小程序
传感搜
传感圈

Edge Computing for IoT Will Change Everything — Including Security Concerns

2022-08-08
关注

Internet of Things (IoT) networks operate from a few to thousands of devices. Scaled systems must transmit a massive amount of raw data. IoT traffic can increase latency, crowd bandwidth and compromise security when vectored unprocessed to a cloud server or from a central database to a device network.

Edge computing creates a processing perimeter at the network edge where logic and analysis can be performed in real time before data is exchanged with core systems. Research firm IDC defines edge computing as a “mesh network of micro data centers that process or store critical data locally and push all received data to a central data center or cloud storage repository, in a footprint of less than 100 square feet.” Edge processing reduces traffic sent to and from devices. It can significantly reduce data exchange times in critical applications, such as condition-based monitoring or manufacturing. Edge computing can also increase the security of a local network. However, it is subject to security vulnerabilities, most related to remote access and management issues.

All these issues are known, but as IoT devices increase in popularity, it becomes even more critical for organizations to pay attention to them. Read on to learn more about cybersecurity trends and how you can solve IoT edge security challenges.


2022 IoT Edge Trends Increasing Focus on Security

Here’s a closer look at the current trends driving greater IoT security measures. 

Zero Trust Architecture

A recent executive order encourages organizations to adopt zero trust to improve cybersecurity. The National Institute of Standards and Technology defines the principles of this concept as follows: 

  • All data sources and computing services are considered resources
  • All communication is secure regardless of network location; network location does not imply trust
  • Access to individual enterprise resources is granted on a per-connection basis; trust in the requester is evaluated before the access is granted
  • Access to resources is determined by policy, including the observable state of user identity and the requesting system, and may include other behavioral attributes
  • The enterprise ensures owned and associated systems are in the most secure state possible and monitors systems to ensure they remain in that state
  • User authentication is dynamic and strictly enforced before access is allowed; this is a constant cycle of access, scanning and assessing threats, adapting, and continually authenticating

The Growing AI-Enabled Edge Device Market 

Even more devices will become available, and smart devices will process most data in the years ahead. Smart infrastructure investments are rising for business use and personal use. More devices create more risk, which sharpens the focus and the need for new approaches to cybersecurity.  

According to Allied Market Research, the AI edge computing market was valued at $9,096.00 million in 2020. It is projected to reach $59,633.0 million by 2030, registering a CAGR of 21.2%. Now, more companies are integrating automation and intelligence into their organizations. 

The Rise of the Productive Approach

In the Cost of a Data Breach Report 2021, IBM stated that data breach costs rose from USD 3.86 million to USD 4.24 million. This increase is the highest average total cost in the 17-year history of their report. These costs are on the rise, and organizations need to be prepared to address the problems that lead to those costs. 

The volume of threats is increasing and costing organizations time and money. It’s becoming more evident that waiting for an attack to happen isn’t in anyone’s best interest. We must be proactive to prevent attacks before they happen and minimize the impact of any potential breaches.  

Shift to the Cloud 

The move to the cloud was already happening, but the pandemic pushed us further into relying on cloud services. The advantages of edge computing became hard to ignore, even for those previously resistant to it. Digitalization and work from home have made cloud and edge computing impact everyone. 

Most organizations don’t have the technology and practices to remain secure during this shift. Enterprises must look at how they can consider security from the start of any initiative. You can read more about starting with security in mind in this post: How Native Security Impacts IoT Device Manufacturing. 


Edge Computing Presents New IoT Vulnerabilities

Edge computing solves several data traffic issues in IoT networking. However, it can also present new vulnerabilities, resulting in a larger overall attack surface (i.e., the sum of a system’s access points a potential attacker can leverage). The state of existing platforms makes networks more vulnerable at the edge and the user endpoint. Many attacks can occur, for example, because end-users do not, or cannot, change default passwords. Without this ability, bad actors can gain access to the devices and expose edge devices to attack.

Access Issues

Unsecured internet resources can be found and accessed easily. (There is even a search engine, launched in 2013, for finding unsecured IoT devices worldwide.) In a 2017 “botnet barrage,” bots were deployed to search for devices running default passwords on a university campus. Five thousand IoT devices were attacked by 5,000 discrete systems trying to break through weak or default passwords. 

While the vulnerability in attacks like these lies at the endpoint, edge computing complicates things by introducing potential new attack surfaces. IoT devices that connect to the public internet compromise security protocols at the edge. This is partly due to the current state of edge computing, in which full-stack solutions that include sensors, software and secure elements are rare. Many methods used to secure IoT networks at the edge can be insufficient. LPWAN protocols can become vulnerable if encryption keys are compromised. VPNs are subject to man-in-the-middle attacks.

Physical Tampering

The IoT is distributed and fragmented with a vast attack surface. A lack of physical security creates severe security risks for your entire IoT ecosystem. That’s because the distributed nature of edge computing also opens a new, unwelcome frontier of physical threats. The servers and devices that power traditional networks are usually housed in dedicated, often highly secure facilities. Still, the same tiny data centers that make edge processing such a huge leap forward can also be a security nightmare. 

Instead of living in data centers, these micro-center devices are often deployed in the field. When discussing IoT edge, the field can be a corporate office, a farm and anything in between. An attacker physically tampering with an edge device can bring down a network or even harm one of its operators. A physical hack at any point in the system may act as the start to deep infiltration of a system. Subsequent hacks can be applied remotely, impacting thousands of devices. 

Securing these devices is far from trivial. While hardening them against physical attacks is necessary, it’s also a trade-off between security, cost and the ease of upgrading and servicing edge data centers. Device makers must be aware of the risks and ensure devices can be easily secured to generate remote and local alarms on any sign of tampering. 

Operator Error: The IoT Learning Curve

The largest threat to IoT edge networks comes from installers, operators and other human actors who aren’t familiar with IoT cybersecurity’s rapidly shifting landscape. Human error is a chief cause of cybersecurity breaches. Many organizations are working on ways to reduce this risk. 

IoT devices outside corporate and industrial sites are often looked upon as toys rather than serious security risks. They can be compromised if attackers have physical access to them. Devices must be secured physically and with strong passwords. They must also be updated regularly, procedures that many ordinary users may not regularly follow.


Best Practices for IoT on the Edge

Despite increased vulnerability potential, edge processing can be a safe way to manage IoT data traffic if devices are secure and proper authentication systems are in place. The Institute of Electrical and Electronics Engineers (IEEE) recommends using edge computing for greater security. Edge software can verify the identity of IoT devices and prevent malicious devices from accessing the core network. 

If you want to take advantage of IoT device and edge benefits, you need to know how to keep your data secure. Some best practices for ensuring security at the edge of the network include:  

End-To-End Encryption

This mechanism protects sensitive data at rest and in transit. The encryption key is known only to the sender and receiver and cannot be read by third parties. This security method is essential for IoT devices because network breaches are a matter of when not if. IoT leaves organizations more vulnerable because it increases the number of endpoints that exist.

Considering Future Use Cases and the Compatibility of Components and Software

Technology is constantly evolving. You can’t predict every change, but you can do your best to prepare for it. Think about how you will use your IoT devices in the future and if there will be compatibility issues that could compromise security. 

Strong Passwords, Encryption Keys and Biometric Authentication Systems

IoT devices with a simple or common password act as an open door for hackers. As IoT moves into everywhere we are (e.g., the home and workplace), all options extra security layers should be implemented. Passwords should be complex and unique for each device. Encryption keys should be stored in a hardware token device that is not connected to the internet. If a biometric authentication system makes sense for your application, then including it will further secure data.

Being Mindful of Connections

Devices connected to the edge should not run unnecessary services. Connections to the public internet should be minimized or eliminated where possible. Protected communication channels must be established between devices. All devices should communicate securely with their environment. IoT devices should only send data relevant to their intended purpose. Devices should not be able to interact with other devices in any way.  

Most organizations should turn to partners with the expertise to provide a monolithic rather than a “bolted-together” solution for an edge buildout. Beyond suitable devices and software analysis tools, edge computing solutions require physical security and controlled physical environments. Organizations that partner with experts can better overcome the complex security challenges and reap the benefits of streamlined edge processing.


Bottom Line

As a worldwide leader in IoT solutions, Telit makes it easy for your enterprise to evolve and make the most of current technology. Telit OneEdge™, our secure software stack, empowers you to plug and play into the IoT edge. It’s comprised of hardware and software to deliver native end-to-end security and ease of deployment. We offer Entry, Pro and Ultimate plans that enable you to scale and experience IoT edge success. Telit OneEdge Solo is a private instance option that empowers you with additional security and complete control over your IoT service.  

In addition to centralized device management and edge logic, OneEdge offers: 

  • Embedded security at the point of manufacture 
  • Encrypted device-to-cloud communications 
  • Server threat protection 

Discover how Telit OneEdge can protect your IoT ecosystem. Speak to a Telit IoT expert and request an evaluation kit today. 


Editor’s Note: This blog was originally published on 6 January 2020 and has since been updated.  

参考译文
物联网边缘计算将改变一切——包括安全问题
物联网(IoT)网络运行的设备从几台到数千台不等。缩放系统必须传输大量的原始数据。物联网流量在未经处理的情况下传输到云服务器或从中央数据库传输到设备网络时,可能会增加延迟、增加带宽并危及安全。边缘计算在网络边缘创建一个处理边界,在与核心系统交换数据之前,可以在此实时执行逻辑和分析。研究公司IDC将边缘计算定义为“微型数据中心的网状网络,在不到100平方英尺的面积内处理或存储关键数据,并将所有接收到的数据推送到中央数据中心或云存储库。”边缘处理可以减少进出设备的流量。它可以显著减少关键应用程序中的数据交换时间,例如基于条件的监控或制造。边缘计算还可以增加本地网络的安全性。然而,它受到安全漏洞的影响,大多数与远程访问和管理问题有关。所有这些问题都是众所周知的,但随着物联网设备的普及,对组织来说,关注它们变得更加重要。继续阅读,了解更多关于网络安全趋势,以及如何解决物联网边缘安全挑战。以下是推动更大物联网安全措施的当前趋势。最近的一项行政命令鼓励组织采用零信任来改善网络安全。美国国家标准与技术研究所(National Institute of Standards and Technology)对这一概念的定义如下:未来几年,将会有更多的设备可用,智能设备将处理大部分数据。针对商业和个人使用的智能基础设施投资正在增加。更多的设备会带来更多的风险,这让人们更加关注网络安全,也更需要采取新的措施。根据联合市场研究公司(Allied Market Research)的数据,2020年AI边缘计算市场的估值为9096亿美元。预计到2030年将达到596.33亿美元,年均复合增长率为21.2%。现在,越来越多的公司正在将自动化和智能集成到他们的组织中。在《2021年数据泄露成本报告》中,IBM表示,数据泄露成本从386万美元上升到424万美元。这一增长是该报告17年历史上最高的平均总成本。这些成本正在上升,组织需要准备好解决导致这些成本的问题。威胁的数量正在增加,花费了组织的时间和金钱。越来越明显的是,等待袭击发生并不符合任何人的最佳利益。我们必须先发制人,在攻击发生前阻止它们,并将任何潜在入侵的影响降到最低。向云的转移已经发生了,但疫情迫使我们进一步依赖云服务。边缘计算的优势变得难以忽视,即使对那些以前抵制它的人来说也是如此。数字化和在家工作已经使云计算和边缘计算影响到每个人。在这一转变期间,大多数组织都没有技术和实践来保持安全。企业必须从一开始就考虑安全问题。你可以在这篇文章《原生安全如何影响物联网设备制造》中读到更多关于从牢记安全开始的内容。边缘计算解决了物联网中的多个数据流量问题。然而,它也可能带来新的漏洞,导致更大的总体攻击面(即,潜在攻击者可以利用的系统访问点的总和)。现有平台的状态使得网络在边缘和用户终端更加脆弱。许多攻击可能发生,例如,因为最终用户不或不能更改默认密码。如果没有这种能力,恶意行为者就可以访问设备并将边缘设备暴露给攻击。 不安全的互联网资源可以很容易地找到和访问。(甚至在2013年推出了一个搜索引擎,用于在全球范围内寻找不安全的物联网设备。)在2017年的“僵尸网络弹幕”中,机器人被部署在一所大学校园中搜索运行默认密码的设备。5000个离散系统试图破解弱密码或默认密码,攻击了5000个物联网设备。虽然这类攻击的漏洞存在于端点,但边缘计算通过引入潜在的新攻击面使事情复杂化。连接到公共互联网的物联网设备在边缘破坏安全协议。这部分是由于边缘计算的当前状态,包括传感器、软件和安全元素的全栈解决方案非常罕见。许多用于在边缘保护物联网网络的方法可能是不够的。如果加密密钥被泄露,LPWAN协议可能会变得脆弱。vpn受到中间人攻击。物联网是分布式和碎片化的,具有巨大的攻击面。缺乏物理安全会给你的整个物联网生态系统带来严重的安全风险。这是因为边缘计算的分布式特性也开启了一个新的、不受欢迎的物理威胁边界。为传统网络供电的服务器和设备通常安装在专门的、通常高度安全的设施中。尽管如此,使边缘处理实现如此巨大飞跃的小型数据中心也可能成为安全噩梦。这些微型中心设备通常部署在现场,而不是生活在数据中心。当讨论物联网边缘时,这个领域可以是一个公司办公室,一个农场和任何介于两者之间的地方。对边缘设备进行物理篡改的攻击者可以使网络瘫痪,甚至伤害其中的一个运营商。系统中任何一点的物理攻击都可能作为系统深度渗透的开始。随后的攻击可以远程应用,影响成千上万的设备。保护这些设备绝不是小事。虽然加强它们抵御物理攻击是必要的,但这也是在安全性、成本和升级和服务边缘数据中心的易用性之间的权衡。设备制造商必须意识到这些风险,并确保设备可以很容易地得到保护,以便在任何篡改迹象出现时产生远程和本地警报。物联网边缘网络面临的最大威胁来自于安装人员、运营商和其他不熟悉物联网网络安全快速变化格局的人员。人为失误是网络安全漏洞的主要原因。许多组织正在研究减少这种风险的方法。企业和工业场所之外的物联网设备往往被视为玩具,而不是严重的安全风险。如果攻击者对它们有物理访问权,它们就可能被破坏。设备必须有物理保护和强密码。它们还必须定期更新,许多普通用户可能不会定期遵守这些程序。尽管漏洞的可能性增加了,但如果设备是安全的,并且有适当的认证系统,边缘处理可以是管理物联网数据流量的一种安全方法。电气和电子工程师协会(IEEE)建议使用边缘计算来提高安全性。边缘软件可以验证物联网设备的身份,防止恶意设备接入核心网。如果你想利用物联网设备和优势优势,你需要知道如何保持你的数据安全。确保网络边缘安全的一些最佳实践包括:这种机制保护静止和传输中的敏感数据。加密密钥只有发送方和接收方知道,第三方无法读取。这种安全方法对物联网设备至关重要,因为网络入侵是一个何时而不是是否的问题。物联网使组织更加脆弱,因为它增加了现有端点的数量。 技术在不断发展。你不能预测每一个变化,但你可以尽最大努力做好准备。考虑一下未来您将如何使用物联网设备,以及是否会出现可能危及安全的兼容性问题。具有简单或常见密码的物联网设备为黑客打开了大门。随着物联网进入我们所处的任何地方(例如,家庭和工作场所),所有选项的额外安全层都应该实现。每个设备的密码应该是复杂且唯一的。加密密钥应该存储在没有连接到互联网的硬件令牌设备中。如果生物识别认证系统对您的应用程序有意义,那么包含它将进一步保护数据。连接到边缘的设备不能运行不必要的业务。尽可能减少或消除与公共互联网的连接。设备之间必须建立受保护的通信通道。所有设备都应该与它们的环境安全通信。物联网设备应该只发送与其预期用途相关的数据。设备不应该以任何方式与其他设备交互。大多数组织应该求助于具有专业知识的合作伙伴,为边缘构建提供一个单一的解决方案,而不是一个“固定在一起”的解决方案。除了合适的设备和软件分析工具外,边缘计算解决方案还需要物理安全和受控的物理环境。与专家合作的组织可以更好地克服复杂的安全挑战,并获得简化的边缘处理的好处。作为全球物联网解决方案的领导者,Telit使您的企业能够轻松地发展和充分利用当前的技术。Telit OneEdge™,我们的安全软件栈,使您能够插入和发挥到物联网边缘。它由硬件和软件组成,提供本地端到端安全性和易于部署。我们提供Entry, Pro和Ultimate计划,使您能够扩展和体验物联网边缘的成功。Telit OneEdge Solo是一个私有实例选项,赋予您额外的安全性和对您的物联网服务的完全控制。除了集中的设备管理和边缘逻辑,OneEdge还提供:发现Telit OneEdge如何保护您的物联网生态系统。今天就和Telit物联网专家谈谈,索取一份评估包。编者注:本博客最初于2020年1月6日发布,并已更新。 
  • 云计算
  • 网络安全
  • 边缘计算
  • 网络攻击
  • en
您觉得本篇内容如何
评分

评论

您需要登录才可以回复|注册

提交评论

提取码
复制提取码
点击跳转至百度网盘