Candidate: Lingshuang Liu
Date: June 18, 2026
Time: 10:00 AM
Location: Online
Supervisor: Xuemin (Sherman) Shen
All are welcome!
Abstract:
Mobile Edge Computing (MEC) is an emerging network architecture that extends cloud computing capabilities to the network edge, enabling low-latency, bandwidth-efficient, and context-aware services. By processing and storing data closer to end devices, MEC effectively alleviates the burden on centralized cloud infrastructures and supports latency-sensitive and data-intensive applications such as autonomous driving, health monitoring, and real-time video analytics. However, the distributed, heterogeneous, and resource-constrained nature of MEC introduces substantial security and privacy challenges. Edge servers may be semi-trusted or compromised, end devices can behave maliciously, and external adversaries may corrupt the sensitive data throughout their lifecycle, from service access to data storage and processing, threatening confidentiality, integrity, and availability.
This thesis aims to systematically address these challenges by designing secure, efficient, and privacy-preserving mechanisms tailored to MEC environments. Focusing on the entire lifecycle of edge data, we develop lightweight cryptographic solutions that protect service access, data storage, and distributed processing, while respecting the practical constraints of edge computing. The main contributions of this thesis are summarized as follows.
First, we propose E-DAC, an efficient and distributed service access control framework for MEC. E-DAC enables fine-grained service authorization, service access control, and mutual authentication between edge servers and end devices without relying on centralized authorities. By extending key-aggregate cryptosystems, E-DAC allows service providers to issue constant-size aggregate authorization keys for multiple services, significantly reducing key management overhead and improving the efficiency in service delegation. In addition, E-DAC leverages secret sharing to enable flexible and efficient user authorization for service access at the network edge and supports zero round-trip authentication between users and edge servers for reducing communication overhead. These properties make E-DAC particularly suitable for real-time MEC applications that demand frequent interactions, low latency, and strong security guarantees, such as data collection and pervasive edge services.
Second, we propose SecureEdge, a lightweight and secure data integrity verification framework for MEC in data storage. By leveraging lightweight cryptographic mechanisms, SecureEdge enables both private and public verifiability, allowing data owners and third-party auditors (TPAs) to verify the integrity of edge-stored data using efficient cryptographic constructions in the multiplicative and bilinear groups, respectively. SecureEdge also supports secure multi-replica storage, allowing user data to be distributed across multiple edge servers to enhance data availability and fault tolerance. It further prevents collusion attacks by generating distinct randomized replicas for different edge nodes while preserving a unified authentication tag for proof generation. This design ensures integrity, privacy, and efficiency simultaneously, preventing TPAs from inferring sensitive data during public auditing. SecureEdge is therefore well suited for practical MEC deployments requiring transparent and trustworthy data storage.
Third, we propose SVTAgg, a secure, verifiable, and traceable model aggregation protocol for MEC in federated learning-based data processing. Unlike conventional federated learning architectures that assume trustworthy aggregation servers, SVTAgg explicitly addresses the privacy and integrity risks posed by untrusted edge servers which are responsible for intermediate aggregation in edge-assisted federated learning. Specifically, to preserve the confidentiality of local gradients, SVTAgg combines secret sharing with a pairwise double masking mechanism that prevents information leakage while still supporting efficient model aggregation. To guarantee the correctness of aggregated results, SVTAgg incorporates homomorphic verifiable tags, enabling lightweight verification of intermediate model updates without revealing client data. Furthermore, SVTAgg introduces client traceability by integrating homomorphic signatures with proxy re-signing signatures, providing authenticated provenance of submitted gradients and enabling the identification and attribution of end devices participating in local model training. SVTAgg establishes a robust aggregation foundation for trustworthy federated learning at the network edge, enabling secure and privacy-preserving collaboration in emerging applications such as autonomous systems, mobile health, and large-scale IoT analytics.
In summary, this thesis advances the state of the art in MEC security by providing a unified set of lightweight and scalable solutions that secure service access, data storage, and distributed processing across the edge data lifecycle. By explicitly addressing the unique threats and constraints of MEC environments, this work enables the safe and trustworthy deployment of critical applications, including cyber-physical systems, mobile health services, and collaborative edge intelligence. The proposed frameworks lay a solid foundation for future secure edge computing systems and contribute to the broader vision of privacy-preserving, resilient, and trustworthy edge-enabled infrastructures.