Mobile Edge Computing, Fog et al.: A Survey and Analysis of Security Threats and Challenges (1602.00484v2)

Abstract: For various reasons, the cloud computing paradigm is unable to meet certain requirements (e.g. low latency and jitter, context awareness, mobility support) that are crucial for several applications (e.g. vehicular networks, augmented reality). To fulfil these requirements, various paradigms, such as fog computing, mobile edge computing, and mobile cloud computing, have emerged in recent years. While these edge paradigms share several features, most of the existing research is compartmentalised; no synergies have been explored. This is especially true in the field of security, where most analyses focus only on one edge paradigm, while ignoring the others. The main goal of this study is to holistically analyse the security threats, challenges, and mechanisms inherent in all edge paradigms, while highlighting potential synergies and venues of collaboration. In our results, we will show that all edge paradigms should consider the advances in other paradigms.

• The paper consolidates fragmented security analyses of mobile edge, fog, and cloud paradigms into a unified framework.
• It categorizes key threats—from DoS and MITM attacks to privilege escalation—while evaluating countermeasures like robust IDS and access control.
• The analysis underscores future research directions such as secure VM migration, privacy preservation, and AI-driven solutions for resilient edge defenses.

An Analysis of the Security Threats and Challenges in Mobile Edge Computing and Other Edge Paradigms

The proliferation of mobile and edge computing paradigms, including Fog Computing, Mobile Edge Computing (MEC), and Mobile Cloud Computing (MCC), underscores the ongoing demand for low-latency, context-aware, and geographically localized computational resources. The paper "Mobile Edge Computing, Fog et al.: A Survey and Analysis of Security Threats and Challenges" by Rodrigo Roman, Javier Lopez, and Masahiro Mambo, presents a comprehensive evaluation of the security threats and associated challenges inherent in these edge paradigms. This paper stands out for its holistic approach, consolidating the fragmented security analyses of different edge paradigms into a unified framework.

Overview and Motivation

The underpinning motivation for exploring edge paradigms lies in the limitations of centralized cloud computing in addressing latency-sensitive applications, such as vehicular networks and augmented reality. Edge paradigms attempt to resolve these issues by deploying cloud computing-like capabilities at the network edge, thus bringing computation, storage, and networking services closer to the end-users.

Security Threats and Challenges

One of the core contributions of this paper is the detailed exposition of security threats across different edge paradigms. These threats are categorized based on the target asset:

1. Network Infrastructure: The paper elaborates on denial of service (DoS), man-in-the-middle (MITM) attacks, and rogue gateways as the principal threats. These attacks can be exacerbated by the open and heterogeneous nature of edge infrastructures.
2. Edge Data Centers: Physical damage, privacy leakage, privilege escalation, and the emergence of rogue data centers are identified as significant threats. These risks are magnified by the potentially limited security expertise of administrators managing these edge data centers.
3. Core Infrastructures: Privacy leakage and manipulation of services within core infrastructures remain critical concerns, even when core infrastructures may not directly handle the entire spectrum of user data.
4. Virtualization Infrastructure: Key threats include denial of service, misuse of resources, privacy leakage, privilege escalation, and manipulation of virtual machines (VMs). The potential for VMs to act as vectors for attacks underlines the importance of robust hypervisor security and VM isolation.
5. User Devices: Devices can be compromised to inject false information and manipulate services, especially in collaborative scenarios involving user-owned edge data centers.

Security Mechanisms

The paper systematically discusses the security mechanisms necessary for mitigating the identified threats. These mechanisms include:

• Identity and Authentication: Solutions must support federated identity management and inter-field authentication, incorporating location-specific data where applicable.
• Access Control Systems: Fine-grained access control policies are paramount to ensure that only authorized entities can deploy and manage virtualized resources.
• Protocol and Network Security: Secure communications are crucial, necessitating the integration of Transport Layer Security (TLS) and virtual private network (VPN) solutions, alongside Network Function Virtualization (NFV) and Software-Defined Networking (SDN).
• Trust Management: The need for robust trust management systems is highlighted, supporting nuanced trust relationships between collaborating edge data centers and other entities.
• Intrusion Detection Systems (IDS): A multi-layered IDS is recommended, leveraging both edge and core insights to detect and thwart attacks.
• Privacy: The deployment of privacy-preserving mechanisms, including data anonymization and controlled information disclosure, is essential to protecting user data against honest-but-curious adversaries.
• Virtualization Security: Techniques such as secure VM migration, leveraging Virtual Trusted Platform Modules (vTPMs), and VM isolation are discussed as pivotal to maintaining the integrity of virtualized environments.

Implications and Future Directions

The security of edge paradigms is still nascent, and several areas require further exploration. The implications of successfully securing these infrastructures are substantial, promoting the adoption of edge computing in industries demanding stringent security guarantees. Future research should delve into resilience against sophisticated attacks, comprehensive forensic capabilities, and the secure integration of emerging technologies like AI to enhance the robustness of edge paradigms.

Conclusion

This paper provides a critical scaffold for assessing and enhancing the security posture of edge computing paradigms. By addressing the nuances of MEC, Fog Computing, and MCC, the authors offer actionable insights and pave the way for developing resilient and secure edge infrastructures. The multi-dimensional analysis and the synthesis of existing security strategies underscore the imperative of cross-paradigm learning and collaboration in fortifying the edge ecosystem against evolving threats.