A Survey on Security and Privacy Issues in Edge Computing-Assisted Internet of Things
Abdulmalik Alwarafy, Khaled A. Al-Thelaya, Mohamed Abdallah, Jens Schneider, Mounir Hamdi
11 A Survey on Security and Privacy Issues in EdgeComputing-Assisted Internet of Things
Abdulmalik Alwarafy, Khaled A. Al-Thelaya, Mohamed Abdallah,
Senior Member, IEEE,
Jens Schneider, andMounir Hamdi,
Fellow Member, IEEE
Abstract —Internet of Things (IoT) is an innovative paradigmenvisioned to provide massive applications that are now part ofour daily lives. Millions of smart devices are deployed withincomplex networks to provide vibrant functionalities includingcommunications, monitoring, and controlling of critical infras-tructures. However, this massive growth of IoT devices andthe corresponding huge data traffic generated at the edge ofthe network created additional burdens on the state-of-the-artcentralized cloud computing paradigm due to the bandwidth andresources scarcity. Hence, edge computing (EC) is emerging asan innovative strategy that brings data processing and storagenear to the end users, leading to what is called EC-assisted IoT.Although this paradigm provides unique features and enhancedquality of service (QoS), it also introduces huge risks in data se-curity and privacy aspects. This paper conducts a comprehensivesurvey on security and privacy issues in the context of EC-assistedIoT. In particular, we first present an overview of EC-assistedIoT including definitions, applications, architecture, advantages,and challenges. Second, we define security and privacy in thecontext of EC-assisted IoT. Then, we extensively discuss the majorclassifications of attacks in EC-assisted IoT and provide possiblesolutions and countermeasures along with the related researchefforts. After that, we further classify some security and privacyissues as discussed in the literature based on security services andbased on security objectives and functions. Finally, several openchallenges and future research directions for secure EC-assistedIoT paradigm are also extensively provided.
Index Terms —Internet of Things (IoT), Edge Computing (EC),EC-assisted IoT, Security, Privacy, Survey.
I. I
NTRODUCTION I NTERNET of Things (IoT) refers to a collection of thingssuch as smart devices, sensors, actuators, or anything em-bedded with electronics that are connected through the Internetto send, store and receive data relevant to a particular serviceor application [1], [2]. The explosive progress of informationtechnology enables IoT to support and boost the arrival ofnew innovative services and applications. Furthermore, IoTsmart devices are continuously equipped with advanced andsophisticated sensing, computation, and processing power ca-pabilities, which make them deployable in various complexenvironments. Fig. (1) shows some common IoT services andapplications deployed in various vital sectors. According to areport from the International Data Corporation (IDC) [3], [4],
The authors are with the Division of Information and Computing Tech-nology, College of Science and Engineering, Hamad Bin Khalifa University,Qatar (e-mail: [email protected]; [email protected]; [email protected]; [email protected]; [email protected]).c (cid:2)
Figure 1: Applications of IoT. (a) smart buildings, (b) smartvehicles, (c) energy management, (d) health monitoring, (e)food supply chain, (f) construction management, (g)environmental monitoring, (h) production management, and(I) wearable devices.the total number of connectable IoT smart devices/sensors,such as smartphones/tablets, smart home appliances, wearabledevices, etc., is expected to exceed 200 billion by 2020, 30billions of them will be indeed connected to the Internet.Such devices/sensors will produce and collect a tremendousamount of data from the surrounding environment, which isexpected to exceed 500 Zettabytes (ZB) by 2020, accordingto a report from Cisco Global Cloud Index (GCI) [5]. Inthe standard cloud computing paradigm, all this data will bemigrated to the sophisticated central servers located at thecloud for further processing, computation, and/or storage. Thepost-processed data needs then to be sent back to the enddevices. Such a mechanism creates extra burdens on the corenetwork as well as provides a poor quality of service (QoS),due to the following reasons: 1) there are extra costs in thedata transmission due to the under-utilization of bandwidthand resources, 2) the increase in data size will drasticallydecrease network performance, 3) the explosive growth inthe number of IoT devices will make it quite difficult tomanage network connectivity and traffic, and 4) time-sensitiveIoT services and applications including smart transport, smartelectricity grid, and smart city, will suffer from unaccept-able long delays. All these issues and limitations can beefficiently alleviated by adopting the edge computing-assistedIoT architecture. In such architecture, we combine the currentcloud computing infrastructure with the edge computing (EC)paradigm to efficiently address the aforementioned problems.
Figure 2: Paper organization.This is achieved by locating nodes/servers near the networkedge, closer to data sources [6]–[9]. Doing so will supportIoT services and applications with reduced latency, flexibleaccess, and enhanced network security. According to the IDC[3], the network edge will be responsible for processing andstoring 40% of edge-originated data in the future EC-assistedIoT architecture.As illustrated in Fig. (1), EC-assisted IoT systems areinvolved in managing and controlling a massive amount ofdata related to vital and sensitive applications in differentsectors ranging from health monitoring to smart buildings.This has made it a target for attacks including hacking,cybercriminals, and governmental attacks. Adversaries mayhack IoT devices/sensors to steal sensitive information such asfinancial accounts, bank cards, location data, and health infor-mation. Attackers may also spy on individuals or even launchprotest campaigns against an organization. Furthermore, it isreported in [2] that more than 25% of the botnet attacks wereoriginated from IoT devices, including home appliances, babymonitors, and smart TVs. Moreover, many websites in 2016,such as Netflix, Twitter, and Spotify, have been attacked byan organized distributed denial of service attacks originatedfrom IoT smart devices. Therefore, it is crucial to conductextensive and in-depth studies and develop effective solutionsto handle security and privacy threats in the EC-assisted IoTnetworks. This would enable the development of secure smartdevices/sensors for the emerging EC-assisted IoT services andapplications.There are several published research works aimed at ad-dressing the aforementioned issues. Some of these papersare surveys related to the security of IoT in general withoutconsidering the EC aspect [1], [2], [10]–[12], while otherpapers are proposing and developing security and privacy-related solutions and countermeasures for EC-assisted IoT [8],[9], [13]–[34]. Although there are existing surveys related tosecurity and privacy in the context of EC-assisted IoT [5]–[7], [19], [35]–[42], they are either; 1) still missing some ofthe most recent and prominent research works, 2) coveringa limited number of security and privacy issues, 3) do not adequately cover the security and privacy attacks along withtheir countermeasure, 4) just presenting particular case studiesfor specific operating scenarios, or 5) considering differentaspects of classifications. Motivated by the aforementionedsecurity and privacy issues, and the research gaps and scarcityof existing literature in the context of EC-assisted IoT, thispaper is proposed to fill these gaps and to overcome theseshortcomings. In particular, this paper provides a comprehen-sive literature survey on security and privacy issues in thecontext of EC-assisted IoT. The main contributions of thispaper are summarized as follows: • We provide an overview of the EC-assisted IoT paradigm,including definitions, applications, and architecture. Wealso describe the advantages and limitations of EC-assisted IoT systems. Then, we define security and pri-vacy in the context of EC-assisted IoT. • We present thorough classifications of attacks and threats.Then, we discuss the possible solutions and countermea-sures at different network layers and for different securityand privacy issues. We also summarize some of the mostrecent research efforts pertaining to security and privacyin the context of EC-assisted IoT. Hence, the reader willbe provided with an in-depth analysis of which attackshave been launched, what countermeasures have beenconsidered in the literature to address them, and whichthreats still lurk. • We extract, analyze, and summarize the most prominentsecurity and privacy issues of EC-assisted IoT as reportedin the literature. We also classify them based on EC-assisted IoT services and based on security objectives andfunctions. • We extensively outline and describe some security andprivacy-related open challenges, and provide deep in-sights into some promising future research directions inthe context of EC-assisted IoT paradigm.The rest of this paper is organized as follows. Section II pro-vides a background related to the EC-assisted IoT paradigm.Definitions, applications, and architecture of this technology
Figure 3: Standard layer architecture of EC-assisted IoT.are described. Section III gives classifications of security andprivacy attacks and threats for EC-assisted IoT. Section IVdescribes the possible security solutions and countermeasures.It also gives a comprehensive analysis on security and pri-vacy issues for EC-assisted IoT. Classifications based on EC-assisted IoT services and based on security objectives andfunctions are also provided in Section IV. SectionV providesopen challenges along with future research directions. Finally,section VI summarizes the paper. The organization of the paperis illustrated in Fig. (2).II. I
NTEGRATION OF E DGE C OMPUTING AND I O T:EC-A
SSISTED I O TThis section provides an overview of the fundamental con-cepts, applications, and architecture of the integrated IoT andEC paradigm. Related research efforts will be also cited.Both IoT and EC are separately rapidly evolving. Never-theless, the characteristics of each paradigm are quite similar[35]. Therefore, IoT experts are pushing towards integratingEC and IoT paradigms in order to support the critical IoTapplications that require enhanced QoS (see Fig. (1)).Fig. (3) shows the standard three-layer architecture of EC-assisted IoT paradigm. It is composed of the same layersof the conventional EC structure, where all the IoT ”things”(i.e., devices and sensors) are considered as end users forEC. For the conventional IoT architecture, the EC layer doesnot exist. For the conventional EC architecture, there is anadditional intermediate layer called “Core Networks“ betweenCloud layer and EC layer. There is also fog computing (FC)architecture, which is a standard that enables bringing cloudcomputing capabilities to the network edge. Although thereis a tight overlap between EC and FC architectures [43], FCfocuses more on the network infrastructure layer, while ECfocuses more on the things layer [44]. To be more specific,FC enables repeatable structure in the EC concept, such thatnetwork developers can push computation capabilities outof the cloud computing layer to the EC servers in orderto enable a robust and scalable performance. Whereas, ECassigns computation and processing resources from the cloudto the data-originating IoT devices at the network edge [45].Another difference is that FC typically uses open standardtechnologies, whereas EC can use both open and proprietarytechnologies. It is noteworthy that this paper is dedicatedto surveying security and privacy for the EC-assisted IoT paradigm. However, the interested reader can refer to [19],[40]–[42], [46]–[53] for related literature on the FC-assistedIoT paradigm.In order to support the innovative IoT applications for theedge devices, and to enable the promising vision of the EC-assisted IoT paradigm, research community and industry haveproposed a wide variety of EC architectures and technologies.Such technologies include the cloudlets mini servers [54]–[60], vehicular (or portable) edge computing (VEC) [61]–[66], and edge-cloud [67]–[70]. These technologies mainlyenable the deployment of applications in harsh and rapid time-varying environments. There are also mobile edge computing(MEC) [71]–[76] and mobile cloud computing (MCC) [77]–[80] technologies, which enable the deployment of extensive-computation applications on the local IoT smart devices. Thisis by offloading a large portion of the applications locally onthe devices themselves. Our main focus in this paper is onsecurity and privacy issues in the EC paradigm in general.Generally speaking, IoT can utilize the resources of both ECand cloud computing, such as the high computational capacity,large storage, and huge power capabilities. However, EC ismore beneficial for time-sensitive applications that requirefast response time with tolerable computational capacity andmoderate storage space. On the other side, EC will benefitfrom IoT as well, by making IoT devices that have tolerablecomputation capacity act as EC nodes to provide services.Indeed, the explosive increase in the number and types of IoTsmart devices will further push towards merging EC and IoT.Although there is extensive research on conventional IoTcloud computing [11], [12], there are also several researchworks that investigate the feasibility of exploiting EC to assistIoT. The authors in [35] conduct a survey to analyze how ECcan assist the performance of IoT networks. The performanceof EC and cloud computing architectures are also comparedin some IoT applications, such as smart transportation, smartcity, and smart grid. In [37], the authors survey multi-accessEC, and they present a holistic overview of this paradigm inrelation with IoT. The integration of multi-access EC intoIoT applications and their synergies are also analyzed anddiscussed. In addition, the technical aspects of this paradigmare also investigated to provide insight into different inte-gration technologies in IoT multi-access EC. Ni et al. [36]examine the architecture of mobile EC and they discuss thepotentials and advantages of using it to improve data analysisand computational efficiency for various IoT applications.The work in [38] investigates the key rationale, efforts, keyenabling technologies, and typical applications of EC-assistedIoT. In [41], the authors present a survey on EC-assistedIoT literature in the period 2008 − et al. [81] discuss some of the technologies, scenarios,issues, and benefits of EC-assisted IoT. The authors in [44]present several case studies for EC-assisted IoT, such as cloudoffloading and smart city/home, and they introduce severalchallenges and future research directions. The concept ofindustrial IoT (IIoT) is introduced in [82], in which the authorspresent the research progress and future architecture of EC-assisted IIoT. The authors also survey some research efforts related to security, task scheduling, routing, standardization,and data storage and analytics in the context of EC-assistedIIoT. A. Advantages of EC-Assisted IoT
There are several prominent advantages of integrating ECto assist the IoT, which can be classified into three maincategories.
1) Communication:
EC-assisted IoT networks have en-hanced network performance in terms of reduced latency (bothcommunication and computation), reduced bandwidth usage,reduced device power consumption, and reduced packet dataoverhead [35], [41]. Hence, the overall network performancein terms of communication is tremendously improved, whichenables them to fulfill the QoS requirements of the time-sensitive IoT applications and services.
2) Computation: in EC-assisted IoT networks, data pro-cessing and computation will be offloaded to the edge servers,which relieves a massive burden from the centralized cloudservers. This guarantees enhanced network efficiency in termsof resource utilization and priority management [38].
3) Storage: since IoT end devices usually have limitedstorage capabilities, EC servers provide storage services tosuch devices. This is by migrating all the data generated orcollected by the devices to storage servers. Doing so willassist in managing load balancing and failure recovery issues,leading to a significant enhancement in the QoS.
B. Challenges of EC-assisted IoT
Although there are several advantages of utilizing EC-assisted IoT architecture, there still many key challengesencountered.
1) Security and Privacy:
EC will encounter new andunforeseen security and privacy issues. IoT functionality re-quires the migration of services between local and globalscales, which renders the network more vulnerable to potentialmalicious activities. In addition, since the users’ privacy-sensitive information will be shared and/or stored at the ECservers, security and privacy become crucial challenges insuch a distributed structure. This renders the EC-assistedIoT networks more vulnerable to cyber attacks and threats.Generally speaking, malicious attacks can be encounteredduring the three main processes of EC servers; communication,computation, and storage [5], [6], [10], [13], [18], [36], [39],[40], [42], [44]. Later in Sections III, IV, and V, we willprovide a comprehensive analysis of the “security and privacy“issues.
2) Network Heterogeneity:
EC-assisted IoT networks areheterogeneous, as they ensemble various network topologies,physical platforms, and servers. Hence, ensuring seamlessoperations for IoT devices in such a complex and sophisticatedenvironment represents also one of the main challenges. Forexample, it would be quite challenging to program and controlresources in applications running on different scattered andheterogeneous physical platforms.
3) Resource Management: controlling, managing, andoptimizing the three main resources (communication, com-putation, and storage) of the decentralized EC-assisted IoT networks is also one of the crucial issues that must beproperly investigated and addressed. This issue emerges due tothe tremendous heterogeneity of service providers, IoT edgedevices, applications, etc.
4) Smart System Support: the merging of smart IoTdevices, such as meters, sensors, and actuators, will provideunprecedented opportunities for data collecting/sharing, re-source allocation and optimization, and system management.Nonetheless, the challenge remains in how to enable multipleEC servers/nodes to store, process and share the collecteddata traffic from these multi-platform devices spanning widegeographical areas, in a manner that ensures optimal andtimely management decisions.
C. Definition of Security and Privacy in the Context of EC-Assisted IoT
As we mentioned previously, EC-assisted IoT systems man-age a massive amount of information at the edge of IoTnetworks. Such information belongs to a range of low to high-sensitive applications and services of various vertical IoT sec-tors (see Fig. (1)). In the conventional implementations of EC-assisted IoT systems (see Fig. (3)), the data communicationbetween end devices and EC nodes is accomplished throughwired and/or wireless links. Whereas, the data communicationfrom EC nodes to the cloud system utilizes either publicor private networks [13]. Unfortunately, none of these EC-assisted system implementations is well-secured, making themvulnerable to huge security and privacy threats and attacks.Several research works have analyzed such threats. Theauthors in [36] study the security, privacy, and some efficiencychallenges of data processing in mobile EC. The opportunitiesfor improving data security and privacy as well as enhancingcomputational efficiency with the assistance of EC, are alsodiscussed. Solutions presented in their paper include securedata duplication and aggregation as well as secure computa-tional offloading. In [40], the security mechanisms, threats,and challenges of some EC paradigms are analyzed. In [6],the authors describe the possibility of utilizing the attractivefeatures and advantages of EC paradigms in enhancing somecritical security and privacy issues in vehicular networks, par-ticularly in revocation and authentication issues. The conceptand features of EC-assisted IoT are introduced in [39], alongwith the requirements for its secure data analytics. The authorsalso analyze some prospective security and privacy threats andattacks, and they discuss some mechanisms for outsourcingdata analytics. The authors in [5] provide an analysis of someof the data security and privacy attacks, and they describecountermeasure technologies in EC-assisted IoT networks.Multi-access EC is a new paradigm that works as a com-plement for the centralized cloud architecture. It providesadditional computing and storage resources at the edge of radioaccess networks and IoT applications. The authors in [13]conduct a survey to study the security challenges in mobileEC networks. The study focuses on security issues in systemsof environment perception industrial IoT networks and mobileIoT based on a network of unmanned aerial vehicles (UAVs).The wireless medium is more vulnerable to attacks since it can be accessed by both authorized users and adversaries.Therefore, their study aims to discuss the security issues of thetwo aforementioned applications which exploit the benefits ofmobile EC.Creating a secured and privacy-preserving EC-assisted IoTecosystem demands the implementation of different types ofsecurity and privacy mechanisms, requirements, and solutions.Section III explains the main security threats and attacks.Whereas, Section IV discusses the corresponding countermea-sures, along with the related research work. Section IV alsoexplains the main security/privacy mechanisms, and classifythe related work based on security functions and services.III. C
LASSIFICATIONS B ASED ON S ECURITY AND P RIVACY A TTACKS AND T HREATS
This section describes the key possible security and privacyattacks, their types, and their sources at different levels andlayers (e.g., EC devices, communication and EC servers/nodes,and cloud servers) of EC-assisted IoT networks. Relatedresearch papers that survey each type will be also cited ineach category.
1) Malicious Hardware/Software Injection: attackers canadd unauthorized software/hardware components to the com-munication or EC node levels, that inject malicious inputsinto the EC servers. This will enable adversaries to exploitservice providers to perform hacking processes on their behalf,such as bypassing authentication, stealing data, reporting falsedata, or exposing database integrity [1], [10], [11], [39],[40]. Hardware injection attacks have several classifications,including 1) Node Replication, in which adversaries will injecta new malicious EC node to the network and assign it an IDnumber that is a replica of existing authorized node. Doing sowill enable attackers to corrupt, steal, or misdirect data packetsarriving at the malicious replica. In addition, node replicascan also even revoke legitimate EC nodes by implementingnode-revocation protocols [1]. 2) Hardware Trojan, which isillegitimate access to integrated circuits (ICs), that makesattackers control the circuit and access data or even softwarerunning on these ICs. Trojans have two types; a) internally-activated Trojans, which can be triggered and activated ifa particular condition is satisfied inside the ICs, and b)externally-activated Trojans, which are activated by sensorsor antennas that interact with the outside world [1], [11]. 3)Camouflage, in which attackers inject a counterfeit EC node tothe network, which will work as a normal EC node to generate,share, receive, store, process, redirect, or transmit data packets[1]. 4) Corrupted or Malicious EC Nodes, which are used togain unauthorized access and control on the network, theninjecting misleading data packets or even blocking the deliveryof legitimate and true data packets [1], [10], [36], [37].
2) Jamming Attacks: in which attackers intentionally floodthe network with counterfeit messages to exhaust communi-cation, computing, or/and storage resources. This will renderauthorized users unable to use the infrastructure of the EC-assisted IoT network [39].
3) Distributed Denial of Service (DDoS) Attacks: outageattacks, sleep deprivation, and battery draining are the most famous types of DDoS attacks against EC nodes. In outageattacks, EC nodes stop performing their normal operationsas they have been exposed to unauthorized access. In sleepdeprivation, adversaries overwhelm EC nodes with an un-desired set of legitimate requests. Such an attack is muchharder to be detected. In battery draining, the battery ofEC nodes or sensors/devices is depleted, so nodes failure oroutage occurs. On the communication level, however, the mostcommon DDoS attack is jamming the transmission of signals,which includes: 1) continuous jamming over all transmissionsand 2) intermittent jamming by sending/receiving packetsperiodically by EC nodes [1], [2], [5], [10], [11], [13], [36],[37], [39]–[42].
4) Physical Attacks or Tampering: this attack happensif attackers can access the EC nodes/devices physically. Insuch a case, valuable and sensitive cryptographic informationcan be extracted, the circuit can be tampered with, and thesoftware/operating-systems can be modified or changed [1],[10], [11], [13], [39]–[41].
5) Eavesdropping or Sniffing: adversaries covertly listento private conversations, such as usernames, passwords, etc.,over communication links. If sniffed packets contain accessor control information of the EC nodes, such as nodes’configuration, nodes’ identifiers, and password of the sharednetwork, attackers can gain crucial information about thenetwork [1], [10], [11], [39].
6) Non-Network Side-Channel Attacks: even if EC nodesare not transmitting any data, they may reveal critical in-formation. For instance, the detection of known electromag-netic/acoustic signals or protocols from medical devices canlead to serious privacy issues, as critical information about thepatient and device can be leaked [1], [11].
7) Routing Information Attacks: attackers alter routinginformation by redirecting or dropping data packets at thecommunication level. The malicious EC nodes might be: 1)Black Holes, which drain all network’s packets, 2) GrayHoles, which drain selective packets, 3) Worm Holes, in whichattackers will first record packets at one network locationthen migrate them to another location, or 4) Hello Flood, inwhich a high-power malicious EC node broadcasts ’HELLOPACKETS’ to all nodes claiming to be their neighbor [1], [11],[39].
8) Forgery Attacks: in which attackers inject new fraudulentdata packets and interfere with the receiver causing systemdamage or failure. These data packets are inserted to communi-cation links using methods such as 1) inserting malicious datapackets that seem legitimate, 2) capturing then modifying datapackets, and 3) replication of previously exchanged packetsbetween two EC nodes/devices [1], [11], [13], [39], [40].
9) Unauthorized Control Access: neighboring EC nodescommunicate with each other to access or share their data.However, if attackers can access one of the unsecured ECnodes, it is possible to control the whole neighboring nodes[1], [11].
10) Integrity Attacks Against Machine Learning: machinelearning methods used in EC-assisted IoT are also vulnerableto two types of attacks; 1) causative, in which attackerschange the training process of machine learning models by manipulating and injecting misleading training dataset, and 2)exploratory, in which attackers utilize vulnerabilities withoutchanging the training process [1].
11) Replay Attack or Freshness Attacks: in which attackerscapture and record data traffic for a particular period of timeand then use this historical data to replace the current real-timedata. Doing so will cause energy and bandwidth consumptionof EC nodes as well as other adverse effects [11], [13].
12) Inessential Logging Attacks: if log files are not en-crypted, this type of attacks can lead to damage in EC-assistedIoT systems. Therefore, system and infrastructure developersmust log events, such as application errors and attempts ofunsuccessful/successful authorization/authentication [40].
13) Security Threats from/on IoT Devices: cyber attackson EC devices include mobile Botnets, ransomware, and IoTmalware. In 2017, over 1.5 million attacks originated frommobile malware were reported [36]. Such threats bring securityconcerns towards both edge users and applications leading todata leakage/corruption or even application death [36], [39].
14) Privacy Leakage:
EC nodes’ functionalities may needto extract personal information from the data generated byuser devices. Some might be sensitive, e.g. personal activities,preferences, and health status; however, others might not be,e.g. air pollution index, public information, and social events.Nonetheless, all information must belong to data owners. Un-fortunately, they could be shared with other users or networkentities without granting permission from the informationowners, which makes them vulnerable to intruders duringdata transmission/sharing. Attackers can exploit the locationawareness of EC nodes (e.g., Wi-Fi hotspots and base stations(BSs)) to detect and track the device’s physical position orother sensitive information from the physical location of theseEC nodes. Moreover, if user devices establish connectionsto multiple EC nodes simultaneously in order to access aparticular service, the physical location might be preciselydetected using positioning techniques [36], [39], [40].
15) Other Attacks:
EC-assisted IoT paradigm is a combi-nation of heterogeneous resources and devices manufacturedby various vendors. Since there is neither a generally-agreedframework nor standard policies for the implementations ofthis paradigm, there still many security and privacy threatsundetected.IV. C
LASSIFICATIONS B ASED ON S ECURITY AND P RIVACY C OUNTERMEASURES AND F UNCTIONS
This section explains the main strategies and solutionsdeveloped to countermeasure the security and privacy attacksand threats explained in the previous section. In addition,classification based on security functions and services is alsoprovided.
A. Classifications of Solutions and Countermeasures
1) Countermeasures for Malicious Hardware/SoftwareInjection: there are several effective techniques developed totackle this; 1) Side-Channel Signal Analysis, which is usedto detect both: a) hardware Trojans, by implementing timing, power, and spatial temperature testing analysis and b) mali-cious firmware/software installed on IoT EC nodes/devices,by detecting unusual behaviors of nodes/devices, e.g., a sig-nificant increase in their heat, execution time, or power con-sumption [1]. 2) Trojan Activation Methods, which are usedto compare the outputs, behavior, and side-channel leakagesof Trojan-inserted vs Trojan-free circuits, in order to detectand model malicious attacks [1], [39]. 3) Circuit Modifica-tion or Replacing, this is also an effective countermeasureagainst physical/hardware, Trojan, and side-channel attacks.This countermeasure includes: a) tamper-preventing and/orself-destruction, in which EC nodes are physically embeddedwith hardware to prevent malicious attacks, or in the worstcases the EC nodes destruct themselves and/or erase their data,b) minimizing information leakage, by intentionally addingrandom noise or delay to the data, implementing a constantexecution path code, and balancing Hamming weights, andc) embedding Physically Unclonable Function (PUF) intothe circuit hardware, which enables device identification andauthentication to detect Trojan activities [1].
2) Policy-Based Mechanisms: which are used to detect anyviolation of policies, by ensuring that standard rules are notbreached. For example, they detect any abnormal requests tothe EC node that try to cause sleep deprivation or battery-draining [1].
3) Securing Firmware Update: the update of the network’sfirmware can be reliably established either remotely (e.g., ECservers broadcast messages to announce and share the updatedversion of firmware) or directly (e.g., using USB cables). Bothmethods require authentication and integrity to ensure securityupdates [1].
4) Reliable Routing Protocols: in which EC nodes create atable of trusted nodes for sharing sensitive and private infor-mation. Further explanation of this type of countermeasurescan be found in [1], [10], [11] and the references therein.
5) Intrusion Detection System (IDS): which is the secondline of defense employed to mitigate security threats by 1)monitoring network’s operations and communication links, 2)reporting suspicious activities, such as when predefined poli-cies are breached or when invalid information is injected intothe system, and 3) detecting routing attacks (e.g., spoofing ormodification of information) as well as Black Hole attacks [1],[11], [35], [40]. The authors in [8] propose an IDS architecturefor EC-assisted IoT, which integrates a trust evaluation mech-anism and service template with balanced dynamics. In theirproposed solution, the EC network is designed to minimizeresource consumption, whereas the EC platform is designedto ensure the extensibility of the trust evaluation mechanism.Lin et al. [15] propose a general EC IDS architecture, whichshows an efficient fair resource allocation in EC-assisted IoTsystems.
6) Cryptographic Schemes: which are strong and efficientencryption countermeasure strategies utilized to secure com-munication protocols against various attacks, such as eaves-dropping and routing attacks. Although there is a wide varietyof encryption/decryption strategies developed to enhance net-work security and privacy, such solutions are applicable forwired networks. Unfortunately, EC nodes are typically tiny sensors with limited resources, e.g., battery power, comput-ing/processing capabilities, and storage memory. Therefore,employing standard encryption/decryption techniques will in-crease memory usage, delay, and power consumption [1],[10], [11], [39]. The authors in [5] thoroughly explore thearchitectures and ideas of several key crypto-systems, suchas proxy re-encryption, attribute-based encryption, searchableencryption, identity-based encryption, and homomorphic en-cryption. Chen et al. [17] propose a non-cryptographic securityaccess method for the EC-assisted IoT paradigm. Unlike theconventional cryptographic algorithmic-based security accessscheme, their proposed solution does not require passwordauthentication, as it mainly relies on the differences in thehardware of the heterogeneous wireless access devices. Thework in [18] proposes a secure data-sharing scheme for EC-assisted IoT smart devices. The proposed scheme uses bothpublic and secret key encryptions. In addition, a searchingstrategy is also presented that enables authorized users to per-form secure data search within shared, encrypted, and storeddata in EC-assisted IoT networks, without leaking data, secretkey, or keyword. In [12], the authors present an architecturebased on data proxy concept, which applies process knowledgein order to enable security via abstraction as well as privacyvia remote data fusion.
7) De-patterning Data Transmissions: this strategy pre-vents side-channel attacks, by intentionally inserting fakepackets that change the traffic pattern [1], [5], [39].
8) Decentralization: this strategy ensures anonymity, bydistributing the sensitive information through EC nodes suchthat no node has complete knowledge of the information [39].
9) Authorization: this strategy prevents responses to re-quests originated by attackers or malicious EC nodes. Itscrutinizes if an entity (e.g., service provider, EC node/device,router, etc.) can access, control, modify, or share the data [1],[5], [11], [42].
10) Information Flooding: this strategy prevents intrudersfrom detecting and tracking the location of the informationsource [10].
11) Prior Testing: in which a behavioral test of the compo-nents of EC-assisted IoT network (EC routers/nodes, servers,etc.) is conducted prior to the actual operation. This is accom-plished by applying special inputs, pilot, and/or token signalsto the network and monitoring their outputs. This solutionmainly aims at identifying the possible attacks, simulate them,and evaluate their impacts on the EC-assisted IoT paradigm. Italso classifies the information to define which must be loggedand which is sensitive to be shared or stored [1], [39].
12) Outlier Detection: attacks against machine learningmethods aim at injecting data outliers to the training dataset.Such attacks are drastically mitigated using statistical dataanalytics methods [10], [39].
13) Secure Data Aggregation: which is a highly-secure,privacy-preserving, and efficient data compression strategy.In this scheme, individual devices will use homomorphicencryption schemes (such as Brakerski-Gentry-Vaikuntanathan(BGV) cryptosystem) to independently encrypt their own data,and then sends it to the EC nodes. The later will aggregateall data in order to compute the multiplication of individual data, and then send the aggregated results to the central cloudservers [10], [36], [39].
14) Secure Data Deduplication: removing data redun-dancy and utilizing the bandwidth in IoT networks requireto remove the replicate copies of data on intermediate ECnodes. Unfortunately, this will render sensitive informationdisclosed to intruders. To countermeasure this threat, securedata deduplication is used, in which intermediaries are allowedto access the replicated data without gaining any knowledgeabout it [36], [39].
15) Secure Data Analysis: the explosive advances in EC de-vices have enabled the shift of some artificial intelligence (AI)functionalities from the centralized cloud to EC devices/nodes.This will improve security, privacy, and latency. For ex-ample, partitioning network functionality execution amongEC nodes/devices and the central cloud enables individualnodes/devices to locally and independently train their ownmodels and then only share their individual trained modelsrather than their respective private training dataset [36], [39].
16) Authentication: in the EC-assisted complex environ-ment, it is required to make entities mutually authenti-cate one another across different trust domains. This in-cludes single/cross-domain and handover authentication. Suchschemes are discussed in detail in [5], [10], [11], [39], [40],[42].
17) Combining EC and Blockchain Technologies: blockchain is an emerging strategy that provides a trusted,reliable, and secure foundation for information transactionsand data regulation between various operating network edgeentities. It creates rules that enable decentralized systems tojointly perform decisions about the execution of particulartransactions, depending on voting and consensus algorithms.This will; 1) ensure a secure audit-level tracking of EC-assistedIoT data transactions and 2) eliminate the requirement for acentral trusted intermediary between the communicating IoTedge devices [41]. The authors in [14] develop a secure anddistributed data storage and sharing scheme for vehicular ECnetworks based on integrating the smart contract technologieswith consortium blockchain. Gai et al. [16] combine ECand blockchain technologies and they propose a permissionedblockchain EC model that addresses the privacy-preservingand energy security of smart grid EC-assisted IoT networks.They also present a security-aware strategy based on smartcontracts running on the blockchain, and they evaluated theefficiency of their proposed scheme experimentally.Table (I) provides a summary list of the papers discussed inthis section. They are classified based on security attacks andthreats as well as based on solutions and countermeasures theydiscussed. It is noteworthy that although some of the securityand privacy-related concepts, attacks, and solutions presentedin the original papers were in the context of conventionalcentralized cloud-based IoT, some are also applicable or canbe extended to the EC-assisted IoT paradigm as well.
Table I: L
IST OF THE P APERS D ISCUSSED IN S ECTION (IV), C
LASSIFIED B ASED ON S ECURITY AND P RIVACY A TTACKSAND C OUNTERMEASURES T HEY P ROVIDE . . Ref. [35] [10] [13] [37] [14] [8] [11] [36] [1] [6] [2] [15] [16] [17] [38] [39] [40] [12] [41] [5] [18] [42]Attacks andThreats 1 (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) Solutions andCountermeasures 1 (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) B. Classification Based on Security Functions and Services
Security is one of the main concerns in EC-assisted IoTsystems. Due to the diverse enabling technologies whichconstitute IoT networks, several security mechanisms needto be employed to support security. EC-assisted networks areusually comprised of a combination of virtualization platforms,wireless networks, peer-to-peer, and distributed systems. It isconsidered as a big concern, not only to provide protection toall these varied components but also to enable these diversesecurity mechanisms to coordinate and cooperate. Security andprivacy objective is to ensure confidentiality, integrity, andavailability of the system and its assets [19].Furthermore, storing the data collected by IoT devicesat the edge nodes might create a privacy issue as theseedge devices are more vulnerable to attacks than centriccloud servers [35]. Therefore, privacy protection is a majorissue in EC, and hence effective mechanisms should bedeveloped to preserve the privacy of users in the EC-assistedIoT environment. Security and privacy objectives can bemet by developing different protection mechanisms forauthentication, access control, data transmission, storage, andcomputation. Each one of these security functions has severalissues. In the following sections, we analyze and classifythem based on their impact on security and privacy objectivesand EC IoT services. a. Authentication
One of the main security aspects of EC-assisted IoTparadigms is authentication. Edge networks are composed ofmultiple distributed entities that coexist and interact withinecosystem domains. Hence end users, edge devices, serviceproviders, and data centers need to authenticate each other,which represents a challenge that requires a sophisticatedmultilevel authentication mechanism. It is not only necessaryto assign an identity to every entity in the domain, butalso all the entities need to authenticate each other mutually.These authentication issues demand complex authenticationcontrols to prevent external adversaries from attacking systemassets and resources [40]. The following subsections discusssome issues related to authentication mechanisms for the EC-assisted IoT networks.
1) Identity Management and Key Exchange for Mul-tiple Distributed Entities: given the limited resources ofIoT devices, inter-realm authentication systems, and identityfederation mechanisms are two of the solutions that can beexplored in this context. Besides the cooperation feature ofthese mechanisms, they allow devices and users to provideproof of their identity without a central authentication server.Applicability of distributed authentication mechanisms is stillan issue in EC-assisted IoT paradigms as in some cases,central authentication is still necessary to manage the identitiesof parts of the infrastructure [40]. Esiner and Datta [28]propose a layered security mechanism for EC-assisted IoT networks based on a distributed multi-factor authenticationwithout third-party interference. It mainly depends on knowl-edge and possession factors to prove user identity. Data aredistributed among several data storage centers and retrievedbased on a password of the user’s selection from multipleother passwords corresponding to each server. However, dueto the decentralized design of this protocol, users will not beable to restore their data if they forget the initial password.The proposed authentication mechanism from Jan et al. [20] depends on sharing a session key between nodes andtheir cluster head. To identify authorized nodes for the clusterheads, base stations (BSs) receive requests from edge nodesfor authorization. The proposed authentication mechanism in-volves different levels of identity definition and authenticationbetween edge cluster heads, edge devices, and BSs. The issueof the distribution and management of the encryption keys wasindicated as part of the future work of King et al. [83]. Theypropose a two-phases transmission security mechanism whereone layer represents the connection between IoT constrainedresources devices and the edge device. Whereas, the otherlayer secures the transmission between the gateway and theend server.Though end devices need to have a single authentic identityand secure key, applications within each device may requireadditional key exchange mechanism for further application-related security. Some studies indicated and explored thecomplexity of identity assigning and key management of cross-application mechanisms. The authors in [25] indicate thatuser devices might be engaged in multiple applications andrequire multiple security keys, which may increase securityrisk and key disclosure. The proposed solution to this problemas indicated in their study suggests that each IoT domaingenerates and maintains security keys for IoT devices belongto each domain. Each device has to maintain a set of securitykeys for each application. This may result in a big number ofkeys and will increase the complexity of key management.To solve this problem, the study adopted hierarchy-basedkey management, where services and applications credentialsare composed of multiple keys based on the level of theapplication in the hierarchical schema.
2) Development of Resources Efficient AuthenticationMechanisms: intruders usually aim to access the network andperform malicious actions, such as misleading data injectionor malicious code injection. To prevent intruders from access-ing the network, a sophisticated but efficient authenticationmechanism is required. In EC-assisted IoT, some edge deviceshave limited resources, and hence traditional complex au-thentication mechanisms might not be applicable [21]. There-fore, developing an authentication mechanism that utilizesthe available resources efficiently is an issue. In [21], theauthors propose an efficient Edge-Fog authentication scheme,to securely allow mutual authentication between Fog user andany Fog server. The proposed scheme does not depend onpublic key infrastructure (PKI) to perform the authenticationbut forces Fog users to store only one long-lived master secretkey which will allow to mutually authenticate with any Fogserver in the domain. To alleviate the problem of constrainedresources of some edge devices, Sha et al. [23] suggest moving security functions such as authentication to devices that haveenough resources to handle the computation need of other edgedevices. They develop a comprehensive architecture composedof several modules, each of which is responsible for handling acertain security service as a response to different challenges ofEC-assisted IoT. The security analysis module is responsiblefor assigning security functions to edge devices based oninformation about them collected by another module.
3) Maintaining Authentication Sessions: initiating as wellas maintaining authentication sessions of edge users is ageneral security issue in EC-assisted IoT systems. Using onlyusername/password to authenticate users might not be secureenough, the authors in [24], therefore, suggest a multi-factorauthentication mechanism. Their proposed solution maintainsthe session state through real-time identity monitoring. Edgedevices keep updating the state of the connection with theauthenticated user by regularly requesting additional authen-tication methods such as collecting information about thenormal behavior of the user or matching the current state ofthe user with valid former states. If a deviated or abnormalbehavior is detected a request for re-verification is triggered. b. Access Control
For any two entities in a system to share resources, they es-sentially need to have credentials and access policies. Most ofthe operations in EC-assisted IoT networks include requestingto access resources, sending or receiving data, and performingprocessing. If there is no defined authorization mechanism,access to system resources will have no restrictions, and henceillegal operations on IoT devices can be launched. To developan EC-assisted IoT authorization infrastructure, it is crucial toenforce security access policy in each trust domain. Entitieswithin the trust domain should be able to identify and verifyeach others’ identities. They also need to define the levelof resource allocation [5]. The following subsections indicatesome authentication and access control related issues.
1) Detection and Management of Transitive Access Con-trol: one of the access control issues is the transitive accessbetween edge devices or entities in EC-assisted IoT networks.Granting access to a certain device to access resources throughanother intermediate device should be controlled, as this mayexpose resources to malicious or unauthorized access. Sha etal. [23] propose a security analysis module to detect transitiveaccess and judge whether it is legal or not. The detectionmechanism is developed based on a representation of accessrequests as a directed graph.
2) Control Access to Fine-Grained Edge Node Compo-nents and Services: each edge device hosts multiple appli-cations and services. Controlling access to each element ofthese services and applications represents a challenge. Edgedevices have to grant access to resources based on a predefinedauthorization policy. Maintaining and forcing access policymay consume resources and thus, an efficient and secure mech-anism to maintain and force this policy is required. The authorsin [25] propose a fine-grained access control based on the keysand attributes of edge users and IoT devices. This may allowfor adopting different security measures by considering eachsecurity service as an object. The attribute-based encryptionmechanism combines the verification of the IoT device key with its attributes in addition to the access policy to encryptmessages and hence, only authorized edge devices and userscan have access to these messages. The attribute-based accesscontrol is introduced in EC-assisted IoT networks to reduce thenumber of rules resulting from role explosion. It protects datasecurity by sharing data between multiple users. As indicatedby Cui et al. [26], the attribute-based encryption providesscalable fine-grained access control over IoT edge resourcesand data. The authors in [26] adopt this mechanism into theEC-assisted IoT paradigm through the establishment of third-party key distribution and the availability of a secure channel.
3) Supporting Access Control for Dynamic Scalable IoTNetworks: most of the EC-assisted IoT networks have adynamically evolving architecture in terms of the number ofdevices, services, and users. Providing access control strategythat meets the growing requirements of these networks isa challenging problem. Maintaining access control based onstatic constant features of objects and entities may becomeobsolete by time and make the system vulnerable to variousattacks. Some solutions in the literature [25]–[27] propose ascalable access control mechanism based on different dynamicproperties. The solution proposed in [27] uses a capability-based access schema. They argue that the attribute-basedencryption mechanism used in [25], [26] may not meet therequirements of EC-assisted IoT networks as it might increaseeffort and complexity of policy management as the number ofdevices increases and size of the network expands, which maynot make it a perfect solution for the scalable distributed EC-assisted IoT networks. The authors in [28] propose a layeredsecurity mechanism based on a distributed multi-factor accesscontrol. Their proposed protocol does not require a third-partyinterference, and it mainly depends on knowledge and posses-sion factors to prove user identity. By distributing data amongseveral edge data storage centers and derive several passwordsfor storage servers based on an initial seed password, theyprovided a decentralized access control mechanism suitablefor scalable dynamic EC-assisted IoT networks. c. Data Security
Since data is the main element of IoT systems, it needs tobe protected during transmission, computation, and storage.The development of the EC-assisted IoT paradigm aimedbasically to alleviate latency and reduce data transfer betweencloud servers and IoT edge devices. Reducing the amount ofdata transmission between network devices will decrease theexposure of these data to attacks. Therefore, the EC-assistedIoT paradigm provides a more secure architecture than theother computing paradigms, such as cloud computing. In EC-assisted IoT, the edge nodes are responsible for carrying asignificant part of processing tasks by receiving input fromother edge nodes and sending output to end-users or cloudservers. Hence some input and output data transmission overthe network is still exposed and needs protection. Moreover,the data is stored at the edge devices and thus, a securemechanism is required for storage protection. Some issuesassociated with data storage and transmission will be discussedin the following subsections.
1) Data Storage Auditing and Encryption Latency: oneof the main similarities between cloud computing and EC is data outsourcing. Data is usually stored in edge servers,and hence there is a possibility of data loss, disclosure, ormodification. Therefore, provision for data storage auditingis one of the most important solutions. Several services areprovided by the infrastructure providers, including third-partyauditing services, which are usually associated with a set ofauditing policies. Several other techniques can be adopted toensure confidentiality and integrity. Encryption is one of thesemethods that can also be utilized to check for the untrustednetwork. However, data auditing controls and data encryptionmechanisms should be as efficient as possible, given that themain purpose of the EC-assisted IoT paradigm is to reducelatency and improve response time [5].
2) Support Multiple Encryption Mechanisms: providingsecurity to real-time data transmission between edge devicesrepresents another challenge. To secure data transmission overthe EC-assisted IoT network, Jan et al. [20] propose an end-to-end encryption framework. Their proposed framework aims atproviding security to real-time multimedia streams for smartcities. The edge IoT devices usually have different levels ofcomputing and storage resources, hence different levels ofencryption mechanisms are required to fit the capabilities ofedge devices. Providing different types of encryption levels is achallenge, and allowing for interconnectivity between differenttransmission encryption mechanisms is also another challenge.The framework proposed in [20] includes an authenticationmechanism to initiate an encrypted data transmission usingdifferent levels of encryption complexity based on the typeof the destination (edge node or cloud server). Sha et al. [23] develop a protocol mapping module to assign differenttransmission protocols to different edge devices based ontheir resources. With different transmission protocols, comesthe problem of interconnectivity, which is caused mainly bythe heterogeneity of communication protocols used by edgedevices. The interface manager module proposed by [23], isdesigned to handle this issue by forwarding the package to theedge layer device that supports the detected communicationprotocol. Moreover, the authors in [83] propose a two-layertransmission security mechanism where one layer representsthe connection between IoT constrained resources devices andthe edge device (gateway). The transmission at this layeruses Advanced Encryption Standard (AES)-128 encryptionstandard. The other layer secures the transmission between thegateway and the end server. This layer uses Hypertext TransferProtocol Secure (HTTPS) to secure the transmission betweenthe gateway and the server. The study does not suggest anyauthentication mechanism, and it added data integrity andavailability as future work. Furthermore, the distribution andmanagement of encryption keys are found to be an issue thatcan be addressed as future work.
3) Providing Protection to Distributed Decentralized DataStorage: outsourcing data at the edge servers poses severalsecurity issues, for the decentralized distributed EC-assistednetworks. One of the imposed issues is the capability to storedata in a decentralized environment, where the network israpidly growing and no central authentication or authorizationmechanism is provided to secure access to this data. In[28], the authors propose a security layered mechanism for decentralized edge data storage. They established their solutionfor multi-factor access control. Data storing and retrieving canbe established without the need for a third-party. It is mainlybased on multi-factor several passwords as per the number ofstorage servers. The server password derived from an initialseed password. d. Computation One of the main objectives of security in EC-assistedIoT networks is to ensure the integrity and confidentialityof data computation. Data encryption is one of the securitymechanisms, which can be employed to prevent data visibilityor disclosure. Computation centers within the EC-assistednetwork have the provisions to offload some of the processingof the data to each other. Therefore, they need to verify thedata generated by other computation centers and establishtrust between the two data centers. Users also need to verifythe validity and security of the acquired data. Other types ofissues in security of EC include the development of securitysolutions on top of the EC distributed infrastructure. Due tothe constrained resources and distributed, heterogeneous, andscalable architecture of EC-assisted IoT networks, deploymentof security services and applications over these networksrepresents one of the main challenging problems [5]. Thefollowing subsections indicate two computational challengesof the development of security architectures.
1) Distribution of Security Services and Functions: edgedevices vary in terms of resources, location, and availability.Identifying the best strategy to disseminate security functionsand services over edge devices represents a challenge. Sha et al. [23] develop a security mechanism, which depends ondistributing security services such as firewalls and intrusiondetection over multiple edge devices, given the availableresources of each device. The authors in [22] suggest that thereare similarities between living organisms and IoT deploymentsin terms of security challenges. Therefore, they proposed asecurity architecture design similar to the virtual immunesystem for protecting the devices in the EC-assisted IoT.They defined cell components represented by software agents,which is responsible for monitoring, collecting information,and performing actions, whereas the kernel is responsible formaking decisions and situation analysis based on informationcollected by the cells software agents. The main purpose ofthis design is to protect the EC-assisted IoT ecosystem fromexternal intruders by monitoring traffic and data transmissionin addition to other types of data collected from IoT devices.
2) Flexibility to Support Various Security Protectionsfor Diverse IoT Applications:
The development of securitysolutions for EC distributed heterogeneous architectures is achallenging problem. Some security solutions might not beapplicable to all types of edge devices and applications, thusbuilding a flexible security solution that does not require afundamental change in the infrastructure of the different IoTnetworks is considered a security issue. The authors in [25]propose such a reconfigurable security framework for EC-assisted IoT networks. e. Trust Modeling
The development of trust modeling for IoT in generaland EC, in particular, is increasing. It is generally targeted to protect against internal attacks, where IoT devices aremore vulnerable to internal intruders. External attacks usuallymitigated using different types of controls such as authentica-tion, encryption, and authorization. Protection against internalattacks, on the other hand, requires not only traditional securitymechanisms but also other types of security controls such astrust modeling techniques. In many cases, the internal attackeremploys some IoT devices in the network to initiate the attack.Therefore, maintaining a trust evaluation mechanism can be asolution to identify the source of the internal attack to contain,reduce or eliminate the threat [84]. The following subsectionsdiscuss some trust modeling issues related to the EC-assistedIoT networks.
1) Maintain Trust for Dynamic Scalable Edge Networks: in the EC-assisted IoT paradigm, the trust evaluation mech-anism is moved from the cloud to the edge devices. In thetrust evaluation mechanism proposed by Wang et al. [84], IoTedge devices can only perform simple direct trust estimations,and they forward exceptions and abnormal calculations to theedge servers for verification and management. Their proposedmechanism considers two modes of architecture, the fixedmode, and the moving mode. For the moving mode, thekey issue is to develop a strategy to update the state ofthe trust of the moving IoT edge devices in the network.A hierarchical architecture was proposed by their study toalleviate the problem of the moving devices. Collecting trustinformation about IoT devices is accomplished at the edgedevices, which performs state analysis and maintains the entiretrust state of the EC-assisted IoT network. The study assumesthe existence of an edge platform that is composed of powerfuledge servers to perform complex operations such as servicetemplates establishment. In [29], the authors propose a multi-weighted distributed reputation management framework forvehicular EC. To alleviate the problem of the scalabilityof vehicular networks, they employed several types of edgedevices such as gateways and base stations (BSs) to collectand process trust information from vehicles. The data thenforwarded to edge servers that communicate with each otherand exchange information. However, Yuan et al. [30] providea trust computing mechanism for which edge devices are re-sponsible for not only collecting trust feedback from differentsources but also performing the computation without relyingon the central network. This distributed computing architectureprovides support to the scalable EC-assisted IoT networks.
2) Maintain Consistent Reliable Distributed Trust Infor-mation in Edge Devices: in cloud computing, cloud serversare responsible for collecting information from IoT devicesand performing computations. IoT devices are just responsi-ble for sensing and reporting, controlling, etc. Establishingreliable and efficient trust management is performed by cloudservers. In the EC-assisted IoT paradigms, on the other hand,edge devices and edge servers share the responsibility ofestablishing and maintaining trust information about IoT edgedevices, users, applications, etc. Sharing and processing trustinformation in a distributed manner raise several issues interms of maintaining trust information in edge devices andservers as consistent as possible. The authors in [29] suggestmoving trust information from edge devices to edge servers Table II: L
IST OF THE P APERS D ISCUSSED IN S ECTION (III), C
LASSIFIED B ASED ON S ECURITY S ERVICES AND F UNCTIONS . Ref. Authentication Access control Data Security Computation Trust Privacy1 2 3 1 2 3 1 2 3 1 2 1 2 1 2[40] (cid:2) [28] (cid:2) (cid:2) (cid:2) [20] (cid:2) (cid:2) [83] (cid:2) (cid:2) [25] (cid:2) (cid:2) (cid:2) (cid:2) [21] (cid:2) [23] (cid:2) (cid:2) (cid:2) (cid:2) [24] (cid:2) [26] (cid:2) (cid:2) [27] (cid:2) [5] (cid:2) [22] (cid:2) [84] (cid:2) [29] (cid:2) (cid:2) [30] (cid:2) (cid:2) [31] (cid:2) [32] (cid:2) [33] (cid:2) to maintain efficient and accurate multi-weighted updates oftrust information in a timely manner. Yuan et al. [30] proposean adaptive algorithm to collect and maintain the overall trustof IoT edge devices, which depends on objective informationbased on entropy theory. The algorithm is proposed to maintainaccurate and consistent evaluation of trust information. f. Privacy
Moving data processing to edge devices raises an issue ofpreserving the privacy of user’s data, behavior, and location.User data can be leaked, misused, or stolen which maydiscourage users from integrating EC-assisted IoT networks.Some curious adversaries who have the authority to accessthe data, such as service providers or edge data centers, mightmisuse or exploit personal data of users [5]. Moreover, edgedevices are distributed and scattered in wide and open areas;therefore, the central controlling of these edge devices mightbe difficult. If one of the edge nodes compromised, intrudersmight use it as an entry point to the EC-assisted IoT network.The intruder exploits this vulnerability to steal users’ personalinformation and private data that is exchanged between edgedevices. The following subsections discuss privacy issuesrelated to the user’s identity, data, and location [42].
1) Identity and Data Privacy: generally, the privacy andsecurity issues of EC-assisted IoT have recently gained theattention of the industry [31]. This is due to the fast-growinginterest in these networks since they provide several ad-vantages, including latency alleviation. Du et al. [31] con-firmed that privacy issues analysis in EC has received littleattention especially for data science and machine learningapplications. Their study considers preserving the privacy ofprocessing big data using machine learning. They mentionthat edge nodes are distributed randomly over the networkwhich makes controlling them infeasible. If one of the nodeshas poor security controls, it might become the fuse of theintruders malicious attack. To preserve the privacy in machinelearning applications for EC-assisted IoT, they propose amachine learning privacy architecture for data aggregationand collection which consists of three levels. The system-level management, which is the core of the architecture. It is responsible for controlling the whole system and providesaccess to users and other parties. The second layer representsthe host level virtualization layer of the proposed architecture.The last one is the network level layer, which preservesinformation collection at the network layer. Some machinelearning EC solutions have been proposed to move processingto the edge device to maintain the privacy of the user’s identityand data. Data transmission to the edge server or the cloudserver is no longer required, and hence private informationof users remains enclosed at the edge devices. The solutiondeveloped by [34] is proposed to anonymize the edge devices.The proposed application is crowd management (or crowdcounting). Although they would process full RGB imagesand data at the edge, only aggregated counts would everleave the edge, thereby effectively anonymizing any privacy-sensitive information, which was a very sensitive goal inthe region. This computing mechanism is proposed to hideusers’s identities and can be considered a challenge and anopportunity.
2) Location Privacy: there are many web services and ap-plications which provide location-based functions. Users needto submit their location to the service provider to have accessto services. In many cases, location information leakage repre-sents a definite danger and real concern to users. The authorsin [32] introduce a system for mobile online social networks,which provides a flexible privacy-preserving location sharing.The system can identify untrusted strangers among socialrelations within a certain range. It hides location informationby separating the storage of user identities and anonymouslocation information and then storing them in two separateentities. If one of the storage entities leaked or attacked,information about the location will be harmless because itwill not reveal user identities. Chen et al. [33] propose ascheme to preserve location information of mobile users. Theschema employs Markov Chain for distributed cache pushingproxies, which can divide location information into groups andstore them separately. The location information is preserved byreceiving location-based data from the cache proxies withoutrevealing their real locations to service providers. Table III: R
ELATIONSHIP B ETWEEN S ECURITY C OUNTERMEASURES D ISCUSSED IN S UBSECTION (IV-A)
AND S ECURITY F UNCTIONS D ISCUSSED IN S UBSECTION (IV-B)
ID Authentication Access Control Data Security Computation Trust PrivacySolutions andCountermeasures 1 (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) (cid:2) Table (II) lists some of the studies identified in Subsection(IV-B). The table indicates which types of security issuesor challenges are addressed by each study. In this paper,we attempt to focus only on research works that addresssecurity issues in the EC-assisted IoT paradigm. Table (III),on the other hand, shows the relationship between the secu-rity/privacy solutions and countermeasures discussed in Sub-section (IV-A) on one side, and the security/privacy functionsand services discussed in Subsection (IV-B) on the other side.This table illustrates which security countermeasure techniqueis addressing which security function and service type. We no-ticed that only a few numbers of studies tried to cover securityissues associated with the EC-assisted IoT in particular. Thereare several issues for which current studies may not provideadequate solutions. Research in some security/privacy aspectsof EC-assisted IoT still in progress, and many questions andproblems are yet to be answered.V. O
PEN C HALLENGES AND F UTURE R ESEARCH D IRECTIONS
Although we have discussed the main security and privacyissues such as main mechanisms, attacks, and possible counter-measures, there still open emerging security/privacy challengesand issues that either not explained yet or need further ex-ploration from an EC-assisted IoT paradigm perspective. Thissection extensively explains some of these open challenges andprovides deep insights into some promising future researchdirections.
1) Limited Device Capabilities: existing IoT edge devicesrely on compact battery-powered circuits with limited storageand computation capabilities. Therefore, they cannot supportor implement conventional highly-secured, and sophisticatedsecurity techniques and schemes. This leads to the emergenceof several weak links in the EC-assisted IoT networks, thatcan be exploited by intruders. Hence, a promising researchdirection could be to devise novel lightweight security/privacyschemes at different entities within the EC-assisted IoT infras-tructure. For instance, designing lightweight middleware-basedsecurity management frameworks is one of these promisingfields [85]. In addition, the existing trust management algo-rithms are complex and resource-consuming, and the tiny IoT edge devices can not support them. Thus, novel lightweightand compatible trust management algorithms must be devisedfor such IoT devices/nodes. Moreover, conventional crypto-graphic techniques and protocols need high computationalpowers, as they require a large encryption key size. Hence,they cannot be directly implemented in EC-assisted IoT net-work. This also shows the paramount importance to designnew lightweight cryptographic techniques and protocols thatpossess small encryption keys and are deployable within thelimited storage and CPU resources of EC-assisted IoT de-vices/nodes. Such lightweight cryptographic techniques shouldcompromise between ensuring security and privacy on one sideand satisfying the QoS requirements of time-sensitive EC-assisted IoT applications on the other side. Future researchdirections in this field include cryptographic schemes suchas Elliptic Curve, Permutation-Based Lightweight, and Block-Ciphers Lightweight [86]. Furthermore, designing lightweightkey exchange algorithms that ensure secure two-way com-munications in EC-assisted IoT networks is also a promisingresearch direction.
2) Comprehensive Trust Management Frameworks:
EC-assisted IoT networks are heterogeneous, as they are formed ofdifferent types of edge devices and various infrastructures. Inaddition, the ability of some edge nodes and servers to performsome complex processing tasks has encouraged developers tomigrate trust modeling and evaluation from the cloud serversto edge nodes. Hence, multiple trust domains of multiplefunctional entities will coexist in EC-assisted IoT networks,which poses several open research challenges. Here we discusssome of them.The heterogeneity of multiple trust domains at the network’sedge must be carefully considered during the design of cryp-tographic schemes in order to enable efficient and distributeddata encryption systems. Besides, authentication mechanismsneed to specify a unique identity to each edge entity, aswell as to support mutual authentication across all existingedge entities within the EC-assisted IoT network. Hence, andin order to address these issues, it is required to develop adynamic and fine-grained multi-domain access control systemthat is aware of the cross-domain nature of the EC-assistedIoT network as well as inter-group hierarchical access control schemes.It is also essential to develop efficient and dynamic privacy-preserving data update mechanisms from edge users’ identity,interest, and location perspectives. In addition, it is requiredto develop trust establishment and evaluation frameworksfor new edge entities in the EC-assisted IoT system thatenable communication with new edge nodes/devices withoutthe knowledge of third parties. Moreover, it is also imperativeto develop dynamic and scalable trust evaluation mechanismsthat consider several issues, such as updating trust valuesand tracking moving IoT edge devices. Furthermore, context-aware trust relationships based on social computing is alsoanother issue that needs more investigation, exploration, anddevelopment from an EC-assisted IoT perspective.It is also necessary to develop a universal and fine-grainedtrust management mechanism/model suitable for the heteroge-neous EC-assisted IoT networks, as most of the conventionalsophisticated trust management algorithms may not be able tobe implemented directly within the limited-resource tiny IoTedge devices. Such a universal trust mechanism must supportboth scalability and mobility of the EC-assisted IoT ecosystem.Developing efficient and intelligent clustering mechanisms andalgorithms based on trust management for the EC-assisted IoTparadigm is also a new research direction. Such mechanismsmust be able to automatically detect and exclude maliciousedge devices/nodes from the EC-assisted networks and henceensuring system reliability and trust. Also, trust managementmechanisms based on game theory is another new interestingresearch direction for the EC-assisted IoT paradigm [87].
3) Mechanisms Orchestration and Standardization: dueto the massive software/hardware heterogeneity of the EC-assisted IoT ecosystem, it becomes imperative to efficientlyorchestrate a various set of security and privacy schemes. Thisis done by developing flexible and unified security/privacymechanisms, standards, platforms, and policies that supportintegrity, interoperability, heterogeneity, and show immunityagainst security threats. Developers and service providersmust develop such unified security schemes taking into con-sideration the subtle operating specifications and differencesof the underlying EC devices/nodes, as such details greatlyimpact the deployment and implementation of EC-assistedIoT infrastructure. Besides, taking into account that there arevarious third-party partners involved in developing EC-assistedIoT networks, such as network device vendors, applicationdevelopers, and service providers, the problem of devisingunified security and privacy schemes becomes even morechallenging. Such parties should cooperate to develop inter-operable security and privacy mechanisms in order to facilitatethe flow of information with a high level of protection. Hence,security and privacy regulations are crucial in promoting theadaptation of secure EC-assisted IoT ecosystem.
4) Authentication: the explosive increase in the numberand types of heterogeneous EC-assisted IoT nodes and devicesmake it crucial to ensure security and privacy across all edgenodes and interfaces. Towards this, efficient data integrity aswell as flexible and scalable authentication and authorizationmechanisms are necessary in order to meet the requirements ofthe growing and expanding EC-assisted IoT networks. One of the problems that needs more proper addressing is providingsecure privacy-preserving authentication, auditing, and accesscontrol to system resources. Some edge users worry aboutkeeping track of their actions or exposing their location oridentity. Hence, solutions that provide secure access to thesystem and, at the same time, maintain the privacy of edgeusers are still open research problems that need more ex-ploration and investigation from EC-assisted IoT perspective.For example, designing an identity-based mutual anonymousauthentication key agreement protocols for the EC-assistedIoT paradigm would be a promising research direction. Also,utilizing hash chains and authenticated encryption [88] todevelop lightweight authentication protocols that are able toprovide security for EC-assisted IoT is another promising newresearch direction.
5) Software Defined Networking (SDN) and BlockchainTechniques: these technologies are grabbing considerable at-tention recently as they present innovative ideas for securingthe distributed EC-assisted IoT architectures. In addition toits intelligent ability to reconfigure edge devices and routetraffic of EC-assisted IoT networks, SDN also offers efficientand secure solutions for authentication and access controlmechanisms [16], [37], [41], [89]. For example, developinglower computational delay and less communication resourcesSDN-based handover authentication management schemes forEC-assisted IoT is still one of the promising research direc-tions [90], [91]. Also, distributed authentication based on SDNtechnology for EC-assisted IoT is another possible researchdirection.Blockchain technology, on the other hand, can improve thesecurity of the EC-assisted IoT paradigm as it permits onlytrusted IoT devices/nodes to interact with each other. Yet, thereare still several promising open research directions. For exam-ple, developing security frameworks based on permissionedblockchain for the EC-assisted IoT paradigm is still an openresearch direction. In addition, due to the distributed natureof the edge nodes/devices in EC-assisted IoT ecosystem,decentralized security architectures based on hybrid SDN-blockchain is also one of the promising new research di-rections in the literature [91], [92]. In this architecture, theblockchain scheme is implemented to guarantee decentralizedsecurity to avoid a single point failure, whereas the SDNscheme is implemented to provide continuous monitoring ofthe EC-assisted IoT network. Utilizing blockchain to developboth authentication mechanisms and secure layer for edgedevices/nodes in EC-assisted IoT, is also another promisingresearch direction. Moreover, developing blockchain-basedtrusted data management schemes for cooperative authentica-tion, authorization, and privacy-preserving in the EC-assistedIoT networks is also a new research direction [93], [94]. Theintegration of Ethereum blockchain architecture and artificialintelligence (AI) in order to enhance the security of EC-assisted IoT is also another interesting research direction[95]. Also, developing robust and lightweight optimizationalgorithms for the blockchain ecosystem is an open researchchallenge in access control and secure storage for the EC-assisted IoT paradigm.
6) Data Issues: security and privacy in data collection, sharing, storage, and management are also still open researchissues. Major research issues that need more exploration andinvestigation from an EC-assisted IoT perspective includemechanisms such as data confidentiality, integrity, privacy,etc. For example, the authors in [86] argue that Reliability,Availability, Integrity, and Nonrepudiation requirements all arenot well addressed and investigated by any techniques in theliterature from an EC-assisted IoT perspective. Therefore, theyrepresent promising research directions. In addition, flexible,fine-grained, and self-adaptive data analytics schemes arealso required in order to automatically identify the level ofsensitivity of edge user data and provide the suitable securitymechanisms to deal with it [39]. Furthermore, maintainingsecurity and privacy to EC data storage is also one of theproblems that needs to be addressed in the literature. Also,the problem of developing a mechanism to provide edge userswith easy, safe, and secure access to distributed data storageand, at the same time, maintaining edge user privacy is stillan open research direction.Using traditional security methods, that are originally pro-posed for cloud servers, to protect data at the edge de-vices/nodes may not be feasible, given the huge differencebetween cloud servers and edge nodes in terms of computationand storage powers. Moreover, EC networks are distributed,scalable, and heterogeneous. This represents a challenge forsecurity mechanisms that have to maintain efficiency andprivacy for data storage, auditing, backup, and recovery.Since edge devices are typically lightweight with limitedcomputational capabilities and resources, it becomes imper-ative to device new lightweight schemes to perform securedata computation and processing. In particular, developinglightweight mechanisms to guarantee the correctness of dataanalytics while ensuring security is still a promising researchdirection in the EC-assisted IoT paradigm. This is due tothe fact that edge users commonly migrate within the EC-assisted IoT network, and hence several edge servers mightcooperatively serve a single edge user, which may result inmistakes in data analytics provided from/to edge servers. Thus,developing flexible and low-overhead provenance managementtechniques [96] for achieving a traceable and verifiable com-putation is also a promising research direction in the contextof EC-assisted IoT.On the other hand, since smart edge devices in EC-assistedIoT networks generate a massive amount of data at the networkedge, it becomes imperative to incorporate both efficient data-sharing mechanisms and dynamic auto-update functions intothe privacy-preserving schemes of EC-assisted IoT, whichrepresents a possible future research direction. Furthermore,in order to reduce the quantity and availability of edge users’confidential data, it is essential to develop new techniques fordistributing data processing amongst edge devices/nodes andtransmitting only processed data at the different layers of theEC-assisted IoT system. Also, developing real-time systemsfor managing and orchestrating these distributed edge schemesand maintaining the correctness of data analytics becomes acrucial factor in deploying secure EC-assisted IoT infrastruc-ture, which also needs more research and development.
7) Joint Design: it is also imperative to develop efficient security schemes that consider the joint design of mobility,handover, authentication, scalability, security, and/or privacycharacteristics of EC-assisted IoT networks. As in such aparadigm, edge devices are frequently moving within thenetwork’s geographical area, or even rapidly joining and leav-ing the EC network. Hence, devising new real-time securitymechanisms, such as authentication, access control, trust, etc.,that can automatically and intelligently adapt to this rapidmobility and scalability of EC-assisted IoT network structureis also a very interesting future research direction.
8) Machine Learning Techniques: utilizing machine learn-ing models, such as deep learning [97], reinforcement learning[98], [99], and deep reinforcement learning, to detect andpredict malicious applications and adversarial activities at theEC level is also a new interesting research area for EC-assistedIoT systems [100], [101]. In particular, machine learning mod-els can be exploited in developing intelligent security/privacymechanisms and countermeasures. For example, they can beutilized in anomaly detection in order to ensure fine-grainedauthentication in EC-assisted IoT systems [37]. Also, theycan be integrated with other techniques such as blockchainto provide, e.g., trust mechanisms for EC-assisted IoT, whichrepresents a promising research direction.On the other hand, since EC devices are becoming moreheterogeneous in terms of available resources and software,this would make collaborative machine learning techniquesmore susceptible to exposing the training dataset of authorizedparticipants. Hence, achieving secure and privacy-preservingdata analysis in the EC-assisted paradigm based on dis-tributed/federated learning strategies [102] without the leakageof the private training dataset is still an open research direction.
9) Privacy and Extent of Hacked Data Usage: futureIoT devices are engaged in collecting and sharing informa-tion from various edge sensors ranging from environmentalto user-related sensitive and private data (see Fig. (1)). Asmentioned in [1] and the references therein, a plethora ofunexpected privacy-sensitive information can be collected,such as daily routines, the number of residents, personal habits,etc. Attackers can collect this information by hacking homes’smart meters and edge devices. The question remains, whatis the extent of private information that can be collected andextracted based on hacking non-critical data?Preserving edge users’ privacy by developing novel intel-ligent and lightweight data analytics mechanisms, which canautomatically and adaptively identify the degree of sensitivityof edge user data, is a promising future research direction.For example, privacy-preserving for EC-assisted IoT based ontechniques such as Privacy by Design (PbD), Software DefinedPrivacy (SDP), and SDN-based privacy-preserving routing isa possible research direction. Although some of these privacy-preserving concepts have been proposed for the traditionalIoT paradigm, they can be further extended and enhanced tosupport the EC-assisted IoT paradigm, taking into account thenew features of this paradigm that we have discussed in thispaper. VI. C
ONCLUSION
This paper presents a comprehensive survey on security andprivacy issues for the EC-assisted IoT paradigm. To achievethis goal, we first provide an overview of EC-assisted IoTincluding its applications and architecture. Then, we discussthe advantages and limitations of integrating EC and IoTparadigms. After that, we conduct an in-depth analysis ofsecurity and privacy in the context of EC-assisted IoT. Inparticular, we extensively survey the key classifications andtypes of possible IoT network security and privacy attacks andthe corresponding countermeasures at different IoT networklayers along with the related research works. After that, weprovide analysis of security and privacy mechanisms, then weclassify some of the security and privacy issues reported in theexisting research works based on security services and basedon security objectives and functions. Lastly, open security-related research issues and challenges, in the context of EC-assisted IoT, are extensively provided along with possibleresearch directions. R
EFERENCES[1] A. Mosenia and N. K. Jha, “A comprehensive study of security ofinternet-of-things,”
IEEE Transactions on Emerging Topics in Com-puting , vol. 5, no. 4, pp. 586–602, Oct 2017.[2] Y. Yang, L. Wu, G. Yin, L. Li, and H. Zhao, “A survey on security andprivacy issues in internet-of-things,”
IEEE Internet of Things Journal ,vol. 4, no. 5, pp. 1250–1258, Oct 2017.[3] V. Turner, J. F. Gantz, D. Reinsel, and S. Minton, “The digital universeof opportunities: Rich data and the increasing value of the internet ofthings,”
IDC Analyze the Future
IEEE Access , vol. 6, pp. 18 209–18 237, 2018.[6] J. A. Onieva, R. Rios, R. Roman, and J. Lopez, “Edge-assistedvehicular networks security,”
IEEE Internet of Things Journal , vol. 6,no. 5, pp. 8038–8045, Oct 2019.[7] W. Z. Khan, E. Ahmed, S. Hakak, I. Yaqoob, and A. Ahmed, “Edgecomputing: A survey,”
Future Generation Computer Systems , vol. 97,pp. 219–235, 2019.[8] T. Wang, G. Zhang, A. Liu, M. Z. A. Bhuiyan, and Q. Jin, “A secureIoT service architecture with an efficient balance dynamics based oncloud and edge computing,”
IEEE Internet of Things Journal , vol. 6,no. 3, pp. 4831–4843, June 2019.[9] S. Bragadeesh and U. Arumugam, “A conceptual framework for secu-rity and privacy in edge computing,” in
Edge Computing . Springer,2019, pp. 173–186.[10] Y. Lu and L. D. Xu, “Internet of things (IoT) cybersecurity research:A review of current research topics,”
IEEE Internet of Things Journal ,vol. 6, no. 2, pp. 2103–2115, April 2019.[11] J. Lin, W. Yu, N. Zhang, X. Yang, H. Zhang, and W. Zhao, “A surveyon internet of things: Architecture, enabling technologies, security andprivacy, and applications,”
IEEE Internet of Things Journal , vol. 4,no. 5, pp. 1125–1142, Oct 2017.[12] J. E. Siegel, S. Kumar, and S. E. Sarma, “The future internet of things:Secure, efficient, and model-based,”
IEEE Internet of Things Journal ,vol. 5, no. 4, pp. 2386–2398, Aug 2018.[13] D. He, S. Chan, and M. Guizani, “Security in the internet of things sup-ported by mobile edge computing,”
IEEE Communications Magazine ,vol. 56, no. 8, pp. 56–61, August 2018.[14] J. Kang, R. Yu, X. Huang, M. Wu, S. Maharjan, S. Xie, and Y. Zhang,“Blockchain for secure and efficient data sharing in vehicular edgecomputing and networks,”
IEEE Internet of Things Journal , vol. 6,no. 3, pp. 4660–4670, June 2019.[15] F. Lin, Y. Zhou, X. An, I. You, and K. R. Choo, “Fair resource allo-cation in an intrusion-detection system for edge computing: Ensuringthe security of internet of things devices,”
IEEE Consumer ElectronicsMagazine , vol. 7, no. 6, pp. 45–50, Nov 2018. [16] K. Gai, Y. Wu, L. Zhu, L. Xu, and Y. Zhang, “Permissioned blockchainand edge computing empowered privacy-preserving smart grid net-works,”
IEEE Internet of Things Journal , vol. 6, no. 5, pp. 7992–8004,Oct 2019.[17] S. Chen, Y. Jiang, H. Wen, W. Liu, J. Chen, W. Lei, and A. Xu, “Anovel terminal security access method based on edge computing forIoT,” in , Oct 2018, pp. 394–398.[18] M. B. Mollah, M. A. K. Azad, and A. Vasilakos, “Secure data sharingand searching at the edge of cloud-assisted internet of things,”
IEEECloud Computing , vol. 4, no. 1, pp. 34–42, Jan 2017.[19] S. Yi, Z. Qin, and Q. Li, “Security and privacy issues of fog computing:A survey,” in
International conference on wireless algorithms, systems,and applications . Springer, 2015, pp. 685–695.[20] M. A. Jan, W. Zhang, M. Usman, Z. Tan, F. Khan, and E. Luo,“Smartedge: An end-to-end encryption framework for an edge-enabledsmart city application,”
Journal of Network and Computer Applications ,vol. 137, pp. 1–10, 2019.[21] M. H. Ibrahim, “Octopus: An edge-fog mutual authentication scheme.”
IJ Network Security , vol. 18, no. 6, pp. 1089–1101, 2016.[22] R. Roman, R. Rios, J. A. Onieva, and J. Lopez, “Immune system forthe internet of things using edge technologies,”
IEEE Internet of ThingsJournal , vol. 6, no. 3, pp. 4774–4781, June 2019.[23] K. Sha, R. Errabelly, W. Wei, T. A. Yang, and Z. Wang, “Edgesec:Design of an edge layer security service to enhance IoT security,” in , May 2017, pp. 81–88.[24] M. W. Condry and C. B. Nelson, “Using smart edge IoT devices forsafer, rapid response with industry IoT control operations,”
Proceedingsof the IEEE , vol. 104, no. 5, pp. 938–946, May 2016.[25] R. Hsu, J. Lee, T. Q. S. Quek, and J. Chen, “Reconfigurable security:Edge-computing-based framework for IoT,”
IEEE Network , vol. 32,no. 5, pp. 92–99, Sep. 2018.[26] H. Cui, X. Yi, and S. Nepal, “Achieving scalable access control overencrypted data for edge computing networks,”
IEEE Access , vol. 6, pp.30 049–30 059, 2018.[27] R. Xu, Y. Chen, E. Blasch, and G. Chen, “Blendcac: A blockchain-enabled decentralized capability-based access control for IoTs,” in , July 2018, pp. 1027–1034.[28] E. Esiner and A. Datta, “Layered security for storage at the edge: Ondecentralized multi-factor access control,” in
Proceedings of the 17thInternational Conference on Distributed Computing and Networking .ACM, 2016, p. 9.[29] X. Huang, R. Yu, J. Kang, and Y. Zhang, “Distributed reputationmanagement for secure and efficient vehicular edge computing andnetworks,”
IEEE Access , vol. 5, pp. 25 408–25 420, 2017.[30] J. Yuan and X. Li, “A reliable and lightweight trust computing mecha-nism for IoT edge devices based on multi-source feedback informationfusion,”
IEEE Access , vol. 6, pp. 23 626–23 638, 2018.[31] M. Du, K. Wang, Y. Chen, X. Wang, and Y. Sun, “Big data privacypreserving in multi-access edge computing for heterogeneous internetof things,”
IEEE Communications Magazine , vol. 56, no. 8, pp. 62–67,August 2018.[32] W. Wei, F. Xu, and Q. Li, “Mobishare: Flexible privacy-preservinglocation sharing in mobile online social networks,” in , March 2012, pp. 2616–2620.[33] K. Liang, M. H. Au, J. K. Liu, W. Susilo, D. S. Wong, G. Yang,Y. Yu, and A. Yang, “A secure and efficient ciphertext-policy attribute-based proxy re-encryption for cloud data sharing,”
Future GenerationComputer Systems , vol. 52, pp. 95–108, 2015.[34] B. Ghanem, J. Schneider, M. Shalaby, and U. Elnily, “System andmethod for crowd counting and tracking,” Jun. 7 2016, uS Patent9,361,524.[35] W. Yu, F. Liang, X. He, W. G. Hatcher, C. Lu, J. Lin, and X. Yang, “Asurvey on the edge computing for the internet of things,”
IEEE Access ,vol. 6, pp. 6900–6919, 2018.[36] J. Ni, X. Lin, and X. S. Shen, “Toward edge-assisted internet of things:From security and efficiency perspectives,”
IEEE Network , vol. 33,no. 2, pp. 50–57, March 2019.[37] P. Porambage, J. Okwuibe, M. Liyanage, M. Ylianttila, and T. Taleb,“Survey on multi-access edge computing for internet of things real-ization,”
IEEE Communications Surveys Tutorials , vol. 20, no. 4, pp.2961–2991, Fourthquarter 2018. [38] J. Pan and J. McElhannon, “Future edge cloud and edge computingfor internet of things applications,” IEEE Internet of Things Journal ,vol. 5, no. 1, pp. 439–449, Feb 2018.[39] D. Liu, Z. Yan, W. Ding, and M. Atiquzzaman, “A survey on securedata analytics in edge computing,”
IEEE Internet of Things Journal ,vol. 6, no. 3, pp. 4946–4967, June 2019.[40] R. Roman, J. Lopez, and M. Mambo, “Mobile edge computing, fog etal.: A survey and analysis of security threats and challenges,”
FutureGeneration Computer Systems , vol. 78, pp. 680–698, 2018.[41] B. Omoniwa, R. Hussain, M. A. Javed, S. H. Bouk, and S. A. Malik,“Fog/edge computing-based IoT (FECIoT): Architecture, applications,and research issues,”
IEEE Internet of Things Journal , 2018.[42] M. Mukherjee, R. Matam, L. Shu, L. Maglaras, M. A. Ferrag,N. Choudhury, and V. Kumar, “Security and privacy in fog computing:Challenges,”
IEEE Access , vol. 5, pp. 19 293–19 304, 2017.[43] M. Satyanarayanan, “The emergence of edge computing,”
Computer ,vol. 50, no. 1, pp. 30–39, 2017.[44] W. Shi, J. Cao, Q. Zhang, Y. Li, and L. Xu, “Edge computing: Visionand challenges,”
IEEE Internet of Things Journal , vol. 3, no. 5, pp.637–646, 2016.[45] C. Avasalcai, I. Murturi, and S. Dustdar,
Edge and Fog: A Survey, UseCases, and Future Challenges . John Wiley & Sons, Ltd, 2020, ch. 2,pp. 43–65.[46] A. Aljumah and T. A. Ahanger, “Fog computing and security issues:A review,” in , 2018, pp. 237–239.[47] M. A. Hoque and R. Hasan, “Towards an analysis of the architecture,security, and privacy issues in vehicular fog computing,” in , 2019, pp. 1–8.[48] J. Ni, K. Zhang, X. Lin, and X. Shen, “Securing fog computingfor internet of things applications: Challenges and solutions,”
IEEECommunications Surveys Tutorials , vol. 20, no. 1, pp. 601–628, 2018.[49] A. Rauf, R. A. Shaikh, and A. Shah, “Security and privacy for iotand fog computing paradigm,” in , 2018, pp. 96–101.[50] Y. Guan, J. Shao, G. Wei, and M. Xie, “Data security and privacy infog computing,”
IEEE Network , vol. 32, no. 5, pp. 106–111, 2018.[51] P. Gope, J. Lee, R. Hsu, and T. Q. S. Quek, “Anonymous communica-tions for secure device-to-device-aided fog computing: Architecture,challenges, and solutions,”
IEEE Consumer Electronics Magazine ,vol. 8, no. 3, pp. 10–16, 2019.[52] M. Aazam, S. Zeadally, and K. A. Harras, “Fog computing architecture,evaluation, and future research directions,”
IEEE CommunicationsMagazine , vol. 56, no. 5, pp. 46–52, 2018.[53] P. Hu, H. Ning, T. Qiu, H. Song, Y. Wang, and X. Yao, “Securityand privacy preservation scheme of face identification and resolutionframework using fog computing in internet of things,”
IEEE Internetof Things Journal , vol. 4, no. 5, pp. 1143–1155, 2017.[54] A. Mukherjee, D. De, and D. G. Roy, “A power and latency awarecloudlet selection strategy for multi-cloudlet environment,”
IEEETransactions on Cloud Computing , vol. 7, no. 1, pp. 141–154, 2019.[55] Y. Li, N. T. Anh, A. S. Nooh, K. Ra, and M. Jo, “Dynamic mobilecloudlet clustering for fog computing,” in , 2018,pp. 1–4.[56] D. Bhatta and L. Mashayekhy, “Generalized cost-aware cloudletplacement for vehicular edge computing systems,” in , 2019, pp. 159–166.[57] Q. Fan and N. Ansari, “Workload allocation in hierarchical cloudletnetworks,”
IEEE Communications Letters , vol. 22, no. 4, pp. 820–823,2018.[58] R. Alakbarov, “Study of architectural- technological principles ofcloudlet based mobile cloud computing,” in , 2019, pp. 1–5.[59] E. Oikonomou and A. Rouskas, “Optimized cloudlet managementin edge computing environment,” in , 2018, pp. 1–6.[60] Q. Wang, Y. Mao, Y. Wang, and L. Wang, “Computation tasks offload-ing scheme based on multi-cloudlet collaboration for edge computing,”in , 2019, pp. 339–344.[61] J. Zhang, H. Guo, J. Liu, and Y. Zhang, “Task offloading in vehicularedge computing networks: A load-balancing solution,”
IEEE Transac-tions on Vehicular Technology , vol. 69, no. 2, pp. 2092–2104, 2020. [62] Y. Kim, N. An, J. Park, and H. Lim, “Mobility support for vehicularcloud radio-access-networks with edge computing,” in , 2018, pp.1–4.[63] H. Liu, P. Zhang, G. Pu, T. Yang, S. Maharjan, and Y. Zhang,“Blockchain empowered cooperative authentication with data trace-ability in vehicular edge computing,”
IEEE Transactions on VehicularTechnology , vol. 69, no. 4, pp. 4221–4232, 2020.[64] R. Xie, Q. Tang, Q. Wang, X. Liu, F. R. Yu, and T. Huang, “Collab-orative vehicular edge computing networks: Architecture design andresearch challenges,”
IEEE Access , vol. 7, pp. 178 942–178 952, 2019.[65] X. Li, Y. Dang, M. Aazam, X. Peng, T. Chen, and C. Chen, “Energy-efficient computation offloading in vehicular edge cloud computing,”
IEEE Access , vol. 8, pp. 37 632–37 644, 2020.[66] M. Laroui, B. Nour, H. Moungla, H. Afifi, and M. A. Cherif, “Mobilevehicular edge computing architecture using rideshare taxis as a mobileedge server,” in , 2020, pp. 1–2.[67] A. Takeda, T. Kimura, and K. Hirata, “Evaluation of edge cloudserver placement for edge computing environments,” in , 2019, pp. 1–2.[68] L. Huazhang, Z. Zhonghao, and G. Shuai, “5G edge cloud networkingand case analysis,” in , 2019, pp. 617–621.[69] Y. Li and L. Xu, “The service computational resource managementstrategy based on edge-cloud collaboration,” in , 2019, pp. 400–404.[70] T. Oo and Y. Ko, “Application-aware task scheduling in heterogeneousedge cloud,” in , 2019, pp. 1316–1320.[71] J. Zeng, J. Sun, B. Wu, and X. Su, “Mobile edge communications,computing, and caching (mec3) technology in the maritime communi-cation network,”
China Communications , vol. 17, no. 5, pp. 223–234,2020.[72] S. S. D. Ali, H. Ping Zhao, and H. Kim, “Mobile edge computing: Apromising paradigm for future communication systems,” in
TENCON2018 - 2018 IEEE Region 10 Conference , 2018, pp. 1183–1187.[73] N. Abbas, Y. Zhang, A. Taherkordi, and T. Skeie, “Mobile edgecomputing: A survey,”
IEEE Internet of Things Journal , vol. 5, no. 1,pp. 450–465, 2018.[74] Z. Li, X. Zhou, and Y. Qin, “A survey of mobile edge computingin the industrial internet,” in , 2019, pp. 94–98.[75] J. A. Habibi, F. Djohar, and R. Hakimi, “Analyzing sdn-based vehicularnetwork framework in 5g services: Fog and mobile edge computing,” in ,2018, pp. 1–7.[76] S. Gupta and J. Chakareski, “Lifetime maximization in mobile edgecomputing networks,”
IEEE Transactions on Vehicular Technology ,vol. 69, no. 3, pp. 3310–3321, 2020.[77] A. Sharma, “Mission swachhta : Mobile application based on mobilecloud computing,” in , 2020, pp. 133–138.[78] C. Arun and K. Prabu, “Offloading with qos in the mobile cloudcomputing environment,” in , 2018, pp. 313–317.[79] I. Sahu and U. S. Pandey, “Mobile cloud computing: Issues and chal-lenges,” in , 2018, pp. 247–250.[80] D. Yao, C. Yu, L. T. Yang, and H. Jin, “Using crowdsourcing toprovide qos for mobile cloud computing,”
IEEE Transactions on CloudComputing , vol. 7, no. 2, pp. 344–356, 2019.[81] M. Caprolu, R. Di Pietro, F. Lombardi, and S. Raponi, “Edge comput-ing perspectives: architectures, technologies, and open security issues,”in .IEEE, 2019, pp. 116–123.[82] T. Qiu, J. Chi, X. Zhou, Z. Ning, M. Atiquzzaman, and D. O. Wu,“Edge computing in industrial internet of things: Architecture, advancesand challenges,”
IEEE Communications Surveys Tutorials , pp. 1–1,2020.[83] J. King and A. I. Awad, “A distributed security mechanism for resource-constrained IoT devices,”
Informatica , vol. 40, no. 1, 2016. [84] T. Wang, G. Zhang, A. Liu, M. Z. A. Bhuiyan, and Q. Jin, “A secureiot service architecture with an efficient balance dynamics based oncloud and edge computing,” IEEE Internet of Things Journal , vol. 6,no. 3, pp. 4831–4843, June 2019.[85] R. Buyya and S. N. Srirama,
Middleware for Fog and Edge Computing:Design Issues , 2019, pp. 123–144.[86] M. Yahuza, M. Y. I. B. Idris, A. W. B. A. Wahab, A. T. Ho, S. Khan,S. N. B. Musa, and A. Z. B. Taha, “Systematic review on security andprivacy requirements in edge computing: State of the art and futureresearch opportunities,”
IEEE Access , vol. 8, pp. 76 541–76 567, 2020.[87] B. Wang, M. Li, X. Jin, and C. Guo, “A reliable iot edge computingtrust management mechanism for smart cities,”
IEEE Access , vol. 8,pp. 46 373–46 399, 2020.[88] M. Nakkar, R. Al Tawy, and A. Youssef, “Lightweight broadcastauthentication protocol for edge-based applications,”
IEEE Internet ofThings Journal , 2020.[89] I. Farris, T. Taleb, Y. Khettab, and J. Song, “A survey on emerging sdnand nfv security mechanisms for iot systems,”
IEEE CommunicationsSurveys & Tutorials , vol. 21, no. 1, pp. 812–837, 2018.[90] C. Wang, Y. Zhang, X. Chen, K. Liang, and Z. Wang, “Sdn-basedhandover authentication scheme for mobile edge computing in cyber-physical systems,”
IEEE Internet of Things Journal , vol. 6, no. 5, pp.8692–8701, 2019.[91] W. Rafique, L. Qi, I. Yaqoob, M. Imran, R. ur Rasool, and W. Dou,“Complementing iot services through software defined networking andedge computing: A comprehensive survey,”
IEEE CommunicationsSurveys & Tutorials , 2020.[92] S. Rathore, B. W. Kwon, and J. H. Park, “Blockseciotnet: Blockchain-based decentralized security architecture for iot network,”
Journal ofNetwork and Computer Applications , vol. 143, pp. 167–177, 2019.[93] M. Zhaofeng, W. Xiaochang, D. K. Jain, H. Khan, G. Hongmin, andW. Zhen, “A blockchain-based trusted data management scheme inedge computing,”
IEEE Transactions on Industrial Informatics , vol. 16,no. 3, pp. 2013–2021, 2020.[94] J. Wang, L. Wu, K. R. Choo, and D. He, “Blockchain-based anonymousauthentication with key management for smart grid edge computinginfrastructure,”
IEEE Transactions on Industrial Informatics , vol. 16,no. 3, pp. 1984–1992, 2020.[95] A. Nawaz, T. N. Gia, J. P. Queralta, and T. Westerlund, “Edge ai andblockchain for privacy-critical and data-sensitive applications,” in . IEEE, 2019, pp. 1–2.[96] D. Liu, Z. Yan, W. Ding, and M. Atiquzzaman, “A survey on securedata analytics in edge computing,”
IEEE Internet of Things Journal ,vol. 6, no. 3, pp. 4946–4967, June 2019.[97] P. Subramaniam and M. J. Kaur, “Review of security in mobile edgecomputing with deep learning,” in , 2019, pp.1–5.[98] H. Zhang, J. Hao, and X. Li, “A method for deploying distributed denialof service attack defense strategies on edge servers using reinforcementlearning,”
IEEE Access , vol. 8, pp. 78 482–78 491, 2020.[99] L. Xiao, Y. Ding, D. Jiang, J. Huang, D. Wang, J. Li, and H. V. Poor,“A reinforcement learning and blockchain-based trust mechanism foredge networks,”
IEEE Transactions on Communications , pp. 1–1, 2020.[100] R. and S. N. Srirama,
Using Machine Learning for Protecting theSecurity and Privacy of Internet of Things (IoT) Systems , 2019, pp.223–257.[101] R. Liao, H. Wen, J. Wu, F. Pan, A. Xu, H. Song, F. Xie, Y. Jiang, andM. Cao, “Security enhancement for mobile edge computing throughphysical layer authentication,”
IEEE Access , vol. 7, pp. 116 390–116 401, 2019.[102] X. Wang, C. Wang, X. Li, V. C. M. Leung, and T. Taleb, “Federateddeep reinforcement learning for internet of things with decentralizedcooperative edge caching,”