Research On Collaborative Computing Architecture And Security Support Methods For Internet Of Things Data Based On Virtual Edge Nodes

The cloud-based Internet of Things(Io T)has been booming in recent years.The number of applications,the data of one Io T device,and the total Io T data volume are exploding.Such data from massive devices causes a considerable burden to the cloud center.By the cloud-edgeend collaboration in edge computing based Io T,the data processing is pushed and completed at the network edge,closer to the data generators,which reduces the burden of data communication and computing in the cloud,and brings the services with higher quality.However,edge computing also causes many security issues to Io T.Edge nodes and Io T devices are highly heterogeneous.They cannot get the same security protection level as cloud centers.Thus,they are vulnerable to attacks,resulting in the un-guaranteed security of application data.How to guarantee the security of Io T application data in edge collaboration is a problem that must be solved in the development of edge computing based Io T.To this end,this dissertation proposes a Virtual Edge nodes based data Collaborative Architecture(VECA).VECA establishes unified abstraction rules on virtual edge nodes for Io T nodes in the data access management layer,data security transmission layer,and data collaborative computing layer.Then,VECA introduces an Io T application data security architecture across three dimensions of data access,data transmission,and data computing.It provides a unified architectural basis for solving the security problems in data interaction and computing of heterogeneous Io T nodes.Based on the proposed architecture,this dissertation proposes solutions in three aspects,in terms of the security management of data access,the security and efficiency of data transmission,and the security collaboration of data computing:(1)To provide a consistent security management scheme for data access between heterogeneous Io T nodes,a Virtual Edge based Data Access Management framework(VEDAM)is proposed,which utilizes edge nodes to manage data access on Io T nodes.A novel three-layer abstraction on access querying,access authenticating,and access control models is proposed in VEDAM,and the management rule layer is outside of the access querying window layer and access authenticating layer on virtual edge nodes.Thus,the problems of supporting different access modes,different access control models,and the dynamic adjustment of access control models and policies are solved.In addition,based on VEDAM,the security management of data access with multiple access modes,multiple access control models,and dynamic access control requirement support can be realized in different Io T scenarios via the interfaces.(2)To address the trade-off problem of efficiency and security caused by semi-trusted nodes and different data transmission modes,a Virtual Edge based Secure End-to-end data Transmission scheme(VESET)is proposed.For the data conforming to VEDAM management rules,the VESET scheme is firstly compatible with various data transmission modes,such as unicast and multicast,based on broadcast encryption technology.Secondly,a secure data forwarding method based on proxy re-encryption technology is designed in VESET so that semi-trusted nodes with curiosity cannot obtain the content of encrypted data when forwarding messages.Thus,data security is ensured during transmission.Finally,VESET supports multiple re-encrypting and bidirectional conversion on ciphertexts,which improves the pervasiveness of VESET and the efficiency of key management in complex edge collaboration scenarios.(3)To provide a pervasive solution for reliable and trustworthy collaborative computing in Io T across multiple security domains,a Virtual Edge based Dynamic Collaborative Computing security support method(VEDCC)is proposed.Supported by trusted execution environment technology,VEDCC introduces a secure collaborative computing method based on function-as-a-service architecture,which utilizes virtual edge nodes to manage data processing services and provides function-based communication,thus realizing dynamic and multi-dimensional collaboration in Io T.Hence,the problem of collaboration and trustworthiness among Io T nodes is solved in Io T data processing.In addition,VEDAM and VESET provide solutions to deal with the security issues of data access and data transmission for VEDCC.Thus,data multi-dimensional security protection in the VECA architecture based Io T is realized.