Jian Liu,N. Asokan,Benny Pinkas

DOI: https://doi.org/10.1145/2810103.2813623

2015-01-01

Abstract:Encrypting data on client-side before uploading it to a cloud storage is essential for protecting users' privacy. However client-side encryption is at odds with the standard practice of deduplication. Reconciling client-side encryption with cross-user deduplication is an active research topic. We present the first secure cross-user deduplication scheme that supports client-side encryption without requiring any additional independent servers. Interestingly, the scheme is based on using a PAKE (password authenticated key exchange) protocol. We demonstrate that our scheme provides better security guarantees than previous efforts. We show both the effectiveness and the efficiency of our scheme, via simulations using realistic datasets and an implementation.

Saiyu Qi,Wei Wei,Jianfeng Wang,Shifeng Sun,Leszek Rutkowski,Tingwen Huang,Janusz Kacprzyk,Yong Qi

DOI: https://doi.org/10.1109/tmc.2023.3263901

IF: 6.075

2023-01-01

IEEE Transactions on Mobile Computing

Abstract:Data deduplication is of vital importance for mobile cloud computing to cope with the explosive growth of outsourced mobile data. In order to ensure the privacy of sensitive mobile data against an untrusted cloud, Message-Locked Encryption (MLE) has been proposed to enable deduplication over ciphertext. However, MLE prohibits data access control since it uses deterministic content-derived encryption keys. Recently, a lightweight rekeying-aware encrypted deduplication system (REED) has been proposed to achieve dynamic access control for secure data deduplication. However, REED is vulnerable to key-retaining attack and stub-retaining attack, which leads to insecure access revocation, and thus cannot support secure dynamic access control. In response, we present AC-Dedup, an encrypted deduplication storage system that supports secure dynamic access control for mobile cloud storage. At the core of AC-Dedup are two novel encryption techniques named mixed message locked encryption and random stub re-encryption to resist the two types of attacks, respectively. To the best of our knowledge, AC-Dedup is the first practical system that achieves secure data deduplication and secure dynamic access control simultaneously. We conduct security analysis and experimental evaluation on mobile device and cloud platform with real-world IoT datasets. The results show that AC-Dedup enables secure and efficient dynamic access control while preserving deduplication effectiveness.

computer science, information systems,telecommunications

Yuan Wu,Jiajun Shi,Kejie Ni,Liping Qian,Wei Zhu,Zhiguo Shi,Limin Meng

DOI: https://doi.org/10.1109/jiot.2018.2875241

IF: 10.6

2018-01-01

IEEE Internet of Things Journal

Abstract:Mobile edge computing (MEC), which enables smart terminals to actively offload computation workloads to computational servers deployed at the edge of networks, has provided an efficient approach to address the intensive computation requirement in mobile Internet applications. In this paper, we investigate the delay-aware computation offloading via MEC for Internet of Things (IoT) with secrecy provisioning. Specifically, we consider a scenario where a malicious eavesdropper intentionally overhears the IoT devices’ offloaded computational data. Taking into account the secrecy outage due to the eavesdropper’s overhearing, we formulate a joint optimization of the secrecy-provisioning, computation offloading, and radio resource allocation (including time and power allocations), with the objective of minimizing the overall delay in finishing the computation requirement of the IoT device. Despite the nonconvexity of the joint optimization problem, we propose an efficient algorithm to compute the optimal computation offloading solution. By exploiting the optimal offloading decision of each IoT device, we further consider the scenario of a group of IoT devices offloading computation workloads to the edge server, and investigate how the edge server optimally selects the devices for providing the computation offloading service while subject to the limited energy budget and the time-slot budget of the edge server. We propose an efficient algorithm to find the optimal selection of the devices. We present extensive numerical results to validate the effectiveness of our proposed algorithms and show the impact of the secrecy requirement.

Ruikun Luo,Qiang He,Mengxi Xu,Feifei Chen,Song Wu,Jing Yang,Yuan Gao,Hai Jin

DOI: https://doi.org/10.1109/tpds.2024.3493959

IF: 5.3

2024-11-29

IEEE Transactions on Parallel and Distributed Systems

Abstract:The emergence of mobile edge computing (MEC) in distributed systems has sparked increased attention toward edge data management. A conflict arises from the disparity between limited edge resources and the continuously expanding data requests for data storage, making the reduction of data storage costs a critical objective. Despite the extensive studies of edge data deduplication as a data reduction technique, existing deduplication methods encounter numerous challenges in MEC environments. These challenges stem from disparities between edge servers and cloud data center edge servers, as well as uncertainties such as user mobility, leading to insufficient robustness in deduplication decision-making. Consequently, this paper presents a robust optimization-based approach for the edge data deduplication problem. By accounting for uncertainties including the number of data requirements and edge server failures, we propose two distinct solving algorithms: uEDDE-C, a two-stage algorithm based on column-and-constraint generation, and uEDDE-A, an approximation algorithm to address the high computation overhead of uEDDE-C. Our method facilitates efficient data deduplication in volatile edge network environments and maintains robustness across various uncertain scenarios. We validate the performance and robustness of uEDDE-C and uEDDE-A through theoretical analysis and experimental evaluations. The extensive experimental results demonstrate that our approach significantly reduces data storage cost and data retrieval latency while ensuring reliability in real-world MEC environments.

computer science, theory & methods,engineering, electrical & electronic

Wei Tong,Wenjie Chen,Bingbing Jiang,Fengyuan Xu,Qun Li,Sheng Zhong

DOI: https://doi.org/10.1109/icdcs.2019.00104

2019-01-01

Abstract:Mobile edge computing (MEC) is proposed as an extension of cloud computing in the scenarios where the end devices desire better services in terms of response time. Edge nodes are deployed at the proximity of the end devices, and it can pre-download parts of data stored in the cloud so that the end devices can access these data with low latency. However, because the edges are usually owned by individuals and small organizations, which have limited operation capacities for maintaining the machines, the data on the edges are easily corrupted (due to external attacks or internal hardware failures). Therefore, it is essential to verify data integrity in the MEC. We propose two Integrity Checking protocols for mobile Edge computing, called ICE-basic and ICE-batch, which are designed for the cases where the user wants to check data integrity on a single edge or multiple edges, respectively. Based on the concept of provable data possession and the technique of private information retrieval, our protocols allow a third-party verifier to check the data integrity on the edges without violating users' data privacy and query pattern privacy. We rigorously prove the security and privacy guarantees of the protocols. Furthermore, we have implemented a proof-of-concept system that runs ICE, and extensive experiments are conducted. The theoretical analysis and experimental results demonstrate the proposed protocols are efficient both in computation and communication.

Bo Li,Qiang He,Feifei Chen,Haipeng Dai,Hai Jin,Yang Xiang,Yun Yang

DOI: https://doi.org/10.1109/tifs.2021.3111747

IF: 7.231

2021-01-01

IEEE Transactions on Information Forensics and Security

Abstract:The new mobile edge computing (MEC) paradigm fundamentally changes the data caching technique by allowing data to be cached on edge servers attached to base stations within hundreds of meters from users. It provides a bounded latency guarantee for latency-sensitive applications, e.g., interactive AR/VR applications, online gaming, etc. However, in the highly distributed MEC environment, cache data is subject to corruption and their integrity must be ensured. Existing centralized data integrity assurance schemes are rendered obsolete by the unique characteristics of MEC, i.e., unlike cloud servers, edge servers have only limited computing and storage resources and they are deployed massively and distributed geographically. Thus, it is a new and significant challenge to ensure cache data integrity over tremendous geographically-distributed resource-constrained edge servers. This paper proposes the CooperEDI scheme to guarantee the edge data integrity in a distributed manner. CooperEDI employs a distributed consensus mechanism to form a self-management edge caching system. In the system, edge servers cooperatively ensure the integrity of cached replicas and repair corrupted ones. We experimentally evaluate its performance against three representative schemes. The results demonstrate that CooperEDI can effectively and efficiently ensure cache data integrity in the MEC environment.

computer science, theory & methods,engineering, electrical & electronic

Xuewei Ma,Wenyuan Yang,Yuesheng Zhu,Zhiqiang Bai

DOI: https://doi.org/10.1109/ipccc55026.2022.9894331

2022-01-01

Abstract:Encrypted data deduplication is an important technique for saving storage space and network bandwidth, which has been widely used in cloud storage. Recently, a number of schemes that solve the problem of data deduplication with dynamic ownership management have been proposed. However, these schemes suffer from low efficiency when the dynamic ownership changes a lot. To this end, in this paper, we propose a novel server-side deduplication scheme for encrypted data in a hybrid cloud architecture, where a public cloud (Pub-CSP) manages the storage and a private cloud (Pri-CSP) plays a role as the data owner to perform deduplication and dynamic ownership management. Further, to reduce the communication overhead we use an initial uploader check mechanism to ensure only the first uploader needs to perform encryption, and adopt an access control technique that verifies the validity of the data users before they download data. Our security analysis and performance evaluation demonstrate that our proposed server-side deduplication scheme has better performance in terms of security, effectiveness, and practicability compared with previous schemes. Meanwhile, our method can efficiently resist collusion attacks and duplicate faking attacks.

Mengru Wu,Kexin Li,Liping Qian,Yuan Wu,Inkyu Lee

DOI: https://doi.org/10.1109/lcomm.2023.3347218

IF: 3.5529

2024-02-14

IEEE Communications Letters

Abstract:Mobile edge computing (MEC) enables the caching of various services close to users, thereby reducing service delay for emerging applications. However, realizing efficient and secure computation offloading is challenging due to the limited storage capacity of MEC servers and the offloading security issue arising from the open nature of wireless channels. In this letter, we investigate a MEC network with an eavesdropper, where the MEC server caches service programs required for task execution. Moreover, we propose a cooperative jamming-assisted scheme to enhance the security of computation offloading, in which a friendly jammer actively transmits signals to disrupt eavesdropping. Considering the limited caching capacity of the MEC server and the security concerns of computation offloading, we formulate a delay minimization problem by jointly optimizing service caching placement, transmit power, and devices' computation offloading decisions. To tackle this problem, we develop an efficient layered algorithm using successive convex approximation and the cross entropy-based technique. Numerical results demonstrate the effectiveness of our proposed scheme in reducing the overall delay in completing devices' computation tasks compared to baseline schemes.

telecommunications

Yongmin Zhang,Wei Wang,Ju Ren,Jinge Huang,Shibo He,Yaoxue Zhang

DOI: https://doi.org/10.1109/tnet.2022.3217280

2023-01-01

IEEE/ACM Transactions on Networking

Abstract:With the explosive growth of mobile applications, the development of mobile edge computing (MEC) has been greatly promoted since it can ably improve the quality of service for mobile applications by providing low latency and high-quality computation services. Most existing works focus on improving the efficiency of MEC with an assumption that the MEC servers have already been deployed. However, without appropriate deployment of MEC servers, the profitability of the MEC system can be significantly restrained, which hinders the rapid promotion of the MEC. To address this issue, we formulate an MEC server deployment problem for the MEC operator as a revenue maximization problem. Firstly, we model and analyze the various factors that affect the revenue. Secondly, we formulate a revenue maximization problem, which is NP-hard, but it is proved to be convex with respect to the total available computation units. Based on this feature, we propose a three-layer optimization algorithm, named EDM, in which the location, the deployed computation units, and the wholesaled computation resources are determined gradually, to maximize the total revenue. Experimental results demonstrate that the proposed EDM algorithm has significant advantages on revenue improvement compared to competitive benchmarks.

Bo Li,Qiang He,Feifei Chen,Lingjuan Lyu,Athman Bouguettaya,Yun Yang

2023-11-01

Abstract:Mobile edge computing (MEC) enables web data caching in close geographic proximity to end users. Popular data can be cached on edge servers located less than hundreds of meters away from end users. This ensures bounded latency guarantees for various latency-sensitive web applications. However, transmitting a large volume of data out of the cloud onto many geographically-distributed web servers individually can be expensive. In addition, web content dissemination may be interrupted by various intentional and accidental events in the volatile MEC environment, which undermines dissemination efficiency and subsequently incurs extra transmission costs. To tackle the above challenges, we present a novel scheme named EdgeDis that coordinates data dissemination by distributed consensus among those servers. We analyze EdgeDis's validity theoretically and evaluate its performance experimentally. Results demonstrate that compared with baseline and state-of-the-art schemes, EdgeDis: 1) is 5.97x - 7.52x faster; 2) reduces dissemination costs by 48.21% to 91.87%; and 3) reduces performance loss caused by dissemination failures by up to 97.30% in time and 96.35% in costs.

Distributed, Parallel, and Cluster Computing,Systems and Control

Lunyuan Chen,Shunpu Tang,Venki Balasubramanian,Junjuan Xia,Fasheng Zhou,Lisheng Fan

DOI: https://doi.org/10.1016/j.comcom.2022.07.037

IF: 5.047

2022-10-01

Computer Communications

Abstract:This paper studies a secure mobile edge computing (MEC) for emerging cyber physical systems (CPS), where there exist K eavesdroppers in the network, which can threaten the task offloading. These K eavesdroppers can work either in a colluding mode where they cooperate to decode the secret message, or in a non-colluding mode where the eavesdroppers decode the message individually. For both eavesdropping nodes, we design the secure MEC system by devising a computation offloading ratio, transmit power and computational capability allocation to optimize the system performance mainly measured by the latency. In particular, a novel deep reinforcement learning (DRL) together with convex optimization (DRCO) is proposed, where the DRL is used to find a proper solution to the offloading ratio, while the convex optimization is implemented to solve the allocation of transmission power and computational capability. Simulation results show that the proposed DRCO method is superior to other conventional methods, and can provide a guaranteed secrecy and latency.

computer science, information systems,telecommunications,engineering, electrical & electronic

Zhao Tong,Bilan Liu,Jing Mei,Jiake Wang,Xin Peng,Keqin Li

DOI: https://doi.org/10.1007/s10723-023-09673-y

2023-07-12

Journal of Grid Computing

Abstract:With the research and development of 5G technology, emerging markets such as Wise Information Technology of med, smart transportation and industrial Internet are gradually growing, which not only provide convenience to people's life, but also put forward increasingly urgent demand for efficient parallel and distributed technologies. Therefore, in order to meet the need of high computing amount for application diversification, this paper proposes a novel scheduling solution with data security, aiming at simultaneously optimizing the system response time and the user's energy consumption. First, we model the scheduling problem in a mobile edge computing (MEC) environment as a Markov decision process (MDP) problem, and a three-tier collaboration model considering data security in the MEC environment is constructed. Second, the system response time and the energy consumption are simultaneously optimized in this paper, with objective weights which change in real-time. At the same time, load balancing at the edge layer is considered. Third, a deep reinforcement learning (DRL)-based secure offloading (DRLSO) algorithm is given as the solution for the research problem. In experiments from multiple angles, the proposed algorithm has good performance.

computer science, information systems, theory & methods

Haoyang Wang,Kai Fan,Kuan Zhang,Zilong Wang,Hui Li,Yintang Yang

DOI: https://doi.org/10.1109/jiot.2021.3081456

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Research on mobile cyber–physical systems (MCPSs) that have the superiorities of cyber–physical systems (CPSs) and expand their application range has become a trend in recent years. The applications of MCPS in fields, such as intelligent transportation systems, smart home appliances, and mobile education, have also become increasingly mature. However, MCPS also has some shortcomings that need to be solved urgently. Sensors carried on mobile devices collect data and upload huge amounts of data to the cloud for statistics and analysis. Mobile devices need to directly interact with the cloud, causing both parties to bear huge computing and communication costs. Since the interaction process includes data sharing and storage, it is particularly important to protect the data itself and the security of sharing. Searchable encryption ensures the safety of communication among the MPEs and the cloud, while protecting the privacy of data on the cloud. However, the existing searchable encryption technology cannot provide efficient and reliable data storage and sharing services for MPEs in MCPS under the premise of ensuring security. In this article, we present a secure and efficient data sharing and privacy protection scheme in MCPS on the basis of the edge computing model (NESPS). Meanwhile, the introduction of edge computing (EC) significantly reduces the communication consumption between the device and the cloud. Furthermore, attribute-based encryption (ABE) enables the NESPS to achieve fine-grained management of device authorities. Moreover, we have carried out security analysis and simulation on the NESPS, the results demonstrate that the NESPS meets the proposed requirements.

computer science, information systems,telecommunications,engineering, electrical & electronic

Haiyang Huang,Tianhui Meng,Jianxiong Guo,Xuekai Wei,Weijia Jia

DOI: https://doi.org/10.1145/3641106

2024-02-23

ACM Transactions on Sensor Networks

Abstract:Application-layer distributed denial-of-service (DDoS) attacks incapacitate systems by using up their resources, causing service interruptions, financial losses, and more. Consequently, advanced deep-learning techniques are used to detect and mitigate these attacks in cloud infrastructures. However, in mobile edge computing (MEC), it becomes economically impractical to equip each node with defensive resources, as these resources may largely remain unused in edge devices. Furthermore, current methods are mainly concentrated on improving the accuracy of DDoS attack detection and saving CPU resources, neglecting the effective allocation of computational power for benign tasks under DDoS attacks. To address these issues, this paper introduces SecEG, a secure and efficient strategy against DDoS attacks for MEC that integrates container-based task isolation with lightweight online anomaly detection on edge nodes. More specifically, a new model is proposed to analyze resource contention dynamics between DDoS attacks and benign tasks. Subsequently, by employing periodic packet sampling and real-time attack intensity predicting, an autoencoder-based method is proposed to detect DDoS attacks. We leverage an efficient scheduling method to optimize the edge resource allocation and the service quality for benign users during DDoS attacks. When executed in the real-world edge environment, our experimental findings validate the efficacy of the proposed SecEG strategy. Compared to conventional methods, the service rate of benign requests increases by 23% under intense DDoS attacks, and the CPU resource is saved up to 35%.

computer science, information systems,telecommunications

Minglei Tong,Xiaoxiang Wang,Yulong Wang,Yanwen Lan

DOI: https://doi.org/10.1109/icccworkshops49972.2020.9209940

2020-01-01

Abstract:With the emergence of computation-intensive mobile applications in wireless networks, the limited computation capacities of some mobile devices (MDs) are not able to satisfy the service requirements and the backhaul of cellular base station (BS) is overloaded. To solve these problems, the combination of mobile edge computation (MEC) technology and device-to-device (D2D) technology is of great concern, which makes MDs have more chances to offload tasks to the network edge, instead of sending them to the remote Clouds, as well as the load of backhaul is reduced effectively. There are several recent studies on combining MEC and D2D technology, but maximizing the number of MDs whose tasks are completed when the tasks are indivisible, and on this basis, reducing the energy consumption of task offloading as far as possible is rarely considered. Aiming to achieve this goal, a computation offloading scheme with D2D for MEC-enabled cellular networks is proposed in this paper, which focus on appropriate task offloading strategies. At first, the optimal problem is transformed to a 0-1 integer programming problem, which can be solved to obtain the maximum number. Then, the energy consumption of task offloading is reduced by exchanging the task offloading strategies between MDs. Finally, numerical simulation results validate that the proposed scheme has relatively better performances than the baseline schemes.

Xiazhi Lai,Lisheng Fan,Xianfu Lei,Yansha Deng,George K. Karagiannidis,Arumugam Nallanathan

DOI: https://doi.org/10.1109/tcomm.2021.3119075

IF: 6.166

2021-01-01

IEEE Transactions on Communications

Abstract:In this paper, we investigate a secure mobile edge computing (MEC) network in the presence of multiple eavesdroppers, where multiple users can offload parts of their tasks to the computational access point (CAP). The multiple eavesdroppers may overhear the confidential task offloading, which leads to information leakage. In order to address this issue, we present the minimization problem of the secrecy outage probability (SOP), by jointly taking into account the constraints from the latency and energy consumption. With the aim to improve the system secrecy performance, we then introduce three user selection criteria to choose the best user among multiple ones. Specifically, criterion I maximizes the locally computational capacity, while criterion II and III maximize the secrecy capacity and data rate of main links, respectively. For these criteria, we further analyze the system secrecy performance by deriving analytical and asymptotic expressions for the SOP, from which we can conclude important insights for the system design. Finally, simulation and analytical results are provided to verify the proposed analysis. The results show that the three criteria can efficiently safeguard the MEC networks, compared to the traditional local computing and fully offloading, especially with a large value of user number.

Haijian Yu,Jing Liu,Chunjie Hu,Ziqi Zhu

DOI: https://doi.org/10.3390/s23010095

IF: 3.9

2022-12-23

Sensors

Abstract:In mobile edge computing (MEC), mobile devices can choose to offload their tasks to edge servers for execution, thereby effectively reducing the completion time of tasks and energy consumption of mobile devices. However, most of the data transfer brought by offloading relies on wireless communication technology, making the private information of mobile devices vulnerable to eavesdropping and monitoring. Privacy leakage, especially the location and association privacies, can pose a significant risk to users of mobile devices. Therefore, protecting the privacy of mobile devices during task offloading is important and cannot be ignored. This paper considers both location privacy and association privacy of mobile devices during task offloading in MEC and targets to reduce the leakage of location and association privacy while minimizing the average completion time of tasks. To achieve these goals, we design a privacy-preserving task offloading scheme to protect location privacy and association privacy. The scheme is mainly divided into two parts. First, we adopt a proxy forwarding mechanism to protect the location privacy of mobile devices from being leaked. Second, we select the proxy server and edge server for each task that needs to be offloaded. In the proxy server selection policy, we make a choice based on the location information of proxy servers, to reduce the leakage risk of location privacy. In the edge server selection strategy, we consider the privacy conflict between tasks, the computing ability, and location of edge servers, to reduce the leakage risk of association privacy plus the average completion time of tasks as much as possible. Simulated experimental results demonstrate that our scheme is effective in protecting the location privacy and association privacy of mobile devices and reducing the average completion time of tasks compared with the-state-of-art techniques.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Liping Qian,Weicong Wu,Weidang Lu,Yuan Wu,Bin Lin,Tony Q. S. Quek

DOI: https://doi.org/10.1109/tcomm.2021.3070620

IF: 6.166

2021-07-01

IEEE Transactions on Communications

Abstract:Mobile edge computing (MEC) has been envisioned as a promising approach for enabling the computation-intensive yet latency-sensitive mobile Internet services in future wireless networks. In this paper, we investigate the secrecy based energy-efficient MEC via cooperative Non-orthogonal Multiple Access (NOMA) transmission. We consider that an edge-computing device (ED) offloads its computation-workload to the edge-computing server (ECS) subject to the overhearing-attack of a malicious eavesdropper. To enhance the secrecy of the ED's offloading transmission, a group of conventional wireless devices (WDs) are scheduled to form a NOMA-transmission group with the ED for sending data to the cellular base station (BS) while providing cooperative jamming to the eavesdropper. We formulate a joint optimization of the ED's offloaded workload, transmit-power, NOMA-transmission duration as well as the selection of the WDs, with the objective of minimizing the total energy consumption of the ED and the selected WDs, while subject to the ED's latency-requirement and the selected WDs' required data-volumes to deliver. Despite the nature of mixed binary and non-convex programming of the formulated problem, we exploit the vertical decomposition and propose a three-layered algorithm for solving it efficiently. To further address the fairness among different WDs, we investigate a system-wise utility maximization problem that accounts for the fairness in the WDs' delivered data and the total energy consumption of the ED and WDs. By exploiting our previously designed layered-algorithm, we further propose a stochastic learning based algorithm for determining each WD's optimal data-volume delivered. Numerical results are provided to validate the effectiveness of our proposed algorithms as well as the performance advantage of the secrecy based computation offloading via NOMA.

telecommunications,engineering, electrical & electronic

Belal Ali,Mark A. Gregory,Shuo Li

DOI: https://doi.org/10.1109/access.2021.3053233

IF: 3.9

2021-01-01

IEEE Access

Abstract:Multi-Access Edge Computing (MEC) is an extension of cloud computing that aims to provide computation, storage, and networking capabilities at the edge of the network in close proximity to end-users. The MEC architecture supports applications and services that bridge between cloud computing and end-users. The architecture includes devices and systems that are interconnected, layered, and flexibly deployed. As a result of the technological advancements, MEC is facing a myriad of highly sophisticated threats. This paper provides a review of MEC Architecture, use cases, conceptual guidelines for MEC security architecture, security and privacy techniques, and identifies current and future challenges, their implications, and approaches to overcome the challenges. This research examined significant threats, described the MEC architecture, identified the susceptible functional layers, the different categories of threats, and the potential security safeguards. The research recommends that MEC providers should implement multiple layers of security controls to mitigate targeted attacks.

computer science, information systems,telecommunications,engineering, electrical & electronic