Trusted Access Authentication Technology for Large-Scale Heterogeneous Terminals: Comparison
View Latest Version
Please note this is a comparison between Version 2 by Jason Zhu and Version 5 by Catherine Yang.

AThis entry refers to a reliable and lightweight trusted access authentication solution for systems with large-scale heterogeneous terminals was introduced. By cloud, edge, and local servers cooperating to execute authentication tasks, the cloud-edge-end collaborative architecture effectively alleviates the authentication delay caused by high concurrent requests. Each server in the architecture deploys a well-designed unified trusted access authentication (UATT) model based on device fingerprints. With ingenious data construction and powerful swin-transformer network, UATT model can provide robust and low-overhead authentication services for heterogeneous terminals. To minimize authentication latency, an A2C-based authentication task scheduling scheme is used to decide which server executes the current task. 

  • trusted access
  • device fingerprint
  • end-edge-cloud collaboration

1. Introduction

As vehicle technology merges with energy, the Internet of Things (IoT), and communication fields, vehicles are developing towards electrification and intelligence. Considering the limited battery power of electric vehicles during long-distance travel, a vehicle charging network system that can provide a real-time travel charging solution will surely appear. Predictably, in order to collect nearby charging piles status information, the system has to allow access to large-scale heterogeneous terminal devices. For example, there are numerous video sensors and smoke sensors to monitor whether the charging environment is safe, voltage and current sensors to detect the power condition of all charging piles, and mobile terminals to activate charging piles for massive users, etc. Since a large number of terminal devices are difficult to monitor, malicious terminals will have the opportunity to access. Once malicious illegal terminals access the system, they can easily crash the charging facility, steal charging vehicles’ information, and even further implant viruses to make vehicles uncontrollable. Though the 5G protocol optimizes identity security by introducing temporary identification [1], malicious illegal devices can still access the system by forging legal identification. Therefore, it is necessary to design a more reliable access authentication scheme for a vehicle charging network system to ensure system security and full function.
Some trusted access authentication schemes have been proposed [2][3][4][5]. However, they are difficult to work in the vehicle charging network system with large-scale heterogeneous terminal access. First, since the vehicle charging network system accesses various heterogeneous terminals, there are inevitably terminals whose computing capabilities are insufficient to support the general access authentication solution based on cryptography (i.e., PKI ). To provide verification information, terminals need to have the computing capability of encryption and decryption. Unfortunately, some terminals with poor or even no computing capabilities (such as smoke sensors) cannot complete the encryption and decryption. Thus, they may be denied access to sensitive information, which will prevent the system from functioning well. Therefore, it is necessary to design a unified authentication solution for heterogeneous terminals in the vehicle charging network system.
Second, access authentication based on device fingerprint is an available unified solution, but its authentication robustness is relativity poor and the processing overhead is relativity high. Specifically, the device fingerprint can be extracted according to the radio frequency (RF) wireless signal difference caused by the hardware defects inherent in terminal manufacturing. Through identifying the legitimacy of the device fingerprint, the system can decide whether to allow terminal access. Nonetheless, due to the RF wireless signal difference caused by hardware defects is subtle, the fingerprint features extracted under different environments (such as occluded materials and weather conditions) vary greatly. This will inevitably result in poor authentication robustness. Additionally, though the authentication scheme based on device fingerprint eliminates encryption and decryption, the overhead brought by fingerprint identification is still not negligible. This will lead to a high authentication delay required for trusted access.
Third, since there are massive terminals in a vehicle charging network system, all access authentication requests processed by the cloud server will bring huge delay overhead. Specifically, in order to meet the charging needs of all electric vehicle users, the number of charging piles provided in the vehicle charging network system is huge. Correspondingly, the amount of terminals that need to access the system is even greater. This means that highly concurrent access authentication requests will widely exist in the system. In this case, the centralized authentication request processing architecture that is authenticated locally by the system or delivers all the device fingerprints to the cloud server for identification will bring a huge authentication waiting overhead.
To address the above challenges, this entry introduces a trusted access authentication solution based on end-edge-cloud collaboration for the terminals in vehicle networking charged system. This solution provides an efficient and reliable device identification method for large-scale heterogeneous terminals in the system, and only allows the identified legal terminals access to ensure the vehicle networking charging system security. A detailed description is illustrated as follows.

2. End-Edge-Cloud Cooperation framework

The framework takes the advantage of edge computing and cloud computing to provide efficient and reliable authentication service for large-scale terminals. Moreover, the novel unified trusted access authentication (UTAA) model based on the robust and unforgeable terminal fingerprint characteristics offers a lightweight and fast authentication for the heterogeneous terminals in the framework (Figure 1)端边云协同认证框架
Figure 1. The end-edge-cloud cooperative authentication framework.
As shown in Fig.1, the framework contains three layers. The first one is the center cloud layer equipped with a center cloud node. The center cloud node has sufficient computing and storage resources but may be far from the terminals. The second one is the edge cloud layer equipped with many edge cloud nodes. Each edge cloud node has many mobile edge computing (MEC) servers located between the center cloud and the terminals. And therefore it has much more computing and storage resources than the terminals, but may be less than the center cloud. Particularly, all the MEC servers at different edge cloud nodes can process the access authentication tasks cooperatively to provide feasible, secure, and scalable authentication services. In this way, it can improve the quality of service (QoS) for the access authentication tasks which are time delay sensitive and computing intensive. The third layer is the access request layer. At this layer, a tremendous amount of access requests are generated from different types of terminals. Many of them are computing and storage resources limited. This may prevent them from performing common authentication algorithms[6][7][8][9] that require encryption and decryption calculations.  To address the problem of heterogeneous terminals access authentication, in the proposed end-edge-cloud cooperative authentication framework, the center cloud node and all the edge cloud nodes are configured with novel unified trusted access authentication (UTAA) model. The UTAA model provides a bypass authentication method based on the fingerprint characteristics extract from the wireless signal between the terminal and the authentication nodes. Therefore, it is independent of the computing and storage ability of terminals. The access authentication response time contains transmission delay and authentication delay. The transmission delay is the time of transmitting the access authentication request from a terminal to the node responsible for processing it. The authentication delay is the authentication time of the UTAA model deployed in the node for the request. Thanks to the automatic and robust multi-characteristics extraction ability of its Swin-Transformer-based authentication module, the number of packets to obtain enough CSI for effective authentication of UTAA model is two orders less than that of the previous studies[10], [11], [12]. This enables UTAA model to largely reduce the authentication delay for a single terminal. Furthermore, combined with the elaborate design of data preprocessing, data expansion, data augmentation in constructing model training dataset, UTAA model can achieve accurate, robust and fast authentication for heterogeneous terminals. Although the UTAA model optimizes the authentication delay for a single terminal, there still exists a heavy access authentication response time overhead for large-scale vehicle networking charged system with numerous and dynamic authentication requests. If all the authentication tasks are offloaded to the center node, it must lead to a certain transmission delay caused by the heavy request traffic and the long transmission distance. Actually, it is inappropriate for heavy authentication requests to occupy too many core network processing resources. Because it will hinder the processing of core services. However, if all the authentication tasks are offloaded to the edge cloud node nearest from the terminals locally, it may cause the inability of some nodes to process the task timely due to the imbalance authentication request distribution in space. As a result, the goal is to optimize the global access authentication response time by offloading the authentication task to appropriate UTAA model collaboratively.

3. Unified Trusted Access Authentication (UTAA) Model

To address the limitations of the current device fingerprint-based authentication, a unified trusted access authentication (UTAA) model is proposed. As shown in Fig.2, UTAA model contains two key stages i.e., model offline training and online access authentication. Before being deployed in practical vehicle networking charged system to process online access authentication tasks, researchers need to train a robust Swin-Transformer based authentication module at the model offline training stage. As shown in Fig.2, the different steps of model offline training stage are connected by the dotted arrows. researchers first collect the channel state information (CSI) from different terminals. Then after the process of data preprocessing, data expansion and data augmentation in the step of constructing model training dataset, researchers will obtain diverse and sufficient input samples to train a robust and lightweight Swin-Transformer based authentication module.

The arrows with solid line represent the steps of online access authentication stage in Figure 2Fig.2. The well-trained Swin-Transformer based authentication module will be deployed in all the edge cloud nodes and the center cloud layer of the practical vehicle networking charged system. Once an access authentication request generates from a terminal, UTAA model collects its channel state information (CSI) from the wireless signal between the terminal and the authentication nodes. After the step of data preprocessing, the valid phase and amplitude information are extracted from CSI and will be input to the Swin-Transformer based authentication module for correct access authentication.

Figure 2. The Unified Trusted Access Authentication (UTAA) Model.

Unlike previous studies [12][13][14] [12]that only manually extracted a single feature from the amplitude or phase information of CSI, researchers aim to extract unforgeable and robust hardware features from the amplitude and phase of the CSI as device fingerprints. By integrating with the vehicle networking charged system, the Swin-Transformer based terminal authentication scheme can provide bi-directional authentication between the charging system heterogeneous sensor terminals and edge nodes. It effectively reduces the security risks of existing authentication mechanisms. Moreover, the solution requires only a small number of packets to authenticate the access of a single terminal. This greatly eases the computational overhead of access authentication and reduces the network burden.

4. End-Edge-Cloud Cooperative Authentication Task Scheduling

Though UTAA model optimizes the authentication delay of a single terminal, the authentication response time overhead for vehicle networking charged system with massive terminal access is still extremely heavy. In order to alleviate the authentication pressure, the authentication task can be delivered to the center cloud nodes with sufficient computing and storage resources for processing. But it is difficult for the center cloud node, which is small in number and far away from the terminal, to process dynamic numerous authentication requests in real time. Besides, the number of edge nodes is large and close to the terminal, but it is difficult to handle high concurrent authentication tasks due to their less computing and storage resources. To provide efficient authentication services for vehicle networking charged system, researchers therefore consider a distributed end-edge-cloud collaborative solution that combines the advantages of cloud nodes and edge nodes. By dynamically offloading the authentication task to appropriate nodes, the solution is able to minimize the global authentication response time overhead. 

To dynamically solve the optimal authentication task scheduling scheme, researchers model the end-edge-cloud collaborative solution in advance. As illustrated in Fig.1, researchers consider a trusted access authentication architecture consisting of a set of terminals that initiate authentication requests, a series of edge nodes with certain computing resources, one remote cloud node with sufficient computing resources, and local computing node in vehicle networking charged system. Each edge node, cloud node, and local node is deployed with UTTA model for authenticating whether the terminal is trusted. And only trusted terminals are allowed to access. Accordingly, researchers mathematically formulate the problem of minimizing the authentication response latency and solve it based on the A2C algorithm.[5]

 

References

  1. Saeed, Mamoon M; Hasan, Mohammad Kamrul; Obaid, Ahmed J; Saeed, Rashid A; et al. A comprehensive review on the users’ identity privacy for 5G networks. IET Communications 2022, 16, 384--399.
  2. Cai, Ting; Yang, Zetao; Chen, Wuhui; Zheng, Zibin; Yu, Yang A blockchain-assisted trust access authentication system for solid. IEEE Access 2020, 8, 71605--71616.
  3. Yao, Su; Guan, Jianfeng; Wu, Yinan; Xu, Ke; Xu, Mingwei Toward secure and lightweight access authentication in SAGINs. IEEE Wireless Communications 2020, 27, 75--81.
  4. Gupta, Rajesh; Reebadiya, Dakshita; Tanwar, Sudeep; Kumar, Neeraj; Guizani, Mohsen When blockchain meets edge intelligence: Trusted and security solutions for consumers. IEEE Network 2021, 35, 272--278.
  5. Chen, Yuxiang; Dong, Guishan; Bai, Jian; Hao, Yao; Li, Feng; Peng, Haiyang, Trust enhancement scheme for cross domain authentication of PKI system, in Proceedings 2019 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC)
  6. Aghabagherloo, Alireza; Delavar, Mahshid; Mohajeri, Javad; Salmasizadeh, Mahmoud; Preneel, Bart An efficient and physically secure privacy-preserving authentication scheme for Vehicular Ad-hoc NETworks (VANETs). IEEE Access 2022, 10, 93831--93844.
  7. Tan, Haowen; Zheng, Wenying; Guan, Yunguo; Lu, Rongxing A Privacy-Preserving Attribute-Based Authenticated Key Management Scheme for Accountable Vehicular Communications. IEEE Transactions on Vehicular Technology 2022, xx, xx.
  8. Qiu, Han; Qiu, Meikang; Lu, Ruqian Secure V2X communication network based on intelligent PKI and edge computing. IEEE Network 2019, 34, 172--178.
  9. Li, Fengyin; Liu, Zhongxing; Li, Tao; Ju, Hongwei; Wang, Hua; Zhou, Huiyu Privacy-aware PKI model with strong forward security. International Journal of Intelligent Systems 2022, 37, 10049--10065.
  10. Hua, Jingyu; Sun, Hongyi; Shen, Zhenyu; Qian, Zhiyun; Zhong, Sheng, in Proceedings IEEE INFOCOM 2018-IEEE Conference on Computer Communications, 2018.
  11. Liu, Pengfei; Yang, Panlong; Song, Wen-Zhan; Yan, Yubo; Li, Xiang-Yang, Real-time identification of rogue WiFi connections using environment-independent physical features, in Proceedings IEEE INFOCOM 2019-IEEE Conference on Computer Communications, 2019.
  12. Lin, Yuxiang; Gao, Yi; Li, Bingji; Dong, Wei, Accurate and robust rogue access point detection with client-agnostic wireless fingerprinting, in Proceedings 2020 IEEE International Conference on Pervasive Computing and Communications (PerCom), 2020.
  13. Hua, Jingyu; Sun, Hongyi; Shen, Zhenyu; Qian, Zhiyun; Zhong, Sheng, Accurate and efficient wireless device fingerprinting using channel state information, in Proceedings IEEE INFOCOM 2018-IEEE Conference on Computer Communications, 2018.
  14. Liu, Pengfei; Yang, Panlong; Song, Wenzhan; Yan, Yubo; Li, Xiangyang, Real-time identification of rogue WiFi connections using environment-independent physical features, in Proceedings IEEE INFOCOM 2019-IEEE Conference on Computer Communications, 2019.
More
© Text is available under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/)
Video Production Service
Feedback