Many Agent Controller (AC) security components were prototyped for IT-1, even if not all were integrated into the actual release. Building on the experiences with these prototypes, and with the IT-1 release itself, it is now possible to update the plans for the AC security for the rest of the project, taking into account also the feedback from the review. This description of AC security also takes into account the updated requirements in D2.5 and the revised architecture in D2.7. Specifically, building upon a core transport layer in the fog, the security framework that underpins the agent security is developed, which is then further used to implement the security goals identified by D2.5. These goals cover the security features of the agent controller that were demonstrated in IT-1, namely discovery, identification and authentication of agents, bootstrapping agent security (connecting them to a fog and giving them credentials), secure communications, and user registration. The goals go beyond previous work by implementing discovery for other protocols, extending bootstrap to multi-fog scenarios, adding authorisation, privacy and GDPR support in user registration, and more. As a part of this process, we investigate supporting technologies that were not integrated in IT-1, or were not investigated at all earlier. These technologies include the emmy Zero-Knowledge prover developed by XLAB, distributed ledger technologies, IPv6 security features (which are “cleaner” than their equivalent features in IPv4), as well as the practicalities of the physical security of edge devices.
It should be clear that the work presented here, and in the associated Platform Manager security deliverable (D4.2), combines to form a very ambitious workplan, not all of which will be achievable in the remaining year of the project. However, by documenting the full range of the proposed security implementation, it should be possible to then later make informed decisions about the priorities of the individual security tasks. For example, we can decide to implement very minimal fogs, with agents living in essentially only connectivity with each other, and with access only to the CAU gateway and any leader agent(s) that may be present. It will equally be possible to implement a more extensive fog, that enables devices – once authenticated – to access the wider Internet and, through cloud-hosted information hubs, can share information with agents and devices in other fogs. The AC security provides the foundation for building fogs and edge-to-fog and edge-to-cloud applications.