Summary
Highlights
The speaker introduces Multi-access Edge Computing (MEC) as a paradigm where MEC servers are deployed near base stations to reduce latency for applications. MEC offers ultra-low latency, location awareness, in-proximity data outsourcing, improved capacity, higher bandwidth, and real-time responsiveness, enabling applications like video streaming, AR/VR, and tactile internet.
Edge Computing introduces more security threats due to its characteristics: weaker computation power compared to cloud servers, attack unawareness (many IoT devices lack user interfaces to signal attacks), heterogeneity in operating systems and protocols making unified protection difficult, and coarse-grained access control models not suited for complex edge applications. Notable real-world attacks like Mirai, IoT Reaper, and Hazami Botnets highlighted the vulnerabilities in 2016-2018.
Denial of Service (DoS) attacks aim to disrupt normal services by flooding servers with malicious packets or exploiting vulnerabilities. Edge servers are more susceptible due to their limited computational power. Flooding-based attacks include UDP, ICMP, SYN, Ping of Death, HTTP, and Slowloris flooding. Zero-day DoS attacks exploit unknown vulnerabilities causing memory corruption. Defense solutions focus on detecting flooding-based attacks at packet or statistical levels and identifying code-level vulnerabilities for zero-day attacks.
Side-channel attacks exploit publicly accessible information (communication signals, power consumption, smartphone sensors) to infer sensitive data. Attackers monitor traffic streams, power usage, or access smartphone data to extract private information. Defenses involve data perturbation techniques like K-anonymity and I-diversity, and restricting access to side-channel information through obfuscation or trusted execution environments.
Malware injection attacks involve inserting malicious code into computing systems. These can be server-side (SQL injection, XSS, CSRF, SSRF, XML signature wrapping) targeting edge servers or device-side targeting IoT devices (exploiting zero-day vulnerabilities or weak firmware updates). Defenses for server-side injections include code checking, static analysis, dynamic debugging, blackbox testing, and proxy filters. For device-side injections, research is ongoing with ideas like address space layout randomization and software symbiotic methods for intrusion detection.
Authentication verifies user identities, while authorization determines access rights. Attackers attempt to bypass these systems through dictionary/brute-force attacks, exploiting weaknesses in authentication protocols (e.g., WPA, TLS), or vulnerabilities in authorization protocols, leading to unauthorized access or overprivileged issues. Edge devices are particularly susceptible to weak credentials and wireless-based authentication protocol weaknesses due to their large number of subscribers and decentralized nature.
Edge computing utilizes low-profile devices and lightweight protocols, making it more vulnerable to DoS attacks compared to cloud computing with its heavy-bit protocols and robust resources. Side-channel attacks have a wider attack surface in edge computing due to wireless connections and easily accessible diverse side-channel information. Malware injection attacks in edge computing often target devices first due to their interconnected nature and easier compromise. Edge computing is more popular for dictionary attacks due to weak credentials and more susceptible to weaknesses in wireless authentication and complex authorization scenarios.
The root causes include protocol-level design flaws where security is often an afterthought, implementation-level flaws stemming from misunderstandings or inconsistencies during protocol migration, and code-level vulnerabilities due to thoughtless programming. Additionally, data correlation between sensitive and insensitive data can be exploited, and the lack of fine-grained access control in edge computing makes it an easy target for attacks like man-in-the-middle.