网络与信息安全学报 ›› 2021, Vol. 7 ›› Issue (1): 130-142.doi: 10.11959/j.issn.2096-109x.2021014
所属专题: 边缘计算
陈璐, 汤红波, 游伟, 柏溢
修回日期:
2020-10-28
出版日期:
2021-02-15
发布日期:
2021-02-01
作者简介:
陈璐(1989- ),女,河北唐山人,信息工程大学博士生,主要研究方向为移动通信网安全、移动边缘计算技术。基金资助:
Lu CHEN, Hongbo TANG, Wei YOU, Yi BAI
Revised:
2020-10-28
Online:
2021-02-15
Published:
2021-02-01
Supported by:
摘要:
移动边缘计算(Mobile Edge Computing,MEC)通过进一步将电信蜂窝网延伸至其他无线接入网络,可以有效地解决传统网络中回程链路负载过重、时延较长的问题。但由于 MEC 服务节点暴露在网络边缘,且计算能力、存储能力和能量受限,更易受到攻击者的青睐。在分析移动边缘计算面临的安全威胁问题基础上,针对设备安全、节点安全、网络资源及任务和迁移安全等4个不同的安全主体归纳并阐述了移动边缘计算面临的若干关键问题与挑战,总结归纳了现有的安全解决方案。最后,从动态场景下的有限资源防御模型、综合信任基础的资源部署、以用户为中心的服务可靠性保证3个方面,展望了移动边缘计算安全防御面临的开放性问题和未来的发展趋势。
中图分类号:
陈璐, 汤红波, 游伟, 柏溢. 移动边缘计算安全防御研究[J]. 网络与信息安全学报, 2021, 7(1): 130-142.
Lu CHEN, Hongbo TANG, Wei YOU, Yi BAI. Research on security defense of mobile edge computing[J]. Chinese Journal of Network and Information Security, 2021, 7(1): 130-142.
[1] | HU Y C , PATEL M , SABELLA D ,et al. Mobile edge computing—a key technology towards 5G[J]. ETSI White Paper, 2015,11(11): 1-16. |
[2] | MACH P , BECVAR Z . Mobile edge computing:a survey on architecture and computation offloading[J]. IEEE Communications Surveys & Tutorials, 2017,PP(99): 1-1. |
[3] | WANG Y , CHEN I R , WANG D C . A survey of mobile cloud computing applications:perspectives and challenges[J]. Wireless Personal Communications, 2015,80(4): 1607-1623. |
[4] | LEIGHTON F T , LEWIN D M . Content delivery network using edge-of-network servers for providing content delivery to a set of participating content providers:U.S.Patent 6553413[P]. 2003. |
[5] | ROMAN R , LOPEZ J , MAMBO M . Mobile edge computing,fog et al.:a survey and analysis of security threats and challenges[J]. Future Generation Computer Systems, 2018,78: 680-698. |
[6] | KW AK J , KIM Y , LEE J ,et al. DREAM:dynamic resource and task allocation for energy minimization in mobile cloud systems[J]. IEEE J Sel Areas Commun, 2015,33(15): 2510-2523. |
[7] | KIM Y , KWAK J , CHONG S . Dual-side optimization for cost-delay tradeoff in mobile edge computing[J]. IEEE Trans Veh Technol, 2018,67(2): 1765-1781. |
[8] | JIANG Z , MAO S . Energy delay tradeoff in cloud offloading for multi-core mobile devices[J]. IEEE Access, 2015,(3): 2306-2316. |
[9] | MAO Y , ZHANG J , SONG S H ,et al. Power-delay tradeoff in multi-user mobile-edge computing systems[C]// Proc IEEE Global Commun Conf, 2016: 5994-6009. |
[10] | MAO S , LENG S , YANG K ,et al. Energy efficiency and delay tradeoff in multi-user wireless powered mobile-edge computing systems[C]// Proc IEEE Global Commun Conf. 2017: 1-6. |
[11] | XU J , CHEN L , REN S . Online learning for offloading and autoscaling in energy harvesting mobile edge computing[J]. IEEE Trans Cogn Commun Netw, 2017,3(3): 361-373. |
[12] | SUN Y , ZHOU S , XU J . EMM:energy-aware mobility management for mobile edge computing in ultra dense networks[J]. IEEE J Sel Areas Commun, 2017,35(11): 2637-2646. |
[13] | KO S , HAN K , HUANG K . Wireless networks for mobile edge computing:spatial modeling and latency analysis[J]. IEEE Trans Wireless Commun, 2018,17(8): 5225-5240. |
[14] | DENG R , LU R , LAI C ,et al. Optimal workload allocation in fog-cloud computing toward balanced delay and power consumption[J]. IEEE Internet Things J, 2016,3(6): 1171-1181. |
[15] | LEE G , SAAD W , BENNIS M . An online secretary framework for fog network formation with minimal latency[C]// Proc IEEE Int Conf Commun. 2017: 1-6. |
[16] | FAN Q , ANSARI N . Workload allocation in hierarchical cloudlet networks[J]. IEEE Commun Lett, 2018,22(4): 820-823. |
[17] | MOLINA M , MU?OZ O , PASCUAL-ISERTE A ,et al. Joint scheduling of communication and computation resources in multiuser wireless application offloading[C]// Proc IEEE 25th Annu Int Symp Pers Indoor,Mobile Radio Commun. 2014: 1093-1098. |
[18] | ZHANG H , XIAO Y , BU S ,et al. Computing resource allocation in three-tier IoT fog networks:a joint optimization approach combining Stackelberg game and matching[J]. IEEE Internet Things J, 2017,4(5): 1204-1215. |
[19] | ANG Y , CHANG X , HAN Z ,et al. Delay-aware secure computation offloading mechanism in a fog-cloud framework[C]// 2018 IEEE Intl Conf on Parallel & Distributed Processing with Applications,Ubiquitous Computing & Communications,Big Data &Cloud Computing,Social Computing & Networking,Sustainable Computing & Communications (ISPA/IUCC/BDCloud/ SocialCom/SustainCom). 2018: 346-353. |
[20] | STOJMENOVIC I , WEN S , HUANG X ,et al. An overview of fog computing and its security issues[J]. Concurrency and Computation:Practice and Experience, 2016,28(10): 2991-3005. |
[21] | FORD R , SRIDHARAN A , MARGOLIES R ,et al. Provisioning low latency,resilient mobile edge clouds for 5G[C]// 2017 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS). 2017: 169-174. |
[22] | CHOO K K R . Cloud computing:challenges and future directions,trends & issues in crime and criminal justice[R]. 2010. |
[23] | LANDAU S . Highlights from making sense of snowden,part II:what's significant in the NSA revelations[J]. IEEE Security & Privacy, 2014,12(1): 62-64. |
[24] | YI S , QIN Z , LI Q . Security and privacy issues of fog computing:a survey[M]// Wireless Algorithms,Systems,and Applications,Bellin: Springer International Publishing, 2015: 685-695. |
[25] | FORD R , SRIDHARAN A , MARGOLIES R ,et al. Provisioning low latency,resilient mobile edge clouds for 5G[C]// 2017 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS). 2017: 169-174. |
[26] | STOJMENOVIC I , WEN S , HUANG X ,et al. An overview of fog computing and its security issues[J]. Concurrency and Computation:Practice and Experience, 2016,28(10): 2991-3005. |
[27] | FENG D , LU L , WUY Y ,et al. Device-to-device communications in cellular networks[J]. IEEE Commun Mag, 2014,52(4): 49-55. |
[28] | NISHIYAMA H , ITO M , KATO N . Relay-by-smartphone:realizing multihop device-to-device communications[J]. IEEE Commun Mag, 2014,52(4): 56-65. |
[29] | TEHRANI M , UYSAL M , YANIKOMEROGLU H . Device-todevice communication in 5G cellular networks:challenges,solutions,and future directions[J]. IEEE Commun Mag, 2014,52(5): 86-92. |
[30] | FODOR G , DAHLMAN E , MILDH G ,et al. Design aspects of network assisted device-to-device communications[J]. IEEE Commun Mag, 2012,50(3): 170-177. |
[31] | DOPPLER K , RINNE M , WIJTING C ,et al. Device-to-device communication as an underlay to LTE-advanced networks[J]. IEEE Commun Mag, 2009,47(12): 42-49. |
[32] | ANGIN P , BHARGAVA B , JIN Z . A self-cloning agents based model for high-performance mobile-cloud computing[C]// Proc.IEEE 8th Int Conf Cloud Comput (CLOUD). 2015: 301-308. |
[33] | WANG S , XU J , ZHANG N ,et al. A survey on service migration in mobile edge computing[J]. IEEE Access, 2018,6: 23511-23528. |
[34] | CHEN X , JIAO L , LI W ,et al. Efficient multi-user computation offloading for mobile-edge cloud computing[J]. IEEE/ACM Trans Netw, 2016,24(5): 2795-2808. |
[35] | WANG C , YU F R , LIANG C ,et al. Joint computation offloading and interference management in wireless cellular networks with mobile edge computing[J]. IEEE Trans Veh Technol, 2017,61(8): 7432-7445. |
[36] | SORET B , . Fundamental tradeoffs among reliability,latency and throughput in cellular networks[C]// Proc IEEE Global Telecommun.Conf (GLOBECOM) Workshops. 2014: 1391-1396. |
[37] | WANG B , LI M , JIN X ,et al. A reliable IoT edge computing trust management mechanism for smart cities[J]. IEEE Access, 2020,8: 46373-46399. |
[38] | MIAO L , LI S . Cyber security based on mean field game model of the defender:Attacker strategies[J]. International Journal of Distributed Sensor Networks, 2017,13(10):1550147717737908. |
[39] | KEPHART J O , WHITE S R . Directed-graph epidemiological models of computer viruses[M]// Computation:the Micro and the Macro view. 1992: 71-102. |
[40] | RANADHEERA S , MAGHSUDI S , HOSSAIN E . Mobile edge computation offloading using game theory and reinforcement learning[J]. arXiv preprint arXiv:1711.09012, 2017. |
[41] | PANAOUSIS E , KARAPISTOLI E , ELSEMARY H ,et al. Game theoretic path selection to support security in device-to-device communications[J]. Ad Hoc Networks, 2017,56: 28-42. |
[42] | WANG Y , CHAKRABARTI D , WANG C ,et al. Epidemic spreading in real networks:an eigenvalue viewpoint[C]// 22nd International Symposium on Reliable Distributed Systems,2003.Proceedings. 2003: 25-34. |
[43] | XU J , CHEN L , LIU K ,et al. Designing security-aware incentives for computation offloading via device-to-device communication[J]. IEEE Transactions on Wireless Communications, 2018,17(9): 6053-6066. |
[44] | LIANG H , XU F , ANQI F ,et al. Distributed deep learning-based offloading for mobile edge computing networks[J]. Mobile Networks and Applications, 2018. |
[45] | WU D , SHEN G , HUANG Z ,et al. A trust-aware task offloading framework in mobile edge computing[J]. IEEE Access, 2019,7: 150105-150119. |
[46] | HE Y , ZHAO N , YIN H . Integrated networking,caching,and computing for connected vehicles:a deep reinforcement learning approach[J]. IEEE Transactions on Vehicular Technology, 2018,67(1): 44-45. |
[47] | PETRI I , RANA O F , REZGUI Y ,et al. Trust modelling and analysis in peer-to-peer clouds[J]. International Journal of Cloud Computing, 2012,1(2-3): 221-239. |
[48] | CHEN S , WANG G , JIA W . A trust model using implicit call behavioral graph for mobile cloud computing[M]// Cyberspace Safety and Security. Cham: Springer, 2013: 387-402. |
[49] | FIGUEROA M , UTTECHT K , ROSENBERG J . A sound approach to security in mobile and cloud-oriented environments[C]// 2015 IEEE International Symposium on Technologies for Homeland Security (HST). 2015: 1-7. |
[50] | BENNANI N , BOUKADI K , GHEDIRA-GUEGAN C . A trust management solution in the context of hybrid clouds[C]// 2014 IEEE 23rd International WETICE Conference. 2014: 339-344. |
[51] | JANG M , LEE H , SCHWAN K ,et al. SOUL:an edge-cloud system for mobile applications in a sensor-rich world[C]// 2016 IEEE/ACM Symposium on Edge Computing (SEC). 2016: 155-167. |
[52] | ECHEVERRíA S , KLINEDINST D , WILLIAMS K ,et al. Establishing trusted identities in disconnected edge environments[C]// 2016 IEEE/ACM Symposium on Edge Computing (SEC). 2016: 51-63. |
[53] | CICIRELLI F , GUERRIERI A , SPEZZANO G ,et al. Edge computing and social internet of things for large-scale smart environments development[J]. IEEE Internet of Things Journal, 2017,5(4): 2557-2571. |
[54] | RUAN , YEFENG , ARJAN DURRESI ,et al. Trust assessment for internet of things in multi-access edge computing[C]// 2018 IEEE 32nd International Conference on Advanced Information Networking and Applications (AINA). 2018. |
[55] | HE Y , LIANG C , YU F ,et al. Integrated computing,caching,and communication for trust-based social networks:a big data drl approach[C]// 2018 IEEE Global Communications Conference (GLOBECOM). 2018. |
[56] | 邓晓衡, 关培源, 万志文 ,等. 基于综合信任的边缘计算资源协同研究[J]. 计算机研究与发展, 2018,55(3): 449-477. |
DENG X H , GUAN P Y , WAN Z W ,et al. Integrated trust based resource cooperation in edge computing[J]. Journal of Computer Research and Development, 2018,55(3): 449-477. | |
[57] | HE Y , YU F R , ZHAO N ,et al. Secure social networks in 5G systems with mobile edge computing,caching,and device-to-device communications[J]. IEEE Wireless Communications, 2018,25(3): 103-109. |
[58] | HUSSAIN M , ALMOURAD B M . Trust in mobile cloud computing with LTE-based deployment[C]// 2014 IEEE 11th Intl Conf on Ubiquitous Intelligence and Computing and 2014 IEEE 11th Intl Conf on Autonomic and Trusted Computing and 2014 IEEE 14th Intl Conf on Scalable Computing and Communications and Its Associated Workshops. 2014: 643-648. |
[59] | KANTERT J , EDENHOFER S , TOMFORDE S ,et al. Representation of trust and reputation in self-managed computing systems[C]// 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable,Autonomic and Secure Computing; Pervasive Intelligence and Computing. 2015: 1827-1834. |
[60] | THAM C K , CHATTOPADHYAY R . A load balancing scheme for sensing and analytics on a mobile edge computing network[C]// 2017 IEEE 18th International Symposium on A World of Wireless,Mobile and Multimedia Networks (WoWMoM). 2017: 1-9. |
[61] | BERALDI R , MTIBAA A , ALNUWEIRI H . Cooperative load balancing scheme for edge computing resources[C]// 2017 Second International Conference on Fog and Mobile Edge Computing (FMEC). 2017: 94-100. |
[62] | UGWUANYI E E , GHOSH S , IQBAL M ,et al. Reliable resource provisioning using Bankers' deadlock avoidance algorithm in MEC for industrial IoT[J]. IEEE Access, 2018,6: 43327-43335. |
[63] | SATRIA D , PARK D , JO M . Recovery for overloaded mobile edge computing[J]. Future Generation Computer Systems, 2017,70: 138-147. |
[64] | SHE C , YANG C , QUEK T Q S . Joint uplink and downlink resource configuration for ultra-reliable and low-latency communications[J]. IEEE Transactions on Communications, 2018,66(5): 2266-2280. |
[65] | 3GPP. Study on scenarios and requirements for next generation access technologics[S]. TSG RAN TR38.913 R14, 2017. |
[66] | NEELY M J . Stochastic network optimization with application to communication and queueing systems[R]. 2010. |
[67] | KO S W , HAN K , HUANG K . Wireless networks for mobile edge computing:spatial modeling and latency analysis[J]. IEEE Transactions on Wireless Communications, 2018,17(8): 5225-5240. |
[68] | LIU C F , BENNIS M , DEBBAH M ,et al. Dynamic task offloading and resource allocation for ultra-reliable low-latency edge computing[J]. IEEE Transactions on Communications, 2019. |
[69] | NEELY M J . Stochastic network optimization with application to communication and queueing systems[R]. 2010. |
[70] | DENG M , TIAN H , LYU X . Adaptive sequential offloading game for multi-cell mobile edge computing[C]// 2016 23rd International Conference on Telecommunications (ICT). 2016: 1-5. |
[71] | ZHENG J , CAI Y , WU Y ,et al. Stochastic computation offloading game for mobile cloud computing[C]// 2016 IEEE/CIC International Conference on Communications in China (ICCC). 2016: 1-6. |
[72] | TEKIN C , VAN DER SCHAAR M . An experts learning approach to mobile service offloading[C]// 2014 52nd Annual Allerton Conference on Communication,Control,and Computing. 2014: 643-650. |
[73] | XU J , CHEN L , REN S . Online learning for offloading and auto scaling in energy harvesting mobile edge computing[J]. IEEE Transactions on Cognitive Communications and Networking, 2017,3(6): 361-373. |
[74] | XU J , PALANISAMY B , LUDWIG H ,et al. Zenith:utility-aware resource allocation for edge computing[C]// 2017 IEEE International Conference on Edge Computing (EDGE). 2017: 47-54. |
[75] | RANADHEERA S , MAGHSUDI S , HOSSAIN E . Computation offloading and activation of mobile edge computing servers:a minority game[EB]. |
[76] | ALIYU S O , CHEN F , HE Y ,et al. A game-theoretic based qos-aware capacity management for real-time edgeiot applications[C]// 2017 IEEE International Conference on Software Quality,Reliability and Security (QRS). 2017: 386-397. |
[77] | LIU C , LI K , LIANG J ,et al. COOPER-MATCH:job offloading with a cooperative game for guaranteeing strict deadlines in MEC[J]. IEEE Transactions on Mobile Computing, 2019. |
[78] | RANADHEERA S , MAGHSUDI S , HOSSAIN E . Computation offloading and activation of mobile edge computing servers:a minority game[J]. IEEE Wireless Communications Letters, 2018,7(5): 688-691. |
[79] | ZHANG K , MAO Y , LENG S ,et al. Optimal delay constrained offloading for vehicular edge computing networks[C]// 2017 IEEE International Conference on Communications (ICC). 2017: 1-6. |
[80] | TALEB T , KSENTINI A . Follow me cloud:interworking federated clouds and distributed mobile networks[J]. IEEE Network, 2013,27(5): 12-19. |
[81] | KSENTINI A , TARIK T , CHEN M . A Markov decision process-based service migration procedure for follow me cloud[C]// 2014 IEEE International Conference on Communications (ICC). 2014. |
[82] | WANG S , URGAONKAR R , ZAFER M ,et al. Dynamic service migration in mobile edge computing based on markov decision process[J]. IEEE/ACM Transactions on Networking, 2019. |
[83] | TARIKT , KSENTINI A , . An analytical model for follow me cloud[C]// 2013 IEEE Global Communications Conference (GLOBECOM). 2013. |
[84] | TALEB T , KSENTINI A , FRANGOUDIS P A . Follow-me cloud:when cloud services follow mobile users[J]. IEEE Transactions on Cloud. |
[85] | WU Q , SHIVA S , ROY S ,et al. On modeling and simulation of game theory-based defense mechanisms against DoS and DDoS attacks[C]// Proceedings of the 2010 Spring Simulation Conference.Society for Computer Simulation International. 2010:159. |
[86] | MIAO L , WANG L , LI S ,et al. Optimal defense strategy based on the mean field game model for cyber security[J]. International Journal of Distributed Sensor Networks, 2019,15(2). |
[87] | KALMANEK C , YANG Y . The challenges of building reliable networks and networked application services[M]// Guide to Reliable Internet Services and Applications. 2010: 3-17. |
[1] | 陈任峰, 朱鸿斌. 基于PU learning的信用卡交易安全监管研究[J]. 网络与信息安全学报, 2023, 9(3): 73-78. |
[2] | 袁静怡, 李子川, 彭国军. EN-Bypass:针对邮件代发提醒机制的安全评估方法[J]. 网络与信息安全学报, 2023, 9(3): 90-101. |
[3] | 冯冠云, 付才, 吕建强, 韩兰胜. 基于操作注意力和数据增强的内部威胁检测[J]. 网络与信息安全学报, 2023, 9(3): 102-112. |
[4] | 谢根琳, 程国振, 王亚文, 王庆丰. 基于gadget特征分析的软件多样性评估方法[J]. 网络与信息安全学报, 2023, 9(3): 161-173. |
[5] | 侯鹏, 李智鑫, 张飞, 孙旭, 陈丹, 崔毅浩, 张寒冰, 荆一楠, 柴洪峰. 金融数据安全治理智能化技术与实践[J]. 网络与信息安全学报, 2023, 9(3): 174-187. |
[6] | 陈晋音, 李荣昌, 黄国瀚, 刘涛, 郑海斌, 程瑶. 纵向联邦学习方法及其隐私和安全综述[J]. 网络与信息安全学报, 2023, 9(2): 1-20. |
[7] | 王贺立, 闫巧. 基于交易记录特征的自私挖矿检测方案[J]. 网络与信息安全学报, 2023, 9(2): 104-114. |
[8] | 沈晓晨, 葛寅辉, 陈波, 于泠. 人工智能安全知识图谱构建技术研究[J]. 网络与信息安全学报, 2023, 9(2): 164-174. |
[9] | 余北缘, 任珊瑶, 刘建伟. 区块链资产窃取攻击与防御技术综述[J]. 网络与信息安全学报, 2023, 9(1): 1-17. |
[10] | 刘强, 李鹏飞, 付章杰. 面向可扩展僵尸网络的安全控制方法[J]. 网络与信息安全学报, 2023, 9(1): 42-55. |
[11] | 陈训逊, 李明哲, 吕宁, 黄亮. 内禀安全:网络安全能力体系化构建方法[J]. 网络与信息安全学报, 2023, 9(1): 92-102. |
[12] | 刘科显, 关建峰, 张婉澂, 何志凯, 闫迪嘉. 基于时隙的多重冗余流指纹模型[J]. 网络与信息安全学报, 2023, 9(1): 115-129. |
[13] | 宋佳烁, 李祯祯, 丁海洋, 李子臣. 椭圆曲线上高效可完全模拟的不经意传输协议[J]. 网络与信息安全学报, 2023, 9(1): 158-166. |
[14] | 刘赣秦, 李晖, 朱辉, 黄煜坤, 刘兴东. 低功耗嵌入式平台的SM2国密算法优化实现[J]. 网络与信息安全学报, 2022, 8(6): 29-38. |
[15] | 白雪, 秦宝东, 郭瑞, 郑东. 基于SM2的两方协作盲签名协议[J]. 网络与信息安全学报, 2022, 8(6): 39-51. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||
|