key: cord-0288809-oyiq6jmh authors: Song, Jinyue; Gu, Tianbo; Mohapatra, Prasant title: How BlockChain Can Help Enhance The Security And Privacy in Edge Computing? date: 2021-10-31 journal: nan DOI: 10.1145/3453142.3493513 sha: 26121b93b4e40c226329280d012ea07a14d85851 doc_id: 288809 cord_uid: oyiq6jmh In order to solve security and privacy issues of centralized cloud services, the edge computing network is introduced, where computing and storage resources are distributed to the edge of the network. However, native edge computing is subject to the limited performance of edge devices, which causes challenges in data authorization, data encryption, user privacy, and other fields. Blockchain is currently the hottest technology for distributed networks. It solves the consistent issue of distributed data and is used in many areas, such as cryptocurrency, smart grid, and the Internet of Things. Our work discussed the security and privacy challenges of edge computing networks. From the perspectives of data authorization, encryption, and user privacy, we analyze the solutions brought by blockchain technology to edge computing networks. In this work, we deeply present the benefits from the integration of the edge computing network and blockchain technology, which effectively controls the data authorization and data encryption of the edge network and enhances the architecture's scalability under the premise of ensuring security and privacy. Finally, we investigate challenges on storage, workload, and latency for future research in this field. With the development and popularization of cloud services and smart devices, edge computing [21] has penetrated all levels and aspects of our lives, improving our lives and work efficiency. Combined with blockchain technology, the security and privacy of edge computing raise our attention to new research directions. There are various smart devices in the living and industrial environments connecting to servers without manual intervention, such as medical facilities, smart grid, smart home systems, vehicles and road side unit networks etc. Cloud computing's efficiency cannot support the massive amounts of data [2] generated by these Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from permissions@acm.org. devices and cannot meet the rapid response requirements in certain scenarios. Therefore, edge computing with low latency and heterogeneous is the trend of remote data services development. With service providers' deployment close to the end devices, the request latency may be lower, and the throughput may be higher. Also, using an edge computing network can avoid the potential security and privacy risk in a centralized system. For example, the data processing could happen in the local server instead of the centralized one, lowering the security risk of data leaking. However, edge computing is not a perfect design, and it has disadvantages in security and privacy aspects. Due to its heterogeneous and distributed structure, it is challenging to manage various devices and servers in the network. Also, these servers have limited hardware resources which is hard to handle heavy computational tasks. It is essential to integrate blockchain technology into edge computing. Blockchain [8] is a distributed database design supported by consensus protocols and within this environment, smart contract is a distributed program deployed on each server. Such a design can improve the security and privacy of the system under the premise of ensuring the high efficiency and availability of computing service. Combined with blockchain technology, edge computing has a good research vision, but there are still many challenges to be solved in this field. Due to edge devices' limited computing and storage resources, ensuring the integrity and validity of blockchain data is a considerable challenge. In addition, due to the heterogeneous organizational form of edge computing, potential security issues may arise, such as the authentication of the local network and the encryption requirements of local user data. These challenges are worthy of our in-depth discussion and research. Edge computing refers to computing services provided for enduser devices at the edge of the network, which is the middle layer between cloud services and local devices. It provides fast-response services such as computing, storage, communication, and control in a location close to the data source of the end-user devices. We combine multiple study cases with various fields to present the benefits of edge networks. Processing. Compared with traditional centralized cloud services, edge computing has the advantages of fast response and low latency, especially for real-time data processing, which requires very high bandwidth. Real-time data processing services based on the traditional centralized cloud are often saturated with uplink capacity. They cannot satisfy the transmission of large chunks of data, such as high-definition video, which affects the performance of the analysis service. Wang [26] proposed a bandwidth-efficient real-time video analysis mechanism for drones, which filters frames, adjusts learning models, and reduces bandwidth usage. Zhou [34] provided a locally virtualized CPU/GPU cluster for high-quality graphics in a real-time online game, which has 14 to 38% better performance in the evaluation. 2.1.2 Internet of Things. Combined with edge computing, IoT frameworks can meet the needs of fast deployment and high-speed response and solve the problems of limited storage space and insufficient computing power of IoT devices. Compared with centralized cloud services, edge computing can efficiently process data generated by IoT devices promptly while avoiding the large amount of data transmission required by cloud services. Chen [5] proposed an industrial-level IoT manufacturing architecture based on edge computing. This architecture uses the timesensitive network (TSN) protocol to manage time-sensitive task data at the network level. Also, sensing devices are close to the factory infrastructure, and the computing and storage nodes in the edge network are used to dynamically adjust the execution strategy of the factory facilities according to the sensor status. When the vehicular network uses cloud services to perform computing tasks between vehicles, there will be problems with network latency and high transmission overhead. Especially when vehicular network data has an explosive growth, cloud services cannot achieve real-time data analysis and feedback, which brings potential safety problems to vehicles in motion. Edge computing provides an alternative solution to deploy computing and storage services near the vehicles [32] , reducing latency and saving energy consumption. Management. Scalability is one of the advantages of edge computing networks. Traditional cloud computing has a centralized management node responsible for the data and task scheduling of all devices in the network. When the size of the cloud network scales up, this centralized management node will become the bottleneck of system performance. The cloudlets [1] design of edge computing leaves local data for local processing, which cuts down the cloud's bandwidth usage by three to six orders of magnitude while also providing low-latency and high-bandwidth services. This design can introduce more edge nodes while the marginal cost increase is minor, ensuring the system's scalability. Within one cloudlet, the performance of devices varies greatly, and each cloudlet has different operating status and conditions. A virtualized environment [3] , such as a container, can be used for these various cloudlets and manage in a unified manner. The optimized algorithm [13] enables the edge network to expand its structure while ensuring stable device management. 2.2.1 Benefits: User privacy and data security are very worthy of attention. Centralized cloud services have brought growing concerns about this field. When raw data is sent to the cloud, it is out of the control of users and organizations. For example, the security camera contains the user's facial information, the online shopping record reflects the user's financial status, and the factory's electricity consumption represents its production status. The centralized server cannot guarantee the whole data security when it is attacked by hackers or misused by third parties. Edge computing provides an alternative to protecting data [31] . The data from the edge device can be encrypted first, where the representative encryption algorithms include: AES [18] , RSA [17] , and other encryption approaches [4] . For distributed edge networks, identity authentication [15] is another method to protect data, regulating access rights and avoiding illegal access to sensitive data. But relying only on the framework of edge computing, many security and privacy challenges still need to be studied and resolved in depth. First, many IoT devices and sensors in the edge network may have low accuracy, so abnormal and malicious data collected is a significant challenge. Then, because of the heterogeneous design of the edge network, the computing nodes and devices are very diversified, resulting in a coarse degree of data access management, and malicious access may penetrate the core of the edge device. Unverified computing nodes joining the network may hack user data and disrupt the operation of the edge network. In addition, due to the performance limitations of edge nodes, these devices cannot resist network attacks, such as man-inthe-middle attacks and denial of service attacks, which leads to the paralysis of the edge network and loss of stability. Attacks and issues that threaten privacy and security often occur in three aspects of edge networks: aiming specific data nodes, aiming data transmission, and model synchronization among nodes and edge clouds. For these three aspects, we will analyze the solutions with representative cases in section 4. Blockchain technology builds a credible interaction method between untrusted computing nodes, which fits in the distributed structure of edge computing. It removes the dependence on centralized management nodes and supports data privacy and security through encryption and consistency mechanisms such as Proof-of-Work. The framework of an edge network generally has three layers: the bottom layer is composed of small sensors and devices, the middle layer contains servers with limited data processing and storage capabilities close to the data source, also known as cloudlets, and the upper layer is composed of large data centers. Due to the high computing cost of the blockchain consensus algorithms and the limited performance of the small underlying devices, the blockchain is generally deployed among multiple cloudlets in the middle layer to form a consensus and ensure data security. About the security and privacy issues mentioned in section 2.2, we show how blockchain technology can resolve these threats in edge computing networks. When a single edge device or computing node is hacked to broadcast malicious data, these polluted data will not be transmitted through the network since most nodes and devices use the blockchain's distributed ledger to verify and identify the malicious data. Similarly, the read-write permissions can be recorded on the blockchain blocks without a centralized management to verify access permissions, so users and local nodes can have the same knowledge of the global data access from each server. The program operation deployed among nodes can be automatically executed through the decentralized smart contracts, without a central node to trigger. in Security and Privayc Perspective. In this section, we summarize some areas where blockchain technology is utilized and combine study cases to analyze the improvements that blockchain technology brings to edge computing. Due to the lack of trust between IoT devices and computing nodes, building a trusted relationship within this network is challenging. The distributed ledger of the blockchain is a feasible solution. For example, the device's identifier and mac address will reveal its model number and location [9] . This sensitive information can be encrypted and recorded in the immutable block; it protects the device's privacy, and at the same time, it allows other peers to verify the device's identity through the encrypted data extracted from the block, which maintains a trusted communication relationship in an untrusted network. On the other hand, a decentralized and automatically executed smart contract can process the IoT's program operations without support from a centralized control node [24] . Then, the output generated by the smart contract will be stored in the block. This design ensures consistent program operations and outputs, avoiding suspicious execution and providing data security. Cloudlet. The biggest difference between vehicles and other types of Internet of Things lies in vehicles' high mobility and Spatio-temporal sensitivity. It is very challenging to maintain the data integrity and accuracy of moving vehicles. With the help of the roadside unit, vehicles can quickly join the network, perform encrypted communications, and synchronize valid vehicle information [16] with the blockchain consensus mechanism. This procedure ensures that vehicles can maintain data consistency, avoid data loss, and ensure data integrity and validity. Digital encryption currency is the most significant application of blockchain technology. However, the mining work and transactions of digital currencies are processed on traditional networks and servers. The introduction of edge computing frameworks increases the mobility and economical property of the system. The deployed smart contract can automatically execute computing resource transactions and currency lending [24] . Because of its transparency in data and execution, developers can analyze the contract's operating status and financial costs. In addition to combining game theory and Nash equilibrium theory [33] , the system can make optimal decisions with minimum costs. Tracking. The tracking function can describe the user's movement trajectory, allowing the system to learn more data and accurately predict the overall users' movement trend. But directly uploading the user's raw data to the system will expose privacy, so additional mechanisms are demanded to reduce the data's sensitivity while maintaining its accuracy. The anonymity of users in the blockchain environment is the key to protect user's privacy and the decentralized and automatic execution smart contract is the core to avoid malicious operations. Using blockchain technology for traffic tracking [28] can protect the location privacy of vehicles while collecting travelling history on a decentralized transportation network. The recent coronavirus infection tracking is also a hot field. Unlike the centralized management of the user's infection status and travel path, the blockchain-based decentralized system [23] can ensure users' anonymity by randomization mechanism, and its smart contract guarantees the virus transmission path data is accurate and secure saved in the block. IN EDGE COMPUTING VIA INTRODUCING BLOCKCHAIN. Figure 1 shows a general structure for the edge computing framework based on blockchain technology, which may have three layers: the user layer at the bottom comprises the edge devices as the data source, and the edge layer in the middle is the edge node with limited computing and storage capabilities. In most designs, they undertake the work of blockchain miners and ensure the synchronization of blocks and the execution of smart contracts, and the cloud layer on the top is a large data center that provides cloud services. In general, a blockchain-based edge computing system has the following working procedure. Firstly, the bottom edge devices provide activity data, including the interactions between peers and between edge nodes. Then, the middle edge node verifies these data and writes them into blocks based on the blockchain consensus mechanism. After that, the large-scale data center on the top layer does the necessary structural analysis and management. We will analyze the feasibility and benefits of the blockchain-based edge computing system from the security and privacy aspects. In an untrusted distributed edge network environment, anonymity is an essential approach to protecting the identities of devices and users. The device can rely on smart contracts to verify its identity while using the edge node server as an information transmission intermediary without exposing its identity to the server. This general design is vital for stable and secure communication between the devices and regional cloudlets in the edge network. In the edge network, the data of the underlying device is provided to the upper nodes. The underlying device's identity information should not be exposed to other insecure networks. There is a framework [25] to centralize and register these underlying devices in the first-level edge device, then it manages the communication and computation among these underlying devices. However, such a scheme makes the level one edge device the local registration collector in the edge network. Once the collector leaks these identities, the anonymity of the locally registered devices will not exist. Blockchain can provide anonymity to the system and hide the identity of devices in the edge network. Wang [27] proposed an anonymous identity verification protocol based on the blockchain. The edge unit is registered and verified with the registration authority to ensure that the edge units' identity information will not be exposed in the untrusted network. In the edge network environment, the data generated by devices will interact across regions, which inevitably needs to verify the identity of the devices and manage their data read and write permissions. These records are written on the blockchain, and the smart contract executes the device's identity verification to ensure the security of the data in the edge network. In the protocol designed by Wang [27] , the registration and data authorization of the edge unit depend on the execution of the smart contract. Only the registration authority can associate the real identity of the device with the public key, so the authorization and communication between the devices are guaranteed secure. The dynamic domain name resolution strategy proposed by Guo [7] provides services for edge authorization in the system. The edge terminal's domain name-related information is stored in the blockchain, and the communication between the terminals is supported by an asymmetric encryption algorithm based on elliptic curve cryptography. Similarly, the lightweight blockchain-based identity verification protocol proposed by Jangirala [10] allows devices to authenticate each other and establish a session key, which technically guarantees the anonymity of user identities. Mobile edge computing is a novel research field for security and privacy. Edge computing nodes must balance the performance of offloaded computing tasks and the security of local data processing. Excessive data processing requests or other attacks should not cause incomplete data transmission from the mobile edge node, thereby losing data security and user privacy protection. Xu [30] combines blockchain technology to provide a feasible resource allocation scheme for computing offloading, which optimizes energy consumption, task offloading time and maintains load balance while ensuring the data integrity and security of edge computing offloading. Similarly, Song [23] provides a COVID-19 infection tracing framework based on the smart contracts to monitor the location's infection status. In this design, the smart contract group balances the workload between local and upper-level contracts for user check-in requests, reducing network traffic. The blockchain-based protocol design involves more complex and practical security issues. A protocol design cannot meet all scenarios and requirements. For example, it is challenging to guarantee the untraceability of identity in a protocol while it is lightweight. Therefore, we will analyze the security solutions of the protocol in combination with specific scenarios. In the IoT supply chain scenario based on mobile edge computing, Jangirala [10] proposed a lightweight radio frequency identificationbased authentication protocol with blockchain support to provide enough bandwidth for real-time data of goods. This protocol is simple to operate, has provable security, and balances communication and computing costs. NKN Lab [14] proposes a more generalpurpose self-evolving and self-motivating decentralized network, not limited to specific application scenarios. The blockchain in this network has novelly presented Proof of Relay instead of Proof of Work. While reducing energy consumption and improving performance, this network can also resist various attacks, such as Double spending attck and Denial-of-Service attacks, so security is guaranteed in this network. In addition to the protocol perspective or implementation of specific applications discussed above, we also need to show the security and privacy contribution of blockchain in the edge structure from the perspective of architectural design. In Rathore's decentralized network security architecture [19] , blockchain and mobile edge networks are its primary technical support. Blockchain can detect decentralized attacks, avoiding the collapse of the architecture due to the crash of one certain node. In addition, the introduction of edge architecture removes storage constraints, reduces computing costs and latency. The interaction between the layers of the system is also related to security and privacy. Ines proposed a modular and hierarchical design in a complex Internet of Things environment, which generates good positive feedback in practical applications and ensures the security of data storage and computing. Ines' global edge computing architecture [22] consists of three layers: IoT layer, Edge layer, and Business solution layer. The transmission data from the IoT layer is processed by encrypted hardware and communication protocol before it is connected to the Edge layer, an open layer containing many different service providers. This Edge layer pre-processes the raw data from IoT devices and transfers it to the Business solution layer. The use of blockchain ensures the data integrity transmitted through layers. At the business solution layer, the system verifies IoT devices' identity by smart contracts and extracts data from the blockchain database to establish a secure computing channel. Therefore, the three levels of security and privacy are guaranteed under the support of hardware and software protocols. In this subsection, we present the advantages of blockchain-based edge networks from the perspective of the definition of data security and its case studies. The security of data is reflected in three aspects: confidentiality, integrity, and availability. In our scenario, these three aspects have more detailed definitions. • Confidentiality: The data stored at the edge node must be encrypted and protected, and only users with the key can access the data. • Integrity: In a distributed blockchain-based system, the consensus mechanism of the edge node data needs to resist attacks, such as 51% attacks and Sybil attacks. Data saved on nodes needs to be updated to the latest version within an acceptable time to ensure data consistency. • Availability: Edge nodes should provide data access for edge devices and top layer cloud services at any time. Even if some nodes are shut down, the data can still be recovered on new edge nodes and provide access services. 4.6.1 Confidentiality. In addition to standard data encryption, we also need to consider the management of data read and write permissions and user identity authentication because illegal reads and writes are also a significant cause of data pollution. Users need an efficient approach to imply identity authentication to access data in edge node. Ren [20] proposed an identity authentication scheme for the trading system, where users' identity information is stored in the block for data consistency and not tamper. The trusted authentication method proposed by Shaoyong [7] is based on the name resolution and authentication of edge computing nodes, and a caching strategy is designed to improve the performance of the system's authentication mechanism. 4.6.2 Integrity. The traditional consensus mechanism is proofof-work or proof-of-stake, which occupies a lot of computing resources. It is not practical and cost-effective to imply on edge devices and nodes with limited hardware performance. Therefore, the reputation of devices is an alternative method to determine if the device data be written into the block. For example, the vehicular edge network based on the blockchain [12] is supported by reputation data sharing scheme to ensure high-quality data sharing between roadside units and vehicles. This design provided a three-weight subjective logic model to accurately manage vehicle reputation and solve the security problems of untrusted participants in the network and malicious data injection. 4.6.3 Availability. The heterogeneity of edge computing networks has profoundly affected the availability of data. It can unify the communication at different levels of the edge network through software support and hardware virtualization methods. Huan [35] proposed the ALLSTAR ecosystem, which contains four subsystems to accomplish this task. Heterogeneity-AS-code toolKIT (HASKIT) and CRoss-Edge seamless infrAstructure orchestration Framework (CREAF) focus on software perspective to establish a model to describe heterogeneous services and provide the relationship between levels Interface. HardWare chAracterized Function vIRtualization framework (WAFIR) focuses on the hardware perspective to unify the virtual environment of hardware. Service Ederation defined Trustworthy Inter-Chain platform (SETIC) is a blockchain-based subsystem to record user transactions and uses smart contracts to execute decentralized data management tasks automatically. The definition of user privacy in this work is: in the edge computing environment, data mining and cyber-attacks will not expose the user's identity and sensitive information [29] . Edge devices should control what data is shared at edge nodes, how to verify the validity of the data under the premise of encryption, and who else the data is shared with. We discuss the user privacy protection from the blockchain-based perspective of data encryption methods. The native cryptography in the blockchain provides a digital signature for users to prove and verify the encrypted data without revealing the plain content, and Elliptic Curve Digital Signature Algorithm (ECDSA) [11] is the typical one used on both Bitcoin and Ethereum platform. These native encryption mechanisms can meet the needs of general computing applications, but for applications such as industrial IoT sensing and outdoor drone data synchronization, lightweight and customized protocols are required to meet new scenarios requirements such as reducing computing costs for resource-limited IoT devices. Except for those traditional encryption mechanisms to protect sensitive and private data, users can encrypt sensitive data and identities in the blockchain transaction system, achieving data security while providing privacy services. We consider removing identifiers and trajectory data is also an encryption approach to protect user privacy. Before publishing the source data, identifiers and sensitive data that can infer users' identities should be removed or added with noise. Nowadays, social media are very popular, and users activities are logged on those platforms and analyzed by third parties. Even users' true identities are hidden, and they can be tagged with particular id numbers for analysis. Each user's activity has a unique pattern to be exposed to even though their true identities are hidden. Another potential challenge comes with this encryption approach. If source data is strongly anonymous, its usability will be lower, and the information is lost. Blockchain provides a balanced option on the encryption of sensitive data and its usability. Keke [6] designed the smart grid's operating architecture. He mapped the grid's network nodes to the blockchain and edge computing network and used pseudo-names to mark users to avoid revealing their real identities. Although blockchain technology provides solutions to the challenges of edge computing from many aspects, the combination of the two fields still has potential issues and new research areas for us to explore. The first problem is about the storage consumption. It increases a lot because of the blockchain consensus mechanism, which requires a complete Blockchain's distributed ledger data in edge nodes within the network. It is potentially considered a huge storage waste for duplication. The second problem is about the unbalanced workload. A powerful computing node sustains the significant mining and computing load of the blockchain, which may not be fair for the node because the digital currency or incentive from private blockchain is not tradable for public. This challenge requires a fair and dynamic resource management among edge nodes. The last problem is about the transaction latency. The blockchain requires block synchronization among edge nodes, where they have a competition on writing transactions into the next block. The new block generation time cost delays the system operation. Spatiotemporal sensitive applications may suffer from this kind of latency, for example, moving self-driving vehicles cannot wait seconds for the synchronization of traffic status. This survey focuses on the security and privacy aspects of blockchainbased edge computing networks. It demonstrates the feasibility of deployment in the Internet of Things, vehicular network, payment, tracking, etc. In particular, we discussed the challenges and benefits of these sub-areas of security and privacy. No universal system can solve all security and privacy issues, and we can only use a more suitable system framework for specific demands. Bringing computation closer toward the user network: Is edge computing the solution? Mobile cloud computing: advantage, disadvantage and open challenge Performance and scalability improvement using IoT-based edge computing container technologies A new lightweight homomorphic encryption scheme for mobile cloud computing Edge computing in IoT-based manufacturing Permissioned blockchain and edge computing empowered privacy-preserving smart grid networks Blockchain meets edge computing: A distributed and trusted authentication system Unleashing the power of participatory IoT with blockchains for increased safety and situation awareness of smart cities Designing secure lightweight blockchain-enabled RFID-based authentication protocol for supply chains in 5G mobile edge computing environment The elliptic curve digital signature algorithm (ECDSA) Blockchain for secure and efficient data sharing in vehicular edge computing and networks Internet of things gateways meet linux containers: Performance evaluation and discussion NKN: a Scalable Self-Evolving and Self-Incentivized Decentralized Network Shared authority based privacy-preserving authentication protocol in cloud computing Blockchain-enabled security in electric vehicles cloud and edge computing A study of encryption algorithms AES, DES and RSA for security Fast software AES encryption BlockSe-cIoTNet: Blockchain-based decentralized security architecture for IoT network A novel authentication scheme based on edge computing for blockchain-based distributed energy trading system Edge computing: Vision and challenges A review of edge computing reference architectures and a new global edge proposal Yunjie Ge, and Prasant Mohapatra. 2021. Blockchain meets COVID-19: A framework for contact information sharing and risk notification system Smart Contractbased Computing Resources Trading in Edge Computing A distributed and anonymous data collection framework based on multilevel edge computing architecture Bandwidth-efficient live video analytics for drones via edge computing Blockchain-based anonymous authentication with key management for smart grid edge computing infrastructure TrafficChain: A blockchain-based secure and privacy-preserving traffic map Information security in big data: privacy and data mining BeCome: Blockchain-enabled computation offloading for IoT in mobile edge computing Data security and privacy-preserving in edge computing paradigm: Survey and open issues Mobileedge computing for vehicular networks: A promising network paradigm with predictive off-loading Joint computation offloading and coin loaning for blockchain-empowered mobile-edge computing Game cloud design with virtualized CPU/GPU servers and initial performance results Building a blockchain-based decentralized ecosystem for cloud and edge computing: an ALLSTAR approach and empirical study. Peer-to-Peer Networking and Applications