In the previous post(part 1), I explained what the strength and weakness of Data-Centric Security at IoT architecture. Now I’m going to inspect the “Edge” capability on the security point of view. An intelligent factor may be more involved in designing a security architecture with edge centrality.
There are 4 sections for Edge-Centric architecture: end devices – users – cloud and finally the edge. As I mentioned before the Users are dealing with IoT apps that aim for a comfortable life that they actually rely on instead of just getting the service they want. Technology is lined up for them from the server or service edge. The End Devices are embedded in the physical part that senses the environment but can not perform heavy computational tasks. The Cloud has unlimited resources but is too far away and sometimes doesn’t cost-effective in real-time applications but at the moment this is the responsibility of the Cloud, definitely, there would better choice if we can bring the Edge in this architecture.
Constraints cause changes
The relationship between Cloud and Edge can be dependent (in collaboration) or independent (all responsibility lies with the edge). Collaboratively, the cloud performs dl based on Big data, and the learned model can be used by the edge to provide better services to end-users. Independently, the edge will do many tasks as storing, computing, and so on. Edge-centric design and architecture seem to be optimal (in terms of security) because compared to End Devices:
1. The edge layer has more resources, so security computational operations such as homomorphic encryption, attributed-based access control, etc. occur in the edge layer. 2-The edge layer is physically closer to the end device, which is useful in real-time security design demands.
3. The Edge layer collects and stores data. So compared to the end device, it is a better place to make security decisions. for instance, with the Big data the edge layer detects unauthorized interference more efficiently. 4- Considering the maintenance costs, resource constraints, and sheer numbers of end devices, it isn’t cost-effective to deploying firewall on end devices but should be implemented on the edge.
Design IoT Security based on Edge-Centric
Device-Centric: According to this post, the user’s satisfaction besides knowledge is the most important factor for IoT survival. Here we have a Device-Centric perspective of IoT edge architecture. Unlike the previous model, which was user-centric, its security and solutions depend on the type of device. The main advantage of edge-centric is to offload security functions from IoT devices to the Edge layer.
Most designs do not seek to change the current network architecture or even standard protocols, but rather complete end devices for minimum security. so far, two outlines have been proposed: 1-EdgeSec 2-ReSIoT. here I wanna talk about the number one, EdgeSec.
EdgeSec proposed by Kewei Sha et.al declares six major modules for security. 1-Account safe management 2-Security analysis 3-Protocol mapping 4-Security simmulation 5-Interface management 6-Request handling.
Each IoT device is first registered in the secure profile management module, then the information of each device is stored and security requirements are identified for each device. Then, in the Security Analysis module, the security of a particular loT subsystem with functions is examined: one analyzes the security dependencies of the registered devices and the other, decides where to deploy the security functions.
In the protocol mapping module, the appropriate security protocols are selected from the protocol library for each specific IoT device, which firstly has a security profile and sufficient resources.
The security simulation module simulates the results of critical intrusions before they actually occur to protect the physical system. Other modules have functions such as masking homogeneity in communication and module collaboration provides different directions for work.
In the next post, I would write about Firewalls on Edge layer.