IoT Device Security at the Edge Poses Unique Challenges

• IoT devices at the edge are now more intelligent and capable as a result of more intelligent semiconductor chips.
• This intelligence at the edge is bringing new capabilities but also a host of risks to the far reaches of the network.
• IoT practitioners need to adapt traditional methods to ensure IoT device security at the edge.

Connected devices are gaining intelligence natively, and that’s bringing numerous capabilities to the field and users on the move.

IoT devices are increasingly incorporating on-device intelligence, with semiconductor chips that enable faster processing and analytics. Video surveillance and streaming, natural language processing, and real-time equipment monitoring are all enabled by embedded AI capabilities.

Think autonomous driving, pollution and water monitoring, or proactive equipment monitoring on an oil rig. IoT at the far reaches of the network brings a steady stream of insight and data to solve problems and context in real time.

Still, smart Internet of Things (IoT) devices at the edge bring a host of complexities and challenges that IT pros aren’t always prepared to handle. As devices with a variety of form factors move from centralized architectures in data centers and clouds to the far reaches of the network, devices become vulnerable to security breaches and management havoc.

Experts discussed the challenges of managing IoT devices at the edge of the network at Embedded IoT World in late April.

Device Security Problematic at the Edge

At the edge, devices can gather data and deliver information in real time, without the latency constraints of sending data back and forth to the cloud. But a central trade-off is device security at the edge.

As devices move from centralized architectures to the far reaches of the network, traditional security measures can become less relevant or possible.

Indeed, according to a survey of 312 security professionals conducted by Tripwire, 99% of respondents say they struggle to secure IoT and IIoT devices.

“In an edge scenario, there is no telling what can happen to that device,” said Steve Wong, an open source software engineer at VMware, in a session on edge device security.

Wong noted that some of the security conventions of traditional data centers don’t work at the edge.

“Certain techniques common in a data center — like simply installing a TLS certificate on a device —  are fairly questionable if a device could be could be purloined, tampered [with], copied, cloned and the certificate could be moved to somewhere else to create an imposter situation,” he said.

While one of the benefits of IoT at the edge is the ability to gather data dynamically and in real time, it also presents serious challenges for security.

Mobile devices are also inherently dynamic, so securing a static identity through network IP address or MAC address is often difficult.

“Conflating a low-level network address like a MAC or IP with identity is challenging when you’ve got mobile devices that move around and get reassigned a new IP on a routine basis,” Wong said. “Sometimes these IPs or MACs are shared across multiple services or applications; one identity for 10 different things is just asking for trouble.” Wong noted that, for scalability purposes, it’s critical for devices to be managed in groups rather than one at a time.

IT pros need to secure data and application layers, rather than just the lower levels of the network, Wong concluded.

Data transmission standards such as Transmission Control Protocol (TCP) are “misaligned” with the common edge use cases, Wong said. TCP can be inefficient for certain kinds of asymmetric (send/receive) data flows at the edge.

TCP can fuel intermittent connectivity, either because of shared, unlicensed spectrum or because of device power management.

AI at the Edge for IoT Device Security

IoT will increasingly benefit from on-device intelligence. And machine learning offers some opportunities for devices at the edge.

“There is a real opportunity to use machine learning to learn expected device behaviors out at edge and spot aberrant behaviors at scale that might correlate with security issues,” Wong said. “You have to host ML or AI where it has global visibility, and the cloud comes into play here.”

Automated and cloud-based management of IoT devices will be necessary to keep pace with the scale and explosion of devices, Wong said.

“Managing edge devices at scale needs some kind of software-based system,” he said. “It’s not going to be a human doing it. It’s going to have to be automated because of the scale involved. Doing this, I think, it makes sense to have some central cloud control plane. Unless there is a regulatory thing that prevents using the cloud.”