2023-06-01 16:49

Identifying security issues at the Edge

As the edge computing gains momentum, ensuring robust security measures on edge devices becomes crucial. Most common edge application has plenty of distributed components and their integration within the existing infrastructure is a quite complicated task.

This article is a retelling of the whitepaper by Kilton Hopkins, Jono Bergquist, Bernhard Ortner, Moritz Kröger, Steve Wong.

One of the main issues to be addressed is hardware security since All edge computing rests upon the edge hardware. Hence, making sure your hardware is well-protected means that it should operate as a prime layer upon which all the others software security layers can rely. This can be achieved through building a trusted edge computing node (e.g. TPM, HSM, RIoT security architecture). The hardware root of trust serves as a crucial foundation for software security layers. However, if the root of trust cannot be directly extended into the software infrastructure at the edge, achieving a completely secure system may be challenging. Integrating the hardware identity properly is essential, as deploying secure edge microservices on untrusted hardware undermines the overall purpose of security measures.

Ensuring the trustworthiness of a dependable information source regarding the device's condition poses a challenge for edge hardware. Relying on insecure hardware condition data can potentially amplify vulnerabilities. So in order to identify the vulnerable device, it is important to make sure you’re monitoring information about it, e.g RAM. Other hardware attributes such as battery level or location (GPS coordinates) can play a role too since the battery level can be used to prevent interruptions in secure data streams by adjusting processing resources. Similarly, if the device's GPS coordinates change, it can trigger a software shutdown as a precautionary measure in case the device is compromised.

It is also necessary to verify the device that is connected to an IoT gateway or wireless base station. While it may be challenging (mainly because the devices should be presented in a way that can be verified automatically), the solution would be to use a digital signature. They build upon a key that is related to the hardware of the device and must be accessible to the software or firmware that produces the signature. Because this key is only intended to be used by the trusted edge compute node, activities performed with that identity are trusted fully.

Given the diverse range of security challenges and the multiple layers at which they emerge, achieving secure edge computing stacks requires collaboration among various vendors and contributors. Addressing security concerns cannot be accomplished by any of these players; it demands a coordinated system design.

On behalf of RITMS UP2DATE, we’re inviting you to check out our own blogpost where we are covering how to make sure your device fleet is secure. Check it out here: https://www.linkedin.com/posts/rtsoft-swdc_iot-business-data-activity-6993543965455097858-HML3?utm_source=share&utm_medium=member_ios