Enabling Efficient and Distributed Access Control for Pervasive Edge Computing Services

In this paper, we propose an efficient and distributed service access control framework (E-DAC) in the pervasive edge computing (PEC) environment, where the resources of peer devices at the network edge are integrated to provide latency-sensitive computing services to the nearby devices on behalf of edge servers. E-DAC addresses the challenge of efficient and distributed service access control, comprising edge service authorization, service access authorization, and mutual authentication between edge servers and edge devices. In dong so, E-DAC first extends a key-aggregate cryptosystem to enable batch service authorization, in which a service provider can aggregate the authorization keys of different services to produce a constant-size aggregate key for an edge server. Second, E-DAC enables users to acquire authorization from the service provider for service access on edge servers by using efficient secret sharing. Third, edge servers and users can authenticate with each other without interacting with a centralized server, while enabling secure zero-round trip communication, so that the service data is protected and the communication bandwidth cost is low. In addition, the service provider is capable of efficiently revoking the authorization of the dropout or compromised edge servers or users in response to the dynamics of the PEC environment. Finally, we prove the security of service access control in E-DAC, including unforgeability of service authorization and confidentiality of service data, and conduct extensive analysis and experiments to demonstrate that E-DAC is highly computational and communication-efficient on service authorization, authentication, and revocation.