区块链在轨道交通边缘计算网络中的应用

多接入边缘计算（multi-access edge computing,MEC）能为城市轨道交通中的计算密集型业务和时延敏感型业务提供高质量的服务能力,然而轨道交通边缘计算网络中的大量边缘设施暴露在开放式环境中,其隐私保护和传输安全面临着很大的挑战。区块链（blockchain）具有分布式账本、共识机制、智能合约、去中心化应用等功能特性,因此,区块链技术可以为分布式轨道交通边缘计算网络构建系统性的安全防护机制,从而保障网络安全和数据安全,实现高质量的城市轨道交通服务。首先,介绍了区块链的基本概念;其次,设计了轨道交通边缘计算网络架构,提出了融合区块链的轨道交通边缘计算网络安全防护机制和应用实例;最后,对该安全防护机制面临的问题和挑战进行了分析和展望。     

基于雾计算的物联网架构研究

物联网是一种能将物体连接至互联网使其更加智能的技术.但是物联网设备产生的大数据难以处理,网络架构的可扩展性差,以及用户的安全隐私容易泄露等问题都限制了物联网的发展.为了解决这些问题,通过分析雾计算所具有的优势提出基于雾计算的物联网架构.基于该架构,同时考虑到用户的安全隐私问题,又提出分层的网络架构.最后对文章进行总结和展望.     

移动云服务的数据安全与隐私保护综述

移动云服务相比传统云具有移动互联、灵活终端应用和便捷数据存取等特点。然而,丰富的移动云服务应用也带来了更多的安全与隐私泄露问题。在阐述移动云服务的基本概念、应用与安全问题的基础上,给出了其安全与隐私保护体系结构,主要围绕安全协议与认证、访问控制、完整性验证、移动可信计算和基于加密、匿名、混淆的隐私保护等关键技术,分析其研究现状,论述已有技术的优势和不足,并探讨了未来的研究方向。     

RAD‐EI: A routing attack detection scheme for edge‐based Internet of Things environment

Internet of Things (IoT) offers various types of application services in different domains, such as “smart infrastructure, health‐care, critical infrastructure, and intelligent transportation system.” The name edge computing signifies a corner or edge in a network at which traffic enters or exits from the network. In edge computing, the data analysis task happens very close to the IoT smart sensors and devices. Edge computing can also speed up the analysis process, which allows decision makers to take action within a short duration of time. However, edge‐based IoT environment has several security and privacy issues similar to those for the cloud‐based IoT environment. Various types of attacks, such as “replay, man‐in‐the middle, impersonation, password guessing, routing attack, and other denial of service attacks” may be possible in edge‐based IoT environment. The routing attacker nodes have the capability to deviate and disrupt the normal flow of traffic. These malicious nodes do not send packets (messages) to the edge node and only send packets to its neighbor collaborator attacker nodes. Therefore, in the presence of such kind of routing attack, edge node does not get the information or sometimes it gets the partial information. This further affects the overall performance of communication of edge‐based IoT environment. In the presence of such an attack, the “throughput of the network” decreases, “end‐to‐end delay” increases, “packet delivery ratio” decreases, and other parameters also get affected. Consequently, it is important to provide solution for such kind of attack. In this paper, we design an intrusion detection scheme for the detection of routing attack in edge‐based IoT environment called as RAD‐EI. We simulate RAD‐EI using the widely used “NS2 simulator” to measure different network parameters. Furthermore, we provide the security analysis of RAD‐EI to prove its resilience against routing attacks. RAD‐EI accomplishes around 95.0% “detection rate” and 1.23% “false positive rate” that are notably better than other related existing schemes. In addition, RAD‐EI is efficient in terms of computation and communication costs. As a result, RAD‐EI is a good match for some critical and sensitive applications, such as smart security and surveillance system.     

大规模无线通信网络移动边缘计算和缓存研究

面向未来6G移动通信的大规模网络移动边缘计算与缓存技术,首先,介绍了大规模无线网络下移动边缘计算和缓存的架构与原理,并阐释了移动边缘计算和缓存技术在大规模无线网络中的必要性和普适性.接着,从计算卸载、边缘缓存、多维资源分配、用户关联和隐私保护这5个关键问题出发,综述和分析了移动边缘计算和缓存赋能大规模无线网络时会引入的...     

云计算环境中支持隐私保护的数字版权保护方案简

针对云计算环境中数字内容安全和用户隐私保护的需求,提出了一种云计算环境中支持隐私保护的数字版权保护方案。设计了云计算环境中数字内容版权全生命周期保护和用户隐私保护的框架,包括系统初始化、内容加密、许可授权和内容解密4个主要协议;采用基于属性基加密和加法同态加密算法的内容加密密钥保护和分发机制,保证内容加密密钥的安全性;允许用户匿名向云服务提供商订购内容和申请授权,保护用户的隐私,并且防止云服务提供商、授权服务器和密钥服务器等收集用户使用习惯等敏感信息。与现有的云计算环境中数字版权保护方案相比,该方案在保护内容安全和用户隐私的同时,支持灵活的访问控制,并且支持在线和超级分发应用模式,在云计算环境中具有较好的实用性。     

Security and privacy issues of physical objects in the IoT: Challenges and opportunities

In the Internet of Things (IoT), security and privacy issues of physical objects are crucial to the related applications. In order to clarify the complicated security and privacy issues, the life cycle of a physical object is divided into three stages of pre-working, in-working, and post-working. On this basis, a physical object-based security architecture for the IoT is put forward. According to the security architecture, security and privacy requirements and related protecting technologies for physical objects in different working stages are analyzed in detail. Considering the development of IoT technologies, potential security and privacy challenges that IoT objects may face in the pervasive computing environment are summarized. At the same time, possible directions for dealing with these challenges are also pointed out.     

Federated learning-based privacy-preserving electricity load forecasting scheme in edge computing scenario

In the era of big data, massive amounts of data hold great value. However, much data exists as isolated islands, and the maximum value of the data cannot be fully utilized. Federated learning allows each client to train local data and then share the training model parameters securely, which can address the isolated data island problem and exploit data value while ensuring data privacy and security. Accordingly, in order to securely complete the electric power load forecasting using existing data, this paper constructs a federated learning-based privacy-preserving scheme to support electricity load forecasting in edge computing scenarios. To address the problems of the data-isolated islands and data privacy in electric power systems, this paper proposes a decentralized distributed solution based on the federated learning technique. Our scheme achieves electricity load forecasting for power systems through the federated learning-based framework and uses edge computing architecture to improve real-time data capability and reduce network latency. For the hierarchical scheduling structure in power systems, we divide the system into a cloud-side-device three-layer architecture, which achieves structural coordination and balance, and each layer collects information according to the scheduling control tasks, promoting scheduling effectiveness. Finally, different privacy protection methods are used on the cloud-edge and edge-device sides to significantly enhance data security. Moreover, We have conducted extensive experimental simulations for our proposed scheme. The experimental results show that the relative error of electricity load forecasting is around 1.580%. Meanwhile, our scheme achieves high accuracy and low memory usage. The security analysis proves the feasibility and security of our scheme.     

边缘计算产业现状与发展建议

随着5G商用,以及IoT和AI的发展,边缘计算的规模和业务复杂度显著增加,边缘实时计算、边缘实时分析和边缘智能等新型业务不断涌现,对边缘基础设施的效率、可靠性和资源利用率有了更高的要求。如何结合云计算发展趋势打造边缘基础设施成为一个新课题。梳理了边缘计算发展现状,包括边缘计算产业规模、国际国内电信运营商在边缘计算领域的试点工作,讨论了"多云混合"对边缘计算的影响,分析了边缘计算存在的问题和挑战,并结合项目实践给出了相应的发展建议。     

Intelligent Service Function Chain Mapping Framework for Cloud-and-Edge-Collaborative IoT

With the rapid development of Internet of thing (IoT) technology, it has become a challenge to deal with the increasing number and diverse requirements of IoT services. By combining burgeoning network function virtualization ( NFV) technology with cloud computing and mobile edge computing ( MEC), an NFV-enabled cloud-and-edge-collaborative IoT (CECIoT) architecture can efficiently provide flexible service for IoT traffic in the form of a service function chain (SFC) by jointly utilizing edge and cloud resources. In this promising architecture, a difficult issue is how to balance the consumption of resource and energy in SFC mapping. To overcome this challenge, an intelligent energy-and-resource-balanced SFC mapping scheme is designed in this paper. It takes the comprehensive deployment consumption as the optimization goal, and applies a deep Q-learning(DQL)-based SFC mapping (DQLBM) algorithm as well as an energy-based topology adjustment (EBTA) strategy to make efficient use of the limited network resources, while satisfying the delay requirement of users. Simulation results show that the proposed scheme can decrease service delay, as well as energy and resource consumption.     

Towards asynchronous federated learning for heterogeneous edge-powered internet of things

The advancement of the Internet of Things (IoT) brings new opportunities for collecting real-time data and deploying machine learning models. Nonetheless, an individual IoT device may not have adequate computing resources to train and deploy an entire learning model. At the same time, transmitting continuous real-time data to a central server with high computing resource incurs enormous communication costs and raises issues in data security and privacy. Federated learning, a distributed machine learning framework, is a promising solution to train machine learning models with resource-limited devices and edge servers. Yet, the majority of existing works assume an impractically synchronous parameter update manner with homogeneous IoT nodes under stable communication connections. In this paper, we develop an asynchronous federated learning scheme to improve training efficiency for heterogeneous IoT devices under unstable communication network. Particularly, we formulate an asynchronous federated learning model and develop a lightweight node selection algorithm to carry out learning tasks effectively. The proposed algorithm iteratively selects heterogeneous IoT nodes to participate in the global learning aggregation while considering their local computing resource and communication condition. Extensive experimental results demonstrate that our proposed asynchronous federated learning scheme outperforms the state-of-the-art schemes in various settings on independent and identically distributed (i.i.d.) and non-i.i.d. data distribution.     

人工智能在网络安全运维服务中的应用

近年来,国内外网络安全形势趋于复杂,关系到国民经济命脉的关键信息基础设施在传统模式下得不到有效保护。网络安全运维服务以“专业保安”身份着力打造关键信息基础设施的整体防御能力,但随着人工智能、大数据、云计算、5G、物联网以及边缘计算等新技术发展的应用,大量关键信息隐藏在海量数据中很难被发现并有效利用。因此,以人工智能为抓手,研究人工智能赋能网络安全运维服务,打造智慧运营新思路,解决实际运维服务过程中智能化、自动化等问题。     

Internet of things intrusion detection model and algorithm based on cloud computing and multi-feature extraction extreme learning machine

With the rapid development of the Internet of Things (IoT), there are several challenges pertaining to security in IoT applications. Compared with the characteristics of the traditional Internet, the IoT has many problems, such as large assets, complex and diverse structures, and lack of computing resources. Traditional network intrusion detection systems cannot meet the security needs of IoT applications. In view of this situation, this study applies cloud computing and machine learning to the intrusion detection system of IoT to improve detection performance. Usually, traditional intrusion detection algorithms require considerable time for training, and these intrusion detection algorithms are not suitable for cloud computing due to the limited computing power and storage capacity of cloud nodes; therefore, it is necessary to study intrusion detection algorithms with low weights, short training time, and high detection accuracy for deployment and application on cloud nodes. An appropriate classification algorithm is a primary factor for deploying cloud computing intrusion prevention systems and a prerequisite for the system to respond to intrusion and reduce intrusion threats. This paper discusses the problems related to IoT intrusion prevention in cloud computing environments. Based on the analysis of cloud computing security threats, this study extensively explores IoT intrusion detection, cloud node monitoring, and intrusion response in cloud computing environments by using cloud computing, an improved extreme learning machine, and other methods. We use the Multi-Feature Extraction Extreme Learning Machine (MFE-ELM) algorithm for cloud computing, which adds a multi-feature extraction process to cloud servers, and use the deployed MFE-ELM algorithm on cloud nodes to detect and discover network intrusions to cloud nodes. In our simulation experiments, a classical dataset for intrusion detection is selected as a test, and test steps such as data preprocessing, feature engineering, model training, and result analysis are performed. The experimental results show that the proposed algorithm can effectively detect and identify most network data packets with good model performance and achieve efficient intrusion detection for heterogeneous data of the IoT from cloud nodes. Furthermore, it can enable the cloud server to discover nodes with serious security threats in the cloud cluster in real time, so that further security protection measures can be taken to obtain the optimal intrusion response strategy for the cloud cluster.     

云数据安全研究进展

云数据安全问题是制约云计算发展的重要因素之一.该文综述了云数据安全方面的研究进展,将云数据安全所涉及的云身份认证、云访问控制、云数据安全计算、虚拟化安全技术、云数据存储安全、云数据安全删除、云信息流控制、云数据安全审计、云数据隐私保护及云业务可持续性保障10方面相关研究工作纳入到物理资源层、虚拟组件层及云服务层所构成的云架构中进行总结和分析;并给出了相关技术的未来发展趋势.     

云数据安全研究进展

云数据安全问题是制约云计算发展的重要因素之一.该文综述了云数据安全方面的研究进展,将云数据安全所涉及的云身份认证、云访问控制、云数据安全计算、虚拟化安全技术、云数据存储安全、云数据安全删除、云信息流控制、云数据安全审计、云数据隐私保护及云业务可持续性保障10方面相关研究工作纳入到物理资源层、虚拟组件层及云服务层所构成的...     

云计算层次服务关联机制及SaaS模式下数据安全取向的研究

本文首先介绍了云计算特征与分类、云服务模式,其次,由云计算的开放类型：公有云、私有云、混合云等展开叙述,分析了云计算体系结构与云服务模式融合、云计算层次结构与服务类型关联机制、SaaS#系结构与安全隐患,最后阐述了SaaS模式下数据的安全取向,具体分析了系统管理与物理安全、数据传输与网络安全、数据存储与冗余备份、强化软件效用提升云服务安全等。     

ESOT: a new privacy model for preserving location privacy in Internet of Things

The Internet of Things (IoT) means connecting everything with every other thing through the Internet. In IoT, millions of devices communicate to exchange data and information with each other. During communication, security and privacy issues arise which need to be addressed. To protect information about users’ location, an efficient technique should be devised. Several techniques have already been proposed for preserving location privacy in IoT. However, the existing research lags in preserving location privacy in IoT and has highlighted several issues such as being specific or being restricted to a certain location. In this paper, we propose a new location privacy technique called the enhanced semantic obfuscation technique (ESOT) to preserve the location information of a user. Experimental results show that ESOT achieves improved location privacy and service utility when compared with a well-known existing approach, the semantic obfuscation technique.     

物联网加密技术研究

物联网是一种虚拟网络与现实世界实时交互的新型系统,随着物联网技术的迅猛发展,物联网终端的安全问题也逐渐被重视。文中通过分析物联网终端设备存在的认证、私隐等安全问题,针对终端设备计算能力、网络资源有限的特点,研究了基于IBE密钥参数协商和身份鉴别技术、轻量级加密算法和密码自同步技术,提出了将几种技术相结合的加密技术方案,并对这种方案的安全性进行了分析。     

Cloud data secure deduplication scheme via role-based symmetric encryption

The rapid development of cloud computing and big data technology brings prople to enter the era of big data,more and more enterprises and individuals outsource their data to the cloud service providers.The explosive growth of data and data replicas as well as the increasing management overhead bring a big challenge to the cloud storage space.Meanwhile,some serious issues such as the privacy disclosure,authorized access,secure deduplication,rekeying and permission revocation should also be taken into account.In order to address these problems,a role-based symmetric encryption algorithm was proposed,which established a mapping relation between roles and role keys.Moreover,a secure deduplication scheme was proposed via role-based symmetric encryption to achieve both the privacy protection and the authorized deduplication under the hierarchical architecture in the cloud computing environment.Furthermore,in the proposed scheme,the group key agreement protocol was utilized to achieve rekeying and permission revocation.Finally,the security analysis shows that the proposed role-based symmetric encryption algorithm is provably secure under the standard model,and the deduplication scheme can meet the security requirements.The performance analysis and experimental results indicate that the proposed scheme is effective and efficient.     

Fog-Sec: Secure end-to-end communication in fog-enabled IoT network using permissioned blockchain system

The technological integration of the Internet of Things (IoT)-Cloud paradigm has enabled intelligent linkages of things, data, processes, and people for efficient decision making without human intervention. However, it poses various challenges for IoT networks that cannot handle large amounts of operation technology (OT) data due to physical storage shortages, excessive latency, higher transfer costs, a lack of context awareness, impractical resiliency, and so on. As a result, the fog network emerged as a new computing model for providing computing capacity closer to IoT edge devices. The IoT-Fog-Cloud network, on the other hand, is more vulnerable to multiple security flaws, such as missing key management problems, inappropriate access control, inadequate software update mechanism, insecure configuration files and default passwords, missing communication security, and secure key exchange algorithms over unsecured channels. Therefore, these networks cannot make good security decisions, which are significantly easier to hack than to defend the fog-enabled IoT environment. This paper proposes the cooperative flow for securing edge devices in fog-enabled IoT networks using a permissioned blockchain system (pBCS). The proposed fog-enabled IoT network provides efficient security solutions for key management issues, communication security, and secure key exchange mechanism using a blockchain system. To secure the fog-based IoT network, we proposed a mechanism for identification and authentication among fog, gateway, and edge nodes that should register with the blockchain network. The fog nodes maintain the blockchain system and hold a shared smart contract for validating edge devices. The participating fog nodes serve as validators and maintain a distributed ledger/blockchain to authenticate and validate the request of the edge nodes. The network services can only be accessed by nodes that have been authenticated against the blockchain system. We implemented the proposed pBCS network using the private Ethereum 2.0 that enables secure device-to-device communication and demonstrated performance metrics such as throughput, transaction delay, block creation response time, communication, and computation overhead using state-of-the-art techniques. Finally, we conducted a security analysis of the communication network to protect the IoT edge devices from unauthorized malicious nodes without data loss.