Edge applications are increasingly involved in data processing and analytics, leveraging machine learning (ML) algorithms that can enable internet of things (IoT) devices to make timely decisions and provide reliable services in a quasi-autonomous fashion. IoT edge devices require serious computing power to deliver on these intense demands. Michela Menting, cybersecurity applications research director at ABI Research, shares strategies for improving security for IoT edge device processors.
Because edge computing can involve highly sensitive data (regulated, proprietary, commercial, etc.), edge devices need to integrate security technologies that can guarantee a certain level of protection. Most importantly, a high level of security assurance is required to ensure that those edge compute platforms are operating confidentially and that the devices are reasonably protected from threat actors.
Protecting Edge Devices: Leveraging MCUs and MPUs
There are myriad ways to protect edge devices and their processes. A hardware-based security approach is typically preferred to a software-only approach. The advantage of IoT edge devices is that they have decent processing power and memory to run high-level security processes relatively easily.
IoT devices have varying levels of processing power: low-power devices tend to use microcontrollers (MCUs), while edge devices with more compute power often leverage microprocessors (MPUs) instead. Today, a growing class of IoT devices uses both MCUs and MPUs in a hybrid format. But for IoT edge specifically, MPUs are preferred for compute-intense applications.
There is currently a varied security choice within the MPU space, as much of the technology derived from general computing and mobile ecosystems is easily adapted to IoT edge devices. The trusted execution environment (TEE), in particular, is a mature and widely used technology in the smartphone space, having been leveraged for more than a decade to protect content and payment applications. As edge devices are typically embedded with similar compute capabilities as smartphones, TEEs are finding a fitting addressable market within the IoT edge ecosystem and, even beyond, into the cloud edge.
See More: Can the CxO Turn a Blind Eye to SSE (Security Service Edge)?
The security capabilities offered at the silicon and firmware level in edge devices are diverse. Through secure hardware (e.g., an embedded secure element or secure module), a root of trust can be integrated into the device, providing a trust anchor that can extend from the silicon right up to the cloud. They provide a trusted computing base from which various security functions can be enabled: securely booting up the device, executing secure applications, running a secure operating system (OS), enabling secure device lifecycle management, and connecting securely to ancillary cloud services and back-end infrastructure.
Processor-based Security Strategies for the Edge
Processor-based security features are generally enabled by integrating security IP blocks, which can offer programmable root of trust cores, physically unclonable functions (PUFs), random number generators (RNGs), unique IDs, secure sockets layer (SSL)/transport layer security (TLS) support, secure enclaves, cryptographic blocks, etc.
This richness of offerings at the processor level is a result of a dynamic vendor ecosystem focused on delivering trust and security to the edge IoT space, with myriad players from the embedded, mobile, and computing industries involved (see the table below), resulting in a highly competitive market.
| Silicon IP | MCU | MPU | AP/SoC/SoM | CPU |
| Arm, Kameleon Security, Rambus, RISC-V, Secure-IC, ProvenRun, Intrinsic ID, Synopsys, SiFive, Cadence Design Systems, Cycuity, PUFsecurity, Silex Insight | Infineon, Silicon Labs, NXP, Microchip, TI, Renesas, Espressif | NXP, STMicroelectronics, Microchip, Renesas | Qualcomm, Samsung, NVIDIA, MediaTek, TI, Marvell, Montage Technology, Nordic Semiconductor | AMD, Intel |
The dynamic vendor ecosystem of IoT edge security
Certainly, commercial solutions abound, but there is a nascent and vibrant open-source movement that is also evolving, especially with projects such as OpenTitan and RISC-V.
The increased choice on the market in security features for MPUs can serve to enable IoT original equipment manufacturers (OEMs) to create powerful and trusted OSs and applications and securely connect to cloud-based services. Many semiconductors today offer plug-and-play options for cloud IoT platforms as part of their development packages.
The leading hyperscalers all provide a security service for managing IoT edge devices; for example, Microsoft Azure IoT Edge with Security Manager, Google Cloud IoT Core with Device Security, AWS IoT Edge with Device Defender, and IBM Watson IoT with Edge Application Manager. These platforms enable enrollment and provisioning of device IDs, device authentication to the cloud for onboarding, and setting security and access policies for what is ultimately the secure lifecycle management of the IoT devices.
Today, edge devices with secure processor capabilities can cater to myriad different use cases in various markets where security is a critical requirement, from industrial and automotive to smart home and consumer. Key demands include vision-based applications (especially in automotive, but also for smart cities and spaces) to protect ML algorithms running inside, industrial equipment automation to secure the physical processes, and increasingly for consumer applications, from smart home appliances to wearable devices (including medical) for privacy purposes.
See More: The IoT Meets Process Control: Strategies for the Future
One aspect that is helping to underpin the advances in security for IoT edge devices is the growing body of policies, regulations, and standards. These, in turn, boost market developments around secure device manufacturing and lifecycle management. The priority is not just on ensuring the devices themselves can operate securely but that they can provide trusted computing that will protect data and secure processes at the IoT edge.
A Holistic Hardware-software-network Approach
IoT edge security is not necessarily delivered exclusively from a hardware perspective; there are numerous security technologies at the software, network, and cloud levels that also provide important protections. But the creation of a trusted ecosystem is much more difficult to achieve without embedding some form of hardware-based security in devices.
With the secure processor market maturing, costs and complexity are lower, making those technologies more accessible and easier to integrate into a growing number of applications. Standards and regulations help create a baseline that further facilitates interoperability and adoption. The secure processor market for IoT edge is clearly one that is progressing quickly and is set to bring great innovation to the table.
What strategies are you employing to improve IoT edge security? Tell us on Facebook, Twitter, and LinkedIn. We love it when you share with us!
Image Source: Shutterstock
MORE ON IOT EDGE
About Expert Contributors: The Expert Contributor program is designed to help kickstart meaningful conversations around the priorities and challenges most critical to C-level executives. The insights and perspectives will help CIOs tackle what’s most important to them. We are always looking for industry thinkers who can help set the narrative for our enterprise audience. To know more about this program, and submit your ideas, reach out to the Spiceworks News & Insights Editorial team at editorial-toolbox@ziffdavis.com.
