A Brief Discussion on Security Threats in Edge Computing

Introduction

Abstract

Edge computing, as a new computing paradigm following cloud computing, processes part of the data at the terminal, bringing computation closer to users and data sources at the network edge. This effectively avoids problems such as data latency, high data centralization, and network jitter. The unique advantages of low latency, mobility, and cost-effectiveness have led to an increasing number of applications in edge computing, promoting the innovative development of traditional technologies and businesses, with large-scale applications in various valuable industries such as electricity, transportation, manufacturing, and smart cities. However, the security threats faced by edge computing are also increasing, and edge security issues have become one of the obstacles restricting the development of the edge computing industry.

This article will introduce the basic situation of edge computing, its applications, and the security issues it currently faces.
A Brief Discussion on Security Threats in Edge Computing

1

Introduction to Edge Computing

Edge computing refers to the technology that allows computation on downlink data from the cloud and uplink data from IoT terminal devices at the network edge, where the “edge” can be defined as the computing or network resources between the terminal data source and the cloud data center. Edge computing attempts to process data at the edge so that data does not have to be fully sent to the cloud for processing, thereby reducing bandwidth pressure and latency. The computing power in the cloud is generally superior to that of edge devices, which has proven to be an effective data processing method in past practices. However, compared to the rapidly growing speed of data generation, the bandwidth and data transmission speed of the network have basically stagnated, gradually becoming a bottleneck in the development of cloud computing. Traditional centralized big data processing models based on the cloud are limited by the physical distance between cloud servers and terminal devices, facing issues such as latency, bandwidth, and energy consumption, making it difficult to cope with emerging application scenarios.

The core idea of edge computing is “to provide reliable and stable services close to users,” processing and storing data at the network edge near user terminal devices. Edge servers provide services directly to ensure low latency; data processing no longer requires uploading all data to the cloud, alleviating bandwidth pressure; widely distributed edge servers share the data processing tasks, reducing energy consumption of central cloud servers. Therefore, edge computing features distributed architecture, low latency, and high computational efficiency.

2

Application Status

With its unique advantages, edge computing has gained attention from academia and government agencies and is transitioning from design concepts to industrial practice. Industries with high real-time interactive demands, sensitivity to network latency and jitter, and high security requirements, represented by electricity, transportation, manufacturing, and smart cities, are gradually becoming the main stage for edge computing. For example, in smart cities, a large amount of data is generated continuously, and many real-time services need to be provided. Edge computing, with its efficient distributed data processing capabilities, has become the technical foundation for smart city construction. Intelligent traffic control systems can be run on edge servers to obtain and analyze real-time information about road traffic flow and incidents, and make decisions on traffic signal settings to alleviate vehicle congestion, thus achieving smart transportation. With the help of edge computing, special places like residential areas or construction sites can implement camera monitoring for people and vehicles, with edge servers analyzing the data to complete tasks such as alerts for unauthorized personnel and dangerous situations.

To enable edge computing to have a universal architecture applicable to more fields, relevant enterprises, industrial organizations, and academic institutions both domestically and internationally are exploring edge computing architectures. In 2016, the Edge Computing Industry Consortium (ECC) proposed the Edge Computing Reference Architecture 3.0, which consists of three layers, each with modeled open interfaces for full-layer openness. The edge layer is located between the cloud and the on-site device layer, supporting the access of on-site devices downward and connecting with the cloud upward. The edge layer includes two main components: edge nodes and edge managers. Edge nodes are the hardware entities that carry edge computing services, while edge managers are the software that manages and schedules edge nodes uniformly. Three end-to-end intelligent services are set up vertically, where security services take into account the unique characteristics of edge application scenarios, and the protection strategies consider various protective measures from the physical layer to the application layer for multi-layer security protection. In 2017, the Linux Foundation also launched the open-source project EdgeX Foundry, aimed at creating a standardized universal framework for IoT edge computing. As shown in Figure 2, EdgeX Foundry can be divided into four service layers and two foundational system services, including core service layer, supporting service layer, export service layer, and device service layer.

A Brief Discussion on Security Threats in Edge Computing

Figure 1: The Edge Computing Reference Architecture 3.0 proposed by ECC

A Brief Discussion on Security Threats in Edge Computing

Figure 2: EdgeX Foundry Architecture

3

Security Threats in Edge Computing

The rapid development of edge computing has also introduced network attack threats to the network edge, while common countermeasures are still relatively traditional network security protection technologies, which struggle to resist multi-source and cross-domain intrusions and attacks in edge computing. The computational, storage, and energy capabilities of nodes in edge computing architectures are limited, and existing security measures cannot fully apply to edge nodes. The cost of attacking a single computation or service node is significantly lower than that of the originally powerful central server, making it easier to attract attackers’ attention. The network edge is closer to the interconnected devices, involving a large amount of user personal privacy data; once the communication and decision-making methods at the network edge are attacked, they can directly affect the implementation of system functions, leading to significant gains for attackers from a single attack. Under the edge computing architecture, the lower cost and higher income of attacks pose significant security threats. Security threats exist at multiple stages, including the edge computing nodes themselves, edge management nodes, and between layers.
3.1 Security Issues of Edge Computing Nodes – Insecure Data Management and System Deployment
(1) Insufficient Privacy Data Protection
To reduce latency and alleviate the pressure on central servers, edge computing processes and makes decisions on data locally, migrating computation tasks from the cloud to the nearby edge. The data processing flow generally involves terminals uploading data to edge nodes, which process the data (either independently or in collaboration with the cloud) and return it to the terminals. While this reduces the risk of privacy leakage during data transmission, it also enables edge devices to acquire and store a large amount of raw sensitive data from users, posing new challenges for data privacy protection in edge computing. For example, in smart home scenarios, smart sensors deployed in users’ households can capture a large amount of user privacy information, such as room layouts and dynamic activity information of household members. However, compared to traditional cloud centers, edge nodes typically lack effective encryption or desensitization measures, facing threats of privacy leakage from multiple targets, pathways, and forms. If edge nodes are attacked, sniffed, or corrupted by hackers, users’ household consumption, health information from electronic medical systems, and road incident vehicle information may be leaked. If such information falls into the hands of criminals, users’ lives and property will be threatened.
(2) Data Vulnerability to Damage
The infrastructure of edge computing is located at the network edge, and compared to centralized cloud servers, it lacks effective data backup, recovery, and auditing measures. If data is lost or damaged on edge nodes, there are no local data recovery mechanisms, nor corresponding backups in the cloud, leaving users or enterprises to accept the consequences of data loss. In the application fields of edge computing, lost data could be crucial evidence for video surveillance incidents, billing data for telecom users, or data collected for batch decision-making in industrial production, all of which could lead to significant losses.
(3) High Vulnerability of Software and Hardware Deployment
In large-scale distributed edge computing systems, to reduce manufacturing, deployment, and operational costs, the hardware of edge nodes sacrifices some security performance. TEEs (such as Intel SGX, ARM TrustZone, and AMD memory encryption technologies) popular in cloud computing environments have not yet been widely implemented under existing edge conditions; in software deployment, to improve convenience for bulk deployment, edge nodes tend to use lightweight container technologies, but containers share the underlying operating system, resulting in poor isolation and a wide attack surface. The security isolation of software implementations faces issues such as memory leakage or tampering.
3.2 Security Issues of Edge Management Nodes – Insecure Large-Scale Identity Authentication Management
Identity authentication is the process of verifying or determining whether the access credentials provided by users are valid, serving as the foundation for other security management services. Devices at the edge are more susceptible to theft, man-in-the-middle attacks, impersonation, and other attacks compared to cloud centers, posing significant challenges for identity authentication and subsequent authorization in edge networks. However, the edge network features large-scale, heterogeneous, and dynamic characteristics, making unified identity authentication and efficient key management difficult to implement. If there is a gap in identity authentication between end users and edge servers, malicious edge nodes may impersonate legitimate edge nodes, tricking end users into connecting to them, affecting functionality and causing user data leakage. If there is a gap in identity authentication between distributed edge nodes and the cloud center, attackers may invade the data center, threatening the security of the entire system.
3.3 Security Issues in Communication of Edge Computing Nodes – Insecure Communication Protocols
Edge computing, derived from the network architecture of cloud centers, not only inherits the communication security risks present in ordinary cloud environments but also has its own communication security risks due to the distributed security domains of edge computing and the ease of compromising its communication entities. Typically, edge computing nodes use short-range wireless communication technologies with vast, heterogeneous, resource-constrained field or mobile devices, while edge computing nodes communicate with cloud servers using message middleware or network virtualization technologies. Most of these communication protocols lack sufficient security considerations, posing risks of eavesdropping and tampering. Traditional communication protocols struggle to meet the security requirements of edge computing, including authentication, key negotiation, privacy protection, and data sharing in the edge computing environment.

4

Conclusion

This article focuses on the edge layer in edge computing architecture, discussing the security issues present in edge computing nodes themselves, edge management nodes, and the communication of edge computing nodes. In addition, edge computing also faces security threats from intrusions into cloud computing data centers and malicious on-site devices. To address security threats and meet the non-traditional security demands of massive, heterogeneous, and distributed edge computing, relevant enterprises, industrial organizations, and academic institutions are conducting related research, such as using blockchain and federated learning to enhance the security of data sharing, exploring more comprehensive and feasible security architectures, and studying dedicated low-latency high-security communication protocols. All of these require further exploration to promote the long-term development of edge computing.

References

[1] Shi W, Cao J, Zhang Q, et al. Edge Computing: Vision and Challenges[J]. IEEE Internet of Things Journal, 2016, 3(05):637~646.

[2] Li Xiaowei, Chen Benhui, Yang Dengqi, et al. A Review of Security Protocols in Edge Computing Environments[J]. Computer Research and Development, 2022(059-004).

[3] Edge Computing Industry Consortium. Edge Computing Security White Paper[EB/OL]. [2019-11]. www.ecconsortium.org/Uploads/file/20191126/1574772963483806.pdf.

[4] Yang Dequan. Security Threats and Defenses in Edge Computing[J]. Automation Expo, 2022, 39(2):3.

[5] Roman R, Lopez J, Mambo M. Mobile Edge Computing, Fog et al.: A Survey and Analysis of Security Threats and Challenges[J]. Future Generation Computer Systems, 2016, 78(PT.2):680-698.

[6] Yahuza M, Idris M, Wahab A, et al. Systematic Review on Security and Privacy Requirements in Edge Computing: State of the Art and Future Research Opportunities[J]. IEEE Access, 2020, PP(99):1-1.

[7] Zheng Fengbin, Zhu Dongwei, Zang Wenqian, et al. Edge Computing: A Review of New Computing Paradigms and Application Research[J]. Computer Science and Exploration, 2020, 14(4):13.

[8] Cao Ziwen. Edge Computing: Framework and Security[J]. Confidential Science and Technology, 2019(9):5.

[9] Liu Yunyi, Zhang Jianmin, Feng Xiaoli. Security Capability Deployment Scheme for 5G Edge Computing Systems[J/OL]. Telecom Science. https://kns.cnki.net/kcms/detail/11.2103.tn.20220614.1655.002.html

[10] Fu Wenjun, Mao Xiongfei, Yu Haisheng, Ke Bin, Zhang Su. Analysis of the Current Situation and Direction of 5G Edge Computing Technology[J]. China Instrumentation, 2021(06):80-82.

[11] Zhao Ming. Overview of Edge Computing Technology and Applications[J]. Computer Science, 2020, 47(S1):268-272+282.

[12] EdgeX Foundry. EdgeX Foundry documentation[OL]. https://www.edgexfoundry.org.

China Confidentiality Association

Science and Technology Branch

Scan to follow us

A Brief Discussion on Security Threats in Edge Computing

Author: Wang Jiawen

Editor: Xiang Lingzi

Top 5 Highlights of 2021

Insights on Paper Recovery Technology’s Importance for Carrier Destruction

Geographic Information Security and Confidentiality Around Us
Summary of US Technology Competition Policy Recommendations Against China
Satellite Communication in 6G
Discussion on Electromagnetic Leakage Protection of Computer Keyboards

Recent Highlights Review

ETHERLED Method: Data Leakage via Network Card LED in Physically Isolated Systems

Introduction to Software Security Entity Relationship Prediction

Introduction to Network Security Incident Analysis

Revisiting New Issues Faced by Digital Forensics Technology Development
Technology and Product Applications of Palm Vein Recognition

Related posts

  1. Understanding RSRP Measurement Characteristics in 5G NR
  2. Understanding Edge Computing: The Future of IoT
  3. Optimizing NB-IoT Core Network for Efficient Data Transmission
  4. Common Communication Interfaces in Embedded Development
  5. From Beginner to Expert: Understanding TCP/IP and OSI Models
  6. Deepening Edge Computing Applications to Support ICBC’s Digital Transformation
  7. Deep Understanding of Linux Bus Device Driver Framework
  8. Common TCP/IP Attack Methods
  9. Sharing TCP/IP Illustrated (3 Volumes) PDF
  10. Edge Computing Standard Parts Plan: H3C’s Self-Developed Edge Server
  11. Edge Computing: Key Technology in the 5G Era, Dominated by FPGA
  12. What Is Edge Computing and Why Is It Important?
  13. What Is Edge Computing?
  14. Overview of Protocols Involved in IoT Devices and Applications
  15. Behind the IoT Device Zombie Networks
  16. Enhancing Digital Transformation Through Edge Computing in Industrial Manufacturing
  17. Understanding Storage Chips and Their Applications
  18. From Autonomous Driving to Embodied Intelligence: A Comprehensive Discussion
  19. Broadcom 1T1R WiFi Module Overview

Leave a Comment