Lingshuang Liu,Cheng Huang,Dan Zhu,Dongxiao Liu,Jianbing Ni,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/globecom48099.2022.10000715

2022-01-01

Abstract:Pervasive edge computing (PEC) integrates the resources of peer devices at the network edge to serve users' latency-sensitive computation needs. Due to the high dynamics of the PEC environment, it is very challenging to achieve efficient service access control of edge servers and users without an "always-online" centralized server. In this paper, we propose a secure, efficient, and distributed service access control framework (SE-DAC) in the PEC environment. Specifically, SE-DAC extends the key-aggregate cryptosystem to achieve batch service authorization, where the service provider aggregates the access keys of different services to produce a constant-size aggregate key for the edge servers. Meanwhile, user authentication tasks are delegated to the edge servers by integrating secret sharing. The mutual authentication between the edge servers and the users is based on zero-round trip communication, such that the communication bandwidth cost is low. In addition, the service provider can efficiently revoke the authorization of the dropout or compromised edge servers in response to the dynamics of the PEC environment. Finally, we conduct numerical analysis and experiments to demonstrate that SE-DAC is highly computational efficient on service authorization, authentication, and revocation.

Xiaotong Zhou,Debiao He,Jianting Ning,Min Luo,Xinyi Huang

DOI: https://doi.org/10.1109/tifs.2022.3220030

IF: 7.231

2023-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Edge computing is an emerging distributed computing concept that allows edge servers to provide authorized consumers with various on-demand services. Due to highly dynamic and untrustworthy network environments, various potential security concerns (e.g., unauthorized access, data manipulation, and privacy leakage) have been the critical factors restricting the development of edge computing. A recent heterogeneous framework proposed by Dougherty et al. (CCS’21), named APECS, deploys token-based authorization and multiple attribute-based encryption (MABE) to guarantee access control and data confidentiality. While APECS achieves a secure asynchronous access control without the “always-on” cloud, it suffers from privacy leakage (caused by the public identity information) and fake data spreading issues (due to the data confidentiality). In this paper, we propose an Anonymous and Auditable Distributed Access Control Framework for Edge Computing (AADEC) to relieve these issues. AADEC is based on two building blocks that we designed, namely a conditional anonymous authentication and an auditable MABE with optimized performance. We also define the formal security models and present security proofs for our proposal. The final qualitative comparison and performance benchmark demonstrate that AADEC can achieve a trade-off among anonymity, confidentiality, auditability and efficiency.

Reza Tourani,Srikathyayani Srikanteswara,Satyajayant Misra,Richard Chow,Lily Yang,Xiruo Liu,Yi Zhang

DOI: https://doi.org/10.48550/arXiv.2007.00641

2020-07-01

Networking and Internet Architecture

Abstract:The needs of emerging applications, such as augmented and virtual reality, federated machine learning, and autonomous driving, have motivated edge computing--the push of computation capabilities to the edge. Various edge computing architectures have emerged, including multi-access edge computing and edge-cloud, all with the premise of reducing communication latency and augmenting privacy. However, these architectures rely on static and pre-deployed infrastructure, falling short in harnessing the abundant resources at the network's edge. In this paper, we discuss the design of Pervasive Edge Computing (PEC)--a democratized edge computing framework, which enables end-user devices (e.g., smartphones, IoT devices, and vehicles) to dynamically participate in a large-scale computing ecosystem. Our vision of the democratized edge involves the real-time composition of services using available edge resources like data, software, and compute-hardware from multiple stakeholders. We discuss how the novel Named-Data Networking architecture can facilitate service deployment, discovery, invocation, and migration. We also discuss the economic models critical to the adoption of PEC and the outstanding challenges for its full realization.

Lanyan Wang,Wenxiu Ding,Zheng Yan,Su Qiu,Mingjun Wang,Zhiguo Wan

DOI: https://doi.org/10.1109/jiot.2023.3342314

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:The rapid development of the Internet of Things (IoT) has led to the generation and perception of large amounts of data from IoT devices. These data are outsourced to the cloud for flexible sharing and deep analytics, which can significantly enhance IoT applications. But this raises privacy concerns for IoT devices. Attribute-based encryption is applied to realize fine-grained access control, which offers data owners control capability over their outsourced data. However, the centralized infrastructure is susceptible to the single-point-of-failure problem and may not be suitable for highly distributed IoT applications due to high latency. To overcome this issue, blockchain technology is introduced to realize a distributed infrastructure and provide robust data services. Owing to the innate transparency characteristic of blockchain, challenges associated with privacy are amplified. Therefore, this paper presents an efficient and decentralized data access control scheme (EDDAC) that preserves attribute privacy. The scheme utilizes chameleon hash to implement attribute hiding, providing resistance against dictionary attacks. Additionally, it includes blockchain-based decryption tests that reduce the decryption overhead on clients through the application of inner-product predicate encryption. Furthermore, our scheme employs Shamir secret sharing to achieve decentralized authorization based on blockchain, thereby reducing the trust-building overhead on authorization nodes. Finally, we provide proof of the adaptive security of the proposed scheme and demonstrate its effectiveness and advantages through simulations and comparisons with existing literature.

Wenying Zheng,Bing Chen,Debiao He

DOI: https://doi.org/10.1016/j.csi.2022.103640

IF: 3.721

2022-01-01

Computer Standards & Interfaces

Abstract:Access control is an essential mechanism in collaborative environments, which guarantees the security of shared resources. With the intertwinement of emerging technologies likes edge computing, cloud, Artificial Intelligence (AI), and Internet of Things (IoT), access control will encounter its innovation and development shortly. Whereas, traditional access control did not consider the adaptive and fine-grained requirements in edge computing. In addition, the integrity of the accessed data is not considered in the traditional access control scheme. In this paper, inspired by the technologies in AI and cloud, an adaptive access control scheme based on trust degrees is proposed. The trust degrees of users and the quality of data are defined. On this basis, the trust degrees-based adaptive access control framework is proposed. Moreover, in the proposed scheme, technologies in AI and cryptography are converged. In particular, the ciphertext policy attribute-based encryption (CP-ABE) is integrated with the classification and recommendation algorithms in AI, thereby providing adaptive and finegrained properties for access control in edge computing. Moreover, the integrity of the accessed data is guaranteed by the auditing technique in cryptography. Finally, the proposed access control scheme is implemented by using the PBC library. For supporting the efficient computation in edge computing, all types of elliptic curves provided by the PBC library are tested. The experimental result shows that Type D curve is the most efficient in implementing the proposed scheme.

Danye Wu,Zhiwei Xu,Bo Chen,Yujun Zhang,Zhu Han

DOI: https://doi.org/10.1109/tcomm.2020.3026380

IF: 6.166

2021-01-01

IEEE Transactions on Communications

Abstract:By moving computing resources close to where they are needed (i.e., the network edges), edge computing can significantly reduce burden on the centric cloud data centers. However, extreme scale of on-line big data may impose a significant burden on the network backbones. Information-centric edge networking can address this challenge by incorporating in-network caching into edge networks. This however, opens a door for many new security issues and requires various security defenses. One of those is efficient access control design specifically for information-centric edge networking. In this work, we aim to design an efficient and secure access control scheme for information-centric edge networking. In our design, we propose the confidentiality-enhanced network coding which can ensure that, without having access to the authorization key, the attacker will not be able to obtain the original content. And thanks to the properties of confidentiality-enhanced network coding, highly efficient access control can be realized by encrypting only part of the encoding matrix. In addition, our design can allow efficiently revoking users. Security analysis and experimental evaluation on NS3 demonstrate that our scheme can successfully enforce access control in information-centric edge networking with a small overhead.

telecommunications,engineering, electrical & electronic

Mingjin Zhang,Jiannong Cao,Yuvraj Sahni,Qianyi Chen,Shan Jiang,Tao Wu

DOI: https://doi.org/10.48550/arXiv.2209.06613

2022-09-14

Abstract:Edge computing has become a popular paradigm where services and applications are deployed at the network edge closer to the data sources. It provides applications with outstanding benefits, including reduced response latency and enhanced privacy protection. For emerging advanced applications, such as autonomous vehicles, industrial IoT, and metaverse, further research is needed. This is because such applications demand ultra-low latency, hyper-connectivity, and dynamic and reliable service provision, while existing approaches are inadequate to address the new challenges. Hence, we envision that the future edge computing is moving towards distributed intelligence, where heterogeneous edge nodes collaborate to provide services in large-scale and geo-distributed edge infrastructure. We thereby propose Edge-as-a-Service (EaaS) to enable distributed intelligence. EaaS jointly manages large-scale cross-node edge resources and facilitates edge autonomy, edge-to-edge collaboration, and resource elasticity. These features enable flexible deployment of services and ubiquitous computation and intelligence. We first give an overview of existing edge computing studies and discuss their limitations to articulate the motivation for proposing EaaS. Then, we describe the details of EaaS, including the physical architecture, proposed software framework, and benefits of EaaS. Various application scenarios, such as real-time video surveillance, smart building, and metaverse, are presented to illustrate the significance and potential of EaaS. Finally, we discuss several challenging issues of EaaS to inspire more research towards this new edge computing framework.

Networking and Internet Architecture

Jie Cui,Bei Li,Hong Zhong,Geyong Min,Yan Xu,Lu Liu

DOI: https://doi.org/10.1109/TPDS.2021.3094126

IF: 5.3

2022-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:The cloud computing paradigm provides numerous tempting advantages, enabling users to store and share their data conveniently. However, users are naturally resistant to directly outsourcing their data to the cloud since the data often contain sensitive information. Although several fine-grained access control schemes for cloud-data sharing have been proposed, most of them focus on the access control of the encrypted data (e.g., restricting the decryption capabilities of the receivers). Distinct from the existing work, this article aims to address this challenging problem by developing a more practical bidirectional fine-grained access control scheme that can restrict the capabilities of both senders and receivers. To this end, we systematically investigate the access control for cloud data sharing. Inspired by the access control encryption (ACE), we propose a novel data sharing framework that combines the cloud side and the edge side. The edge server is located in the middle of all the communications, checking and preventing illegal communications according to the predefined access policy. Next, we develop an efficient access control algorithm by exploiting the attribute-based encryption and proxy re-encryption for the proposed framework. The experimental results show that our scheme exhibits superior performance in the encryption and decryption compared to the prior work.

Qi Li,Lizhi Huang,Ruo Mo,Haiping Huang,Hongbo Zhu

DOI: https://doi.org/10.1109/ACCESS.2018.2874066

IF: 3.9

2018-01-01

IEEE Access

Abstract:As an emerging technique in 5G cellular networks, D2D communication efficiently utilizes the available resources. However, the concerns of data security, identity privacy, and system scalability have not been sufficiently addressed. In this paper, we propose a robust and scalable data access control scheme (RSDAC) in D2D communication, where the key build block is a multi-authority ciphertext-policy attribute-based encryption (MA-CP-ABE) with the large universe and verifiable outsourced decryption. In RSDAC, the system attribute universe is scalable, which is exponentially large without resource waste. Each base station (BS) governs the whole attribute universe individually. The data owner can define any monotonic access structure to encrypt its data. During the key generation phase, each BS can independently verify the user’s legitimacy and then generate an intermediate key for the legal user according to its attribute set. A core network server (CNS) acts as the central authority which will generate the final private key for the user basing on his intermediate key. We also design an efficient method to offload the complicated decryption to some devices with adequate computation resource and further check the correctness of decryption result. The security analysis and performance comparison indicate that our scheme is secure, efficient, and applicable.

Computer Science

Zhengzhe Xiang,Yuhang Zheng,Zengwei Zheng,Shuiguang Deng,Minyi Guo,Schahram Dustdar

DOI: https://doi.org/10.1109/tnet.2023.3265002

2023-01-01

IEEE/ACM Transactions on Networking

Abstract:The multi-access edge computing (MEC) paradigm has emerged as a critical solution to address the exponential growth in mobile web services and devices. By implementing an edge-based service provisioning system (EPS) with servers located at the network’s edge, both transmission and computation efficiency can be significantly enhanced. Nevertheless, it is also essential to carefully consider the resource allocation for services, the traffic management of requests, and the path arrangement for data delivery to ensure the cost-effective operation of the EPS. Therefore, we investigate and quantify the relationship between the performance and cost of the EPS in this paper, and model the cost-effective service provisioning problem as a multi-phase convex optimization problem. An online algorithm whose name is RDC based on the Lyapunov framework is proposed to decompose this problem into several sub-problems.Additionally, a heuristic approach that partitions edge servers into several clusters, called RDC-NeP and based on RDC , has also been proposed to reduce computational complexity. A series of experiments were conducted to evaluate the proposed approach. The results demonstrate that RDC can effectively balance expense and performance, while RDC-NeP significantly simplifies the processing of RDC when the problem scale increases.

Xiong Li,Tian Liu,Chaoyang Chen,Qingfeng Cheng,Xiaosong Zhang,Neeraj Kumar

DOI: https://doi.org/10.1109/jiot.2022.3165576

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:As an extension of cloud computing, edge computing has attracted the attention of academia and industry because of its characteristics of low latency, high bandwidth, and low energy consumption. However, due to limited terminal resources and insufficient security design, the edge computing environment still faces many challenges in terms of data security and privacy protection. Among them, how to effectively control access to outsourced data is one of the main issues. In this article, we propose a lightweight and verifiable ciphertext-policy attribute-based encryption (CP-ABE)-based multiauthority access control scheme for edge computing-assisted Internet of Things (IoT), which adopts the method of outsourcing decryption to mitigate the computational cost of data users with limited resources. In addition, our scheme realizes the feature of attribute revocation, and the design of the multiauthority mechanism enables our scheme to avoid the problem of key escrow. Therefore, our proposed scheme not only ensures data confidentiality but also can resist the collusion attack. Besides, our scheme is secure against the chosen plaintext attack in the random oracle model under the decision $q$ -BDHE assumption. Finally, we compared our scheme with some related work in performance, and the results demonstrate that our scheme is efficient in computation and communication. Because our scheme greatly mitigates the overhead of data users, it is very suitable for edge computing supported IoT applications with restricted computation resources.

Jiansi Wang,Haopeng Chen,Fuxiao Zhou,Meng Sun,Ziang Huang,Zhengtong Zhang

DOI: https://doi.org/10.1016/j.comnet.2021.108087

IF: 5.493

2021-01-01

Computer Networks

Abstract:Due to the rapid development of IoT and 5G technologies, end-users of the Internet are generating a sea of data, which burdens the cloud cores and data centers. The urgent traffic demand causes a bad quality of experience in the traditional reactive networks. With the improvement of hardware, the edge of the Internet can share some responsibility for cloud servers. In small-scale scenarios, offload computing and storage tasks to edge nodes can help improve the user experience and utilize resources of the edge networks. In this paper, we propose a collaborative edge–edge data storage service with adaptive prediction called A-DECS based on our previous work DECS (Zhou and Chen, 2020) in local area scenarios. It manages nodes in the edge network and fully utilizes the limited resources in the cluster. A-DECS picks the most appropriate node to offload tasks. It can also proactively replicate popular data and generate forwarding rules in advance. A-DECS can reduce the read latency of cold-start and sudden peak flow situations. We compare it to state-of-the-art research. This experiment result proves that A-DECS is more suitable for edge clusters due to its lower latency and better resource utilization.

Zishuai Song,Hui Ma,Rui Zhang,Wenhan Xu,Jianhao Li

DOI: https://doi.org/10.1109/tifs.2023.3266164

IF: 7.231

2023-04-21

IEEE Transactions on Information Forensics and Security

Abstract:Cloud-edge computing is a new paradigm for data sharing. Many computation tasks are assigned to multiple edge nodes to mitigate the computing burden of the cloud and data is also outsourced to them to provide real-time services for IoT devices. However, two major issues remain, namely data privacy and real-world deployment. According to the data privacy rights and principles that stated by General Data Protection Regulation (GDPR), data access control, restriction of data processing and finding inaccuracy data are critical issues that should be tackled in cloud-edge computing. Besides, since there are various types of devices and many of them are resource-constrained, how to efficiently apply deployment in cloud-edge computing is challenging for practice. In this work, we propose a new cryptographic primitive Controllable Outsourced Attribute-Based Proxy Re-Encryption (COAB-PRE) and a universal WebAssembly-based implementation framework for cross-platform deployment. In particular, COAB-PRE achieves bilateral and distributed access control whereby data producers and data consumers can both specify policies the other party must satisfy without a centralized access control server. The property, that we called controllable delegation, restricts the data processing on the edge nodes. COAB-PRE also supports comprehensive verifiability to find out a wrong result produced by the edge nodes and locate the misbehaved one. Moreover, we further discussed the potential property of COAB-PRE and put forward an improved scheme with high efficiency on devices. We also implemented our scheme using the approach and deployed it on different devices for experiment. All theoretical and experimental results indicate that our solution is secure and practical, and our implementation is suitable for cloud-edge computing.

computer science, theory & methods,engineering, electrical & electronic

Wu Deming,Zhang Yu,Wang Lina,Hou Jian,Xiao Lei,Chen Wei,Zhou Qing

DOI: https://doi.org/10.1049/cje.2017.11.009

IF: 1.019

2018-01-01

Chinese Journal of Electronics

Abstract:To guarantee that electronic publications are accessible only to the authorized users via cloud, we propose an Efficient access control scheme（EACS） based on Attribute-based encryption（ABE）, which is suitable for fine-grained access control. Compared with existing stateof-the-art schemes, EACS is more practical by following functions. Considering the factor that the user membership may change frequently, EACS has the capability of coping with dynamic membership efficiently. Arbitrary-State is also supported to facilitate the system management and improve efficiency. Besides, we prove in the standard model that the security of EACS is based on the Decisional Bilinear Diffie-Hellman assumption. To evaluate the practicality of EACS, we provide a detailed theoretical performance analysis and a simulation comparison with existing schemes. Both the theoretical analysis and the experimental results show that our proposal is efficient and practical for electronic publishing under cloud environment.

Kan Yang,Xiaohua Jia,Kui Ren,Bo Zhang

DOI: https://doi.org/10.1109/tifs.2013.2279531

IF: 7.231

2013-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Data access control is an effective way to ensure data security in the cloud. However, due to data outsourcing and untrusted cloud servers, the data access control becomes a challenging issue in cloud storage systems. Existing access control schemes are no longer applicable to cloud storage systems, because they either produce multiple encrypted copies of the same data or require a fully trusted cloud server. Ciphertext-policy attribute-based encryption (CP-ABE) is a promising technique for access control of encrypted data. However, due to the inefficiency of decryption and revocation, existing CP-ABE schemes cannot be directly applied to construct a data access control scheme for multiauthority cloud storage systems, where users may hold attributes from multiple authorities. In this paper, we propose data access control for multiauthority cloud storage (DAC-MACS), an effective and secure data access control scheme with efficient decryption and revocation. Specifically, we construct a new multiauthority CP-ABE scheme with efficient decryption, and also design an efficient attribute revocation method that can achieve both forward security and backward security. We further propose an extensive data access control scheme (EDAC-MACS), which is secure under weaker security assumptions.

Kaiqing Huang,Xueli Wang,Zhiqiang Lin

DOI: https://doi.org/10.1155/2021/8872699

IF: 1.968

2021-01-01

Security and Communication Networks

Abstract:With the assistance of edge computing which reduces the heavy burden of the cloud center server by using the network edge servers, the Internet of Things (IoTs) architectures enable low latency for real-time devices and applications. However, there still exist security challenges on data access control for the IoT. Multiauthority attribute-based encryption (MA-ABE) is a promising technique to achieve access control over encrypted data in cross-domain applications. Based on the characteristics and technical requirements of the IoT, we propose an efficient fine-grained revocable large universe multiauthority access control scheme. In the proposed scheme, the most expensive encryption operations have been executed in the user’s initialization phase by adding a reusable ciphertext pool besides splitting the encryption algorithm to online encryption and offline encryption. Massive decryption operations are outsourced to the near-edge servers for reducing the computation overhead of decryption. An efficient revocation mechanism is designed to change users’ access privileges dynamically. Moreover, the scheme supports ciphertext verification. Only valid ciphertext can be stored and transmitted, which saves system resources. With the help of the chameleon hash function, the proposed scheme is proven CCA2-secure under the q-DPBDHE2 assumption. The performance analysis results indicate that the proposed scheme is efficient and suitable in edge computing for the IoT.

Yue Guan,Songtao Guo,Pan Li,Yuanyuan Yang

DOI: https://doi.org/10.1109/icpads51040.2020.00060

2020-01-01

Abstract:Edge computing means that computing tasks are executed on edge devices closer to the data source. It can effectively improve system response speed and reduce the risk of user data leakage. However, current data access control schemes usually focus on cloud computing and rarely on edge computing. Although attribute-based encryption (ABE) scheme can realize flexible and reliable access control, computing cost is too high with the increase of access policy complexity. Therefore, combining computation outsourcing technology with dynamic policy updating technology, we propose a data, access control scheme based on ciphertext-policy ABE (CP-ABE) for edge computing. We outsource part of storage service and part of decryption computing to edge nodes, effectively reducing the computing pressure of users. When data owner requires a new access policy, policy update key is generated timely and transmitted to cloud service provider, which is used to update the access policy, reducing the risk of bandwidth consumption and leakage of the ciphertext back and forth transmission. Finally, security analysis and experiment results verify the safety and effectiveness of our scheme.

Qinlong Huang,Nan Li,Yixian Yang

DOI: https://doi.org/10.1109/glocom.2018.8648113

2018-01-01

Abstract:Data collaboration is more and more popular in cloud computing. In a typical collaboration scenario, data owner outsources the data to cloud platforms, and users can access and re-upload the data. In consideration of the semi-trusted cloud platform, attribute-based encryption (ABE) has been utilized to guarantee data confidentiality and fine-grained access control. However, how to allow the collaborative data to be accessed only by authorized users in a flexible and dynamic manner is a challenging problem. In this paper, we propose DACSC, a dynamic and fine-grained access control scheme for secure data collaboration in cloud computing. First of all, we adopt ciphertext-policy ABE technique to define the original access policy of outsourced data. Second, we introduce a tree-based policy extending framework which allows users who satisfy the original access policy to customize a new access policy and add it to current access policies in a non-restrictive or restrictive way. Furthermore, we achieve integrity checking during the policy extending procedure based on ABE with equality test algorithm, which ensures that the added access policy comes from authorized user. The security analysis and experimental results indicate that DACSC is secure and efficient, and is suitable for the data collaboration scenario in cloud computing.

Yong Zhu,Xiao Wu,Zhihui Hu

DOI: https://doi.org/10.3390/electronics11010167

IF: 2.9

2022-01-05

Electronics

Abstract:Traditional centralized access control faces data security and privacy problems. The core server is the main target to attack. Single point of failure risk and load bottleneck are difficult to solve effectively. And the third-party data center cannot protect data owners. Traditional distributed access control faces the problem of how to effectively solve the scalability and diversified requirements of IoT (Internet of Things) applications. SCAC (Smart Contract-based Access Control) is based on ABAC (Attributes Based Access Control) and RBAC (Role Based Access Control). It can be applied to various types of nodes in different application scenarios that attributes are used as basic decision elements and authorized by role. The research objective is to combine the efficiency of service orchestration in edge computing with the security of consensus mechanism in blockchain, making full use of smart contract programmability to explore fine grained access control mode on the basis of traditional access control paradigm. By designing SSH-based interface for edge computing and blockchain access, SCAC parameters can be found and set to adjust ACLs (Access Control List) and their policies. The blockchain-edge computing combination is powerful in causing significant transformations across several industries, paving the way for new business models and novel decentralized applications. The rationality on typical process behavior of management services and data access control be verified through CPN (Color Petri Net) tools 4.0, and then data statistics on fine grained access control, decentralized scalability, and lightweight deployment can be obtained by instance running in this study. The results show that authorization takes into account both security and efficiency with the “blockchain-edge computing” combination.

engineering, electrical & electronic,computer science, information systems,physics, applied

Jiqing Chang,Jin Wang,Fei Gu,Kejie Lu,Lingzhi Li,Jianping Wang

DOI: https://doi.org/10.1109/trustcom53373.2021.00060

2021-01-01

Abstract:Recently, edge computing (EC) has attracted wide attention as a novel and promising computing mode with high real-time and low-latency characteristics. However, users' privacy and the limited resources have become major concerns in the implementation of EC because edge devices are usually heterogeneous and untrustworthy. Although many related works have protected the user's privacy, they did not take the storage resource limitation of heterogeneous edge devices into consideration and their schemes may cause high communication load. In this paper, we propose PCHEC, a Private Coded computation scheme for Heterogeneous Edge Computing, to protect the user's privacy and minimize the communication load. Specifically, PCHEC first gives a storage allocation scheme to minimize the communication load in EC where the heterogeneous edge devices have different storage limits. Secondly, PCHEC utilizes linear coding to mix the target data with other information for the protection of the user's privacy. To evaluate the efficiency of PCHEC, we make theoretically analysis and conduct extensive simulations. The experiments show PCHEC effectively reduces the communication load by up to 70% compared with other schemes.