Privacy-Preserving Task Offloading Strategies in MEC

In mobile edge computing (MEC), mobile devices can choose to offload their tasks to edge servers for execution, thereby effectively reducing the completion time of tasks and energy consumption of mobile devices. However, most of the data transfer brought by offloading relies on wireless communication technology, making the private information of mobile devices vulnerable to eavesdropping and monitoring. Privacy leakage, especially the location and association privacies, can pose a significant risk to users of mobile devices. Therefore, protecting the privacy of mobile devices during task offloading is important and cannot be ignored. This paper considers both location privacy and association privacy of mobile devices during task offloading in MEC and targets to reduce the leakage of location and association privacy while minimizing the average completion time of tasks. To achieve these goals, we design a privacy-preserving task offloading scheme to protect location privacy and association privacy. The scheme is mainly divided into two parts. First, we adopt a proxy forwarding mechanism to protect the location privacy of mobile devices from being leaked. Second, we select the proxy server and edge server for each task that needs to be offloaded. In the proxy server selection policy, we make a choice based on the location information of proxy servers, to reduce the leakage risk of location privacy. In the edge server selection strategy, we consider the privacy conflict between tasks, the computing ability, and location of edge servers, to reduce the leakage risk of association privacy plus the average completion time of tasks as much as possible. Simulated experimental results demonstrate that our scheme is effective in protecting the location privacy and association privacy of mobile devices and reducing the average completion time of tasks compared with the-state-of-art techniques.


Introduction
In recent years, mobile devices such as smartphones and tablets have gained popularity. According to Ericsson's latest report, the number of mobile subscriptions worldwide has exploded and will reach 9.2 billion in 2028 [1]. The growing popularity of mobile devices has spawned new applications such as online games, virtual reality, image recognition, etc. These nascent applications often have high demands on computing resources and latency. However, the computation and storage capabilities of existing mobile devices often struggle to meet such demands [2]. The emergence of MEC has effectively solved the problem of insufficient computation and storage capacity of mobile devices. MEC, as an extension of cloud computing, has computation and storage located closer to the users of mobile devices at the edge of the network, thus, overcoming the problem of high latency in cloud computing [3][4][5][6]. By using task offloading technology, mobile devices can effectively reduce their energy consumption and completion time [4].
However, wireless transmission-based task offloading in edge computing technologies is vulnerable to eavesdropping and monitoring. Attackers can infer users' location and usage patterns according to offloading preferences of their mobile devices and the channel quality during data transmission through edge servers. What is more, attackers can infer a user's motion trajectory by obtaining real-time location information from multiple edge servers. As a result, there is a risk of location privacy leakage from mobile devices during task offloading. Location information is important privacy information for users and poses a huge risk if it is leaked. For example, in the field of wildlife protection, hunters can obtain the location information of wild animals if mobile devices carried by animals transmit related data to edge servers; in the field of smart transportation, attackers can get the life pattern and behavior habits of users based on their action trajectories via edge servers [7]. Meanwhile, since MEC is an open computing system, it does not have a comprehensive, complex, and highly reliable security system like traditional cloud computing. Thus, edge servers in MEC are relatively untrustworthy compared to servers in cloud computing.
In addition, tasks may have associated privacy information which refers to information with associated privacy data. When the associated privacy data is leaked separately, it will not cause the risk of privacy leakage to users. Nevertheless, when all or part of the associated privacy data is leaked, it will cause the risk of privacy leakage to users and then lead to serious consequences. For example, username and password belong to associated privacy information. When a malicious person only knows the username or password of a user, there is no threat to the user, but if the malicious person attains both of them, it will pose a threat to the user. When there is associated information between tasks and a mobile device offloads these tasks to an untrustworthy server, attackers can benefit from this associated privacy information by harming users' interests. Tasks with associated privacy information are considered to have privacy conflicts. If there exist privacy conflicts between two tasks, offloading them to the same edge server may cause leakage of association privacy [8]. For instance, when three tasks separately containing the identity card number, cell phone number, and bank account number of a user are offloaded to the same edge server, attackers can gain these three numbers from the server, utilize them to get the password of the bank account, and steal the user's property. Therefore, protecting the location and association privacy of mobile devices is quite important, and, therefore, a high amount of attention is paid to it.
In view of the high attention paid to the topic of privacy protection of task offloading in MEC, many researchers have studied it. In [9][10][11][12], authors have studied the location privacy problem for task offloading in MEC. In [13][14][15][16][17], authors have investigated how to reduce the risk of association privacy leakage by reducing the privacy conflicts of tasks. In [18,19], based on the concept of information entropy, authors have quantified data privacy to avoid the leakage of data privacy. In [20][21][22], authors have applied encrypting, blurring location information, and adding noise to achieve location privacy protection, which imposes significant extra overhead on mobile devices. As far as we know, no work has considered both location privacy and association privacy during task offloading.
In this paper, we consider both location privacy and association privacy of mobile devices when they offload tasks to edge servers in MEC, aiming to reduce the location and association privacy leakage as well as minimize the average completion time of tasks. We are committed to finding a scheme that adequately protects the location and association privacy of mobile devices while avoiding significant extra overhead. To achieve this goal, we design a privacy-preserving task offloading algorithm. In the algorithm, we first introduce a Mobile Support System (MSS) to protect the location privacy of mobile devices. MSS is designed to protect the location privacy of mobile devices without sacrificing performance and includes two kinds of servers: edge servers and proxy servers. Mobile devices do not communicate with the edge server directly but through the proxy server. The edge server only knows the location of the proxy server but is not aware of the real location of mobile devices [23]. Then, we select the proxy and edge servers for each task to be offloaded. We make choices based on the proxy servers' location information in the proxy server selection policy to reduce the risk of location privacy leakage. In the edge server selection strategy, we consider the privacy conflict between tasks, the computing ability of edge servers, and the location of edge servers, to reduce the risk of association privacy leakage of mobile devices and the average completion time of tasks. Simulated experiments show that the risk of leakage for location and association privacy is effectively reduced by our designed algorithm. Moreover, the average completion time of tasks is reduced.
Our main contributions are as follows.
• To our best knowledge, we are the first to comprehensively consider the location privacy and association privacy issues of mobile devices during task offloading in MEC. • We solve the problem of location privacy of mobile devices based on the MSS proxy forwarding technology. • We design a privacy-preserving task offloading algorithm to protect location privacy and association privacy while minimizing the average completion time of tasks. • Simulated experiments demonstrate the effectiveness and efficiency of our proposed algorithm.
The residual organization of this article is as follows. Section 2 outlines the related research. Section 3 establishes all models and the problem addressed in this paper. Section 4 introduces our proposed algorithm. Section 5 makes a performance evaluation of our proposed algorithm by considerable simulation experiments. Section 6 concludes the paper.

Related Research
In recent years, there have been many studies on task offloading in MEC. Most of the researchers worked on reducing time, energy consumption, and cost. In [24], Chen et al. minimized latency and energy consumption of mobile devices from a user-centric view to improve the quality of experience(QoE) in MEC. In [25], Labidi et al. stated the problem of task offloading in small cell base stations by jointly optimizing radio resources and offloading decisions to minimize energy consumption with tolerable delays. In [26], Guo et al. designed a sub-optimization algorithm with the goal of minimizing task execution time and energy consumption. In [27], Mao et al. presented a low-complexity online offloading algorithm that can significantly reduce the task execution cost in a green MEC system with an energy harvesting device. In [28], Zhou and Jadoon reduced the task execution time by rational allocation of bandwidth resources and moderate task offloading ratio. In [29], Liu et al. studied the stochastic task scheduling optimization problem in MEC from two timescales and adopted a one-dimensional search algorithm to minimize the average delay. None of the above work takes privacy into consideration.
Since MEC is an open computing system, edge servers can be provided by enterprises, governments, individuals, etc. Therefore, the reliability and security of edge servers are much less than traditional cloud servers. Privacy protection in MEC has become an important issue that cannot be ignored. Several researchers have studied privacy protection issues during task offloading. In [9][10][11][12], the authors studied the location privacy protection of mobile devices in MEC, considering the risk posed to the mobile device by location information leakage. In [9], Wang et al. considered the risk of location information leakage measured by the distance threshold of a user from the server, and defined a total cost as the combination of migration cost, user-perceived delay, and the leakage risk of location information as well as constructed an efficient privacy-preserving offloading algorithm to find an optimal solution to minimize the total cost in the long run. In [10], Li et al. adopted a task offloading scheme for privacy-preserving and device management. The scheme can obtain near-optimal latency and energy performance while preserving users' location privacy and usage pattern privacy. In [11], a privacy-preserving secure offloading scheme was designed to minimize energy consumption, in which location privacy, usage pattern privacy, and secure transmission against eavesdroppers are considered in combination. In [12], Zhang et al. designed a novel and effective location privacy protection scheme for MEC devices, where authors make it impossible for an attacker to identify a user's actual location by adding noise.
In [13][14][15][16][17], privacy conflicts between tasks were mainly studied to reduce the risk of association privacy leakage. In [13], Peng et al. studied the task offloading problem for VR applications with privacy protection. A privacy-aware task offloading approach based on a multi-objective optimization genetic algorithm was proposed, taking the privacy conflicts between virtual reality (VR) tasks into consideration. In [14], authors formally analyzed privacy conflicts of tasks in vehicular networks and adopted a MEC-based offloading method for vehicular network computation, which reduces the privacy conflicts between tasks, consequently degrading the risk of association privacy leakage. In [15], Liu et al. formulated an optimization problem to improve load balancing and reduce the energy consumption of all edge nodes while considering privacy conflicts and time overhead. Then, an energy-efficient task offloading method with privacy protection was proposed for privacy conflicts between tasks. In [16], Xu et al. presented an IoT-oriented privacypreserving offloading method, considering privacy conflicts between tasks. In [17], Ma and Mashayekhy offered a privacy-designed offloading solution for vehicular edge computing considering privacy conflicts between tasks, to meet the delay requirements and reduce the energy consumption of vehicles.
Although research related to privacy protection in MEC has already existed, none of it has considered both location privacy and association privacy. Moreover, most of the studies on location privacy are based on encryption, blurring location information, adding noise, etc., which can bring the high extra cost to mobile devices. Different from the above research, both location privacy and association privacy during task offloading based on MEC are considered in our work. We use the proxy forwarding mechanism to protect the location privacy of mobile devices and figure out appropriate rules to select the proxy servers and the edge servers for task offloading, to prevent the location and association privacy of the mobile device from leaking while minimizing the average completion time of tasks.

Models and Problem Definition
In this section, the models used and the problem studied will be introduced.

System Model
As shown in Figure 1, a single-user offloading scenario is designed, which consists of three types of entities: edge server, proxy server, and mobile device. The specific description of each entity is as follows. Edge servers: edge servers provide computation and storage resources for tasks offloaded by mobile devices. These edge servers are considered untrustworthy.
Proxy Servers: thanks to the ubiquitous edge servers, some edge servers can be used as MSS proxy servers. These proxy servers are only responsible for forwarding tasks. Proxy servers are equivalent to virtual routers. Each proxy server can host multiple proxies, and one proxy can only serve one task at a time. Edge servers are numerous and widely distributed. Therefore, using edge servers as proxy servers can effectively reduce extra time overhead and make it easy to find the most appropriate proxy server for task forwarding.
Mobile device: the mobile device deploys the MSS client, which manages all incoming and outgoing traffic. It chooses to offload its tasks to the target edge server through the proxy server, so the edge server only knows the location of the proxy server, not the real location of the mobile device.
We assume that there is a mobile device u, N proxy servers, and m edge servers in our scenario. These devices, including the mobile device and all the servers, are randomly distributed in a two-dimensional plane with dimension 1500 m × 1500 m, and twodimensional distances are treated as their geographical distances. The set of proxy servers and edge servers are denoted as P = {1, 2, 3, . . . , N} and M = {1, 2, 3, . . . , m}, respectively. The mobile device has n tasks and the set of tasks is denoted as t = {1, 2, 3, . . . , n}. The attributes of task i can be defined as , c i is denoted as the total number of CPU cycles for accomplishing the task i, T max i is the maximum deadline for task i. Each task cannot be divided. To protect the location privacy of the mobile device during task offloading, communication between the mobile device and edge servers requires a proxy server. α i denotes the execution position of task i, where α i ∈ {0, 1, 2, 3, . . . , m}. when task i is executed locally, α i = 0. When task i is executed at the edge server j, α i = j, j ∈ {1, 2, 3, . . . , m}. β i denotes the proxy server selection policy for task i, β i ∈ {0, 1, 2, . . . , N}. When the task is performed locally, the choice of proxy is not required, at this point, β i = 0, α i = 0. When task i is offloaded, it must be forwarded through a proxy server j, at this point β i ∈ {1, 2, 3, . . . , N}.

Privacy Model
The leakage of privacy information poses a great risk to users, and privacy protection of task offloading as an important issue in MEC cannot be ignored. Here, both location privacy and association privacy during task offloading are considered.
To avoid the location information leakage of mobile devices, a proxy forwarding policy is used. In the policy, a mobile device does not communicate with an edge server directly, but through a proxy server. As a result, the edge server only knows the location of the proxy server but does not get the real location of the mobile device. According to [30], when the mobile device u offloads task i to edge server j via proxy server k, its location privacy denoted by λ k,j i can be expressed as where P k is the proxy server k and M j is the edge server j. dis(a, b) is the distance between two devices a and b, which is calculated as follows: (2) a x is the position of device a in the x-axis direction and a y is the position of device a in the y-axis direction. b x is the position of device b in the x-axis direction and b y is the position of device b in the y-axis direction. However, in [30], no specific task offloading scenario is considered. In fact, not all tasks need to be offloaded to edge servers for execution.
Therefore, location privacy needs to be redefined. When the mobile device offloads task i to edge server j via proxy server k, the mobile device's location privacy is computed as A smaller value of λ k,j i indicates that the mobile device is at less risk of a location privacy breach when offloading task i to an edge server and vice versa. Then the location privacy of the mobile device u can be expressed as At the same time, association privacy is also an important part that cannot be ignored. Privacy conflict: A privacy conflict exists between two tasks if there is correlated privacy information between them and an attacker can infer some private information about the user of a mobile device based on the information from these two tasks, and harm the user. For example, when three tasks separately containing the identity card number, cell phone number, and bank account number of a user are offloaded to the same edge server, attackers can gain these three numbers from the server, utilize them to get the password of the bank account, and steal the user's property. When task i and task j have a privacy conflict, offloading them to the same edge server will cause association privacy leakage. Privacy conflicts between tasks are considered to minimize the risk of association privacy leakage.
Privacy conflict graph: We can construct a privacy conflict graph for all tasks of a mobile device. In the privacy conflict graph, each vertex represents a task; If there is a connecting line between two tasks, it means that there exists a privacy conflict between these two tasks. Figure 2 is an example of a privacy conflict graph. We can see that task 1 conflicts with task 2 and task 5, task 7 is in conflict with task 3, task 5 is in conflict with task 1, task 4, and task 6.

Privacy conflict matrix:
We can further describe the privacy conflict graph with a privacy conflict matrix, which is an n × n matrix. If there is a privacy conflict between task i and task j, A[i, j] = 1; vice versa A[i, j] = 0. The privacy conflict matrix corresponds to the privacy conflict graph in Figure 2 is The association privacy of a mobile device is measured by the number of privacy conflicts during task offloading. When α i = 0, task i is executed locally; there is no risk of the association privacy leakage. When α i = 0, the mobile device chooses to offload task i to some edge server for execution. At this time, if a task on the edge server conflicts with task i, offloading task i to this server may lead to privacy information leakage. We denote the set of tasks that have been offloaded on edge server j as S j . n s j denotes the number of offloaded tasks on the edge server j. S j [K] denotes the K-th task's sequence number on server j. For example, we offload task 3 to server j when there is no task present on server j. That is, task 3 is the first task on server j. Then, S j [1] = 3. Thus, the association privacy of a mobile device when offloading task i can be expressed as A smaller value of γ i indicates a smaller risk of association privacy leakage and vice versa. Then the association privacy of a mobile device can be expressed as

Time Model
Using proxy forwarding causes additional delays. Additional delays increase the completion time of tasks. If the completion time exceeds the maximum deadline of a task, the task will not be completed, which can seriously affect the quality of the user's experience. Therefore, the completion time of tasks needs to be considered.
Tasks can be executed locally or offloaded to an edge server for execution. When task i is executed locally, its completion time is f u is the computing capacity of the mobile device u and c i is denoted as the total number of CPU cycles for accomplishing task i. When task i is offloaded to an edge server for execution, task i needs to be forwarded through the proxy server. In this case, the completion time of task i includes the transmission time from task i to proxy server k, the transfer time from proxy server k to edge server j, the execution time of task i on edge server j, and the return time of the computation result of task i. As the amount of data returned is small, we do not consider the backhaul time here. Therefore, the completion time of task i is F j is the computing capacity of the edge server j, and c i is denoted as the total number of CPU cycles for accomplishing the task i. R k is the transmission rate from mobile device u to proxy server k, which is calculated as follows: where p is the transmission power of the mobile device u, σ 2 is the Gaussian noise, W is the bandwidth of the wireless channel and l is the path loss factor. R k,j denotes the data transmission rate from proxy server k to edge server j, which is calculated as follows: where p * k is the transmission power of the proxy server k. Thus, the completion time of task i can be defined as The average completion time of mobile device u's tasks is

Problem Definition
After establishing all models, we now give the mathematical description of the studied problem in this paper. The problem is formulated as follows: subject to c1 : β i ∈ {0, 1, 2, . . . , N}, i ∈ t, c2 : α i ∈ {0, 1, 2, . . . , m}, i ∈ t, c3 : c1 restricts that a task can be executed locally or first offloaded to one of the proxy servers from 1 to N for forwarding. c2 indicates that a task can be executed locally or on one of the edge servers from 1 to m. c3 restricts that the completion time of a task cannot exceed its maximum deadline. c4 indicates that a proxy server must be selected when a task needs to be offloaded.

The Proposed Technique
To solve the above problem, a privacy-preserving task offloading algorithm (PTOA) is designed. In the following, we will describe the algorithm in detail.

Task Classification
Before selecting edge servers for offloading and proxy servers for forwarding tasks, we need to partition all tasks into two classes. If a task can be completed locally within its maximum deadline, the task will be assigned to the completable set list 1 ; otherwise, the task will be assigned to the non-completable task set list 2 .

Priority
To better solve privacy conflicts and reduce task completion time, we design two kinds of priorities, one for tasks, and the other for edge servers. The priority for tasks relies on tasks' privacy conflict level and data size.
Definition 1 (Privacy Conflict Level). Denote ∂ i to be the privacy conflict level of task i, and it records the number of tasks that conflict with i. Then we have where n is the total number of tasks.
After that, we show how to calculate the priority of a task. Denote ξ i to be the priority of task i, and it is calculated by The higher the value of ξ i , the higher the priority of task i. High-priority tasks have a larger total number of CPU cycles needed to compute and smaller privacy conflict levels.
Next, we will show how to compute the priority of an edge server. Let ψ j be the priority of edge server j, and then it is calculated by The higher the value of ψ j , the higher the priority of edge server j. High-priority servers have more computing capacity and are closer to mobile devices.

The Policy to Select Edge Servers
We prefer to offload a task with higher priority to an edge server with higher priority. Because the task with higher priority has a larger data size and a smaller privacy conflict level, offloading it to the edge server with higher priority can reduce the risk of association privacy leakage and task execution time. The main steps of the policy to select edge servers for tasks is as follows: (1) For the first task with the highest priority denoted by list 2 [1] in list 2 , we check if there is any task that conflicts with it on the first edge server with the highest priority denoted by M 1 in M. If the answer is no, then we assign list 2 [1] to edge server M 1 ; otherwise, we check if there is any task that conflicts with list 2 [1] on the second edge server with the second highest priority denoted by M 2 in M. If the answer is no, then we assign list 2 [1] to edge server M 2 . Repeat the above operations until we successfully find an edge server for task list 2 [1], or we do not successfully assign the task to any edge server after checking all edge servers. For the former, we remove list 2 [1] from list 2 and go on finding an edge server for the next task in list 2 . For the latter, we still keep list 2 [1] in list 2 and continue to search an edge server for the next task in list 2 . (2) We make the same operations to all the rest tasks in list 2 as we do to list 2 [1]. (3) Moreover, we make the same operations to all the tasks in list 1 as we do to list 2 [1]. (4) After that, if set list 2 is not empty, for each unassigned task in list 2 , we calculate the number of tasks that have privacy conflicts with it on each server, and assign the task to the edge server with the smallest number of tasks that conflict with the task. If list 1 is not empty, all unassigned tasks in list 1 will be processed locally.

Proxy Server Selection Strategy
The choice of a proxy server for a mobile device is important. If the proxy server is close to the mobile device, the approximate location of the mobile device can still be known, thus, causing location privacy leakage. If the proxy server is far from the mobile device, it will cause high latency. For these reasons, a proxy server selection strategy that considers both privacy and latency is designed.
We use η k,j i to denote the loss caused by selecting proxy server k for forwarding task i when it is offloaded to edge server j for execution. The loss η k,j i is calculated as follows: where µ and ω are weighting factors to balance the effect of location privacy and latency. µ ∈ [0, 1] , ω ∈ [0, 1], and µ + ω = 1. If task i is offloaded to edge server j, we select a proxy server with the smallest η k,j i for it. Thus, our proposed algorithm can be described as shown in Algorithm 1. if task list 2 [i] successfully selects a server then 7: Record the edge server selection policy of this task in α and remove it from list 2 .  14: if task list 1 [i] successfully selects a server then 15: Record the edge server selection policy of this task in α and remove it from list 1 . 16: else 17: Retain it in list 1 [i]. 18: end if 19: end for 20: if list 2 is not empty then 21: for each unassigned task in list 2 , assign the task to the edge server with the smallest number of tasks that conflict with the task, and record the edge server selection policy of this task in α. 22: end if 23: if list 1 is not empty then 24: Select local calculation for the remaining tasks in list 1 . 25: end if 26: for i = 1 to n do 27: Select the proxy server with the smallest η i,k,j for task i according to Equation (18) and record the proxy server selection policy of this task in β. 28: end for

Time Complexity Analysis
Here we will analyze the time complexity of the PTOA algorithm, which mainly consists of the following time complexities

Simulation Experiments
In this section, we will evaluate the performance of our proposed algorithm, PTOA, through simulation experiments. First, we will present the specific experiment-related parameter setting. Then, we will display all experimental results and discuss them.

Experimental Parameter Setting
We assume that there are 10 edge servers and 100 proxy servers in the MEC offloading scenario. The locations of mobile device u, proxy servers, and edge servers are randomly distributed in a two-dimensional plane with dimensions 1500 m × 1500 m. There is a 25% probability of privacy conflicts between the tasks of the mobile device u. The bandwidth of the wireless channel is 5 MHz, the Gaussian noise is σ 2 = −70 dbm, and the path loss factor is l = 3. The rest parameter settings for experiments are shown in Table 1.

Simulation Results and Analysis
Since there are no researches having the same MEC scenario as the MEC scenario in our work, like many other similar kinds of research, we only use random offloading (Random), all offloading (All), and local computing (Local) as comparison methods. To ensure stability and accuracy, each experiment is repeated 500 times. In each repetition, devices (including mobile devices, proxy servers, and edge servers) location, the data size of tasks, and server-related parameters are randomly generated. The average result of 500 repetitions is taken as the final result of each experiment.
First, we compare the effect of the number of tasks on the association privacypreserving ability, the location privacy-preserving ability, and the average completion time of PTOA with baseline methods. Specifically, Figure 3 shows the comparison of the association privacy-preserving ability for four methods, All, PTOA, Random, and Local, under a different number of tasks. It is obvious that local computing (Local) has the best protection for association privacy because there is no risk of association privacy leakage. Our PTOA algorithm has the same protection for association privacy as the Local method when the number of tasks is less than or equal to 80. When the number of tasks goes on increasing, PTOA has lower protection for association privacy. However, our PTOA algorithm is superior to the methods of all offloading (All) and random offloading (Random) in terms of protecting the association's privacy all the time. Table 2 shows the comparison of the location privacy-preserving ability of PTOA with the methods All and Random with different numbers of tasks. Since there is no risk of location privacy leakage in local computing, we are not making comparisons here. From Table 2, it is observed that our PTOA algorithm outperforms the methods All and Random in protecting location privacy; compared with all offloading and random offloading, the protection of location privacy by our algorithm is separately improved by 43.09% and 33.95% on average. Table 3 shows the comparison of the average completion time of PTOA with the methods All, Random, and Local with a different number of tasks. It can be seen that our PTOA algorithm achieves the smallest average completion time; compared with all offloading, random offloading, and local computing, the average completion time by our algorithm is reduced by 14.06%, 35.57%, and 75.37% on average, respectively. Second, we compare the effect of the number of tasks on the location privacy-preserving ability and average completion time of PTOA with three other proxy server selection policies, Random proxy, Furthest, and Nearest, as shown in Figure 4a,b. The Random proxy policy is to choose a proxy server for a mobile device randomly; the Furthest method is to select the proxy server which is the farthest from a mobile device among all proxy servers for the mobile device; the Nearest method is to select the proxy server which is the closest to a mobile device among all proxy servers for the mobile device. Since we do not change the server selection policy and the associated privacy is invariant, we no longer discuss the association privacy. It can be seen from Figure 4a that our PTOA algorithm outperforms the Random proxy and Nearest policies in terms of protecting location privacy. Although PTOA is not as good as the Furthest policy in protecting location privacy, choosing the farthest proxy server increases the average completion time of tasks. It can be seen from Figure 4b that our PTOA algorithm is superior to the Random proxy and Furthest policies in terms of average completion time. PTOA is not as good as the Nearest policy in completion time, but offloading tasks to the proxy server closest to the mobile device increases the risk of location information leakage. Moreover, considering that the number of proxy servers and the number of edge servers are not fixed in the actual scenario, we compare the effect of a different number of proxy servers and edge servers on the location privacy-preserving ability and average completion time of PTOA with baseline methods. Tables 4 and 5 show that the comparison of the location privacy-preserving ability and average completion time of PTOA with the methods All and Random with a different number of proxy servers when the number of tasks is 200, respectively. Since we do not change the server selection policy and the associated privacy is invariant, we no longer discuss the association privacy. It can be seen from Table 4 that our PTOA algorithm is 30.32% and 23.28% averagely higher than all offloading and random offloading in protecting location privacy. At the same time, the variation in the number of proxy servers has a minor impact on our algorithm, and, thus, our PTOA has a better stability. From Table 5, it can be seen that when the number of proxy servers increases, our proposed algorithm always outperforms the Random method in terms of the average completion time. When the number of proxy servers is small, that is, less than 40, our algorithm is not as effective as all offloading. The reason for this is that our algorithm requires a trade-off between privacy protection and latency. When the number of proxy servers is larger than or equal to 40, our algorithm is more effective than the All method. This is because there are more proxy servers to choose from, and our algorithm makes it easy to choose a proxy server that protects privacy without having a great impact on completion time. Averagely, it can be seen from Table 5 that our proposed algorithm can reduce the average completion time by 0.8% and 25.60% compared with all offloading (All) and random offloading (Random).  Figure 5 and Tables 6 and 7 compare the effects of a different number of edge servers on the association privacy-preserving ability, the location privacy-preserving ability, and the average completion time of PTOA with baseline methods when the number of tasks is 200, respectively. It is obvious that our PTOA algorithm is still superior to other methods in aspects of protecting association privacy, protecting location privacy, and reducing latency. It can be seen from Table 6 that the protection ability of our strategy for location privacy is 26.03% and 24.66% higher than that of all offloading and random offloading on average, respectively. It can be seen from Table 7 that our strategy reduces the average completion time by 29.98% and 34.25% on average compared with all offloading and random offloading, respectively.
On the whole, simulated experimental results show that our proposed PTOA algorithm outperforms baseline methods in protecting association privacy, protecting location privacy, and reducing latency.

Conclusions
In this paper, we studied the privacy protection problem of task offloading in MEC. Location privacy and association privacy during task offloading are considered. MSS proxy forwarding mechanism is used to effectively reduce the risk of location privacy leakage for mobile devices. A privacy-preserving algorithm is designed to select suitable proxy and edge servers for task offloading, to effectively reduce the risk of privacy leakage and minimize the average completion time of tasks. Finally, we demonstrate the effectiveness and stability of our algorithm through simulation experiments. In future work, we will consider resource constraints, energy consumption, and the cost of devices.

Data Availability Statement:
The datasets generated during and/or analyzed during the current study are available from the corresponding author upon reasonable request.