April 30, 2018
Redesigning security for fog computing with blockchain
by Susanto Irwan, Xage, and member of the OpenFog Consortium.
This blog originally appeared in Embedded Computing Systems Design.
As more connected devices come into use across the industrial IoT (IIoT), traditional cloud computing architectures are no longer sufficient. Current centralized systems simply don’t hold up to the scale and security requirements of so many billions of IoT devices, including the secure storage, availability over intermittent network connections, access control, authentication, and real-time analysis of a near-constant data stream. The traditional approach involves moving data from the edge to a central server for processing, which increases latency and reduces available bandwidth across the network. Most importantly, however, the transfer of massive amounts of data from devices at the edge to a central system greatly increases the chance for a security breach, resulting in lost and compromised information.
Fog computing deploys distributed nodes and gateways across vast geographical areas, ultimately moving the subset of cloud functions closer to the edge and the IoT devices themselves, better servicing the requirements demanded by a connected, IIoT. Fog computing reduces the amount of data sent to the cloud with short-term and quick analytics at the edge, decreases bandwidth requirements, improves IoT performance and availability with real-time decision making, increases efficiency, and is scalable. Fog computing enables increased security and compliance to existing organizations’ policies by applying security services at the fog level, for example by analyzing sensitive information, fingerprinting information, and applying encryption to ensure privacy based on ownership before data is sent to the cloud.
Cloud computing will continue to play a role in our industrial future, such as in centrally setting security policy to be enforced at the edge or searching for common patterns in data collected from the edge across an entire fleet of autonomous cars. However, new and common use cases will, paradoxically, make the edge the center of gravity for technological innovation.
The desire for such innovation and the promise of the IIoT has encouraged companies across industries like manufacturing, oil and gas, utilities, transportation, telecom, and mining to adopt fog computing as the answer to decentralized storage and analysis of sensitive information across their highly distributed environments. That said, for fog computing, storage, and networking services to properly operate between cloud data centers and connected devices, we must ensure that devices and fog nodes are fully tamper-proof, and that the data can’t be manipulated.
The importance of security as a foundational element to enable this vision can’t be overlooked. When we consider critical IIoT use cases like public transportation and our national infrastructure, where a security breach could have catastrophic implications, the need for a decentralized security solution becomes imminent. Recent examples of security breaches include:
- An attack on San Francisco’s emergency alert system, where hackers could control all 114 of the city’s connected emergency alert sirens and play unverified emergency messages over the system.
- A cyberattack that compromised the communications systems and operations of a Texas-based oil and gas company. Similar types of attacks could allow hackers to gain control of digitized pumps and wells, significantly impacting production.
- A ransomware attack that forced the city of Atlanta to shut down its computer systems for five days.
As we continue to design distributed fog services, we must also design a security foundation that has a complementary architecture: autonomous, real-time, decentralized, zero-touch deployable, and adaptive. Instead of constantly interacting with a centralized security system, equipment, devices and applications need to band together to secure themselves.
Implementing a blockchain-protected security fabric is a novel approach to enable fog adoption. As a distributed platform, blockchain is a technology that can be used for decentralized data storage and access control. By enforcing immutable records and sharing security data across all the nodes in its network, blockchain technology is tamper-proof, redundant, and self-healing.
Through a process of continual reconciliation, autonomous consensus between fog nodes on a blockchain-protected security fabric secures the network when new or intermittently connected devices join it. The devices can also identify and isolate bad devices and applications infected with malware. This self-healing capability delivers the data integrity and redundancy that the IIoT needs to thrive. In addition, through this consensus, the more fog nodes added, the stronger the fabric gets, ensuring the secure storage, transmission, and analysis of data on a fog network.
For the IIoT to succeed, it requires a new model of defense. Centralized, top-down enterprise security is incapable of sufficiently protecting the billions of autonomous, interconnected, and heterogeneous devices and applications in use today. Industrial cybersecurity for this generation will need to protect data sharing, active cooperation, and control for devices, applications and people.
A blockchain-based security fabric comprehensively satisfies the challenging requirements of a global industrial IoT by promoting autonomous operation at all points. Because it’s redundant, tamper-proof, heterogeneous, peer-to-peer, and distributed, such a blockchain fabric provides the exact type of security needed to realize a truly powerful industrial IoT.
Susanto Irwan is the Co-Founder and Vice President of Engineering at Xage Inc. Prior to Xage, Susanto held senior engineering and product development roles at Shape Security and Arxan Technologies (acquired by TA Associates). Susanto has over 16 years of experience in security, from embedded systems to desktop, mobile, and web applications; from critical infrastructure systems to consumers. Susanto holds a Bachelor’s in Computer Science from Purdue University.