移动边缘计算安全防御研究

doi:10.11959/j.issn.2096-109x.2021014

摘要/Abstract

摘要：

移动边缘计算（Mobile Edge Computing，MEC）通过进一步将电信蜂窝网延伸至其他无线接入网络，可以有效地解决传统网络中回程链路负载过重、时延较长的问题。但由于 MEC 服务节点暴露在网络边缘，且计算能力、存储能力和能量受限，更易受到攻击者的青睐。在分析移动边缘计算面临的安全威胁问题基础上，针对设备安全、节点安全、网络资源及任务和迁移安全等4个不同的安全主体归纳并阐述了移动边缘计算面临的若干关键问题与挑战，总结归纳了现有的安全解决方案。最后，从动态场景下的有限资源防御模型、综合信任基础的资源部署、以用户为中心的服务可靠性保证3个方面，展望了移动边缘计算安全防御面临的开放性问题和未来的发展趋势。

关键词: 移动边缘计算, 安全, 威胁, 计算卸载, 计算迁移

Abstract:

Mobile Edge Computing can solve the problem of heavy backhaul link overloaded and long delay effectively by further extending the telecommunication cellular network to other wireless access networks.However， the MEC nodes are exposed to the edge of the network whose computing resource, storage capacity and energy resource are limited, they are more vulnerable to the illegal attacks by attackers.Based on the briefly analysis of the security threats faced by mobile edge computing, some key problems and challenges of mobile edge computing for four different security subjects, device security, node security, network resources and tasks, and migration security are summed up and expounded, and the existing security solutions were summarized.Finally, the open research and future development trend of mobile edge computing security defense on three aspects that limited resource defense model in the dynamic scene, resource deployment based on comprehensive trust and user-centered service reliability assurance are discussed.

Key words: mobile edge computing, security, threats, computing offloading, computing migration

中图分类号:

TP393

陈璐, 汤红波, 游伟, 柏溢. 移动边缘计算安全防御研究[J]. 网络与信息安全学报, 2021, 7(1): 130-142.

Lu CHEN, Hongbo TANG, Wei YOU, Yi BAI. Research on security defense of mobile edge computing[J]. Chinese Journal of Network and Information Security, 2021, 7(1): 130-142.

图/表 5

图1

表1

图2

图3

表2

参考文献 87

[1]	HU Y C , PATEL M , SABELLA D ,et al. Mobile edge computing—a key technology towards 5G[J]. ETSI White Paper, 2015,11(11): 1-16.
[2]	MACH P , BECVAR Z . Mobile edge computing:a survey on architecture and computation offloading[J]. IEEE Communications Surveys ＆ Tutorials, 2017,PP(99): 1-1.
[3]	WANG Y , CHEN I R , WANG D C . A survey of mobile cloud computing applications:perspectives and challenges[J]. Wireless Personal Communications, 2015,80(4): 1607-1623.
[4]	LEIGHTON F T , LEWIN D M . Content delivery network using edge-of-network servers for providing content delivery to a set of participating content providers:U.S.Patent 6553413[P]. 2003.
[5]	ROMAN R , LOPEZ J , MAMBO M . Mobile edge computing,fog et al.:a survey and analysis of security threats and challenges[J]. Future Generation Computer Systems, 2018,78: 680-698.
[6]	KW AK J , KIM Y , LEE J ,et al. DREAM:dynamic resource and task allocation for energy minimization in mobile cloud systems[J]. IEEE J Sel Areas Commun, 2015,33(15): 2510-2523.
[7]	KIM Y , KWAK J , CHONG S . Dual-side optimization for cost-delay tradeoff in mobile edge computing[J]. IEEE Trans Veh Technol, 2018,67(2): 1765-1781.
[8]	JIANG Z , MAO S . Energy delay tradeoff in cloud offloading for multi-core mobile devices[J]. IEEE Access, 2015,(3): 2306-2316.
[9]	MAO Y , ZHANG J , SONG S H ,et al. Power-delay tradeoff in multi-user mobile-edge computing systems[C]// Proc IEEE Global Commun Conf, 2016: 5994-6009.
[10]	MAO S , LENG S , YANG K ,et al. Energy efficiency and delay tradeoff in multi-user wireless powered mobile-edge computing systems[C]// Proc IEEE Global Commun Conf. 2017: 1-6.
[11]	XU J , CHEN L , REN S . Online learning for offloading and autoscaling in energy harvesting mobile edge computing[J]. IEEE Trans Cogn Commun Netw, 2017,3(3): 361-373.
[12]	SUN Y , ZHOU S , XU J . EMM:energy-aware mobility management for mobile edge computing in ultra dense networks[J]. IEEE J Sel Areas Commun, 2017,35(11): 2637-2646.
[13]	KO S , HAN K , HUANG K . Wireless networks for mobile edge computing:spatial modeling and latency analysis[J]. IEEE Trans Wireless Commun, 2018,17(8): 5225-5240.
[14]	DENG R , LU R , LAI C ,et al. Optimal workload allocation in fog-cloud computing toward balanced delay and power consumption[J]. IEEE Internet Things J, 2016,3(6): 1171-1181.
[15]	LEE G , SAAD W , BENNIS M . An online secretary framework for fog network formation with minimal latency[C]// Proc IEEE Int Conf Commun. 2017: 1-6.
[16]	FAN Q , ANSARI N . Workload allocation in hierarchical cloudlet networks[J]. IEEE Commun Lett, 2018,22(4): 820-823.
[17]	MOLINA M , MU?OZ O , PASCUAL-ISERTE A ,et al. Joint scheduling of communication and computation resources in multiuser wireless application offloading[C]// Proc IEEE 25th Annu Int Symp Pers Indoor,Mobile Radio Commun. 2014: 1093-1098.
[18]	ZHANG H , XIAO Y , BU S ,et al. Computing resource allocation in three-tier IoT fog networks:a joint optimization approach combining Stackelberg game and matching[J]. IEEE Internet Things J, 2017,4(5): 1204-1215.
[19]	ANG Y , CHANG X , HAN Z ,et al. Delay-aware secure computation offloading mechanism in a fog-cloud framework[C]// 2018 IEEE Intl Conf on Parallel ＆ Distributed Processing with Applications,Ubiquitous Computing ＆ Communications,Big Data ＆Cloud Computing,Social Computing ＆ Networking,Sustainable Computing ＆ Communications (ISPA/IUCC/BDCloud/ SocialCom/SustainCom). 2018: 346-353.
[20]	STOJMENOVIC I , WEN S , HUANG X ,et al. An overview of fog computing and its security issues[J]. Concurrency and Computation:Practice and Experience, 2016,28(10): 2991-3005.
[21]	FORD R , SRIDHARAN A , MARGOLIES R ,et al. Provisioning low latency,resilient mobile edge clouds for 5G[C]// 2017 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS). 2017: 169-174.
[22]	CHOO K K R . Cloud computing:challenges and future directions,trends ＆ issues in crime and criminal justice[R]. 2010.
[23]	LANDAU S . Highlights from making sense of snowden,part II:what's significant in the NSA revelations[J]. IEEE Security ＆ Privacy, 2014,12(1): 62-64.
[24]	YI S , QIN Z , LI Q . Security and privacy issues of fog computing:a survey[M]// Wireless Algorithms,Systems,and Applications,Bellin: Springer International Publishing, 2015: 685-695.
[25]	FORD R , SRIDHARAN A , MARGOLIES R ,et al. Provisioning low latency,resilient mobile edge clouds for 5G[C]// 2017 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS). 2017: 169-174.
[26]	STOJMENOVIC I , WEN S , HUANG X ,et al. An overview of fog computing and its security issues[J]. Concurrency and Computation:Practice and Experience, 2016,28(10): 2991-3005.
[27]	FENG D , LU L , WUY Y ,et al. Device-to-device communications in cellular networks[J]. IEEE Commun Mag, 2014,52(4): 49-55.
[28]	NISHIYAMA H , ITO M , KATO N . Relay-by-smartphone:realizing multihop device-to-device communications[J]. IEEE Commun Mag, 2014,52(4): 56-65.
[29]	TEHRANI M , UYSAL M , YANIKOMEROGLU H . Device-todevice communication in 5G cellular networks:challenges,solutions,and future directions[J]. IEEE Commun Mag, 2014,52(5): 86-92.
[30]	FODOR G , DAHLMAN E , MILDH G ,et al. Design aspects of network assisted device-to-device communications[J]. IEEE Commun Mag, 2012,50(3): 170-177.
[31]	DOPPLER K , RINNE M , WIJTING C ,et al. Device-to-device communication as an underlay to LTE-advanced networks[J]. IEEE Commun Mag, 2009,47(12): 42-49.
[32]	ANGIN P , BHARGAVA B , JIN Z . A self-cloning agents based model for high-performance mobile-cloud computing[C]// Proc.IEEE 8th Int Conf Cloud Comput (CLOUD). 2015: 301-308.
[33]	WANG S , XU J , ZHANG N ,et al. A survey on service migration in mobile edge computing[J]. IEEE Access, 2018,6: 23511-23528.
[34]	CHEN X , JIAO L , LI W ,et al. Efficient multi-user computation offloading for mobile-edge cloud computing[J]. IEEE/ACM Trans Netw, 2016,24(5): 2795-2808.
[35]	WANG C , YU F R , LIANG C ,et al. Joint computation offloading and interference management in wireless cellular networks with mobile edge computing[J]. IEEE Trans Veh Technol, 2017,61(8): 7432-7445.
[36]	SORET B , . Fundamental tradeoffs among reliability,latency and throughput in cellular networks[C]// Proc IEEE Global Telecommun.Conf (GLOBECOM) Workshops. 2014: 1391-1396.
[37]	WANG B , LI M , JIN X ,et al. A reliable IoT edge computing trust management mechanism for smart cities[J]. IEEE Access, 2020,8: 46373-46399.
[38]	MIAO L , LI S . Cyber security based on mean field game model of the defender:Attacker strategies[J]. International Journal of Distributed Sensor Networks, 2017,13(10):1550147717737908.
[39]	KEPHART J O , WHITE S R . Directed-graph epidemiological models of computer viruses[M]// Computation:the Micro and the Macro view. 1992: 71-102.
[40]	RANADHEERA S , MAGHSUDI S , HOSSAIN E . Mobile edge computation offloading using game theory and reinforcement learning[J]. arXiv preprint arXiv:1711.09012, 2017.
[41]	PANAOUSIS E , KARAPISTOLI E , ELSEMARY H ,et al. Game theoretic path selection to support security in device-to-device communications[J]. Ad Hoc Networks, 2017,56: 28-42.
[42]	WANG Y , CHAKRABARTI D , WANG C ,et al. Epidemic spreading in real networks:an eigenvalue viewpoint[C]// 22nd International Symposium on Reliable Distributed Systems,2003.Proceedings. 2003: 25-34.
[43]	XU J , CHEN L , LIU K ,et al. Designing security-aware incentives for computation offloading via device-to-device communication[J]. IEEE Transactions on Wireless Communications, 2018,17(9): 6053-6066.
[44]	LIANG H , XU F , ANQI F ,et al. Distributed deep learning-based offloading for mobile edge computing networks[J]. Mobile Networks and Applications, 2018.
[45]	WU D , SHEN G , HUANG Z ,et al. A trust-aware task offloading framework in mobile edge computing[J]. IEEE Access, 2019,7: 150105-150119.
[46]	HE Y , ZHAO N , YIN H . Integrated networking,caching,and computing for connected vehicles:a deep reinforcement learning approach[J]. IEEE Transactions on Vehicular Technology, 2018,67(1): 44-45.
[47]	PETRI I , RANA O F , REZGUI Y ,et al. Trust modelling and analysis in peer-to-peer clouds[J]. International Journal of Cloud Computing, 2012,1(2-3): 221-239.
[48]	CHEN S , WANG G , JIA W . A trust model using implicit call behavioral graph for mobile cloud computing[M]// Cyberspace Safety and Security. Cham: Springer, 2013: 387-402.
[49]	FIGUEROA M , UTTECHT K , ROSENBERG J . A sound approach to security in mobile and cloud-oriented environments[C]// 2015 IEEE International Symposium on Technologies for Homeland Security (HST). 2015: 1-7.
[50]	BENNANI N , BOUKADI K , GHEDIRA-GUEGAN C . A trust management solution in the context of hybrid clouds[C]// 2014 IEEE 23rd International WETICE Conference. 2014: 339-344.
[51]	JANG M , LEE H , SCHWAN K ,et al. SOUL:an edge-cloud system for mobile applications in a sensor-rich world[C]// 2016 IEEE/ACM Symposium on Edge Computing (SEC). 2016: 155-167.
[52]	ECHEVERRíA S , KLINEDINST D , WILLIAMS K ,et al. Establishing trusted identities in disconnected edge environments[C]// 2016 IEEE/ACM Symposium on Edge Computing (SEC). 2016: 51-63.
[53]	CICIRELLI F , GUERRIERI A , SPEZZANO G ,et al. Edge computing and social internet of things for large-scale smart environments development[J]. IEEE Internet of Things Journal, 2017,5(4): 2557-2571.
[54]	RUAN , YEFENG , ARJAN DURRESI ,et al. Trust assessment for internet of things in multi-access edge computing[C]// 2018 IEEE 32nd International Conference on Advanced Information Networking and Applications (AINA). 2018.
[55]	HE Y , LIANG C , YU F ,et al. Integrated computing,caching,and communication for trust-based social networks:a big data drl approach[C]// 2018 IEEE Global Communications Conference (GLOBECOM). 2018.
[56]	邓晓衡, 关培源, 万志文 ,等. 基于综合信任的边缘计算资源协同研究[J]. 计算机研究与发展, 2018,55(3): 449-477.
	DENG X H , GUAN P Y , WAN Z W ,et al. Integrated trust based resource cooperation in edge computing[J]. Journal of Computer Research and Development, 2018,55(3): 449-477.
[57]	HE Y , YU F R , ZHAO N ,et al. Secure social networks in 5G systems with mobile edge computing,caching,and device-to-device communications[J]. IEEE Wireless Communications, 2018,25(3): 103-109.
[58]	HUSSAIN M , ALMOURAD B M . Trust in mobile cloud computing with LTE-based deployment[C]// 2014 IEEE 11th Intl Conf on Ubiquitous Intelligence and Computing and 2014 IEEE 11th Intl Conf on Autonomic and Trusted Computing and 2014 IEEE 14th Intl Conf on Scalable Computing and Communications and Its Associated Workshops. 2014: 643-648.
[59]	KANTERT J , EDENHOFER S , TOMFORDE S ,et al. Representation of trust and reputation in self-managed computing systems[C]// 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable,Autonomic and Secure Computing; Pervasive Intelligence and Computing. 2015: 1827-1834.
[60]	THAM C K , CHATTOPADHYAY R . A load balancing scheme for sensing and analytics on a mobile edge computing network[C]// 2017 IEEE 18th International Symposium on A World of Wireless,Mobile and Multimedia Networks (WoWMoM). 2017: 1-9.
[61]	BERALDI R , MTIBAA A , ALNUWEIRI H . Cooperative load balancing scheme for edge computing resources[C]// 2017 Second International Conference on Fog and Mobile Edge Computing (FMEC). 2017: 94-100.
[62]	UGWUANYI E E , GHOSH S , IQBAL M ,et al. Reliable resource provisioning using Bankers' deadlock avoidance algorithm in MEC for industrial IoT[J]. IEEE Access, 2018,6: 43327-43335.
[63]	SATRIA D , PARK D , JO M . Recovery for overloaded mobile edge computing[J]. Future Generation Computer Systems, 2017,70: 138-147.
[64]	SHE C , YANG C , QUEK T Q S . Joint uplink and downlink resource configuration for ultra-reliable and low-latency communications[J]. IEEE Transactions on Communications, 2018,66(5): 2266-2280.
[65]	3GPP. Study on scenarios and requirements for next generation access technologics[S]. TSG RAN TR38.913 R14, 2017.
[66]	NEELY M J . Stochastic network optimization with application to communication and queueing systems[R]. 2010.
[67]	KO S W , HAN K , HUANG K . Wireless networks for mobile edge computing:spatial modeling and latency analysis[J]. IEEE Transactions on Wireless Communications, 2018,17(8): 5225-5240.
[68]	LIU C F , BENNIS M , DEBBAH M ,et al. Dynamic task offloading and resource allocation for ultra-reliable low-latency edge computing[J]. IEEE Transactions on Communications, 2019.
[69]	NEELY M J . Stochastic network optimization with application to communication and queueing systems[R]. 2010.
[70]	DENG M , TIAN H , LYU X . Adaptive sequential offloading game for multi-cell mobile edge computing[C]// 2016 23rd International Conference on Telecommunications (ICT). 2016: 1-5.
[71]	ZHENG J , CAI Y , WU Y ,et al. Stochastic computation offloading game for mobile cloud computing[C]// 2016 IEEE/CIC International Conference on Communications in China (ICCC). 2016: 1-6.
[72]	TEKIN C , VAN DER SCHAAR M . An experts learning approach to mobile service offloading[C]// 2014 52nd Annual Allerton Conference on Communication,Control,and Computing. 2014: 643-650.
[73]	XU J , CHEN L , REN S . Online learning for offloading and auto scaling in energy harvesting mobile edge computing[J]. IEEE Transactions on Cognitive Communications and Networking, 2017,3(6): 361-373.
[74]	XU J , PALANISAMY B , LUDWIG H ,et al. Zenith:utility-aware resource allocation for edge computing[C]// 2017 IEEE International Conference on Edge Computing (EDGE). 2017: 47-54.
[75]	RANADHEERA S , MAGHSUDI S , HOSSAIN E . Computation offloading and activation of mobile edge computing servers:a minority game[EB].
[76]	ALIYU S O , CHEN F , HE Y ,et al. A game-theoretic based qos-aware capacity management for real-time edgeiot applications[C]// 2017 IEEE International Conference on Software Quality,Reliability and Security (QRS). 2017: 386-397.
[77]	LIU C , LI K , LIANG J ,et al. COOPER-MATCH:job offloading with a cooperative game for guaranteeing strict deadlines in MEC[J]. IEEE Transactions on Mobile Computing, 2019.
[78]	RANADHEERA S , MAGHSUDI S , HOSSAIN E . Computation offloading and activation of mobile edge computing servers:a minority game[J]. IEEE Wireless Communications Letters, 2018,7(5): 688-691.
[79]	ZHANG K , MAO Y , LENG S ,et al. Optimal delay constrained offloading for vehicular edge computing networks[C]// 2017 IEEE International Conference on Communications (ICC). 2017: 1-6.
[80]	TALEB T , KSENTINI A . Follow me cloud:interworking federated clouds and distributed mobile networks[J]. IEEE Network, 2013,27(5): 12-19.
[81]	KSENTINI A , TARIK T , CHEN M . A Markov decision process-based service migration procedure for follow me cloud[C]// 2014 IEEE International Conference on Communications (ICC). 2014.
[82]	WANG S , URGAONKAR R , ZAFER M ,et al. Dynamic service migration in mobile edge computing based on markov decision process[J]. IEEE/ACM Transactions on Networking, 2019.
[83]	TARIKT , KSENTINI A , . An analytical model for follow me cloud[C]// 2013 IEEE Global Communications Conference (GLOBECOM). 2013.
[84]	TALEB T , KSENTINI A , FRANGOUDIS P A . Follow-me cloud:when cloud services follow mobile users[J]. IEEE Transactions on Cloud.
[85]	WU Q , SHIVA S , ROY S ,et al. On modeling and simulation of game theory-based defense mechanisms against DoS and DDoS attacks[C]// Proceedings of the 2010 Spring Simulation Conference.Society for Computer Simulation International. 2010:159.
[86]	MIAO L , WANG L , LI S ,et al. Optimal defense strategy based on the mean field game model for cyber security[J]. International Journal of Distributed Sensor Networks, 2019,15(2).
[87]	KALMANEK C , YANG Y . The challenges of building reliable networks and networked application services[M]// Guide to Reliable Internet Services and Applications. 2010: 3-17.

安全主体	拒绝服务	滥用资源	隐私泄露	服务操纵	中间人攻击
设备安全	√		√	√	√
节点安全	√	√
资源和任务安全	√	√		√
迁移安全			√	√	√

参考文献	类型	优化目标	理论模型	应用场景
文献[76]	合作	资源利用效率和服务质量	联盟博弈	Edge IoT
文献[77]	合作	最大化期限内任务数量	近线性规划，合作博弈	延迟截止时间
文献[78]	非合作	服务器能耗和服务质量	少数者博弈	分布式场景
文献[79]	非合作	最大化用户和服务器的使用效率	斯塔科尔伯格博弈	车联网