November 7, 2016

Top 5 Ways Fog Computing Can Make IoT More Secure


The October attack by 500,000 IoT devices that brought down the Dyn servers via a distributed-denial-of-service approach is the first of its kind, but it likely won’t be the last.  The billions of connected devices need to be protected – and to in turn protect – the systems to which they are connected.security-in-iot

IoT environments across a variety of industries – discrete and process manufacturing, power and energy, transportation, utilities and so on – are vast in scale, critical to our economic growth and stability.  Yet as we see, they remain extraordinarily vulnerable in a connected world.  Unlike traditional IT security breaches, cyber-attacks in the IoT world can harm valuable data, machines, devices, processes – and especially people.  Clearly, it’s time for a new approach.

Ushering in the fog computing era

Fog computing is a system-level horizontal architecture that distributes resources and services of computing and control, storage, and networking and communications closer to the data sources.  Through the fog-to-things continuum, fog computing can solve the bandwidth, latency and communications challenges associated with next generation networks that will utilize IoT, 5G and artificial intelligence.

Through this distributed architecture approach, it also is an ideal cybersecurity architecture.  Fog computing enables industrial enterprises to standardize on security architectures across IoT platforms, vendors and customers. By design, fog security accommodates the unique architectures and vulnerabilities of the IoT.  It operates in the cloud-to-things continuum, rather than at the perimeter, to offer distinct advantages.

Here are five fundamental ways that fog computing is making the IoT more secure:

  1. Fog is built from the ground up for cloud-to-thing IoT security, offering a new level of protection above and beyond IT security.How does fog computing resolve security issues for the IoT?  The common denominator is that fog computing enables a service continuum, bridging the gap between cloud and things.  It fills this gap by enabling the distribution of computing and control, storage, and networking functions closer to end-user devices (or “things”). This constitutes an entirely different premise than IT perimeter security:
    • Computing & Control: With fog, computing and control is carried out at or near the end-user device, as opposed to being stored in remote data centers or cellular core networks. In this distributed environment, threats or attacks need to get past fog nodes, which can quickly identify unusual activity and be mitigated before they are passed through to the system.
    • Data Storage: The same is true of Data Storage in the fog architecture. Data collected from or dispersed to end-user devices are managed and protected by the distributed infrastructure of secure fog nodes. Therefore, that data will be better protected than if stored in the user devices and more available than if maintained in remote data centers
    • Communication & Networking: With fog, communication and networking is carried out at (or near) the end-user device rather than routing all traffic through backbone networks. This also provides a privacy advantage. In some cases, such as deployments that implement the D2D wireless device standard, fog reduces the chances of eavesdropping by containing communication with systems in close proximity.
  2. Fog can protect even the smallest resource-constrained devices.Most IoT devices are small and designed to operate in environments with minimal resources.  These resource-constrained devices, which have little or no capability to defend themselves against sophiscated cyber attacks (such as the Dyn attack), can collaborate with a distributed multi-tiered network of fog nodes and cloud servers to achieve the necessary levels of protection according to the “defense-in-depth” doctrine.

    A thin software client that resides in the device is all that is needed to detect suspicious data in use or in transit. If the client or the upstream fog node detects unusual activity, the data in use or in transit will be flagged and contained. The suspicious data and the unusual activities can then be analyzed for security, privacy and availability breaches. In addition, a small sensor may be expected to operate five years or longer on its internal battery, and this may not provide enough energy for strong cryptography.  A nearby fog node can perform the more sophisticated security functions necessary for protection.

    As mentioned above, a distributed array of fog nodes can offer a more secure environment than individual resource-constrained devices for storing crucial or sensitive data.  For example, if a security video is stored inside an intelligent camera and the camera is stolen, the data likewise disappears.  If the video is stored in a physically secure and monitored fog node, that video is safe even if the camera is stolen.

  3. Fog can help keep security credentials and software up to date on a large number of devices to scale in global IoT environments.Requiring every device to connect to the cloud to update its credential and software, several times a day, is impractical.  But fog nodes are designed to be a distributed infrastructure for mananging security credentials on vast numbers of devices based on their applications and/or ownership simultaneously without downtime.
  4. Fog can monitor the security status of distributed systems in a scalable and trustworthy manner.In the IoT world, it is essential to be able to tell, in a trustworthy manner, whether a large number of distributed devices and systems are operating securely and safely.  Many of today’s hacks are designed to send status messages that make operations appear normal. Fog has the infrastructure to detect these types of attacks.
  5. Fog can provide real-time incident response services that enable IoT systems to respond to compromises/breaches without disruption of service.This is a particularly critical function in industries where IoT systems and processes provide the enterprises with mission-critical revenue generation.  Shutting down operations is simply not an option. Here are three examples:
    • A power generator infected by malware. Shutting down power generators can cause disruptions in the grid and power outages. Fog can help security respond while maintaining system uptime.
    • Downtime of Industrial Control Systems (ICS) in manufacturing operations. Manufacturers require uninterrupted processes, not just for revenue, but for safety reasons. Fog enables incident response without interruption.
    • A connected car infected with malware while in motion. As you can imagine, shutting down the engine is not an option when the car is on the highway. Fog allows for malware detection and problem resolution in transit.

 

The OpenFog Consortium is a global nonprofit formed to accelerate the adoption of fog computing in order to solve the bandwidth, latency, communications and security challenges associated with IoT, 5G and artificial intelligence.  Our work is centered around creating a framework for efficient and reliable networks and intelligent endpoints combined with identifiable, secure, and privacy-friendly information flows in the Cloud-to-Things continuum based on open standard technologies.  For more information, please contact us at info@OpenFogConsortium.org.