Security Must be Visible in the Fog
The benefits of cloud technologies are now clearly demonstrated across a range of industry sectors, most recently in broadcasting and pay TV. Without a doubt companies are yielding infrastructure cost savings and ubiquitous access to content, as well as accelerating deployment of new services.
But it has also become apparent that the cloud is not optimal for a range of emerging applications around the Internet of Things (IoT), especially in the home, because it is just not fast enough. Many IoT services involving control of sensors or diagnostic devices will be highly sensitive to latency, often involving repeated polling. They are also locally based, so that it makes little sense to host control and management of such IoT applications in a cloud that may be thousands of miles away from the home or premise they are serving.
This realization has led to the development of Fog Computing, in which cloud processing and, where relevant, data storage are distributed much closer to the user at the network edge, in order to keep latency within the tight budgets imposed by many potential IoT services. This can extend the cloud to the access network, a locally operated data center, or even a home gateway device. As this suggests, end points of a Fog network will embrace a wide range of devices, from server class environments to Wi-Fi Access Points and edge routers.
Unfortunately Fog will also introduce a number of new security threats, as well as extending the scope of existing ones. It has been demonstrated for example that some Fog deployments will create new vulnerabilities to traditional man-in-the-middle attacks.
The exact nature of such attacks would depend on factors such as whether the Fog network is terminated in the home or a public place such as a coffee shop. In the latter case there would be scope for setting up malicious access points that provide deceptive SSIDs (Service Set Identifiers), the headers identifying data packets in Wi-Fi networks. These would appear to users’ devices as legitimate public SSIDs and so enable their private communication to be intercepted without their knowing.
Fog-based IoT services could also be attacked by their own users, who might for example want to compromise or bypass a smart energy meter to reduce their electricity or gas bills. This is an example of a threat that arises under Fog but not in the cloud, exploiting the fact that resources may be in a physically insecure location.
There are also privacy issues given the amount of sensitive data that could be transmitted within services such as health care monitoring. Some of these issues would arise equally in the cloud, but again the distribution to the network edge extends the physical domain that needs protecting.
Fog then raises the bar for security on distributed implementations of IoT logic in some respects and may require more sophisticated application of existing techniques already used to counter threats in a pure managed cloud environment. This is something we have been actively engaged on at Verimatrix for some time when deploying distributed security implementations for pay-TV operators.
Our VCAS security deployments can exploit global connectivity and cloud management through our Verspective Intelligence Center, but there are also many benefits that can be obtained by maintaining business critical databases in a more localized environment. These include technical factors such as network latency and reliability, as well as political and regulatory issues relating to data location.
These are all factors that favor Fog Computing with its distributed model. The point is that Verimatrix architectures have been designed from the ground up to cater to a diverse range of network topologies and end points, including cloud and Fog. When VCAS is incorporated in a Fog infrastructure, we can address the threat models posed by this multi-layer environment through extensions to our existing set of solutions without needing a radical overhaul.
Check back often for more discussions on the development of security and the IoT space.