Guangming Cui,Qiang He,Bo Li,Xiaoyu Xia,Feifei Chen,Hai Jin,Yang Xiang,Yun Yang

DOI: https://doi.org/10.1109/tsc.2021.3090173

IF: 11.019

2022-01-01

IEEE Transactions on Services Computing

Abstract:The new edge computing paradigm extends cloud computing by allowing service vendors to deploy their service instances and data on distributed edge servers to serve their service users in close geographic proximity to those edge servers. Caching edge data on edge servers profoundly reduces the retrieval latency perceived by users. However, these edge data are subject to corruption due to intentional and/or accidental exceptions. This is a major challenge for service vendors but has been overlooked. Thus, verifying the integrity of edge data accurately and efficiently is a critical security problem in the edge computing environment. A unique characteristic of the edge computing environment is that edge servers suffer from constrained computing capacities. Thus, verifying data integrity on massive edge servers individually is computationally expensive and impractical. In this paper, we tackle this Edge Data Integrity (EDI) problem with an inspection and corruption localization scheme for EDI named ICL-EDI. This scheme allows service vendors to inspect data integrity and localize corrupted edge data cached on multiple edge servers accurately and efficiently. To evaluate its performance, we implement ICL-EDI and conduct extensive experiments to demonstrate its effectiveness and efficiency.

computer science, information systems, software engineering

Liping Qiao,Yanping Li,Feng Wang,Bo Yang

DOI: https://doi.org/10.1016/j.adhoc.2022.102906

IF: 4.816

2022-08-01

Ad Hoc Networks

Abstract:With the increase of smart devices, edge computing is becoming a new computing paradigm that coexist with centralized cloud computing to process data distributed at the edge of the network. Based on this new paradigm, app vendors can store data replicas on geographically distributed edge servers to serve surrounding users to reduce access delay. However, since edge servers have limited storage space and computing ability, these edge data are vulnerable to various corruption. Therefore, how to efficiently audit the integrity of edge data has become an urgent problem to be solved. To tackle the Edge Data Integrity (EDI) problem, we propose a lightweight auditing scheme, namely EDI-SA. Firstly, inspired by the shuffle algorithm and the bucket sorting algorithm, we propose an improved sampling algorithm, which is a new lightweight challenge block sampling method. Secondly, based on algebraic signature, EDI-SA can achieve efficient aggregation verification and the signature computation cost is independent of the number of data blocks, which greatly reduces the computation overhead of app vendors and edge servers. Thirdly, EDI-SA supports batch auditing and provable dynamic update, app vendors can also uniquely locate the corrupted edge data. Finally, security and performance analyses demonstrate the security and effectiveness of EDI-SA.

computer science, information systems,telecommunications

Bo Li,Qiang He,Feifei Chen,Hai Jin,Yang Xiang,Yun Yang

DOI: https://doi.org/10.1109/tpds.2020.3043755

IF: 5.3

2021-05-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Edge computing allows app vendors to deploy their applications and relevant data on distributed edge servers to serve nearby users. Caching data on edge servers can minimize users' data retrieval latency. However, such cache data are subject to both intentional and accidental corruption in the highly distributed, dynamic, and volatile edge computing environment. Given a large number of edge servers and their limited computing resources, how to effectively and efficiently audit the integrity of app vendors' cache data is a critical and challenging problem. This article makes the first attempt to tackle this Edge Data Integrity (EDI) problem. We first analyze the threat model and the audit objectives, then propose a lightweight sampling-based probabilistic approach, namely EDI-V, to help app vendors audit the integrity of their data cached on a large scale of edge servers. We propose a new data structure named variable Merkle hash tree (VMHT) for generating the integrity proofs of those data replicas during the audit. VMHT can ensure the audit accuracy of EDI-V by maintaining sampling uniformity. EDI-V allows app vendors to inspect their cache data and locate the corrupted ones efficiently and effectively. Both theoretical analysis and comprehensively experimental evaluation demonstrate the efficiency and effectiveness of EDI-V.

computer science, theory & methods,engineering, electrical & electronic

Yan Ding,Yanping Li,Wenjie Yang,Kai Zhang

DOI: https://doi.org/10.1016/j.sysarc.2022.102560

IF: 5.836

2022-07-01

Journal of Systems Architecture

Abstract:With the rapid development of 5G technology and wireless networks, new applications such as VR/AR-based immersive online games have developed rapidly. These applications are very sensitive to network delays. To address the time delay of data transfer, the vendors of these delay-sensitive applications often deploy data replicas on edge servers to provide users with a low-latency application experience. However, the edge computing environment is highly distributed and dynamic, which makes the data replicas stored on edge servers often face intentional or unintentional damage. In addition, the computing resources of edge servers are very limited compared to cloud servers. Therefore, how to efficiently audit the integrity of data replicas stored on a large number of edge servers becomes an urgent problem to be solved. This paper first designs a data integrity verification scheme called EDI-DA in edge environment to help application vendors to check the integrity of data replicas stored on distributed edge servers. Then, we extend EDI-DA to allow application vendors to verify the integrity of different edge data replicas simultaneously, i.e., our EDI-DA supports batch auditing of multiple original data. Next, we propose an improved data structure I-SLT based on which EDI-DA supports full data dynamics, including insertion, deletion and modification. Finally, security and performance analyses indicate the security and practicability of our EDI-DA.

computer science, software engineering, hardware & architecture

Yao Zhao,Youyang Qu,Yong Xiang,Md Palash Uddin,Dezhong Peng,Longxiang Gao

2024-08-08

Abstract:Recent advances in edge computing~(EC) have pushed cloud-based data caching services to edge, however, such emerging edge storage comes with numerous challenging and unique security issues. One of them is the problem of edge data integrity verification (EDIV) which coordinates multiple participants (e.g., data owners and edge nodes) to inspect whether data cached on edge is authentic. To date, various solutions have been proposed to address the EDIV problem, while there is no systematic review. Thus, we offer a comprehensive survey for the first time, aiming to show current research status, open problems, and potentially promising insights for readers to further investigate this under-explored field. Specifically, we begin by stating the significance of the EDIV problem, the integrity verification difference between data cached on cloud and edge, and three typical system models with corresponding inspection processes. To thoroughly assess prior research efforts, we synthesize a universal criteria framework that an effective verification approach should satisfy. On top of it, a schematic development timeline is developed to reveal the research advance on EDIV in a sequential manner, followed by a detailed review of the existing EDIV solutions. Finally, we highlight intriguing research challenges and possible directions for future work, along with a discussion on how forthcoming technology, e.g., machine learning and context-aware security, can augment security in EC. Given our findings, some major observations are: there is a noticeable trend to equip EDIV solutions with various functions and diversify study scenarios; completing EDIV within two types of participants (i.e., data owner and edge nodes) is garnering escalating interest among researchers; although the majority of existing methods rely on cryptography, emerging technology is being explored to handle the EDIV problem.

Cryptography and Security

Jian Li,Qinglin Zhao,Shaohua Teng,Naiqi Wu,Guanghui Li,Yi Sun

DOI: https://doi.org/10.1109/tnsm.2024.3383239

2024-01-01

IEEE Transactions on Network and Service Management

Abstract:Mobile edge computing allows for high-performance and low-latency applications by delegating computation and data processing tasks to edge servers. However, ensuring the integrity of cached data on these servers can be challenging due to their limited resources. Current designs often use a per-edge multi-round approach, which necessitates multiple communication rounds between each edge server and the application vendor (AppVend). This approach results in high communication and computational costs, as well as the stragglers effect during batch verification. To address these inefficiencies, we propose a Hierarchical Signature Aggregation for Edge Data Integrity (HSA-EDI) verification design. Our design adopts a novel per-edge one-round approach, which significantly reduce the number of communication rounds to one for each edge server, while mitigating the impact of stragglers. Furthermore, it remarkably reduces computational costs through a hierarchical aggregation mechanism. This mechanism supports intra-edge signature aggregation at the edge server level, followed by inter-edge aggregation at the AppVend, which enhances overall efficiency. We then conduct a theoretical analysis of HSA-EDI’s correctness, security, and communication, computation, and storage efficiency. Experimental results validate its superior performance over state-of-the-art designs.

computer science, information systems

Bo Li,Qiang He,Feifei Chen,Haipeng Dai,Hai Jin,Yang Xiang,Yun Yang

DOI: https://doi.org/10.1109/tifs.2021.3111747

IF: 7.231

2021-01-01

IEEE Transactions on Information Forensics and Security

Abstract:The new mobile edge computing (MEC) paradigm fundamentally changes the data caching technique by allowing data to be cached on edge servers attached to base stations within hundreds of meters from users. It provides a bounded latency guarantee for latency-sensitive applications, e.g., interactive AR/VR applications, online gaming, etc. However, in the highly distributed MEC environment, cache data is subject to corruption and their integrity must be ensured. Existing centralized data integrity assurance schemes are rendered obsolete by the unique characteristics of MEC, i.e., unlike cloud servers, edge servers have only limited computing and storage resources and they are deployed massively and distributed geographically. Thus, it is a new and significant challenge to ensure cache data integrity over tremendous geographically-distributed resource-constrained edge servers. This paper proposes the CooperEDI scheme to guarantee the edge data integrity in a distributed manner. CooperEDI employs a distributed consensus mechanism to form a self-management edge caching system. In the system, edge servers cooperatively ensure the integrity of cached replicas and repair corrupted ones. We experimentally evaluate its performance against three representative schemes. The results demonstrate that CooperEDI can effectively and efficiently ensure cache data integrity in the MEC environment.

computer science, theory & methods,engineering, electrical & electronic

Wei Tong,Wenjie Chen,Bingbing Jiang,Fengyuan Xu,Qun Li,Sheng Zhong

DOI: https://doi.org/10.1109/icdcs.2019.00104

2019-01-01

Abstract:Mobile edge computing (MEC) is proposed as an extension of cloud computing in the scenarios where the end devices desire better services in terms of response time. Edge nodes are deployed at the proximity of the end devices, and it can pre-download parts of data stored in the cloud so that the end devices can access these data with low latency. However, because the edges are usually owned by individuals and small organizations, which have limited operation capacities for maintaining the machines, the data on the edges are easily corrupted (due to external attacks or internal hardware failures). Therefore, it is essential to verify data integrity in the MEC. We propose two Integrity Checking protocols for mobile Edge computing, called ICE-basic and ICE-batch, which are designed for the cases where the user wants to check data integrity on a single edge or multiple edges, respectively. Based on the concept of provable data possession and the technique of private information retrieval, our protocols allow a third-party verifier to check the data integrity on the edges without violating users' data privacy and query pattern privacy. We rigorously prove the security and privacy guarantees of the protocols. Furthermore, we have implemented a proof-of-concept system that runs ICE, and extensive experiments are conducted. The theoretical analysis and experimental results demonstrate the proposed protocols are efficient both in computation and communication.

Yao Zhao,Chenhao Xu,Youyang Qu,Yong Xiang,Feifei Chen,Longxiang Gao

DOI: https://doi.org/10.1109/jiot.2024.3366292

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Edge intelligence, an emerging distributed paradigm, is driven by the increasing number of Internet of Things devices and the development of edge computing and artificial intelligence. This paradigm revolutionizes the way of data caching by encouraging latency-sensitive data to be distributed across multiple edge nodes. In such data caching scenarios, ensuring the integrity of data stored at the edge nodes is critical for business continuity guarantee. Existing Edge Data Integrity (EDI) verification solutions rely on the interactive Challenge-Response mechanism. However, this mechanism imposes significant communication overhead on participants, leading to low verification efficiency. To address this challenge, we propose a Learning-based Hierarchical Edge Data Corruption Detection framework (LH-EDCD), aiming to enhance verification efficiency from a round perspective by reducing communication interaction between edge nodes and the data owner. LH-EDCD involves two layers of verification: internal and external. In the internal verification layer, each edge node self-inspects the cached data replica by running a corruption detection model distributedly trained by blockchain-based Federated Learning (FL). With such filtration, potential corruption can be efficiently identified without complex interaction. Considering the false positive existence in the model, in the external verification layer, LH-EDCD adopts a smart contract in blockchain to verify identified potentially corrupted data replicas for corruption confirmation, mitigating the trust concerns among edge nodes while reducing communication overhead on backbone networks. With the combination of these two layers, the overall EDI verification efficiency can be improved by reducing interaction verification time. Additionally, we make the first attempt to investigate the optimal verification time to improve the applicability and practicality of LH-EDCD. Extensive experimental results substantiate the advantages of employing FL in the first layer of LH-EDCD and demonstrate that LH-EDCD outperforms two state-of-the-art EDI approaches, i.e., EDI-S and EDI-V. Specifically, LH-EDCD achieves better model accuracy and convergence speed compared to centralized training, while exhibiting superior efficiency over EDI-S and EDI-V with 3.5 and 2.8 times performance improvements, respectively.

computer science, information systems,telecommunications,engineering, electrical & electronic

Rohini Suhas Kale,Jayashri Hase,Shyam Deshmukh,Samir N. Ajani,Pratik K Agrawal,Chhaya Sunil Khandelwal

DOI: https://doi.org/10.47974/jdmsc-1898

2024-01-01

Journal of Discrete Mathematical Sciences and Cryptography

Abstract:This study examines, from a security and privacy standpoint, the significant obstacles to maintaining data integrity and confidentiality in edge computing contexts. Data security at the edge becomes critical as more and more edge devices proliferate and generate large volumes of sensitive data. The review of the literature looks at edge computing security problems that currently exist and discusses fixes to protect data integrity and confidentiality. The article explores various vulnerabilities, emphasizing the necessity for strong security systems, including data exposure risks and integrity concerns. It examines secure communication protocols, access control methods, and encryption techniques as crucial risk-reduction instruments. Anonymization and differential privacy are two privacy-preserving techniques that are investigated to find a middle ground between user privacy and data value. The article provides real-world insights through case studies and actual implementations, and it lays out metrics and evaluation criteria for determining how successful security measures are. Finally, the report highlights the need of addressing data security in changing edge computing settings and offers future directions and research difficulties.

Lei Xu,Xingliang Yuan,Zhengxiang Zhou,Cong Wang,Chungen Xu

DOI: https://doi.org/10.1109/tsc.2021.3111208

IF: 11.019

2021-01-01

IEEE Transactions on Services Computing

Abstract:Edge computing brings data computation and storage closer to the mobile device to save response time for decision making. After being processed at the edge, commonly the data will be uploaded to the cloud for further enriched analysis. For privacy concerns, local devices may encrypt the collected data before sending it to the cloud server. However, this treatment increases the server's processing time and makes it hard to pick out the desired data. In this article, to address this problem, we design an encrypted data validation scheme, which enables the edge to clean the encrypted data to be uploaded. Because edge computing encompasses numerous edge devices from different service providers, we explore the public-key cryptographic mechanism to implement our secure data validation scheme. Considering potential risks from quantum computers, we propose to leverage ideal lattice to realize our protocol, which reaches better performance in both time and storage for edge devices. Extensive evaluation results show that our proposed proposal achieves considerable performance improvements in terms of communication and computation aspects. Particularly, compared to prior work, nearly 123×-238× speed up is achieved in our key derivation procedure and the storage cost of the secret key is reduced from 547MB to 1.7MB.

computer science, information systems, software engineering

Dongdong Yue,Ruixuan Li,Yan Zhang,Wenlong Tian,Yongfeng Huang

DOI: https://doi.org/10.1016/j.jpdc.2020.06.007

IF: 4.542

2020-12-01

Journal of Parallel and Distributed Computing

Abstract:<p>With the popularity of the Internet of Things (IoT), data integrity verification in the edge cloud storage attracts attentions from many researchers. Due to the over dependence of the Third Party Auditor (TPA) and the dynamical nature of the IoT data, the traditional data integrity verification framework for cloud storage can hardly work. To satisfy the characteristics of the IoT and avoid the over dependence of the TPA, we propose a blockchain-based framework without TPA for data integrity verification in a decentralized edge-cloud storage (ECS) scenario in this paper. In our framework, we employ the Merkle tree with random challenging numbers for data integrity verification and analyze different Merkle tree structures to optimize the system performance. To solve the problem of limited resources and high real-time requirements, we further propose sampling verification and develop rational sampling strategies to make sampling verification more effective. The overhead and precision of the verification in ECS are studied by an optimal sample size strategy. Finally, a prototype system is implemented based on our framework and we conduct a series of experiments to evaluate the effectiveness of the proposed schemes. The experimental results show that our schemes can effectively improve the performance of data integrity verification.</p>

computer science, theory & methods

Jianping He,Lin Cai,Peng Cheng,Jianping Pan,Ling Shi

DOI: https://doi.org/10.1109/jiot.2018.2834544

IF: 10.6

2019-01-01

IEEE Internet of Things Journal

Abstract:Privacy-preserving data aggregation (DA) in network systems, e.g., Internet of Things (IoT), is a challenging problem, considering the dynamic network topology, limited computing capacity, energy supply of IoT devices, etc. The difficulty is exaggerated when there exist dishonest nodes, and how to ensure privacy, accuracy, and robustness of the DA process against dishonest nodes remains an open issue. Different from the widely investigated cryptographic approaches, in this paper, we address this challenging problem by exploiting the distributed consensus technique. To mitigate the pollution from dishonest nodes, we propose an enhanced secure consensus-based DA (E-SCDA) algorithm that allows neighbors to detect dishonest nodes, and derive the error bound when there are undetectable dishonest nodes. We prove the convergence of the E-SCDA and show that the algorithm can preserve the privacy associated to nodes' initial states. Extensive simulations have shown that the proposed algorithm has a high convergence accuracy and low complexity, even when there exist dishonest nodes in the network.

Ruikun Luo,Qiang He,Mengxi Xu,Feifei Chen,Song Wu,Jing Yang,Yuan Gao,Hai Jin

DOI: https://doi.org/10.1109/tpds.2024.3493959

IF: 5.3

2024-11-29

IEEE Transactions on Parallel and Distributed Systems

Abstract:The emergence of mobile edge computing (MEC) in distributed systems has sparked increased attention toward edge data management. A conflict arises from the disparity between limited edge resources and the continuously expanding data requests for data storage, making the reduction of data storage costs a critical objective. Despite the extensive studies of edge data deduplication as a data reduction technique, existing deduplication methods encounter numerous challenges in MEC environments. These challenges stem from disparities between edge servers and cloud data center edge servers, as well as uncertainties such as user mobility, leading to insufficient robustness in deduplication decision-making. Consequently, this paper presents a robust optimization-based approach for the edge data deduplication problem. By accounting for uncertainties including the number of data requirements and edge server failures, we propose two distinct solving algorithms: uEDDE-C, a two-stage algorithm based on column-and-constraint generation, and uEDDE-A, an approximation algorithm to address the high computation overhead of uEDDE-C. Our method facilitates efficient data deduplication in volatile edge network environments and maintains robustness across various uncertain scenarios. We validate the performance and robustness of uEDDE-C and uEDDE-A through theoretical analysis and experimental evaluations. The extensive experimental results demonstrate that our approach significantly reduces data storage cost and data retrieval latency while ensuring reliability in real-world MEC environments.

computer science, theory & methods,engineering, electrical & electronic

Shuai Shang,Xiong Li,Ke Gu,Lei Li,Xiaosong Zhang,Vijayakumar Pandi

DOI: https://doi.org/10.1109/tii.2023.3315375

IF: 12.3

2024-01-01

IEEE Transactions on Industrial Informatics

Abstract:Edge-supported Industrial Internet of Things (IIoT) has received remarkable attention recently since edge computing can not only reduce bandwidth consumption but also decrease the response time of industrial systems. However, the sensed data in the industrial environment is considered private. Thus, the data cannot be directly aggregated at the server due to privacy leakage. Although several privacy-preserving-aggregated schemes have been proposed, their security goals are not strong enough. Besides, most schemes are inefficient for resource-constrained devices. Aiming at solving the abovementioned problems, this article proposes a robust privacy-preserving data aggregation scheme for edge-supported IIoT. Specifically, the scheme adopts the Paillier cryptosystem to protect the privacy of users. Additionally, it utilizes ECDSA signature to support batch verification of multiple signatures from different signers, which significantly improves efficiency. Security analysis shows that the proposed scheme not only guarantees the integrity of the data and mutual authentication among entities but also realizes differential privacy protection. Extensive experiments are conducted to compare our scheme with the related work. The results show that our method outperforms most of the compared schemes with respect to communication. Moreover, compared with the related work, our scheme reduces the computational cost by an average of 6.7%, 16.9%, and 27.8% in sensor, edge server, and control center sides, respectively.

Zhang Lejun,Peng Minghui,Su Shen,Wang Weizheng,Jin Zilong,Su Yansen,Chen Huiling,Guo Ran,Sergey Gataullin

DOI: https://doi.org/10.23919/jcc.fa.2021-0815.202403

2024-04-02

China Communications

Abstract:With the rapid development of information technology, IoT devices play a huge role in physiological health data detection. The exponential growth of medical data requires us to reasonably allocate storage space for cloud servers and edge nodes. The storage capacity of edge nodes close to users is limited. We should store hotspot data in edge nodes as much as possible, so as to ensure response timeliness and access hit rate; However, the current scheme cannot guarantee that every sub-message in a complete data stored by the edge node meets the requirements of hot data; How to complete the detection and deletion of redundant data in edge nodes under the premise of protecting user privacy and data dynamic integrity has become a challenging problem. Our paper proposes a redundant data detection method that meets the privacy protection requirements. By scanning the cipher text, it is determined whether each sub-message of the data in the edge node meets the requirements of the hot data. It has the same effect as zero-knowledge proof, and it will not reveal the privacy of users. In addition, for redundant sub-data that does not meet the requirements of hot data, our paper proposes a redundant data deletion scheme that meets the dynamic integrity of the data. We use Content Extraction Signature (CES) to generate the remaining hot data signature after the redundant data is deleted. The feasibility of the scheme is proved through safety analysis and efficiency analysis.

telecommunications

Yuan Su,Jiliang Li,Yanping Li,Zhou Su

DOI: https://doi.org/10.1109/tii.2022.3170156

IF: 12.3

2023-01-01

IEEE Transactions on Industrial Informatics

Abstract:The data aggregation technique has been widely adopted in the Internet of Things (IoT) to protect data privacy while ensuring data availability. Homomorphic encryption is a typical technique that guarantees accurate computing results. However, it brings heavy computation overhead for edge nodes and exposes the aggregated results to the central server, which significantly threatens the confidentiality of results. This article gets rid of the server-centric style existing in most data aggregation schemes and proposes a scalable and decentralized data aggregation scheme for edge-enabled IoT. In the proposed scheme, edge nodes can freely form, join, and exit from the data aggregation group to aggregate data correctly, securely, and efficiently. Besides, two structure-based data aggregation methods are proposed to reduce the aggregation overhead to $O(n\sqrt{n})$ with constant rounds, as opposed to $O(n\log n)$ with $O(n)$ round. Symmetric encryption and online/offline signature computation are adopted to mitigate the online computation burden. Moreover, the proposed scheme can rigorously defend against forgery attack, eavesdropping attack, and collusion attack. The performance evaluation and experiment results show that the proposed scheme improves the efficiency of communication with affordable computation costs for edge nodes.

Lijun Xiao,Jiahong Cai,Meikang Qiu,Meiqin Liu

DOI: https://doi.org/10.1109/cscloud-edgecom52276.2021.00042

2021-01-01

Abstract:Edge computing uses devices deployed at the edge of the network to preprocess data to reduce the computing pressure on the central server. Through edge computing, smart grid can process large amounts of data faster, meeting real-time, reliability, and high-efficiency requirements. However, as the number of edge devices continues to increase, the problem of leakage and tampering of private data is gradually exposed. In order to solve this problem, this paper proposes a lightweight identity authentication scheme suitable for smart grid environment based on Elliptic Curve Encryption (ECC) technology. In the proposed protocol, we encrypt the identity and key information through ECC, and use the timestamp to verify the validity of the session. In addition, the proposed protocol is encrypted with a random number for each round of authentication, and an attacker cannot crack our protocol through a replay attack. Experimental analysis shows that the proposed protocol is safety and key information will not be leaked. Finally, the cost analysis shows that the proposed protocol has lower communication and lower calculation cost than other that of related protocols, and is suitable for deployment in large-scale intelligent smart grid environments.

Lingshuang Liu,Cheng Huang,Dan Zhu,Dongxiao Liu,Jianbing Ni,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/globecom48099.2022.10000715

2022-01-01

Abstract:Pervasive edge computing (PEC) integrates the resources of peer devices at the network edge to serve users' latency-sensitive computation needs. Due to the high dynamics of the PEC environment, it is very challenging to achieve efficient service access control of edge servers and users without an "always-online" centralized server. In this paper, we propose a secure, efficient, and distributed service access control framework (SE-DAC) in the PEC environment. Specifically, SE-DAC extends the key-aggregate cryptosystem to achieve batch service authorization, where the service provider aggregates the access keys of different services to produce a constant-size aggregate key for the edge servers. Meanwhile, user authentication tasks are delegated to the edge servers by integrating secret sharing. The mutual authentication between the edge servers and the users is based on zero-round trip communication, such that the communication bandwidth cost is low. In addition, the service provider can efficiently revoke the authorization of the dropout or compromised edge servers in response to the dynamics of the PEC environment. Finally, we conduct numerical analysis and experiments to demonstrate that SE-DAC is highly computational efficient on service authorization, authentication, and revocation.