Is Edge Computing Secure? Here Are 4 Security Risks to Be Aware Of
by Brett Daniel, on Dec 9, 2020 9:28:50 AM
Graphic: Like any new computing paradigm, edge computing brings with it some significant security risks to be aware of.
Every new widely adopted computing technology begets a corresponding learning curve for businesses and organizations.
With cloud computing, this involved adapting to a simpler, more scalable, and more reliable version of the traditional client-server infrastructure, implementing it across entire companies, navigating new relationships and agreements with cloud service providers, learning more about how data storage and backup would be handled, and not least, understanding how providers would secure that data.
The advent of edge computing – in which cloud computation is decentralized and placed at or near data-generating devices - brings similar challenges, not the least of which is edge security, or the practice of understanding the cybersecurity vulnerabilities of edge computing and their corresponding countermeasures.
There's actually a bit of apprehension surrounding effectively securing edge computing devices, with 66 percent of IT teams viewing the architecture itself as a threat to their organizations. The main reason for concern? Edge security.
In this blog post, we’ll discuss four edge computing security risks and countermeasures, as highlighted in an Institute of Electrical and Electronics Engineering (IEEE) survey published earlier this year. At the end, we'll discuss the importance of trusting edge computing solutions providers that excel and partner with experts in cyber hygiene to ensure that your data is safe at the edge.
Photo: Adversaries are able to manipulate and sabotage edge computing network resources to access and steal your sensitive data.
Edge Computing Security Risk #1: Malicious Hardware/Software Injections
Cyberattackers seeking to corrupt, steal, alter, or delete data circulating within edge networks have a few different hardware- and software-based tools at their disposal, particularly when it comes to the infection and manipulation of edge nodes, or the servers and devices located at the edge.
Attackers can inject unauthorized software and hardware components into the edge network that wreak havoc on the efficacy of existing edge servers and devices and even allow for service provider exploitation, by which those entities providing the software and hardware solutions that make edge computing possible begin unwittingly executing hacking processes on the attacker’s behalf.
One such frightening practice highlighted by IEEE researchers is known as node replication, whereby adversaries insert a malicious node into the edge network and assign it an ID number identical to that of an existing node. Then, like a spy incognito usurping valuable intelligence from the enemy, attackers can steal data from within the network. They can even delegitimize other nodes in the network using node-revocation protocols.
There’s also the practice of camouflaging, whereby attackers inject a counterfeit edge computing node that appears and functions like any other - sharing, receiving, storing, processing, redirecting, and transmitting data packets - as well as the practice of hardware trojan injection, which gives attackers control over a node’s integrated circuits, and thus, their data and software.
The IEEE researchers propose three countermeasures to deal with malicious hardware/software injections. They are:
- Side-channel signal analyses, which detect hardware trojans using timing, power, and spatial temperature analyses. Basically, this method detects malicious firmware or software installed on edge nodes by identifying unusual system behaviors, such as increases in execution time and power consumption.
- Trojan activation methods, which compare Trojan-afflicted integrated circuits with non-Trojan-afflicted circuits to detect and model malicious attacks
- Circuit modification or replacing, which is a series of countermeasures that offers protections at the circuit level and even allows the node to self-destruct in the event of an attack
Graphic: Physical tampering has always been a cybersecurity risk, and edge computing's increased attack surface makes it that much more concerning.
Edge Computing Security Risk #2: Physical Tampering & Attacks
Physical tampering of devices is a likely possibility in an edge computing architecture, depending on their location and level of physical protection from adversaries.
Edge computing, by its very nature, creates an increased attack surface by locating computational resources closer to data sources. Although an increased attack surface creates more ground to cover for physical attackers seeking to compromise entire edge networks, the fact that there’s a greater number of devices in a greater number of places also makes physical attacks that much easier to carry out.
Once physical access is gained, attackers can:
- Extract valuable and sensitive cryptographic information
- Tamper with node circuits
- Change or modify node software and operating systems
There’s also the possibility of an attacker literally damaging or destroying edge nodes, and in turn, compromising the efficacy of the entire network.
The same methods used to prevent malicious hardware injection, such as system analysis and self-destruction, can be used to prevent or mitigate the harmful effects of physical tampering and attacks. Businesses and organizations can also look at creative ways to boost the physical security of any edge nodes that aren’t located in highly secure edge data centers. This might include employing additional ruggedization techniques during manufacture or implementing locking mechanisms and other physical safeguards in the field.
Graphic: Adversaries can also weaponize where and how much data travels to sabotage the efficacy of an edge network.
Edge Computing Security Risk #3: Routing Information Attacks
Another edge computing security risk to be aware of is what’s known as a “routing information attack,” or simply “routing attack,” which occurs at the communication level of an edge network. Essentially, routing attacks interfere with the way data is transferred within a network, which can affect throughput, latency, and data paths.
The IEEE researchers highlight four distinct routing information attacks in their paper:
- Black holes
- Grey holes
- Hello Flood
During a black hole attack, incoming and outgoing network data packets are simply deleted, ensuring that they never reach their destination. This decreases throughput and can increase latency if the data needs to be retransmitted. The lower the throughput and the higher the latency, the worse the network performs.
A grey hole attack is like a black hole attack but instead involves gradually and selectively deleting data packets in a network. This type of attack is more sophisticated than the black hole attack, and as such, can be more difficult to identify.
A wormhole attack involves recording packets at one network location, tunneling them to another, and replaying them. According to a study conducted at the University of British Columbia, a strategic placement of a wormhole can disrupt an average of 32 percent of all communications across an ad hoc network.
Finally, there’s the Hello Flood attack, in which a malicious node broadcasts hello packets to nodes claiming to be their neighbor, causing general routing confusion within the network.
According to the IEEE researchers, establishing reliable routing protocols and implementing a high-quality intrusion detection system (IDS) that monitors for malicious traffic and detects policy violations can serve as effective countermeasures against routing information attacks. Nodes with reliable routing protocols can create a table of trusted nodes for sharing sensitive information, the researchers say, and an adequate IDS can detect common routing information attacks, such as black holes.
Graphic: DDoS attacks can render edge computing solutions completely inoperable.
Edge Computing Security Risk #4: Distributed Denial of Service (DDoS) Attacks
Distributed denial of service (DDoS) attacks, whereby an existing network resource is overwhelmed with traffic from other compromised resources within the network, are another edge computing security risk to be aware of. In their paper, the IEEE researchers highlighted three famous DDoS attacks carried out on edge computing devices, specifically: outage attacks, sleep deprivation attacks, and battery draining attacks.
An outage attack has occurred when a DDoS attack causes nodes to stop functioning altogether. A sleep deprivation attack is when adversaries overwhelm nodes with legitimate requests that keep them from entering a power-saving state, which greatly increases power consumption. A battery draining attack, or barrage attack, can cause an outage by sapping certain nodes or sensors of their battery life through the continued re-execution of energy-demanding programs or applications.
In addition, the researchers highlight the potential for jamming attacks, which may be either continuous or intermittent. In a jamming attack, the network is flooded with counterfeit messages and interference that can exhaust resources at each level: communication, computation, and storage.
For sleep deprivation and battery draining attacks, the researchers suggest policy-based mechanisms. These are established to ensure that standard rules within the network are not broken. Basically, they control the behavior of devices within a network. So, if a sleep deprivation or barrage attack is initiated, a predefined security policy will identify it as suspicious or unusual, allowing administrators to contain the attack quickly.
Conclusion: Is Edge Computing Secure?
The edge computing security risks highlighted in this article are just four of many that could potentially harm an edge network and compromise one’s sensitive data. It’s always important to stay abreast of the latest threats to your edge computing setup so that you can be prepared if disaster strikes.
In general, edge computing is considered a secure computing paradigm as long as effective cybersecurity practices are in place throughout the network.
It’s never bad practice to place your trust in manufacturers who have policies and practices in place to help ensure the cybersecurity effectiveness of their edge servers and other edge computing solutions.
This includes manufacturers who have obtained or are working toward obtaining their Cybersecurity Maturity Model Certification (CMMC), are DFARS/NIST SP 800-71-compliant, and who have partnered with leading cybersecurity companies to offer operating system (OS) hardening and data-at-rest encryption key management for self-encrypting drives (SEDs). Purchasing an edge server from a manufacturer with a Counterfeit Protection Program (CPP) and other strict quality inspection programs in place is also highly recommended to help ward off hardware-based attacks.
For more information about the edge computing security risks and countermeasures listed in this blog post, check out the resources below, and as always, don’t hesitate to contact us with any questions about how we can equip your edge program or application with a trusted, reliable, cybersecure rugged computing solution.
- Edge Computing Security and Challenges
- A Survey on Security and Privacy Issues in Edge Computing-Assisted Internet of Things
- Security and Privacy Issues in Cloud, Fog and Edge Computing
- What does the rise of edge computing mean for cybersecurity?
- Edge computing security risks and how to overcome them