AI Chat Paper
Note: Please note that the following content is generated by AMiner AI. SciOpen does not take any responsibility related to this content.
{{lang === 'zh_CN' ? '文章概述' : 'Summary'}}
{{lang === 'en_US' ? '中' : 'Eng'}}
Chat more with AI
PDF (16.8 MB)
Collect
Submit Manuscript AI Chat Paper
Show Outline
Outline
Show full outline
Hide outline
Outline
Show full outline
Hide outline
Open Access

Cloud-Network-End Collaborative Security for Wireless Networks: Architecture, Mechanisms, and Applications

State Key Laboratory of Integrated Service Networks (ISN), School of Cyber Engineering, Xidian University, Xi’an 710071, China
Show Author Information

Abstract

The core goal of network security is to protect the security of data sharing. Traditional wireless network security technology is committed to guaranteeing end-to-end data transmission security. However, with the advancement of mobile networks, cloud computing, and Internet of Things, communication-computing integration and cloud-network integration have been important technical routes. As a result, the main application requirements of wireless networks have changed from data transmission to cloud-based information services. Traditional data transmission security technology cannot overcome the security requirements of cloud-network-end collaborative services in the new era, and secure semantic communication has become an important model. To address this issue, we propose a cloud-network-end collaborative security architecture. Firstly, we clarify security mechanisms for end system security, network connection security, and cloud services security, respectively. Next, based on the above three aspects, we elaborate on the connotation of cloud-network-end collaborative security. By giving example applications, including heterogeneous network secure convergence framework, unmanned system collaborative operations security framework, and space-air-ground integrated network security framework, we demonstrate the universality of the proposed architecture. Finally, we review the current research on end system security, network connection security, and cloud services security, respectively.

References

[1]

I. F. Akyildiz, W. Su, Y. Sankarasubramaniam, and E. Cayirci, Wireless sensor networks: A survey, Comput. Netw., vol. 38, no. 4, pp. 393–422, 2002.

[2]

I. F. Akyildiz and X. Wang, A survey on wireless mesh networks, IEEE Commun. Mag., vol. 43, no. 9, pp. S23–S30, 2005.

[3]

S. Movassaghi, M. Abolhasan, J. Lipman, D. Smith, and A. Jamalipour, Wireless body area networks: A survey, IEEE Commun. Surv. Tutorials, vol. 16, no. 3, pp. 1658–1686, 2014.

[4]

J. Liu, Y. Shi, Z. M. Fadlullah, and N. Kato, Space-air-ground integrated network: A survey, IEEE Commun. Surv. Tutorials, vol. 20, no. 4, pp. 2714–2741, 2018.

[5]

C. Zhang, P. Patras, and H. Haddadi, Deep learning in mobile and wireless networking: A survey, IEEE Commun. Surv. Tutorials, vol. 21, no. 3, pp. 2224–2287, 2019.

[6]

Z. Shen, J. Jin, C. Tan, A. Tagami, S. Wang, Q. Li, Q. Zheng, and J. Yuan, A survey of next-generation computing technologies in space-air-ground integrated networks, ACM Comput. Surv., vol. 56, no. 1, p. 23, 2023.

[7]

Y. Zou, J. Zhu, X. Wang, and L. Hanzo, A survey on wireless security: Technical challenges, recent advances, and future trends, Proc. IEEE, vol. 104, no. 9, pp. 1727–1765, 2016.

[8]

C. E. Shannon, Communication theory of secrecy systems, Bell Syst. Tech. J., vol. 28, no. 4, pp. 656–715, 1949.

[9]
R. Perez, R. Sailer, and L. Doorn, vTPM: Virtualizing the trusted platform module, in Proc. 15th Conf. USENIX Security Symposium, Vancouver, Canada, 2006, pp. 305–320.
[10]
B. Kauer, OSLO: Improving the security of trusted computing, in Proc. 16th Conf. USENIX Security Symposium, Boston, MA, USA, 2007, pp. 1–9.
[11]

C. Shen, H. Zhang, H. Wang, J. Wang, B. Zhao, F. Yan, F. Yu, L. Zhang, and M. Xu, Research on trusted computing and its development, Sci. China Inf. Sci., vol. 53, no. 3, pp. 405–433, 2010.

[12]
L. Chen and J. Li, Flexible and scalable digital signatures in TPM 2.0, in Proc. ACM SIGSAC Conf. Computer & Communications Security, Berlin, Germany, 2013, pp. 37–48.
[13]
M. Sabt, M. Achemlal, and A. Bouabdallah, Trusted Execution Environment: What It is, and What It is Not, in Proc. IEEE Trustcom/BigDataSE/ISPA, Helsinki, Finland, 2015, pp. 57–64.
[14]

D. Lu, M. Shi, X. Ma, X. Liu, R. Guo, T. Zheng, Y. Shen, X. Dong, and J. Ma, Smaug: A TEE-assisted secured SQLite for embedded systems, IEEE Trans. Dependable Secure Comput., vol. 20, no. 5, pp. 3617–3635, 2023.

[15]

D. Lu, R. Han, Y. Shen, X. Dong, J. Ma, X. Du, and M. Guizani, xTSeH: A trusted platform module sharing scheme towards smart IoT-eHealth devices, IEEE J. Select. Areas Commun., vol. 39, no. 2, pp. 370–383, 2021.

[16]

D. Lu, R. Han, Y. Wang, Y. Wang, X. Dong, X. Ma, T. Li, and J. Ma, A secured TPM integration scheme towards smart embedded system based collaboration network, Comput. Secur., vol. 97, p. 101922, 2020.

[17]
T. Abera, R. Bahmani, F. Brasser, A. Ibrahim, A. R. Sadeghi, and M. Schunter, DIAT: Data integrity attestation for resilient collaboration of autonomous systems, in Proc. 2019 Network and Distributed System Security Symp., San Diego, CA, USA, 2019, pp. 1–15.
[18]
L. Zhao and M. Mannan, TEE-aided write protection against privileged data tampering, in Proc. 2019 Network and Distributed System Security Symp., San Diego, CA, USA, 2019, pp. 1–15.
[19]
R. Canetti, Universally composable security: A new paradigm for cryptographic protocols, in Proc. 42nd IEEE Symp. on Foundations of Computer Science, Newport Beach, CA, USA, 2001, pp. 136–145.
[20]
Y. Lindell, Composition of Secure Multi-Party Protocols : A Comprehensive Study, Berlin, Germany: Springer, 2003.
[21]
Y. Lindell, General composition and universal composability in secure multi-party computation, in Proc. 44th Annual IEEE Symp. on Foundations of Computer Science, Cambridge, MA, USA, 2003, pp. 394–403.
[22]

X. Li, J. Ma, and S. Moon, Security extension for the Canetti-Krawczyk model in identity-based systems, Sci. China Ser. F Inf. Sci., vol. 48, no. 1, pp. 117–124, 2005.

[23]

F. Zhang, J. Ma, and S. Moon, Universally composable anonymous Hash certification model, Sci. China Ser. F Inf. Sci., vol. 50, no. 3, pp. 440–455, 2007.

[24]

T. Feng, F. Li, J. Ma, and S. Moon, A new approach for UC security concurrent deniable authentication, Sci. China Ser. F Inf. Sci., vol. 51, no. 4, pp. 352–367, 2008.

[25]

J. Zhang, J. Ma, and S. Moon, Universally composable one-time signature and broadcast authentication, Sci. China Inf. Sci., vol. 53, no. 3, pp. 567–580, 2010.

[26]

J. Zhang, J. Ma, C. Yang, and L. Yang, Universally composable secure positioning in the bounded retrieval model, Sci. China Inf. Sci., vol. 58, no. 11, pp. 1–15, 2015.

[27]

J. Zhang, N. Lu, J. Ma, and C. Yang, Universally composable secure geographic area verification without pre-shared secret, Sci. China Inf. Sci., vol. 62, no. 3, p. 32113, 2019.

[28]

J. Zhu and J. Ma, A new authentication scheme with anonymity for wireless environments, IEEE Trans. Consumer Electron., vol. 50, no. 1, pp. 231–235, 2004.

[29]

H. Chen, Y. Xiao, X. Hong, F. Hu, and J. L. Xie, A survey of anonymity in wireless communication systems, Secur. Commun. Netw., vol. 2, no. 5, pp. 427–444, 2009.

[30]

M. Cheminod, L. Durante, and A. Valenzano, Review of security issues in industrial networks, IEEE Trans. Ind. Inf., vol. 9, no. 1, pp. 277–293, 2013.

[31]

J. Liu, Z. Zhang, X. Chen, and K. S. Kwak, Certificateless remote anonymous authentication schemes for WirelessBody area networks, IEEE Trans. Parallel Distrib. Syst., vol. 25, no. 2, pp. 332–342, 2014.

[32]

M. U. Aslam, A. Derhab, K. Saleem, H. Abbas, M. Orgun, W. Iqbal, and B. Aslam, A survey of authentication schemes in telecare medicine information systems, J. Med. Syst., vol. 41, no. 1, p. 14, 2016.

[33]

C. C. Lee, M. S. Hwang, and I. E. Liao, Security enhancement on a new authentication scheme with anonymity for wireless environments, IEEE Trans. Ind. Electron., vol. 53, no. 5, pp. 1683–1687, 2006.

[34]

C. C. Wu, W. B. Lee, and W. J. Tsaur, A secure authentication scheme with anonymity for wireless communications, IEEE Commun. Lett., vol. 12, no. 10, pp. 722–723, 2008.

[35]

F. Wu, L. Xu, S. Kumari, X. Li, A. K. Das, M. K. Khan, M. Karuppiah, and R. Baliyan, A novel and provably secure authentication and key agreement scheme with user anonymity for global mobility networks, Security Comm. Networks, vol. 9, no. 16, pp. 3527–3542, 2016.

[36]

Q. Feng, D. He, S. Zeadally, N. Kumar, and K. Liang, Ideal lattice-based anonymous authentication protocol for mobile devices, IEEE Syst. J., vol. 13, no. 3, pp. 2775–2785, 2019.

[37]

D. He, N. Kumar, M. Khan, and J. H. Lee, Anonymous two-factor authentication for consumer roaming service in global mobility networks, IEEE Trans. Consumer Electron., vol. 59, no. 4, pp. 811–817, 2013.

[38]

P. Zeng, Z. Cao, K. K. R. Choo, and S. Wang, On the anonymity of some authentication schemes for wireless communications, IEEE Commun. Lett., vol. 13, no. 3, pp. 170–171, 2009.

[39]

J. Zhang, J. Ma, and S. Moon, Universally composable secure TNC model and EAP-TNC protocol in IF-T, Sci. China Inf. Sci., vol. 53, no. 3, pp. 465–482, 2010.

[40]

L. Yang, J. Ma, W. Lou, and Q. Jiang, A delegation based cross trusted domain direct anonymous attestation scheme, Comput. Netw. Int. J. Comput. Telecommun. Netw., vol. 81, pp. 245–257, 2015.

[41]

J. Zhang, Z. Wang, L. Shang, D. Lu, and J. Ma, BTNC: A blockchain based trusted network connection protocol in IoT, J. Parallel Distrib. Comput., vol. 143, pp. 1–16, 2020.

[42]

W. Dong and L. Chen, Recent advances on trusted computing in China, Chin. Sci. Bull., vol. 57, no. 35, pp. 4529–4532, 2012.

[43]
S. Zhao, Q. Zhang, Y. Qin, and D. Feng, Universally composable secure TNC protocol based on IF-T binding to TLS, in Proc. 8th Int. Conf. Network and System Security, Xi’an, China, 2014, pp. 110–123.
[44]

Q. Jiang, J. Ni, J. Ma, L. Yang, and X. Shen, Integrated authentication and key agreement framework for vehicular cloud computing, IEEE Netw., vol. 32, no. 3, pp. 28–35, 2018.

[45]

X. Li, F. Bao, S. Li, and J. Ma, FLAP: An efficient WLAN initial access authentication protocol, IEEE Trans. Parallel Distrib. Syst., vol. 25, no. 2, pp. 488–497, 2014.

[46]
D. X. Song, D. Wagner, and A. Perrig, Practical techniques for searches on encrypted data, in Proc. IEEE Symp. on Security and Privacy, Berkeley, CA, USA, 2000, pp. 44–55.
[47]
R. Curtmola, J. Garay, S. Kamara, and R. Ostrovsky, Searchable symmetric encryption: Improved definitions and efficient constructions, in Proc. 13th ACM Conf. Computer and Communications Security, Alexandria, VA, USA, 2006, pp. 79–88.
[48]

G. S. Poh, J. J. Chin, W. C. Yau, K. K. R. Choo, and M. S. Mohamad, Searchable symmetric encryption: Designs and challenges, ACM Comput. Surv., vol. 50, no. 3, p. 40, 2017.

[49]
S. Kamara, C. Papamanthou, and T. Roeder, Dynamic searchable symmetric encryption, in Proc. 2012 ACM Conf. Computer and Communications Security, Raleigh, NC, USA, 2012, pp. 965–976.
[50]
D. Cash, S. Jarecki, C. Jutla, H. Krawczyk, M. C. Roşu, and M. Steiner, Highly-scalable searchable symmetric encryption with support for Boolean queries, in Proc. 33rd Annual Cryptology Conf. Advances in Cryptology, Santa Barbara, CA, USA, 2013, pp. 353–373.
[51]
X. Wang, J. Ma, Y. Miao, X. Liu, and R. Yang, Privacy-preserving diverse keyword search and online pre-diagnosis in cloud computing, in Proc. IEEE World Congress on Services (SERVICES), Chicago, IL, USA, 2021, pp. 710–723.
[52]

Z. Xia, X. Wang, L. Zhang, Z. Qin, X. Sun, and K. Ren, A privacy-preserving and copy-deterrence content-based image retrieval scheme in cloud computing, IEEE Trans. Inform. Forensic Secur., vol. 11, no. 11, pp. 2594–2608, 2016.

[53]
J. Li, Q. Wang, C. Wang, N. Cao, K. Ren, and W. Lou, Fuzzy keyword search over encrypted data in cloud computing, in Proc. 29th Conf. Information Communications, San Diego, CA, USA, 2010, pp. 441–445.
[54]

X. Wang, J. Ma, X. Liu, Y. Miao, Y. Liu, and R. H. Deng, Forward/backward and content private DSSE for spatial keyword queries, IEEE Trans. Dependable Secure Comput., vol. 20, no. 4, pp. 3358–3370, 2023.

[55]
X. Wang, J. Ma, X. Liu, R. H. Deng, Y. Miao, D. Zhu, and Z. Ma, Search me in the dark: Privacy-preserving Boolean range query over encrypted spatial data, in Proc. IEEE Conf. Computer Communications, Toronto, Canada, 2020, pp. 2253–2262.
[56]
X. Wang, J. Ma, X. Liu, and Y. Miao, Search in my way: Practical outsourced image retrieval framework supporting unshared key, in Proc. IEEE Conf. Computer Communications, Paris, France, 2019, pp. 2485–2493.
[57]

T. Yang, J. Ma, Y. Miao, Y. Wang, X. Liu, K. K. R. Choo, and B. Xiao, MU-TEIR: Traceable encrypted image retrieval in the multi-user setting, IEEE Trans. Serv. Comput., vol. 16, no. 2, pp. 1282–1295, 2023.

[58]

X. Wang, J. Ma, F. Li, X. Liu, Y. Miao, and R. H. Deng, Enabling efficient spatial keyword queries on encrypted data with strong security guarantees, IEEE Trans. Inf. Forensics Secur., vol. 16, pp. 4909–4923, 2021.

[59]

Y. Li, J. Ma, Y. Miao, H. Li, Q. Yan, Y. Wang, X. Liu, and K. R. Choo, DVREI: Dynamic verifiable retrieval over encrypted images, IEEE Trans. Computers., vol. 71, no. 8, pp. 1755–1769, 2022.

[60]
R. A. Popa, C. M. S. Redfield, N. Zeldovich, and H. Balakrishnan, CryptDB: Protecting confidentiality with encrypted query processing, in Proc. 23rd ACM Symp. on Operating Systems Principles, Cascais, Portugal, 2011, pp. 85–100.
[61]

S. Tu, M. F. Kaashoek, S. Madden, and N. Zeldovich, Processing analytical queries over encrypted data, Proc. VLDB Endow., vol. 6, no. 5, pp. 289–300, 2013.

[62]

R. Poddar, T. Boelter, and R. A. Popa, Arx: An encrypted database using semantically secure encryption, Proc. VLDB Endow., vol. 12, no. 11, pp. 1664–1678, 2019.

[63]
X. Yuan, Y. Guo, X. Wang, C. Wang, B. Li, and X. Jia, EncKV: An encrypted key-value store with rich queries, in Proc. ACM on Asia Conf. Computer and Communications Security, Abu Dhabi, United Arab Emirates, 2017, pp. 423–435.
[64]
K. Cheng, Y. Shen, Y. Wang, L. Wang, J. Ma, X. Jiang, and C. Su, Strongly secure and efficient range queries in cloud databases under multiple keys, in Proc. IEEE Conf. Computer Communications, Paris, France, 2019, pp. 2494–2502.
[65]
P. Antonopoulos, A. Arasu, K. D. Singh, K. Eguro, N. Gupta, R. Jain, R. Kaushik, H. Kodavalla, D. Kossmann, N. Ogg, et al., Azure SQL database always encrypted, in Proc. ACM SIGMOD Int. Conf. Management of Data, Portland, OR, USA, 2020, pp. 1511–1525.
[66]
A. C. Yao, Protocols for secure computations, in Proc. 23rd Annual Symp. on Foundations of Computer Science, Chicago, IL, USA, 1982, pp. 160–164.
[67]

V. K. Yadav, N. Andola, S. Verma, and S. Venkatesan, A survey of oblivious transfer protocol, ACM Comput. Surv., vol. 54, no. 10, pp. 1–37, 2022.

[68]
D. Demmler, T. Schneider, and M. Zohner, ABY—A framework for efficient mixed-protocol secure two-party computation, in Proc. Network and Distributed System Security Symp., San Diego, CA, USA, 2015, pp. 1–15.
[69]
M. Keller, MP-SPDZ: A versatile framework for multi-party computation, in Proc. ACM SIGSAC Conf. Computer and Communications Security, Virtual, 2020, pp 1575–1590.
[70]
C. Gentry, Fully homomorphic encryption using ideal lattices, in Proc. 41st Annual ACM Symp. on Theory of Computing, Bethesda, MD, USA, 2009, pp. 169–178.
[71]

A. Acar, H. Aksu, A. Selcuk Uluagac, and M. Conti, A survey on homomorphic encryption schemes: Theory and implementation, ACM Comput. Surv., vol. 51, no. 4, pp. 1–35, 2018.

[72]

X. Chen, X. Huang, J. Li, J. Ma, W. Lou, and D. S. Wong, New algorithms for secure outsourcing of large-scale systems of linear equations, IEEE Trans. Inform. Forensic Secur., vol. 10, no. 1, pp. 69–78, 2015.

[73]

X. Chen, J. Li, J. Ma, Q. Tang, and W. Lou, New algorithms for secure outsourcing of modular exponentiations, IEEE Trans. Parallel Distrib. Syst., vol. 25, no. 9, pp. 2386–2396, 2014.

[74]

X. Liu, B. Qin, R. H. Deng, R. Lu, and J. Ma, A privacy-preserving outsourced functional computation framework across large-scale multiple encrypted domains, IEEE Trans. Comput., vol. 65, no. 12, pp. 3567–3579, 2016.

[75]

Y. Liu, Z. Ma, X. Liu, S. Ma, and K. Ren, Privacy-preserving object detection for medical images with faster R-CNN, IEEE Trans. Inform. Forensic Secur., vol. 17, pp. 69–84, 2022.

[76]

Y. Liu, Z. Ma, Y. Yang, X. Liu, J. Ma, and K. Ren, RevFRF: Enabling cross-domain random forest training with revocable federated learning, IEEE Trans. Dependable Secure Comput., vol. 19, no. 6, pp. 3671–3685, 2022.

[77]

Y. Miao, J. Ma, X. Liu, J. Zhang, and Z. Liu, VKSE-MO: Verifiable keyword search over encrypted data in multi-owner settings, Sci. China Inf. Sci., vol. 60, no. 12, p. 122105, 2017.

[78]

X. Li, Q. Tong, J. Zhao, Y. Miao, S. Ma, J. Weng, J. Ma, and K. K. R. Choo, VRFMS: Verifiable ranked fuzzy multi-keyword search over encrypted data, IEEE Trans. Serv. Comput., vol. 16, no. 1, pp. 698–710, 2023.

[79]

J. Li, J. Ma, Y. Miao, L. Chen, Y. Wang, X. Liu, and K. K. R. Choo, Verifiable semantic-aware ranked keyword search in cloud-assisted edge computing, IEEE Trans. Serv. Comput., vol. 15, no. 6, pp. 3591–3605, 2022.

[80]

T. Jiang, W. Meng, X. Yuan, L. Wang, J. Ge, and J. Ma, ReliableBox: Secure and verifiable cloud storage with location-aware backup, IEEE Trans. Parallel Distrib. Syst., vol. 32, no. 12, pp. 2996–3010, 2021.

[81]

M. Miao, J. Ma, X. Huang, and Q. Wang, Efficient verifiable databases with insertion/deletion operations from delegating polynomial functions, IEEE Trans. Inf. Forensics Secur., vol. 13, no. 2, pp. 511–520, 2018.

[82]

M. Miao, J. Wang, J. Ma, and W. Susilo, Publicly verifiable databases with efficient insertion/deletion operations, J. Comput. Syst. Sci., vol. 86, pp. 49–58, 2017.

[83]

T. Jiang, X. Chen, and J. Ma, Public integrity auditing for shared dynamic cloud data with group user revocation, IEEE Trans. Comput., vol. 65, no. 8, pp. 2363–2373, 2016.

[84]

X. Chen, J. Li, J. Weng, J. Ma, and W. Lou, Verifiable computation over large database with incremental updates, IEEE Trans. Comput., vol. 65, no. 10, pp. 3184–3195, 2016.

[85]
J. Bethencourt, A. Sahai, and B. Waters, Ciphertext-policy attribute-based encryption, in Proc. IEEE Symp. on Security and Privacy, Berkeley, CA, USA, 2007, pp. 321–334.
[86]
V. Goyal, O. Pandey, A. Sahai, and B. Waters, Attribute-based encryption for fine-grained access control of encrypted data, in Proc. 13th ACM Conf. Computer and Communications Security, Alexandria, VA, USA, 2006, pp. 89–98.
[87]

J. Li, J. Ma, Y. Miao, R. Yang, X. Liu, and K. K. R. Choo, Practical multi-keyword ranked search with access control over encrypted cloud data, IEEE Trans. Cloud Comput., vol. 10, no. 3, pp. 2005–2019, 2022.

[88]

Y. Li, J. Ma, Y. Miao, Y. Wang, T. Yang, X. Liu, and K. K. R. Choo, Traceable and controllable encrypted cloud image search in multi-user settings, IEEE Trans. Cloud Comput., vol. 10, no. 4, pp. 2936–2948, 2022.

[89]

Y. Miao, X. Liu, K. K. R. Choo, R. H. Deng, J. Li, H. Li, and J. Ma, Privacy-preserving attribute-based keyword search in shared multi-owner setting, IEEE Trans. Dependable Secure Comput., vol. 18, no. 3, pp. 1080–1094, 2021.

[90]

Y. Miao, J. Ma, X. Liu, X. Li, Q. Jiang, and J. Zhang, Attribute-based keyword search over hierarchical data in cloud computing, IEEE Trans. Serv. Comput., vol. 13, no. 6, pp. 985–998, 2020.

[91]

K. Zhang, H. Li, J. Ma, and X. Liu, Efficient large-universe multi-authority ciphertext-policy attribute-based encryption with white-box traceability, Sci. China Inf. Sci., vol. 61, no. 3, pp. 32–102, 2017.

[92]

S. Gao, G. Piao, J. Zhu, X. Ma, and J. Ma, TrustAccess: A trustworthy secure ciphertext-policy and attribute hiding access control scheme based on blockchain, IEEE Trans. Veh. Technol., vol. 69, no. 6, pp. 5784–5798, 2020.

Tsinghua Science and Technology
Pages 18-33
Cite this article:
Wang X, Ma J. Cloud-Network-End Collaborative Security for Wireless Networks: Architecture, Mechanisms, and Applications. Tsinghua Science and Technology, 2025, 30(1): 18-33. https://doi.org/10.26599/TST.2023.9010158

308

Views

98

Downloads

1

Crossref

1

Web of Science

0

Scopus

0

CSCD

Altmetrics

Received: 26 October 2023
Accepted: 20 December 2023
Published: 09 April 2024
© The Author(s) 2025.

The articles published in this open access journal are distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/).

Return