Lakhasly

M. Yahuza et al.: Systematic Review on Security and Privacy Requirements in Edge Computing
TABLE 11. The summary of evaluation metrics employed by the techniques.
the conclusion drawn, which may affect the quality of the
findings. Below are some of the factors:

1. The data acquisition process is subjected to a biased
   opinion because only one author searched for the pri-
   mary study articles.


2. Only four electronic databases were explored for col-
   lecting applicable data. Thus, relevant studies from
   other databases may not be included. This limited the
   scope of the review work.


3. Only journal articles and conference proceedings were
   included, whereas some other studies that may help
   76562 VOLUME 8, 2020

M. Yahuza et al.: Systematic Review on Security and Privacy Requirements in Edge Computing
with additional information, such as patents, maga-
zines, and symposium, were excluded.
VII. OPEN RESEARCH ISSUES
In this section, the research open issues in the field of secu-
rity and privacy of edge computing paradigm will be given.
The aim is to provide opportunities for future researchers
willing to contribute to this area. The major open issues
include:
A. LIGHTWEIGHT SECURITY FEATURES
Lightweight security is required in the edge comput-
ing network because of the minimum resource and stor-
age characterized by the edge devices. The conventional
cryptographic protocols are characterized with very high
computation and communication costs [110], [111], due
to the large key size employed. Therefore, such protocols
cannot be applied directly to the edge network. As such,
lightweight cryptographic protocols with smaller encryption
keys that require fewer memory and CPU resources are
preferred in edge computing. Lightweight security does not
maintain the tradeoff between efficiency and security/privacy,
as considered by most of the reviewed techniques. For
lightweight security, efficiency is not as important as
security/privacy.
It can be observed that most of the techniques under
Confidentiality and Authenticity are not lightweight, that
was the reason why they did not evaluate the techniques
using the lightweight evaluation metrics (i.e. computation and
communication costs). Only four techniques [50], [51], [53],
and [78] employed the lightweight metrics. Hence, future
research on security and privacy in edge computing should
focus on lightweight security, for example, Elliptic Curve
Cryptography, Permutation Based Lightweight Cryptogra-
phy, Block-Ciphers Lightweight Cryptography, etc.
B. FINE-GRAIN SECURITY FEATURES
To attain fine-grain security features, a dynamic auto-update
function needs to be incorporated into the privacy-preserving
mechanisms, as well as an efficient data-sharing mechanism,
due to the huge amount of data produced at the edge of the
network by end-devices. The most commonly fine grain secu-
rity evaluation metrics as depicted in Table 11 are Tracking
Accuracy, and Privacy protection level, which were employed
by only five techniques [55], [63], [64], [66], [68]. There-
fore, future research should consider fine-grain features when
proposing Privacy-Preserving techniques.
C. PRIOR INVESTIGATION OF ATTACKS
In most of the reviewed studies, attacks were not fully inves-
tigated and dealt with sufficiently prior to the design process
of the techniques, especially the authentication and privacy-
preserving schemes. These attacks are very dangerous to the
privacy of the interacting edge devices, which may lead to
revealing devices’ secret information.
D. MORE WORK IS REQUIRED UNDER CERTAIN
SECURITY/PRIVACY REQUIREMENTS
As stated earlier, some of the security and privacy require-
ments are either not having techniques that consider them
separately, or not having at all. For example, from the find-
ings, the Availability requirement is having only 1 technique
under it, whereas Reliability, Nonrepudiation, and Integrity
requirements are not considered by any technique, except in
combination with other requirements. Due to the importance
of these requirements, future researchers should concentrate
on devising techniques that will consider them.
E. SECURE TWO-WAY COMMUNICATION
The establishment of secure two-way communication in
the edge network is relatively difficult compared to the
cloud network with ready-made security mechanisms. There-
fore, to achieve secure two-way communication in an
edge computing network, lightweight key exchange algo-
rithms that suite edge computing should be designed in the
future.
F. PROPER UTILIZATION OF INTRUSION
DETECTION MECHANISMS
Intrusion Detection Systems (IDS) are employed for detect-
ing and mitigating of the various attacks in a network. How-
ever, in an edge computing environment, the IDS need to
be applied to the various layers of the edge network (Edge
nodes, end-users, and, cloud). Applying IDS to only one or
two layers may not guarantee that attacks from the malicious
party will not propagate to the entire edge network.
G. UTILIZATION OF PROGRAM (SOFTWARE)
ANALYTICAL TOOLS
The security and privacy issues in edge computing network
are diverse. Consequently, utilization of software-based secu-
rity and privacy analysis will help in quick and efficient
identification of such issues. The scope of these software
analysis in edge computing is still an open issue for future
research.
VIII. CONCLUSION
Edge computing is a promising paradigm aimed at
eliminating almost all the drawbacks associated with cloud
computing. Security and privacy issues are among the signif-
icant challenges affecting its acceptance. As such, studying
ways of mitigating the problems is of paramount importance.
Findings show that the devised systematic literature review
is the first of its kind in edge computing security and pri-
vacy perspectives. It aimed at providing a comprehensive
and reflective understanding of the security and privacy
requirements, the state of the art techniques for ensuring the
requirements, as well as the technological methods employed
by the techniques. With this in mind, a total of 78 articles were
thoroughly studied, in line with the standard SLR procedures.
After a thorough analysis of the extracted data, the findings
VOLUME 8, 2020 76563

reveal essential results. Firstly, the taxonomy of security and
privacy requirements was derived. The study found that there
are eight classes of requirements as far as edge computing
security and privacy is concerned. Secondly, the study dis-
covered that each requirement has its specific techniques
designed mainly for it, except integrity, nonrepudiation,
and reliability which were considered together with other
requirements in four different identified schemes. Thirdly, the
findings classified the identified techniques under their cor-
responding technological methods employed with the aim of
identifying the trend. Fourthly, the review work has identified
limitation of each of the techniques which lead to research
opportunities for future researchers to concentrate on. More-
over, the attacks affecting the edge computing network have
been thoroughly explored. The taxonomy of the attacks as
well as the employed technological methods for their elimina-
tion have been revealed. Moreover, it was observed that each
category of the techniques under a particular requirement
has specific metrics used for evaluating its performance for
ensuring certain aim. Lastly, future research open issues were
included for the benefit of researchers willing to work in the
area of edge computing security and privacy.