Systematic Review on Security and Privacy Requirements in Edge Computing: State of the Art and Future Research Opportunities

Edge computing is a promising paradigm that enhances the capabilities of cloud computing. In order to continue patronizing the computing services, it is essential to conserve a good atmosphere free from all kinds of security and privacy breaches. The security and privacy issues associated with the edge computing environment have narrowed the overall acceptance of the technology as a reliable paradigm. Many researchers have reviewed security and privacy issues in edge computing, but not all have fully investigated the security and privacy requirements. Security and privacy requirements are the objectives that indicate the capabilities as well as functions a system performs in eliminating certain security and privacy vulnerabilities. The paper aims to substantially review the security and privacy requirements of the edge computing and the various technological methods employed by the techniques used in curbing the threats, with the aim of helping future researchers in identifying research opportunities. This paper investigate the current studies and highlights the following: (1) the classification of security and privacy requirements in edge computing, (2) the state of the art techniques deployed in curbing the security and privacy threats, (3) the trends of technological methods employed by the techniques, (4) the metrics used for evaluating the performance of the techniques, (5) the taxonomy of attacks affecting the edge network, and the corresponding technological trend employed in mitigating the attacks, and, (6) research opportunities for future researchers in the area of edge computing security and privacy.


I. INTRODUCTION
Edge computing paradigm is developed with the intention of overcoming the drawbacks associated with cloud computing. In the edge computing, the edge network stands between the The associate editor coordinating the review of this manuscript and approving it for publication was Abdullah Iliyasu . cloud and the end-users, thereby, bringing cloud resources very closed to the end-users [1]. This consequently provides tremendous real-time data analysis, reduce latency, low operational cost, high scalability, and improve the quality of services. The most challenging problem affecting the success of edge computing is a breach in the security and privacy of most of the components associated with it. This survey study VOLUME 8, 2020 This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/ considers eight security and privacy requirements of a typical edge computing network. Security and privacy requirements can be referred to as the measure of the capabilities and functions that a system should achieve for eliminating the security and privacy vulnerabilities [2]. When the requirements are satisfied, the system complies successfully with the imperative private and secure targets, as well as relevant regulatory guidance [3]. The requirements include Privacy-Preservation, Confidentiality, Authenticity, Attack Detection, Integrity, Availability, Nonrepudiation, and Reliability. The detail of each requirement will be discussed in section III. Many survey studies discussed the security and privacy issues in edge computing; however, most of these previous studies systematically overlooked the investigation on the security and privacy requirements in the edge computing network. In addition, research on the state of the art curbing techniques with the corresponding technological methods was also missing in the previous survey studies. In [4], Zhang et al. presented a survey on security and privacy issues in edge computing, however, only cryptography-based technologies that considered confidentiality requirements were highlighted. In [5], Rodrigo and his team analyzed and surveyed the security threats associated with the various edge computing related paradigms, such as fog computing, and mobile edge computing. However, the survey considered techniques related to authenticity requirement, whereas, less attention was given to other requirements. Guan et al. [6] discussed the main data flow in the energy sector, nevertheless, their survey work focused only on security and privacy issues in the area associated with the application of edge computing in the electricity sector. Rapuzzi and Repetto [7] likewise, reviewed the limitations of current cyber-security paradigms associated to the evolving fog/edge schemes. The survey work aimed at representing a basics for the design of innovative cyber-security methods, nonetheless, a thorough investigation of the security requirements was missing. Shirazi et al. [8] in another survey highlighted the need to come up with new security curbing strategies in the emergent area of edge/fog computing, and to investigate them in their new computing applications.
The various survey studies have laid a tangible foundation in understanding security and privacy issues in edge computing. However, most of these studies provided limited information with respect to the security and privacy requirements in the edge computing network. Besides, most of the work rather discussed partially or conducted the review when the problem was at an early stage. This review work will recapitulate the existing state of the art security and privacy requirements, as well as the trend of the technological methods employed by the techniques for curbing the associated threats in the edge computing for future researchers to follow. A systematic review protocol that will specify all the relevant stages necessary for achieving the aim and objectives of the study will be developed and considered from the initial stage before starting the process of data abstraction. This process will ensure impartial data search and retrieval. The contribution of this review work will be attained by answering the following research questions: 1) What are the categories of security and privacy requirements in the edge computing network? 2) What techniques are proposed for ensuring the requirements identified? 3) What trend of the technological methods are employed by the identified techniques? 4) What are the suitable evaluation metrics employed in assessing the performance of the techniques? 5) What are the categories of attacks affecting edge computing networks, together with the corresponding mitigating technologies? 6) What are the future research opportunities available for researchers working in the area of security and privacy of edge computing? The remaining part of the paper is categorized as follows: Overview of edge computing similar paradigms (Post-Cloud Computing Paradigms) will be given in Section II, the overview of security and privacy requirements in edge computing will be stated in Section III, Section IV will highlight the methodology for conducting the systematic literature review, Data analysis will be given in Section V, the discussion of the reviewed result will be given in Section VI, Section VII will highlight the research open issues, and conclusion will be finally given in Section VIII.

II. OVERVIEW OF EDGE COMPUTING SIMILAR PARADIGMS
This section will introduce the edge computing similar paradigms, which are otherwise known as post-cloud computing paradigms. This includes Edge computing, Fog computing, Mobile Edge Computing (MEC), Cloudlet computing, Mist computing, and Dew computing. The post-cloud computing paradigms are used interchangeably by most researchers, although, they are not exactly the same. Therefore, this section compares and contrasts between the post-cloud paradigms, and clarify the similarities and differences that are ignored by most researchers. The post-cloud paradigms are all developed with the intention of overcoming the weaknesses of cloud computing for not satisfying the requirements of internet-of-things (IoT) and next-generation 5G networks. The most important requirements include real-time and distributed data processing, low latency, mobility support, quick response of wireless sensors and actuators, etc. Although the post-cloud computing paradigms have been developed by different organizations with different ideas, the principle of bringing cloud services closer to the end-user (network edge) is common. Table 1 summarizes the similarities and differences between the post-cloud computing paradigms.
In all of the post-cloud computing paradigms, end-users and other IoT devices are the main target for security and privacy breaches, because of their inability to establish explicit trust for other devices, and also their inability to establish a trustworthy connection. Generally, security and privacy need to be provided in every layer of the post-cloud computing networks [4]. Barika Pace, a research director highlighted that ''Each IOT device in post-cloud computing network is configured in a different way which leads to having a different version with different vulnerabilities, and consequently causes problems'' [9]. Another issue that leads to the security and privacy breach of the post-cloud computing paradigms, with the exception of MEC is that the data and computational tasks of end-users are communicated through a decentralized edge network.
According to Duncan Pauly, a CTO at Edge Intelligence, ''The security and privacy risks associated with post-cloud computing paradigms are quite different from a cloud environment, because all the data in the cloud are stored or process in a single or small number of locations, whereas in post-cloud computing paradigms, data is decentralized'' [9]. Thus, sensitive data associated with end-user can be compromised. Furthermore, the offloaded data and other complex computational tasks together with some cloud resources are stored at the network edge, which is more vulnerable than the cloud itself [10].
Shane MacDougall, a senior security engineer at networking and cyber-security services company Mosaic452, argued that ''The best practice for ensuring security and privacy in post-cloud computing networks is to provide an equal amount of protection to all of the edge/Fog and other related nodes as the remaining part of the network'' [9]. In another hand, the worst practice of ensuring post-cloud computing security and privacy is to employ the traditional security controls, for example, using only antivirus and firewalls to protect the edge devices. Joseph Carson, the chief security scientist at Thycotic, an access management technology provider said, ''In post-cloud computing, the organization's data are no longer flowing through their internet connection, nor via their corporate firewall, so there is a need to secure and protect each edge device as if it is a door to their network'' [9].
Another poor practice for ensuring security and privacy in edge computing is employing cloud-based security models. Therefore, for proper handling of security and privacy in the post-cloud network, certain security and privacy requirements need to be considered in the process of enabling smooth operation of the entire network. This review work will concentrate only on the edge computing security and privacy requirement, which will be discussed in section III.
The typical architecture of edge computing is illustrated in Fig. 1, while the architectures of the other edge similar paradigms are illustrated in Fig. 2. More details on the postcloud computing paradigms and their comparison can be found in the work of Yousefpour et al. [11]. Fig. 1 depicts the typical 3-layer architecture of an edge computing paradigm. The edge layer stands in between the cloud and the end-device layer. It can be seen from the Fig.1 that the latency decreases significantly from an edge network layer to an end-devices layer when compared to that of the cloud layer and end-devices layer. This is an important feature of an edge computing paradigm. The security decreases drastically when moving away from the cloud layer to an edge layer and then to an end-device layer, which is as the result of distributed nature of the edge network. It can also be observed 76544 VOLUME 8, 2020 that the storage capacity decreases drastically from the cloud layer to the edge layer and then to the end-device layer. The real-time processing decreases dramatically when moving from end-devices to an edge layer and then to the cloud layer. Data flows from end-devices to edge layer for storage or processing, then to the cloud layer when long term storage is required. Requests in the edge computing network flow in two directions, as depicted in Fig. 1.
Similarly, in Fig. 2, fog computing consists of fog nodes that are distributed over geographical locations, very close to end-user devices. The overall computation process is done at the edge of the network, very close to the data sources [12]. The architecture of mobile edge computing (MEC) is also depicted in Fig. 2. As shown, the MEC computing consists of MEC servers that are located in the vicinity of the mobile users. Thus mobility is highly supported, and latency is relatively lower than the remaining post-cloud computing paradigms. Fig. 2 also illustrates the architecture of the cloudlet computing. As shown in Fig. 2, cloudlet computing consists of a relatively small mobility support cloud called cloudlet located close to the mobile end-users. The cloudlet is connected to the faraway cloud, and it brings computational resources directly into mobile devices with relatively low latency. Cloudlets are installed on distributed virtual machines servers connected together by the LAN network, on which mobile devices can upload high computational tasks. Cloudlet does not have to be fixed infrastructures close to the end-devices, but may rather be accessible through the wireless LAN network.
The architecture of Mist computing is also shown in Fig. 2. As depicted in the figure, data processing is at the extreme edge of the network because fog nodes stand between the cloud layer and the mist layer, resulting in less network delay, reduced latency, as well as bandwidth utilization, when compared to the remaining post-cloud paradigms. Thus, it can be said that, in Mist computing, computation is pushed further to the network edge. Therefore, devices at the edge, such as sensors and actuators are involved in the computing process, which is not the case when compared to the other post-cloud computing paradigms. This allows the computation to be performed by microcontrollers of the embedded nodes [27]. Fig. 2 also shows the architecture of the dew computing paradigm. It can be seen that the dew computing consists of dew servers that allow the cloud information to always be available on end-devices, connected to the nearby dew server, so that cloud data will be available even in the absence of internet service [28], [33]. Unlike cloudlet computing, dew computing employed relatively high-level servers, which provide services similar to that of cloud and also synchronizes its database to the database of the cloud [34]. Thus providing services independent to the cloud, and also in collaboration with the cloud [29].

III. OVERVIEW OF THE SECURITY AND PRIVACY REQUIREMENTS IN EDGE COMPUTING NETWORK
In the traditional way, security and privacy requirements are categorized into three main groups referred to as CIA-Triad [35]. They include Confidentiality, Integrity, and Availability. However, due to the insufficiency of CIA-Triad to address new threats in the shared security environment (like edge computing), a comprehensive list of security and privacy requirements called IAS-Octave was formulated [36]. IAS-Octave can be utilized in edge computing due to its ability to address new threats in the shared environment. In the IAS-Octave categorization, Accountability, Auditability, Trustworthiness, Nonrepudiation, and Privacy-Preservation security requirements are added to the CIA-Triad, thus making a total of eight requirements. Considering the fact that Accountability and Auditability lead to Trustworthiness [37], [38], and also, Trustworthiness is highly related to Authenticity requirement [39], the three requirements can be merged together to form Authenticity. Additionally, the security and privacy requirements of edge computing, which are not included in the IAS-Octave when compared with the reviewed studies under the edge computing perspective are Attack Detection and Reliability. Therefore, in this paper, edge computing security and privacy requirements are proposed. They include Confidentiality, Integrity, Availability, Privacy-Preservation, Nonrepudiation, Authentication, Attack Detection, and Reliability. Table 2 illustrates the description of the proposed edge computing security and privacy requirements, which will be considered in the review work. Similarly, Fig. 3 illustrates the development of the security and privacy requirements from CIA-Triad to the proposed requirements.

IV. METHODOLOGY
This review work employs a systematic review to ensure accurate and impartial data search and retrieval. A review protocol that specifies the search strategy, devising of inclusion and exclusion criteria in the selection of the articles to be considered or ignored respectively, and plan for analyzing the selected articles was developed from the initial stage before beginning the search process of literature and data extraction. The protocol was approved by one of the authors prior to its implementation. The steps involved in the methodology of the review work are illustrated in Fig. 4.

A. DATA SEARCH STRATEGY
A thorough search was conducted on all studies that focus on security and privacy issues in edge computing including both review and technical studies. The entire search was carried out through six prominent online electronic databases, which include: Scopus, Web of Science, IEEE-Explore, Science Direct, Springer, and Wiley. This is because they encompass publications from the major journal and conference proceedings, and as such, a reasonable sample that will represent the current state of knowledge in the area of edge computing privacy and security will be obtained. Restricting the search on the four mentioned online electronic databases implies that only a sample of the literature on the intended review is targeted.
Also, limiting the search to only computer science and information, computer science and theory, and engineering subject areas were made in order to limit the boundary of the review work. The initial search was made by filtering only conference, technical and review journal articles that were  A total of 273 articles from Scopus, 271 from Web of Science, 1328 from IEEE-Explore, 354 from Science Direct, 371 from Springer, and 405 from Wiley were obtained. A total of 3,002 articles were found. A scan was made on the title and abstract of the searched articles. After the scan, 2,730 articles found to be either beyond or not even related to the scope of the review work, and were completely removed. Inclusion and exclusion procedures were then applied to the remaining 272 articles for further selection. An article is considered for inclusion if it satisfies the inclusion requirement highlighted in Table 3, and it is excluded if it satisfies the exclusion criteria. After the full-text review of the remaining 272 retained articles, 96 fulfilled the inclusion requirements.  Again, duplicate articles are extracted and discarded, leaving a total of 78 articles. The distribution of the retained articles according to their respective databases is depicted in Fig. 5

B. DATA EXTRACTION
Relevant data that will answer the research questions were exhaustively abstracted from the 78 articles that fulfilled the inclusion criteria. The following items were documented: Authors, Year of publication, type of the article, the technique under a specific category of security and privacy requirement, the category of the technological methods employed, performance metrics used in evaluating the performance of the proposed technique, and the attacks considered by the techniques. Additionally, research opportunities are derived from the weaknesses of each identified techniques.

V. DATA ANALYSIS
In this section, all the studies that fulfilled the inclusion criteria will be systematically analyzed. The steps of the general data analysis will be described in sub-section A. Also, the analysis based on the proposed security and privacy requirements, which will answer the research questions will be given in sub-section B.

A. GENERAL DATA ANALYSIS
The review work examined 78 articles from various journals and conference proceedings across the four different electronic databases. Fig. 6 illustrates the percentage of journal articles and conference papers published between 2015 to November 2019. Based on the review findings, there is no visible journal publication between 2015 and 2016, which may be regarded as research on security and privacy on edge computing only gain popularity in the year 2016. 50% and 48% of 2017 and 2018 publications journal articles respectively. This may be due to the fact that researchers lately start developing interest in security and privacy issues in edge computing. In the year 2019, 100% of the publications from the review work are from journal articles. This may be because additional interests are diverted to the area of security and privacy in edge computing. However, conference papers may also be available in other electronic databases.   (RQ1) that focused on the classes of the security and privacy requirement in edge computing network, research question 2 (RQ2) that deliberates on the techniques proposed for ensuring the identified requirements, research question 3 (RQ3) that concentrates on the trend of the technological methods employed by the identified techniques, and, research question 6 (RQ6) that emphasizes on the research opportunities (gaps) for future researchers working in the area of security and privacy in edge computing. Research question 4 (RQ4) that focuses on finding the employed evaluation metrics assessing the performance of the identified techniques will be answered in Sub-section B (2). Similarly, research question 5 (RQ5) that highlights the attacks affecting edge computing network, with the corresponding technological curbing techniques will be explored in Sub-section B (3). In this section, the identified techniques that considered a specific category of security and privacy requirements are classified as depicted in Fig. 8. Additionally, Fig. 9 and Fig. 10 illustrate the classification of the techniques that consider more than one requirement, and the techniques that did not specify any of the proposed requirements respectively. Similarly, a summary of technique ideas under a given requirement is given in tables. In the tables, the description of the methodology, the technology employed, the used performance evaluation analysis, the advantages, and the disadvantages/gaps are given. Table 4 reviews the techniques under Confidentiality requirement, Table 5 recapitulates the techniques under Privacy-Preservation requirement, Table 6 analyses the techniques under Authenticity requirement, Table 7 explores the techniques under Attack Detection requirement, Table 8 summarizes the techniques that considered the combination of both Authenticity and Privacy-Preservation, Table 9 reiterates the techniques that considered more than two requirements, and Table 10 summarizes the techniques that did not specify any of the proposed requirements.
Based on the review work, a technique that considers the Integrity requirement alone could not be established, except in combination with other techniques. Furthermore, findings show that only one study considered the availability requirement. Authors in [40] applied both block-chain and game theory methods to overcome the attack on edge servers by mobile devices in the edge computing network. A punishment scheme based on the active record of a Block-Chain  was proposed. A block-chain security game is formulated by considering the interaction between the edge server and the mobile devices. The mobile devices either send a request to the server to obtain a real-time service or to launch an attack. Nash equilibrium is employed to determine the exact intention of the mobile device of either service request or attack. The scheme improved the network security performance by decreasing the attack rate of the server by 66.7% as compared to other similar techniques. Mathematical analysis is employed in evaluating the performance of the block-chain security game. Furthermore, according to the review work, a technique that considered Nonrepudiation requirement either alone or in combination with other requirements is not found.
Likewise, a technique that considers the Reliability requirement alone is also not found, except in combination with Authenticity requirements. Han, B., and his colleague in [41] devised an edge computing security technique based on the Markov model. The objective is to propose a decentralized authentication scheme that can provide flexible and low-cost authentication, which is aware of the context information of user devices and other network elements. They introduced trust architecture with cognitive access management. A context-aware mechanism, which synchronizes and reduces the backhaul network traffic, was designed. A simulation was conducted to validate the effectiveness of the technique. The proposed scheme was successful in maintaining the balance between network operating costs and reliability. However, the security mechanism needs to be evaluated in accordance with the 5G network, which may be in respect of the corresponding application of the local authentication.
Moreover, two studies from the review work devised techniques that ensured both Authenticity and Confidentiality requirements. They are classified according to the employed methods as shown below:

a: CRYPTOGRAPHIC BASED TECHNIQUES
Ali et al. [42] proposed a multimodal authentication scheme by employing biometric encryption. Biometrics including speech and face image are encrypted using portable devices. Decryption occurs in the cloud, where each user is authenticated. The majority voting technique is used for a final decision about the user identity. The objective of the scheme is to propose a multimodal authentication system using encrypted biometrics for edge-centric cloud network. The proposed scheme can successfully hide the identity of users and, in the end, retrieve the biometrics accurately with an errorless authentication. However, the security involved is not strong because the scheme cannot generate the secret shares of the biometric templates.
The process of combining cryptography and biometric in securing user's information is termed as biometriccryptography [43], [44]. The higher level of security is achieved with biometric-cryptography since the biometric templates assist the cryptographic process to encrypt and decrypt the information involved [43]. There are two different types of biometric-cryptography. The first one is called a biometric key release, which involves the occurrence of biometric matching in extracting the cryptographic key [43]. In the second type called biometric key generation templates, both biometric template and cryptographic key are combined together [43], hence no matching is required as in the first type.

b: NONE-CRYPTOGRAPHIC BASED TECHNIQUES
Chen et al. [45] proposed a none-cryptographic security scheme, where a password is not required for authentication purposes. A signal fingerprint feature, generated by the radiation of radio frequency of terminal devices (RF Fingerprint) is used by edge devices for the authentication process. In the proposed scheme, no password authentication is required, and as such, the scheme is more reliable when compared to the traditional cryptographic protocols. The author's employed simulation in evaluating the performance of the scheme, employing signal to noise ratio (SNR) as metrics.
RF fingerprints are distinctive features implanted in electromagnetic waves usually emitted by transmitters [46], [47]. The RF fingerprints aimed at serving the same purpose VOLUME 8, 2020  with the biometric fingerprint for wireless devices, hence improving the overall privacy of wireless communication. RF fingerprint is more reliable than the biometric fingerprint because it can be achieved with relatively low-cost receivers, which provide extra network security layers [48]. Most importantly, it can be used in identifying the sources of electromagnetic transmission, which make it the backbone of the security of a radio network for eliminating the known attacks [48]. Moreover, It is quite impossible to regenerate the fingerprint from any device whatsoever [49]. Fig. 11 illustrates the classification of the performance evaluation analysis methods employed by the studied techniques identified by the review work. They are classified into 2; methods with tools, which simply refer to the methods that employ software or hardware in the evaluation process, and methods without tools, which are the methods that did not employ software or hardware in the evaluation process. As shown in Fig. 11, the analysis techniques under analytical methods with tools include; Simulation (using MATLAB, NS3, NetLogo, PeerSIM, IFogSim, CloudSim, SIM-DMC, and Computer Simulation Experiments), prototype implementation (using either commercial mobile devices or embedded devices such as Single Board Computer, FPGA, and Microcontroller), Formal security Proof (Using ProVerif, and Scyther), Dataset (using both Synthetic and Real), Algorithmic proof (Game Theory), and Case-Study, whereas, Informal Security proof (using theorems and proofs), and, Mathematical analysis, are classified under analysis without tools.

2) EVALUATION METRICS EMPLOYED BY THE TECHNIQUES (DATA ANALYSIS TO ANSWER RQ4)
This section will review the evaluation metrics used in evaluating the performance of the techniques, with the intention of answering RQ4. According to the review work, the techniques employed different performance metrics to determine the intended aim. Table 11 summarizes the metrics employed by the respective technique with the corresponding purpose of using the metrics.

3) CLASSIFICATION OF ATTACKS ON EDGE COMPUTING NETWORK (DATA ANALYSIS TO ANSWER RQ5)
The attackers' aim on a network is to gain access and alter the vital information for fulfilling their needs or for selling purposes [105]. In this paper, edge computing network attacks are explored in an attempt to answer research question 5 (RQ5). Fig. 12 illustrates the taxonomy of edge computing VOLUME 8, 2020   network attacks. The categories of the attacks with the corresponding existing counterpart measures with respect to edge computing infrastructures are given in the following sections.

C. MESSAGE ALTERATION ATTACK
In this type of attack, the eavesdropper manipulates the messages used by the legitimate edge computing entities. Attacks under message alteration category include:

1) INFERENCE ATTACK
The adversary analyzes the data transferred by the genuine edge network communicating unit to gain knowledge about the entities. In [55], the authors extracted location obfuscation sub-issue to solve the problem of inference attack, and derive a modeled that represent a privacy game issue and solved it according to the obfuscated locations. In another attempt of eliminating the inference attack, authors in [67] proposed a Query-Quard framework that avoids potential private information leakage to the third-party by generating privacy-preserving query plans.

2) COLLUSION ATTACK
The malicious entity combines together two or more copies of information communicated by the trusted edge nodes to produce a completely new copy. Authors in [59] solved the problem of collusion attack by encrypting the communicated messages with symmetric AES cryptographic protocol. At each instance of the communication process, new AES keys are used for encrypting the message involved. Authors in [75] solved the problem of collusion attack by adopting a neighbor similarity method. When an edge entity requests for recommendations, they also incorporate a request for randomly selected trusted neighbor which is entirely different from the neighbor being inquired.

3) REPLAY ATTACK
The third-party intercept the information sent by the genuine edge entity and transmit it to another legitimate edge entity as if it is from the original sender. A key agreement protocol is utilized by authors in [78] for solving the replay attack problem in smart grid edge computing infrastructure. A single private key is utilized by smart meters for obtaining services from the utility control center. In [92], the authors deal with a replay attack by incorporating a timestamp to the signed message used for authenticating the communication between the edge entities. Similarly, in [97] and [95], the authors use a timestamp to prevent the replay attack. In [90], a timestamp together with Shamir's secret sharing algorithm is used in preventing a replay attack. Likewise, authors in [106] solve the replay attack problem by adding a nonce to each message before sending it to the communicating entity.

4) CIPHER-TEXT ONLY ATTACK
The advisory used the number of encrypted messages to recover as many plaintexts as possible or even the secret key. Authors in [94] solve the problem of cipher-text-only attack by encrypting the data before sending it to the edge server. The edge server then aggregates and sends it to the public cloud center where it can be recovered using the cloud center's private key.

5) EAVESDROPPING/SNIFFING/SNOOPING ATTACK
The malicious party steals the information communicated by the genuine edge computing entities. In an attempt to overcome the eavesdropping attack, authors in [59] encrypted the smartphone data with asymmetric AES algorithm prior to the communication stage. In [106], the authors ensure that the transmitted data after the realization of the connection between edge entities and edge server is first of all encrypted with a session key known to the communicating entities. Similarly, in [103], the authors prevent the snooping attack by employing an authentication service that authenticates the entity receiving the output data. Additionally, a confidentiality service is employed to encrypt the output data for protection against the snooping attack.

D. NETWORK DISRUPTION ATTACK
Here, the attacker develops a mechanism for counterfeiting network resources to access the communication between genuine entities. The various attacks under this category include:

1) DENIAL-OF-SERVICE ATTACK
The malicious entity makes network resources unavailable to the genuine entities by interrupting the normal activities of the entities. In an attempt to solve the problem, authors in [76] reduce the dependency of the edge communicating entities on a cloud datacenter, which consequently removes the single point of failure in the entire edge infrastructure. Similarly, authors in [93] eliminate the dependency on the centralized servers by employing scalable and distributed systems that use end-user devices as mini-edge servers. In another attempt, authors in [85] proposed a honeypot, a defense technique against denial of service attack. It is capable of detecting, tracking, and isolating attack. Authors in [79] proposed a cooperative framework against denial of service attack by utilizing network function visualization and SDN (Software Defined Network) architecture.

2) JAMMING ATTACK
The malicious entity blocks the communication between the edge devices and the edge server. In an attempt to solve the problem, authors in [80] proposed a novel SAVE-S algorithm to secure the offloading of computational tasks. They execute the algorithm without utilizing extra resources.

3) BANDWIDTH ATTACK
The attacker transmits a large number of malicious packets to the edge network with the intention of overpowering its bandwidth. In [75], the bandwidth attack is dealt with using a trust and reputation-based approach. The edge nodes are enabled to guard against suspicious client nodes by monitoring and assessing their contribution to fellow client nodes.

4) FAKE-BLOCK ATTACK
The malicious entity sends fake files to respond to a download request from a legitimate edge node with the intention of wasting the download bandwidth involved.

5) SYBIL AATTACK
The attacker takes over a quite number of edge nodes in a network that lacks central management, which consequently hijacks the network. In an attempt to deal with the Sybil attack, authors in [75] employed the bootstrapping method to prevent attackers from joining the network. Similarly, in [93] the authors avoid threshold sharing with the requesting node and take a decision on a safe entity only.

E. CAMOUFLAGING ATTACK
In this type of attack, the adversary manipulates to penetrate the edge network as a genuine entity. Attacks under this category include:

1) IMPERSONATION ATTACK
The malicious party adopts the identity of the legitimate user to authenticate itself to the network. To dealt with impersonation attacks, authors in [59] encrypted the payload data with AES symmetric key algorithm. Moreover, the end-to-end signaling protocol is also inspired and followed accordingly. In another attempt, authors in [73] employed the AES algorithm to authenticate the legitimate edge nodes. A cloud shared key is used to encrypt the initial authentication packet followed by individual associated keys of the edge nodes. In [92], a Carbon Copy (CC) signature which is an identity-based signature is employed by the legitimate edge nodes during the authentication process. Elliptic curve cryptography is employed, where both the public and private keys are calculated by the trust authority.

2) MAN-IN-THE-MIDDLE ATTACK
The attacker secretly manipulates the communication between two eligible parties who believed they are directly communicating with each other. In [90], the authors used a shared symmetric key to encrypt the critical instruction at the end-user device and edge device communication site. Hence, the attacker cannot construct a valid cipher-text without the symmetric key. Whereas, at the edge device and control center communication site, a group public key signature is employed for authenticating the identities of the group entities as well as the critical instruction. Therefore, the attacker cannot convince the control center to accept the forged group public key. Similarly, in [106], the session key cannot be deduced by the attacker because both the secret master key of the registration authority and free shared key are kept secret. In [45], a mutual trust mechanism is established in the edge network by employing lightweight encryption of the signal layer according to the access request sent by the wireless devices. Whereas, In [97],time stamps and encryptions algorithms are used to solve the man-in-the-middle attack.

3) ADDRESS RESOLUTION PROTOCOL (ARP) SPOOF ATTACK
In this type of attack, the malicious party links Media Access Control (MAC) address with the IP address of the legitimate edge devices, by sending false ARP messages across the edge network. Hence, the adversary camouflages with legitimate edge devices and harm the entire system. In [107], an ARP prefix processor, which is a form of SNORT intrusion detection system is designed to solve the problem of the ARP spoof attack. It generates alert whenever an ARP spoof attack is suspected.

F. PHYSICAL ATTACK
The adversary steals the physical components of the edge computing network and injects malicious data with the intention of harming the legitimate entities or the entire network. The type of attacks under this category include:

1) SIDE-CHANNEL ATTACK
The third-party compromised the functionality of a given cryptosystem by exploiting the physical edge computing devices. Authors in [53] prevented the employed AES cryptographic algorithm against the side-channel attack by random masking and shuffling of the S-BOXES. An attack detection technique based on distributed extreme machine learning technology is employed in [84] to eliminate the side-channel attack on the used cryptosystem.

2) SPOOFING ATTACK
The attacker impersonates the physical devices of the legitimate users to propagate malicious effect, steal data, or interfere with edge network access control. In an attempt to solve a spoofing attack, Yoon in [108] ensures that each participating sensor device transmits their data to a legitimate edge node in VOLUME 8, 2020 the Java-Script Object Notation (JSON) format. The wireless sensor networks (WSNs) are requested to send the JSON data about their neighboring sensors. These are used to check the integrity of the data from the dynamically moving sensors. In another attempt to eliminate spoofing attack, authors in [87] devised a means of collecting information at the edge nodes and use it to cross-check the validity of the GPS signals received from the satellite. If the received signal is not genuine, the original GPS signal is reconstructed back. In [83], a spoofing detecting technique is devised using an improved heuristic clustering algorithm. The edge server is made to report its real-time security condition to the cloud server for immediate countermeasures from any spoofing attack.

3) KEY-STEALING ATTACK
The intruder snatches the keys of the legitimate edge users to intrude on their communication. In [92], the authors proposed a means of eliminating the key-stealing attack by ensuring that the trust agent issues the keys to the legitimate edge users through a secure channel. Also, the group signing keys and the corresponding identities of the users, together with the shared key is encrypted by the roadside unit. Finally, the unit stores the private keys and shared keys in temper prove device.

4) ZERO-DAY ATTACK
The adversary utilizes the advantage of the weaknesses that exist in the physical resources of an edge network before they are discovered by the party responsible for the mitigation exercise. In [108], the authors used an artificial neural network to solve the zero-day attack problems. The tolerance and trigger areas constructed at a training stage are dedicated to ensuring the trustworthiness of the sensors.

G. REPUTATION TARNISHING ATTACK
The intruder frame-up negative feedback or dishonest recommendations for genuine entities with the aim of ruining their reputation. Attacks under this category include:

1) BAD-MOUTHING ATTACK
The attacker provides dishonest feedback to frame-up genuine edge users. In an attempt to deal with the bad-mouthing attack, authors in [109] developed a lightweight trust mechanism based on multisource feedback information fusion. The same authors in [76] incorporated objective information entropy theory-based feedback information fusion algorithm to solve the problems associated with the traditional trust schemes.

2) INSIDER ATTACK
In this type of attack, the adversary has authorized network access. By being a genuine entity of the edge network. Therefore, the adversary utilizes this advantage and harm other legitimate edge network entities. Authors in [85] proposed a honey-Bot mechanism that acts as a defense against edge network insider attack. The technique is capable of detecting, tracking, and isolating the malicious edge nodes that can cause an insider attack.

VI. DISCUSSION
Although the previous review studies have laid a noticeable foundation that helps in understanding the security and privacy issues in edge computing, however, many of the reviews have the limitation of not providing a thorough investigation of the security/privacy requirements. Additionally, the techniques for ensuring the requirements with the employed technological methods were also not fully explored. This review work adopted a systematic procedure that helps in providing a proper understanding of security and privacy in the edge computing environment.
Six research questions (RQ1 to RQ6) were formulated and thoroughly answered to achieve the targeted aim. With regard to RQ1, eight main security and privacy requirements were identified from the reviewed studies. Similarly, it can be observed from the outcomes of RQ2 that, out of the reviewed studies, 16 techniques were proposed under the Privacy-Preserving requirement, which is the highest number, when compared with the remaining requirements. This shows that a lot of research interest is given to this requirement. The next requirement that received interest is Attack Detection, with 10 proposed techniques, followed by Authenticity with nine, then Confidentiality with four. Only one technique considered the Availability requirement. Therefore, future researchers should consider this requirement. Six proposed techniques considered a combination of two different requirements. Moreover, four techniques considered a combination of more than two requirements. Fig. 13 illustrates the distribution of the techniques with respect to the requirements considered.
According to the review work, it can be observed that there is no technique that considers Integrity, Nonrepudiation, and Reliability requirements separately, except together with other requirements. This indicates that these requirements were not given much interest. Hence, future research should also concentrate on these requirements.
Besides, regarding RQ3, the identified techniques were further classified according to the employed technological methods. It can be seen that Paillier's Homomorphic Encryption, AES Cryptographic Algorithm, ABE Policy-Hidden, and Reverse Auction Game are the most commonly employed technologies. Also, with regards to the employed performance analysis methods, the dataset is most frequent when considering the analysis with tools. 11 studies employed a real dataset, whereas 4 studies employed synthetic datasets. The computer simulation experiment is the second most frequently used method. The most frequent simulation tool was NS3. In terms of the prototype implementation, an embedded device (Single Board Computer) is the most frequently employed device. The most frequent formal security analysis tool is Proverif, whereas the Scyther tool is employed by only one study. On the other hand, Informal security analysis is the most frequent method when considering methods without tools.
The performance metrics employed in evaluating the effectiveness of the techniques were explored as specified by RQ4. It can be observed that the techniques under each class of requirement employed specific metrics in evaluating their performance, which verifies the intended aim. The purpose of evaluating the techniques with a particular metric is highlighted in Table 11. This will help future researchers in knowing the purpose of employing each metric under certain techniques.
With regard to the research question 5 (Q5), that emphasizes on the categories of attacks in an edge computing network, a taxonomy of the attacks is given in Fig. 12. Additionally, the trends of the technologies employed in curbing the attacks are also highlighted. Lastly, with regard to RQ6 that focuses on the research opportunities for future researchers working in the area of security and privacy in edge computing, the limitations of each technique are given in Table 4 to  Table 10. This will help future researchers working in this area with forthcoming research gaps.

A. THREATS TO VALIDITY
The study focused on conducting the review work as well as possible. However, some factors encountered may change VOLUME 8, 2020 the conclusion drawn, which may affect the quality of the findings. Below are some of the factors: 1) The data acquisition process is subjected to a biased opinion because only one author searched for the primary study articles.
2) Only four electronic databases were explored for collecting applicable data. Thus, relevant studies from other databases may not be included. This limited the scope of the review work. 3) Only journal articles and conference proceedings were included, whereas some other studies that may help with additional information, such as patents, magazines, and symposium, were excluded.

VII. OPEN RESEARCH ISSUES
In this section, the research open issues in the field of security and privacy of edge computing paradigm will be given. The aim is to provide opportunities for future researchers willing to contribute to this area. The major open issues include:

A. LIGHTWEIGHT SECURITY FEATURES
Lightweight security is required in the edge computing network because of the minimum resource and storage characterized by the edge devices. The conventional cryptographic protocols are characterized with very high computation and communication costs [110], [111], due to the large key size employed. Therefore, such protocols cannot be applied directly to the edge network. As such, lightweight cryptographic protocols with smaller encryption keys that require fewer memory and CPU resources are preferred in edge computing. Lightweight security does not maintain the tradeoff between efficiency and security/privacy, as considered by most of the reviewed techniques. For lightweight security, efficiency is not as important as security/privacy. It can be observed that most of the techniques under Confidentiality and Authenticity are not lightweight, that was the reason why they did not evaluate the techniques using the lightweight evaluation metrics (i.e. computation and communication costs). Only four techniques [50], [51], [53], and [78] employed the lightweight metrics. Hence, future research on security and privacy in edge computing should focus on lightweight security, for example, Elliptic Curve Cryptography, Permutation Based Lightweight Cryptography, Block-Ciphers Lightweight Cryptography, etc.

B. FINE-GRAIN SECURITY FEATURES
To attain fine-grain security features, a dynamic auto-update function needs to be incorporated into the privacy-preserving mechanisms, as well as an efficient data-sharing mechanism, due to the huge amount of data produced at the edge of the network by end-devices. The most commonly fine grain security evaluation metrics as depicted in Table 11 are Tracking Accuracy, and Privacy protection level, which were employed by only five techniques [55], [63], [64], [66], [68]. Therefore, future research should consider fine-grain features when proposing Privacy-Preserving techniques.

C. PRIOR INVESTIGATION OF ATTACKS
In most of the reviewed studies, attacks were not fully investigated and dealt with sufficiently prior to the design process of the techniques, especially the authentication and privacypreserving schemes. These attacks are very dangerous to the privacy of the interacting edge devices, which may lead to revealing devices' secret information.

D. MORE WORK IS REQUIRED UNDER CERTAIN SECURITY/PRIVACY REQUIREMENTS
As stated earlier, some of the security and privacy requirements are either not having techniques that consider them separately, or not having at all. For example, from the findings, the Availability requirement is having only 1 technique under it, whereas Reliability, Nonrepudiation, and Integrity requirements are not considered by any technique, except in combination with other requirements. Due to the importance of these requirements, future researchers should concentrate on devising techniques that will consider them.

E. SECURE TWO-WAY COMMUNICATION
The establishment of secure two-way communication in the edge network is relatively difficult compared to the cloud network with ready-made security mechanisms. Therefore, to achieve secure two-way communication in an edge computing network, lightweight key exchange algorithms that suite edge computing should be designed in the future.

F. PROPER UTILIZATION OF INTRUSION DETECTION MECHANISMS
Intrusion Detection Systems (IDS) are employed for detecting and mitigating of the various attacks in a network. However, in an edge computing environment, the IDS need to be applied to the various layers of the edge network (Edge nodes, end-users, and, cloud). Applying IDS to only one or two layers may not guarantee that attacks from the malicious party will not propagate to the entire edge network.

G. UTILIZATION OF PROGRAM (SOFTWARE) ANALYTICAL TOOLS
The security and privacy issues in edge computing network are diverse. Consequently, utilization of software-based security and privacy analysis will help in quick and efficient identification of such issues. The scope of these software analysis in edge computing is still an open issue for future research.

VIII. CONCLUSION
Edge computing is a promising paradigm aimed at eliminating almost all the drawbacks associated with cloud computing. Security and privacy issues are among the significant challenges affecting its acceptance. As such, studying ways of mitigating the problems is of paramount importance. Findings show that the devised systematic literature review is the first of its kind in edge computing security and privacy perspectives. It aimed at providing a comprehensive and reflective understanding of the security and privacy requirements, the state of the art techniques for ensuring the requirements, as well as the technological methods employed by the techniques. With this in mind, a total of 78 articles were thoroughly studied, in line with the standard SLR procedures. After a thorough analysis of the extracted data, the findings VOLUME 8, 2020 reveal essential results. Firstly, the taxonomy of security and privacy requirements was derived. The study found that there are eight classes of requirements as far as edge computing security and privacy is concerned. Secondly, the study discovered that each requirement has its specific techniques designed mainly for it, except integrity, nonrepudiation, and reliability which were considered together with other requirements in four different identified schemes. Thirdly, the findings classified the identified techniques under their corresponding technological methods employed with the aim of identifying the trend. Fourthly, the review work has identified limitation of each of the techniques which lead to research opportunities for future researchers to concentrate on. Moreover, the attacks affecting the edge computing network have been thoroughly explored. The taxonomy of the attacks as well as the employed technological methods for their elimination have been revealed. Moreover, it was observed that each category of the techniques under a particular requirement has specific metrics used for evaluating its performance for ensuring certain aim. Lastly, future research open issues were included for the benefit of researchers willing to work in the area of edge computing security and privacy.

ACKNOWLEDGMENT
Authors of this research are thankful to the reviewers for their observations, comments, and recommendations to enhance manuscript contents.