Analyzing Threats and Attacks in Edge Data Analytics within IoT Environments

: Edge data analytics refers to processing near data sources at the edge of the network to reduce delays in data transmission and, consequently, enable real-time interactions. However, data analytics at the edge introduces numerous security risks that can impact the data being processed. Thus, safeguarding sensitive data from being exposed to illegitimate users is crucial to avoiding uncertainties and maintaining the overall quality of the service offered. Most existing edge security models have considered attacks during data analysis as an afterthought. In this paper, an overview of edge data analytics in healthcare, trafﬁc management, and smart city use cases is provided, including the possible attacks and their impacts on edge data analytics. Further, existing models are investigated to understand how these attacks are handled and research gaps are identiﬁed. Finally, research directions to enhance data analytics at the edge are presented.


Introduction
Edge computing is a distributed systems paradigm that aims to offload selected services of applications from the cloud and bring them closer to the end-user.It is a generic term that captures associated paradigms, such as fog computing, mist computing, mobile edge computing, and cloudlet computing.Services are hosted at the edge of the network on nodes, such as routers, gateways, and micro-data centers.Data generated from end-users or sensors on Internet of Things (IoT) devices or sensors are analyzed and processed on the edge, which is nearer to the data source.Although edge nodes may be resource-limited when compared to the cloud, data analytics on the edge offers three benefits: (i) better responsiveness by reducing round-trip communication latency, (ii) a higher degree of data privacy, and (iii) minimizing the ingress bandwidth demand to the cloud [1].
Security is of paramount importance when using edge nodes for data processing since a large attack surface is exposed.User-generated or sensor data that are transferred to edge nodes must be protected for confidentiality and integrity, even if an edge node is attacked [2].Data must be protected even when attacks, such as Man-In-The-Middle (MITM), Denial of Service (DoS), eavesdropping, and others (to be discussed later), are underway.Many attacks while performing data analytics have been previously understood in the context of the cloud and are inherited by the edge (for example, Man-In-The-Middle (MITM), Denial of Service (DoS), or eavesdropping).Recent security breaches or incidents in edge computing serve to highlight the severity of security risks in this domain.For example, in IoT 2024, 5 124 2020, a vulnerability known as "Ripple20" was discovered, affecting millions of IoT devices across various industries, including edge computing devices.This vulnerability allowed attackers to remotely execute malicious code, potentially leading to data breaches or system compromise [3].Another notable incident involved the exploitation of a vulnerability in the "Treck" TCP/IP stack, affecting numerous IoT and edge devices.This vulnerability, dubbed "AMNESIA:33," enabled attackers to execute remote code execution, DoS attacks, and other malicious activities [4].These incidents underscore the importance of addressing security vulnerabilities in edge computing environments to mitigate the risk of data breaches, system compromise, and other cyber threats.
This article is concerned with security threats in the context of edge data analytics.There are two main reasons why security threats in edge data analytics need to be considered.Firstly, in edge computing, when ubiquitous devices outsource their data for processing to edge servers, vulnerabilities can be exploited for malicious activities on the data.This may be accentuated when there is a lack of data storage auditing services [5].Therefore, data integrity and data authorization will be affected.Secondly, bandwidth and computation-intensive applications, such as augmented reality and video analytics (for example, cognitive wearable assistance [6]), will process sensitive data at the edge.These applications can emerge in the real world only if security threats arising from data analytics at the edge can be mitigated.
Numerous articles have examined security threats in the context of edge computing.They are summarized in Table 1.Twenty-six research articles are presented in the table, and whether they consider threats in edge data analytics, the impact of threats on edge nodes, and if they analyze edge threat models are highlighted.It is noted that most papers explore security in the general sense, but do not focus on edge data analytics.Security issues at the architectural, storage, and communication levels have been presented [7][8][9].Fewer research articles examine security for data analytics at the edge.Examples include considering the computational complexities of existing security models and the security requirements for secure data analytics [10].The threats related to data storage in a transient environment have been considered [11].There is a partial consideration of threats during data analytics in the literature [12][13][14][15][16][17].Similarly, the impact of the threats on edge nodes is partially considered [18,19].This article more comprehensively examines the threats and the impact of threats and analyzes threat models relevant to edge data analytics.
The review method for preparing this article was based on an approach presented in the literature [20].It included defining the objective of the review and the research questions.
The objectives of this review are to: O1.Highlight the edge data analytics process for selected application use cases, including potential attacks and their impact on edge data analytics.
O2. Review the state-of-the-art security threat models to identify how attacks are handled on the edge during data analytics and identify research gaps.
O3. Identify the impact of threats on edge data analytics.
The research questions considered in this article are: RQ1.How do various attacks affect data analytics in edge computing?This will be discussed in Section 4 by considering three use case applications.
RQ2.What are the different security models available to mitigate various data threats?This will be discussed in Section 5.
RQ3.What is the severity of the attacks on edge data analytics?This will be discussed in Section 5.1.
The remainder of this article is organized as follows.Section 2 presents the background to edge data analytics.Section 3 presents a classification of security threats relevant to edge data analytics.Section 4 discusses application use cases.Section 5 reviews the existing security threat models and identifies their impacts on the edge application use cases.Finally, Section 6 presents the challenges and potential future research directions for addressing security threats in edge data analytics.

Analysis of the Threat Model Considered
Remarks [10] Secure data analytics in edge computing × Propose key requirements for secure data analytics and identify pros and cons of existing works on data analytics.[11] Data security in edge computing × × Review different cryptography-based solutions to address data security issues in edge computing.[21] Security issues during authentication schemes for data integrity × × Evaluate existing methods to preserve data integrity in fog and cloud computing and identify their limitations.[7] Security issues in edge computing × × Review security issues in terms of access control, key management, privacy, attack mitigation, and anomaly detection.[22] Security-as-a-Service in multi-access edge computing × Evaluate IDS, secure communication, and access control mechanisms, and propose a secure service deployment framework. [23] Security issues that are caused by adopting virtualization in edge computing

×
Discuss the advantages of adopting virtualization, containers, Uni kernels, and real-time OS in edge computing.Security issues and attacks on these technologies with different use case scenarios are addressed.[24] Security and prevention mechanisms in fog computing × × Comparative analysis of different techniques to address common security issues in edge computing.[25] Security threats in mobile edge computing × Review the advantages of using machine learning techniques to improve network efficiency and handle malicious attacks.[26] Security aspects in fog computing × × × Discuss security issues in edge computing caused due to its operations in the physical environment and the need for interoperability between edge nodes and IoT devices with various solutions.
[27] Security issues in edge, fog, and IoT applications × × × Identify security issues and evaluate authentication and encryption schemes to address these issues. [28] Review of fog-based applications' architecture and security issues at the architectural level

× × ×
Discuss four edge-based applications and security concerns to prevent malicious access and data modification in these applications.
[29] Security issues due to fog infrastructure in various applications × × The present data analytics taxonomy discusses the complexity during data processing with research challenges. [17] Discuss how to improve security issues and protocols in fog computing

× ×
Present a comprehensive survey on overall issues in edge computing.Analyze security models that address location and data privacy, secure communication, and various intrusion systems.[11] Analyze fog computing architecture, security, and trust issues

×
Discuss security issues, various mechanisms, and different technologies to handle data security and privacy in edge computing.[16] A comprehensive review of edge computing security issues with a few proposed solutions δ δ Identify the challenges of the existing security models to handle threats in edge computing and suggest a few solutions that can be applied to a similar edge computing paradigm.

Analysis of the Threat Model Considered
Remarks [8] Security and privacy issues due to fog computing architecture × × × Identify the threats in the edge computing platform.
[30] Challenges due to data security and privacy δ × Justify how cloud data security solutions cannot be applied to edge computing and highlight the importance of addressing this issue in edge computing.
[31] Layer-wise security and threat issues × × Identify the threats in each layer and propose a risk-based trust model to secure the decision-making process and secure data in the edge layer. [14] Review of security and privacy issues to secure fog-based IoT application δ × Identify the threats and security issues related to data storage, computation, and data sharing in the fog layer.
[13] Potential security issues in the fog-based application × Various edge computing solutions are analyzed, and security models related to privacy-preserving, insider attacks, resource management, encryption, and authentication schemes are discussed.[32] Address all the common security and privacy issues in fog computing and identify gaps in the existing security solutions

× ×
Propose solution toward establishing trust, secure communication channels, and privacy-preserving schemes. [33] Concerning security and resilience edge and fog computing architectures are analyzed × × × Address issues related to virtualized infrastructure and software-driven communication.
[12] Using fog computing, how to secure healthcare data is discussed × × Propose encryption algorithms to secure data on the edge layer. [19] MITM attacks are studied exclusively by CPU and memory consumption on fog devices

× ×
Present authentication and authorization techniques to protect edge nodes from an MITM attack. [34] Security threats when adopting edge computing in IoT applications

× × ×
Review existing security models that address MITM, intrusion detection, malicious nodes, and data protection models.[18] Security threats that affect the confidentiality, integrity, and availability of the architecture

× ×
Discuss the advantages of adopting edge computing in IoT applications.
Recommend a few solutions to address the vulnerabilities and threats due to adoption.

Current study
Security issues on edge nodes that affect decision-making and analytics of the applications Review potential threats that affect edge nodes and disturb the normal functioning of applications.Identify research gaps in existing security models.

Edge Data Analytics
Edge data analytics allows preprocessing data for obtaining real-time decisions.The data flow is similar to that on the cloud, with the difference that edge resources process data.The data analytics process will need to consider the following five aspects: (a) data source, (b) content format, (c) data storage, (d) data staging, and (e) data processing [35].Data processing on edge nodes enables real-time interactions.The flow of data in an edge computing layer sandwiched between the cloud and end-user devices layer (referred to as the Internet of Things (IoT)) is shown in Figure 1.In edge-based IoT applications, sensing, collecting, and analyzing the data depend on the types of services they provide.
data.The data analytics process will need to consider the following five aspects: (a) data source, (b) content format, (c) data storage, (d) data staging, and (e) data processing [35].Data processing on edge nodes enables real-time interactions.The flow of data in an edge computing layer sandwiched between the cloud and end-user devices layer (referred to as the Internet of Things (IoT)) is shown in Figure 1.In edge-based IoT applications, sensing, collecting, and analyzing the data depend on the types of services they provide.A data processing model has been proposed for edge computing systems [36].Heterogeneous data are collected from ubiquitous devices and pushed forward through communication channels to preprocess.Real-time analysis and decision-making occur to support quick responses to the applications on IoT devices.The services offering real-time analysis may be transferred to the cloud.Data processing depends on the information gathered from the hierarchical edge layer, how quickly the data are collected, and how they trigger the specific services for decision-making.The components that support this process are shown in Figure 2.  A data processing model has been proposed for edge computing systems [36].Heterogeneous data are collected from ubiquitous devices and pushed forward through communication channels to preprocess.Real-time analysis and decision-making occur to support quick responses to the applications on IoT devices.The services offering real-time analysis may be transferred to the cloud.Data processing depends on the information gathered from the hierarchical edge layer, how quickly the data are collected, and how they trigger the specific services for decision-making.The components that support this process are shown in Figure 2.
data.The data analytics process will need to consider the following five aspects: (a) data source, (b) content format, (c) data storage, (d) data staging, and (e) data processing [35].Data processing on edge nodes enables real-time interactions.The flow of data in an edge computing layer sandwiched between the cloud and end-user devices layer (referred to as the Internet of Things (IoT)) is shown in Figure 1.In edge-based IoT applications, sensing, collecting, and analyzing the data depend on the types of services they provide.A data processing model has been proposed for edge computing systems [36].Heterogeneous data are collected from ubiquitous devices and pushed forward through communication channels to preprocess.Real-time analysis and decision-making occur to support quick responses to the applications on IoT devices.The services offering real-time analysis may be transferred to the cloud.Data processing depends on the information gathered from the hierarchical edge layer, how quickly the data are collected, and how they trigger the specific services for decision-making.The components that support this process are shown in Figure 2.  Data Collection-All devices are the primary source to generate data.The devices may be electrical appliances, homes, or embedded systems connected with the unique Internet Protocol (IP) to establish connection and communication among them.Edge nodes closer to devices collect data and support computation for the IoT devices' applications by offloading tasks across the cloud and edge nodes.Various deployment models deploy the task as middleware between the cloud and IoT devices with efficient resource utilization [37].
Data Storage-Data collected from devices can be stored in either the device or on edge nodes in virtual machines or containers [38].Typical efficient storage relies on techniques such as mapping, hashing, clustering, replication, indexing, and so on.Data are collected in clusters and sent to the storage devices [39].In indexing, indexes are created based on the extraction, recognition, and labeling of real-time data, such as video streams or social media data [40].In replication, the data are duplicated to support the data-intense applications by encapsulating the coherent data logically [41].
Data Processing-IoT verticals, abstraction layers, and orchestration layers are the three components responsible for data processing in edge computing architectures.IoT verticals include the application that is in use.They provide multitenancy to host the application on edge data servers and provide flexibility and interoperability to the edge nodes.The abstraction layer provides a uniform virtualized platform through a generic API to monitor, provision, and control physical resources.The orchestration layer includes data API and orchestration layer API, which are responsible for node placement or node selection, run-time monitoring, control during execution, and optimizing data-driven decisions [42,43].
Data Analytics-Data collected from IoT devices are preprocessed on the edge nodes through intensive real-time task analysis.This establishes real-time interactions between the edge nodes and the users.For example, generating a diagnosis report for a doctor to treat the patient remotely [44] or traffic signal detection for unmanned autonomous vehicles [41].The volume of data that may be challenging for the edge nodes to analyze is pushed to the cloud for more complex data analysis [45,46].Machine learning (ML) algorithms are usually employed to provide long-term predictive decisions [47].

Decision-Making in Edge Data Analytics
Data analytics and decision management are two critical components of decisionmaking.The report generated from data analytics is used by the decision management component to identify what decisions should be made.For example, in traffic management applications, information about traffic density, vehicle-specific data, and movement of other vehicles and pedestrians are collected to perform quick data analytics and generate decisions on traffic flow.Hence, agility in decision-making triggers the business process, resource utilization, and customer satisfaction.Based on agility, decision-making is divided into predictive and reactive models: (i) Predictive models rely on the cloud to collect large amounts of data and perform long-term data analysis to identify the best decisions.They evaluate decisions based on various policies in the applications and improve the predictive analysis over time.(ii) Reactive models respond to an event with reactive decisions within a short time interval.These models achieve real-time support without focusing on what the system might look like in the future.The key characteristics of real-time support are the most suitable for edge computing applications.To obtain a decision at an adequate response time, edge nodes have to be placed closer to IoT devices [48].Whether services need to be placed on the cloud or edge is an optimization problem [49].
However, when edge nodes are scattered and placed closer to IoT devices, monitoring these nodes will be challenging.Geographical factors, such as network infrastructure and regulatory environments, significantly influence the design and deployment of edge security solutions [50].In regions with limited network infrastructure, edge security solutions must adapt to unreliable or slow connectivity, potentially requiring decentralized architectures to ensure data processing and threat detection can occur locally [51].Regulatory environments, such as GDPR (General Data Protection Regulation) or HIPAA (Health Insurance Portability and Accountability Act of 1996), dictate strict requirements for data privacy and security, impacting how data are stored, processed, and transmitted in edge computing environments [52].Compliance with these regulations may necessitate additional encryption measures, data residency requirements, or auditing protocols in the design of edge security solutions.Moreover, variations in network latency due to geographical distances can affect the responsiveness of security measures, prompting the optimization of algorithms or deployment strategies to accommodate latency-sensitive applications.Additionally, geographical factors influence physical security considerations, as edge devices deployed in remote or inaccessible locations may require robust physical protection against tampering or unauthorized access [53].Overall, accounting for geographical factors is essential in designing and deploying effective edge security solutions that address the unique challenges posed by different environments.Intruders can easily compromise and gain access to the edge layer, and thus they can mine or steal data that are exchanged among edge nodes [54].In cloud computing, there are regulations and obligations for data protection, as per the European Commission [38].However, no such standards exist in edge computing, which makes them vulnerable to security attacks.In the next section, the security models that affect decision-making and the normal functioning of an application are reviewed.

Security Threats during Edge Data Analytics
Security threats during edge data analytics can render edge infrastructure vulnerable to attacks or create breaches that could be exploited later.Compared to traditional data processing environments, such as data centers or cloud platforms, security measures in edge data analytics primarily focus on centralized servers and network infrastructure [55].However, in edge data analytics, where processing occurs closer to the data source on distributed devices, unique security challenges arise, including physical security threats, such as theft or tampering of edge devices, network security threats, such as Man-In-The-Middle attacks on data transmitted between edge devices and central servers, and device compromise risks due to limited resources and security features on edge devices [56].Additionally, edge data analytics introduces specific concerns related to data privacy and integrity, as sensitive data are processed locally at the edge, emphasizing the importance of securing data at the source.
Security breaches in edge data analytics can have severe consequences for data privacy and system integrity, potentially violating regulations such as GDPR or HIPAA [57].Unauthorized access or exposure of sensitive data can result in legal penalties, loss of trust, and reputational damage [58].Integrity breaches can lead to inaccurate insights, posing risks to safety in critical systems [59].Data manipulation can deceive users or automated systems, impacting decision-making [60].Service disruptions may occur, impacting business continuity and customer satisfaction, while financial losses can stem from remediation costs, regulatory fines, and revenue loss.Intellectual property theft can undermine competitiveness and innovation [61].
Appropriate threat models are used to safeguard applications against attacks, representing the system it is running on, the users, and potential attackers.The growing number of research articles on security, privacy, and threats underscores the importance of addressing these issues in evolving edge computing applications.Table 2 summarize the related studies by following the Open Fog reference architecture presented by the Industrial Internet Consortium that categorizes threats based on attack venues: insider attack, software attack, hardware attack, and network-based attack, all of which violate confidentiality, integrity, authentication, availability, and data privacy.
Insider attack: An insider attack is caused by authorized users intentionally misusing the system and network to exploit.The majority of threats occur due to insider attacks [62].
Once the user gains access to the organization, it is effortless to implement an insider attack.There are very few opportunities to detect and prevent attacks.Host-based and networkbased detection techniques are used in cloud computing to identify insider attacks [63].
Hardware attack: In a hardware attack, the attacker gains physical access to the system to obtain the information or modify its behavior.In many cases, covert or overt are the two types of hardware attacks [36].Covert attacks are when the victim is unaware of the attack, and overt attacks are when the victim is aware of the attack on the system.A side-channel attack is a typical covert attack.
A hardware attack's main intention is to disrupt the normal working of the hardware or deny services, leading to system security failures [64].
Software attack: Software attacks are considered an indirect attack in many cases, as the attack is against software modules that run on a system.The attackers usually know the inner workings to launch an attack [65].The attacker extracts information by introducing rogue applications or trojan horses in the system [66].
Network attack: A network attack is the most common attack that bypasses the security mechanisms of the victim.The attackers identify loopholes, bugs, and misconfigurations in the services and disturb normal network activities.Usually, the attacker launches this attack in four steps: gather network vulnerability information, compromise any nodes in the network, attack using a compromised node, and finally, clear the attack history in the activity log [67].

Motivating Use Case Applications
Various industries, including healthcare, transportation, and smart cities, leverage edge data analytics to derive real-time insights and enhance operational efficiency [86].In healthcare, edge computing facilitates remote patient monitoring, medical imaging analysis, and wearable health devices, while facing security challenges related to patient data confidentiality, regulatory compliance, and medical device security [87].In transportation, edge data analytics enables real-time traffic monitoring, predictive maintenance, and autonomous vehicle operations, posing security challenges such as protecting connected vehicles from cyberattacks and ensuring the integrity of navigation data [88].In smart cities, edge computing supports smart energy management, public safety monitoring, and urban infrastructure optimization, with security challenges including safeguarding citizen data privacy and protecting critical infrastructure against cyber threats [89].Addressing these unique security challenges requires industry-specific security measures, robust encryption, access controls, and ongoing security assessments to ensure the integrity and security of edge data analytics deployments across various industries.
The integration of edge computing for smart applications can improve the user experience by enhancing the computing efficiency.This has resulted in adopting edge computing for various use cases, including healthcare, traffic management, and smart city applications.In this section, the use cases are reviewed and tabulated in Table 3.The use cases are studied in the following section to understand the edge aspect of the applications, the working model, and how they contribute toward decision-making.Any attacks on these applications will adversely affect the decision-making process by falsifying information, hacking confidentiality, and privacy, and all these are studied further.

Healthcare Applications
The use of healthcare applications is rapidly increasing since they offer mobility, regular monitoring, periodic updates, and real-time interactions during an emergency.In many healthcare applications, typical end-users are elderly patients who require special attention and supervision.They use devices, such as smartwatches or smart glasses, with various sensors, accelerometers, gyroscopes, and GPS.These devices are interconnected and process patients' information, which requires high levels of privacy and integrity.
In the present context, COVID-19 is a fast-spreading chronic illness that requires monitoring of infected patients to control the rapid spread.Artificial intelligence (AI)integrated edge computing is proposed to provide real-time processing of a patient's health data to predict whether the patient is infected or not [90].The edge node contains AI units and a medical database capable of collecting, storing, processing, and generating alert messages.The AI unit uses ensemble-based techniques to perform clinical diagnoses and generate alert messages.The decision is based on the risk score estimated using an AI model.This triggers an alert message to the doctors and assists them in taking immediate action to quarantine the infected patients.Although AI supports the overwhelming decision-making process, it is proven that AI increases the computation load on the devices.In case of any attack on AI models, they become vulnerable to threats and lose their reliability [91].This may result in delaying the alert message to the doctors and degrading the efficiency of the application.Similar applications were proposed for the Chikungunya virus diagnosis.This application uses Social Network Analysis (SNA) to predict the virus outbreak.SNA graphs generate relative scores for each region and identify the critical region.Based on this, appropriate alert messages are generated [92].Cancer prediction and monitoring applications use data gathered in the healthcare system for decision-making based on neuromorphic multi-criteria [93].These decisions help the specialist to determine the level of symptoms and provide quality services.There are several instances where cancer patients' data were hacked through cyber-attacks [94].
There are few fall detection applications available for patients suffering from stroke [95,96].In these applications, sensors, edge gateways, and access points are interconnected in the Low-Power Wide-Area Network (LPWAN).They monitor electroencephalography (EEG), electrocardiography (ECG), electromyography (EMG), blood pressure, and contextual data, such as temperature, humidity, and air quality.The combination of health data and contextual data assists in improving the accuracy of prediction.Low Bluetooth energy in LPWAN reduces latency during data transmission.When the fall is detected, a notification via smartphone is sent to the caregivers.However, if the body blocks the electromagnetic signal transmissions in some postures, it may either reduce the quality of the link or make communications within body devices impossible [97].
eWall is an advanced home sensing environment with e-health and e-solution for elderly patients to live independently.Elderly patients may suffer from declining memory functions, cardio-pulmonary conditions, neuro-muscular control movements, and so on.This application provides an effective solution to address all these societal challenges.It includes: (i) eWall devices, such as sensors and actuators, (ii) home sensing middleware to connect devices, collect, query, report, and store data, (iii) a local context manager to analyze human and non-audio/video perception processing, and (iv) a cloud to monitor complete infrastructure communication.The services provided by this application are daily activity monitoring (such as jogging, cycling, and gardening), daily functions' monitoring (such as shopping, walking in the park, cooking, sleeping, eating/drinking, socializing, mood status, self-care, and chores), healthcare support through teleconference with a medical professional, and caregiver notifications.Ubiquitous devices, such as sensors, accelerometers, gyroscopes, GPS, utility sensors (such as gas, electricity, and bed), passive infrared (PIR), and audio/video sensors are interconnected with Bluetooth or Zigbee technology to provide these services.The data transmission rate in this technology is very low [98].The health Fog framework is another application where hospitals, clinics, and smart homes are equipped with sensors, actuators, smartphones, and other smart devices.Medical professionals monitor patient's sedentary lifestyle, which affects their health, and advise physical routines, diets, and other plans to pursue a healthy lifestyle.This is a patient-centric application to improve human health and well-being with suitably engaging technologies [99].
In the healthcare system, implementing security measures entails several ethical considerations.These include safeguarding patient data privacy and confidentiality, obtaining consent for data usage, ensuring patient data ownership and control, addressing biases in algorithms, promoting transparency and accountability, and prioritizing patient safety [100].However, in healthcare applications, since devices are connected in WPAN (Wireless Personal Area Network) or BAN (Body Area Network), this makes the network vulnerable to potential attackers who can anonymously sneak into the devices, listen to all traffic, hack personal data, and exploit the system [101].Common threats identified in healthcare applications include insider attacks, software attacks, and hardware attacks.Among these, insider attacks cause severe damage because the attacker pretends to be legitimate and can take control of the communication channel or devices [102].
Observation #1: The quality of medical services is improving tremendously due to the integration of AI and edge computing.The health applications are serving as a powerful tool for the medical field to monitor and control the spread of fatal diseases.Despite these advantages, as the data volume increases, AI computation tasks increase.This can drain the computation, network, and storage capacities of the edge infrastructure and affect its performance or reliability.
Observation #2: The sensors and the devices in the healthcare applications are connected in WPAN, Bluetooth, ZigBee, or WBAN.Even though these networks are energy efficient, they have a lower network range than Wi-Fi and cellular connections.This may decrease the necessary bitrate for biomedical signals, such as ECG or EEG.If the patient wears several body sensors, the transmission of electromagnetic signals may become blocked due to some body postures affecting data transmission.

Traffic Management Applications
VANET (Vehicular ad hoc Network) and VSDN (Vehicular Software-Defined Networking) are the standard networks used in most edge-based traffic management applications.The importance of these networks is to improve driving efficiency, navigation, and information exchange in a decentralized network structure.A Vehicular Fog Computing (VFC) network enables traffic schemes for traffic management and road safety in a decentralized network structure.Events such as traffic jams, car accidents, and road surfaces are uploaded to edge nodes, which are closer to the roadside units.Some data generated at this level can be used for vehicle-level decision-making, while other data are processed by the servers in the edge layer and pushed to the cloud.The traffic management server on the cloud is responsible for broadcasting feedback messages to vehicles through the edge nodes at roadside units [103].When the data are transmitted to different nodes, a lack of authentication can lead to malicious activities, such as hacking users' personal data or affecting the consistency of data [104].
A vehicular network collaboration using VSDN is used to assist various services, such as autonomous driving, collision avoidance, accident detection, fast rescue, emergency traffic prioritization, emergency message dissemination, remote video analysis, and so on.This technique enables handling most of the software attack efficiently, but tracking location and a few network attacks, such as sinkhole, sniffing, and spoofing, are challenging [105,106].The vehicles behave as a content provider or consumer simultaneously, so tracking them for process discovery or process request is very easy.Once these vehicles are tracked, they can be easily made unreachable and isolated from the network [107].The virtualization in VANET is still evolving and there are no standards to integrate wireless communication mechanisms, as in IPv6.Therefore, they are more prone to attacks such as DDoS and network pattern analysis [108].
The 5G-based intelligent transport system was developed to track traffic violation reports using vehicles' speed sensors.It was based on security protocol to verify locationbased information with a digital signature [109].The edge nodes aggregate multiple speed violation reports, verify, and broadcast anonymous notifications to other entities in the vicinity.Considering these reports, the transportation authority generates the decisions on vehicles' traffic violations.The digital signature mitigates the risk of jamming, privacy violation, and false injection threats.Hence, the privacy of information and location, mutual authentication, traceability, data confidentiality, and integrity are achieved.However, hardware attacks, such as physical damage to sensor nodes or blocking communication channels, are not considered.These attacks can cause the edge nodes to wait indefinitely for the data [110].
Observation #3: In VANET, data are traversed from different nodes and regions.There is high mobility and uneven distribution of vehicles in the network.This makes selecting appropriate relay nodes challenging and results in consistency liability of data.Therefore, there is a need for an efficient correlation mechanism to address data inconsistency.
Observation #4: The 5G, SDN, and virtualization technologies are broadly adopted in VANET applications.They support traffic programmability, agility of services, and create policy-driven network supervision.However, it will be challenging to achieve reliability, abstraction, performance, scalability, and security by virtualizing the network infrastructure for edge computing.

Smart City Applications
Smart city applications have enhanced the living standards of the users [111].IoT devices play a vital role in these applications to collect and sense real-time data.They collect users' data pertaining to city supervision and utilities (gas, lighting, etc.).In a video summarizing framework, the edge nodes collect the captured videos and create an embedded vision.Further, it is pushed to the centralized servers in the edge layer connected through internet gateways.The servers operate as master nodes, and these master nodes control the edge nodes.The servers offload the embedded vision to the cloud through the MQTT communication protocol.The embedded vision reduces bandwidth consumption to the cloud significantly [112].The MQTT protocol is prone to many threats, such as DoS, flooding, spoofing, tampering, and denying access control [113].These threats result in maliciously dropped or delayed information, capture of transmitted data, send infinite false details, contribute to degrading decision-making efficiency, and block the resource for processing nodes [113].
A smart meter application is used to collect data on energy consumption.The collected data are aggregated by the edge nodes and transferred to the cloud.The edge computing layer includes smart meters to sense data, distribution transformers in the respective geographic region, and a meter data management system at the substation level.The data management system performs distributed data aggregation to summarize data before sending it to the cloud.The routing protocols are used to transfer the data with multiple hops to the destination [114].The routing protocols can be prone to attacks, such as eavesdropping, network pattern analysis, jamming, spoofing, data alteration, message replay, and DoS [115].In a smart lighting application, the controller node monitors the streetlight switches when vehicles are approaching [116].The smart lighting is further enhanced by interconnecting to a smart city system for public safety.It includes various sensors, such as a video camera or gun-shot detection sensor, and datasets such as weather or traffic data.This application helps users to navigate the safest route based on pedestrian count and road traffic.Google map API is used to assist navigation for the users.In case of an emergency, such as accidents or theft, the users can press the emergency call button and streetlights begin to pulse immediately.The responder can locate the emergency by identifying pulsing streetlights nearby.The brightness of the streetlights and pulse are between 10% to 100%, making it visible to pedestrians and emergency responders.This application also includes secure communication protocols to mitigate cybersecurity threats, such as DoS, eavesdropping, session hijacking, and MITM [117].Similarly, in the smart pipeline application, the controller node detects a fire or gas leak and closes the gas pipeline.Fiber optic sensors and sequential learning algorithms on edge nodes are used to detect events threatening pipeline safety [118].The common threats anticipated are equipment sabotage, jamming, eavesdropping, tampering, and sinkhole attacks.These attacks can alter decisions, block the edge nodes from processing, or even isolate the edge nodes.
Observation #5: There are many sensors, IoT devices, and edge nodes connected in the smart city applications.They collect and process data in the long term to obtain deep sequential resolution.This advancement greatly reduces the power consumption of the devices while maintaining the same performance.Therefore, there is a need to preserve the longevity of devices and edge nodes.
Observation #6: Smart city applications continuously collect users' sensitive data for a long time and store them in the edge layer for processing before transferring them to the cloud.Any threats to the data stored can lead to catastrophic events, such as information theft or identity fraud.Lack of security measures can compromise the stored data and lead to a loss of public faith and affect the reputation of the applications.

Analyses of Existing Security Threat Models
As discussed in the previous section, edge computing has a potential number of applications in healthcare, traffic, and smart cities. Edge computing applications reduce the data flow to the cloud, provide uninterrupted connection, and improve the performance of the application.They also offload some part of the analytics from the cloud data center to the edge of the network, which leads to security and privacy issues.When the computation gets closer to the edge of the network, end-user devices and edge data centers become vulnerable to security threats.Therefore, it is necessary to build an expansive network with minimal vulnerabilities.This section summarizes the existing security models that have addressed the threats and built a secure edge computing layer.The findings with limitations are tabulated in Table 4.There are various mechanisms in the edge computing paradigm to handle the threats.Based on this mechanism, the available models are categorized and studied in this section.

Intrusion Detection System
In many security threat models, intrusion detection is the most widely adopted mechanism to identify an attack.The intrusion detection system (IDS) monitors network traffic to detect attacks and sends an alert message to the network administrator.There are two main types of IDS: anomaly-based IDS and signature-based IDS [143].Anomaly-based IDS is based on identifying the normal system's anomalous behavior.It involves collecting data over a specific period, performing analyses, and determining whether the system's behavior is legitimate or not.The standard techniques used in anomaly-based IDS are data mining, statistical modeling, and the hidden Markov model.This approach is mainly employed when attack types are unknown and to reduce the false alarm rate [144].Adaptive IDS is used to identify the anomalies, such as misuses, cyber-attacks, or system glitches, on the edge nodes.These anomalies can prevent data transmission on edge nodes or perform accurate automated actions.Adaptive IDS detects when the edge nodes are compromised and takes the required actions to ensure communication availability.Memory, CPU usage, and buffer utilization are the metrics used to measure against replay, flooding, and DoS attacks [125].
Signature-based IDS is based on a predefined attack pattern of an intruder stored in the system.The attack pattern is widely based on network traffic analysis.In case of any changes in the pattern, the network administrator can detect with high-level accuracy.However, this cannot be used for unknown or undefined attacks in IDS [144].The combination of an anomaly and signature-based IDS is used to identify the patterns of attack signatures.Field Programmable Gate Arrays (FPGA) are used as edge gateway nodes, and IDS is incorporated on these nodes.FPGA are computationally intensive nodes capable of identifying when the edge network traffic changes.The Wu-Manber algorithm used in snort is used in FPGA as a signature-based IDS, while the adaptive threshold and change point detection algorithm are the two anomaly-based IDSs used.Snort is a regular expression-based engine used to identify the patterns of attack signatures [138].Although this system efficiently identifies many attacks (DoS, SYN flooding, and port scanning), it executes at a generic level.To implement in a real-time scenario, the system's level of acceleration must be increased.

Combination of an Intrusion Detection and Intrusion Prevention System
The IDS and intrusion prevention system (IPS) methods are used together to identify an MITM attack and its variants, such as eavesdropping, packet modification, and wormhole attacks, on the edge computing layer.This system includes two types of nodes: the edge node and IDS node.When an IDS node identifies a compromised edge node or an intruder, it informs the neighboring edge nodes and disconnects the infected node.Later, to prevent the attack, IDS nodes acquire a key from the cloud and distribute it to the edge nodes to prevent intrusion.The proposed system uses the Advanced Encryption System (AES) symmetric encryption technique, and an encryption key is exchanged using the Diffie-Hellman key exchange.It is a lightweight encryption technique to periodically interrogate edge nodes that are one hop away.Even if the attacker identifies the IDS, it is challenging to predict the nature of the IPS [122].In any wireless sensor network or ad hoc network of the edge computing layer, malicious nodes may unduly assign higher priority to source packets and lower priority to transit packets and launch a traffic remapping attack through multi-hop.These attacks are easy to launch, impossible to prevent, hard to detect, and harmful to genuine edge nodes.Thereby, the security threats posed by malicious nodes are aggravated by multi-hop [145].

Automated Intrusion Detcetion System
The automated IDS is used to identify cyber security attacks on the edge computing layer.The traffic analysis engine and recurrent neural network classification engine are deployed on the edge nodes.The traffic analysis engine preprocesses the traffic connection record leading to traffic data and classifies them as normal or attack data.Later, the recurrent neural network classification engine generates a security alarm using the backpropagation algorithm to inform the other edge nodes [140].

Machine Learning-Based Intrusion Detection System
The machine learning (ML)-based IDS is broadly adopted in a security system [146].ML-based intelligence systems can easily detect different types of attacks according to normal and attack behaviors.Simulated annealing algorithms are incorporated on mobile edge nodes to detect anomalies and secure data transmission in edge assisted IoT applications.This ML algorithm uses backpropagation of the neural network to identify abnormal data that do not follow the characteristics of normal data.Later, the radial basis function of the neural network is used to detect multiple attacks in the periodicity of data generation [147].Multi-channel attribute-based IDS is another approach, which uses the received signal strength, direction of arrival signal, and channel impulse response to identify spoofing on the edge network.The improved local heuristic-based cluster algorithm is used, and it reduces the edge node computational complexity compared to the single attribute detection technique [81].Overall, it is observed that the ML-based IDS provides high detection accuracy and computational efficiency for data-based intrusion detection.

Cryptography-Based Systems
The cryptography technique is a mechanism of converting plain text into cipher text using encryption/decryption techniques and a private or public key.It protects confidential data from unauthorized access in a wireless communication network [80].Identity-based hierarchical architecture for edge computing is proposed to provide data security in the edge layer.This architecture uses an identity-based asymmetric cryptography method that includes four phases: setup phase, extraction phase, encryption phase, and decryption phase.The unique secret key is generated to every edge node and reserves each node's security separately.The key's complexity is enhanced by using a private key to decrypt, and this key is known only to the root key generation center [127].Combining bilinear pairing cryptography with the decoy technique is used to secure private medical data in edge-based healthcare applications.Two copies of medical data are created-original and default.The original data are secured in the cloud, while the default data are shared on the edge layer.The default data are used in the honeypot as a decoy for the attackers.When the user requests their medical data, default data are shared.Later, user profiling, key exchange, and authentication algorithms are used to verify the authenticity of the user.After confirmation, access to the original data in the cloud will be granted [12].
A multi-encryption technique is used to establish mutual authentication between edge users and edge servers.This includes three phases: initialize, register, and authentication.Pseudonym-based encryption is used to initialize and register the user.The authentication phase uses session keys to secure communication between edge users and servers.The session keys and series of patterns are generated using elliptical curve cryptography, bilinear pairing, pseudonym-based identity-based encryption (IBE), and pseudo-random number generator (PRNG).It is challenging for the attackers to predict the pattern and break into the system [133].The Q-learning algorithm-based security framework is another cryptography model used to identify impersonation attacks in the edge layer.The attributes of the communication channel between edge nodes and users, such as the signal strength, channel frequency response, and channel state information, are used to perceive the attack [78].Cryptography techniques secure data transmission and prevent data theft, unauthorized data access, and system hacking in the edge layer.It will be challenging for any adversary to decrypt the private key and gain access to the system.
In identity-based cryptosystems, a private key generator (PKG) is a trusted third-party entity.It maintains the private key for all users and establishes trust in the system.This process of storing the keys is called key escrow.However, if any key is lost or compromised, then it can be used to decrypt data and permit restoring original data in an unencrypted state.This is a key escrow problem that can occur in PKG [148].Simple cryptography techniques are based on computational infeasibility and incur too many resources to compute.Addition of cryptographic techniques in edge computing may cause processing delays in the edge computing layer [80].

Authentication Scheme in the Edge Computing Layer
The authentication scheme in the edge computing layer is the process of validating edge users, nodes, and servers who request access to the system.This prevents access of confidential information by unauthorized users and secures data from threats such as data leak, data breach, and data alteration [77].A password-based secure communication protocol is used to establish mutual authentication among user, edge devices, and the cloud server.This protocol uses session key agreement to transmit sensitive data in the network [129].However, password-based authentication systems are susceptible to protocol weaknesses that can be exploited by keystroke logging, Google hacking, wiretapping, and side-channel attacks.Even potentially strong passwords are prone to brute force dictionary attacks [149].

Hybrid Models
Hybrid models are used when the available models are not accurate enough to reduce instability.The state-of-the-art hybrid models present sufficiently high accuracy and attack detection rates.The hybrid binary classification method using the k-Nearest Neighbor (kNN) algorithm is used to identify DoS and its variants on the edge nodes.Each edge node performs intrusion detection locally without any interaction with the cloud and reports only the summary of detection, thus avoiding latency.Each edge node monitors network data traffic to identify malicious nodes and initiate the countermeasures [139].This method can be adopted in any edge computing application, and based on the requirements, the IDS can be implanted on the edge nodes.The naive Bayesian classifier approach-based hybrid model is used to detect DDoS attacks in edge networks.This method combines the Markov model and Virtual Honeypot Device (VHD) to reduce the false alarm rate.The two-stage Markov model analyzes each edge device to identify attacks, and the hidden Markov model determines the future states of the devices.Based on the prediction of the future state, the edge devices are sent to the VHD [90].The VHD is a simulated virtual computer at the network level.It closely monitors the network and distracts the adversaries in the network by providing an early warning.The honeypots gather information through frequent interaction and notify the defender in case of attacks.However, the frequent interaction can compromise the network and make it vulnerable [150].
A similar approach is used to identify malicious edge devices in the edge computing layer [134].The advantage of hybrid models is early detection of malicious nodes, the reduction of false alarms, and adaptability to any application framework.Similar to the VHD, decoy is another method used to provide the attacker with fake information or evidence and trap the attacker.The combination of an offensive decoy and user behavior profiling is used to identify data theft by insider attack in the edge computing layer.User access behavior profiling maintains a log of each user and validates them.When the system identifies any unauthorized access, the offensive decoy method asks challenging questions to verify authorization.It identifies the attacker based on the reply.However, generating and shuffling decoy questions may increase the run time [137].

Application-Specific Security Models
An edge computing-based fault diagnosis system is used to monitor hardware defects in hydro-power plants.This is an extension of the cloud-based system, where edge computing is used to provide parallel fault diagnosis with sufficient computational and bandwidth capacity.Edge nodes are used as a Strom-based computing unit.This creates a cluster of spout and bolt nodes, similar to the master-slave architecture.The performance of the hydro-power plant is extracted from different sensors connected to the bolt nodes.Spout nodes compare with standard fault cases stored in the database and report to the cloud in case of errors [132].Similarly, an edge-based security framework is used for the Intelligent Traffic Light Control System.The edge nodes are used as a roadside unit to monitor specific regions and broadcast encrypted messages sent from the cloud server to vehicles [131].

Container and Consensus Protocols in Edge-Based Security Models
The container-based model is used to secure distributed computing in edge computing infrastructure.This model secures any IoT application deployed on edge computing infrastructure from hardware memory attacks and provides secure execution of application on the remote host.Linux containers are deployed on each edge node and container-based map to reduce prototypes for secure computing.It includes a remote attestation mechanism at the master node to validate the containers as a trusted node.Only trusted containers are integrated to the cluster, and un-trusted containers are discarded [151].Hence, the protocol provides a secure and trusted execution with reasonable performance overhead.Containers in edge computing provide lightweight virtualization to support high interoperability and scalability among edge nodes with minimum performance overhead.Therefore, the containers are more suitable to enhance security in edge computing [152].The consensus protocol is a primitive peer-to-peer message passing protocol that interacts randomly with other nodes and performs computation locally.A decentralized gossip consensus algorithm is used to identify insider attacks in neural network models.The consensus algorithm supports edge nodes to exchange information with neighboring nodes without any supervision.Considering this behavior, each node in the neural networks is trained to detect the attack online.The consensus algorithm has a significant advantage of monitoring the applications without a central controller and achieving scalability [126].However, the consensus algorithm can increase the run time during implementation and deplete the edge nodes' resources [153].

Bridging Gap with Cloud Security
Security measures in edge and cloud computing aim to protect data integrity, confidentiality, and availability.Fundamental techniques, such as encryption, authentication, access control, and intrusion detection systems, are employed in both paradigms to mitigate external threats and unauthorized access.However, the implementation of these measures varies between edge and cloud environments [154].Edge computing operates in decentralized, resource-constrained settings, necessitating lightweight security solutions tailored to edge devices and networks.In contrast, cloud computing benefits from centralized management and ample computational resources, enabling the deployment of more sophisticated security measures, such as advanced threat detection algorithms [155].While edge computing emphasizes real-time processing and proximity, cloud computing prioritizes scalability and standardization.Leveraging traditional cloud security features can enhance security within edge computing models by fortifying defenses against internal attacks, ensuring data integrity and confidentiality, and enabling dynamic resource allocation and efficient security-related tasks [156].
By leveraging both edge computing and cloud resources, the IoT service architecture dynamically balances service provision, resource allocation, and trust evaluation, leading to improved performance and adaptability [142].In addition, integrating trust evaluation mechanisms and service templates across both cloud and edge layers further enhances security by deploying only authenticated and trusted services within the edge environment.This hybrid approach combines the robust security features of cloud computing with the agility and proximity of edge computing, addressing security challenges in IoTcloud systems and bolstering overall security in edge computing deployments [141].The overall security posture of edge computing infrastructure can be improved by applying security implementations from traditional cloud computing environments to edge data analytics [157].
Observation #7: The hybrid models and cryptography techniques discussed in this section include PKG to generate pseudonym keys to check authenticity and data integrity.However, the storage of these keys in edge nodes increases the transmission overhead.Further, if multiple keys are added to the edge nodes, it may cause network congestion in communication channels.
Observation #8: Adopting containers in edge computing has numerous benefits, such as lightweight, fast, more accessible to deploy, and better resource utilization.Along with this, the container also brings the complexities of optimizing edge computing infrastructure to containers, and they are vulnerable to kernel-based and container-based attacks.

Impact of Threats on Edge Data Analytics
In edge computing, highly granular data are used to perform real-time decisions and actions, referred to as edge data analytics.These actions are handled by edge nodes in the edge computing layer; in particular, edge nodes store and analyze the data gathered to perform data analysis [48].Edge nodes are deployed in a place where there is a lack of strict protection and supervision.Thus, it becomes vulnerable to many threats and attacks that compromise the system [158].This significantly impacts the data present in the edge layer and edge data analytics.This section summarizes the impact of the threats affecting the data analytics in the edge layer.
Data are transmitted between vehicles, vehicle to edge nodes, and edge nodes to the cloud in the traffic management applications.Deploying edge computing applications in roadside units facilitates accessibility, trust, and synchronization with sensors and edge devices.The absence of authentication on roadside units can cause malicious attacks, affecting data consistency.Inconsistent data can alter decisions during edge data analytics and disturb the normal functioning of the application [104].In VANET, secure encryption techniques and digital signatures are used to secure systems from most software attacks.However, virtualization makes it prone to network attacks, such as spoofing, replay, DoS, flooding, and pattern analysis.These threats can expose the data stored in edge nodes, hack confidential data, and affect data integrity [159].DoS or DDoS (Distributed DoS) are the most prevalent threats in VANET.These threats can bring down the network performance, consequently rendering the VANET unavailable.Security in edge computing requires adaptability and autonomy at the network's edge, whereas cloud computing focuses on centralized control and scalability to safeguard vast amounts of data stored in centralized data centers [160].
In healthcare applications, security threats due to wireless sensor networks causing malicious attack are the major issues [161].These threats affect data analysis thorough data breaches, hacking of personal data, and malicious insiders.They compromise access points and communication channels and may change the destination of packets or make routing inconsistent [13].Similarly, when data are transmitted in WBAN, software attacks can cause threats such as eavesdropping, impersonation, data replay, or data modification.These threats can defraud adjacent edge nodes and cause system failure [101].
Finally, in smart city applications, the impacts of software, hardware, and insider attack are similar to those in healthcare and traffic applications.However, communication protocols, such as MQTT, or routing protocols can make the network more vulnerable to network attacks.For instance, in the MQTT protocol, a Denial of Service (DoS) attack can overwhelm the communication channel.This could enable attackers to compromise unsecured MQTT broker access, thereby gaining access to data stored in edge nodes or servers, escalating privileges to unauthorized users, or even tampering with edge devices.These threats can result in data modification and hijacking of communication channels, thereby affecting the data integrity [113].Similarly, the routing protocol attacks can target MITM, sniffing, Sybil, and spoofing attacks, absorb network traffic, or inject themselves in the network, which controls the network traffic flow.They can monitor the data processing and decision-making performed by the edge nodes, thereby gaining complete control over the system [115].

Future Research Directions
Future research directions that could leverage the existing solutions to make further progress toward securing edge computing applications are listed below: 1.
Adopting federated learning (FL) algorithms for edge data analytics-Following observation #1, the integration of AI in edge computing is widely adopted, especially in healthcare applications.It remarkably enhances the scope and computational efficiency of edge nodes [90].However, the challenging aspects of AI models are their short battery life, power-hungry, delay-intolerant portable devices, vulnerable to security threats, and a loss of their reliability [91].These limitations can be resolved by adopting the federated learning framework in AI models.Federated learning is an ML technique used to train data across decentralized edge devices without exchanging them with other devices.This reduces the amount of data in wireless uplinks, adapts well with heterogeneous cellular networks, and preserves privacy.Pace steering in FL is a flow control mechanism that controls data uplinks by regulating the device connection pattern [162].FL deploys secure data aggregation mechanism, where data remains secure even in the memory to protect additional security in data centers [163].Therefore, FL can be best applied for applications such as edge computing, where device data are more relevant, for better data transmission and to provide security.2.
Enhancing Developing a robust and efficient data dissemination technique in VANET for a node selection strategy-As noted in observation #3, in VANET it is challenging to maintain a specific topology for every vehicle due to the high mobility and uneven distribution of vehicles.Conventional routing protocols use a street-centric divide-and-conquer approach.This approach can be efficient if a succession of vehicles between the source and destination is determined in advance [165].However, it may not be possible in a real-time scenario, as it results in unavoidable collision problems.Therefore, a robust and efficient data dissemination technique is required that considers selecting efficient relaying nodes to forward packets even when the source and destination of the vehicles are not known in advance [166].The data dissemination technique should be aware of the vehicle topology within its coverage and monitor the changes in topology so that the data transmission between edge nodes and devices can be scheduled and secured with the assigned frame.This approach can greatly reduce the data transmission delay for edge analytics and secure the transmitted data.4.
Employing energy harvesting techniques to preserve longevity and processing capabilities of edge nodes in smart city applications-In an efficient smart city application, integrating energy harvesting techniques into edge computing for smart city applications offers a robust solution to safeguarding against data threats, ensuring the integrity, confidentiality, and authenticity of critical information.By harnessing renewable energy sources, edge devices can maintain continuous operation, facilitating real-time data analysis and threat detection.This uninterrupted surveillance capability is pivotal in detecting and mitigating potential security breaches.As noted in observation #5, high battery consumption is the most common problem in crowdsensing when actively collecting data, and this may affect the quality of data collected and the processing capabilities of edge nodes [167].Moreover, with decentralized processing at the edge, sensitive data can be processed closer to its source, minimizing the risk of exposure during transit to centralized servers [168].Additionally, energy harvesting supports the implementation of advanced encryption protocols and authentication mechanisms, further fortifying data security measures [102].By combining energy harvesting with edge computing, smart city infrastructures can establish resilient defenses against evolving data threats, ensuring the trustworthiness and reliability of their systems in safeguarding citizen safety and critical infrastructure.

5.
Enhancing network infrastructure in the edge layer-Different technologies, such as SD, NFV, 5G, or virtualization, can significantly bolster security measures against threats and attacks in edge data analytics.SDN and NFV enable centralized management and orchestration of network resources, allowing for dynamic and granular control over security policies and access permissions [169].The 5G networks provide higher bandwidth, lower latency, and greater reliability, facilitating secure and real-time communication between edge devices and centralized servers [170].Virtualization techniques enable the isolation of critical network functions and applications, limiting the potential impact of security breaches or attacks [171].By leveraging these technologies collectively, organizations can establish resilient and adaptive network infrastructures capable of mitigating risks and ensuring the integrity, confidentiality, and availability of data in edge-based IoT environments.6.
Adopting fine-grained access control mechanisms in the edge layer-It can be noted from observation #6 that when data are stored in the edge layer for a long time before transferring them to the cloud, it can lead to any catastrophic events.This can result in data authentication and integrity issues, affecting the decision-making capabilities of the edge nodes.It is also observed that hybrid models and encryption techniques are used to address these issues in the existing security model.However, as stated in observation #7, complex keys due to these techniques can result in network congestion in communication channels.Therefore, adopting access control mechanisms between data owners and the edge layer, which is a straightforward approach, can overcome these issues.This approach has proved to be efficient in cloud computing [172].However, in edge computing, the access control mechanism has to be fine-grained, which supports secure collaboration, interoperability between heterogeneous devices, and enhances data tracking.At the same time, the design goals and resource constraints of edge nodes have to be considered so that it provides a lightweight and secure data analytics scheme.7.
Designing trust management models in an edge computing framework-The decentralized edge computing has a huge obstacle of collecting and managing information from various edge nodes to perform data analytics.These criteria can be distinct to various applications and services [32].Further, edge nodes might frequently move from one area to another [10].This movement causes challenges in establishing trust among edge nodes during data processing.Thus, designing a trust model that supports mobility and scalability is required in an edge computing framework.The trust models can be third-party models used to decrease the computation overload of the edge nodes and should manage interregional trust values through historical data to track the mobility of edge nodes.8.
Isolating the infected edge nodes in the edge computing layer-In the currently available edge threat models, malicious nodes are the common threats that affect the decision-making process.Malicious nodes can always compromise other nodes and create other attacks in the edge layer, such as DoS, repeated storage/processing requests, spoofing, or leakage of confidential data [158].This induces security and trust risks, spreading among the edge nodes and to the whole edge layer.Therefore, a strategy needs to be developed to identify the malicious node and isolate it from the other nodes to reduce the risk of malicious nodes gaining control on the edge layer.9.
Enhancing security with emerging technologies, such as AI and blockchain-AI algorithms can play a crucial role in real-time threat detection and anomaly detection at the edge layer, continuously monitoring device behavior and network traffic to identify potential security threats.Additionally, AI-based techniques can leverage historical data to improve the accuracy and effectiveness of security measures in edge data analytics systems [173].Furthermore, blockchain technology offers promising solutions for ensuring data integrity and enhancing trust in edge data analytics.By providing a decentralized and immutable ledger, blockchain can create tamperproof records of data transactions, ensuring the authenticity and transparency of data collected and processed at the edge layer [174].Moreover, blockchain facilitates secure and transparent data sharing among multiple parties in edge computing environments, preserving data privacy and confidentiality while enabling efficient collaboration [175].Combining AI and blockchain technologies presents an exciting avenue for future research in enhancing security in edge data analytics.By integrating AI algorithms for threat detection with blockchain for secure data transactions, edge data analytics systems can achieve a higher level of security, trustworthiness, and resilience against security threats [176].Exploring innovative approaches that leverage the synergies between AI and blockchain holds great potential for advancing the security capabilities of edge data analytics systems and addressing evolving security challenges in edge computing environments.

Discussion and Conclusions
Decision-making in edge computing is a critical aspect that provides data analysis at the end-user's proximity and uninterrupted real-time interactions.Real-time responsiveness has made edge computing widely adopted in many applications, such as healthcare, transportation, and smart cities.However, these services on the edge layer are prone to security threats by compromising the edge nodes and affecting edge data analytics' efficiency.In this paper, we presented the basic concepts and features of edge data analytics and analyzed the working aspects with three use cases.The potential security threats and privacy issues that occur during data analytics were also analyzed to understand how they might degrade the efficiency.Further, we identified the limitations and challenges in existing security threat models.
The edge computing applications include a wide range of sensors and ubiquitous devices to collect and store data.They function uninterruptedly to provide deep progressive resolution, so it is required to preserve their endurance.When data are traversed from different nodes and regions in the edge layer, the crowdsensing mechanism should establish an efficient correlation to achieve data consistency and support reliable edge data analytics.New technologies, such as AI, SDN, NFV, and containers, are widely adopted in edge computing to provide agile services.However, they can burden edge nodes in computation and make them vulnerable to new security issues.Hence, cautionary measures should be considered before integrating edge computing with these technologies.
Advancing edge security presents several key challenges and opportunities.These include addressing the heterogeneity and scalability of edge environments, managing resource constraints on edge devices, and adapting to the dynamicity and mobility inherent in edge computing.Ensuring data privacy and trust while maintaining interoperability and regulatory compliance are also critical aspects.Interdisciplinary approaches involving computer science, cybersecurity, networking, and regulatory compliance are essential to develop scalable, adaptive, and privacy-preserving security mechanisms tailored to the unique characteristics of edge computing environments.Collaboration between researchers from diverse domains, integration of techniques from machine learning and cryptography, and engagement with policymakers are crucial for effectively addressing these challenges and seizing opportunities for innovation in edge security.Considering these key research challenges or limitations of the current research and research trends, it is critical to develop and design security models that secure data on the edge layer and, in turn, complement the edge computing characteristics.

Figure 1 .
Figure 1.Flow of data in the edge computing layer.

Figure 2 .
Figure 2. Components of edge data analytics.

Figure 1 .
Figure 1.Flow of data in the edge computing layer.

Figure 1 .
Figure 1.Flow of data in the edge computing layer.

Figure 2 .
Figure 2. Components of edge data analytics.Figure 2. Components of edge data analytics.

Figure 2 .
Figure 2. Components of edge data analytics.Figure 2. Components of edge data analytics.

Table 2 .
Classification of threats.
[85]lCreate a fake identity and gain access to the network Acquire privileged access to the services[85]Sinkhole attackThe malicious node sends a fake message and establishes a connection with a legitimate nodeCreates maximum traffic flow and makes adjoining nodes collide.Increases bandwidth, leading to resource contention and message destruction

Table 3 .
Analysis of edge use case applications and effects of threats on the applications.

Table 4 .
Review of existing threat models.
[164]communication standards in edge-based healthcare applications-The sensors in healthcare applications are connected through BAN or WPAN.As noted in observation #2, the network may not offer necessary bitrates for biomedical signals' transmission.This will delay communication or reduce the quality of a link within body devices, especially when many body sensors are interconnected[97].Currently, IEEE 802.15 technical standards are used in BAN or WPAN, which results in low-rate data transmission in edge data analytics, but this standard was designed for Zigbee or 6LoWPAN, whereas IEEE 802.15.6 is a standard for WBANs that helps healthcare service providers to monitor patients at any time and location.It provides human body communication with a data rate of more than 2 Mbps (Mega Bytes Per Second) and an operation band of 27 MHz (Mega Hertz).These operation bands are valid in the major European countries.Apart from that, it also provides secure communication with three different security levels through authentication and encryption.This provides solutions for integrity, reply defense, confidentiality, privacy protection, and message authentication problems.Therefore, adopting IEEE 802.15.6 in healthcare applications can enhance the reliability, service quality, low power, data rate, and non-interference.This standard also deals with particular BAN requirements, such as security, energy consumption, range of communication, scale of the network, and data rate[164].3.