By Vinod Kumar, Managing Director and CEO, Subex
Mobile edge computing or Multi-access Edge Computing (MEC) – is a network architecture that enables cloud computing to be done at the edge of a mobile network. As of today, many applications manage their online computations and content storage on servers located far away from the on-field devices and the end user. MEC brings those processes closer to the user by integrating with the local cellular base stations.
Multi-access edge computing is based on the principle that offering processing capacity at the edge of the network offers significant application benefits especially in responsiveness and reliability. MEC enables faster and flexible deployment of new applications and leads to lower latency — and better performance — for local applications and data when compared with centralized data center resources.
Businesses that run multiple applications that entail high volumes of data with low latency such as IoT gateways in healthcare, retail, etc., will find MEC quite appealing. It is going to be a key enabler for connected cars, autonomous vehicles, and industrial IoT. Edge computing will help autonomous vehicles achieve higher levels of situational awareness by merging information gathered and processed at the edge and through AI/machine learning. In such areas, even a millisecond delay can make a huge difference. Autonomous vehicles, for instance, cannot wait for information stored to be processed in the cloud (even if it only takes 200 milliseconds) to make a critical decision.
Lack of standards around MEC is one factor that might slow down the adoption of MEC. Many organizations are currently working in parallel on evolving competing standards around MEC focusing on various aspects.
MEC brings forth its own challenges. The idea of moving infrastructure and resource management to the local node could bring trust issues on the network. Among the known threats, the risk of a man-in-the-middle and polymorphic DDoS attacks are higher with MEC. When devices get cloud access at the node level, sometimes without adequate identification, the chance of misuse or even pilferage of data is higher. Once a hacker gains control over an edge device, they can launch Denial of Service attacks leading to operational downtime, theft of data/IP, financial loss, and damage to reputation.
MEC security is complicated by the use of different access technologies that a MEC node supports such as LORA, LTE/GSM, Wi-fi and Bluetooth. The only option available for companies adopting MEC is to buy disparate security solutions that address the security needs of each of these access technologies (since each connectivity flavor has its own vulnerabilities) and consolidate these disparate systems to get an overall view of an attack. This is a relatively complex and operationally inefficient proposition because of the orchestrations required.
Another complexity emerges from the high mobility of MEC processes (between similar nodes -East-West and from the cloud to a node- North-South). Such processes are also replicated in an on-demand manner as well. Thus, detecting and eradicating malicious processes become difficult as they can be in constant motion across the network. The malware can thus replicate itself at will even if it is eradicated in one part of the network thereby leading to malware persistence.
As of today, MEC security is fashioned on a traditional approach that relies on perimeter security. This is highly inadequate as most attacks occur on the user plane. Thus, malware that is operational on the network or its components is not factored in in the security architecture and overall response tactics. Anomalies in the data behavior caused by and related to malware could thus escape detection in this scenario thereby posing a major risk for MEC operations.
Data from our global honeypot network highlights the extent of attacks on IoT deployments. Most of the attacks recorded involve brute force methods using commonly used or default login credentials. Hackers are now broad basing their attacks in terms of vectors, targets, methods, data and levels of persistence. Some of the attacks studied by us targeted remote desktop protocols, virtual networks, remote terminals, internet telephony adapters and database servers. As hackers get more ambitious and persistent, their ability to inflict harm will grow.
In 2018, we saw Edge devices being used as a platform for developing infrastructure for attacks. They have also been used to gather compute power for cryptomining as also to gain long-term access to networks and systems, pilfer information or even to launch attacks on other networks and systems to degrade them.
So, how can edge devices be protected? To begin with, device manufacturers need to incorporate security considerations into their designs. Patching shouldn’t be treated a laborious chore. Edge devices should be installed in secure configurations and monitored and upgraded regularly. The networks they are connected to should also be monitored for anomalies or behaviors that may portend attacks.
Manufacturers also need to stop supporting legacy devices and systems that work with unencrypted protocols or services that run without authentication. Some level of standardization of device configurations is required and ISPs can play a strong role in this to minimize the risk of less secure devices latching on to the network.