Edge Security

Today, the world has become more connected than before. My Under Armour Hovr shoe is a connected footwear tracking my cadences, pace, stride length, and push me further with personalized coaching tips. Even iPhone has Augmented Reality helping me to visualise my living room design ideas with furniture selections.

With the rapid adoption of such wearable technology devices (IoT), business facing unprecedented changes in demographics and technologies to compliance mandates and increased expectations from consumers.

Many countries are focusing on developing Smart Cities, Industry 4.0, and FinTech solutions encourage the adoption of digital where the data proliferation will expand exponentially and increasing the likelihood of Big Data getting more interlinked with Service Provider systems and databases. Data volumes will continue to grow as 5G networks increase the number of connected mobile devices.

Organization is increasingly working towards IT/IoT/OT alignment to connect internet, streamline business operations by advanced supply chain management, realization of mass customization and improvement of customer experience as well as finding new intelligence employing Artificial Intelligence (AI), Machine Learning (ML), Big Data analytics, and Cloud systems as innovative strategy for productivity optimization and create unique value proposition in their business portfolio. Many organizations embarking on digital transformation and platform modernization to embrace cloud computing for business innovation.

As a result, IT and Cloud convergence are exposing everything, including traditional IT and Cloud infrastructure threats. Meanwhile, cyberattacks and cybersecurity incidents on these infrastructures are also increasing, which spans ransomware infections such as Maze, WannaCry to cyberweapon strikes such as Mirai (aka Dyn Attack), Stuxnet and CrashOverride.

I have been asking myself how would Security helps to keep digital business safe and secure specially on their their edge devices. This article is written out from my personal sharing based on my past engagements. A moment of aspiration to write.

Industry 4.0 is about Digitalisation: Introducing of connected devices, data analytics and artificial intelligence. Gartner estimates that by 2025, 75% of data will be processed outside the traditional data center or cloud.

Business Challenges:

1. Unprecedented scale and complexity of data that’s created by connected devices has outpaced network and infrastructure capabilities.
2. Sending all device-generated data to a centralized data center or to the cloud causes bandwidth and latency issues. 

What if data is processed and analyzed closer to the source where it is being created ? What if data does not transverse over a network to cloud or data center to be processed, latency is significantly reduced.

Today, organization is moving their IT workloads to cloud allowing their users to access centralized cloud infrastructure, machine learning, and compute power hosted by cloud service providers such as Microsoft, Amazon, Google, IBM and NTT. Now there is a new industry paradigm shift --> Edge Computing.

In contrary to Cloud Computing, Edge Computing is connected computing in a decentralized location bringing those computing workloads and data storage back to the local devices. The intent is to move applications, data and services away from a centralised data center, and shift them to the edge devices. Edge computing represents a fusion of cloud and local computing in which the cloud is still retained for carrying and while local internet-connected devices take care of the data processing.

Why organization is moving to Edge Computing ?

Tech-Trend Evolution

Implementation of Edge Infrastructure resulting in lower operational expenses:

• Edge computing allows data center vendors to perform analytics on the gateways which lessens the bandwidth burden and reduces the operational costs, as only meaningful data are filtered and sent to the centralized cloud.
• Similarly, the edge infrastructure requires modular data centers or containers which comprise of not more than 20 racks. Such modular infrastructure does not require premium data center facilities and can be placed at client premises or at the base of telecom towers.
• This is especially beneficial for developing nations across APAC, especially in the ASEAN region with weak connectivity and infrastructure as it allows the service providers to expand their infrastructure and connectivity at much lower upfront costs.

Processing the applications on network edge significantly reduce Internet traffic, lesser network interference and reduce rerouting issues.

Edge Computing Use Cases:

Automotive:

• Mobile Edge Computing(MEC) is the key enabler of 5G for automated driving, which in turn enhances car-to-car connectivity.
• NTT along with Toyota, DENSO, Ericsson and Intel amongst others have launched the Automotive Edge Computing Consortium to explore edge functionalities to support services such as intelligent driving and realtime maps.
• Edge computing can enable solutions such as infotainment, car-to-car communication and smart traffic management.

Healthcare:

• Huge volumes of healthcare data requires real-time analysis to achieve better outcomes in patient care, patient engagement, health management and remote monitoring.
• Adoption of edge solutions in healthcare can enable shortened diagnosis time, connected medical devices and smart health tracking and management.

Media & Entertainment:

• Increasing demands for high quality video streaming and video-on-demand.
• CDNs are aligning marketing messages around edge computing while evolving their distributed systems into full-fledged edge computing platforms.
• Mobile Edge Computing makes it possible to distribute content directly from base stations, which considerably shortens response time and improves user experience.

Manufacturing:

• Convergence of Operation Technology (OT) and Information Technology (IT) requires the support of edge computing solutions.
• The robust connectivity enabled by edge computing can play a big role in the emergence of industrial automation and data exchange required to support Industry 4.0.

Banking, Financial Services & Insurance (BFSI):

• Data sovereignty has received a keen focus from cloud and data center markets across APAC with countries like China, Indonesia and Vietnam recently implementing their data security laws.
• BFSI sector is one of the key adopters of data center and cloud computing, therefore have to ensure effective network security provisions to prevent data breaches.
• Edge computing combined with secure gateways ensures enhanced security and privacy which allows financial institutions to comply with the strict data security mandate.

Public Sector:

• As a key component of the next generation communication ecosystem, edge computing can accelerate the digital transformation roadmap of governments in countries such as Taiwan, Thailand, the Philippines, Singapore and Malaysia amongst others.
• Real-time analysis done in distributed devices and gateways around the city will contribute to Smart City in transportation, security etc.
• The requirements of high-resolution video can be addressed by edge-based surveillance system. It allows detailed, in-depth but costeffective analysis of video content.

Business Benefits:

1. Reduction in operating costs and faster response time.
2. Suitable for low latency and time sensitive application such as Bank ATM, facial recognition entry access, etc.
3. Improved performance for bandwidth-intensive applications like real-time 3D rendering and the synchronization of massive amounts of data with online storage.
4. No need to transverse to centralized data center, which reduces the risk of data bottlenecks and single points of failure.

Edge Computing Example: Self-driving cars will be a good illustration of edge computing

Due to latency, privacy, and bandwidth, you can’t feed all the numerous sensors of a self-driving car up to the cloud and wait for a response. Your trip can’t survive that kind of latency, and even if it could, the cellular network is too inconsistent to rely on it for this kind of work.

A self-driving car almost has to be managed centrally. It needs to get updates from the manufacturer automatically, it needs to send processed data back to the cloud to improve the algorithm.

Security Advantages:

1. No data privacy and data ownership issues as the data is physically never leaves the location where they are first generated.
2. Security for edge system is confined to the local, physical network.
3. Increase the level of security as the external systems are not involved in triggering any control-actions on-site.

Security Concerns:

The combination of cloud and edge computing introduces new security concerns for business by giving control over their connected devices to third parties and potentially customer data at risk. Hackers who manage to gain access to the device via the cloud will be able to steal the data stored on them.

As explained in the self-driving car, the nightmare scenario of a self-driving car hacking and infest with botnet that resulting in mass mayhem.

In this blog, i will highlight the 4 keys security risks and mitigating solutions for edge computing.

Risk #1: Malicious Hardware/Software Injections

Loopholes in edge security can provide hackers easy access to the core of a network. This is of particular concern if edge devices are rushed to market before thorough testing is performed or companies race to adopt the technology without a full understanding of the security risks involved. The smaller size of edge devices also makes them more vulnerable to being stolen or otherwise physically manipulated. Often hacker would seek to corrupt, steal, alter or delete data within the edge networks. Hacker is particular interested to infect and manipulate the edge nodes or the servers and devices located at the edge.

Hacking Methods:

1. Node replication where hacker insert a malicious node into the edge network and assign it an ID number identical to that of an existing node.
2. Camouflaging where hacker inject a counterfeit edge computing node that appears and functions like any other node (sharing, receiving, storing, processing, redirecting, and transmitting data packets)
3. Hardware trojan injection give control to hacker over a node's integrated circuits and thus their data and software.
4. Spy the network by sniffing for vulnerability and steal data from within the network.
5. Delegitimize other nodes in the network using node revocation protocols.

Mitigating Solutions:

Any network in which edge computing is a major player must be maintained in a unified manner to ensure all devices receive regular updates and proper security protocols are followed. Encryption, patching and the use of artificial intelligence to monitor for, detect and respond to potential threats are all essential, and the responsibility for implementing these security measures falls squarely on companies, not end users.

==> iPhone is an example of edge computing by simply encrypting and storing biometric information on the device, Apple offloads a ton of security concerns from the centralized cloud to its diasporic users’ devices. As such, the compute work is distributed and managed centrally.

Microsoft CyberX integrates with Azure security to deliver unified security governance across both IT and industrial networks, as well as end-to-end security across managed and unmanaged IoT devices, enabling organizations to quickly detect and respond to advanced threats in converged networks.

Microsoft Azure Sphere which is a certified microcontroller and a cloud service to update edge devices automatically.

Risk #2: Physical Tampering & Attacks

Physical tampering of devices is higher risk in an edge computing architecture subjecting to their location and level of physical protection from adversaries. Edge computing, by its very nature, creates an increased attack surface by locating computational resources closer to data sources. The matter of fact is that there’s a greater number of devices in a greater number of places, also makes physical attacks much easier to execute.

Once physical access is gained, attackers can:

• Extract valuable and sensitive cryptographic information
• Tamper with node circuits
• Change or modify node software and operating systems

There’s also the possibility of an attacker literally damaging or destroying edge nodes, and in turn, compromising the efficacy of the entire network.

Mitigating Solutions:

The same methods used to prevent malicious hardware injection as explained in mitigation solutions to risk #1.

Businesses and organizations can also look at creative ways to boost the physical security of any edge nodes that aren’t located in highly secure edge data centers. This might include employing additional ruggedization techniques during manufacture or implementing locking mechanism and other physical safeguards in the field.

Risk #3: Routing Information Attacks

Another edge computing security risk to be aware of is what’s known as a “routing information attack,” or simply “routing attack,” which occurs at the communication level of an edge network. Essentially, routing attacks interfere with the way data is transferred within a network, which can affect throughput, latency, and data paths.

Mitigating Solutions:

Establishing reliable routing protocols and implementing a high-quality intrusion detection system (IDS) that monitors for malicious traffic and detects policy violations can serve as effective countermeasures against routing information attacks.

Microsoft CyberX has advanced threat detection to provide continuously monitoring your IoT and OT networks to detect threats like malware and targeted attacks. CyberX’s unique self-learning threat detection and response functions continuously monitor your IoT and ICS networks to detect threats such as targeted attacks, malware, etc.

Risk #4: Distributed Denial of Service (DDoS) Attacks

Distributed denial of service (DDoS) attacks, whereby an existing network resource is overwhelmed with traffic from other compromised resources within the network, a

3 famous DDoS attacks carried out on edge computing devices, specifically:

1. Outage attacks: DDoS attack causes nodes to stop functioning totally.
2. Sleep deprivation attacks: Adversaries overwhelm nodes with legitimate requests that keep them from entering a power-saving state, which greatly increases power consumption.
3. Battery draining attacks: A battery draining attack, or barrage attack, can cause an outage by sapping certain nodes or sensors of their battery life through the continued re-execution of energy-demanding programs or applications.

Mitigating Solutions:

To mitigate the DDoS attack, Software Defined Networking (SDN) and Network Function Virtualization (NFV) could help to detect and mitigate DoS and DDoS threats in IoT scenarios using a stateful SDN data plane.

These technologies will make the network more flexible as a new functionality can be introduced with simple software upgrades, and more sophisticated algorithms can be employed to manage the network. Traditional networks often involve the integration and interconnection of many proprietary and vertically integrated devices which, in addition to proprietary software and closed development, makes it extremely difficult to introduce and deploy new protocols in the network.

SDN is a new network paradigm proposed to change the limitations of current network infrastructures, breaking the vertical integration by separating the network’s control logic (the control plane) from the underlying routers and switches that forward the traffic (the data plane), which gives more flexibility to the network. Also, because of this separation of planes, network switches become simple forwarding devices and the control logic is implemented in a logically centralized controller, simplifying policy enforcement and network (re)configuration and evolution.

NFV is an evolving network approach that allows the replacement of expensive, dedicated and proprietary hardware (such as routers, firewalls, etc.) with software-based network devices, by decoupling network functions from the underlying hardware. NFV also allows instances of virtual functions to be shared by several clients. These functions provide specific network functionalities, such as encryption/decryption, VPN, load balancing, firewall, etc.

Tighten the network policy and device security feature to prevent sleep deprivation and battery draining attacks. This mechanism will control the behavior of devices within a network. So, if a sleep deprivation or barrage attack is initiated, a predefined security policy will identify it as suspicious or unusual, allowing administrators to contain the attack quickly.

Is Edge Computing Secure?

In general, edge computing is considered a secure computing paradigm as long as effective cybersecurity practices are in place throughout the network.

Best 5 Cybersecurity Practices:

(1) People: A need for individual training and re-enforcement of training, as well as a cultural mindset. Many organizations become too reliant on technology to mitigate cyber security risks, forgetting people are the most susceptible assets (weakest link).

(2) Policies and procedures: Governance that enables and reminds organization to maintain vigilance. 

(3) Process: Tasks that organization must do to fully mitigate risks.

(4) Products would be the most challenging because it is tough for IT organizations to make sense of what an end-to-end cyber security solution would be envisioned. Spanning from hardware to software, from device to server, from network access to infrastructure protection, and from OT to IT, there are literally thousands of product and services to choose from.

(5) Proof: Regular testing of products, processes, policies and procedures, and people to ensure cyber risk is truly mitigated, or to find vulnerabilities and uncover weaknesses. 

Attacks on the edge are inevitable, but a data breach isn’t. Expediency would have you defend the edge with ad hoc measures. Take a holistic approach with Secure by Design on mind. Think Zero Trust >> Never Trust, Always Verify. Only then can you truly defend the edge and organization.

Security is a journey ... each new milestone encountered will be a freshly experience ... expect the unexpected.

Thanks for taking time to browse thru' my blog.

Much Appreciated.

Sincerely, Philip

--- END ---