24 Jul Cybersecurity Challenges and Mechanisms in Edge Computing Paradigms
The concept of edge computing has evolved from the intention of addressing the disadvantages associated with cloud computing. In edge computing, cloud services and resources are brought closer to the end-users, enhancing the quality of service, reducing latency, providing high scalability, and lowering operational costs. The major paradigms used for this purpose are: (i) fog computing, (ii) mobile edge computing, and (iii) mobile cloud computing. The fog computing concept enables applications to run at the network edge through a large number of devices. Similarly, mobile edge computing provides off-load processing, storage, and application services to end-users, while mobile cloud computing delegates tasks to devices located at the network edge.
Due to the similarities between these edge paradigms, they share several common issues. The greatest issue influencing the success of edge computing paradigms is related to cybersecurity. This is a consequence of several reasons, such as: (i) the necessity to protect several enabling technologies (i.e., wireless networks, peer-to-peer and distributed systems, virtualization platforms) and orchestrate various security mechanisms; (ii) ensuring the security of all enabling technologies rather than the whole system; (iii) the security threats that arise due to the specific features of edge paradigms; (iv) the absence of proper security and privacy mechanisms.
In order to develop cybersecurity mechanisms, it is necessary to understand the specific threats that can target edge computing paradigms. Therefore, it is necessary to list the most important assets of edge paradigms and then summarize the attacks that can be launched against them. The edge paradigms include the following assets: network infrastructure, edge data center, core infrastructure, virtualization infrastructure, and user devices.
- Network infrastructure consists of various communication networks and can be targeted by the following attacks: Denial of Service (DoS), Man in the Middle (MitM), and Rogue Gateway.
- Edge data centers host virtualization servers and various management services. Therefore, the attack surface is quite substantial and can include the following attacks: physical damage, privacy leakage, privilege escalation, service manipulation, and rogue data centers.
- Core infrastructures, such as centralized cloud services and mobile core management systems, can support all edge paradigms. The specific threats that target this asset involve privacy leakage, service manipulation, and rogue infrastructure.
- Virtualization infrastructure enables the deployment of cloud services at the network edge and can be targeted by the following attacks: DoS, misuse of resources, privacy leakage, privilege escalation, and virtual machine manipulation.
- User devices are important components of the ecosystem that provide data and play a part in the distributed infrastructure at different levels. This asset is vulnerable to information injection and service manipulation.
In order to provide defense against the various threats, it is crucial to deploy different types of security mechanisms. These mechanisms need to consider various constraints and requirements, such as reducing latency, achieving interoperability, supporting mobile devices, and managing limitations, among others. In this context, it is important to investigate identity mechanisms and authentication systems that should be interoperable with each other. It is equally important to verify the credentials of different entities in order to authorize their requests to perform certain actions, which means it is necessary to deploy access control systems. Furthermore, it is necessary to protect the multitude of communication protocols and technologies (e.g., 5G, Long Range (LoRa), Wireless Fidelity (Wi-Fi)) used by edge paradigms. Additionally, edge paradigms need to integrate the security protocols used by the core infrastructure (e.g., mobile network infrastructure, public Internet, etc.). Moreover, it is crucial to protect the virtualization infrastructure by deploying security mechanisms in the edge data centers, such as hypervisor hardening, networking abstractions, isolation policies, etc. Further, it is of great importance to consider the deployment of trust management infrastructure since entities in the edge paradigms have a variety of collaborating peers with unpredictable behaviors. Also, it is necessary to ensure that the entire infrastructure is covered by intrusion detection and prevention mechanisms (IDPM). Finally, all edge paradigms are open ecosystems that introduce different privacy issues. Since personal data will be stored and processed by entities outside the users’ control, it is necessary to provide users with different mechanisms to protect their identity, personal data, location, and service usage.
The cybersecurity of edge paradigms, namely fog computing, mobile edge computing, and mobile cloud computing, needs to be analyzed from a holistic perspective. In this context, advances in one paradigm should be considered by all other edge paradigms. Nevertheless, the cybersecurity of edge paradigms is still immature and needs to be addressed in the future.
Author(s): Military Academy “General Mihailo Apostolski” – Skopje