轨道交通移动边缘计算网络安全综述

在环境复杂、乘客密集、高速移动的轨道交通场景中引入移动边缘计算（MEC）技术可满足其对低时延、移动性和海量连接等的需求。然而，MEC在改善轨道交通通信网络性能的同时也带来了安全挑战。首先对轨道交通通信网络和MEC进行了概述；然后讨论了MEC在轨道交通中的价值和轨道交通移动边缘计算网络的架构；接着分析了轨道交通移动边缘计算网络面临的安全威胁并提出了防护方案；最后提出了一些开放性问题，希望对后续的研究提供思路。     

区块链基础设施安全分析与防护

随着区块链技术在金融、物流、溯源、医疗、交通等不同领域的应用探索,区块链基础设施系统的基础性和重要性日益凸显。区块链基础设施系统为区块链应用提供计算、存储、网络、通信等区块链基础资源和服务,其安全性也成为确保上层区块链业务和应用安全的根本保障。文章概述区块链的发展历程以及区块链基础设施的核心技术,分析其面临的传统和特有的安全风险,并提出相应的区块链基础设施安全防护操作建议,以推动区块链基础设施的安全可靠发展。     

一种基于区块链的物联网系统架构

物联网能将计算和物理节点作为整体为我们提供服务。由于智能网络设备的广泛应用,物联网边缘节点的数量正迅速增长。在分布式环境中如何实现服务的互操作是物联网应用场景中的一个技术难点。通过使用区块链技术来建立数据信任机制,可用于支持服务的互操作。区块链技术可将验证、处理数据的行为作为交易,存储在分布式分类帐中。区块链技术在互操作上面临许多问题,比如:共识机制、区块大小及间隔的确定等诸多问题。拜占庭算法提供了一个解决一些协议造成处理时延问题,使用超级账本解决了区块的扩展性问题,选择正确的验证可解决信任问题。本文分析物联网服务的互操作性和面临的挑战,并介绍了一种集成区块链技术、面向服务的体系结构(SoA)、关键性能指标(KPIS)实现和服务选择等技术的体系架构解决方案。     

边缘计算安全防护体系研究

首先,介绍各权威机构对边缘计算概念的定义,梳理边缘计算主要的内涵特征;其次,根据现今云计算产业和信息技术的发展趋势,结合边缘计算在各行业的典型应用场景,分析总结边缘计算在实际应用中的安全威胁和风险因素;再次,调查研究边缘计算各团体及标准化组织应对边缘安全威胁的方法和保障体系,提炼边缘计算安全防护体系结构及机制原理;最后,通过引入融合区块链和人工智能技术,在边缘计算安全防护体系的基础上强化边缘防护的应变能力和可信能力,进而实现边缘计算在支撑我国军事应用时的端到端的安全保障。     

面向数字孪生边缘网络的区块链分片及资源自适应优化机制

为了解决数字孪生边缘网络数据共享面临的隐私和安全问题,提出一种基于区块链分片的数字孪生边缘网络数据安全共享机制。考虑动态时变的数字孪生边缘网络和边缘网络孪生模型与物理网络映射误差,建立联合多播簇头选择、本地基站（BS）共识接入选择、频谱和计算共识资源分配的自适应资源优化模型,实现最大化区块链分片交易吞吐量的目标。在数字孪生边缘网络环境下,提出双层近端策略优化（PPO）算法,求解自适应资源优化问题。仿真结果表明,所提算法可以有效改善区块链分片交易吞吐量。同时,在适应映射误差方面优于传统深度强化学习算法。     

区块链基础设施安全风险及评估探索

区块链技术凭借抗篡改、透明化、分布式的安全特性已成为近年来全球科技和经济发展的新热点。区块链基础设施作为对上承载各类区块链应用、对下衔接网络基础设施的核心枢纽,其安全保障能力是确保区块链健康高质量发展中不可或缺的一环。概述了当前国内外政府、行业和标准化机构在区块链基础设施安全领域的发展现状,分析了区块链基础设施面临的安全风险,并提出了相应的安全评估指标以综合性评估区块链基础设施应对安全风险的能力。     

区块链安全技术体系研究

区块链是一种分布式的数据库,具有去中心化和去信任化的核心特征,近年来受到高度关注,得到了广泛应用。但作为一项新兴技术,区块链同时存在不可忽视的安全风险。本文从区块链关键技术出发,提出四层技术体系,逐层分析了区块链应用面临的挑战和安全风险,并形成通用的分层安全技术体系。该安全技术体系可用于指导区块链应用建设、保障区块链应用安全和促进安全技术的进一步发展。     

城市轨道交通工程通信传输系统建设方案初探

介绍了轨道交通通信传输系统传输的信息，信息分类，特点及接口类型，分析，比较了建设轨道交通通信传输系统的光传输网络（OTN），数字同步系列（SDH）和异转移模式（ATM）三种方案，以及这三种方案在城市轨道交通工程中的应用情况，对城市轨道交通通信传输系统的实施方式进行了探讨。     

基于区块链技术的旅游服务及可视化分析系统设计

当前全球旅游业面临的信息安全、监管、信息透明度和服务质量等挑战。区块链技术的特性,如去中心化、分布式账本和智能合约,提供了解决这些问题的有效手段。本系统的设计采用了浏览器/服务器框架,关键技术包括多维度爬虫技术、基于区块链的数据管理、数据分析与可视化等关键模块。将区块链技术用于旅游服务系统的信息安全与监管,可提供高级加密和信息共享的解决方案,以应对旅游业中的不文明行为、虚假宣传和价格透明度等问题。该实验系统的搭建,为旅游部门提供更加安全、透明和高质量的服务。     

区块链应用的安全分析与防范建议

为了解决区块链应用方面的安全挑战,以区块链应用为主视角,介绍了区块链的研究现状,对区块链网络的数据结构层、网络层、共识层、应用层面临的安全威胁进行了分析,并围绕防范网络层攻击、改进共识层协议、加强应用层智能合约设计等方面给出区块链未来发展的安全建议。     

Fog-Sec: Secure end-to-end communication in fog-enabled IoT network using permissioned blockchain system

The technological integration of the Internet of Things (IoT)-Cloud paradigm has enabled intelligent linkages of things, data, processes, and people for efficient decision making without human intervention. However, it poses various challenges for IoT networks that cannot handle large amounts of operation technology (OT) data due to physical storage shortages, excessive latency, higher transfer costs, a lack of context awareness, impractical resiliency, and so on. As a result, the fog network emerged as a new computing model for providing computing capacity closer to IoT edge devices. The IoT-Fog-Cloud network, on the other hand, is more vulnerable to multiple security flaws, such as missing key management problems, inappropriate access control, inadequate software update mechanism, insecure configuration files and default passwords, missing communication security, and secure key exchange algorithms over unsecured channels. Therefore, these networks cannot make good security decisions, which are significantly easier to hack than to defend the fog-enabled IoT environment. This paper proposes the cooperative flow for securing edge devices in fog-enabled IoT networks using a permissioned blockchain system (pBCS). The proposed fog-enabled IoT network provides efficient security solutions for key management issues, communication security, and secure key exchange mechanism using a blockchain system. To secure the fog-based IoT network, we proposed a mechanism for identification and authentication among fog, gateway, and edge nodes that should register with the blockchain network. The fog nodes maintain the blockchain system and hold a shared smart contract for validating edge devices. The participating fog nodes serve as validators and maintain a distributed ledger/blockchain to authenticate and validate the request of the edge nodes. The network services can only be accessed by nodes that have been authenticated against the blockchain system. We implemented the proposed pBCS network using the private Ethereum 2.0 that enables secure device-to-device communication and demonstrated performance metrics such as throughput, transaction delay, block creation response time, communication, and computation overhead using state-of-the-art techniques. Finally, we conducted a security analysis of the communication network to protect the IoT edge devices from unauthorized malicious nodes without data loss.     

5G边缘计算安全研究与应用

本论文聚焦在5G边缘计算安全研究与应用,包括5G边缘计算安全风险、5G边缘安计算安全防护要求以及5G边缘计算安全应用。首先从网络服务、硬件环境、虚拟化、边缘计算平台、能力开放、应用、管理、数据方面明确5G边缘计算安全风险,然后针对安全风险提出对应的安全防护要求,并以智能电网为例介绍了5G边缘计算安全应用。论文为5G边缘计算安全的风险以及防护要求分析等研究提供支持,为5G边缘计算安全应用提供发展思路。     

Performance optimization for smart grid blockchainintegrated with fog computing using DDQN

In order to solve the energy crisis and pollution problems, smart grid is widely used. However, there are many challenges such as the management of distributed energy during the construction. Blockchain, as an emerging technology, can provide a secure and transparent solution to the decentralized network. Meanwhile, fog computing network is considered to avoid the high deployment cost. The edge servers have abundant computing and storage resources to perform as nodes in grid blockchain. In this paper, an innovative structure of smart grid blockchain integrated with fog computing are proposed. And a new consensus mechanism called scalable proof of cryptographic selection (SPoCS) is designed to adapt the hybrid networks. The mechanism not only includes a special index, contribution degree, to measure the loyalty of fog nodes and the probability of being a function node, but also has flexible block interval adjustment method. Meanwhile, the number of function nodes (validating nodes and ordering nodes) can also be adjusted. And a deep reinforcement learning (DRL) method is used to select the appropriate quantity to improve the performance under the strict constraints of security and decentralization. The simulation shows the scheme performs well in the throughput, cost and latency.     

Blockchain-based fog radio access networks: Architecture,key technologies,and challenges

Fog Radio Access Network (F-RAN) has been regarded as a promising solution to the alleviation of the ever-increasing traffic burden on current and future wireless networks, for it shifts the caching and computing resources from remote cloud to the network edge. However, it makes wireless networks more vulnerable to security attacks as well. To resolve this issue, in this article, we propose a secure yet trustless Blockchain-based F-RAN (BF-RAN), which allows a massive number of trustless devices to form a large-scale trusted cooperative network by leveraging the key features of blockchain, such as decentralization, tamper-proof, and traceability. The architecture of BF-RAN is first presented. Then, the key technologies, including access control, dynamic resource management, and network deployment are discussed. Finally, challenges and open problems in the BF-RAN are identified.     

Survey on data security and privacy-preserving for the research of edge computing

With the rapid development and extensive application of the Internet of things (IoT),big data and 5G network architecture,the massive data generated by the edge equipment of the network and the real-time service requirements are far beyond the capacity if the traditional cloud computing.To solve such dilemma,the edge computing which deploys the cloud services in the edge network has envisioned to be the dominant cloud service paradigm in the era of IoT.Meanwhile,the unique features of edge computing,such as content perception,real-time computing,parallel processing and etc.,has also introduced new security problems especially the data security and privacy issues.Firstly,the background and challenges of data security and privacy-preserving in edge computing were described,and then the research architecture of data security and privacy-preserving was presented.Secondly,the key technologies of data security,access control,identity authentication and privacy-preserving were summarized.Thirdly,the recent research advancements on the data security and privacy issues that may be applied to edge computing were described in detail.Finally,some potential research points of edge computing data security and privacy-preserving were given,and the direction of future research work was pointed out.     

面向移动边缘计算中多应用服务的虚拟机部署算法

移动边缘计算(MEC)通过在用户近端以虚拟机(VM)形式部署应用服务,能有效降低服务响应延迟并减少核心网络数据流量。然而,当前MEC中虚拟机部署的大多数研究尚未具体考虑用户对多种应用服务的需求。因此,该文针对MEC中多应用服务的虚拟机部署问题,提出两种启发式算法,即基于适应度的启发式部署算法(FHPA)和基于分治的启发式部署算法(DCBHPA),通过在边缘网络中配置支持多种应用服务的虚拟机来最大限度地减少网络中的数据流量。FHPA和DCBHPA分别基于边缘服务器的网络连接特征和用户对应用请求的差异性,定义了不同的适应度计算模型。在此基础上,通过子问题划分机制实现VM配置。仿真结果表明,相比于基准算法,所提算法能更好地控制系统数据流量,有效地提高边缘网络服务资源的利用率。     

A blockchain-enabled security management framework for mobile edge computing

Mobile edge computing (MEC) integrates mobile and edge computing technologies to provide efficient computing services with low latency. It includes several Internet of Things (IoT) and edge devices that process the user data at the network's edge. The architectural characteristic of MEC supports many internet-based services, which attract more number of users, including attackers. The safety and privacy of the MEC environment, especially user information is a significant concern. A lightweight accessing and sharing protocol is required because edge devices are resource constraints. This paper addresses this issue by proposing a blockchain-enabled security management framework for MEC environments. This approach provides another level of security and includes blockchain security features like temper resistance, immutable, transparent, traceable, and distributed ledger in the MEC environment. The framework guarantees secure data storage in the MEC environment. The contributions of this paper are twofold: (1) We propose a blockchain-enabled security management framework for MEC environments that address the security and privacy concerns, and (2) we demonstrate through simulations that the framework has high performance and is suitable for resource-constrained MEC devices. In addition, a smart contract-based access and sharing mechanism is proposed. Our research uses a combination of theoretical analysis and simulation experiments to demonstrate that the proposed framework offers high security, low latency, legitimate access, high throughput, and low operations cost.     

Naive-LSTM based services awareness of edge computing elastic optical networks

Great challenges and demands are presented by increasing edge computing services for current elastic optical networks(EONs) to deal with serious diversity and complexity of these services. To improve the match degree between edge computing and optical network, the services awareness function is necessary for EON. This article proposes a Naive long short-term memory(Naive-LSTM) based services awareness strategy of the EON, where the Naive-LSTM model makes full use of the most simplified structure...