Key Cryptographic Security Technologies Towards Mobile Edge Computing

With the explosive growth of Io T devices,the traditional cloud computing model cannot meet the current real-time service requirements due to the latency caused by massive data transmission.The mobile edge computing network is intended to share the computation and communication pressures of cloud servers by deploying edge servers close to the end-user,thus improving service reliability.The network is divided into sensing layer,edge computing layer and cloud computing layer,which is called ”endedge-cloud” three-layer architecture.Due to the growing number of mobile devices and edge computing servers,there will be new security threats for mobile edge computing.Endpoints usually don’t have basic security toolkits in the complex edge network environment because they lack sufficient resources.At the same time,devices need to connect to the edge computing network and send data to the edge servers so that computing can be done elsewhere.With this come problems like making sure that the data and results that are outsourced are correct and that the data is accurate.This thesis focuses on the security of mobile edge computing,starting with the three-layer architecture of ”end-edge-cloud” and focusing on terminal authentication within embedded devices,authentication and key agreement between mobile devices and edge computing servers,data security outsourcing and aggregation,etc.There are three parts towards the studies: authentication,key agreement,and aggregation verification.And a layered protection system based on ”end-edge-cloud” for mobile edge computing is built in this thesis.The work of this thesis is composed of the following three parts.(1)"End" protection: Lightweight authenticated key exchange protocol based on universal hashing.In view of the high security vulnerability and limited resources of terminal devices,this thesis designs a lightweight authentication key exchange protocol based on universal hashing called LIGHT.LIGHT is suitable for embedded terminal equipment,and can run in embedded integrated electronic system composed of “command/response” half-duplex type bus.The protocol implements authentication by using symmetric keys and ”challenge/response” scheme.In the “command/response” communication mode,LIGHT can meet the device’s constraints on computational costs and the interactions.The security analysis shows that for a given collision-resistant universal hash function,the LIGHT protocol is provably secure.In addition,an information-theoretic security analysis of the protocol yields a probability upper bound for a collision-resistant adversary to break the LIGHT protocol.Besides,the informal security analysis indicates that LIGHT is capable of resisting common attacks.Finally,this thesis gives a strategy for selecting security parameters for LIGHT by combining the results of the information-theoretic security analysis and the efficiency evaluation.(2)"Egde" protection: A certificateless authentication and key agreement protocol based on non-interactive zero-knowledge proofs.In view of the high communication complexity of authentication and key agreement protocol in edge access network,this thesis designs a certificateless authentication and key agreement protocol based on non-interactive zero-knowledge proofs called Edge Auth.Edge Auth uses a non-interactive zero-knowledge proof system to reduce authentication communication interactions.At the same time,the certificateless cryptosystem introduced in the protocol avoids the overhead required for certificate management and key escrow.In addition,to protect the secure data transfer between end devices and edge servers,Edge Auth provides a non-interactive secure data transfer module.Security analysis proves that Edge Auth is unforgeable and indistinguishable under the random oracle model.Performance analysis shows that Edge Auth outperforms the state-of-the-art schemes when the communication delay exceeds 4.72 ms.(3)"Cloud" protection: A non-interactive verifiable federated training protocol based on aggregated commitment proof system.In view of the problem of secure data outsourcing and aggregation in the federated training process in the edge computing environment,this thesis designs a non-interactive verifiable federated training protocol based on an aggregated commitment proof system called Veri NIFL.First,Veri NIFL offers a data outsourcing encryption protocol based on improved Paillier schmem that reduces the computational complexity of end-user outsourced data to linear complexity.Second,Veri NIFL offers a non-interactive data aggregation verification protocol.This thhesis gives aggregated commitment proof system its security model.The aggregated commitment proof system is the first paradigm for verification of data aggregation in non-interactive federation learning.Unlike existing verifiable federated learning mechanisms,Veri NIFL does not include secret sharing and key exchange techniques that necessitate a substantial communication overhead.It also ensures the secure data aggregation verification during federated training without requiring the commitments revealing.The experimental results indicate that Veri NIFL can reduce training costs without sacrificing training accuracy.