IoT security: Putting trust in the edge
With projected billions of IoT devices at risk, It’s no exaggeration to suggest that weak security in IoT devices could translate into massive failures in Internet-based applications (meaning, pretty much everything digital). Whether it's overt attacks that subvert devices in their millions into unimaginably large DDoS botnets or it's subtle poisoning of data streams, attacks on IoT devices could be devastating in their impact. Among a flurry of announcements at its Tech Con conference, ARM has drawn a line in the sand for IoT security – a line that passes straight through the edge that separates IoT terminal nodes from the cloud.
IoT edge devices are emerging as a kind of catch-all device, defined variously as local data aggregators, device controllers, data/state buffers, fog computing appliances, cloud gateways, and more. In the IoT, that catch-all role will gain greater importance as IoT application developers work to balance growing conflicts between all the factors that come into play in the IoT.
In its Security Manifesto calling for a collaborative approach to security, ARM proposes an additional intriguing role for edge devices as the first line of defense against compromised IoT devices. Here, edge devices would serve as an automated version of the traditional security officer tasked with identifying, tracking and isolating suspicious behavior. Unlike a suspicious security officer, however, edge devices could engage deeper security measures to validate access by different or legacy devices – not unlike an airport security officer interviewing a seemingly suspicious airline passenger. In buttressing IoT security, edge devices can handle the correspondingly more sophisticated algorithms with powerful hardware resources that are simply incompatible with the more basic requirements of IoT terminal nodes for minimal cost, size, and power consumption.
Beyond a growing role in security, edge devices will certainly serve in relieving cloud resources from the growing weight of raw data streaming from an exponentially increasing number of terminal nodes. In the process, as ARM points out in its Manifesto, edge devices will bear the growing demands of machine-learning functionality.
At the same time, edge devices could help data scientists address a significant obstacle to plans for using larger data streams to improve IoT machine learning. As users gain greater awareness of how IoT data reveals details of their activities, data availability could tighten in response to user demand as well as regulations such as European Union General Data Protection Regulation. At the risk of oversimplifying this conflict between data science and privacy, edge devices could serve as a privacy barrier between primary data producers and cloud-based consumers. In this role, this middle layer in the IoT hierarchy might use raw data streams to execute machine learning algorithms locally, while delivering privacy-compliant data-minimized streams to the cloud.
A defined role for edge devices in the IoT is very much a work in progress. In their role as catch-all devices, edge devices can take advantage of more powerful hardware to provide a broad range of services to IoT networks. Yet, edge devices are hardly a panacea. Conceptually, using edge devices to fill in flaws in IoT system design or pack in more features risks turning these devices into the systems equivalent of spaghetti code in poorly planned software. A more practical threat to IoT functionality arises if edge devices are deployed as single points of failure, making them even more attractive targets to threat actors.
Furthermore, edge devices are only beginning to gain significant development support. Edge system designs themselves are fairly straightforward, typically relying on Linux-based platforms based on application processors – A-series cores in the ARM universe. The promise for more advanced edge services lie in the emergence of edge platform support such as ARM’s own Mbed Edge offering or Amazon Web Services’ Greengrass.
Figure. ARM's Platform Security Architecture offers a broad approach to IoT security design and implementation. (Source: ARM)
Besides the edge functionality suggested in its high-concept Manifesto, ARM offered a more actionable perspective with its Platform Security Architecture (PSA). Designed to provide developers with a concrete roadmap to IoT security, the ARM PSA combines a security use-case analysis with hardware/firmware specifications and an open-source reference implementation (see Figure above). Although ARM is still in development with PSA deliverables, the architecture provides an important milestone on the road to IoT security.