Posted by: Jens Jensen, Scientist at Science And Technology Facilities Council
The promise of Internet of Things is that the things in question get connected, get smarter and can do more stuff, and can share with each other. However, as of May 2018, just as the GDPR is about to come into effect, it is worth reflecting on the security and privacy issues of IoT. There are many stories in the news about hacked devices, with vendors seemingly more concerned about implementing features than securing their devices, and you might wonder what sort of vulnerabilities hide in your new shiny devices.
The Open Fog Consortium (OFC) aims to develop open standards to facilitate interoperation and thus to ensure that the innovation and other promises of “fog” come to fruition – the fog becomes scalable, modular, and fog nodes provide more functionality and resources. Security of fog devices is not forgotten: in fact, one of the promises of fog computing is that it can be more secure than traditional distributed infrastructures and sensor networks, etc., because security comes built into the fog nodes themselves.
This fog security is based on applications of fundamental security principles to the fog architecture. The mF2C project has applied the same principles to design security for its fog-to-cloud platform. In time, these security designs will be validated both by running penetration tests against the platform, and by evaluating the security of the three use cases – smart city, smart boats, and smart hub in airport.
 |
In the first release, the security focuses on enabling devices to communicate securely. There is a bootstrap mechanism to register the initial device, and a means of connecting the device to a public key infrastructure (PKI), anchored in the cloud, for devices with sufficient capability. Once part of the PKI, devices can establish secure communications with each other and sign or encrypt messages. (Edge) devices that cannot support PKI are required to communicate through fog nodes that can, to ensure that the data is protected when it reaches untrusted networks. |
Thus, mF2C implements the OFC security goals of providing an open security boundaries – to the edge, the cloud, other fogs, or the user – with support for heterogeneous devices including legacy devices. For example, on smart boats, legacy devices communicate over the boat’s internal data bus to a more capable device which processes the data and communicates with the fog.
OFC’s multi-tenant security is implemented by hosting some services in the cloud – which already implements multi-tenant security – and by deploying containerised services in the fog; thus, we can limit the outside world’s access to the container, which in turn helps ensure that one container does not disrupt the services in another.
| Unlike legacy devices, when we prototype new fog devices, we consider security as a part of the design. OFC highlights the need for physical security of edge devices. In a software-only platform, we can secure device and communications, but physical security needs something beyond software. For example, there are microcontrollers designed specifically for security applications. Another approach is to simply lock up the edge device. A third approach is to recognise and accept that devices can be tampered with. |  |
If a sensor is compromised, it may give false information, but as long as most sensors give the correct information, we can recognise the anomaly and react. In fact, people apply machine learning to security, to enable automated services to recognise abnormal behaviour and raise an alarm, or isolate the misbehaving node. The obvious difficulty, however, is that “abnormal” is very application specific. The abnormal situation may be an attacker trying to subvert the system, or it may be a genuine emergency in the infrastructure which needs an appropriate reaction. Balancing the user’s right to privacy against the need to provide services to them and to maintain the security of the infrastructure is not easy, either. Finding the right balance is a challenging goal for the future, and identifying generic and reusable components of smart security for smart fogs is even more so. But, like the OFC has recognised and the mF2C project is doing, we have now an opportunity to get security right, so people can trust and will benefit from the fog services.