能处理云计算所面临的威胁.     

Survey on data security and privacy-preserving for the research of edge computing

With the rapid development and extensive application of the Internet of things (IoT),big data and 5G network architecture,the massive data generated by the edge equipment of the network and the real-time service requirements are far beyond the capacity if the traditional cloud computing.To solve such dilemma,the edge computing which deploys the cloud services in the edge network has envisioned to be the dominant cloud service paradigm in the era of IoT.Meanwhile,the unique features of edge computing,such as content perception,real-time computing,parallel processing and etc.,has also introduced new security problems especially the data security and privacy issues.Firstly,the background and challenges of data security and privacy-preserving in edge computing were described,and then the research architecture of data security and privacy-preserving was presented.Secondly,the key technologies of data security,access control,identity authentication and privacy-preserving were summarized.Thirdly,the recent research advancements on the data security and privacy issues that may be applied to edge computing were described in detail.Finally,some potential research points of edge computing data security and privacy-preserving were given,and the direction of future research work was pointed out.     

云计算安全关键技术分析

云计算以一种新兴的共享基础架构的方法,提供资源池化的由网络、信息和存储等组成的服务、应用、信息和基础设施等的使用。云计算的按需自服务、宽带接入、虚拟化资源池、快速弹性架构、可测量的服务和多租户等特点,直接影响到了云计算环境的安全威胁和相关的安全保护策略。云计算具备了众多的好处,从规模经济到应用可用性,其绝对能给应用环境带来一些积极的因素。如今,在广大云计算提供商和支持者的推崇下,众多企业用户已开始跃跃欲试。然而,云计算也带来了一些新的安全问题,由于众多用户共享IT基础架构,安全的重要性非同小可。本文分析了云计算特定的安全需求和解决方案以及国内外的研究和产品现状。     

No Pervasive Computing without Intelligent Systems

For pervasive computing ideas to reach, and be used, by the general public, they should fulfil an unmet need. Automation of manual tasks in the home, car or at work provides a rich environment for new services and applications. Pervasive computing can be the infrastructure upon which such services can be built. However, without intelligent systems to support pervasive computing environments, users will be overwhelmed by the complexity of the systems with which they are asked to interact. Experience shows that, to be adopted, technologies must address a need without making unreasonable demands of the user, and without imposing huge maintenance and access costs. Intelligent systems will play a major part in enabling the applications that will create user need in pervasive computing environments — facilitating user access to the environment and reducing management cost to supportable levels. This paper will explore the social and technological research issues relevant to the use of intelligent systems in pervasive computing. These include privacy and data protection, user interface and human interaction with intelligent systems, knowledge acquisition, and the management of large-scale systems capable of autonomous action.