LERMS: A Low-Latency and Reliable Downlink Packet-Level Encoding Transmission Method in Untrusted 5GA Edge Network

Abstract

The increasing demand for end-to-end low-latency and high-reliability transmissions between edge computing nodes and user elements in 5G Advance edge networks has brought new challenges to the transmission of data. In response, this paper proposes LERMS, a packet-level encoding transmission scheme designed for untrusted 5GA edge networks that may encounter malicious transmission situations such as data tampering, discarding, and eavesdropping. LERMS achieves resiliency against such attacks by using 5GA Protocol data unit (PDU) coded Concurrent Multipath Transfer (CMT) based on Lagrangian interpolation and Raptor’s two-layer coding, which provides redundancy to eliminate the impact of an attacker’s malicious behavior. To mitigate the increased queuing delay resulting from encoding in data blocks, LERMS is queue-aware with variable block length. Its strategy is modeled as a Markov chain and optimized using a matrix method. Numerical results demonstrate that LERMS achieves the optimal trade-off between delay and reliability while providing resiliency against untrusted edge networks.

1. Introduction

In the era of 5G [1], edge computing provides customized computing services for data-intensive [2] and time-sensitive [3] applications such as healthcare [4] and traffic management [5]; edge networks (ENs) [6] are designed to address the challenges of centralized cloud computing and unreliable communications [7,8]. 5G-Advanced networks [9] are expected to offer more powerful capabilities, including wide coverage [10], low latency [11], and highly reliable transmission [12].

The EN transmits important and sensitive data related to safety [13], but it is closer to users and vulnerable to wireless eavesdropping [14], network-layer attacks [15], and tampering [16]. The edge network often finds itself in a predicament of weak protection capabilities and urgent security needs.

Previous studies have focused on addressing these pressing demands [17], and researchers have conducted extensive studies on point-to-point (UE-gNB) security at both the physical layer [18] and MAC-layer [19]. Providing secure end-to-end (UE-DN) transmission in an untrusted network incurs additional performance and resource overheads [20]. Commonly used confidentiality protection schemes include 5G voice communication using IPSec encryption [21], control plane TLS authentication [22], and secret-sharing proposed by Shamir et al. [23]. In the secret-sharing scheme, each share is delivered by a different courier to the recipient, providing an information-theoretic provable confidentiality transmission scheme.

The enhanced core network (ECN) proposed by 3GPP in ([1], clause 5.33), as shown in Figure 1, could establish multiple PDU sessions (MP), which can provide end-to-end reliable communication by redundancy transmission. The multiplex transport protocol stack is deployed on both the data network (DN) and user elements (UEs). Additionally, the high-layer (above the IP layer [1]) splits and aggregates the service flows. However, implementing concurrent multipath transmission (CMT) in an untrusted MPEN faces many challenges, including increased attack surface due to MPEN [17], additional delays due to asynchronous delay and bandwidth [24,25], making it not feasible to interact with the PDU bearer from the perspective of the 5G session mechanism [26].

Figure 1.

End-to-end redundant transmission in edge networks: A schematic illustration of MPEN utilizing redundant PDU sessions in an edge network with diversity interface for concurrent multipath transmission.

In this paper, we aim to design a low-latency, high-reliability transmission scheme suitable for untrusted edge networks. Randomly arriving source data packets are buffered and queued at the sending end before transmission. This article continues previous work [27] and uses Raptor coding for efficient CMT. We have introduced a Lagrangian interpolation coding [28] scheme to realize CMT based on secret sharing. Different coding parameters can be adjusted for different resilience levels, which is suitable for an untrusted network environment, as the concatenated encoder provides reliability and robustness against malicious behavior. Encoding is performed at the granularity of data packets. Longer encoding block length can ensure reliability, but the corresponding queuing delay will increase [29]. The length of encoding blocks must be carefully considered to balance delay and reliability. We use a Markov decision process to formulate the optimization problem and construct it as a matrix-based linear programming to obtain the optimal variable-length coding strategy. The contributions of this paper are as follows:

• Proposes LERMS (LERMS is short for (Lagrangian–polynomial and Raptor Encoder concurrent Multiple-pdu-Sessions transmission)), which is the first concatenated encoder scheme that is suitable for untrusted edge network environments. LERMS provides secure, reliable downlink transmission capabilities in the face of an untrusted network, such as transmission failures, data theft, and malicious tampering.

• A queue-aware variable block length encoding scheme is designed and optimized using a matrix-based approach to minimize queuing delay while ensuring reliability.

• Proposes a multi-service flow aggregation transmission scheme that reduces the probability of data packet random idle filling, ensuring security when the flow is small, and improves the transmission efficiency of the edge network.

This paper is organized as follows: Section 2 presents the design of the secure transmission method and flow aggregation transmission scheme as preliminary work for 5GA LERMS. Section 3 describes the system model. In Section 4, the trade-off between delay and reliability for the LERMS strategy is demonstrated. Section 5 presents numerical results. This paper concludes in Section 6, with the future research directions proposed. Table 1 summarizes the important variables used throughout the paper.

Table 1.

Basic notations.

Symbol	Definition
$Ps$,$Pc$	The source packets, coded packets.
$\mathbb{P}$,$\mathbb{E}$	The probability, expectation value.
$\mathbb{F}$,$\mathbb{N}$	The finite field, the set of natural numbers.
$\overrightarrow{\sum }$	The data collection operator for receiver.
T	The time span of timeslot.
$\mathrm{\Omega }\left(x\right)$	The degree distribution.
g	The block-length of codes.
$g\left[t\right]$,${\gamma }_{\upsilon }^j\left[t\right]$	The encoding action within t-th timeslot.
$d^{\mathrm{th}}$	The constraints of delay.
B	The upper bounds of $g\left[t\right]$.
$\mathrm{Z}$	The transmitting side queue buffer size.
$\varphi$	The size of each data packet.
${\epsilon }_{\upsilon }^j=[{\epsilon }_1,\cdots ,{\epsilon }_j]$	The erasure probability of j sessions.
${\mathrm{\Lambda }}_l\left[t\right]$, $\lambda =$	The number $Ps$ arrivals within t-th timeslot for user l.
$[{\lambda }_l^0,{\lambda }_l^1,\cdots ,{\lambda }_l^N]$,	The probability distribution of ${\mathrm{\Lambda }}_l\left[t\right]=n$.
$N_L$	The number of disjoint PDU sessions established in MPEN.

2. 5GA LERMS Preliminary

We consider the business scenario in the edge network, as illustrated in Figure 1. The UE subscribes to the edge computing service, and the edge network that transmits is responsible for transmitting the downlink service flow to the UE. The downlink service flow requires low delay and high reliability in transmission. With abundant transmission resources, the 5GA network allows for the establishment of multiple PDU sessions to carry the downlink traffic. To ensure the secure transmission of the downlink traffic in an untrusted network environment, this section begins by analyzing the key performance indicators in the edge network environment. We then propose a multiplex transmission scheme based on the concept of secret sharing, which provides feasibility for secure transmission. Finally, we discuss a joint coding scheme for downlink traffic in the core network.

2.1. 5GA Edge Network Requirements Analysis and Challenges

As an emerging network architecture that provides high-performance communication between terminals (UE) and edge computing nodes (DN), the 5G Advance (5GA) edge network [6] aims to meet key requirements such as low latency, high reliability, and security in the 5GA mobile network. In this section, we will analyze these requirements in detail and discuss the challenges of implementing them in an untrusted network environment.

Latency (L). In classical transmission systems, the overall transmission latency comprises propagation latency ($t_p$), signifying the physical delay of signals within the transmission medium, and transmission latency ($t_c$), determined by $t_c=W/\varphi$, where W represents the bandwidth and $\varphi$ is the transmitted data volume. However, factors such as congestion and bit errors prevent the total latency from being a simple sum of $t_p$ and $t_c$, causing transmission latency fluctuations within a specific range [30,31]. In coded transmission systems, end-to-end transmission delay must be reconsidered. Data are coded and transmitted in block units. Current application layer data enter the cache and queue up, waiting for the previous generation of coded data blocks to finish transmission [32]. Consequently, the end-to-end transmission delay is defined as $\overleftrightarrow{T}$ = T + t_en + t_de + t_q, encompassing codec delay and queuing delay. This paper’s low latency discussion primarily centers on t_q and t_c.

Reliability (R). In this paper, we consider each PDU session as a packet erasure channel, denoted by ${\epsilon }_{\upsilon }^j=[{\epsilon }_1,\cdots ,{\epsilon }_j]$ to represent the erasure probability of each PDU session [27]. High reliability refers to the transmission robustness against higher erasure probabilities. In other words, when a generation of source data packets departs from the sender within a specified time, and after applying redundancy/retransmission/coding and other reliable transmission techniques, we call it reliable transmission [17]. However, such losses may still be manipulated by malicious nodes, such as attackers, or intercepted by eavesdroppers. We define the total erasure probability as ${\mathrm{E}}_{N_L}={\sum }_{j=1}^{N_L}{\gamma }_{\upsilon }^j{\epsilon }_j$, where ${\gamma }_{\upsilon }^j={[{\gamma }_1,\cdots ,{\gamma }_j]}^T$ represents the traffic load weight of each path, with ${\sum }_{j=1}^{N_L}{\gamma }_{\upsilon }^j=1$, and $0\le \mathrm{E}{N}_L<1$. We refer to the current MPEN as ${\mathrm{E}}_{N_L}$-Level reliability.

Security. Security performance refers to the robustness of maintaining correct data delivery in the face of attackers [33]. Unlike traditional trust management [34] to ensure system security, our focus is on enhancing communication security through the lens of information theory. It takes into account active attackers who may tamper with or pollute the data received by the destination, and passive attackers who attempt to eavesdrop on and steal the data. We consider rational attackers who target only a subset of PDU sessions in the edge network rather than all of them. By treating all malicious actions as packet errors, we can employ redundant coding techniques to protect and repair the corrupted or stolen data, thereby enhancing the security performance in the edge network environment. This approach ensures the integrity and confidentiality of data transmission, even in the presence of adversaries targeting edge networks. Therefore, we can regard the redundancy of multi-path coded transmission as the security level, and we can simply refer to the edge network where $N_L$ PDU sessions are transmitted as $N_L$-level secure transmission.

To sum up, service flows carried by edge networks require low-latency, high-reliability transmission with elastic capabilities in an untrusted network environment. However, achieving these requirements in practice is not easy. Due to the untrustworthy characteristics of edge networks, such as congestion, bit errors, and malicious attacks, more advanced transmission schemes and technologies need to be researched and designed to meet these challenges and ensure safe and efficient data transmission in edge networks.

2.2. A Secure Transmission Method

In this section, we analyze the transfer security of secret sharing. Secret sharing is a method of splitting data and generating multiple pieces of data through Lagrangian interpolation to transmit data over untrusted multiple paths. This approach is designed to achieve a level of security that protects data from potential attackers while providing protection against partial data-tampering attacks.

The core idea of secret sharing technology is to decompose the original data into multiple derivative pieces of data using the Lagrangian interpolation method. Let us suppose we need to transmit the original data D and decompose its encoding into n pieces of derivative data, among which any k shares of data $(k\le n)$ are sufficient to reconstruct the original data (In the secret-sharing technique [23,35], the original data is split into multiple parts, referred to as “shares” (derived data). These shares in LERMS are then transmitted through multiple paths, with each path carrying one share of the data). First, a polynomial of degree $k-1$ is generated using Lagrange interpolation:

$$f\left(x\right)=a_0+a_{1}x+a_2{x}^2+\cdots +a_{(k-1)}{x}^{(k-1)}$$ (1)

where $a_0=D,a_1,a_2,\cdots ,a_{(k-1)}$ are randomly selected coefficients. Then, we calculate the value of $f\left(x\right)$ at n different points to generate n derivative data:

$$D_i=f\left(x_i\right),i=1,2,\cdots ,n$$ (2)

To reconstruct the original data, they can be calculated by Lagrangian interpolation:

$$D=L\left(0\right)=\sum _{i=1}^k{l}_i\left(0\right)D_i$$ (3)

$l_i\left(x\right)$ is a Lagrangian basis function that satisfies $l_i\left(x_j\right)={\delta }_{ij}$ $\mathrm{that}\mathrm{is},\mathrm{when}i=j,l_i\left(x_j\right)=1;\mathrm{when}i\ne j,l_i\left(x_j\right)=0,\mathrm{defined}\mathrm{as}:$

$$l_i\left(x\right)=\prod _{j\ne i}^k\frac{(x-x_j)}{(x_i-x_j)},j\ne i,j=1,2,\cdots ,k$$ (4)

In the edge network, each PDU session is considered an independent link provider, with a probability of being infiltrated by malicious behavior. The secret sharing transmission scheme based on Lagrangian interpolation in this scenario offers the following properties: Information security: In order to restore the original data through Lagrangian interpolation, the attacker must obtain at least k shares of derived data simultaneously, which increases the difficulty of their job and enhances information security. Integrity: Since the original data D is only dependent on the linear combination of the derived data $D_i$, an attacker cannot change the value of the original data by tampering with part of the derived data unless they control at least k shares of the derived data at the same time. Reliability: As any k shares of derived data can be used to restore the original data, the reliability of the data can be guaranteed even if part of the derived data is lost or damaged during transmission.

To summarize, the CMT of secret sharing is robust and provides security guarantees for data transmission. We aim to further explain the resilient delivery methods that our proposed scheme LERMS can provide by identifying the types of security challenges it addresses. As shown in Figure 2, an untrusted edge network may contain invalid links that result in complete data loss, malicious links that tamper with or forge data, or colluding attackers that steal or modify data to launch a Byzantine attack. These malicious behaviors can be viewed as code errors that need to be corrected. Drawing from the concept of redundancy checks, we adjust the generation strategy of derived data to tolerate different types of malicious behaviors during transmission. In the next section, we will discuss more specific secure transmission schemes in the double-layer concatenated encoder.

Figure 2.

This diagram illustrates the transmission model (MPEN) with untrusted paths, which is an extended application of the problem model in [28]. The focus of this paper is to transmit $\mathit{X}$ from the sender to the receiver through $N_L$ PDU sessions with low-latency and high-reliability characteristics, despite facing multiple threats. By carefully designing the LERMS strategies, the receiver can collect whole data from a subset of PDU sessions’ messages, even in the presence of failed links ($F_1,\cdots ,F_{\mathrm{f}}$) and malicious links ($M_1,\cdots ,M_{\mathrm{a}}$), while also ensuring data privacy from colluding links ($C_1,\cdots ,C_{\mathrm{t}}$).

2.3. Downlink Multi-Service Stream Joint Coding

In an untrusted edge network environment, the data transmission of edge computing nodes faces numerous challenges, including transmission efficiency, privacy, security, and reliability [36]. Due to the minimum limit of the length of the data flow resulting from the splitting of path transmission data and security coding, padding short packets is often necessary to meet the requirement. However, this can lead to a waste of resources.

To tackle these issues and demonstrate the demand and advantages of aggregating and transmitting multiple downlink service flows, we have developed an approach based on the current core network data transmission process. This approach enables the efficient transmission of aggregated data flows while preserving data privacy. As an example, we introduce an illustrative scenario called Single-Owner Multi-Device Data Transmission with Joint Encoding (SOMD-JE), which serves to further prove the value and practical effect of aggregated transmission in 5GA edge networks.

In the SOMD-JE scenario, we jointly encode multiple downlink service flows, which may belong to different devices but share the same owner. By analyzing the data characteristics of these flows, we found that aggregating and transmitting them does not lead to privacy leakage, and instead, the SOMD-JE improves transfer efficiency through server flows aggregation. For instance, in a smart home scenario, users’ mobile phones, smart screens, VR devices, and elderly health monitoring devices all belong to the same owner (As shown in Figure 3, the receiver has multiple devices including terminals, medical monitoring devices, and smart home devices), so aggregated data flows can be transmitted without worrying about privacy leaks. Similar settings exist on hospital wards and factory floors.

Figure 3.

System model: downlink-server flow transmission with joint encoding.

This flows aggregation approach overcomes the waste of resources caused by traditional padding methods, makes full use of edge network transmission resources, and ensures safe, reliable, and efficient transmission while maintaining data privacy. The specific scheme for aggregating and transmitting downlink service flows needs to be adaptively adjusted within the current core network data transmission process. For further details, please refer to Appendix A.

3. System Model

3.1. PDU Session Queuing and Encoding Transmission Model

For data packets arriving from the application layer, we assume that the arrival of downlink data packets of different users is completely independent and identically distributed ($i.i.d.$). Let ${\mathrm{\Lambda }}_l\left[t\right]$ denote the number of $Ps$ arriving in the t-th timeslot for user l ($l=1,2,\cdots ,L$). Given that the maximum value of ${\mathrm{\Lambda }}_l\left[t\right]$ is N, the probability distribution of ${\mathrm{\Lambda }}_l\left[t\right]$ for user l is expressed as $\lambda ={[{\lambda }_l^0,{\lambda }_l^1,\cdots ,{\lambda }_l^N]}^T$, where ${\lambda }_l^n=\mathbb{P}\{{\mathrm{\Lambda }}_l\left[t\right]=n\}$ denotes the probability of user l receiving n packets in the t-th timeslot. The average arrival rate is defined as $\overline{{\mathrm{\Lambda }}_l}={\sum }_{n=0}^{N_{\mathrm{\Lambda }}}n{\lambda }_l^n$.

For each user, a buffer with a size of $\mathrm{Z}$, randomly arriving packets are accumulated, and $g_l\left[t\right]$ packets are selected from the user l’s cache once the encoding of the previous block of packets is completed. Therefore, $q_l\left[t\right]\in \mathcal{Z}=\{0,1,\cdots ,\mathrm{Z}\}$, in the $[t+1]$-th timeslot, $q_l\left[t\right]$ evolves as (we define ${\left(x\right)}^{*}=max\{x,0\}$)

$$q_l[t+1]=min\{{(q_l\left[t\right]-g_l\left[t\right])}^{*}+{\mathrm{\Lambda }}_l[t+1],\mathrm{Z}\}.$$ (5)

We assume that the size of the data block $g_l\left[t\right]$ selected for each user and each generation of encoding does not exceed B, i.e., $g_l\left[t\right]\in \mathcal{N}=\{0,1,\cdots ,B\}$. The feasible region of each user’s cache queue length $q_l\left[t\right]$ is given by $q_l\left[t\right]\in \mathcal{Z}$. Under the block length selection strategy $\mathcal{N}$, $\mathcal{N}\left(q\right)=\{g\in \mathbb{N}|{(0,q-B+N_{\mathrm{\Lambda }})}^{*}\le g\le min(q,B)\}$, where the feasible range $\mathcal{N}\left(q\right)$ guarantees that each user’s sending buffer queue will not underflow or overflow, we also have $B\ge N_{\mathrm{\Lambda }}$ which ensures that the system will not be congested.

Under the LERMS strategies, at time slot t we encode and transmit a generation of ${\mathit{g}}_{\sigma }\left[t\right]$ data packets ($Ps$) (Assuming that all packets have the same length and carry $\varphi$ bit information), where ${\mathit{g}}_{\sigma }\left[t\right]={\Sigma }_{l=1}^L{g}_l\left[t\right]$. The specific encoder process will be described in detail in the next subsection. LERMS choose $N_L$ PDU sessions for transmission, and the transmission vector is denoted as ${\gamma }_{\upsilon }^j={[{\gamma }_1,\cdots ,{\gamma }_j]}^T$, where ${\gamma }_{\upsilon }^j$ indicates which channels are used for transmission. The output share of Lagrangian coding is also determined based on the number of channels. In summary, we express the LERMS strategies action as $(g_l,{\gamma }_{\upsilon }^j)$, which changes in units of time slots, i.e., $(g_l\left[t\right]=g_l,{\gamma }_{\upsilon }^j\left[n\right]={\gamma }_{\upsilon }^j)$, indicating that the LERMS strategy action in the t-th time slot is $g_l,{\gamma }_{\upsilon }^j$. The LERMS action of each generation of data remains unchanged in its occupied time slot, and $g_l,{\gamma }_{\upsilon }^j$ is set to 0 for the time slot not occupied. Assuming that the number of data packets in each generation does not exceed B, we have ${\gamma }_j\in \{0,1\}$, and let ${\gamma }_{\upsilon }={\sum }_{j=1}^{N_L}{\gamma }_j$. Then, we have ${\gamma }_{\upsilon }\in {\Gamma }_{\upsilon }\{1,\cdots ,N_L\}$ as $\{{\gamma }_{\upsilon }\in {\Gamma }_{\upsilon }|0\le {\gamma }_{\upsilon }\le N_L{\mathbb{C}}_{\{{\mathit{g}}_{\sigma }\left[t\right]>0\}}\}$ (${\mathbb{C}}_{\{·\}}$ denotes the characteristic function), where $N_L$ represents the number of PDU sessions established in LERMS.

3.2. Concatenated Encoder Principle

In this section, we introduce a double-layer concatenated Algorithm 1 for processing data packets within PDU sessions, and the algorithm complexity is $\mathcal{O}(N·(K+M)·log(K+M\left)\right)$. This encoder scheme combines the advantages of two distinct encoders to ensure reliable, efficient, and secure transmission across multiple disjoint PDU sessions.

Algorithm 1 Concatenated Encoder

Input:  Read $Ps={(P{s}_1,P{s}_2,\cdots ,P{s}_g)}^T$ from the queue, ${\mathrm{\Omega }}_d=({\mathrm{\Omega }}_1,{\mathrm{\Omega }}_2,\cdots ,{\mathrm{\Omega }}_{max})$, the PDU sessions number $N_L$;  Output:  $\overline{P}c$ 1:$P{c}_{g\gamma \times 1}\leftarrow 0_{g\gamma }$;                              ▹ Raptor code encoding procedure 2:$G_{g\gamma \times m}^{Raptor}=G_{g\gamma \times m}^{LT}{G}_{m\times g}^{pre}$; 3:$P{c}_{g\gamma \times 1}=G_{g\gamma \times g}^{Raptor}P{s}_{g\times 1}$; 4:$\overline{\mathit{RP}}\mathit{c}\leftarrow P{c}_{g\gamma \times 1}$;           ▹ Packet-level Raptor code encoder output $\overline{\mathit{RP}}\mathit{c}$ 5:Generate uniform random matrix $\mathit{X}=\{X_1,X_2,\cdots ,X_M\}$; 6:Split $\overline{\mathit{RP}}\mathit{c}$ into K groups($RP{c}_1,RP{c}_2,\cdots ,RP{c}_K$);     ▹ Lagrange encoding procedure 7:for  $i=1,2,\cdots ,N$  do 8:   $LP{c}_i\leftarrow$${\sum }_{j\in \left[K\right]}RP{c}_j·{\prod }_{k\in [K+M]\setminus \left\{j\right\}}\frac{{\alpha }_i-{\beta }_k}{{\beta }_j-{\beta }_k}+{\sum }_{j=K+1}^{K+M}{X}_j·{\prod }_{k\in [K+M]\setminus \left\{j\right\}}\frac{{\alpha }_i-{\beta }_k}{{\beta }_j-{\beta }_k}$; ${\left\{{\alpha }_i\right\}}_{i=1}^{K+M}\cap {\left\{{\beta }_j\right\}}_{j=1}^K=\varnothing$ 9:   $\overline{P}c\leftarrow append[\overline{P}c,LP{c}_i]$ 10:end for               ▹ Fast Polynomial interpolation 11:return $\overline{P}c$;

As shown in Figure 4, the LERMS strategy incorporates a concatenated encoder scheme. The first-level encoder, known as the Raptor Encoder, primarily focuses on providing reliability by enhancing the decodability and dependability of data streams transmitted within PDU sessions. The second-level encoder, called the Lagrange Polynomial Encoder, is designed to offer resilient transmission over untrusted paths within the edge network. Through the implementation of the “Double-layer Concatenated Encoder” scheme, we aim to provide a robust encoding solution for PDU sessions. The concatenated encoder principle will be described in detail in two subsections.

Figure 4.

LERMS concatenated encoder scheme.

3.2.1. Packet-Level Raptor Code Encoder

In this subsection, we present a packet-level Raptor encoding scheme for enhancing the robustness of PDU session transmissions in MPEN. We model these PDU sessions as packet erasure channels, where data packets can either be received entirely or erased. To improve transmission reliability, $Ps$ will be transmitted after the Raptor encoder.

We encode $Ps$ in PDU sessions using a Raptor packet encoder. The LERMS strategy selects g data packets for encoding at each time slot. Raptor-encoded data packets $Pc$ are generated through two stages: an outer coder (pre-code) $\Phi$ and LT encoder [37] (inner code). The pre-code $\Phi$ is a $(g,m)$ block code that generates m intermediate coded symbols from g$Ps$. The inner LT encoder generates $g\gamma$ data packets through $\xi (g,m,\mathrm{\Omega }(x\left)\right)$, where $\gamma$ represents the encoding redundancy, which is the inverse of the code-rate. The LT encoding matrix is constructed from a predetermined degree distribution $\mathrm{\Omega }\left(x\right)={\sum }_{d=1}^{d_{max}}{\mathrm{\Omega }}_d{x}^d$, with the degree distribution following a probability distribution ${\mathrm{\Omega }}_d=({\mathrm{\Omega }}_1,{\mathrm{\Omega }}_2,\cdots ,{\mathrm{\Omega }}_{max})$ and satisfying ${\sum }_{d=1}^{d_{max}}{\mathrm{\Omega }}_d=1$. The relationship between the encoder’s input and output is given by $P{c}_{g\gamma \times 1}=G_{g\gamma \times m}^{LT}{G}_{m\times g}^{pre}P{s}_{g\times 1}$, where $G_{pre}$ and $G_{LT}$ denote the outer and inner encoding matrices, respectively.

The Raptor coding scheme enhances the reliability of data transmission by mixing data packets. When transmitting over packet erasure channels, it offers higher robustness and resilience. Data transmissions do not require feedback, as the encoding redundancy can be determined based on the channel characteristics. The receiver only needs to receive slightly more than the number of source data packets g to complete decoding. Due to the encoding scheme’s data mixing approach, even if some encoded data packets are erased, the entire source data block can still be recovered by continuing to receive encoded data packets.

3.2.2. Encoder for Lagrangian Polynomial Code Multipath Transmission

LCMT performs encoding operations on the output of Raptor encoder, denoted as $RPc$, to provide safe and reliable transmission over multiple paths, some of which may be untrusted, while protecting data privacy. Let us suppose an MPEN has $N_L$ physically isolated paths. LCMT encodes $RPc$ to generate $LPc$, which is the output of Lagrangian encoder. Each generation of $LPc$ will be split into K groups, namely $(LP{c}_1,LP{c}_2,\cdots ,LP{c}_k)$, and transmitted to the receiver. Through the reasonable coding method of LCMT, the system aims to tolerate the failure of S paths in the MPEN, malicious behavior of A paths, and collusion of T paths to steal data while still obtaining safe and reliable data transmission. If the data are safely received, we call this transmission scheme realizing the triplet $(S,A,T)$.

To achieve this level of resilience, it is necessary to satisfy the following condition:

$$N_L\ge K+T+S+2A$$ (6)

At this point, we can say that LCMT can realize the triplet $(S,A,T)$. The significance of this result is that, by adding one path, the link failure resilience can be increased by 1 or the robustness of the malicious behavior path can be increased by 1/2. Furthermore, data privacy can be improved at the same time.

Let us take the transmission of $\left\{Pc\right\}$ as an example, where $K=2$, $N=6$, and $(S,A,T)=(1,1,1)$. In this case, $\left\{Pc\right\}$ is split into ${\mathit{Pc}}_{\mathbf{1}}$ and ${\mathit{Pc}}_{\mathbf{2}}$. The key point of LCMT is to select a uniform random matrix $\mathit{X}$ and encode it through Lagrange interpolation polynomial $({\mathit{Pc}}_{\mathbf{1}},{\mathit{Pc}}_{\mathbf{2}},\mathit{X})$. The encoding process is given by the following equation:

$$\psi \left(x\right)\stackrel{\Delta }{=}\mathit{P}{\mathit{c}}_{\mathbf{1}}\frac{(x-2)(x-3)}{(1-2)(1-3)}+\mathit{P}{\mathit{c}}_{\mathbf{2}}\frac{(x-1)(x-3)}{(2-1)(2-3)}+\mathit{X}\frac{(x-1)(x-2)}{(3-1)(3-2)}$$ (7)

To transmit $\left\{Pc\right\}$, six different values ${\left\{{\alpha }_i\right\}}_{i=1}^6$ in the finite field $\mathbb{F}$ are determined such that ${\left\{{\alpha }_i\right\}}_{i=1}^6\cap \{1,2\}=\varnothing$. Then, $N_L$ PDU sessions transmit $\psi \left({\alpha }_1\right),\psi \left({\alpha }_2\right),\cdots ,\psi \left({\alpha }_6\right)$, where each path transmits the value after interpolation. In other words, the linear combination of ${\mathit{Pc}}_{\mathbf{1}}$ and ${\mathit{Pc}}_{\mathbf{2}}$ is hidden by $\xi \mathit{X}$, where $\xi$ is a nonzero value. Since $\mathit{X}$ is uniformly random, the data privacy of $T=1$ can be guaranteed. If there is one malicious path ($A=1$) and one invalid path ($S=1$), a Reed–Solomon decoder needs to be used at the receiver, and three additional shares of data are required (one additional copy for each invalid path and two additional shares for the malicious path). At the receiving end, $P{c}_1$ and $P{c}_2$ can be recovered by computing $\psi \left(1\right)$ and $\psi \left(2\right)$.

Double-layer concatenated encoder processes downlink data packets from the edge DN to the UE, enabling their transmission through multiple disjoint PDU sessions. By leveraging both Fountain and Lagrange encoders, a concatenated encoder can efficiently and securely handle data packets within the PDU sessions, simultaneously improving transmission reliability and resilience against untrusted path transmissions.

3.3. Edge Network with Untrusted Paths

In this section, we analyze the transmission characteristics of MPEN, which is a multipath transmission network consisting of multiple physically disjoint PDU sessions. Our aim is to determine the performance level that can be achieved with the number $N_L$ of multiple transmission paths through an analysis of encoding transmission characteristics.

The input and output of MPEN are denoted by $\mathit{X}$ and $\mathit{Y}$, respectively, while MPEN provides the transmission capability of the edge network. To begin, we define the parameters of the channel model. We assume that MPEN establishes $N_L$ paths for the current transmission task, which are classified based on their behavioral characteristics. Specifically, we consider N paths that can be transmitted normally, F failed sessions that cannot be transmitted within a specified time, A malicious transmission paths, and T paths that may be compromised by Byzantine attackers or eavesdroppers.

We assume that the input data stream $\mathit{X}$ is evenly divided into K sub-packets $x_1,x_2,\cdots ,x_K$, and these sub-packets are encoded into N packets as ${\tilde{x}}_1,{\tilde{x}}_2,\dots ,{\tilde{x}}_N$, where $K\le N$. These encoded packets are distributed across $N_L$ PDU sessions for transmission, and the receiver obtains the result $Y=y_1,y_2,\cdots ,y_N$, where $N=N_L$ (Here, we assume that each PDU session has only one single behavioral feature) subject to the following constraints:

$$N_L=N+F+A+T$$ (8)

Let $\overrightarrow{\sum }$ denote the data collection operator and define the receiving vector $\mathbf{r}$, where its j-th element $r_j$ represents the received data of the j-th PDU session. We define four types of receiving situations: normal transmission, represented by ${\mathbf{r}}_N$, where ${\mathbf{r}}_N={\overrightarrow{\sum }}_{n=1}^N{r}_n={\overrightarrow{\sum }}_{n=1}^N{\tilde{x}}_n$; failed transmission, represented by ${\mathbf{r}}_F$, where ${\mathbf{r}}_F={\overrightarrow{\sum }}_{\mathrm{f}=1}^F{r}_{\mathrm{f}}={\overrightarrow{\sum }}_{\mathrm{f}=1}^F(0·{\tilde{x}}_{\mathrm{f}})$; malicious transmission, represented by ${\mathbf{r}}_A$, where ${\mathbf{r}}_A={\overrightarrow{\sum }}_{a=1}^A{r}_a={\overrightarrow{\sum }}_{a=1}^A{ϵ}_a\left({\tilde{x}}_a\right)$; and Byzantine attack, represented by ${\mathbf{r}}_T$, where ${\mathbf{r}}_T={\overrightarrow{\sum }}_{t=1}^T{r}_t={\overrightarrow{\sum }}_{t=1}^T{ϵ}_t\left({\tilde{x}}_t\right)$. Here, we introduce the functions ${ϵ}_a$ and ${ϵ}_t$, which, respectively, represent the influence of malicious transmission channels and Byzantine attack channels on the output.

We assume that the PDU session is a memoryless erasure channel, meaning that the output $r_i$ depends only on the input $x_i$. Additionally, each data packet has a certain probability of loss, denoted by ${\epsilon }_{\upsilon }^j=[{\epsilon }_1,\cdots ,{\epsilon }_j]$, which represents the erasure probability of different sessions. This loss affects only the receiving result, so we have:

$$\mathit{Y}={\overrightarrow{\sum }}_{j=1}^{N_L}{\epsilon }_j{r}_j$$ (9)

The above description about MPEN is fully in line with the 3GPP standard’s definition of PDU session [38].

3.4. MPEN with Untrusted Path Reliable Function

In this subsection, we analyze the reliability of the two-layer concatenated encoder CMT in the edge network and propose a generalized reliability model. For the enumeration of all possible session state characteristics described in Figure 2, we first employ a $2^{N_L}\times N_L$ matrix $\mathbb{C}$:

$$\mathbb{C}={\left[\begin{array}{cccc}1& 1& \dots & 0\\ ⋮& ⋮& \dots & ⋮\\ 1& 0& \dots & 0\end{array}\right]}^{\mathrm{T}}$$ (10)

The value 0/1 of the elements in row i and column j indicates the i-th possibility of success/failure at the receiving end through the j-th PDU session. After decoding with the Reed–Solomon decoder [39], the malicious path is screened. Error correction and error detection are performed, and abnormal data can be discarded directly; considering that the transmission of this kind of PDU session failed, at this time, the corresponding $c_{i,j}$ is set to 0 to exclude malicious data packets (The defense level against Byzantine attacks is determined during the PDU session establishment and will not be analyzed here).

When transmitting through multiple PDU sessions, we assume that the maximum block error rate and bandwidth guaranteed by GBR QoS [40] for a set of PDU sessions are the same. Based on the delay model described in Section 2, the relationship between packet delivery ratio and transmission delay is established as the cumulative function of the delay probability distribution, called the delay reliability function [30]. Based on end-to-end network monitoring, the delay reliability function is available:

$$F_{LERMS}\left(T,{\gamma }_{\upsilon }^j,g\right)=\sum _{i=1}^{2^{N_L}}{\chi }_i\prod _{j=1}^{N_L}{H}_j\left(T,{\gamma }_{j}g\right)$$ (11)

We consider that $N_L$ is at least greater than 3, and the relationship between delay and transmission reliability is given by $FLERMS$, where

$${\chi }_i=\left\{\begin{array}{cc}1,& \mathrm{if}{\Sigma }_{j=1}^{N_L}{c}_{i,j}{\gamma }_j\ge {\gamma }_d\\ 0,& \mathrm{otherwise}\end{array}\right.$$ (12)

$g_i$ will exclude failed transmissions (i.e., exclude the output of malicious PDU sessions) to ensure that only the correct output of successful decoding is included, and ${\gamma }_d$ is the threshold to ensure successful decoding, with a typical value of 1.05. Hj is defined as

$$H_j\left(T,{\gamma }_{j}g\right)=\left\{\begin{array}{cc}{F}_j\left(T,{\gamma }_{j}g\right),& \mathrm{if}{c}_{i,j}=1\\ 0,& \mathrm{if}{c}_{i,j}=0\end{array}\right.$$ (13)

Among them, the product of $H_j(T,{\gamma }_{j}g)$ for $j=1,\cdots ,N_L$ appears in the form of a cumulative distribution function (CDF). In the default working mode, the completion of the last data transmission is regarded as the completion of the reliable transmission process.

4. Trade-Off Delay-Security for Variable Block-Length LERMS Strategy

4.1. The Markov Chain under LERMS Strategies Formulation

Based on the LERMS strategy, we uniformly sample data packets from multiple downlink service flows, and perform joint encoding and transmission. We probabilistically determine the sampling and transmission strategies of different service flows based on the current queue length, and transmit them on the edge network. Specifically, given the queue length $q_l\left[n\right]$, $l=1,\cdots ,L$, we establish the conditional probability $f_{\mathcal{Q}}^{\mathcal{G},\gamma }$ to determine the concatenated encoder coding block length ${\mathit{g}}_{\sigma }\left[t\right]$, sample from L flows, and distribution and transmission strategy ${\gamma }_{\upsilon }^j\left[t\right]$ of J paths for the given queue length $q_l\left[n\right]$.

$$f_{\mathcal{Q}}^{\mathcal{G},\gamma }=\mathbb{P}\left\{\mathcal{G}\left[t\right]=\mathcal{G},{\gamma }_{\upsilon }^j\left[t\right]={\gamma }_{\upsilon }^j|\mathcal{Q}\left[t\right]=\mathcal{Q}\right\}$$ (14)

We denote the packet sampling size and buffer queue length of L server flows as vectors $\mathcal{G}\left[t\right]={[g_1\left[t\right],g_2\left[t\right],\cdots ,g_L\left[t\right]]}^T$ and $\mathcal{Q}\left[t\right]={[q_1\left[t\right],q_2\left[t\right],\cdots ,q_L\left[t\right]]}^T$, respectively. The transmission selection and distribution strategy are determined based on the current queue length $\mathcal{Q}\left[t\right]$. We denote specific queue lengths and sample sizes by vectors $\mathcal{Q}$ and $\mathcal{G}$.

Based on Equation (14), the strategy function of LERMS can be obtained:

$$\mathit{S}=\left\{f_{\mathcal{Q}}^{\mathcal{G},\gamma }:\mathcal{Q}\in {\mathcal{Z}}^L,\mathcal{G}\in {\mathcal{N}}^L,1\le {\gamma }_{\upsilon }<N_L,{\gamma }_j\in \{0,1\}\right\}.$$ (15)

Here, the value space of $\mathcal{Q}$ and $\mathcal{G}$ are ${\mathcal{Z}}^L$ and ${\mathcal{N}}^L$, respectively, obtained by taking the Cartesian product ${\odot }_{i=1}^L\mathcal{Q}\left(q_i\right)$ and ${\odot }_{i=1}^L\mathcal{G}\left(g_i\right)$. To ensure feasibility of the transmission strategies, we set the value of $f_{\mathcal{Q}}^{\mathcal{G},\gamma }$ to 0 for all infeasible strategies $\mathcal{G}$ and $\gamma$. In other words, if a given combination of packet sampling sizes $\mathcal{G}$ and transmission strategies $\gamma$ is infeasible, its corresponding probability value is forced to 0. To prevent the sender buffer from overflowing or underflowing, the system state $q_l$ evolves based on Equation (5). We assume a temporary steady-state condition where no PDU session is being established or released, i.e., $\forall \mathcal{Q}\in \mathcal{Z},{\sum }_{\mathcal{G}\in \mathcal{N}\left(\mathcal{Q}\right)}{\sum }_{{\gamma }_{\upsilon }^j\in {\Gamma }_{\upsilon }^{N_L}\left(\mathcal{G}\right)}{f}_{\mathcal{Q}}^{\mathcal{G},\gamma }=1$.

Under the LERMS strategy, we consider the transmission process of downlink server flow in the edge network as a Markov chain, where the queue length $\mathcal{Q}\left[t\right]$ is the state value of the system. By analyzing the steady-state distribution of the Markov chain, we further analyze how to trade off between latency and reliability. Based on the given strategy $\mathit{S}$, we first analyze the state transition probability of different queue lengths ${\beta }_{\mathcal{Q},{\mathcal{Q}}^{\prime }}=\mathbb{P}\{q_l[t+1]=q_l^{\prime }|q_l\left[t\right]=q_l\}$, where $\mathcal{Q}$ and ${\mathcal{Q}}^{\prime }$ are the vectors of buffer queue lengths at two consecutive time slots. Specifically, the state transition probability ${\beta }_{\mathcal{Q},{\mathcal{Q}}^{\prime }}$ can be expressed as

$${\beta }_{\mathcal{Q},{\mathcal{Q}}^{\prime }}=\sum _{\mathcal{G}\in {\mathcal{N}}^L\left(\mathcal{Q}\right)}\sum _{{\gamma }_{\upsilon }^j\in {\Gamma }_{\upsilon }^{N_L}\left(\mathcal{G}\right)}{f}_{\mathcal{Q}}^{\mathcal{G},\gamma }\prod _{l=1}^L\sum _{n=0}^N{\lambda }_l^n{\mathbb{C}}_{\{min\{{(q_l-g_l)}^{*}+n=q_l^{\prime }\}}$$ (16)

where ${\lambda }_l^n$ denotes the probability of n packet arrivals during single time slot for l-th flow. The value range of ${\mathcal{Q}}^{\prime }$ is ${\mathcal{Z}}^L$.

Using ${\beta }_{\mathcal{Q},{\mathcal{Q}}^{\prime }}$, we can determine the steady-state probability ${\pi }_{\mathit{S}}\left({\mathcal{Q}}^{\prime }\right)$ for different queue lengths, wherein $\mathcal{Q}$ belongs to ${\mathcal{Z}}^L$. We can then obtain the Markovian steady-state probability balance equation:

$$\sum _{{\mathcal{Q}}^{\prime }\in {\mathcal{Z}}^L\left(\mathcal{Q}\right)}{\beta }_{\mathcal{Q},{\mathcal{Q}}^{\prime }}{\pi }_S\left({\mathcal{Q}}^{\prime }\right)={\pi }_S\left(\mathcal{Q}\right)$$ (17)

where ${\mathcal{Z}}^L\left(\mathcal{Q}\right)$ is a subset of ${\mathcal{Z}}^L$, that contains all possible values of $\mathcal{Q}$ under $\mathit{S}$. The collection branch is expressed as ${\mathcal{Z}}^L\left(\mathcal{Q}\right)=\{{\mathcal{Q}}^{\prime }\in {\mathcal{Z}}^L|q_l-g_l\le {q^{\prime }}_l\le q_l+n,\forall l\}$

4.2. Constrained Optimization Problem Construction

Based on the steady-state analysis of the state value $\mathcal{Q}$ within the edge network, we aim to construct a constrained optimization problem to balance the delay and reliability of multiple downlink flows transmission. Intuitively, joint encoding of multiple service flows’ $P_s$ not only improves the coding efficiency but also enhances the security compared to a single service flow. However, it also increases the corresponding queuing delay. Therefore, based on the LERMS strategy, we propose a safe and reliable multi-path transmission encoder strategy. This strategy can effectively utilize the edge network transmission resources and improve the transmission efficiency while satisfying the constraints of reliability functions.

In the constrained optimization problem, we aim to minimize the weighted sum of queuing delays for multiple users while satisfying reliability and system bandwidth constraints. The queuing delay $D_{\mu }^S$ is determined based on Little’s Law:

$$D_{\mu }^S=\sum _{l=1}^L\frac{{\mu }_l}{{\lambda }_l}\sum _{\mathcal{Q}\in {\mathcal{Z}}^L}\sum _{q^{\prime }\in \mathcal{Z}}{q}^{\prime }{\pi }_S\left(\mathcal{Q}\right){\mathbb{C}}_{\{q_l=q^{\prime }\}}$$ (18)

The weight coefficients are represented as $\mu ={[{\mu }_1,{\mu }_2,\dots ,{\mu }_L]}^T$, where $\mu$ adheres to the conditions of non-negativity and sums up to 1. We can further compute the reliability and bandwidth using the following equations:

$$R^S=\sum _{\mathcal{Q}\in {\mathcal{Z}}^L}\sum _{\mathcal{G}\in {\mathcal{N}}^L\left(\mathcal{Q}\right)}\sum _{{\gamma }_{\upsilon }^j\in {\Gamma }_{\upsilon }^{N_L}\left(\mathcal{G}\right)}{F}_{LERMS}({\mathit{g}}_{\sigma },\gamma )f_{\mathcal{Q}}^{\mathcal{G},\gamma }{\pi }_S\left(\mathcal{Q}\right)$$ (19)

$$W^S=\sum _{\mathcal{Q}\in {\mathcal{Z}}^L}\sum _{\mathcal{G}\in {\mathcal{N}}^L\left(\mathcal{Q}\right)}\sum _{{\gamma }_{\upsilon }^j\in {\Gamma }_{\upsilon }^{N_L}\left(\mathcal{G}\right)}{W}_S^j({\mathit{g}}_{\sigma },{\gamma }_{\upsilon }^j)f_{\mathcal{Q}}^{\mathcal{G},\gamma }{\pi }_S\left(\mathcal{Q}\right)$$ (20)

We define the optimization variable as $x_{\mathcal{Q}}^{\mathcal{G},\gamma }=f_{\mathcal{Q}}^{\mathcal{G},\gamma }{\pi }_S\left(\mathcal{Q}\right)$, the optimization problem can be formulated as follows:

$$\begin{array}{cc}\hfill \underset{\left\{x_{\mathcal{Q}}^{\mathcal{G},\gamma }\right\}}{min}& \sum _{\mathcal{Q}\in {\mathcal{Z}}^L}\sum _{\mathcal{G}\in {\mathcal{N}}^L\left(\mathcal{Q}\right)}\sum _{{\gamma }_{\upsilon }^j\in {\Gamma }_{\upsilon }^{N_L}\left(\mathcal{G}\right)}{D}_{\mu }\left(\mathcal{Q}\right)x_{\mathcal{Q}}^{\mathcal{G},\gamma }\hfill \end{array}$$ (21a)

$$\begin{array}{cc}\hfill \mathrm{s}.\mathrm{t}.& \sum _{\mathcal{Q}\in {\mathcal{Z}}^L}\sum _{\mathcal{G}\in {\mathcal{N}}^L\left(\mathcal{Q}\right)}\sum _{{\gamma }_{\upsilon }^j\in {\Gamma }_{\upsilon }^{N_L}\left(\mathcal{G}\right)}{F}_{LERMS}(g_{\sigma },\gamma )x_{\mathcal{Q}}^{\mathcal{G},\gamma }\ge r^{\mathrm{th}}\hfill \end{array}$$ (21b)

$$\begin{array}{cc}\hfill & \sum _{\mathcal{Q}\in {\mathcal{Z}}^L}\sum _{\mathcal{G}\in {\mathcal{N}}^L\left(\mathcal{Q}\right)}\sum _{{\gamma }_{\upsilon }^j\in {\Gamma }_{\upsilon }^{N_L}\left(\mathcal{G}\right)}{W}_S^j(g_{\sigma },{\gamma }_{\upsilon }^j)x_{\mathcal{Q}}^{\mathcal{G},\gamma }\le W_j^{\mathrm{th}}\hfill \\ \hfill & \sum _{{\mathcal{Q}}^{\prime }\in {\mathcal{Z}}^L\left(\mathcal{Q}\right)}\sum _{\mathcal{G}\in {\mathcal{N}}^L\left({\mathcal{Q}}^{\prime }\right)}\sum _{{\gamma }_{\upsilon }^j\in {\Gamma }_{\upsilon }^{N_L}\left(\mathcal{G}\right)}{x}_{{\mathcal{Q}}^{\prime }}^{\mathcal{G},\gamma }\prod _{l=1}^L{\lambda }_l^{q_l-{q_l}^{\prime }-g_l}\hfill \end{array}$$ (21c)

$$\begin{array}{cc}\hfill & =\sum _{\mathcal{G}\in {\mathcal{N}}^L\left(\mathcal{Q}\right)}\sum _{{\gamma }_{\upsilon }^j\in {\Gamma }_{\upsilon }^{N_L}\left(\mathcal{G}\right)}{x}_{\mathcal{Q}}^{\mathcal{G},\gamma },\forall \mathcal{Q}\in {\mathcal{Z}}^L\hfill \end{array}$$ (21d)

$$\begin{array}{cc}\hfill & \sum _{\mathcal{Q}\in {\mathcal{Z}}^L}\sum _{\mathcal{G}\in {\mathcal{N}}^L\left(\mathcal{Q}\right)}\sum _{{\gamma }_{\upsilon }^j\in {\Gamma }_{\upsilon }^{N_L}\left(\mathcal{G}\right)}{x}_{\mathcal{Q}}^{\mathcal{G},\gamma }=1\hfill \end{array}$$ (21e)

$$\begin{array}{cc}\hfill & x_{\mathcal{Q}}^{\mathcal{G},\gamma }\ge 0,\forall \mathcal{Q}\in {\mathcal{Z}}^L,\mathcal{G}\in {\mathcal{N}}^L,{\gamma }_{\upsilon }^j\in {\Gamma }_{\upsilon }^{N_L}\left(\mathcal{G}\right)\hfill \end{array}$$ (21f)

where $D_{\mu }\left(\mathcal{Q}\right)={\Sigma }_{l=1}^L\frac{{\mu }_l}{{\lambda }_l}{q}_l$.

By solving the optimization problem in Equation (21), we can obtain the minimum average queuing delay under the constraints of reliability and system bandwidth in an untrusted network environment. This allows us to determine the optimal trade-off between latency and reliability. We define the optimal solution of Equation (21) as ${x^{*}}_{\mathcal{Q}}^{\mathcal{G},\gamma }$, and we will use the optimal strategy $S^{*}$ to determine the steady-state probability ${\pi }_{S^{*}}\left(\mathcal{Q}\right)$:

$${\pi }_{S^{*}}\left(\mathcal{Q}\right)=\sum _{\mathcal{G}\in {\mathcal{N}}^L\left(\mathcal{Q}\right)}\sum _{{\gamma }_{\upsilon }^j\in {\Gamma }_{\upsilon }^{N_L}\left(\mathcal{G}\right)}{x^{*}}_{\mathcal{Q}}^{\mathcal{G},\gamma }$$ (22)

among them, we define the lerms optimal strategy as $f^{*}$

$${f^{*}}_{\mathcal{Q}}^{\mathcal{G},\gamma }=\left\{\begin{array}{cc}\frac{{x^{*}}_{\mathcal{Q}}^{\mathcal{G},\gamma }}{{\pi }_{S^{*}}\left(\mathcal{Q}\right)}\hfill & \mathrm{if}{\pi }_{S^{*}}\left(\mathcal{Q}\right)>0\hfill \\ {\mathbb{C}}_{\{}\mathit{g}={{\mathit{g}}_{\sigma }}_{\mathcal{Q}}^{max}\}\hfill & \mathrm{if}{\pi }_{S^{*}}\left(\mathcal{Q}\right)=0,\hfill \end{array}\right.$$ (23)

where we define ${{\mathit{g}}_{\sigma }}_{\mathcal{Q}}^{max}=arg{max}_{g\in {\mathcal{N}}^L}$. In summary, the optimal strategy $S^{*}$ obtained from the solution of the optimization problem can be used to determine the transmission strategy $\mathcal{G}\left[t\right]$ and ${\gamma }_{\upsilon }^j\left[t\right]$ based on the current system state $\mathcal{Q}\left[t\right]$ using the conditional probability $\{{f^{*}}_{\mathcal{Q}}^{\mathcal{G},\gamma }:\mathcal{G}\in {\mathcal{N}}^L\left(\mathcal{Q}\right),{\gamma }_{\upsilon }^j\in {\Gamma }_{\upsilon }^{N_L}\left(\mathcal{G}\right)\}$.

4.3. Matrix-Based Solving Methods

Considering the exponential growth of the value range of the cache queue $\mathcal{Q}$ and transmission policy with the increase in the number of business flows L and the number of paths $N_L$, this subsection proposes a matrix-based approach to obtain the optimal trade-off for untrusted MPEN transmission. Firstly, we rewrite the linear programming problem in Equation (21) and then, using the unified matrix constraints in Algorithm 2, algorithm complexity is $\mathcal{O}\left(L\right(Z·\mathcal{N}+2\left)\right)$, and we automatically generate the LP problem and solve for the LERMS optimal strategy for downlink transmission of multiple service flows.

We represent the optimization variable $x_{\mathcal{Q}}^{\mathcal{G},\gamma }$ as a column vector, denoted by $\mathit{x}$ with an index corresponding to the optimization variable $x_{\mathcal{Q}}^{\mathcal{G},\gamma }$. The dimension of $\mathit{x}$ is given by

$${\prod }_{l=1}^L{\left(\right|\mathcal{Z}\left|\right|\mathcal{N}\left|\right|{\Gamma }_{\upsilon }^{N_L}\left|\right)}^{l-1}\left(\right|\Gamma \left|\right(\left|\mathcal{N}\right|q_l+g_l)+{\gamma }_{\upsilon }^j)+1$$ (24)

where $|·|$ denotes the number of elements in the set. We can express Equation (21) in matrix form as follows:

Algorithm 2 Algorithm to constraints matrix for Equation (21).

Input:  Number of server flows, L; Peak flow rate, $N_{\mathrm{\Lambda }}$; The upper bounds of $g\left[t\right]$, B; Number of PDU sessions, $N_L$; The probability distribution of $Ps$, ${\lambda }_{\mathit{l}}={[{\lambda }_l^0,{\lambda }_l^1,\cdots ,{\lambda }_l^{N_{\mathrm{\Lambda }}}]}^T$, $l=1,\cdots ,L$. Reliability function $F({\mathit{g}}_{\sigma },\gamma )$.  Output:  Reliability vector, $\mathit{R}$; PDU Session Aggregate Maximum Bit Rate vector $\mathit{W}$; Delay vector, ${\mathit{D}}_{\mu }$; Matrix for constraints, $\mathit{M}$. 1:${\mathit{g}}_{\sigma }\leftarrow 0$, ${\dot{\mathit{g}}}_{\sigma }\leftarrow {\mathbf{1}}_{\left|\mathcal{Z}\right|}\otimes {[0,1,\cdots ,B]}^T$, $W\leftarrow 0$;                    ▹ Generate $\mathit{R}$, $\mathit{W}$. 2:for $l=1$ to L do 3:   $\mathit{W}\leftarrow \mathit{W}\otimes {\mathbf{1}}_{\left|\mathcal{N}\right|\times \left|\mathcal{Z}\right|}$; 4:   ${\mathit{g}}_{\sigma }\leftarrow {\mathit{g}}_{\sigma }\otimes {\mathbf{1}}_{|\dot{\mathit{g}}|}+{\mathbf{1}}_{|{\mathit{g}}_{\sigma }|}\otimes {\dot{\mathit{g}}}_{\sigma }$; 5:end for 6:$\mathit{W}\leftarrow \mathit{W}\otimes {[0,1,\cdots ,B]}^T$, $\mathit{R}\leftarrow {\mathbf{0}}_{|{\mathit{g}}_{\sigma }|}\otimes {\mathbf{1}}_{|\Gamma |}$; 7:for$\left\{{\gamma }_{\upsilon \_i}^j\right\}$, $i=1$ to $2^{N_L}$ do 8:   $\mathit{R}\leftarrow \mathit{R}+F({\mathit{g}}_{\sigma },{\gamma }_{\upsilon \_i}^j)\otimes {\mathit{e}}_{|\Gamma |,i}$; 9:end for 10:${\mathit{D}}_{\mu }^{}\leftarrow 0$                        ▹Generate delay vector, ${\mathit{D}}_{\mu }$. 11:for $l=1$ to L do 12:   ${\mathit{D}}_l\leftarrow \frac{{\mu }_{L-l+1}}{{\lambda }_{l-l+1}}{[0,1,\cdots ,Z]}^T\otimes {\mathbf{1}}_{\left|\mathcal{N}\right|}$; 13:   ${\mathit{D}}_{\mu }^{}\leftarrow {\mathit{D}}_{\mu }^{}\otimes {\mathbf{1}}_{|{\mathit{D}}_l|}+{\mathbf{1}}_{|{\mathit{D}}_{\mu }^{}|}\otimes {\mathit{D}}_l$; 14:end for 15:$\mathit{D}\leftarrow \mathit{D}\otimes {\mathbf{1}}_{|\Gamma |}$; 16:$\dot{\mathit{M}}\leftarrow 1$, $\ddot{\mathit{M}}\leftarrow 1$, $\tilde{\mathit{M}}\leftarrow 1$;                         ▹ Generate delay vector, $\mathit{M}$. 17:for $l=1$ to L do 18:   for $q=1$ to Z do 19:     ${\dot{\mathit{M}}}_{l,q}\leftarrow {\mathbf{1}}_{\left|\mathcal{Z}\right|,\left|\mathcal{N}\right|}$, ${\ddot{\mathit{M}}}_{l,q}\leftarrow {\mathbf{1}}_{\left|\mathcal{Z}\right|,\left|\mathcal{N}\right|}$; 20:     for $\mathit{all}$ $g\in \mathcal{N}\left(q\right)$ do 21:        ${\mathit{M}}_{l,q,g}\leftarrow$$$\begin{gathered} \left[\begin{array}{c}{\mathbf{0}}_{q-g,N_{\mathrm{\Lambda }}+1}; \\ \mathrm{diag}\left({\mathbf{1}}_{1,N_{\mathrm{\Lambda }}+1}\right); \\ {\mathbf{0}}_{Z-N_{\mathrm{\Lambda }}+g-q,N_{\mathrm{\Lambda }}+1}\end{array}\right] \end{gathered}$$; 22:        ${\dot{\mathit{M}}}_{l,q}(:,g+1)\leftarrow {\mathit{M}}_{l,q,g}{\lambda }_{L+1-l}$; 23:        ${\ddot{\mathit{M}}}_{l,q}(:,g+1)\leftarrow {\mathit{M}}_{l,q,g}{\lambda }_{N_{\mathrm{\Lambda }}+1}$; 24:     end for 25:     ${\dot{\mathit{M}}}_l\leftarrow [{\dot{\mathit{M}}}_l,{\dot{\mathit{M}}}_{l,q}]$, ${\ddot{\mathit{M}}}_l\leftarrow [{\dot{\mathit{M}}}_l,{\ddot{\mathit{M}}}_{l,q}]$; 26:   end for 27:   $\dot{\mathit{M}}\leftarrow (\dot{\mathit{M}}\otimes {\ddot{\mathit{M}}}_l)(\ddot{\mathit{M}}\otimes {\dot{\mathit{M}}}_l)$, $\ddot{\mathit{M}}\leftarrow \ddot{\mathit{M}}\otimes {\ddot{\mathit{M}}}_l$; 28:   $\tilde{\mathit{M}}\leftarrow \tilde{\mathit{M}}\otimes (\mathrm{diag}\left({\left[{\mathbf{1}}_{\left|\mathcal{Z}\right|}\right]}^T\right)\otimes \left({\left[{\mathbf{1}}_{\left|\mathcal{N}\right|}\right]}^T\right))$ 29:end for 30:$\mathit{M}\leftarrow \dot{\mathit{M}}-\tilde{\mathit{M}}$

$$\begin{array}{cc}\hfill \underset{x\ge 0}{min}& {\mathit{D}}_{\mu }^T\mathit{x}\hfill \end{array}$$ (25a)

$$\begin{array}{cc}\hfill \mathrm{s}.\mathrm{t}.& {\mathbf{r}}^T\ge r^{\mathrm{th}}\hfill \end{array}$$ (25b)

$$\begin{array}{cc}\hfill & {\mathit{W}}^T\le W_j^{\mathrm{th}}\forall j\in \{1,2,\cdots ,N_L\}\hfill \end{array}$$ (25c)

$$\begin{array}{cc}\hfill & \mathit{M}\mathit{x}=\mathbf{0}\hfill \end{array}$$ (25d)

$$\begin{array}{cc}\hfill & {\mathbf{1}}^T\mathit{x}=1\hfill \end{array}$$ (25e)

where $\mathbf{0}$ and $\mathbf{1}$ are zero and one vectors, respectively, $f_{\mathcal{Q}}^{\mathcal{G},\gamma }$ is the joint encoding and transmission strategy for the given queue length $\mathcal{Q}$, ${\beta }_{\mathcal{Q},{\mathcal{Q}}^{\prime }}$ is the state transition probability for different queue lengths, ${\pi }_S\left(\mathcal{Q}\right)$ is the steady-state probability for the given queue length $\mathcal{Q}$, and ${\mu }_l$ is the weight coefficient for user l. $D_l$ and $B_l$ represent the queuing delay and bandwidth for user l, respectively. The maximum values of queuing delay and bandwidth are denoted as $D_{max}$ and $B_{max}$, respectively. We define the following vectors: Object delay vector ${\mathit{D}}_{\mu }$; Reliability vector, $\mathit{R}$; Bandwidth vector $\mathit{W}$. We also construct Equation (21d) by the matrix $\mathit{M}$.

By Algorithm 2, we can automatically obtain Equation (25), where we only need to determine ${\mathit{D}}_{\mu }$, $\mathit{R}$, $\mathit{W}$ and $\mathit{M}$. In Algorithm 2, as shown in lines 10 to 28, we generate the feature matrices for each server flow, namely ${\mathit{D}}_{\mu }$, $\ddot{\mathit{M}}$, and $\tilde{\mathit{M}}$ for the l-th flow. We then construct the target matrix by the Kronecker product ⊗ of these matrices. We define ${\mathbf{1}}_k$ and ${\mathbf{0}}_k$ as column vectors containing all ones and all zeros, respectively, with k items. We also define the sampling vector $\mathit{e}n,k$ as an N-dimensional column vector, where the k-th item is 1. By applying Algorithm 2, we effectively transform Equation (21) as well as Equation (25) into an LP problem in matrix form, allowing us to solve for the optimal strategy for aggregated transmission of downlink multi-service flows in MPEN.

5. Numerical Results

In this section, we validate the effectiveness of the LERMS strategy in improving low-latency and highly reliable transmission capabilities in an untrusted edge network environment. To conduct the evaluation, we set up an experimental mobile network and analyze the performance of the proposed LERMS scheme. The core network of LERMS is implemented by enhancing the Free5GC platform [41]. The RCMEN core network is deployed on a laptop equipped with an I7-11800 processor and 16 GB of memory, while the UPF is deployed on a desktop computer with an I7-10700 processor and 32 GB of memory. We simulate the transmission of data by modifying the provided script in the Free5GC.

Firstly, in Figure 5a,b we consider the simulation test of the secure transmission capability of the double-layer encoder. Considering establishing six PDU sessions according to the same situation as described in Section 3.2.2, that is, $N_L$ = 6. We will randomly add malicious behavior, including transmission failure link(red), malicious tampering link(purple), eavesdropping link(yellow), i.e., $(S,A,T)=(1,1,1)$. For the concatenated encoder scheme encoding, we use the Reed–Solomon decoder to receive the $\overline{P}c$. To decode, we will identify the decoding result, which can solve the $Ps$ as recognition success, that is, we do not consider the potential safety hazards of Byzantine attackers and eavesdroppers, which is directly regarded as a system capability in the PDU session establishment phase. There is no need to pass the experimental analysis; as shown in Figure 5a, our encoding strategy can provide reliable transmission capabilities in an untrusted network environment. The system has $(S,A,T)=(1,1,1)$ protection capability. As can be seen in Figure 5b, we conducted further tests to evaluate the maximum safety capability. We found that excluding malicious attacks, the maximum capability to recover $Ps$ is $(2,0,2)$. However, as malicious attacks can tamper with data packets, and every tampering of a data packet requires two more data packets for error correction. Thus, in the check matrix, we found that in the time slot corresponding to red, the number of malicious tampering and transmission failures exceeds the range defined by Equation (6). Therefore, it is not possible to provide transmission capability in an untrusted transmission network with $N_L=6$.

Figure 5.

Untrusted edge network with concatenated encoder check results. In the malicious behaviors matrix: link failures are represented in red, malicious tampering in purple, and eavesdropping in yellow.

We analyze the effectiveness of the SOMD-JE strategy, with the aim of coding and ensuring transmission efficiency as well as data encoding security and CMT. The shortest coding block length of $Ps$ is set to 100, and we assume that the arrival probabilities of data packets of different service flows i.i.d, as shown in Figure 6b, while the relationship between the number of aggregated service flows and the probability of padding occurrence is given in Figure 6a. It can be seen that with small $\overline{\mathrm{\Lambda }}$, the padding probability is high, and the transmission efficiency of the edge network is low at this time. As the number of aggregated flows L increases, $\mathbb{P}$ decreases. Therefore, aggregated data flows can significantly reduce the padding probability $\mathbb{P}$; therefore, joint encoding improves transmission efficiency.

Figure 6.

Effectiveness test of SOME-JE strategy to improve LERMS transmission efficiency. (a) Relationship between aggregation number L and padding probability $\mathbb{P}$. (b) Simulation parameter settings.

The LERMS strategy is designed to achieve an optimal trade-off between the average queuing delay, available bandwidth, and reliability, with ${\epsilon }_j$ set to 0.1 for all sessions, resulting in an upper limit of reliability of $1-{\left(0.1\right)}^6=0.999999$. As shown in Figure 7, the resulting trade-off curve between latency and reliability is a segmented broken line that matches our theoretical analysis. Figure 7a demonstrates that as the reliability value $F_{LERMS}$ increases, the required queuing delay $D_{\mu }^S$ also increases. Moreover, higher available bandwidth Wth can lead to lower queuing delays $D_{\mu }^S$ at a given reliability level r. Figure 7b shows that a higher reliability threshold rth requires a higher average queuing delay $D_{\mu }^S$. These results illustrate the effectiveness of our LERMS strategy in achieving the optimal trade-off between delay and reliability.

Figure 7.

Optimal delay–reliability trade-off curves.

6. Conclusions and Future Directions

In this paper, we propose a low-latency and highly reliable transmission service for downlink traffic subscribed to edge services in untrusted edge network environments. To address potential failures, malicious tampering, and eavesdropping in the edge network, we introduce an encoder based on Lagrangian interpolation and Raptor double-layer cascading to fully utilize the multipath transmission resources of the edge network and provide secure CMT capabilities. Additionally, we design a variable block length encoding strategy that considers the accumulation of randomly arriving data packets at the sending end and selects an appropriate encoding block length based on queue length state information. We model this decision-making process as a Markov chain and obtain the optimal delay–reliability trade-off through matrix operation methods.

Effective communication and computing management is critical in the context of edge networks, where data is strongly related to the server flow. Currently, CMT is the primary focus, but it is essential to integrate distributed transmission and computing to meet the core requirements of edge networks. By distributing service flows based on computing requirements, we can enable the edge network to be more responsive to the service flow. This approach further enhances the core computing requirements of the edge network for corresponding scenarios, eliminates the single-point vulnerability of central cloud computing, and provides elastic edge network transmission and computing services. Our future research directions include exploring the integration of transmission and computing, multi-session transmission, and multi-DN computing in the edge network.

Appendix A. Multiple PDU Sessions Transmission Procedure for Aggregation Data of Downlink Multi-Service Flow

In the scenario of multiple-device single-owners service flow aggregation transmission, we propose a procedure to support data aggregation over multiple PDU sessions. This is in addition to the existing physical isolation multi-PDU session establishment [27]. Currently, the core network does not support the joint transmission of multiple service flows. In this context, we propose the use of multi-PDU sessions to transmit the downlink data flow of edge computing services. This supports the transmission of aggregated traffic streams through physically isolated PDU sessions on a per-session basis.

• 1.The DN initiates the PDU session establishment request by sending a PDU Session Establishment Request message, which includes the requested DNN (identifier of the data flow from the core network to the UE), PDU session type, etc. The proposed procedure establishes a group of physically isolated multi-PDU sessions and assigns a session ID to this group of PDU sessions.
• 2.All devices within the same aggregated service flow must be assigned the same session ID.
• 3.Anchor UPF-A can identify the aggregated service flow through a specific session ID, facilitating unified management within the core network.
• 4.The local DN (MEC nodes) must perform the operation of inserting tags. Before the service flow is aggregated, the data owner is identified by adding a unique tag to the data packet.
• 5.After the device receives the aggregated data packet and completes decoding, it distinguishes the data according to the tag and extracts the data it needs. The rest of the data can be used to verified untrusted paths or discarded directly.

Author Contributions

Z.G.: Conceptualization, methodology, software, writing—original draft; X.J.: Formal analysis, project administration, supervision; W.Y.: Supervision, visualization; M.X.: Formal analysis, writing—review and editing; Y.Z.: Project administration; D.Z.: Supervision; Z.C.: Supervision; L.W.: Supervision; All authors have read and agreed to the published version of the manuscript.

Data Availability Statement

The 5G Core Network that support this study are available from https://github.com/free5gc/free5gc (accessed on 1 February 2021).

Conflicts of Interest

The authors declare no conflict of interest.

Funding Statement

Project supported by the National Key Research and Development Program of China (Nos. 2020YFB1806607 and 2022YFB2902204).