Research On Enhancing Security In Mobile Edge Computing Systems

Mobile Edge Computing(MEC),as the core architecture utilized by 5th-Generation Communication,significantly benefits ever-growing businesses and the transferring/processing of the huge amount of exponentially growing data.MEC is conceptually composed of two main parts,namely,the edge network and edge end-host devices.It offloads critical computation tasks to the edge and preferentially utilizes "local" computation resources,which reduces the perfor-mance overhead resulting from long-distance data transmission.Security protection is vital to ensure correctness,stability,and efficiency of MEC,which includes ?)improving the resiliency to potential vulnerabilities in software/hardware;?)identifying and removing threats;and iii)fine-grained data protection on task-offloaded mobile devices.This thesis studies enhancing security for MEC.Firstly,the edge network structure is studied to enhance the resiliency to potential threats.Secondly,the research dives deeper and jointly considers the edge network architecture and end-host devices for identifying and mitigating attacks.Lastly,end-host devices are focused to protect sensitive data in the MEC context.Three main contributions are made as follows.1.Pro-actively enhancing security in mobile edge network.This research focuses on enhancing MEC security from the network architectural perspec-tive.Practical Software-Defined Network(SDN)based large mobile edge net-works are partitioned into multiple domains,and each domain has a dedicated controller.However,controllers may contain Oday vulnerabilities,and using only a single type of controllers is not secure once the attacker can exploit the vulnerability on this type of controllers.The research introduces the Secure and Cost-effective Controller Deployment(SCCD)problem,which utilizes dif-ferent types of commercial SDN controllers to deploy at different domains to improve the network security.It models the SCCD problem,proves the Non-Polynomial(NP)time complexity,and thus proposes the Baguette algorithm.Simulation results show that Baguette achieves 12.6x security enhancement compared with the single controller deployment and reduces the cost to 11.1%of the deployment only considering security with no more than four types.2.Actively enhancing security in end-host-aware mobile edge network.This research moves the focus to the edge and studies deploying security net-work functions in the programmable and cost-effective hybrid SDN that can "at-tract" traffic to the SDN devices for active analysis and malicious traffic filter-ing.It presents End-host-importance-aware Secure and Yet Cost-effective Hy-brid SDN DeplOymeNt problem and models the problem as an integer program-ming problem.After proving the NP time complexity,an efficient algorithm called BonSec is introduced.Results of simulation on real world topologies and traffic traces show that BonSec significantly reduces computation times and achieves comparable performances to the optimal solution.3.Protecting sensitive data on mobile end-hosts.This research further moves the focus to the edge.On tasks offloaded mobile devices,fine-grained data protection can be achieved by hidden volume-based Plausibly Deniable Encryption(PDE).The research proposes a new hidden volume-based PDE system MobiGyges,which overcomes the data loss and storage waste prob-lems,and adopts the multi-level deniability to enhance data protection on mo-bile devices in MEC systems.It also identifies two novel PDE oriented attacks.MobiGyges leverages the proposed Shrunk U-disk method and multi-level de-niability to defend against these attacks.Design and implementation details of the MobiGyges prototype system on LineageOS 13 and Google Nexus 6P are presented in this thesis.Experimental results show that MobiGyges mitigates data losses and achieves 30%disk utilization improvements.