The Importance of Layered Security in Edge Computing

In this article, we will introduce the role of information security in the Internet of Things, its architecture and importance in the field of edge computing.

Information security has always followed a layered model, and this deep defense can help users protect resources in the event that one layer is compromised. Since edge devices have the ability to offload computing and analytical workloads from data center servers, they can also serve as a mechanism for end-to-end authentication.

With this understanding in mind, let’s take a look at how different levels of security deal with edge workloads.

[[217961]]

1. Hardware layer

The large number of breaches and complexity has pushed OEMs to build security into devices from the design phase of the device. At the hardware level, it has established TPMs (trusted platform modules), which integrate encryption keys in the chip that can be used for device authentication at the software layer. But if the keys are shared on the bus, the keys involved may still be vulnerable. Such issues can be easily addressed if encryption/decryption via a non-shared key approach occurs in the TPM.

2. Communication Layer

The medium for data transmission should be secure to avoid man-in-the-middle attacks and other similar attacks. This communication can be classified into the following:

Local communication, where endpoint devices communicate with one or more edge gateways that provide an entry point to the enterprise network after authentication. Remote communication, where edge gateways communicate with each other through an orchestration layer or a centralized cloud platform

Edge gateways provide security through encryption and X.509 certificates, and they also act as protocol translators, converting disparate data from multiple devices to conform to a single protocol, such as Message Queuing Telemetry Transport (MQTT). MQTT is a lightweight protocol designed for high-latency, low-bandwidth networks.

3. Cloud Security

To maintain data integrity, sensitive data should be moved from the edge to the cloud in an encrypted manner. Edge orchestrators, a software layer for the management and configuration of edge devices, come into the picture and simplify the encryption of data from the edge to the cloud and vice versa. In addition, digital certificates play a vital role in the authentication of other clouds or third-party applications that try to communicate with the user's cloud service.

4. Continuous lifecycle management

Without the latest patches or upgraded edge device or endpoint sensor firmware, it is extremely important to regularly remotely update all edge devices and endpoints as new and sophisticated attacks occur every day.

The above control measures will reduce the number of security threat vectors, including:

• Deception: Attackers cannot hack into data in transit, and when using a TPM, no other devices will be allowed to access the system.
• Tempering: An attacker cannot replace the software running on the system because it is tied to the hardware.
• Privilege escalation: This can be controlled through specific access management, which can prevent accidental or intentional elevation of privileges.

With the rapid growth of connected terminals, from temperature sensors in cars to mobile devices and smart grids, a series of edge clouds are emerging. These clouds serve specific users, thereby providing low latency and consuming less bandwidth. Nevertheless, it is very important to choose the right infrastructure to run these edge workloads. Containers have great advantages in this regard, but where should containers be hosted? Virtual machines or bare metal? The answer depends on the edge workloads that users plan to run.

Securing these new edge clouds is critical, and users need to enforce encryption of data in transit and at rest, and protect communications with the centralized cloud. Only through secure design and embedding security mechanisms in all components/layers involved can users' edge efforts be on the right track.