Table of Contents
Fetching ...

SA2FE: A Secure, Anonymous, Auditable, and Fair Edge Computing Service Offloading Framework

Xiaojian Wang, Huayue Gu, Zhouyu Li, Fangtong Zhou, Ruozhou Yu, Dejun Yang, Guoliang Xue

TL;DR

SA$^2$FE tackles secure, anonymous, auditable, and fair edge offloading in a democratized ecosystem. It introduces a rerandomizable puzzle primitive and a blind token-based access scheme to protect service-type privacy and enable fair, randomized edge server selection, all while providing accountability through token verification and UC-based security proofs. The framework is implemented on commodity devices and shows low computation and communication overhead, demonstrating practicality for real-world edge networks. Overall, SA$^2$FE offers a principled, scalable solution to secure offloading with strong privacy, fairness, and auditability guarantees in heterogeneous edge environments.

Abstract

The inclusion of pervasive computing devices in a democratized edge computing ecosystem can significantly expand the capability and coverage of near-end computing for large-scale applications. However, offloading user tasks to heterogeneous and decentralized edge devices comes with the dual risk of both endangered user data security and privacy due to the curious base station or malicious edge servers, and unfair offloading and malicious attacks targeting edge servers from other edge servers and/or users. Existing solutions to edge access control and offloading either rely on "always-on" cloud servers with reduced edge benefits or fail to protect sensitive user service information. To address these challenges, this paper presents SA2FE, a novel framework for edge access control, offloading and accounting. We design a rerandomizable puzzle primitive and a corresponding scheme to protect sensitive service information from eavesdroppers and ensure fair offloading decisions, while a blind token-based scheme safeguards user privacy, prevents double spending, and ensures usage accountability. The security of SA2FE is proved under the Universal Composability framework, and its performance and scalability are demonstrated with implementation on commodity mobile devices and edge servers.

SA2FE: A Secure, Anonymous, Auditable, and Fair Edge Computing Service Offloading Framework

TL;DR

SAFE tackles secure, anonymous, auditable, and fair edge offloading in a democratized ecosystem. It introduces a rerandomizable puzzle primitive and a blind token-based access scheme to protect service-type privacy and enable fair, randomized edge server selection, all while providing accountability through token verification and UC-based security proofs. The framework is implemented on commodity devices and shows low computation and communication overhead, demonstrating practicality for real-world edge networks. Overall, SAFE offers a principled, scalable solution to secure offloading with strong privacy, fairness, and auditability guarantees in heterogeneous edge environments.

Abstract

The inclusion of pervasive computing devices in a democratized edge computing ecosystem can significantly expand the capability and coverage of near-end computing for large-scale applications. However, offloading user tasks to heterogeneous and decentralized edge devices comes with the dual risk of both endangered user data security and privacy due to the curious base station or malicious edge servers, and unfair offloading and malicious attacks targeting edge servers from other edge servers and/or users. Existing solutions to edge access control and offloading either rely on "always-on" cloud servers with reduced edge benefits or fail to protect sensitive user service information. To address these challenges, this paper presents SA2FE, a novel framework for edge access control, offloading and accounting. We design a rerandomizable puzzle primitive and a corresponding scheme to protect sensitive service information from eavesdroppers and ensure fair offloading decisions, while a blind token-based scheme safeguards user privacy, prevents double spending, and ensures usage accountability. The security of SA2FE is proved under the Universal Composability framework, and its performance and scalability are demonstrated with implementation on commodity mobile devices and edge servers.
Paper Structure (21 sections, 1 equation, 8 figures, 1 table, 4 algorithms)

This paper contains 21 sections, 1 equation, 8 figures, 1 table, 4 algorithms.

Figures (8)

  • Figure 1: SA$^2$FE workflow. (1) SP registers to FA; (2) ES registers to SP and BS; (3) User gets tokens from FA; (4) User starts service request; (5) Request is forwarded to an ES; (6) User gets response; (7) BS and ES claim tokens. The workflow consists of three main phases: registration (steps (1)$-$(3)), offloading (steps (4)$-$(6)), and payment claim (step (7)).
  • Figure 2: Rerandomizable puzzle-based offloading example. Suppose there are two SPs offering two types of services, $s_1$ and $s_2$, and three ESs $e_1$, $e_2$ and $e_3$ attempting to assist the SPs in delivering services. $e_1$ provides both $s_1$ and $s_2$, $e_2$ provides $s_2$, and $e_3$ provides $s_1$. Denote the puzzle of service $s_j$ from edge server $e_i$ as $z_{e_i,s_j}$. Suppose a user intends to use service $s_1$. (1) ESs register service-related puzzles with the BS. (2) User initiates a request for an (unspecified) offloading service. (3) BS responds to user with a puzzle list. (4) User selects a puzzle $z_{e_3,s_1}$ and returns it to the BS. (5) BS forwards the user's request to selected ES $e_3$. (6) $e_3$ returns service response to the BS. (7) BS forwards the response to the user.
  • Figure 3: Ideal functionality for registration.
  • Figure 4: Ideal functionality for offloading.
  • Figure 5: Ideal functionality for payment claim.
  • ...and 3 more figures

Theorems & Definitions (2)

  • Definition 1
  • Definition 2