Table 6.
Summary for the security and privacy studies on edge, fog, and cloud computing.
| Ref. | Target Security Concern |
Target Security Requirement |
Security Solution | Strength | Weakness |
|---|---|---|---|---|---|
| [92] | - Data disclosure | - Confidentiality - Authenticity |
- Identity-based encryption - Proxy re-encryption |
Efficient identity-based cryptographic schemes were proposed and adopted in a medical domain to provide implicit authentication of the public key and simple certificate management | There is a key escrow problem because it uses a centralized server |
| [93] | - Unauthorized access - Data disclosure - Malicious insider |
- Access restriction - Confidentiality |
- File hierarchy CP-ABE | Considered file hierarchy in the CP-ABE for efficient encryption in terms of storage and time cost | Pairing operations consume high computing power |
| [94] | - Unauthorized access - Data disclosure |
- Access restriction - Confidentiality |
- IBE - CP-ABE |
A patient-controlled CP-ABE scheme was proposed considering emergency situations | Identity authority has the capability to generate an emergency key to decrypt a patient’s data, which could be compromised by an attacker or abused by an insider. |
| [95] | - Unauthorized access - Data disclosure |
- Access restriction - Confidentiality - Anonymity - Authenticity |
- CP-ABE - Signcryption - Access control |
Promising cryptographic technology, CP-ABSC, was proposed for fine-grained access control allowing the secure sharing of e-health data in cloud computing | Revocation scheme of a user and attributes should be considered and Rao claimed that it cannot provide confidentiality [76] |
| [96] | - Unauthorized access - Data disclosure |
- Access restriction - Confidentiality - Anonymity - Authenticity - Integrity and public verifiability |
- CP-ABE - Signcryption - Access control |
The proposed CP-ABSC also supports signcryptor privacy and public verifiability, which are important security requirements in cloud environments | A high computation cost is required for designcryption because of the pairing operations |
| [99] | - Data breach - DoS attack - Single point of failure |
- Confidentiality - Availability - Anonymity - Flexibility - Scalability |
- Homomorphic encryption | A hybrid secure sharing scheme for e-health data is considered to cover both the advantages of centralized and decentralized approaches | Collusion attacks between cloud providers and users should be considered |
| [103] | - Unauthorized access - Data breach - Eavesdropping |
- Access restriction - Confidentiality |
- Searchable encryption - Proxy re-encryption |
The proposed SE scheme allows a patient to delegate access permissions to others to search and decrypt the patient’s data, which is automatically revoked after a time limit | Access permissions are revoked after the time limit expires; however, the delegatee can use the data since they have already obtained it in plaintext by decrypting the data within the time limit |
| [104] | - Unauthorized access - Data breach - Eavesdropping |
- Access restriction - Confidentiality - Integrity |
- Searchable encryption - Homomorphic encryption |
The proposed scheme can perform privacy-preserving data sharing with key range search and multiple keyword search in e-health systems | A post management scheme for e-health data may be required after searching and using the data |
| [105] | - Unauthorized access - Data breach - Single point of failure |
- Access restriction - Confidentiality - Integrity - Authenticity - Accountability |
- Searchable encryption - Blockchain |
A searchable encryption scheme was used with the blockchain to provide integrity, anti-tampering, and accountability for e-health data sharing | Since the data are stored in the public cloud, it may require additional security solutions for the data |
| [106] | - Unauthorized access - Data breach |
- Access restriction - Confidentiality |
- Searchable encryption - Order-preserving symmetric encryption |
An efficient query over multiple data providers’ data | The cloud is required since the proposed scheme may not be suitable for resource-limited devices (e.g., smartphones) |
| [107] | - Unauthorized access - Data breach - Eavesdropping |
- Access restriction - Anonymity - Authenticity - Resistance to network attacks |
- Mutual authentication | A mutual authentication scheme for telecare systems providing patient anonymity | The time required for mutual authentication is slower than the base scheme [114] |
| [108] | - Unauthorized access - Data breach - Malicious insider - Eavesdropping |
- Access restriction - Anonymity - Authenticity - Accountability - Resistance to network attacks |
- Mutual authentication - Secret sharing |
Proposes privacy-preserving mutual authentication for mobile edge-cloud architecture | The communication cost should be reduced for resource-constrained medical networks such as IoMTs and WBANs |
| [109] | - Unauthorized access - Data breach - Malicious insider - Eavesdropping |
- Access restriction - Anonymity - Authenticity - Resistance to network attacks |
- Mutual authentication - Blockchain |
The proposed scheme is suitable for big e-health data because of its cost-efficiency | More practical security threats to the proposed scheme are identified and analyzed |
| [110] | - Unauthorized access - Data breach - Single point of failure - Network attacks |
- Access restriction - Confidentiality - Integrity - Resistance to network attacks |
- Mutual authentication - Access control |
Edge computing is utilized to securely provide local services to users in a certain area (e.g., a hospital) | More security concerns including location tracking attack, which emerge when adopting hybrid computing, should be discussed |
| [111] | - Unauthorized access - Data breach - Eavesdropping |
- Access restriction - Anonymity - Authenticity - Resistance to network attacks |
- Anonymous authentication | Complete privacy and anonymity are provided to users from adversaries and an authentication server | Traceability may be conditionally provided when security incidents happen to track attackers |
| [112] | - Unauthorized access - Data breach - Malicious insider - Eavesdropping |
- Access restriction - Anonymity - Authenticity - Resistance to network attacks |
- Traceable authentication | The proposed scheme provides conditional identity traceability and is efficient in terms of communication cost and energy for resource-constrained devices | Providing conditional traceability might be abused; therefore, a prevention method for such abuse is required |
| [114] | - Unauthorized access - Data breach |
- Access restriction - Confidentiality - Availability - Flexibility |
- Proxy re-encryption - Access control - Trust and reputation |
The proposed scheme can provide flexible access control based on trust and reputation, even when the data owner is unavailable or cannot make access decisions | The level of trust and reputation might be ambiguous factors to decide access to highly sensitive e-health data |
| [115] | - Unauthorized access - Data breach - Single point of failure |
- Access restriction - Confidentiality - Integrity - Availability |
- Proxy re-encryption - Access control - Dynamic data auditing |
It is suitable for resource-constrained devices and solves the cloud reciprocity problem | User anonymity should be considered |
| [116] | - Unauthorized access - Data breach - Malicious insider - Network attacks |
- Access restriction - Confidentiality - Anonymity - Authenticity - Resistance to network attacks |
- Authentication - Access control |
It is designed to be lightweight for resource-constrained devices and the access control scheme | Conditional traceability may be required and the cloud provider can abuse the ability to manage the group key |
| [117] | - Unauthorized access - Data breach |
- Access restriction - Confidentiality |
- Online/offline CP-ABE - Access control |
An efficient online/offline CP-ABE scheme is proposed for resource-constrained devices in mobile cloud computing | Bilinear pairings used in the proposed scheme pose a high cost that hinders efficiency |
| [118] | - Unauthorized access - Data breach |
- Access restriction - Confidentiality |
- ABE - Access control |
An efficient ABE scheme is proposed to reduce the time required to encrypt and decrypt data that has the same access policy | Privacy for access policies should be supported |
| [119] | - Unauthorized access - Data breach |
- Access restriction - Confidentiality - Flexibility - Scalability |
- Access control | A flexible access control model is proposed using situation-based access policy | More fine-grained access control could be considered with an attribute-based access control model |
| [120] | - Unauthorized access - Data breach |
- Access restriction - Confidentiality - Anonymity - Integrity |
- CP-ABE - Access control - LSSS |
Privacy for access policy is ensured by hiding the entire access policy with attributes | Resource-constrained medical devices are not suitable for the proposed scheme since hiding the access policy requires greater costs |
| [121] | - Unauthorized access - Data breach |
- Access restriction - Confidentiality - Flexibility |
- Proxy re-encryption - ABE - Access control |
A method to transform a private cloud’s access policy to the access policy of a public cloud | The proposed scheme might be implemented to show feasibility, performance, etc. |
| [122] | - Unauthorized access - Data breach |
- Access restriction - Confidentiality |
- CP-ABE - LSSS |
A method for updating an access policy in ciphertext that reduces the computational cost | The proposed scheme incurs additional overhead to cloud |
| [100] | - Data breach - Single point of failure |
- Confidentiality - Scalability |
- Fully homomorphic encryption | E-health data can be securely aggregated and monitored in real-time using edge computing | A performance evaluation for the fully homomorphic encryption would be helpful and show the feasibility of the proposed framework |
| [123] | - Unauthorized access - Data breach |
- Access restriction - Confidentiality |
- Access control | Fog computing is adopted to reduce the communication cost of IoMTs | The access control may not be sufficiently fine-grained for diverse e-healthcare systems |
| [124] | - Unauthorized access - Data breach |
- Access restriction - Confidentiality - Integrity |
- ABE - Access control |
A consensus-based access control scheme is proposed | If the number of nodes that participate in the consensus is insufficient, an attacker could control access to e-health data |
| [127] | - Data breach | - Integrity and public verifiability | - Identity-based auditing | It provides comprehensive auditing in terms of data origin, type, and consistency | Dynamic data auditing is unsupported |
| [128] | - Data breach - Malicious insider |
- Confidentiality - Integrity and public verifiability - Authenticity |
- Identity-based auditing | A privacy-preserving identity-based auditing scheme is proposed | A manager who may have malicious purposes can check whether private information exists in the e-health data |
| [129] | - Data breach | - Confidentiality - Integrity and public verifiability - Anonymity |
- Certificateless PDP | The proposed scheme is efficient and can prevent the key escrow problem | The true identity of a malicious user or attacker may be identified and traced for accountability |
| [130] | - Unauthorized access - Data breach - Single point of failure |
- Access restriction - Confidentiality - Integrity - Availability - Accountability - Flexibility |
- Access control - Blockchain |
The proposed framework was implemented to show feasibility based on Ethereum | An EHR manager manages the keys to decrypt e-health data; therefore, it can be misused or targeted by an attacker |
| [131] | - Unauthorized access - Data breach - Single point of failure |
- Access restriction - Confidentiality - Integrity - Availability - Accountability |
- Searchable encryption - Proxy re-encryption - Authentication - Access control - Blockchain |
An efficient and reliable consensus mechanism—proof of authorization—was proposed for this system | The proposed scheme cannot ensure full ownership of outsourced e-health data since data providers exist |
| [132] | - Unauthorized access - Data breach - Single point of failure |
- Access restriction - Confidentiality - Integrity - Authenticity - Accountability |
- ECC - Access control - Blockchain |
A user-centric e-health data management system is proposed | Permission delegation for e-health data may be supported to share e-health data and a user must manage the key themself |
| [133] | - Unauthorized access - Data breach - Single point of failure |
- Access restriction - Confidentiality - Integrity - Availability - Anonymity - Scalability |
- Blockchain - Tor |
A secure therapy application utilizing MEC is proposed and implemented | The study did not provide in-depth security analysis for the proposed MEC-based therapy application |
| [136] | - Unauthorized access - Data breach |
- Access restriction - Confidentiality - Authenticity |
- ECC - Mutual authentication - Decoy |
A security model is proposed that utilizes a decoy technique in e-healthcare cloud using fog computing | Diverse network attacks (e.g., MIMT) should be discussed to prove that the proposed key agreement protocol is highly secure |