Data security construction based on edge computing

News 2023-06-12 02:40:58 views: null

1. Construction background

       With the popularization of edge computing and the support of 5G environment, more and more IoT devices and localized deployment forms used in user environments or remote facilities are deployed on the edge of enterprises, and enterprise security protection is facing continuous new challenges. Due to the characteristics of real-time, complexity, perception, and data heterogeneity in the edge computing service model, the privacy protection and data security mechanisms in the traditional cloud computing architecture cannot be fully applied. New scenarios such as home furnishing and autonomous driving continue to emerge, and issues such as data computing security, storage security, and sharing security have become more and more prominent. As a new form of technology, edge computing has typical security issues in information systems, as well as new security issues in new technologies, new services, and new scenarios.

       As an important supporting component in the Internet of Things architecture, edge computing expands cloud computing capabilities to the edge side closer to the terminal, realizes the sinking of computing services through the "cloud-edge-device" collaborative framework, and provides end-to-end cloud services. Reducing response time delays, reducing cloud pressure, reducing bandwidth costs, and providing cloud services such as network-wide scheduling and computing power distribution. Edge and fog are not simply extensions of the cloud. We need to re-examine their implementation principles, logical and physical changes, and additional security impacts.

"Cloud-Edge-End" Collaborative Framework

2. Risk analysis

       In recent years, Internet of Things data leakage incidents are common, and the main contradiction is the contradiction between the needs of industry data security construction and the unbalanced and insufficient development of businesses. The secondary contradiction is the contradiction between the rapid changes in the external environment and the lack of experience (knowledge) precipitation. That is, security cannot keep up with business, and capabilities cannot keep up with changes.

       In the actual application process of edge computing, private data is outsourced to edge servers, and data ownership and control are relatively separated. This phenomenon has caused managers to lose or weaken the ability to control the security of outsourced data. In addition, sensitive data stored externally faces risks such as data loss, data leakage, and illegal operations.

       Taking the "cloud-edge-device" architecture as an example, combined with business relationships and data flow, data security risks can be shown in the figure below.   

Data security risks under the "cloud-edge-end" collaborative framework

       In the process of data collection, there is a lack of authentication mechanism, and there are security risks such as illegal access and illegal operation.

       There is a lack of encryption and integrity verification mechanisms in the data transmission process, there are plaintext transmission phenomena, and there are risks of illegal sniffing and illegal tampering.

       During the data storage process, there is a phenomenon of plaintext storage, lack of technical protection measures such as access control and operation audit, data backup, and data isolation, and there are risks such as data being illegally tampered with or leaked.

       In the process of data use (sharing, exchange, etc.), there is a lack of auditing, access control, and data desensitization protection methods, and there are risks such as sensitive data leakage and data integrity damage.

       In basic management, there is a lack of long-term management and control mechanisms (such as lack of remote upgrades, security configuration management, etc.), resulting in weak security protection capabilities, resulting in security risks of data integrity, availability, and confidentiality being destroyed.

3. Construction structure

According to security risks, combined with the characteristics of edge computing, the data security construction architecture should have the following characteristics:

1. Adapt and adapt to edge computing network structure and business scenarios;

2. Whether the security function can be flexibly deployed to meet the security needs of different characteristics of the end, edge, and cloud;

3. Possess perfect monitoring and quick recovery capabilities from failures.

​Data Security Construction Architecture

        Some data security capabilities are introduced below.

        Data auditing suitable for edge computing should fully consider how to reduce performance loss while meeting high throughput requirements and low bandwidth costs, so as to achieve a dynamic balance between business and security. Compared with traditional database auditing, data auditing based on edge computing should be divided into client and server, which should be combined with node characteristics for targeted construction. The client is used to be deployed in the edge server. It has the characteristics of simple function, easy deployment, strong reliability, low power consumption, and high performance. The main functions may include traffic collection and filtering (using machine learning, policy management, etc. scenario), analysis (processing data behavior, reducing the depth of data audit content), processing, storage, and compression. On the basis of the client, the server emphasizes data aggregation, unified audit, and comprehensive management and control capabilities, such as data collection, audit management, visual management, policy delivery, remote upgrade, trusted management, node management and other functions.

        The implementation idea of ​​data access control in edge computing is roughly similar to that of data auditing. It combines the characteristics of different nodes of edge servers and cloud centers to implement targeted construction. Edge services emphasize simple functions, ease of use, reliability, low power consumption, and high performance. The cloud center emphasizes control, supervision, and long-term operation and maintenance.

       Lightweight trusted authentication for edge computing. At present, lightweight trust can be based on random number generators (pseudo-random number generators, true random number generators, etc.), secure encryption hardware (due to power consumption and size constraints, server-level encryption hardware solutions are not suitable for edge environments The secure encryption hardware suitable for the edge environment should be lightweight, low-power secure encryption hardware) or trustworthy authentication based on the trust evaluation model, such as the evaluation of the comprehensive trust value formed by combining direct trust and indirect trust model [1].

 

references:

[1] Zhao Guosheng, Wang Tiantian, Wang Jian. An evaluation model for dynamic trust degree of edge devices [J/OL]. Computer Engineering and Science. https://kns.cnki.net/kcms/detail/43.1258.tp.20210525.1340.002.html

Guess you like

Origin blog.csdn.net/a59a59/article/details/117423231
Recommended
Ranking
Business team with OKR removed a stumbling block on the road of success
Huihai Semiconductor Boost LED Constant Current Driver Chip H6911 Solution
Leetcode 128. Longest Consecutive Sequence (Hash + Optimization)
JVM学习笔记(六)JMM和Volatile
java review-Calendar class
LeetCode Brushing Diary Hash Table I
Spring Cloud Config uses SVN as configuration source
__enter __, __ exit__ difference
Remove null values in String array
Basic difference --- child burst suffix array yxs bare title board title monotonous simple application stack string study to understand problems
Daily
More
2024-07-29(0)
2024-07-28(0)
2024-07-27(0)
2024-07-26(0)
2024-07-25(0)
2024-07-24(0)
2024-07-23(0)
2024-07-22(0)
2024-07-21(0)
2024-07-20(0)

Code World

© 2018 codetd.com