智慧边缘计算安全综述

安星硕; 曹桂兴; 苗莉; 任术波; 林福宏

doi:10.11959/j.issn.1000-0801.2018181

您当前的位置：

首页 >

文章列表页 >

智慧边缘计算安全综述

综述 | 更新时间：2024-06-05

- 智慧边缘计算安全综述
- Security of intelligent edge computing:a survey
- 电信科学 2018年34卷第7期页码：135-147
- 作者机构：
  
  1. 北京科技大学，北京 100083
  2. 中国空间技术研究院，北京 100094
- 作者简介：
  
  [ "安星硕（1988-），男，北京科技大学计算机与信息工程学院博士生，主要研究方向为雾计算、网络安全和入侵检测。" ]
  [ "曹桂兴（1963-），男，中国空间技术研究院通信卫星事业部研究员，主要研究方向为天基信息产、传输与分发和边缘计算。" ]
  [ "苗莉（1986-），女，北京科技大学计算机与信息工程学院博士生，主要研究方向为网络安全、边缘计算安全和平均场博弈。" ]
  [ "任术波（1976-），男，博士，中国空间技术研究院通信卫星事业部高级工程师，主要研究方向为移动通信和边缘计算。" ]
  [ "林福宏（1981-），男，博士，北京科技大学计算机与信息工程学院副教授，主要研究方向为边缘计算和网络安全。" ]
- 基金信息：
  
  国家重点研发计划基金资助项目;The National Key R＆D Program of China(2017YFC0820700);信息保障技术重点实验室开放基金资助项目;Foundation of Science and Technology on Information Assurance Laboratory(KJ-17-101);国家自然科学基金资助项目;The National Natural Science Foundation of China(61501026)
- DOI：10.11959/j.issn.1000-0801.2018181
  中图分类号： TP393
- 网络出版日期：2018-07，
  
  纸质出版日期：2018-07-20
- 稿件说明：
移动端阅览
安星硕, 曹桂兴, 苗莉, 等. 智慧边缘计算安全综述[J]. 电信科学, 2018,34(7):135-147.

Xingshuo AN, Guixing CAO, Li MIAO, et al. Security of intelligent edge computing:a survey[J]. Telecommunications science, 2018, 34(7): 135-147.
安星硕, 曹桂兴, 苗莉, 等. 智慧边缘计算安全综述[J]. 电信科学, 2018,34(7):135-147. DOI： 10.11959/j.issn.1000-0801.2018181.

Xingshuo AN, Guixing CAO, Li MIAO, et al. Security of intelligent edge computing:a survey[J]. Telecommunications science, 2018, 34(7): 135-147. DOI： 10.11959/j.issn.1000-0801.2018181.

摘要

边缘计算将传统的云服务扩展到网络边缘，更贴近用户，适用于具有低时延需求的网络服务。随着边缘计算范式的兴起，其安全问题也得到越来越多的关注。首先介绍了边缘计算范式的基本概念、系统架构以及与其他计算范式的关系。然后分析了当前边缘计算中存在的安全威胁，并针对各种安全威胁探讨了相应的安全技术问题。最后对边缘计算安全技术中关键的入侵检测、访问控制、防御策略、密钥管理技术进行了分析，并提出了进一步研究方向。

Abstract

With the rise of edge computing

more and more attentions have been paid to security issues of edge computing.The basic concepts

system architecture and the relationship between edge computing and other computing paradigms were introduced.Then the security threats to edge computing were analyzed

and the security technology of edge computing was discussed for these security threats.Finally

the technologies of intrusion detection

access control

defense strategy and key management in edge computing were summarized and the further research directions were pointed out.

关键词

Keywords

references

王计艳 , 王晓周 , 吴倩 , 等 . 面向NB-IoT的核心网业务模型和组网方案 [J ] . 电信科学 , 2017 , 33 ( 4 ): 148 - 154 .

WANG J Y , WANG X Z , WU Q , et al . Core network service model and networking scheme oriented NB-IoT [J ] . Telecommunications Science , 2017 , 33 ( 4 ): 148 - 154 .

SHI W , CAO J , ZHANG Q , et al . Edge computing:vision and challenges [J ] . IEEE Internet of Things Journal , 2016 , 3 ( 5 ): 637 - 646 .

IBM ＆ AKAMAI . Develop edge computing application [EB ] . 2003 .

PANG H H , TAN K L . Authenticating query results in edge computing [C ] // 20th International Conference on Data Engineering,March 30-April 2,2004,Boston,MA,USA . Piscataway:IEEE Press , 2004 : 560 - 571 .

GAZIS V , LEONARDI A , MATHIOUDAKIS K , et al . Components of fog computing in an industrial internet of things context [C ] // 2015 12th Annual IEEE International Conference on Sensing,Communication and Networking-Workshops (SECON Workshops),June 22-25,2015,Seattle,WA,USA . Piscataway:IEEE Press , 2015 : 1 - 6 .

FARUQUE M A A , VATANPARVAR K . Energy management-as-a-service over fog computing platform [J ] . IEEE Internet of Things Journal , 2016 , 3 ( 2 ): 161 - 169 .

ZENG D , GU L , GUO S , et al . Joint optimization of task scheduling and image placement in fog computing supported software-defined embedded system [J ] . IEEE Transactions on Computers , 2016 , 65 ( 12 ): 3702 - 3712 .

SEHGAL V K , PATRICK A , SONI A , et al . Smart human security framework using internet of things,cloud and fog computing [M ] . Berlin : SpringerPress , 2015 : 251 - 263 .

罗萱 , 叶通 , 金耀辉 , 等 . 云计算数据中心网络研究综述 [J ] . 电信科学 , 2014 , 30 ( 2 ): 99 - 104 .

LUO X , YE T , JIN Y H , et al . Survey on data center network for cloud computing [J ] . Telecommunications Science , 2014 , 30 ( 2 ): 99 - 104 .

DINH H T , LEE C , NIYATO D , et al . A survey of mobile cloud computing:architecture,applications,and approaches [J ] . Wireless Communications ＆ Mobile Computing , 2013 , 13 ( 18 ): 1587 - 1611 .

BONOMI F , . Connected vehicles,the internet of things,and fog computing [C ] // The Eighth ACM International Workshop on Vehicular Inter-Networking (VANET),Sept 23,2011,Las Vegas,Nevada,USA . New York:ACM Press , 2011 : 13 - 15 .

BONOMI F , MILITO R , ZHU J , et al . Fog computing and its role in the internet of things [C ] // The First Edition of the MCC Workshop on Mobile Cloud Computing,August 13-17,2012,Helsinki,Finland . New York:ACM Press , 2012 : 13 - 16 .

GAMLO A H , ZHANG N . Mobile cloud computing:security analysis [C ] // 2017 IEEE International Conference on Mobile Cloud Computing,Services and Engineering,April 6-8,2017,San Francisco,CA,USA . Piscataway:IEEE Press , 2017 : 191 - 198 .

SATYANARAYANAN M , LEWIS G , MORRIS E , et al . The role of cloudlets in hostile environments [J ] . IEEE Pervasive Computing , 2013 , 12 ( 4 ): 40 - 49 .

BONOMI F , MILITO R , ZHU J , et al . Fog computing and its role in the internet of things [C ] // Edition of the MCC Workshop on Mobile Cloud Computing,August 17,2012,Helsinki,Finland . New York:ACM Press , 2012 : 13 - 16 .

ZHANIKEEV M . A cloud visitation platform to facilitate cloud federation and fog computing [J ] . Computer , 2015 , 48 ( 5 ): 80 - 83 .

STOJMENOVIC I , WEN S . The fog computing paradigm:Scenarios and security issues [C ] // 2014 Federated Conference on Computer Science and Information Systems (FedCSIS),Sept 7-10,2014,Warsaw,Poland . Piscataway:IEEE Press , 2014 : 1 - 8 .

DASTJERDI A V , BUYYA R . Fog computing:helping the internet of things realize its potential [J ] . Computer , 2016 , 49 ( 8 ): 112 - 116 .

SONMEZ C , OZGOVDE A , ERSOY C . EdgeCloudSim:an environment for performance evaluation of edge computing systems [C ] // 2017 Second International Conference on Fog and Mobile Edge Computing (FMEC),May 8-11,2017,Valencia,Spain . Piscataway:IEEE Press , 2017 : 39 - 44 .

HU Y C , PATEL M , SABELLA D , et al . Mobile edge computing—a key technology towards 5G [R ] . 2015 , 11 ( 11 ): 1 - 16 .

CAU E , CORICI M , BELLAVISTA P , et al . Efficient exploitation of mobile edge computing for virtualized 5G in EPC architectures [C ] // 2016 4th IEEE International Conference on Mobile Cloud Computing,Services,and Engineering (Mobile Cloud),August 8-11,2016,Beijing,China . Piscataway:IEEE Press , 2016 : 100 - 109 .

AHMED A , AHMED E . A survey on mobile edge computing [C ] // 2016 10th International Conference on Intelligent Systems and Control (ISCO),Jan 6-7,2016,Coimbatore,Tamilnadu,India . Piscataway:IEEE Press , 2016 : 1 - 8 .

KLAS G I . Fog computing and mobile edge cloud gain momentum open fog consortium,ETSI MEC and Cloudlets [EB ] .2015. 2015 .

RIMAL B P , VAN D P , MAIER M . Mobile edge computing empowered fiber-wireless access networks in the 5G era [J ] . IEEE Communications Magazine , 2017 , 55 ( 2 ): 192 - 200 .

MAHMUD M , AFRIN M , RAZZAQUE M , et al . Maximizing quality of experience through context‐aware mobile application scheduling in cloudlet infrastructure [J ] . Software:Practice and Experience , 2016 , 46 ( 11 ): 1525 - 1545 .

SANAEI Z , ABOLFAZLI S , GANI A , et al . Heterogeneity in mobile cloud computing:taxonomy and open challenges [J ] . IEEE Communications Surveys ＆ Tutorials , 2014 , 16 ( 1 ): 369 - 392 .

BAHL P , HAN R Y , LI L E , et al . Advancing the state of mobile cloud computing [C ] // The Third ACM Workshop on Mobile Cloud Computing and Services,June 25-29,2012,Low Wood Bay,UK . New York:ACM Press , 2012 : 21 - 28 .

ALRAWAIS A , ALHOTHAILY A , HU C , et al . Fog computing for the internet of things:security and privacy issues [J ] . IEEE Internet Computing , 2017 , 21 ( 2 ): 34 - 42 .

BONOMI F , MILITO R , ZHU J , et al . Fog computing and its role in the internet of things [C ] // The first edition of the MCC Workshop on Mobile Cloud Computing,August 17,2012,Helsinki,Finland . New York:ACM Press , 2012 : 13 - 16 .

BHARDWAJ K , SHIH M W , AGARWAL P , et al . Fast,scalable and secure onloading of edge functions using AirBox [C ] // 2016 IEEE/ACM Symposium on Edge Computing (SEC),Oct 27-28,2016,Seattle,WA,USA . Piscataway:IEEE Press , 2016 : 14 - 27 .

SHI W , CAO J , ZHANG Q , et al . Edge computing:vision and challenges [J ] . IEEE Internet of Things Journal , 2016 , 3 ( 5 ): 637 - 646 .

Open mHealth.Open mHealth platform [EB ] . 2016 .

ESPOSITO C , CASTIGLIONE A , POP F , et al . Challenges of connecting edge and cloud computing:a security and forensic perspective [J ] . IEEE Cloud Computing , 2017 , 4 ( 2 ): 13 - 17 .

MACH P , BECVAR Z . Mobile edge computing:a survey on architecture and computation offloading [J ] . IEEE Communications Surveys＆Tutorials , 2017 ( 99 ):1.

ROMAN R , LOPEZ J , MAMBO M Fog et al . Mobile edge computing,Fog et al.:A survey and analysis of security threats and challenges [J ] . Future Generation Computer Systems . arXiv:1602 , 2016 :00484.

MTIBAA A , HARRAS K , ALNUWEIRI H . Friend or foe? Detecting and isolating malicious nodes in mobile edge computing platforms [C ] // 2016 IEEE International Conference on Cloud Computing Technology and Science,Dec 12-15,2016,Luxembourg City,Luxembourg . Piscataway:IEEE Press , 2016 : 42 - 49 .

VASSILAKIS V , CHOCHLIOUROS I P , SPILIOPOULOU A S , et al . Security analysis of mobile edge computing in virtualized small cell networks [C ] // 2016 IFIP International Conference on Artificial Intelligence Applications and Innovations,Sept 16–18,2016,Thessaloniki,Greece . Berlin:Springer , 2016 : 653 - 665 .

ZHOU C V , LECKIE C , KARUNASEKERA S . A survey of coordinated attacks and collaborative intrusion detection [J ] . Computers ＆ Security , 2010 , 29 ( 1 ): 124 - 140 .

MAZZARIELLO C , BIFULCO R , CANONICO R . Integrating a network ids into an open source cloud computing environment [C ] // 2010 Sixth International Conference on Information Assurance and Security (IAS),June 23-25,2010,Miyazaki,Japan . Piscataway:IEEE Press , 2010 : 265 - 270 .

GUL I , HUSSAIN M . Distributed cloud intrusion detection model [J ] . International Journal of Advanced Science and Technology , 2011 ( 34 ): 71 - 82 .

RAZA S , WALLGREN L , VOIGT T . SVELTE:real-time intrusion detection in the internet of things [J ] . Ad Hoc Networks , 2013 , 11 ( 8 ): 2661 - 2674 .

SHAMSHIRBAND S , PATEL A , ANUAR N B , et al . Cooperative game theoretic approach using fuzzy Q-learning for detecting and preventing intrusions in wireless sensor networks [J ] . Engineering Applications of Artificial Intelligence , 2014 ( 32 ): 228 - 241 .

肖阳 , 白磊 , 王仙 . 基于朋友机制的移动 Ad Hoc 网络路由入侵检测模型研究 [J ] . 通信学报 , 2015 , 36 ( S1 ): 203 - 214 .

XIAO Y , BAI L , WANG X . Friends mechanism-based routing intrusion detection model for mobile Ad Hoc network [J ] . Journal on Communications , 2015 , 36 ( S1 ): 203 - 214 .

HOSSEINPOUR F , AMOLI P V , PLOSILA J , et al . An intrusion detection system for fog computing and IoT based logistic systems using a smart data approach [J ] . International Journal of Digital Content Technology ＆ Its Applications , 2016 , 10 ( 5 ).

WANG Y , XIE L , LI W , et al . A privacy-preserving framework for collaborative intrusion detection networks through fog computing [C ] // 2017 International Symposium on Cyberspace Safety and Security,October 23-25,2017,Xi’an,China . Berlin:Springer , 2017 : 267 - 279 .

AN X , ZHOU X , XING L , et al . Sample selected extreme learning machine based intrusion detection in fog computing and MEC [J ] . Wireless Communications ＆ Mobile Computing , 2018 : 1 - 10 .

LIN F H , ZHOU Y T , AN X S , et al . Fair resource allocation in intrusion detection system for edge computing [J ] . IEEE Consumer Electronics Magazine (Accepted) .

PERVEZ Z , KHATTAK A M , LEE S , et al . Oblivious access control policies for cloud based data sharing systems [J ] . Computing , 2012 , 94 ( 12 ): 915 - 938 .

YANG K , JIA X , REN K , et al . DAC-MACS:effective data access control for multiauthority cloud storage systems [J ] . IEEE Transactions on Information Forensics and Security , 2013 , 8 ( 11 ): 1790 - 1801 .

GUO J W , ZHOU X W , YUAN J L , et al . Secure access control guarding against internal attacks in distributed networks [J ] . Wireless Personal Communications , 2013 , 68 ( 4 ): 1595 - 1609 .

POPESCU D E , LONEA A M . An hybrid text-image based authentication for cloud services [J ] . International Journal of Computers Communications ＆ Control , 2013 , 8 ( 2 ): 263 - 274 .

JIVANADHAM L B , ISLAM A K M , KATAYAMA Y , et al . Cloud cognitive authenticator (CCA):a public cloud computing authentication mechanism [C ] // 2013 International Conference on Informatics,Electronics ＆ Vision (ICIEV),May 17-18,2013,Dhaka,Bangladesh . Piscataway:IEEE Press , 2013 : 1 - 6 .

WANG Z , SHA K , LV W . Slight homomorphic signature for access controlling in cloud computing [J ] . Wireless personal communications , 2013 , 73 ( 1 ): 51 - 61 .

ZOU B , ZHANG H . Integrity protection and attestation of security critical executions on virtualized platform in cloud computing environment [C ] // The 2013 IEEE International Conference on Green Computing and Communications and IEEE Internet of Things and IEEE Cyber,Physical and Social Computing,August 20-23,2013,Beijing,China . Piscataway:IEEE Press , 2013 : 2071 - 2075 .

RUJ S , STOJMENOVIC M , NAYAK A . Decentralized access control with anonymous authentication of data stored in clouds [J ] . IEEE Transactions on Parallel ＆ Distributed Systems , 2013 , 25 ( 2 ): 384 - 394 .

WANG Z , SHA K , LV W . Slight homomorphic signature for access controlling in cloud computing [J ] . Wireless Personal Communications , 2013 , 73 ( 1 ): 51 - 61 .

KIM J M , MOON J K . Secure authentication system for hybrid cloud service in mobile communication environments [J ] . International Journal of Distributed Sensor Networks , 2014 ( 1 ): 1 - 7 .

CHOI C , CHOI J , KIM P . Ontology-based access control model for security policy reasoning in cloud computing [J ] . Journal of Supercomputing , 2014 , 67 ( 3 ): 711 - 722 .

XIAO M , WANG M , LIU X , et al . Efficient distributed access control for big data in clouds [C ] // 2015 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS),Mar 25-30,2012,Orlando,FL,USA . Piscataway:IEEE Press , 2015 : 202 - 207 .

GARRISON W C , SHULL A , MYERS S , et al . On the practicality of cryptographically enforcing dynamic access control policies in the cloud [C ] // 2016 IEEE Symposium on Security and Privacy (SP),May 23-25,2016,San Jose,CA,USA . Piscataway:IEEE Press , 2016 : 819 - 838 .

YU Z , MAN H A , XU Q , et al . Towards leakage-resilient fine-grained access control in fog computing [J ] . Future Generation Computer Systems , 2018 : 78 ( 1 ): 763 - 777 .

FAN K , WANG J , WANG X , et al . A secure and verifiable outsourced access control scheme in fog-cloud computing [J ] . Sensors , 2017 , 17 ( 7 )1695.

姜伟 , 方滨兴 , 山志宏 , 等 . 基于攻防博弈模型的网络安全测评和最主动防御 [J ] . 计算机学报 , 2009 , 32 ( 4 ): 817 - 827 .

JIANG W , FANG B X , SHAN Z H , et al . Evaluating network security and optimal active defense based on attack-defense game model [J ] . Chinese Journal of Computers , 2009 , 32 ( 4 ): 817 - 827 .

POOLSAPPASIT N , DEWRI R , RAY I . Dynamic security risk management using bayesian attack graphs [J ] . IEEE Transactions on Dependable ＆ Secure Computing , 2011 , 9 ( 1 ): 61 - 74 .

HUANG X , GAO J , BULDYREV S V , et al . Robustness of interdependent networks under targeted attack [J ] . Physical Review E , 2011 , 83 ( 6 ):065101.

GAO C , LIU J , ZHONG N . Network immunization and virus propagation in email networks:experimental evaluation and analysis [J ] . Knowledge and Information Systems , 2011 , 27 ( 2 ): 253 - 279 .

KHOUZANI M H R , SARKAR S , ALTMAN E . Maximum damage malware attack in mobile wireless networks [J ] . IEEE/ACM Transactions on Networking (TON) , 2012 , 20 ( 5 ): 1347 - 1360 .

吴金宇 . 网络安全风险评估关键技术研究 [D ] . 北京:北京邮电大学 , 2013 .

WU J Y . Research on key technology of network security risk assessment [D ] . Beijing:Beijing University of Posts and Telecommunications , 2013 .

SUN Y , XIONG W , YAO Z , et al . Network defense strategy selection with reinforcement learning and pareto optimization [J ] . Applied Sciences , 2017 , 7 ( 11 ):1138.

MIAO L , LI S . Cyber security based on mean field game model of the defender:attacker strategies [J ] . International Journal of Distributed Sensor Networks , 2017 , 13 ( 10 ):155014771773790

JEONG I R , LEE D H . Key agreement for key hypergraph [J ] . Computers ＆ Security , 2007 , 26 ( 7 ): 452 - 458 .

LO J W , HWANG M S , LIU C H . An efficient key assignment scheme for access control in a large leaf class hierarchy [J ] . Information Sciences , 2011 , 181 ( 4 ): 917 - 925

DING Y , ZHOU X , CHENG Z , et al . Secure group communications using key hypergraphs [J ] . Journal of Computational Information Systems , 2012 , 8 ( 12 ): 5035 - 5042 .

RAZA S , VOIGT T , JUTVIK V.Lightweight IKEv2:a key management solution for both the compressed IPsec and the IEEE 802.15.4 security . IETF/IAB workshop on smart object security [EB ] .2012.-- > 2012 .

ODELU V , DAS A K , GOSWAMI A . A secure effective key management scheme for dynamic access control in a large leaf class hierarchy [J ] . Information Sciences , 2014 , 269 ( 4 ): 270 - 285 .

SCIANCALEPORE S , CAPOSSELE A , PIRO G , et al . Key management protocol with implicit certificates for IoT systems [C ] // The 2015 Workshop on IoT Challenges in Mobile and Industrial Systems,May 18,2015,Florence,Italy . New York:ACM Press , 2015 .

IBRAHIM M . Octopus:an edge-fog mutual authentication scheme [J ] . International Journal of Network Security , 2016 , 18 ( 6 ): 1089 - 1101 .

ANZANI M , JAVADI H H S , MODIRIR V . Key- management scheme for wireless sensor networks based on merging blocks of symmetric design [J ] . Wireless Networks , 2017 ( 1 ): 1 - 13 .

DAGHIGHI B , KIAH M L M , IQBAL S , et al . Host mobility key management in dynamic secure group communication [J ] . Wireless Networks , 2017 ( 1 ): 1 - 19 .

李治 . 雾计算环境下数据安全关键技术研究 [D ] . 北京:北京科技大学 , 2017 .

LI Z . Research on key technology of data security in fog computing environment [D ] . Beijing:University of Science and Technology Beijing , 2017 .

王笑帝 , 张云勇 , 刘镝 , 等 . 云计算虚拟化安全技术研究 [J ] . 电信科学 , 2015 , 31 ( 6 ): 1 - 5 .

WANG X D , ZHANG Y Y , LIU D , et al . Research on security of virtualization on cloud computing [J ] . Telecommunications Science , 2015 , 31 ( 6 ): 8 - 12 ,24.

浏览量

1346

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

云边端协同下多用户细粒度任务卸载调度策略

基于强化学习的边缘计算智能电网资源调度算法

云边协同中的资源调度优化

使能未来工厂的5G能力综述

算力基础设施发展现状与趋势展望