WHITE PAPER Fog Gateways: The Cornerstone of IoT Security Fog Gateways: The Cornerstone of IoT Security By Nicholas Cravotta The IoT offers tremendous value, safety. Utilities can dynamically change rates and shift loads—thus preventing overinvestment in power but also introduces major security generation. IoT-based medical devices can monitor challenges. Connecting previously offline patients continuously to identify trends and alert systems increases the attack surface for hackers— caregivers before an emergency arises. and the diversity of these systems makes it difficult to But all these benefits depend on secure data flow. deploy and manage consistent security. If the network is compromised, the result can be The nature of internal networks—such as the automation disastrous. For industrial applications, the cost could be networks that connect factory machinery—add to the the shutdown of operations or equipment damage. In a problem. Legacy networks provide minimal authorization, utilities environment, invalid data could result in black- little authentication, and not enough encryption. There outs and lost revenue. For retail applications, security is often no protection against intrusion, unauthorized breaches could halt sales and expose customer data. reconfiguration of edge equipment, or DDoS attacks. If an attacker gains access to these unsecure networks, the What Makes IoT Security Different entire organization can be at risk. In some ways, security concerns are nothing new. Most Fog computing can address these security issues today organizations already have security precautions in place and help you prepare for new challenges on the horizon. to protect sensitive IT systems and physical assets. But Fog gateways provide secure connectivity to local equip- the IoT introduces new threats that can catch businesses ment, intelligent data processing, and end-to-end off guard. manageability that extends into the cloud. With fog Particularly challenging is the way that the IoT merges gateways, developers can go beyond connecting the worlds of information technology (IT) and operations equipment securely. Now they can deliver high- technology (OT). By connecting physical assets to the performance, real-time computing at the network edge. cloud, the IoT exposes these assets to IT security risks. But operations typically doesn’t have a background in IT- Risks of Unsecured Systems style security (e.g., centralized policy enforcement). The IoT has proven its value in nearly every industry. Conversely, IT typically doesn’t have experience Manufacturers use it to manage factories in real time, with embedded systems and their hard real-time boosting production, equipment lifetimes, and worker Fog Gateways: The Cornerstone of IoT Security 2 requirements. To assure both security and reliability, The network, data center, and applications all need pro- operations and IT need to align their goals and coordinate tection, too. Every time a device connects with another their efforts. device, especially with end-to-end access through the cloud, the communications link needs to be secured. At The IoT also increases the overall scope and scale of the the highest level, device monitoring and security analytics security challenge. As more assets connect to a network, also play an important role in assuring that the ecosystem hackers and viruses gain more potential points of attack. is protected. These connected assets also generate an overwhelming One of the key capabilities for many IoT ecosystems is amount of data to process that can constrain available enabling users and administrators to directly and bandwidth, especially when processing is done in the remotely control devices. As an IoT ecosystem scales, cloud. This puts time-sensitive operations such as fault it becomes increasingly important to be able to apply detection and service restoration at risk, and potentially security policies consistently and easily. delays responsiveness to security events. Manageability and consistent application of security The Basics of IoT Security can be difficult to achieve. IoT ecosystems may comprise a wide range of different hardware, OS, networking, To achieve end-to-end security, secure capabilities need and other technologies. The rapid pace of innovation to be implemented at many levels in an IoT ecosystem. means IoT ecosystems also need to support multiple At the lowest level, individual devices must be secure. generations of technology. This includes protecting hardware from physical attacks and safeguarding software and data from unauthorized Furthermore, security is not a deploy-and-ignore modification (Figure 1). technology. Security must be kept up to date to address new standards and vulnerabilities. Figure 1: Device-level security encompasses a range of hardware and software features. Fog Gateways: The Cornerstone of IoT Security 3 Fog Computing and IoT Gateways enforcement and smooths integration across disparate IT systems. This also makes it easier to keep security up Fog computing is an approach to IoT design that adds to date and to scale as the ecosystem grows. a hierarchy of intelligence between the cloud and endpoints. Rather than directly pipe endpoint data Because security is implemented in gateways, legacy IoT to the cloud, fog computing places compute resources devices behind the gateway are inherently secure. Thus, near endpoints at the edge of the cloud or directly fog computing makes it considerably easier to secure on premises. legacy equipment. In many systems, these fog computing capabilities Fog computing can also eliminate expensive endpoints are provided by IoT gateways. A gateway aggregates refresh cycles, since a well-chosen gateway can endpoint traffic and maps diverse local protocols to a accommodate generations of security updates. common IP backend. On top of this, fog technology provides compute-intensive cloud services like data Pushing compute resources closer to the edge also analytics locally (Figure 2). enables gateways to handle real-time/time-critical applications. This is an important benefit because many To accelerate development and adoption of fog tech- applications cannot tolerate the latency of pushing data nologies, Intel created the Fog Reference Design (Intel to the cloud and waiting for a response. Intelligence in FRD). Built around Intel® Core™ i3/i5/i7 or Intel® Xeon® the gateway also minimizes the compute power required Processors for high compute performance—along with in endpoint devices and in cloud. This can substantially Intel FPGA solutions for specialized functionality—Intel reduce the cost and complexity of endpoints. Just as FRD is a self-contained platform housed in an enclosed important, gateways can filter endpoint data and thereby chassis. This all-in-one test bed enables developers to optimize bandwidth requirements between endpoints experiment and demonstrate fog use cases across the and the cloud. spectrum of vertical segments. From there, developers can quickly move on to commercially available hardware to implement their designs. Boundary Security One of the ways fog computing can secure IoT ecosystems Security Through the Gateway is through boundary security. To illustrate the advan- tages of boundary security, consider the alternative of One of the primary benefits of fog computing is how it separately securing each subsystem. In this context, a simplifies security. Rather than address security across subsystem can take many forms. For example, it could be a large number of endpoints, fog computing aggregates a network of devices on a LAN or a suite of applications in and maps connections across a relatively small number the cloud. of gateways. Consolidation ensures consistent policy Figure 2: Gateways are intermediaries between endpoints and the cloud. Fog Gateways: The Cornerstone of IoT Security 4 The advantage of subsystem-based security is that IT can One example of boundary security technology is Vortex balance cost, latency, and other factors with the security Cloud from PrismTech, a subsidiary of ADLINK. Vortex requirements of each subsystem. But this individualized Cloud secures communications at the boundary between approach has a major flaw. When a subsystem connects subsystems and can be used with private, public, and to an external resource, this creates a weakest point of hybrid clouds (Figure 3). vulnerability. Specifically, the security deployed by the subsystem may be insufficient to protect data across Vortex achieves this through a boundary security approach that uses certificate-based authentication, the external connection. secures encrypted communications, and enforces Boundary security is a method for protecting data by access control rules between subsystems and individual securing the boundary between different subsystems. devices. Capabilities such as Discovery Service simplify Each connection to external resources is secured IoT ecosystem management by enabling devices to independently of the security within the subsystem. automatically find one another, regardless of This ensures that every external connection is secure, their location. and leaves no chance for an oversight by an endpoint to leave an opening into the network. The Intel® IoT Platform Using a boundary security approach, building a secure Developing a complete IoT ecosystem can be challenging, IoT ecosystem begins with the gateway. In addition to even before security is taken into account. The subtle providing WAN connectivity to the cloud, gateways complexities of IoT security
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages9 Page
-
File Size-