http://www.edgecomputingbook.com/api.php?action=feedcontributions&feedformat=atom&user=Ali+SiddiqiEdge Computing Wiki - User contributions [en-gb]2026-04-16T15:16:42ZUser contributionsMediaWiki 1.43.0http://www.edgecomputingbook.com/index.php?title=Chapter_6:_Edge_Security_and_Privacy&diff=691Chapter 6: Edge Security and Privacy2025-04-16T20:12:34Z<p>Ali Siddiqi: /* Malware Injection */</p>
<hr />
<div>==6. Edge Security and Privacy==<br />
<br />
==6.1 Overview of Security Challenges in Edge Computing==<br />
From previous chapters, Edge Computing has shown that it is here to stay and it will keep rapidly growing throughout the years. However, Edge Computing has its own security challenges that have to be addressed, because it is not a perfect system. Edge Computing has many security challenges that have to be dealt with in order to keep data safe. In this section, we will be talking about the different kinds of attacks that can happen on an Edge server or device, as how they are able to do this. <br />
<br />
==='''DDoS'''===<br />
''DDoS'' is a type of cyberattack in which an attacker aims to disrupt services provided by one or more servers based on distributed based on distributed resources such as a cluster of compromised Edge devices, which are also known as ''botnets''. <br />
<br />
''DDoS attacks'' occur when an attacker persistently sends streams of packets to a victim from compromised electronic devices, which causes the hardware resources of the victim to be quickly exhausted by handling these malicious packets and can no longer process any legitimate request on time. There are two kinds of DDoS attacks: Flooding-based and Zero-day DDoS attacks. <br />
<br />
[[File: DDoS-Botnet.png|300px]]<br />
<br />
''Flooding-based'' DDoS attacks are a type of of DDoS attacks aiming to shut down normal service of a server based on large amount of flooded malformed or malicious network packets and are mainly classified as UDP flooding, ICMP flooding, SYN flooding, ping of death (PoD), HTTP flooding, and Slowloris.<br />
<br />
[[File: UDPFLOODING.png|300px]]<br />
<br />
''Zero-Day'' DDoS attacks are when an attacker must find an unknown vulnerability in a piece of code running on the target Edge server or device, which can cause memory corruption and finally result in a service shutdown. For example, newly built Edge servers could have ''code vulnerabilities'', such as a hanging pointers or stack overflows, and an attacker can abuse those vulnerabilities in order to cause the Edge servers or devices to overload due to memory issues and shut down.<br />
<br />
[[File: ZeroDayDDoS.png|300px]]<br />
<br />
==='''Side-Channel Attacks'''===<br />
<br />
''Side-Channel Attacks'' happen when an attacker constantly obtains certain ''side-channel information'', like using public information that is not privately-sensitive for a user, from the target edge computing infrastructure and then feeds it into specific algorithms or machine learning models that outputs the desired sensitive information. There are three kinds of Side-Channel attacks: attacks exploiting communication channels, attacks exploiting power consumption, and attacks exploiting smartphone-based channels.<br />
<br />
*''Attacks exploiting communication channels'' are when an attacker can use a malicious node, that doesn't have to be an edge server or device, in order to exploit communication channels and uses the node to continuously sniff the network traces and wishes to extract sensitive information out of them. <br />
<br />
*''Attacks exploiting power consumption'' are when attackers use smart meters and oscilloscopes in order to measure the power consumption of a system since it carries information related to either the device that consumes the energy as different devices have different power. <br />
<br />
*''Attacks exploiting smartphone-based channels'' are when attackers exploit vulnerabilities using /proc and smartphone embedded sensors due to how sensors can leak information and send malware to the user that they can install but disguised as something important and attack /proc.<br />
<br />
[[File: sidechannelattack.png|300px]]<br />
<br />
==='''Malware Injection'''===<br />
<br />
''Malware Injection'' is when an attacker injects malicious code, or ''malware'', into edge devices or servers and is classified as either device-side or server-side injections. <br />
<br />
''Device-side injection'' is when an attacker injects the malware directly into IoT devices since IoT devices are highly heterogeneous, so an attacker can physically inject or use third-party malicious libraries that are powerful and less likely to get detected.<br />
<br />
''Server-side injections'' are separated into four types: SQL, XSS, CSRF and SSRF, and XML. <br />
<br />
*''SQL injection'' is a code injection technique that attackers can use in order to destroy back-end databases by using the SQL query and escape sequences to trick the server into thinking the code is valid.<br />
<br />
*''XSS injection'' is a client-side attack in which an attacker injects malicious code into data content, which can be accessed and executed automatically by the servers. <br />
<br />
*''CSRF injection'' is an attack in which an end user is forced to execute unwanted actions through Web applications and ''SSRF injection'' is an attack in which Edge servers are abused to read or alter the internal resources. <br />
<br />
*''XML injection'' is an attack which an attacker intercepts an XML message and edits with malicious code so that it is sent to the Edge servers using ''Simple Object Access Protocol'' (SOAP).<br />
<br />
[[File: SQLinjectionattack.png|300px]]<br />
<br />
==='''Authorization and Authentication Attacks'''===<br />
<br />
When these attacks happen, an attacker can bypass authentication processes and gain unauthorized access by using four techniques: dictionary attacks, attacks exploiting vulnerabilities in authorization protocols, attacks exploiting vulnerabilities in authorization protocols, and overprivileged attacks. <br />
<br />
*''Dictionary attack'' is when an attacker possesses a dictionary containing the most used credentials or passwords and inputs all possible entries in this dictionary in order to brute force a match. <br />
<br />
*''Attacks exploiting vulnerabilities in authorization protocols'' are when attackers look for design flaws in how authentication protocols are being used, like finding vulnerabilities in WPA2 or WPA3 protocols which can give an attacker messages that have encrypted information. They can also use 4G or 5G vulnerabilities in order to find a person's location and inject fabricated paging messages to mess with them and gain more information.<br />
<br />
*''Attacks exploiting vulnerabilities in authorization protocols'' are when attackers look for flaws in how authorization protocols are designed, such as an attacker using vulnerabilities in OAuth single sign-in which let them access victims personal information without authorization. <br />
<br />
*''Overprivileged attacks'' are when attackers are able to develop malicious apps that can do things that they do not have permission to do without needing to authenticate, such as changing door pins and setting off fire alarms in a house. <br />
<br />
[[File: dictionaryattack.png|300px]]<br />
<br />
==='''How are attackers able to perform these attacks?'''===<br />
<br />
Attackers are able to attack Edge devices or servers using different attack techniques, but it is more than just that. Attackers are able to abuse vulnerabilities and flaws in the Edge systems, specifically protocol-level design flaws, implementation-level flaws, code-level vulnerabilities, data correlations, and lacking in fine-grained access controls.<br />
<br />
*''Protocol-level design flaws'' are caused by many protocols edge computing having adopted design flaws due to their designers mainly focus on utility and user experience rather than not providing security as well. <br />
<br />
*''Implementation-level flaws'' are logic flaws that can cause security strength to decrease significantly after being proved that it was strictly secure on paper, because developers may misunderstand the foundations of the protocol and migrating a protocol from other platforms to the edge computing platform may cause adaptivity inconsistency. <br />
<br />
*''Code-level vulnerabilities'' can be system bugs that cause memory failure or corruptness, like stack or heap overflow, and can be caused when a person is programming millions of lines of code but leaves something like a dangling pointer. <br />
<br />
*''Data correlations'' is caused when there could be hidden correlations between sensitive and insensitive data that edge produces that might not be straightforward to notice, which an attack can abuse using side-channels. <br />
<br />
*''Lacking in fine-grained access controls'' means that Edge computing systems cannot implement fine-grained access controls, because it cannot be adapted to edge computing due to the more complex and fine-grained permissions scenarios, making it easier to attack edge systems.<br />
<br />
Overall, the Edge security challenges can be avoided if there was more attention to the potential vulnerabilities or flaws. In the next sections, the content that will be discussed is about data privacy on Edge systems, security protocols that Edge systems use to combat attacks on their systems, and real cases about actual security breaches that happened on the edge.<br />
<br />
==6.2 Data Privacy and Compliance in Edge Applications==<br />
<br />
===Privacy Issues in Fog Computing===<br />
<br />
====Attack Vectors====<br />
----<br />
Below are some of the major attack vectors that plague existing edge and fog networks.<br />
; Forgery<br />
:Forgery is a security threat where the attacker copies someone else's identities and behavior by producing fake information. This is a serious issue that degrades existing network resources for everyone in the network. <br />
;Tampering<br />
: Attackers alter data that is to be sent to other websites. This is difficult to detect since users in an edge environment are mobile and we can't differentiate if the data has been tampered with or anomalous behavior is due to packet loss. <br />
;Spam<br />
:Attackers send fake information that overwhelms the processing power of the edge devices. Similar to DoS, on a smaller scale.<br />
;Sybil<br />
:Attackers fake identity to control the performance of edge network. Falsifying their identity allows them to create fake crowdsensing reports, which affects the reliability of the whole network.<br />
;Jamming<br />
:Attackers generate large amounts of packets to jam transmission channels and occupy important resources<br />
;Eavesdropping<br />
:Attackers listen to confidential data of genuine users from transmission channel by pretending to be a part of the network<br />
; Man in the Middle (MITM)<br />
: MITM is a type of cyberattack where the attacker not only eavesdrops on communication between two devices, but also modifies the payload for destructive payloads.<br />
;Collusion<br />
:Multiple groups band together to mislead fog nodes<br />
;Impersonation<br />
:Attacker acts as real server to trick users to steal all their data <br />
;Virtual Machine Attack<br />
:Attackers take control of hypervisor for the virtual machine's VM<br />
;Side channel<br />
: Attackers brute force passwords to steal information being shared between two parties. Due to the poor resource availability of edge devices, there is a constraint on the use of computationally expensive hashing algorithms.<br />
; Session Hijacking<br />
: Attackers intercept and steal user session to get access to confidential data <br />
<br />
<br />
==== Privacy Issues in Fog Computing ====<br />
# User privacy<br />
## fog computing contains large number of IoT devices that are inter-connected via sensors <br />
## generated senesitive data and transmit to fog nodse for processing. This sensitive data includes personal information which can be stolen<br />
# Identity Privacy<br />
## ID of users is extremely vulnerable of getting disclosed while having auth to nodes including name, phone , address<br />
# Data Privacy<br />
## data can be exposed to network attacker who is trying to steam user's personal data from the transmission medium or relay nodes<br />
# Usage privacy<br />
## Pattern in which accesses services of fog computing <br />
## intruder knows when user is accessing the channel for data transmission and when he is not communicating<br />
## intruder attacks on user's confidential information or the channel<br />
# Location Privacy<br />
## location privacy helps attackers know the trajectory of the user<br />
# Network Privacy <br />
## wireless connections always at risk<br />
## maintenance of fog nodes is challenging since they are present at edge of internet<br />
## privacy breach is not difficult to occur<br />
<br />
=== Security and Privacy issues for edge computing===<br />
# nodes of edge connected to large number of IoT<br />
## these have limited resources <br />
## heterogeneous internal components<br />
## Key management for ensuring privacy of data is difficult<br />
<br />
==== Issues ====<br />
# Edge nodes are near to users which makes large amount of sensitive data, which might be stolen <br />
# Edge computing possess low network resources so doesn't support expensive encryption algos <br />
# Edge environment consists of dynamic env which is changing, which allows attackers multiple ways to join the network<br />
Also difficult to create securiy rules for a changing network<br />
<br />
==== Attacks ====<br />
; Eavesdropping: Monitor channel to steal data<br />
;# DoS<br />
: take control of network by sending fake requests<br />
;# DDoS<br />
: interrupt normal services provided by different servers<br />
;# Data Tampering<br />
: Attacker can alter the data transmitted over comm channel <br />
;False data injection<br />
:Attacker injects false code in network which brings all data to the attacker<br />
;Physical attack<br />
:Physical protection of edge infra is weak, which allows attackers to compromise the physical locations of edge devices.<br />
; Rogue gateway<br />
:inject large amounts of traffic into edge network infra, similar to MITM <br />
<br />
==== Privacy issues in edge computing =====<br />
# weak security techniques for system protection<br />
# unsafe communication between devices<br />
# difficult recovery and data backup<br />
# no specific pattern of update reception <br />
# lack of proper network visibility<br />
# lack of user's selective data collection<br />
<br />
==== Countermeasures for Fog Computing ====<br />
;Efficient encryption techniques<br />
:Allows for resource constrained edge devices to encrypt communcations with complex algorithms <br />
;Decoy technique<br />
:Authenticate data of user present the computing network by replacing original information with fake information that is provided to attackers<br />
When breached, the attackers find the decoy files <br />
;Intrusion detection system<br />
:Detect and protect from attacks including DoS, insider attackers, port scanning attacks, flooding attacks on virtual machine, MITM<br />
;Blockchain security for fog computing<br />
:Blockchain is a way to cryptographically ensure the validity of a system while simultaneously increasing it's security. Using blockchain for edge computing reduces single point failure, increases network security and helps with tracking node status effectively.<br />
<br />
==6.3 Security Protocols and Frameworks for Edge Systems==<br />
<br />
==6.4 Case Studies: Real-World Security Breaches==<br />
<br />
To further illustrate the edge computer security concepts, we will give a couple of short case studies where edge<br />
computing security plays a prevalent role, as well as some solutions:<br />
<br />
===Securing Egyptian VMSs Smart City Infrastructure===<br />
Over hundreds of thousands of these edge devices such as traffic sensors, surveillance cameras,<br />
smart lighting systems, and environmental monitors are deployed in an urban Smart City. We<br />
have on the `the city edge cloud' these instruments for real-time traffic flow management, public<br />
safety alarm, environmental monitoring with life supports among the green plants – in the area<br />
usually known as! This city suffered a massive blackout, when multiple traffic lights were compromised at the source which caused them to act irregularly: Not<br />
issuing signals, leading to gridlocks.<br />
====Challenges:====<br />
How were the traffic controllers found to be vulnerable? Meaning they hack the password hole<br />
punch so they can bypass the external username password and gain direct access to the temples<br />
of our data. Moreover, on some cameras, the public IP of that camera is exposed, making remote<br />
attack possible: it was obviously a disadvantage for them. The edge network stutters steps from<br />
one organization to the next, making it hard however much one tries to apply security policy<br />
uniformly, as whose department is solely responsible for a given thing?<br />
====Solutions Introduced:====<br />
;Net Separation<br />
: The city designed its infrastructure with isolation zones; meaning traffic<br />
systems are completely isolated from all other municipal services so if one zone is attacked all<br />
other zones of that type remain intact.<br />
;Password Overhaul<br />
: Each unit was provided with a complete rehash to change its default<br />
passwords and other weak credentials to hardened unique passwords. Remote administrative<br />
access was only accepted with Multi-Factor Authentication.<br />
;Embrace of a Zero Trust Model<br />
: In this city, we employed a robust, Zero Trust model. A<br />
central token service gives authorization to every device communication and does not assume<br />
the inherent trust of devices.<br />
;Firmware Handling<br />
: The OTA management system required by installation ensures known<br />
exploits like traffic light management are repaired when discovered. Firmware cannot be<br />
updated at weaker sites as the assumption is it is regularly updated.<br />
;AI-based IDS Deployment<br />
: An AI-based IDS at a traffic control center learns about every<br />
equipment normal behavior going on at this session (like how frequently commands are sent out<br />
for lighting systems) generate alerts, activate promise lockdowns any time an abnormal behavior<br />
appears Mechanisms for rapid dissemination throughout the city.<br />
==== Outcome:====<br />
As a result of the proactive settings, these attempts were quickly identified and contained, with a<br />
limited impact on operations. For example, a virus event that targeted digital kiosks was<br />
contained through micro-segmentation and AI detection mechanisms that quickly isolated and as<br />
such quarantined the attack. It led to enhanced overall resilience of this intelligent city — its<br />
citizens’ trust in IoT services is continually getting better.<br />
<br />
<br />
=== IIOT (INDUSTRIAL IOT) IN MANUFACTURING===<br />
The production floor of a manufacturing company has integrated an IIoT system that is edge-<br />
based. Sensors associated with the machinery connect to edge gateways that track the health of<br />
the equipment for predictive maintenance. One extreme incident involved the main assembly<br />
robot producing inaccurate sensor readings that were altered, driving the robot to malfunction<br />
and claim weeks of expensive downtime on production. This revealed the insertion of an<br />
unauthorized device, a small single-board computer that was disguised as a sensor node and<br />
which fed erroneous data back to the control system.<br />
====CHALLENGES:====<br />
Even though it was optimized for efficiency, the factory edge network didn't include a device<br />
authentication protocol; attackers could access new sensors without the need for tight controls.<br />
Ensuring up time and keeping operational was prioritized often at the expense of timely<br />
application of security updates. Moreover, the presence of devices from many vendors further<br />
complicated efforts to establish consistent security standards, and production engineers received<br />
little training in cybersecurity best practices.<br />
====SOLUTIONS IMPLEMENTED====<br />
To solve these problems, stringent onboarding procedures were put in place: each sensor or<br />
controller must now present a digital certificate signed by the organization before being allowed<br />
onto the network. Any unknown device attempting to gain access is rejected and notification<br />
alerts are immediately sent out to ensure the remedying of bogus sensors does not take place in<br />
future.<br />
Additionally, they created a blockchain ledger to monitor device identities and to log any<br />
configuration changes over time. Every new addition or firmware update triggers a blockchain<br />
transaction being recorded to guarantee the creation of an immutable audit trail that can be<br />
reviewed by IT as well as OT (operational technology) teams increasing trust and accountability<br />
between departments. They segmented their network by listener and gateway: your sensors only<br />
talk to local gateway, and then your gateway only talks to central controls understanding that if<br />
any one part is breached there are limitations to how much of your network is attacked. More<br />
importantly, they rolled out an AI-powered detection system that monitored sensor readings for<br />
abnormalities.<br />
For known rogue sensors where outputs were statistically different from expected machine<br />
behavior; it is likely that ML models would have picked up on this irregularity early enough to<br />
allow for preemptive safety shutters before doing damage.In addition, maintenance processes<br />
were revised to ensure that scheduled downtimes were regular intervals of time explicitly<br />
dedicated towards security (for example, patching software vulnerabilities and routine<br />
equipment calibration checks). Training of staff on basic cyber hygiene such as ensuring that a<br />
USB drive or laptop was validated before connecting it into the organization edge networks have<br />
reduced the threat of the organization network being infected by malware.<br />
====OUTCOME====<br />
Then after enhancements made at this facility had enabled quick identification of anomalies; The<br />
next, an internal attempt by someone trying to connect using unauthorized monitoring tools was<br />
quickly detected and blocked ensuring nothing could affect operations in our pursuit against<br />
cyber-physical threats going forward. This includes how to properly secure our edges given their<br />
unique properties tightly coupled with how data generation happens right at the host itself which<br />
underlines an edge rather than left assume by further maintaining data access principles and<br />
protocols as logs have significantly aided audits of compliance as well being fitted into our own<br />
investigation processes during incidents reducing times taken before identifying potential<br />
problems where an immutable changelog was adapted into the process itself. Key Takeaways –<br />
Smart cities & IIOT factories share common challenges yet demonstrate needs for customized<br />
solutions & technologies but also show similar trends including segmentation, authentication<br />
continuous supervision Reacting quickly overcoming new challenges through advanced<br />
technology tools - Artificial Intelligence& Blockchain technologies just to name a few.<br />
<br />
==Citations==<br />
Y. Xiao, Y. Jia, C. Liu, X. Cheng, J. Yu and W. Lv, "Edge Computing Security: State of the Art and Challenges," in Proceedings of the IEEE, vol. 107, no. 8, pp. 1608-1631, Aug. 2019, doi: 10.1109/JPROC.2019.2918437.<br />
keywords: {Edge computing;Servers;Task analysis;Security;Cloud computing;Mobile handsets;Computer science;Smart phones;Internet of Things;Network security;Data security;edge computing;Internet of Things;network security},</div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=Chapter_6:_Edge_Security_and_Privacy&diff=690Chapter 6: Edge Security and Privacy2025-04-16T20:11:29Z<p>Ali Siddiqi: /* Malware Injection */</p>
<hr />
<div>==6. Edge Security and Privacy==<br />
<br />
==6.1 Overview of Security Challenges in Edge Computing==<br />
From previous chapters, Edge Computing has shown that it is here to stay and it will keep rapidly growing throughout the years. However, Edge Computing has its own security challenges that have to be addressed, because it is not a perfect system. Edge Computing has many security challenges that have to be dealt with in order to keep data safe. In this section, we will be talking about the different kinds of attacks that can happen on an Edge server or device, as how they are able to do this. <br />
<br />
==='''DDoS'''===<br />
''DDoS'' is a type of cyberattack in which an attacker aims to disrupt services provided by one or more servers based on distributed based on distributed resources such as a cluster of compromised Edge devices, which are also known as ''botnets''. <br />
<br />
''DDoS attacks'' occur when an attacker persistently sends streams of packets to a victim from compromised electronic devices, which causes the hardware resources of the victim to be quickly exhausted by handling these malicious packets and can no longer process any legitimate request on time. There are two kinds of DDoS attacks: Flooding-based and Zero-day DDoS attacks. <br />
<br />
[[File: DDoS-Botnet.png|300px]]<br />
<br />
''Flooding-based'' DDoS attacks are a type of of DDoS attacks aiming to shut down normal service of a server based on large amount of flooded malformed or malicious network packets and are mainly classified as UDP flooding, ICMP flooding, SYN flooding, ping of death (PoD), HTTP flooding, and Slowloris.<br />
<br />
[[File: UDPFLOODING.png|300px]]<br />
<br />
''Zero-Day'' DDoS attacks are when an attacker must find an unknown vulnerability in a piece of code running on the target Edge server or device, which can cause memory corruption and finally result in a service shutdown. For example, newly built Edge servers could have ''code vulnerabilities'', such as a hanging pointers or stack overflows, and an attacker can abuse those vulnerabilities in order to cause the Edge servers or devices to overload due to memory issues and shut down.<br />
<br />
[[File: ZeroDayDDoS.png|300px]]<br />
<br />
==='''Side-Channel Attacks'''===<br />
<br />
''Side-Channel Attacks'' happen when an attacker constantly obtains certain ''side-channel information'', like using public information that is not privately-sensitive for a user, from the target edge computing infrastructure and then feeds it into specific algorithms or machine learning models that outputs the desired sensitive information. There are three kinds of Side-Channel attacks: attacks exploiting communication channels, attacks exploiting power consumption, and attacks exploiting smartphone-based channels.<br />
<br />
*''Attacks exploiting communication channels'' are when an attacker can use a malicious node, that doesn't have to be an edge server or device, in order to exploit communication channels and uses the node to continuously sniff the network traces and wishes to extract sensitive information out of them. <br />
<br />
*''Attacks exploiting power consumption'' are when attackers use smart meters and oscilloscopes in order to measure the power consumption of a system since it carries information related to either the device that consumes the energy as different devices have different power. <br />
<br />
*''Attacks exploiting smartphone-based channels'' are when attackers exploit vulnerabilities using /proc and smartphone embedded sensors due to how sensors can leak information and send malware to the user that they can install but disguised as something important and attack /proc.<br />
<br />
[[File: sidechannelattack.png|300px]]<br />
<br />
==='''Malware Injection'''===<br />
<br />
''Malware Injection'' is when an attacker injects malicious code, or ''malware'', into edge devices or servers and is classified as either device-side or server-side injections. <br />
<br />
''Device-side injection'' is when an attacker injects the malware directly into IoT devices since IoT devices are highly heterogeneous, so an attacker can physically inject or use third-party malicious libraries that are powerful and less likely to get detected.<br />
<br />
''Server-side injections'' are separated into four types: SQL, XSS, CSRF and SSRF, and XML. <br />
<br />
*''SQL injection'' is a code injection technique that attackers can use in order to destroy back-end databases by using the SQL query and escape sequences to trick the server into thinking the code is valid.<br />
<br />
*''XSS injection'' is a client-side attack in which an attacker injects malicious code into data content, which can be accessed and executed automatically by the servers. <br />
<br />
*''CSRF injection'' is an attack in which an end user is forced to execute unwanted actions through Web applications. <br />
*'SSRF injection'' is an attack in which Edge servers are abused to read or alter the internal resources. <br />
<br />
*''XML injection'' is an attack which an attacker intercepts an XML message and edits with malicious code so that it is sent to the Edge servers using ''Simple Object Access Protocol'' (SOAP).<br />
<br />
[[File: SQLinjectionattack.png|300px]]<br />
<br />
==='''Authorization and Authentication Attacks'''===<br />
<br />
When these attacks happen, an attacker can bypass authentication processes and gain unauthorized access by using four techniques: dictionary attacks, attacks exploiting vulnerabilities in authorization protocols, attacks exploiting vulnerabilities in authorization protocols, and overprivileged attacks. <br />
<br />
*''Dictionary attack'' is when an attacker possesses a dictionary containing the most used credentials or passwords and inputs all possible entries in this dictionary in order to brute force a match. <br />
<br />
*''Attacks exploiting vulnerabilities in authorization protocols'' are when attackers look for design flaws in how authentication protocols are being used, like finding vulnerabilities in WPA2 or WPA3 protocols which can give an attacker messages that have encrypted information. They can also use 4G or 5G vulnerabilities in order to find a person's location and inject fabricated paging messages to mess with them and gain more information.<br />
<br />
*''Attacks exploiting vulnerabilities in authorization protocols'' are when attackers look for flaws in how authorization protocols are designed, such as an attacker using vulnerabilities in OAuth single sign-in which let them access victims personal information without authorization. <br />
<br />
*''Overprivileged attacks'' are when attackers are able to develop malicious apps that can do things that they do not have permission to do without needing to authenticate, such as changing door pins and setting off fire alarms in a house. <br />
<br />
[[File: dictionaryattack.png|300px]]<br />
<br />
==='''How are attackers able to perform these attacks?'''===<br />
<br />
Attackers are able to attack Edge devices or servers using different attack techniques, but it is more than just that. Attackers are able to abuse vulnerabilities and flaws in the Edge systems, specifically protocol-level design flaws, implementation-level flaws, code-level vulnerabilities, data correlations, and lacking in fine-grained access controls.<br />
<br />
*''Protocol-level design flaws'' are caused by many protocols edge computing having adopted design flaws due to their designers mainly focus on utility and user experience rather than not providing security as well. <br />
<br />
*''Implementation-level flaws'' are logic flaws that can cause security strength to decrease significantly after being proved that it was strictly secure on paper, because developers may misunderstand the foundations of the protocol and migrating a protocol from other platforms to the edge computing platform may cause adaptivity inconsistency. <br />
<br />
*''Code-level vulnerabilities'' can be system bugs that cause memory failure or corruptness, like stack or heap overflow, and can be caused when a person is programming millions of lines of code but leaves something like a dangling pointer. <br />
<br />
*''Data correlations'' is caused when there could be hidden correlations between sensitive and insensitive data that edge produces that might not be straightforward to notice, which an attack can abuse using side-channels. <br />
<br />
*''Lacking in fine-grained access controls'' means that Edge computing systems cannot implement fine-grained access controls, because it cannot be adapted to edge computing due to the more complex and fine-grained permissions scenarios, making it easier to attack edge systems.<br />
<br />
Overall, the Edge security challenges can be avoided if there was more attention to the potential vulnerabilities or flaws. In the next sections, the content that will be discussed is about data privacy on Edge systems, security protocols that Edge systems use to combat attacks on their systems, and real cases about actual security breaches that happened on the edge.<br />
<br />
==6.2 Data Privacy and Compliance in Edge Applications==<br />
<br />
===Privacy Issues in Fog Computing===<br />
<br />
====Attack Vectors====<br />
----<br />
Below are some of the major attack vectors that plague existing edge and fog networks.<br />
; Forgery<br />
:Forgery is a security threat where the attacker copies someone else's identities and behavior by producing fake information. This is a serious issue that degrades existing network resources for everyone in the network. <br />
;Tampering<br />
: Attackers alter data that is to be sent to other websites. This is difficult to detect since users in an edge environment are mobile and we can't differentiate if the data has been tampered with or anomalous behavior is due to packet loss. <br />
;Spam<br />
:Attackers send fake information that overwhelms the processing power of the edge devices. Similar to DoS, on a smaller scale.<br />
;Sybil<br />
:Attackers fake identity to control the performance of edge network. Falsifying their identity allows them to create fake crowdsensing reports, which affects the reliability of the whole network.<br />
;Jamming<br />
:Attackers generate large amounts of packets to jam transmission channels and occupy important resources<br />
;Eavesdropping<br />
:Attackers listen to confidential data of genuine users from transmission channel by pretending to be a part of the network<br />
; Man in the Middle (MITM)<br />
: MITM is a type of cyberattack where the attacker not only eavesdrops on communication between two devices, but also modifies the payload for destructive payloads.<br />
;Collusion<br />
:Multiple groups band together to mislead fog nodes<br />
;Impersonation<br />
:Attacker acts as real server to trick users to steal all their data <br />
;Virtual Machine Attack<br />
:Attackers take control of hypervisor for the virtual machine's VM<br />
;Side channel<br />
: Attackers brute force passwords to steal information being shared between two parties. Due to the poor resource availability of edge devices, there is a constraint on the use of computationally expensive hashing algorithms.<br />
; Session Hijacking<br />
: Attackers intercept and steal user session to get access to confidential data <br />
<br />
<br />
==== Privacy Issues in Fog Computing ====<br />
# User privacy<br />
## fog computing contains large number of IoT devices that are inter-connected via sensors <br />
## generated senesitive data and transmit to fog nodse for processing. This sensitive data includes personal information which can be stolen<br />
# Identity Privacy<br />
## ID of users is extremely vulnerable of getting disclosed while having auth to nodes including name, phone , address<br />
# Data Privacy<br />
## data can be exposed to network attacker who is trying to steam user's personal data from the transmission medium or relay nodes<br />
# Usage privacy<br />
## Pattern in which accesses services of fog computing <br />
## intruder knows when user is accessing the channel for data transmission and when he is not communicating<br />
## intruder attacks on user's confidential information or the channel<br />
# Location Privacy<br />
## location privacy helps attackers know the trajectory of the user<br />
# Network Privacy <br />
## wireless connections always at risk<br />
## maintenance of fog nodes is challenging since they are present at edge of internet<br />
## privacy breach is not difficult to occur<br />
<br />
=== Security and Privacy issues for edge computing===<br />
# nodes of edge connected to large number of IoT<br />
## these have limited resources <br />
## heterogeneous internal components<br />
## Key management for ensuring privacy of data is difficult<br />
<br />
==== Issues ====<br />
# Edge nodes are near to users which makes large amount of sensitive data, which might be stolen <br />
# Edge computing possess low network resources so doesn't support expensive encryption algos <br />
# Edge environment consists of dynamic env which is changing, which allows attackers multiple ways to join the network<br />
Also difficult to create securiy rules for a changing network<br />
<br />
==== Attacks ====<br />
; Eavesdropping: Monitor channel to steal data<br />
;# DoS<br />
: take control of network by sending fake requests<br />
;# DDoS<br />
: interrupt normal services provided by different servers<br />
;# Data Tampering<br />
: Attacker can alter the data transmitted over comm channel <br />
;False data injection<br />
:Attacker injects false code in network which brings all data to the attacker<br />
;Physical attack<br />
:Physical protection of edge infra is weak, which allows attackers to compromise the physical locations of edge devices.<br />
; Rogue gateway<br />
:inject large amounts of traffic into edge network infra, similar to MITM <br />
<br />
==== Privacy issues in edge computing =====<br />
# weak security techniques for system protection<br />
# unsafe communication between devices<br />
# difficult recovery and data backup<br />
# no specific pattern of update reception <br />
# lack of proper network visibility<br />
# lack of user's selective data collection<br />
<br />
==== Countermeasures for Fog Computing ====<br />
;Efficient encryption techniques<br />
:Allows for resource constrained edge devices to encrypt communcations with complex algorithms <br />
;Decoy technique<br />
:Authenticate data of user present the computing network by replacing original information with fake information that is provided to attackers<br />
When breached, the attackers find the decoy files <br />
;Intrusion detection system<br />
:Detect and protect from attacks including DoS, insider attackers, port scanning attacks, flooding attacks on virtual machine, MITM<br />
;Blockchain security for fog computing<br />
:Blockchain is a way to cryptographically ensure the validity of a system while simultaneously increasing it's security. Using blockchain for edge computing reduces single point failure, increases network security and helps with tracking node status effectively.<br />
<br />
==6.3 Security Protocols and Frameworks for Edge Systems==<br />
<br />
==6.4 Case Studies: Real-World Security Breaches==<br />
<br />
To further illustrate the edge computer security concepts, we will give a couple of short case studies where edge<br />
computing security plays a prevalent role, as well as some solutions:<br />
<br />
===Securing Egyptian VMSs Smart City Infrastructure===<br />
Over hundreds of thousands of these edge devices such as traffic sensors, surveillance cameras,<br />
smart lighting systems, and environmental monitors are deployed in an urban Smart City. We<br />
have on the `the city edge cloud' these instruments for real-time traffic flow management, public<br />
safety alarm, environmental monitoring with life supports among the green plants – in the area<br />
usually known as! This city suffered a massive blackout, when multiple traffic lights were compromised at the source which caused them to act irregularly: Not<br />
issuing signals, leading to gridlocks.<br />
====Challenges:====<br />
How were the traffic controllers found to be vulnerable? Meaning they hack the password hole<br />
punch so they can bypass the external username password and gain direct access to the temples<br />
of our data. Moreover, on some cameras, the public IP of that camera is exposed, making remote<br />
attack possible: it was obviously a disadvantage for them. The edge network stutters steps from<br />
one organization to the next, making it hard however much one tries to apply security policy<br />
uniformly, as whose department is solely responsible for a given thing?<br />
====Solutions Introduced:====<br />
;Net Separation<br />
: The city designed its infrastructure with isolation zones; meaning traffic<br />
systems are completely isolated from all other municipal services so if one zone is attacked all<br />
other zones of that type remain intact.<br />
;Password Overhaul<br />
: Each unit was provided with a complete rehash to change its default<br />
passwords and other weak credentials to hardened unique passwords. Remote administrative<br />
access was only accepted with Multi-Factor Authentication.<br />
;Embrace of a Zero Trust Model<br />
: In this city, we employed a robust, Zero Trust model. A<br />
central token service gives authorization to every device communication and does not assume<br />
the inherent trust of devices.<br />
;Firmware Handling<br />
: The OTA management system required by installation ensures known<br />
exploits like traffic light management are repaired when discovered. Firmware cannot be<br />
updated at weaker sites as the assumption is it is regularly updated.<br />
;AI-based IDS Deployment<br />
: An AI-based IDS at a traffic control center learns about every<br />
equipment normal behavior going on at this session (like how frequently commands are sent out<br />
for lighting systems) generate alerts, activate promise lockdowns any time an abnormal behavior<br />
appears Mechanisms for rapid dissemination throughout the city.<br />
==== Outcome:====<br />
As a result of the proactive settings, these attempts were quickly identified and contained, with a<br />
limited impact on operations. For example, a virus event that targeted digital kiosks was<br />
contained through micro-segmentation and AI detection mechanisms that quickly isolated and as<br />
such quarantined the attack. It led to enhanced overall resilience of this intelligent city — its<br />
citizens’ trust in IoT services is continually getting better.<br />
<br />
<br />
=== IIOT (INDUSTRIAL IOT) IN MANUFACTURING===<br />
The production floor of a manufacturing company has integrated an IIoT system that is edge-<br />
based. Sensors associated with the machinery connect to edge gateways that track the health of<br />
the equipment for predictive maintenance. One extreme incident involved the main assembly<br />
robot producing inaccurate sensor readings that were altered, driving the robot to malfunction<br />
and claim weeks of expensive downtime on production. This revealed the insertion of an<br />
unauthorized device, a small single-board computer that was disguised as a sensor node and<br />
which fed erroneous data back to the control system.<br />
====CHALLENGES:====<br />
Even though it was optimized for efficiency, the factory edge network didn't include a device<br />
authentication protocol; attackers could access new sensors without the need for tight controls.<br />
Ensuring up time and keeping operational was prioritized often at the expense of timely<br />
application of security updates. Moreover, the presence of devices from many vendors further<br />
complicated efforts to establish consistent security standards, and production engineers received<br />
little training in cybersecurity best practices.<br />
====SOLUTIONS IMPLEMENTED====<br />
To solve these problems, stringent onboarding procedures were put in place: each sensor or<br />
controller must now present a digital certificate signed by the organization before being allowed<br />
onto the network. Any unknown device attempting to gain access is rejected and notification<br />
alerts are immediately sent out to ensure the remedying of bogus sensors does not take place in<br />
future.<br />
Additionally, they created a blockchain ledger to monitor device identities and to log any<br />
configuration changes over time. Every new addition or firmware update triggers a blockchain<br />
transaction being recorded to guarantee the creation of an immutable audit trail that can be<br />
reviewed by IT as well as OT (operational technology) teams increasing trust and accountability<br />
between departments. They segmented their network by listener and gateway: your sensors only<br />
talk to local gateway, and then your gateway only talks to central controls understanding that if<br />
any one part is breached there are limitations to how much of your network is attacked. More<br />
importantly, they rolled out an AI-powered detection system that monitored sensor readings for<br />
abnormalities.<br />
For known rogue sensors where outputs were statistically different from expected machine<br />
behavior; it is likely that ML models would have picked up on this irregularity early enough to<br />
allow for preemptive safety shutters before doing damage.In addition, maintenance processes<br />
were revised to ensure that scheduled downtimes were regular intervals of time explicitly<br />
dedicated towards security (for example, patching software vulnerabilities and routine<br />
equipment calibration checks). Training of staff on basic cyber hygiene such as ensuring that a<br />
USB drive or laptop was validated before connecting it into the organization edge networks have<br />
reduced the threat of the organization network being infected by malware.<br />
====OUTCOME====<br />
Then after enhancements made at this facility had enabled quick identification of anomalies; The<br />
next, an internal attempt by someone trying to connect using unauthorized monitoring tools was<br />
quickly detected and blocked ensuring nothing could affect operations in our pursuit against<br />
cyber-physical threats going forward. This includes how to properly secure our edges given their<br />
unique properties tightly coupled with how data generation happens right at the host itself which<br />
underlines an edge rather than left assume by further maintaining data access principles and<br />
protocols as logs have significantly aided audits of compliance as well being fitted into our own<br />
investigation processes during incidents reducing times taken before identifying potential<br />
problems where an immutable changelog was adapted into the process itself. Key Takeaways –<br />
Smart cities & IIOT factories share common challenges yet demonstrate needs for customized<br />
solutions & technologies but also show similar trends including segmentation, authentication<br />
continuous supervision Reacting quickly overcoming new challenges through advanced<br />
technology tools - Artificial Intelligence& Blockchain technologies just to name a few.<br />
<br />
==Citations==<br />
Y. Xiao, Y. Jia, C. Liu, X. Cheng, J. Yu and W. Lv, "Edge Computing Security: State of the Art and Challenges," in Proceedings of the IEEE, vol. 107, no. 8, pp. 1608-1631, Aug. 2019, doi: 10.1109/JPROC.2019.2918437.<br />
keywords: {Edge computing;Servers;Task analysis;Security;Cloud computing;Mobile handsets;Computer science;Smart phones;Internet of Things;Network security;Data security;edge computing;Internet of Things;network security},</div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=Chapter_6:_Edge_Security_and_Privacy&diff=689Chapter 6: Edge Security and Privacy2025-04-16T20:10:20Z<p>Ali Siddiqi: /* Malware Injection */</p>
<hr />
<div>==6. Edge Security and Privacy==<br />
<br />
==6.1 Overview of Security Challenges in Edge Computing==<br />
From previous chapters, Edge Computing has shown that it is here to stay and it will keep rapidly growing throughout the years. However, Edge Computing has its own security challenges that have to be addressed, because it is not a perfect system. Edge Computing has many security challenges that have to be dealt with in order to keep data safe. In this section, we will be talking about the different kinds of attacks that can happen on an Edge server or device, as how they are able to do this. <br />
<br />
==='''DDoS'''===<br />
''DDoS'' is a type of cyberattack in which an attacker aims to disrupt services provided by one or more servers based on distributed based on distributed resources such as a cluster of compromised Edge devices, which are also known as ''botnets''. <br />
<br />
''DDoS attacks'' occur when an attacker persistently sends streams of packets to a victim from compromised electronic devices, which causes the hardware resources of the victim to be quickly exhausted by handling these malicious packets and can no longer process any legitimate request on time. There are two kinds of DDoS attacks: Flooding-based and Zero-day DDoS attacks. <br />
<br />
[[File: DDoS-Botnet.png|300px]]<br />
<br />
''Flooding-based'' DDoS attacks are a type of of DDoS attacks aiming to shut down normal service of a server based on large amount of flooded malformed or malicious network packets and are mainly classified as UDP flooding, ICMP flooding, SYN flooding, ping of death (PoD), HTTP flooding, and Slowloris.<br />
<br />
[[File: UDPFLOODING.png|300px]]<br />
<br />
''Zero-Day'' DDoS attacks are when an attacker must find an unknown vulnerability in a piece of code running on the target Edge server or device, which can cause memory corruption and finally result in a service shutdown. For example, newly built Edge servers could have ''code vulnerabilities'', such as a hanging pointers or stack overflows, and an attacker can abuse those vulnerabilities in order to cause the Edge servers or devices to overload due to memory issues and shut down.<br />
<br />
[[File: ZeroDayDDoS.png|300px]]<br />
<br />
==='''Side-Channel Attacks'''===<br />
<br />
''Side-Channel Attacks'' happen when an attacker constantly obtains certain ''side-channel information'', like using public information that is not privately-sensitive for a user, from the target edge computing infrastructure and then feeds it into specific algorithms or machine learning models that outputs the desired sensitive information. There are three kinds of Side-Channel attacks: attacks exploiting communication channels, attacks exploiting power consumption, and attacks exploiting smartphone-based channels.<br />
<br />
*''Attacks exploiting communication channels'' are when an attacker can use a malicious node, that doesn't have to be an edge server or device, in order to exploit communication channels and uses the node to continuously sniff the network traces and wishes to extract sensitive information out of them. <br />
<br />
*''Attacks exploiting power consumption'' are when attackers use smart meters and oscilloscopes in order to measure the power consumption of a system since it carries information related to either the device that consumes the energy as different devices have different power. <br />
<br />
*''Attacks exploiting smartphone-based channels'' are when attackers exploit vulnerabilities using /proc and smartphone embedded sensors due to how sensors can leak information and send malware to the user that they can install but disguised as something important and attack /proc.<br />
<br />
[[File: sidechannelattack.png|300px]]<br />
<br />
==='''Malware Injection'''===<br />
<br />
''Malware Injection'' is when an attacker injects malicious code, or ''malware'', into edge devices or servers and is classified as either server-side or device-side injections. <br />
<br />
''Server-side injections'' are separated into four types: SQL, XSS, CSRF and SSRF, and XML. <br />
<br />
*''SQL injection'' is a code injection technique that attackers can use in order to destroy back-end databases by using the SQL query and escape sequences to trick the server into thinking the code is valid.<br />
<br />
*''XSS injection'' is a client-side attack in which an attacker injects malicious code into data content, which can be accessed and executed automatically by the servers. <br />
<br />
*''CSRF injection'' is an attack in which an end user is forced to execute unwanted actions through Web applications. <br />
*'SSRF injection'' is an attack in which Edge servers are abused to read or alter the internal resources. <br />
<br />
*''XML injection'' is an attack which an attacker intercepts an XML message and edits with malicious code so that it is sent to the Edge servers using ''Simple Object Access Protocol'' (SOAP).<br />
<br />
[[File: SQLinjectionattack.png|300px]]<br />
<br />
''Device-side injection'' is when an attacker injects the malware directly into IoT devices since IoT devices are highly heterogeneous, so an attacker can physically inject or use third-party malicious libraries that are powerful and less likely to get detected.<br />
<br />
==='''Authorization and Authentication Attacks'''===<br />
<br />
When these attacks happen, an attacker can bypass authentication processes and gain unauthorized access by using four techniques: dictionary attacks, attacks exploiting vulnerabilities in authorization protocols, attacks exploiting vulnerabilities in authorization protocols, and overprivileged attacks. <br />
<br />
*''Dictionary attack'' is when an attacker possesses a dictionary containing the most used credentials or passwords and inputs all possible entries in this dictionary in order to brute force a match. <br />
<br />
*''Attacks exploiting vulnerabilities in authorization protocols'' are when attackers look for design flaws in how authentication protocols are being used, like finding vulnerabilities in WPA2 or WPA3 protocols which can give an attacker messages that have encrypted information. They can also use 4G or 5G vulnerabilities in order to find a person's location and inject fabricated paging messages to mess with them and gain more information.<br />
<br />
*''Attacks exploiting vulnerabilities in authorization protocols'' are when attackers look for flaws in how authorization protocols are designed, such as an attacker using vulnerabilities in OAuth single sign-in which let them access victims personal information without authorization. <br />
<br />
*''Overprivileged attacks'' are when attackers are able to develop malicious apps that can do things that they do not have permission to do without needing to authenticate, such as changing door pins and setting off fire alarms in a house. <br />
<br />
[[File: dictionaryattack.png|300px]]<br />
<br />
==='''How are attackers able to perform these attacks?'''===<br />
<br />
Attackers are able to attack Edge devices or servers using different attack techniques, but it is more than just that. Attackers are able to abuse vulnerabilities and flaws in the Edge systems, specifically protocol-level design flaws, implementation-level flaws, code-level vulnerabilities, data correlations, and lacking in fine-grained access controls.<br />
<br />
*''Protocol-level design flaws'' are caused by many protocols edge computing having adopted design flaws due to their designers mainly focus on utility and user experience rather than not providing security as well. <br />
<br />
*''Implementation-level flaws'' are logic flaws that can cause security strength to decrease significantly after being proved that it was strictly secure on paper, because developers may misunderstand the foundations of the protocol and migrating a protocol from other platforms to the edge computing platform may cause adaptivity inconsistency. <br />
<br />
*''Code-level vulnerabilities'' can be system bugs that cause memory failure or corruptness, like stack or heap overflow, and can be caused when a person is programming millions of lines of code but leaves something like a dangling pointer. <br />
<br />
*''Data correlations'' is caused when there could be hidden correlations between sensitive and insensitive data that edge produces that might not be straightforward to notice, which an attack can abuse using side-channels. <br />
<br />
*''Lacking in fine-grained access controls'' means that Edge computing systems cannot implement fine-grained access controls, because it cannot be adapted to edge computing due to the more complex and fine-grained permissions scenarios, making it easier to attack edge systems.<br />
<br />
Overall, the Edge security challenges can be avoided if there was more attention to the potential vulnerabilities or flaws. In the next sections, the content that will be discussed is about data privacy on Edge systems, security protocols that Edge systems use to combat attacks on their systems, and real cases about actual security breaches that happened on the edge.<br />
<br />
==6.2 Data Privacy and Compliance in Edge Applications==<br />
<br />
===Privacy Issues in Fog Computing===<br />
<br />
====Attack Vectors====<br />
----<br />
Below are some of the major attack vectors that plague existing edge and fog networks.<br />
; Forgery<br />
:Forgery is a security threat where the attacker copies someone else's identities and behavior by producing fake information. This is a serious issue that degrades existing network resources for everyone in the network. <br />
;Tampering<br />
: Attackers alter data that is to be sent to other websites. This is difficult to detect since users in an edge environment are mobile and we can't differentiate if the data has been tampered with or anomalous behavior is due to packet loss. <br />
;Spam<br />
:Attackers send fake information that overwhelms the processing power of the edge devices. Similar to DoS, on a smaller scale.<br />
;Sybil<br />
:Attackers fake identity to control the performance of edge network. Falsifying their identity allows them to create fake crowdsensing reports, which affects the reliability of the whole network.<br />
;Jamming<br />
:Attackers generate large amounts of packets to jam transmission channels and occupy important resources<br />
;Eavesdropping<br />
:Attackers listen to confidential data of genuine users from transmission channel by pretending to be a part of the network<br />
; Man in the Middle (MITM)<br />
: MITM is a type of cyberattack where the attacker not only eavesdrops on communication between two devices, but also modifies the payload for destructive payloads.<br />
;Collusion<br />
:Multiple groups band together to mislead fog nodes<br />
;Impersonation<br />
:Attacker acts as real server to trick users to steal all their data <br />
;Virtual Machine Attack<br />
:Attackers take control of hypervisor for the virtual machine's VM<br />
;Side channel<br />
: Attackers brute force passwords to steal information being shared between two parties. Due to the poor resource availability of edge devices, there is a constraint on the use of computationally expensive hashing algorithms.<br />
; Session Hijacking<br />
: Attackers intercept and steal user session to get access to confidential data <br />
<br />
<br />
==== Privacy Issues in Fog Computing ====<br />
# User privacy<br />
## fog computing contains large number of IoT devices that are inter-connected via sensors <br />
## generated senesitive data and transmit to fog nodse for processing. This sensitive data includes personal information which can be stolen<br />
# Identity Privacy<br />
## ID of users is extremely vulnerable of getting disclosed while having auth to nodes including name, phone , address<br />
# Data Privacy<br />
## data can be exposed to network attacker who is trying to steam user's personal data from the transmission medium or relay nodes<br />
# Usage privacy<br />
## Pattern in which accesses services of fog computing <br />
## intruder knows when user is accessing the channel for data transmission and when he is not communicating<br />
## intruder attacks on user's confidential information or the channel<br />
# Location Privacy<br />
## location privacy helps attackers know the trajectory of the user<br />
# Network Privacy <br />
## wireless connections always at risk<br />
## maintenance of fog nodes is challenging since they are present at edge of internet<br />
## privacy breach is not difficult to occur<br />
<br />
=== Security and Privacy issues for edge computing===<br />
# nodes of edge connected to large number of IoT<br />
## these have limited resources <br />
## heterogeneous internal components<br />
## Key management for ensuring privacy of data is difficult<br />
<br />
==== Issues ====<br />
# Edge nodes are near to users which makes large amount of sensitive data, which might be stolen <br />
# Edge computing possess low network resources so doesn't support expensive encryption algos <br />
# Edge environment consists of dynamic env which is changing, which allows attackers multiple ways to join the network<br />
Also difficult to create securiy rules for a changing network<br />
<br />
==== Attacks ====<br />
; Eavesdropping: Monitor channel to steal data<br />
;# DoS<br />
: take control of network by sending fake requests<br />
;# DDoS<br />
: interrupt normal services provided by different servers<br />
;# Data Tampering<br />
: Attacker can alter the data transmitted over comm channel <br />
;False data injection<br />
:Attacker injects false code in network which brings all data to the attacker<br />
;Physical attack<br />
:Physical protection of edge infra is weak, which allows attackers to compromise the physical locations of edge devices.<br />
; Rogue gateway<br />
:inject large amounts of traffic into edge network infra, similar to MITM <br />
<br />
==== Privacy issues in edge computing =====<br />
# weak security techniques for system protection<br />
# unsafe communication between devices<br />
# difficult recovery and data backup<br />
# no specific pattern of update reception <br />
# lack of proper network visibility<br />
# lack of user's selective data collection<br />
<br />
==== Countermeasures for Fog Computing ====<br />
;Efficient encryption techniques<br />
:Allows for resource constrained edge devices to encrypt communcations with complex algorithms <br />
;Decoy technique<br />
:Authenticate data of user present the computing network by replacing original information with fake information that is provided to attackers<br />
When breached, the attackers find the decoy files <br />
;Intrusion detection system<br />
:Detect and protect from attacks including DoS, insider attackers, port scanning attacks, flooding attacks on virtual machine, MITM<br />
;Blockchain security for fog computing<br />
:Blockchain is a way to cryptographically ensure the validity of a system while simultaneously increasing it's security. Using blockchain for edge computing reduces single point failure, increases network security and helps with tracking node status effectively.<br />
<br />
==6.3 Security Protocols and Frameworks for Edge Systems==<br />
<br />
==6.4 Case Studies: Real-World Security Breaches==<br />
<br />
To further illustrate the edge computer security concepts, we will give a couple of short case studies where edge<br />
computing security plays a prevalent role, as well as some solutions:<br />
<br />
===Securing Egyptian VMSs Smart City Infrastructure===<br />
Over hundreds of thousands of these edge devices such as traffic sensors, surveillance cameras,<br />
smart lighting systems, and environmental monitors are deployed in an urban Smart City. We<br />
have on the `the city edge cloud' these instruments for real-time traffic flow management, public<br />
safety alarm, environmental monitoring with life supports among the green plants – in the area<br />
usually known as! This city suffered a massive blackout, when multiple traffic lights were compromised at the source which caused them to act irregularly: Not<br />
issuing signals, leading to gridlocks.<br />
====Challenges:====<br />
How were the traffic controllers found to be vulnerable? Meaning they hack the password hole<br />
punch so they can bypass the external username password and gain direct access to the temples<br />
of our data. Moreover, on some cameras, the public IP of that camera is exposed, making remote<br />
attack possible: it was obviously a disadvantage for them. The edge network stutters steps from<br />
one organization to the next, making it hard however much one tries to apply security policy<br />
uniformly, as whose department is solely responsible for a given thing?<br />
====Solutions Introduced:====<br />
;Net Separation<br />
: The city designed its infrastructure with isolation zones; meaning traffic<br />
systems are completely isolated from all other municipal services so if one zone is attacked all<br />
other zones of that type remain intact.<br />
;Password Overhaul<br />
: Each unit was provided with a complete rehash to change its default<br />
passwords and other weak credentials to hardened unique passwords. Remote administrative<br />
access was only accepted with Multi-Factor Authentication.<br />
;Embrace of a Zero Trust Model<br />
: In this city, we employed a robust, Zero Trust model. A<br />
central token service gives authorization to every device communication and does not assume<br />
the inherent trust of devices.<br />
;Firmware Handling<br />
: The OTA management system required by installation ensures known<br />
exploits like traffic light management are repaired when discovered. Firmware cannot be<br />
updated at weaker sites as the assumption is it is regularly updated.<br />
;AI-based IDS Deployment<br />
: An AI-based IDS at a traffic control center learns about every<br />
equipment normal behavior going on at this session (like how frequently commands are sent out<br />
for lighting systems) generate alerts, activate promise lockdowns any time an abnormal behavior<br />
appears Mechanisms for rapid dissemination throughout the city.<br />
==== Outcome:====<br />
As a result of the proactive settings, these attempts were quickly identified and contained, with a<br />
limited impact on operations. For example, a virus event that targeted digital kiosks was<br />
contained through micro-segmentation and AI detection mechanisms that quickly isolated and as<br />
such quarantined the attack. It led to enhanced overall resilience of this intelligent city — its<br />
citizens’ trust in IoT services is continually getting better.<br />
<br />
<br />
=== IIOT (INDUSTRIAL IOT) IN MANUFACTURING===<br />
The production floor of a manufacturing company has integrated an IIoT system that is edge-<br />
based. Sensors associated with the machinery connect to edge gateways that track the health of<br />
the equipment for predictive maintenance. One extreme incident involved the main assembly<br />
robot producing inaccurate sensor readings that were altered, driving the robot to malfunction<br />
and claim weeks of expensive downtime on production. This revealed the insertion of an<br />
unauthorized device, a small single-board computer that was disguised as a sensor node and<br />
which fed erroneous data back to the control system.<br />
====CHALLENGES:====<br />
Even though it was optimized for efficiency, the factory edge network didn't include a device<br />
authentication protocol; attackers could access new sensors without the need for tight controls.<br />
Ensuring up time and keeping operational was prioritized often at the expense of timely<br />
application of security updates. Moreover, the presence of devices from many vendors further<br />
complicated efforts to establish consistent security standards, and production engineers received<br />
little training in cybersecurity best practices.<br />
====SOLUTIONS IMPLEMENTED====<br />
To solve these problems, stringent onboarding procedures were put in place: each sensor or<br />
controller must now present a digital certificate signed by the organization before being allowed<br />
onto the network. Any unknown device attempting to gain access is rejected and notification<br />
alerts are immediately sent out to ensure the remedying of bogus sensors does not take place in<br />
future.<br />
Additionally, they created a blockchain ledger to monitor device identities and to log any<br />
configuration changes over time. Every new addition or firmware update triggers a blockchain<br />
transaction being recorded to guarantee the creation of an immutable audit trail that can be<br />
reviewed by IT as well as OT (operational technology) teams increasing trust and accountability<br />
between departments. They segmented their network by listener and gateway: your sensors only<br />
talk to local gateway, and then your gateway only talks to central controls understanding that if<br />
any one part is breached there are limitations to how much of your network is attacked. More<br />
importantly, they rolled out an AI-powered detection system that monitored sensor readings for<br />
abnormalities.<br />
For known rogue sensors where outputs were statistically different from expected machine<br />
behavior; it is likely that ML models would have picked up on this irregularity early enough to<br />
allow for preemptive safety shutters before doing damage.In addition, maintenance processes<br />
were revised to ensure that scheduled downtimes were regular intervals of time explicitly<br />
dedicated towards security (for example, patching software vulnerabilities and routine<br />
equipment calibration checks). Training of staff on basic cyber hygiene such as ensuring that a<br />
USB drive or laptop was validated before connecting it into the organization edge networks have<br />
reduced the threat of the organization network being infected by malware.<br />
====OUTCOME====<br />
Then after enhancements made at this facility had enabled quick identification of anomalies; The<br />
next, an internal attempt by someone trying to connect using unauthorized monitoring tools was<br />
quickly detected and blocked ensuring nothing could affect operations in our pursuit against<br />
cyber-physical threats going forward. This includes how to properly secure our edges given their<br />
unique properties tightly coupled with how data generation happens right at the host itself which<br />
underlines an edge rather than left assume by further maintaining data access principles and<br />
protocols as logs have significantly aided audits of compliance as well being fitted into our own<br />
investigation processes during incidents reducing times taken before identifying potential<br />
problems where an immutable changelog was adapted into the process itself. Key Takeaways –<br />
Smart cities & IIOT factories share common challenges yet demonstrate needs for customized<br />
solutions & technologies but also show similar trends including segmentation, authentication<br />
continuous supervision Reacting quickly overcoming new challenges through advanced<br />
technology tools - Artificial Intelligence& Blockchain technologies just to name a few.<br />
<br />
==Citations==<br />
Y. Xiao, Y. Jia, C. Liu, X. Cheng, J. Yu and W. Lv, "Edge Computing Security: State of the Art and Challenges," in Proceedings of the IEEE, vol. 107, no. 8, pp. 1608-1631, Aug. 2019, doi: 10.1109/JPROC.2019.2918437.<br />
keywords: {Edge computing;Servers;Task analysis;Security;Cloud computing;Mobile handsets;Computer science;Smart phones;Internet of Things;Network security;Data security;edge computing;Internet of Things;network security},</div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=Chapter_6:_Edge_Security_and_Privacy&diff=688Chapter 6: Edge Security and Privacy2025-04-16T20:09:28Z<p>Ali Siddiqi: </p>
<hr />
<div>==6. Edge Security and Privacy==<br />
<br />
==6.1 Overview of Security Challenges in Edge Computing==<br />
From previous chapters, Edge Computing has shown that it is here to stay and it will keep rapidly growing throughout the years. However, Edge Computing has its own security challenges that have to be addressed, because it is not a perfect system. Edge Computing has many security challenges that have to be dealt with in order to keep data safe. In this section, we will be talking about the different kinds of attacks that can happen on an Edge server or device, as how they are able to do this. <br />
<br />
==='''DDoS'''===<br />
''DDoS'' is a type of cyberattack in which an attacker aims to disrupt services provided by one or more servers based on distributed based on distributed resources such as a cluster of compromised Edge devices, which are also known as ''botnets''. <br />
<br />
''DDoS attacks'' occur when an attacker persistently sends streams of packets to a victim from compromised electronic devices, which causes the hardware resources of the victim to be quickly exhausted by handling these malicious packets and can no longer process any legitimate request on time. There are two kinds of DDoS attacks: Flooding-based and Zero-day DDoS attacks. <br />
<br />
[[File: DDoS-Botnet.png|300px]]<br />
<br />
''Flooding-based'' DDoS attacks are a type of of DDoS attacks aiming to shut down normal service of a server based on large amount of flooded malformed or malicious network packets and are mainly classified as UDP flooding, ICMP flooding, SYN flooding, ping of death (PoD), HTTP flooding, and Slowloris.<br />
<br />
[[File: UDPFLOODING.png|300px]]<br />
<br />
''Zero-Day'' DDoS attacks are when an attacker must find an unknown vulnerability in a piece of code running on the target Edge server or device, which can cause memory corruption and finally result in a service shutdown. For example, newly built Edge servers could have ''code vulnerabilities'', such as a hanging pointers or stack overflows, and an attacker can abuse those vulnerabilities in order to cause the Edge servers or devices to overload due to memory issues and shut down.<br />
<br />
[[File: ZeroDayDDoS.png|300px]]<br />
<br />
==='''Side-Channel Attacks'''===<br />
<br />
''Side-Channel Attacks'' happen when an attacker constantly obtains certain ''side-channel information'', like using public information that is not privately-sensitive for a user, from the target edge computing infrastructure and then feeds it into specific algorithms or machine learning models that outputs the desired sensitive information. There are three kinds of Side-Channel attacks: attacks exploiting communication channels, attacks exploiting power consumption, and attacks exploiting smartphone-based channels.<br />
<br />
*''Attacks exploiting communication channels'' are when an attacker can use a malicious node, that doesn't have to be an edge server or device, in order to exploit communication channels and uses the node to continuously sniff the network traces and wishes to extract sensitive information out of them. <br />
<br />
*''Attacks exploiting power consumption'' are when attackers use smart meters and oscilloscopes in order to measure the power consumption of a system since it carries information related to either the device that consumes the energy as different devices have different power. <br />
<br />
*''Attacks exploiting smartphone-based channels'' are when attackers exploit vulnerabilities using /proc and smartphone embedded sensors due to how sensors can leak information and send malware to the user that they can install but disguised as something important and attack /proc.<br />
<br />
[[File: sidechannelattack.png|300px]]<br />
<br />
==='''Malware Injection'''===<br />
<br />
''Malware Injection'' is when an attacker injects malicious code, or ''malware'', into edge devices or servers and is classified as either server-side or device-side injections. <br />
<br />
''Server-side injections'' are separated into four types: SQL, XSS, CSRF and SSRF, and XML. <br />
<br />
*''SQL injection'' is a code injection technique that attackers can use in order to destroy back-end databases by using the SQL query and escape sequences to trick the server into thinking the code is valid.<br />
<br />
*''XSS injection'' is a client-side attack in which an attacker injects malicious code into data content, which can be accessed and executed automatically by the servers. <br />
<br />
*''CSRF injection'' is an attack in which an end user is forced to execute unwanted actions through Web applications. <br />
*'SSRF injection'' is an attack in which Edge servers are abused to read or alter the internal resources. <br />
<br />
*''XML injection'' is an attack which an attacker intercepts an XML message and edits with malicious code so that it is sent to the Edge servers using ''Simple Object Access Protocol'' (SOAP).<br />
<br />
''Device-side injection'' is when an attacker injects the malware directly into IoT devices since IoT devices are highly heterogeneous, so an attacker can physically inject or use third-party malicious libraries that are powerful and less likely to get detected.<br />
<br />
[[File: SQLinjectionattack.png|300px]]<br />
<br />
==='''Authorization and Authentication Attacks'''===<br />
<br />
When these attacks happen, an attacker can bypass authentication processes and gain unauthorized access by using four techniques: dictionary attacks, attacks exploiting vulnerabilities in authorization protocols, attacks exploiting vulnerabilities in authorization protocols, and overprivileged attacks. <br />
<br />
*''Dictionary attack'' is when an attacker possesses a dictionary containing the most used credentials or passwords and inputs all possible entries in this dictionary in order to brute force a match. <br />
<br />
*''Attacks exploiting vulnerabilities in authorization protocols'' are when attackers look for design flaws in how authentication protocols are being used, like finding vulnerabilities in WPA2 or WPA3 protocols which can give an attacker messages that have encrypted information. They can also use 4G or 5G vulnerabilities in order to find a person's location and inject fabricated paging messages to mess with them and gain more information.<br />
<br />
*''Attacks exploiting vulnerabilities in authorization protocols'' are when attackers look for flaws in how authorization protocols are designed, such as an attacker using vulnerabilities in OAuth single sign-in which let them access victims personal information without authorization. <br />
<br />
*''Overprivileged attacks'' are when attackers are able to develop malicious apps that can do things that they do not have permission to do without needing to authenticate, such as changing door pins and setting off fire alarms in a house. <br />
<br />
[[File: dictionaryattack.png|300px]]<br />
<br />
==='''How are attackers able to perform these attacks?'''===<br />
<br />
Attackers are able to attack Edge devices or servers using different attack techniques, but it is more than just that. Attackers are able to abuse vulnerabilities and flaws in the Edge systems, specifically protocol-level design flaws, implementation-level flaws, code-level vulnerabilities, data correlations, and lacking in fine-grained access controls.<br />
<br />
*''Protocol-level design flaws'' are caused by many protocols edge computing having adopted design flaws due to their designers mainly focus on utility and user experience rather than not providing security as well. <br />
<br />
*''Implementation-level flaws'' are logic flaws that can cause security strength to decrease significantly after being proved that it was strictly secure on paper, because developers may misunderstand the foundations of the protocol and migrating a protocol from other platforms to the edge computing platform may cause adaptivity inconsistency. <br />
<br />
*''Code-level vulnerabilities'' can be system bugs that cause memory failure or corruptness, like stack or heap overflow, and can be caused when a person is programming millions of lines of code but leaves something like a dangling pointer. <br />
<br />
*''Data correlations'' is caused when there could be hidden correlations between sensitive and insensitive data that edge produces that might not be straightforward to notice, which an attack can abuse using side-channels. <br />
<br />
*''Lacking in fine-grained access controls'' means that Edge computing systems cannot implement fine-grained access controls, because it cannot be adapted to edge computing due to the more complex and fine-grained permissions scenarios, making it easier to attack edge systems.<br />
<br />
Overall, the Edge security challenges can be avoided if there was more attention to the potential vulnerabilities or flaws. In the next sections, the content that will be discussed is about data privacy on Edge systems, security protocols that Edge systems use to combat attacks on their systems, and real cases about actual security breaches that happened on the edge.<br />
<br />
==6.2 Data Privacy and Compliance in Edge Applications==<br />
<br />
===Privacy Issues in Fog Computing===<br />
<br />
====Attack Vectors====<br />
----<br />
Below are some of the major attack vectors that plague existing edge and fog networks.<br />
; Forgery<br />
:Forgery is a security threat where the attacker copies someone else's identities and behavior by producing fake information. This is a serious issue that degrades existing network resources for everyone in the network. <br />
;Tampering<br />
: Attackers alter data that is to be sent to other websites. This is difficult to detect since users in an edge environment are mobile and we can't differentiate if the data has been tampered with or anomalous behavior is due to packet loss. <br />
;Spam<br />
:Attackers send fake information that overwhelms the processing power of the edge devices. Similar to DoS, on a smaller scale.<br />
;Sybil<br />
:Attackers fake identity to control the performance of edge network. Falsifying their identity allows them to create fake crowdsensing reports, which affects the reliability of the whole network.<br />
;Jamming<br />
:Attackers generate large amounts of packets to jam transmission channels and occupy important resources<br />
;Eavesdropping<br />
:Attackers listen to confidential data of genuine users from transmission channel by pretending to be a part of the network<br />
; Man in the Middle (MITM)<br />
: MITM is a type of cyberattack where the attacker not only eavesdrops on communication between two devices, but also modifies the payload for destructive payloads.<br />
;Collusion<br />
:Multiple groups band together to mislead fog nodes<br />
;Impersonation<br />
:Attacker acts as real server to trick users to steal all their data <br />
;Virtual Machine Attack<br />
:Attackers take control of hypervisor for the virtual machine's VM<br />
;Side channel<br />
: Attackers brute force passwords to steal information being shared between two parties. Due to the poor resource availability of edge devices, there is a constraint on the use of computationally expensive hashing algorithms.<br />
; Session Hijacking<br />
: Attackers intercept and steal user session to get access to confidential data <br />
<br />
<br />
==== Privacy Issues in Fog Computing ====<br />
# User privacy<br />
## fog computing contains large number of IoT devices that are inter-connected via sensors <br />
## generated senesitive data and transmit to fog nodse for processing. This sensitive data includes personal information which can be stolen<br />
# Identity Privacy<br />
## ID of users is extremely vulnerable of getting disclosed while having auth to nodes including name, phone , address<br />
# Data Privacy<br />
## data can be exposed to network attacker who is trying to steam user's personal data from the transmission medium or relay nodes<br />
# Usage privacy<br />
## Pattern in which accesses services of fog computing <br />
## intruder knows when user is accessing the channel for data transmission and when he is not communicating<br />
## intruder attacks on user's confidential information or the channel<br />
# Location Privacy<br />
## location privacy helps attackers know the trajectory of the user<br />
# Network Privacy <br />
## wireless connections always at risk<br />
## maintenance of fog nodes is challenging since they are present at edge of internet<br />
## privacy breach is not difficult to occur<br />
<br />
=== Security and Privacy issues for edge computing===<br />
# nodes of edge connected to large number of IoT<br />
## these have limited resources <br />
## heterogeneous internal components<br />
## Key management for ensuring privacy of data is difficult<br />
<br />
==== Issues ====<br />
# Edge nodes are near to users which makes large amount of sensitive data, which might be stolen <br />
# Edge computing possess low network resources so doesn't support expensive encryption algos <br />
# Edge environment consists of dynamic env which is changing, which allows attackers multiple ways to join the network<br />
Also difficult to create securiy rules for a changing network<br />
<br />
==== Attacks ====<br />
; Eavesdropping: Monitor channel to steal data<br />
;# DoS<br />
: take control of network by sending fake requests<br />
;# DDoS<br />
: interrupt normal services provided by different servers<br />
;# Data Tampering<br />
: Attacker can alter the data transmitted over comm channel <br />
;False data injection<br />
:Attacker injects false code in network which brings all data to the attacker<br />
;Physical attack<br />
:Physical protection of edge infra is weak, which allows attackers to compromise the physical locations of edge devices.<br />
; Rogue gateway<br />
:inject large amounts of traffic into edge network infra, similar to MITM <br />
<br />
==== Privacy issues in edge computing =====<br />
# weak security techniques for system protection<br />
# unsafe communication between devices<br />
# difficult recovery and data backup<br />
# no specific pattern of update reception <br />
# lack of proper network visibility<br />
# lack of user's selective data collection<br />
<br />
==== Countermeasures for Fog Computing ====<br />
;Efficient encryption techniques<br />
:Allows for resource constrained edge devices to encrypt communcations with complex algorithms <br />
;Decoy technique<br />
:Authenticate data of user present the computing network by replacing original information with fake information that is provided to attackers<br />
When breached, the attackers find the decoy files <br />
;Intrusion detection system<br />
:Detect and protect from attacks including DoS, insider attackers, port scanning attacks, flooding attacks on virtual machine, MITM<br />
;Blockchain security for fog computing<br />
:Blockchain is a way to cryptographically ensure the validity of a system while simultaneously increasing it's security. Using blockchain for edge computing reduces single point failure, increases network security and helps with tracking node status effectively.<br />
<br />
==6.3 Security Protocols and Frameworks for Edge Systems==<br />
<br />
==6.4 Case Studies: Real-World Security Breaches==<br />
<br />
To further illustrate the edge computer security concepts, we will give a couple of short case studies where edge<br />
computing security plays a prevalent role, as well as some solutions:<br />
<br />
===Securing Egyptian VMSs Smart City Infrastructure===<br />
Over hundreds of thousands of these edge devices such as traffic sensors, surveillance cameras,<br />
smart lighting systems, and environmental monitors are deployed in an urban Smart City. We<br />
have on the `the city edge cloud' these instruments for real-time traffic flow management, public<br />
safety alarm, environmental monitoring with life supports among the green plants – in the area<br />
usually known as! This city suffered a massive blackout, when multiple traffic lights were compromised at the source which caused them to act irregularly: Not<br />
issuing signals, leading to gridlocks.<br />
====Challenges:====<br />
How were the traffic controllers found to be vulnerable? Meaning they hack the password hole<br />
punch so they can bypass the external username password and gain direct access to the temples<br />
of our data. Moreover, on some cameras, the public IP of that camera is exposed, making remote<br />
attack possible: it was obviously a disadvantage for them. The edge network stutters steps from<br />
one organization to the next, making it hard however much one tries to apply security policy<br />
uniformly, as whose department is solely responsible for a given thing?<br />
====Solutions Introduced:====<br />
;Net Separation<br />
: The city designed its infrastructure with isolation zones; meaning traffic<br />
systems are completely isolated from all other municipal services so if one zone is attacked all<br />
other zones of that type remain intact.<br />
;Password Overhaul<br />
: Each unit was provided with a complete rehash to change its default<br />
passwords and other weak credentials to hardened unique passwords. Remote administrative<br />
access was only accepted with Multi-Factor Authentication.<br />
;Embrace of a Zero Trust Model<br />
: In this city, we employed a robust, Zero Trust model. A<br />
central token service gives authorization to every device communication and does not assume<br />
the inherent trust of devices.<br />
;Firmware Handling<br />
: The OTA management system required by installation ensures known<br />
exploits like traffic light management are repaired when discovered. Firmware cannot be<br />
updated at weaker sites as the assumption is it is regularly updated.<br />
;AI-based IDS Deployment<br />
: An AI-based IDS at a traffic control center learns about every<br />
equipment normal behavior going on at this session (like how frequently commands are sent out<br />
for lighting systems) generate alerts, activate promise lockdowns any time an abnormal behavior<br />
appears Mechanisms for rapid dissemination throughout the city.<br />
==== Outcome:====<br />
As a result of the proactive settings, these attempts were quickly identified and contained, with a<br />
limited impact on operations. For example, a virus event that targeted digital kiosks was<br />
contained through micro-segmentation and AI detection mechanisms that quickly isolated and as<br />
such quarantined the attack. It led to enhanced overall resilience of this intelligent city — its<br />
citizens’ trust in IoT services is continually getting better.<br />
<br />
<br />
=== IIOT (INDUSTRIAL IOT) IN MANUFACTURING===<br />
The production floor of a manufacturing company has integrated an IIoT system that is edge-<br />
based. Sensors associated with the machinery connect to edge gateways that track the health of<br />
the equipment for predictive maintenance. One extreme incident involved the main assembly<br />
robot producing inaccurate sensor readings that were altered, driving the robot to malfunction<br />
and claim weeks of expensive downtime on production. This revealed the insertion of an<br />
unauthorized device, a small single-board computer that was disguised as a sensor node and<br />
which fed erroneous data back to the control system.<br />
====CHALLENGES:====<br />
Even though it was optimized for efficiency, the factory edge network didn't include a device<br />
authentication protocol; attackers could access new sensors without the need for tight controls.<br />
Ensuring up time and keeping operational was prioritized often at the expense of timely<br />
application of security updates. Moreover, the presence of devices from many vendors further<br />
complicated efforts to establish consistent security standards, and production engineers received<br />
little training in cybersecurity best practices.<br />
====SOLUTIONS IMPLEMENTED====<br />
To solve these problems, stringent onboarding procedures were put in place: each sensor or<br />
controller must now present a digital certificate signed by the organization before being allowed<br />
onto the network. Any unknown device attempting to gain access is rejected and notification<br />
alerts are immediately sent out to ensure the remedying of bogus sensors does not take place in<br />
future.<br />
Additionally, they created a blockchain ledger to monitor device identities and to log any<br />
configuration changes over time. Every new addition or firmware update triggers a blockchain<br />
transaction being recorded to guarantee the creation of an immutable audit trail that can be<br />
reviewed by IT as well as OT (operational technology) teams increasing trust and accountability<br />
between departments. They segmented their network by listener and gateway: your sensors only<br />
talk to local gateway, and then your gateway only talks to central controls understanding that if<br />
any one part is breached there are limitations to how much of your network is attacked. More<br />
importantly, they rolled out an AI-powered detection system that monitored sensor readings for<br />
abnormalities.<br />
For known rogue sensors where outputs were statistically different from expected machine<br />
behavior; it is likely that ML models would have picked up on this irregularity early enough to<br />
allow for preemptive safety shutters before doing damage.In addition, maintenance processes<br />
were revised to ensure that scheduled downtimes were regular intervals of time explicitly<br />
dedicated towards security (for example, patching software vulnerabilities and routine<br />
equipment calibration checks). Training of staff on basic cyber hygiene such as ensuring that a<br />
USB drive or laptop was validated before connecting it into the organization edge networks have<br />
reduced the threat of the organization network being infected by malware.<br />
====OUTCOME====<br />
Then after enhancements made at this facility had enabled quick identification of anomalies; The<br />
next, an internal attempt by someone trying to connect using unauthorized monitoring tools was<br />
quickly detected and blocked ensuring nothing could affect operations in our pursuit against<br />
cyber-physical threats going forward. This includes how to properly secure our edges given their<br />
unique properties tightly coupled with how data generation happens right at the host itself which<br />
underlines an edge rather than left assume by further maintaining data access principles and<br />
protocols as logs have significantly aided audits of compliance as well being fitted into our own<br />
investigation processes during incidents reducing times taken before identifying potential<br />
problems where an immutable changelog was adapted into the process itself. Key Takeaways –<br />
Smart cities & IIOT factories share common challenges yet demonstrate needs for customized<br />
solutions & technologies but also show similar trends including segmentation, authentication<br />
continuous supervision Reacting quickly overcoming new challenges through advanced<br />
technology tools - Artificial Intelligence& Blockchain technologies just to name a few.<br />
<br />
==Citations==<br />
Y. Xiao, Y. Jia, C. Liu, X. Cheng, J. Yu and W. Lv, "Edge Computing Security: State of the Art and Challenges," in Proceedings of the IEEE, vol. 107, no. 8, pp. 1608-1631, Aug. 2019, doi: 10.1109/JPROC.2019.2918437.<br />
keywords: {Edge computing;Servers;Task analysis;Security;Cloud computing;Mobile handsets;Computer science;Smart phones;Internet of Things;Network security;Data security;edge computing;Internet of Things;network security},</div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=Chapter_6:_Edge_Security_and_Privacy&diff=687Chapter 6: Edge Security and Privacy2025-04-16T20:08:27Z<p>Ali Siddiqi: </p>
<hr />
<div>==6. Edge Security and Privacy==<br />
<br />
==6.1 Overview of Security Challenges in Edge Computing==<br />
From previous chapters, Edge Computing has shown that it is here to stay and it will keep rapidly growing throughout the years. However, Edge Computing has its own security challenges that have to be addressed, because it is not a perfect system. Edge Computing has many security challenges that have to be dealt with in order to keep data safe. In this section, we will be talking about the different kinds of attacks that can happen on an Edge server or device, as how they are able to do this. <br />
<br />
==='''DDoS'''===<br />
''DDoS'' is a type of cyberattack in which an attacker aims to disrupt services provided by one or more servers based on distributed based on distributed resources such as a cluster of compromised Edge devices, which are also known as ''botnets''. <br />
<br />
''DDoS attacks'' occur when an attacker persistently sends streams of packets to a victim from compromised electronic devices, which causes the hardware resources of the victim to be quickly exhausted by handling these malicious packets and can no longer process any legitimate request on time. There are two kinds of DDoS attacks: Flooding-based and Zero-day DDoS attacks. <br />
<br />
[[File: DDoS-Botnet.png|300px]]<br />
<br />
*''Flooding-based'' DDoS attacks are a type of of DDoS attacks aiming to shut down normal service of a server based on large amount of flooded malformed or malicious network packets and are mainly classified as UDP flooding, ICMP flooding, SYN flooding, ping of death (PoD), HTTP flooding, and Slowloris.<br />
<br />
[[File: UDPFLOODING.png|300px]]<br />
<br />
*''Zero-Day'' DDoS attacks are when an attacker must find an unknown vulnerability in a piece of code running on the target Edge server or device, which can cause memory corruption and finally result in a service shutdown. For example, newly built Edge servers could have ''code vulnerabilities'', such as a hanging pointers or stack overflows, and an attacker can abuse those vulnerabilities in order to cause the Edge servers or devices to overload due to memory issues and shut down.<br />
<br />
[[File: ZeroDayDDoS.png|300px]]<br />
<br />
==='''Side-Channel Attacks'''===<br />
<br />
''Side-Channel Attacks'' happen when an attacker constantly obtains certain ''side-channel information'', like using public information that is not privately-sensitive for a user, from the target edge computing infrastructure and then feeds it into specific algorithms or machine learning models that outputs the desired sensitive information. There are three kinds of Side-Channel attacks: attacks exploiting communication channels, attacks exploiting power consumption, and attacks exploiting smartphone-based channels.<br />
<br />
*''Attacks exploiting communication channels'' are when an attacker can use a malicious node, that doesn't have to be an edge server or device, in order to exploit communication channels and uses the node to continuously sniff the network traces and wishes to extract sensitive information out of them. <br />
<br />
*''Attacks exploiting power consumption'' are when attackers use smart meters and oscilloscopes in order to measure the power consumption of a system since it carries information related to either the device that consumes the energy as different devices have different power. <br />
<br />
*''Attacks exploiting smartphone-based channels'' are when attackers exploit vulnerabilities using /proc and smartphone embedded sensors due to how sensors can leak information and send malware to the user that they can install but disguised as something important and attack /proc.<br />
<br />
[[File: sidechannelattack.png|300px]]<br />
<br />
==='''Malware Injection'''===<br />
<br />
''Malware Injection'' is when an attacker injects malicious code, or ''malware'', into edge devices or servers and is classified as either server-side or device-side injections. <br />
<br />
''Server-side injections'' are separated into four types: SQL, XSS, CSRF and SSRF, and XML. <br />
<br />
*''SQL injection'' is a code injection technique that attackers can use in order to destroy back-end databases by using the SQL query and escape sequences to trick the server into thinking the code is valid.<br />
<br />
*''XSS injection'' is a client-side attack in which an attacker injects malicious code into data content, which can be accessed and executed automatically by the servers. <br />
<br />
*''CSRF injection'' is an attack in which an end user is forced to execute unwanted actions through Web applications. <br />
*'SSRF injection'' is an attack in which Edge servers are abused to read or alter the internal resources. <br />
<br />
*''XML injection'' is an attack which an attacker intercepts an XML message and edits with malicious code so that it is sent to the Edge servers using ''Simple Object Access Protocol'' (SOAP).<br />
<br />
''Device-side injection'' is when an attacker injects the malware directly into IoT devices since IoT devices are highly heterogeneous, so an attacker can physically inject or use third-party malicious libraries that are powerful and less likely to get detected.<br />
<br />
[[File: SQLinjectionattack.png|300px]]<br />
<br />
==='''Authorization and Authentication Attacks'''===<br />
<br />
When these attacks happen, an attacker can bypass authentication processes and gain unauthorized access by using four techniques: dictionary attacks, attacks exploiting vulnerabilities in authorization protocols, attacks exploiting vulnerabilities in authorization protocols, and overprivileged attacks. <br />
<br />
*''Dictionary attack'' is when an attacker possesses a dictionary containing the most used credentials or passwords and inputs all possible entries in this dictionary in order to brute force a match. <br />
<br />
*''Attacks exploiting vulnerabilities in authorization protocols'' are when attackers look for design flaws in how authentication protocols are being used, like finding vulnerabilities in WPA2 or WPA3 protocols which can give an attacker messages that have encrypted information. They can also use 4G or 5G vulnerabilities in order to find a person's location and inject fabricated paging messages to mess with them and gain more information.<br />
<br />
*''Attacks exploiting vulnerabilities in authorization protocols'' are when attackers look for flaws in how authorization protocols are designed, such as an attacker using vulnerabilities in OAuth single sign-in which let them access victims personal information without authorization. <br />
<br />
*''Overprivileged attacks'' are when attackers are able to develop malicious apps that can do things that they do not have permission to do without needing to authenticate, such as changing door pins and setting off fire alarms in a house. <br />
<br />
[[File: dictionaryattack.png|300px]]<br />
<br />
==='''How are attackers able to perform these attacks?'''===<br />
<br />
Attackers are able to attack Edge devices or servers using different attack techniques, but it is more than just that. Attackers are able to abuse vulnerabilities and flaws in the Edge systems, specifically protocol-level design flaws, implementation-level flaws, code-level vulnerabilities, data correlations, and lacking in fine-grained access controls.<br />
<br />
*''Protocol-level design flaws'' are caused by many protocols edge computing having adopted design flaws due to their designers mainly focus on utility and user experience rather than not providing security as well. <br />
<br />
*''Implementation-level flaws'' are logic flaws that can cause security strength to decrease significantly after being proved that it was strictly secure on paper, because developers may misunderstand the foundations of the protocol and migrating a protocol from other platforms to the edge computing platform may cause adaptivity inconsistency. <br />
<br />
*''Code-level vulnerabilities'' can be system bugs that cause memory failure or corruptness, like stack or heap overflow, and can be caused when a person is programming millions of lines of code but leaves something like a dangling pointer. <br />
<br />
*''Data correlations'' is caused when there could be hidden correlations between sensitive and insensitive data that edge produces that might not be straightforward to notice, which an attack can abuse using side-channels. <br />
<br />
*''Lacking in fine-grained access controls'' means that Edge computing systems cannot implement fine-grained access controls, because it cannot be adapted to edge computing due to the more complex and fine-grained permissions scenarios, making it easier to attack edge systems.<br />
<br />
Overall, the Edge security challenges can be avoided if there was more attention to the potential vulnerabilities or flaws. In the next sections, the content that will be discussed is about data privacy on Edge systems, security protocols that Edge systems use to combat attacks on their systems, and real cases about actual security breaches that happened on the edge.<br />
<br />
==6.2 Data Privacy and Compliance in Edge Applications==<br />
<br />
===Privacy Issues in Fog Computing===<br />
<br />
====Attack Vectors====<br />
----<br />
Below are some of the major attack vectors that plague existing edge and fog networks.<br />
; Forgery<br />
:Forgery is a security threat where the attacker copies someone else's identities and behavior by producing fake information. This is a serious issue that degrades existing network resources for everyone in the network. <br />
;Tampering<br />
: Attackers alter data that is to be sent to other websites. This is difficult to detect since users in an edge environment are mobile and we can't differentiate if the data has been tampered with or anomalous behavior is due to packet loss. <br />
;Spam<br />
:Attackers send fake information that overwhelms the processing power of the edge devices. Similar to DoS, on a smaller scale.<br />
;Sybil<br />
:Attackers fake identity to control the performance of edge network. Falsifying their identity allows them to create fake crowdsensing reports, which affects the reliability of the whole network.<br />
;Jamming<br />
:Attackers generate large amounts of packets to jam transmission channels and occupy important resources<br />
;Eavesdropping<br />
:Attackers listen to confidential data of genuine users from transmission channel by pretending to be a part of the network<br />
; Man in the Middle (MITM)<br />
: MITM is a type of cyberattack where the attacker not only eavesdrops on communication between two devices, but also modifies the payload for destructive payloads.<br />
;Collusion<br />
:Multiple groups band together to mislead fog nodes<br />
;Impersonation<br />
:Attacker acts as real server to trick users to steal all their data <br />
;Virtual Machine Attack<br />
:Attackers take control of hypervisor for the virtual machine's VM<br />
;Side channel<br />
: Attackers brute force passwords to steal information being shared between two parties. Due to the poor resource availability of edge devices, there is a constraint on the use of computationally expensive hashing algorithms.<br />
; Session Hijacking<br />
: Attackers intercept and steal user session to get access to confidential data <br />
<br />
<br />
==== Privacy Issues in Fog Computing ====<br />
# User privacy<br />
## fog computing contains large number of IoT devices that are inter-connected via sensors <br />
## generated senesitive data and transmit to fog nodse for processing. This sensitive data includes personal information which can be stolen<br />
# Identity Privacy<br />
## ID of users is extremely vulnerable of getting disclosed while having auth to nodes including name, phone , address<br />
# Data Privacy<br />
## data can be exposed to network attacker who is trying to steam user's personal data from the transmission medium or relay nodes<br />
# Usage privacy<br />
## Pattern in which accesses services of fog computing <br />
## intruder knows when user is accessing the channel for data transmission and when he is not communicating<br />
## intruder attacks on user's confidential information or the channel<br />
# Location Privacy<br />
## location privacy helps attackers know the trajectory of the user<br />
# Network Privacy <br />
## wireless connections always at risk<br />
## maintenance of fog nodes is challenging since they are present at edge of internet<br />
## privacy breach is not difficult to occur<br />
<br />
=== Security and Privacy issues for edge computing===<br />
# nodes of edge connected to large number of IoT<br />
## these have limited resources <br />
## heterogeneous internal components<br />
## Key management for ensuring privacy of data is difficult<br />
<br />
==== Issues ====<br />
# Edge nodes are near to users which makes large amount of sensitive data, which might be stolen <br />
# Edge computing possess low network resources so doesn't support expensive encryption algos <br />
# Edge environment consists of dynamic env which is changing, which allows attackers multiple ways to join the network<br />
Also difficult to create securiy rules for a changing network<br />
<br />
==== Attacks ====<br />
; Eavesdropping: Monitor channel to steal data<br />
;# DoS<br />
: take control of network by sending fake requests<br />
;# DDoS<br />
: interrupt normal services provided by different servers<br />
;# Data Tampering<br />
: Attacker can alter the data transmitted over comm channel <br />
;False data injection<br />
:Attacker injects false code in network which brings all data to the attacker<br />
;Physical attack<br />
:Physical protection of edge infra is weak, which allows attackers to compromise the physical locations of edge devices.<br />
; Rogue gateway<br />
:inject large amounts of traffic into edge network infra, similar to MITM <br />
<br />
==== Privacy issues in edge computing =====<br />
# weak security techniques for system protection<br />
# unsafe communication between devices<br />
# difficult recovery and data backup<br />
# no specific pattern of update reception <br />
# lack of proper network visibility<br />
# lack of user's selective data collection<br />
<br />
==== Countermeasures for Fog Computing ====<br />
;Efficient encryption techniques<br />
:Allows for resource constrained edge devices to encrypt communcations with complex algorithms <br />
;Decoy technique<br />
:Authenticate data of user present the computing network by replacing original information with fake information that is provided to attackers<br />
When breached, the attackers find the decoy files <br />
;Intrusion detection system<br />
:Detect and protect from attacks including DoS, insider attackers, port scanning attacks, flooding attacks on virtual machine, MITM<br />
;Blockchain security for fog computing<br />
:Blockchain is a way to cryptographically ensure the validity of a system while simultaneously increasing it's security. Using blockchain for edge computing reduces single point failure, increases network security and helps with tracking node status effectively.<br />
<br />
==6.3 Security Protocols and Frameworks for Edge Systems==<br />
<br />
==6.4 Case Studies: Real-World Security Breaches==<br />
<br />
To further illustrate the edge computer security concepts, we will give a couple of short case studies where edge<br />
computing security plays a prevalent role, as well as some solutions:<br />
<br />
===Securing Egyptian VMSs Smart City Infrastructure===<br />
Over hundreds of thousands of these edge devices such as traffic sensors, surveillance cameras,<br />
smart lighting systems, and environmental monitors are deployed in an urban Smart City. We<br />
have on the `the city edge cloud' these instruments for real-time traffic flow management, public<br />
safety alarm, environmental monitoring with life supports among the green plants – in the area<br />
usually known as! This city suffered a massive blackout, when multiple traffic lights were compromised at the source which caused them to act irregularly: Not<br />
issuing signals, leading to gridlocks.<br />
====Challenges:====<br />
How were the traffic controllers found to be vulnerable? Meaning they hack the password hole<br />
punch so they can bypass the external username password and gain direct access to the temples<br />
of our data. Moreover, on some cameras, the public IP of that camera is exposed, making remote<br />
attack possible: it was obviously a disadvantage for them. The edge network stutters steps from<br />
one organization to the next, making it hard however much one tries to apply security policy<br />
uniformly, as whose department is solely responsible for a given thing?<br />
====Solutions Introduced:====<br />
;Net Separation<br />
: The city designed its infrastructure with isolation zones; meaning traffic<br />
systems are completely isolated from all other municipal services so if one zone is attacked all<br />
other zones of that type remain intact.<br />
;Password Overhaul<br />
: Each unit was provided with a complete rehash to change its default<br />
passwords and other weak credentials to hardened unique passwords. Remote administrative<br />
access was only accepted with Multi-Factor Authentication.<br />
;Embrace of a Zero Trust Model<br />
: In this city, we employed a robust, Zero Trust model. A<br />
central token service gives authorization to every device communication and does not assume<br />
the inherent trust of devices.<br />
;Firmware Handling<br />
: The OTA management system required by installation ensures known<br />
exploits like traffic light management are repaired when discovered. Firmware cannot be<br />
updated at weaker sites as the assumption is it is regularly updated.<br />
;AI-based IDS Deployment<br />
: An AI-based IDS at a traffic control center learns about every<br />
equipment normal behavior going on at this session (like how frequently commands are sent out<br />
for lighting systems) generate alerts, activate promise lockdowns any time an abnormal behavior<br />
appears Mechanisms for rapid dissemination throughout the city.<br />
==== Outcome:====<br />
As a result of the proactive settings, these attempts were quickly identified and contained, with a<br />
limited impact on operations. For example, a virus event that targeted digital kiosks was<br />
contained through micro-segmentation and AI detection mechanisms that quickly isolated and as<br />
such quarantined the attack. It led to enhanced overall resilience of this intelligent city — its<br />
citizens’ trust in IoT services is continually getting better.<br />
<br />
<br />
=== IIOT (INDUSTRIAL IOT) IN MANUFACTURING===<br />
The production floor of a manufacturing company has integrated an IIoT system that is edge-<br />
based. Sensors associated with the machinery connect to edge gateways that track the health of<br />
the equipment for predictive maintenance. One extreme incident involved the main assembly<br />
robot producing inaccurate sensor readings that were altered, driving the robot to malfunction<br />
and claim weeks of expensive downtime on production. This revealed the insertion of an<br />
unauthorized device, a small single-board computer that was disguised as a sensor node and<br />
which fed erroneous data back to the control system.<br />
====CHALLENGES:====<br />
Even though it was optimized for efficiency, the factory edge network didn't include a device<br />
authentication protocol; attackers could access new sensors without the need for tight controls.<br />
Ensuring up time and keeping operational was prioritized often at the expense of timely<br />
application of security updates. Moreover, the presence of devices from many vendors further<br />
complicated efforts to establish consistent security standards, and production engineers received<br />
little training in cybersecurity best practices.<br />
====SOLUTIONS IMPLEMENTED====<br />
To solve these problems, stringent onboarding procedures were put in place: each sensor or<br />
controller must now present a digital certificate signed by the organization before being allowed<br />
onto the network. Any unknown device attempting to gain access is rejected and notification<br />
alerts are immediately sent out to ensure the remedying of bogus sensors does not take place in<br />
future.<br />
Additionally, they created a blockchain ledger to monitor device identities and to log any<br />
configuration changes over time. Every new addition or firmware update triggers a blockchain<br />
transaction being recorded to guarantee the creation of an immutable audit trail that can be<br />
reviewed by IT as well as OT (operational technology) teams increasing trust and accountability<br />
between departments. They segmented their network by listener and gateway: your sensors only<br />
talk to local gateway, and then your gateway only talks to central controls understanding that if<br />
any one part is breached there are limitations to how much of your network is attacked. More<br />
importantly, they rolled out an AI-powered detection system that monitored sensor readings for<br />
abnormalities.<br />
For known rogue sensors where outputs were statistically different from expected machine<br />
behavior; it is likely that ML models would have picked up on this irregularity early enough to<br />
allow for preemptive safety shutters before doing damage.In addition, maintenance processes<br />
were revised to ensure that scheduled downtimes were regular intervals of time explicitly<br />
dedicated towards security (for example, patching software vulnerabilities and routine<br />
equipment calibration checks). Training of staff on basic cyber hygiene such as ensuring that a<br />
USB drive or laptop was validated before connecting it into the organization edge networks have<br />
reduced the threat of the organization network being infected by malware.<br />
====OUTCOME====<br />
Then after enhancements made at this facility had enabled quick identification of anomalies; The<br />
next, an internal attempt by someone trying to connect using unauthorized monitoring tools was<br />
quickly detected and blocked ensuring nothing could affect operations in our pursuit against<br />
cyber-physical threats going forward. This includes how to properly secure our edges given their<br />
unique properties tightly coupled with how data generation happens right at the host itself which<br />
underlines an edge rather than left assume by further maintaining data access principles and<br />
protocols as logs have significantly aided audits of compliance as well being fitted into our own<br />
investigation processes during incidents reducing times taken before identifying potential<br />
problems where an immutable changelog was adapted into the process itself. Key Takeaways –<br />
Smart cities & IIOT factories share common challenges yet demonstrate needs for customized<br />
solutions & technologies but also show similar trends including segmentation, authentication<br />
continuous supervision Reacting quickly overcoming new challenges through advanced<br />
technology tools - Artificial Intelligence& Blockchain technologies just to name a few.<br />
<br />
==Citations==<br />
Y. Xiao, Y. Jia, C. Liu, X. Cheng, J. Yu and W. Lv, "Edge Computing Security: State of the Art and Challenges," in Proceedings of the IEEE, vol. 107, no. 8, pp. 1608-1631, Aug. 2019, doi: 10.1109/JPROC.2019.2918437.<br />
keywords: {Edge computing;Servers;Task analysis;Security;Cloud computing;Mobile handsets;Computer science;Smart phones;Internet of Things;Network security;Data security;edge computing;Internet of Things;network security},</div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=Chapter_6:_Edge_Security_and_Privacy&diff=686Chapter 6: Edge Security and Privacy2025-04-16T20:05:52Z<p>Ali Siddiqi: /* 6.1 Overview of Security Challenges in Edge Computing */</p>
<hr />
<div>==6. Edge Security and Privacy==<br />
<br />
==6.1 Overview of Security Challenges in Edge Computing==<br />
From previous chapters, Edge Computing has shown that it is here to stay and it will keep rapidly growing throughout the years. However, Edge Computing has its own security challenges that have to be addressed, because it is not a perfect system. Edge Computing has many security challenges that have to be dealt with in order to keep data safe. In this section, we will be talking about the different kinds of attacks that can happen on an Edge server or device, as how they are able to do this. <br />
<br />
==='''DDoS'''===<br />
''DDoS'' is a type of cyberattack in which an attacker aims to disrupt services provided by one or more servers based on distributed based on distributed resources such as a cluster of compromised Edge devices, which are also known as ''botnets''. <br />
<br />
''DDoS attacks'' occur when an attacker persistently sends streams of packets to a victim from compromised electronic devices, which causes the hardware resources of the victim to be quickly exhausted by handling these malicious packets and can no longer process any legitimate request on time. There are two kinds of DDoS attacks: Flooding-based and Zero-day DDoS attacks. <br />
<br />
[[File: DDoS-Botnet.png|300px]]<br />
<br />
*''Flooding-based'' DDoS attacks are a type of of DDoS attacks aiming to shut down normal service of a server based on large amount of flooded malformed or malicious network packets and are mainly classified as UDP flooding, ICMP flooding, SYN flooding, ping of death (PoD), HTTP flooding, and Slowloris.<br />
<br />
[[File: UDPFLOODING.png|300px]]<br />
<br />
*''Zero-Day'' DDoS attacks are when an attacker must find an unknown vulnerability in a piece of code running on the target Edge server or device, which can cause memory corruption and finally result in a service shutdown. For example, newly built Edge servers could have ''code vulnerabilities'', such as a hanging pointers or stack overflows, and an attacker can abuse those vulnerabilities in order to cause the Edge servers or devices to overload due to memory issues and shut down.<br />
<br />
[[File: ZeroDayDDoS.png|300px]]<br />
<br />
==='''Side-Channel Attacks'''===<br />
<br />
''Side-Channel Attacks'' happen when an attacker constantly obtains certain ''side-channel information'', like using public information that is not privately-sensitive for a user, from the target edge computing infrastructure and then feeds it into specific algorithms or machine learning models that outputs the desired sensitive information. There are three kinds of Side-Channel attacks: attacks exploiting communication channels, attacks exploiting power consumption, and attacks exploiting smartphone-based channels.<br />
<br />
*''Attacks exploiting communication channels'' are when an attacker can use a malicious node, that doesn't have to be an edge server or device, in order to exploit communication channels and uses the node to continuously sniff the network traces and wishes to extract sensitive information out of them. <br />
<br />
*''Attacks exploiting power consumption'' are when attackers use smart meters and oscilloscopes in order to measure the power consumption of a system since it carries information related to either the device that consumes the energy as different devices have different power. <br />
<br />
*''Attacks exploiting smartphone-based channels'' are when attackers exploit vulnerabilities using /proc and smartphone embedded sensors due to how sensors can leak information and send malware to the user that they can install but disguised as something important and attack /proc.<br />
<br />
[[File: sidechannelattack.png|300px]]<br />
<br />
==='''Malware Injection'''===<br />
<br />
''Malware Injection'' is when an attacker injects malicious code, or ''malware'', into edge devices or servers and is classified as either server-side or device-side injections. <br />
<br />
''Server-side injections'' are separated into four types: SQL, XSS, CSRF and SSRF, and XML. <br />
<br />
*''SQL injection'' is a code injection technique that attackers can use in order to destroy back-end databases by using the SQL query and escape sequences to trick the server into thinking the code is valid.<br />
<br />
*''XSS injection'' is a client-side attack in which an attacker injects malicious code into data content, which can be accessed and executed automatically by the servers. <br />
<br />
*''CSRF injection'' is an attack in which an end user is forced to execute unwanted actions through Web applications. <br />
*'SSRF injection'' is an attack in which Edge servers are abused to read or alter the internal resources. <br />
<br />
*''XML injection'' is an attack which an attacker intercepts an XML message and edits with malicious code so that it is sent to the Edge servers using ''Simple Object Access Protocol'' (SOAP).<br />
<br />
''Device-side injection'' is when an attacker injects the malware directly into IoT devices since IoT devices are highly heterogeneous, so an attacker can physically inject or use third-party malicious libraries that are powerful and less likely to get detected.<br />
<br />
[[File: SQLinjectionattack.png|300px]]<br />
<br />
==='''Authorization and Authentication Attacks'''===<br />
<br />
When these attacks happen, an attacker can bypass authentication processes and gain unauthorized access by using four techniques: dictionary attacks, attacks exploiting vulnerabilities in authorization protocols, attacks exploiting vulnerabilities in authorization protocols, and overprivileged attacks. <br />
<br />
*''Dictionary attack'' is when an attacker possesses a dictionary containing the most used credentials or passwords and inputs all possible entries in this dictionary in order to brute force a match. <br />
<br />
*''Attacks exploiting vulnerabilities in authorization protocols'' are when attackers look for design flaws in how authentication protocols are being used, like finding vulnerabilities in WPA2 or WPA3 protocols which can give an attacker messages that have encrypted information. They can also use 4G or 5G vulnerabilities in order to find a person's location and inject fabricated paging messages to mess with them and gain more information.<br />
<br />
*''Attacks exploiting vulnerabilities in authorization protocols'' are when attackers look for flaws in how authorization protocols are designed, such as an attacker using vulnerabilities in OAuth single sign-in which let them access victims personal information without authorization. <br />
<br />
*''Overprivileged attacks'' are when attackers are able to develop malicious apps that can do things that they do not have permission to do without needing to authenticate, such as changing door pins and setting off fire alarms in a house. <br />
<br />
[[File: dictionaryattack.png|300px]]<br />
<br />
==='''How are attackers able to perform these attacks?'''===<br />
<br />
Attackers are able to attack Edge devices or servers using different attack techniques, but it is more than just that. Attackers are able to abuse vulnerabilities and flaws in the Edge systems, specifically protocol-level design flaws, implementation-level flaws, code-level vulnerabilities, data correlations, and lacking in fine-grained access controls.<br />
<br />
*''Protocol-level design flaws'' are caused by many protocols edge computing having adopted design flaws due to their designers mainly focus on utility and user experience rather than not providing security as well. <br />
<br />
*''Implementation-level flaws'' are logic flaws that can cause security strength to decrease significantly after being proved that it was strictly secure on paper, because developers may misunderstand the foundations of the protocol and migrating a protocol from other platforms to the edge computing platform may cause adaptivity inconsistency. <br />
<br />
*''Code-level vulnerabilities'' can be system bugs that cause memory failure or corruptness, like stack or heap overflow, and can be caused when a person is programming millions of lines of code but leaves something like a dangling pointer. <br />
<br />
*''Data correlations'' is caused when there could be hidden correlations between sensitive and insensitive data that edge produces that might not be straightforward to notice, which an attack can abuse using side-channels. <br />
<br />
*''Lacking in fine-grained access controls'' means that Edge computing systems cannot implement fine-grained access controls, because it cannot be adapted to edge computing due to the more complex and fine-grained permissions scenarios, making it easier to attack edge systems.<br />
<br />
Overall, the Edge security challenges can be avoided if there was more attention to the potential vulnerabilities or flaws. In the next sections, the content that will be discussed is about data privacy on Edge systems, security protocols that Edge systems use to combat attacks on their systems, and real cases about actual security breaches that happened on the edge.<br />
<br />
==6.2 Data Privacy and Compliance in Edge Applications==<br />
<br />
===Privacy Issues in Fog Computing===<br />
<br />
====Attack Vectors====<br />
----<br />
Below are some of the major attack vectors that plague existing edge and fog networks.<br />
; Forgery<br />
:Forgery is a security threat where the attacker copies someone else's identities and behavior by producing fake information. This is a serious issue that degrades existing network resources for everyone in the network. <br />
;Tampering<br />
: Attackers alter data that is to be sent to other websites. This is difficult to detect since users in an edge environment are mobile and we can't differentiate if the data has been tampered with or anomalous behavior is due to packet loss. <br />
;Spam<br />
:Attackers send fake information that overwhelms the processing power of the edge devices. Similar to DoS, on a smaller scale.<br />
;Sybil<br />
:Attackers fake identity to control the performance of edge network. Falsifying their identity allows them to create fake crowdsensing reports, which affects the reliability of the whole network.<br />
;Jamming<br />
:Attackers generate large amounts of packets to jam transmission channels and occupy important resources<br />
;Eavesdropping<br />
:Attackers listen to confidential data of genuine users from transmission channel by pretending to be a part of the network<br />
; Man in the Middle (MITM)<br />
: MITM is a type of cyberattack where the attacker not only eavesdrops on communication between two devices, but also modifies the payload for destructive payloads.<br />
;Collusion<br />
:Multiple groups band together to mislead fog nodes<br />
;Impersonation<br />
:Attacker acts as real server to trick users to steal all their data <br />
;Virtual Machine Attack<br />
:Attackers take control of hypervisor for the virtual machine's VM<br />
;Side channel<br />
: Attackers brute force passwords to steal information being shared between two parties. Due to the poor resource availability of edge devices, there is a constraint on the use of computationally expensive hashing algorithms.<br />
; Session Hijacking<br />
: Attackers intercept and steal user session to get access to confidential data <br />
<br />
<br />
==== Privacy Issues in Fog Computing ====<br />
# User privacy<br />
## fog computing contains large number of IoT devices that are inter-connected via sensors <br />
## generated senesitive data and transmit to fog nodse for processing. This sensitive data includes personal information which can be stolen<br />
# Identity Privacy<br />
## ID of users is extremely vulnerable of getting disclosed while having auth to nodes including name, phone , address<br />
# Data Privacy<br />
## data can be exposed to network attacker who is trying to steam user's personal data from the transmission medium or relay nodes<br />
# Usage privacy<br />
## Pattern in which accesses services of fog computing <br />
## intruder knows when user is accessing the channel for data transmission and when he is not communicating<br />
## intruder attacks on user's confidential information or the channel<br />
# Location Privacy<br />
## location privacy helps attackers know the trajectory of the user<br />
# Network Privacy <br />
## wireless connections always at risk<br />
## maintenance of fog nodes is challenging since they are present at edge of internet<br />
## privacy breach is not difficult to occur<br />
<br />
=== Security and Privacy issues for edge computing===<br />
# nodes of edge connected to large number of IoT<br />
## these have limited resources <br />
## heterogeneous internal components<br />
## Key management for ensuring privacy of data is difficult<br />
<br />
==== Issues ====<br />
# Edge nodes are near to users which makes large amount of sensitive data, which might be stolen <br />
# Edge computing possess low network resources so doesn't support expensive encryption algos <br />
# Edge environment consists of dynamic env which is changing, which allows attackers multiple ways to join the network<br />
Also difficult to create securiy rules for a changing network<br />
<br />
==== Attacks ====<br />
; Eavesdropping: Monitor channel to steal data<br />
;# DoS<br />
: take control of network by sending fake requests<br />
;# DDoS<br />
: interrupt normal services provided by different servers<br />
;# Data Tampering<br />
: Attacker can alter the data transmitted over comm channel <br />
;False data injection<br />
:Attacker injects false code in network which brings all data to the attacker<br />
;Physical attack<br />
:Physical protection of edge infra is weak, which allows attackers to compromise the physical locations of edge devices.<br />
; Rogue gateway<br />
:inject large amounts of traffic into edge network infra, similar to MITM <br />
<br />
==== Privacy issues in edge computing =====<br />
# weak security techniques for system protection<br />
# unsafe communication between devices<br />
# difficult recovery and data backup<br />
# no specific pattern of update reception <br />
# lack of proper network visibility<br />
# lack of user's selective data collection<br />
<br />
==== Countermeasures for Fog Computing ====<br />
;Efficient encryption techniques<br />
:Allows for resource constrained edge devices to encrypt communcations with complex algorithms <br />
;Decoy technique<br />
:Authenticate data of user present the computing network by replacing original information with fake information that is provided to attackers<br />
When breached, the attackers find the decoy files <br />
;Intrusion detection system<br />
:Detect and protect from attacks including DoS, insider attackers, port scanning attacks, flooding attacks on virtual machine, MITM<br />
;Blockchain security for fog computing<br />
:Blockchain is a way to cryptographically ensure the validity of a system while simultaneously increasing it's security. Using blockchain for edge computing reduces single point failure, increases network security and helps with tracking node status effectively.<br />
<br />
==6.3 Security Protocols and Frameworks for Edge Systems==<br />
<br />
To further illustrate the edge computer security concepts, we will give a couple of short case studies where edge<br />
computing security plays a prevalent role, as well as some solutions:<br />
<br />
===Securing Egyptian VMSs Smart City Infrastructure===<br />
Over hundreds of thousands of these edge devices such as traffic sensors, surveillance cameras,<br />
smart lighting systems, and environmental monitors are deployed in an urban Smart City. We<br />
have on the `the city edge cloud' these instruments for real-time traffic flow management, public<br />
safety alarm, environmental monitoring with life supports among the green plants – in the area<br />
usually known as! This city suffered a massive blackout, when multiple traffic lights were compromised at the source which caused them to act irregularly: Not<br />
issuing signals, leading to gridlocks.<br />
====Challenges:====<br />
How were the traffic controllers found to be vulnerable? Meaning they hack the password hole<br />
punch so they can bypass the external username password and gain direct access to the temples<br />
of our data. Moreover, on some cameras, the public IP of that camera is exposed, making remote<br />
attack possible: it was obviously a disadvantage for them. The edge network stutters steps from<br />
one organization to the next, making it hard however much one tries to apply security policy<br />
uniformly, as whose department is solely responsible for a given thing?<br />
====Solutions Introduced:====<br />
;Net Separation<br />
: The city designed its infrastructure with isolation zones; meaning traffic<br />
systems are completely isolated from all other municipal services so if one zone is attacked all<br />
other zones of that type remain intact.<br />
;Password Overhaul<br />
: Each unit was provided with a complete rehash to change its default<br />
passwords and other weak credentials to hardened unique passwords. Remote administrative<br />
access was only accepted with Multi-Factor Authentication.<br />
;Embrace of a Zero Trust Model<br />
: In this city, we employed a robust, Zero Trust model. A<br />
central token service gives authorization to every device communication and does not assume<br />
the inherent trust of devices.<br />
;Firmware Handling<br />
: The OTA management system required by installation ensures known<br />
exploits like traffic light management are repaired when discovered. Firmware cannot be<br />
updated at weaker sites as the assumption is it is regularly updated.<br />
;AI-based IDS Deployment<br />
: An AI-based IDS at a traffic control center learns about every<br />
equipment normal behavior going on at this session (like how frequently commands are sent out<br />
for lighting systems) generate alerts, activate promise lockdowns any time an abnormal behavior<br />
appears Mechanisms for rapid dissemination throughout the city.<br />
==== Outcome:====<br />
As a result of the proactive settings, these attempts were quickly identified and contained, with a<br />
limited impact on operations. For example, a virus event that targeted digital kiosks was<br />
contained through micro-segmentation and AI detection mechanisms that quickly isolated and as<br />
such quarantined the attack. It led to enhanced overall resilience of this intelligent city — its<br />
citizens’ trust in IoT services is continually getting better.<br />
<br />
<br />
=== IIOT (INDUSTRIAL IOT) IN MANUFACTURING===<br />
The production floor of a manufacturing company has integrated an IIoT system that is edge-<br />
based. Sensors associated with the machinery connect to edge gateways that track the health of<br />
the equipment for predictive maintenance. One extreme incident involved the main assembly<br />
robot producing inaccurate sensor readings that were altered, driving the robot to malfunction<br />
and claim weeks of expensive downtime on production. This revealed the insertion of an<br />
unauthorized device, a small single-board computer that was disguised as a sensor node and<br />
which fed erroneous data back to the control system.<br />
====CHALLENGES:====<br />
Even though it was optimized for efficiency, the factory edge network didn't include a device<br />
authentication protocol; attackers could access new sensors without the need for tight controls.<br />
Ensuring up time and keeping operational was prioritized often at the expense of timely<br />
application of security updates. Moreover, the presence of devices from many vendors further<br />
complicated efforts to establish consistent security standards, and production engineers received<br />
little training in cybersecurity best practices.<br />
====SOLUTIONS IMPLEMENTED====<br />
To solve these problems, stringent onboarding procedures were put in place: each sensor or<br />
controller must now present a digital certificate signed by the organization before being allowed<br />
onto the network. Any unknown device attempting to gain access is rejected and notification<br />
alerts are immediately sent out to ensure the remedying of bogus sensors does not take place in<br />
future.<br />
Additionally, they created a blockchain ledger to monitor device identities and to log any<br />
configuration changes over time. Every new addition or firmware update triggers a blockchain<br />
transaction being recorded to guarantee the creation of an immutable audit trail that can be<br />
reviewed by IT as well as OT (operational technology) teams increasing trust and accountability<br />
between departments. They segmented their network by listener and gateway: your sensors only<br />
talk to local gateway, and then your gateway only talks to central controls understanding that if<br />
any one part is breached there are limitations to how much of your network is attacked. More<br />
importantly, they rolled out an AI-powered detection system that monitored sensor readings for<br />
abnormalities.<br />
For known rogue sensors where outputs were statistically different from expected machine<br />
behavior; it is likely that ML models would have picked up on this irregularity early enough to<br />
allow for preemptive safety shutters before doing damage.In addition, maintenance processes<br />
were revised to ensure that scheduled downtimes were regular intervals of time explicitly<br />
dedicated towards security (for example, patching software vulnerabilities and routine<br />
equipment calibration checks). Training of staff on basic cyber hygiene such as ensuring that a<br />
USB drive or laptop was validated before connecting it into the organization edge networks have<br />
reduced the threat of the organization network being infected by malware.<br />
====OUTCOME====<br />
Then after enhancements made at this facility had enabled quick identification of anomalies; The<br />
next, an internal attempt by someone trying to connect using unauthorized monitoring tools was<br />
quickly detected and blocked ensuring nothing could affect operations in our pursuit against<br />
cyber-physical threats going forward. This includes how to properly secure our edges given their<br />
unique properties tightly coupled with how data generation happens right at the host itself which<br />
underlines an edge rather than left assume by further maintaining data access principles and<br />
protocols as logs have significantly aided audits of compliance as well being fitted into our own<br />
investigation processes during incidents reducing times taken before identifying potential<br />
problems where an immutable changelog was adapted into the process itself. Key Takeaways –<br />
Smart cities & IIOT factories share common challenges yet demonstrate needs for customized<br />
solutions & technologies but also show similar trends including segmentation, authentication<br />
continuous supervision Reacting quickly overcoming new challenges through advanced<br />
technology tools - Artificial Intelligence& Blockchain technologies just to name a few.<br />
<br />
==Citations==<br />
Y. Xiao, Y. Jia, C. Liu, X. Cheng, J. Yu and W. Lv, "Edge Computing Security: State of the Art and Challenges," in Proceedings of the IEEE, vol. 107, no. 8, pp. 1608-1631, Aug. 2019, doi: 10.1109/JPROC.2019.2918437.<br />
keywords: {Edge computing;Servers;Task analysis;Security;Cloud computing;Mobile handsets;Computer science;Smart phones;Internet of Things;Network security;Data security;edge computing;Internet of Things;network security},</div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=Chapter_6:_Edge_Security_and_Privacy&diff=685Chapter 6: Edge Security and Privacy2025-04-16T20:05:12Z<p>Ali Siddiqi: </p>
<hr />
<div>==6. Edge Security and Privacy==<br />
<br />
==6.1 Overview of Security Challenges in Edge Computing==<br />
From previous chapters, Edge Computing has shown that it is here to stay and it will keep rapidly growing throughout the years. However, Edge Computing has its own security challenges that have to be addressed, because it is not a perfect system. Edge Computing has many security challenges that have to be dealt with in order to keep data safe. In this section, we will be talking about the different kinds of attacks that can happen on an Edge server or device, as how they are able to do this. <br />
<br />
==='''DDoS'''===<br />
''DDoS'' is a type of cyberattack in which an attacker aims to disrupt services provided by one or more servers based on distributed based on distributed resources such as a cluster of compromised Edge devices, which are also known as ''botnets''. <br />
<br />
''DDoS attacks'' occur when an attacker persistently sends streams of packets to a victim from compromised electronic devices, which causes the hardware resources of the victim to be quickly exhausted by handling these malicious packets and can no longer process any legitimate request on time. There are two kinds of DDoS attacks: Flooding-based and Zero-day DDoS attacks. <br />
<br />
[[File: DDoS-Botnet.png|300px]]<br />
<br />
*''Flooding-based'' DDoS attacks are a type of of DDoS attacks aiming to shut down normal service of a server based on large amount of flooded malformed or malicious network packets and are mainly classified as UDP flooding, ICMP flooding, SYN flooding, ping of death (PoD), HTTP flooding, and Slowloris.<br />
<br />
[[File: UDPFLOODING.png|300px]]<br />
<br />
*''Zero-Day'' DDoS attacks are when an attacker must find an unknown vulnerability in a piece of code running on the target Edge server or device, which can cause memory corruption and finally result in a service shutdown. For example, newly built Edge servers could have ''code vulnerabilities'', such as a hanging pointers or stack overflows, and an attacker can abuse those vulnerabilities in order to cause the Edge servers or devices to overload due to memory issues and shut down.<br />
<br />
[[File: ZeroDayDDoS.png|300px]]<br />
<br />
==='''Side-Channel Attacks'''===<br />
<br />
''Side-Channel Attacks'' happen when an attacker constantly obtains certain ''side-channel information'', like using public information that is not privately-sensitive for a user, from the target edge computing infrastructure and then feeds it into specific algorithms or machine learning models that outputs the desired sensitive information. There are three kinds of Side-Channel attacks: attacks exploiting communication channels, attacks exploiting power consumption, and attacks exploiting smartphone-based channels.<br />
<br />
*''Attacks exploiting communication channels'' are when an attacker can use a malicious node, that doesn't have to be an edge server or device, in order to exploit communication channels and uses the node to continuously sniff the network traces and wishes to extract sensitive information out of them. <br />
<br />
*''Attacks exploiting power consumption'' are when attackers use smart meters and oscilloscopes in order to measure the power consumption of a system since it carries information related to either the device that consumes the energy as different devices have different power. <br />
<br />
*''Attacks exploiting smartphone-based channels'' are when attackers exploit vulnerabilities using /proc and smartphone embedded sensors due to how sensors can leak information and send malware to the user that they can install but disguised as something important and attack /proc.<br />
<br />
[[File: sidechannelattack.png|300px]]<br />
<br />
==='''Malware Injection'''===<br />
<br />
''Malware Injection'' is when an attacker injects malicious code, or ''malware'', into edge devices or servers and is classified as either server-side or device-side injections. <br />
<br />
''Server-side injections'' are separated into four types: SQL, XSS, CSRF and SSRF, and XML. <br />
<br />
*''SQL injection'' is a code injection technique that attackers can use in order to destroy back-end databases by using the SQL query and escape sequences to trick the server into thinking the code is valid.<br />
*''XSS injection'' is a client-side attack in which an attacker injects malicious code into data content, which can be accessed and executed automatically by the servers. <br />
*''CSRF injection'' is an attack in which an end user is forced to execute unwanted actions through Web applications. <br />
*'SSRF injection'' is an attack in which Edge servers are abused to read or alter the internal resources. <br />
*''XML injection'' is an attack which an attacker intercepts an XML message and edits with malicious code so that it is sent to the Edge servers using ''Simple Object Access Protocol'' (SOAP).<br />
<br />
''Device-side injection'' is when an attacker injects the malware directly into IoT devices since IoT devices are highly heterogeneous, so an attacker can physically inject or use third-party malicious libraries that are powerful and less likely to get detected.<br />
<br />
[[File: SQLinjectionattack.png|300px]]<br />
<br />
==='''Authorization and Authentication Attacks'''===<br />
<br />
When these attacks happen, an attacker can bypass authentication processes and gain unauthorized access by using four techniques: dictionary attacks, attacks exploiting vulnerabilities in authorization protocols, attacks exploiting vulnerabilities in authorization protocols, and overprivileged attacks. <br />
<br />
*''Dictionary attack'' is when an attacker possesses a dictionary containing the most used credentials or passwords and inputs all possible entries in this dictionary in order to brute force a match. <br />
<br />
*''Attacks exploiting vulnerabilities in authorization protocols'' are when attackers look for design flaws in how authentication protocols are being used, like finding vulnerabilities in WPA2 or WPA3 protocols which can give an attacker messages that have encrypted information. They can also use 4G or 5G vulnerabilities in order to find a person's location and inject fabricated paging messages to mess with them and gain more information.<br />
<br />
*''Attacks exploiting vulnerabilities in authorization protocols'' are when attackers look for flaws in how authorization protocols are designed, such as an attacker using vulnerabilities in OAuth single sign-in which let them access victims personal information without authorization. <br />
<br />
*''Overprivileged attacks'' are when attackers are able to develop malicious apps that can do things that they do not have permission to do without needing to authenticate, such as changing door pins and setting off fire alarms in a house. <br />
<br />
[[File: dictionaryattack.png|300px]]<br />
<br />
==='''How are attackers able to perform these attacks?'''===<br />
<br />
Attackers are able to attack Edge devices or servers using different attack techniques, but it is more than just that. Attackers are able to abuse vulnerabilities and flaws in the Edge systems, specifically protocol-level design flaws, implementation-level flaws, code-level vulnerabilities, data correlations, and lacking in fine-grained access controls.<br />
<br />
*''Protocol-level design flaws'' are caused by many protocols edge computing having adopted design flaws due to their designers mainly focus on utility and user experience rather than not providing security as well. <br />
<br />
*''Implementation-level flaws'' are logic flaws that can cause security strength to decrease significantly after being proved that it was strictly secure on paper, because developers may misunderstand the foundations of the protocol and migrating a protocol from other platforms to the edge computing platform may cause adaptivity inconsistency. <br />
<br />
*''Code-level vulnerabilities'' can be system bugs that cause memory failure or corruptness, like stack or heap overflow, and can be caused when a person is programming millions of lines of code but leaves something like a dangling pointer. <br />
<br />
*''Data correlations'' is caused when there could be hidden correlations between sensitive and insensitive data that edge produces that might not be straightforward to notice, which an attack can abuse using side-channels. <br />
<br />
*''Lacking in fine-grained access controls'' means that Edge computing systems cannot implement fine-grained access controls, because it cannot be adapted to edge computing due to the more complex and fine-grained permissions scenarios, making it easier to attack edge systems.<br />
<br />
Overall, the Edge security challenges can be avoided if there was more attention to the potential vulnerabilities or flaws. In the next sections, the content that will be discussed is about data privacy on Edge systems, security protocols that Edge systems use to combat attacks on their systems, and real cases about actual security breaches that happened on the edge.<br />
<br />
==6.2 Data Privacy and Compliance in Edge Applications==<br />
<br />
===Privacy Issues in Fog Computing===<br />
<br />
====Attack Vectors====<br />
----<br />
Below are some of the major attack vectors that plague existing edge and fog networks.<br />
; Forgery<br />
:Forgery is a security threat where the attacker copies someone else's identities and behavior by producing fake information. This is a serious issue that degrades existing network resources for everyone in the network. <br />
;Tampering<br />
: Attackers alter data that is to be sent to other websites. This is difficult to detect since users in an edge environment are mobile and we can't differentiate if the data has been tampered with or anomalous behavior is due to packet loss. <br />
;Spam<br />
:Attackers send fake information that overwhelms the processing power of the edge devices. Similar to DoS, on a smaller scale.<br />
;Sybil<br />
:Attackers fake identity to control the performance of edge network. Falsifying their identity allows them to create fake crowdsensing reports, which affects the reliability of the whole network.<br />
;Jamming<br />
:Attackers generate large amounts of packets to jam transmission channels and occupy important resources<br />
;Eavesdropping<br />
:Attackers listen to confidential data of genuine users from transmission channel by pretending to be a part of the network<br />
; Man in the Middle (MITM)<br />
: MITM is a type of cyberattack where the attacker not only eavesdrops on communication between two devices, but also modifies the payload for destructive payloads.<br />
;Collusion<br />
:Multiple groups band together to mislead fog nodes<br />
;Impersonation<br />
:Attacker acts as real server to trick users to steal all their data <br />
;Virtual Machine Attack<br />
:Attackers take control of hypervisor for the virtual machine's VM<br />
;Side channel<br />
: Attackers brute force passwords to steal information being shared between two parties. Due to the poor resource availability of edge devices, there is a constraint on the use of computationally expensive hashing algorithms.<br />
; Session Hijacking<br />
: Attackers intercept and steal user session to get access to confidential data <br />
<br />
<br />
==== Privacy Issues in Fog Computing ====<br />
# User privacy<br />
## fog computing contains large number of IoT devices that are inter-connected via sensors <br />
## generated senesitive data and transmit to fog nodse for processing. This sensitive data includes personal information which can be stolen<br />
# Identity Privacy<br />
## ID of users is extremely vulnerable of getting disclosed while having auth to nodes including name, phone , address<br />
# Data Privacy<br />
## data can be exposed to network attacker who is trying to steam user's personal data from the transmission medium or relay nodes<br />
# Usage privacy<br />
## Pattern in which accesses services of fog computing <br />
## intruder knows when user is accessing the channel for data transmission and when he is not communicating<br />
## intruder attacks on user's confidential information or the channel<br />
# Location Privacy<br />
## location privacy helps attackers know the trajectory of the user<br />
# Network Privacy <br />
## wireless connections always at risk<br />
## maintenance of fog nodes is challenging since they are present at edge of internet<br />
## privacy breach is not difficult to occur<br />
<br />
=== Security and Privacy issues for edge computing===<br />
# nodes of edge connected to large number of IoT<br />
## these have limited resources <br />
## heterogeneous internal components<br />
## Key management for ensuring privacy of data is difficult<br />
<br />
==== Issues ====<br />
# Edge nodes are near to users which makes large amount of sensitive data, which might be stolen <br />
# Edge computing possess low network resources so doesn't support expensive encryption algos <br />
# Edge environment consists of dynamic env which is changing, which allows attackers multiple ways to join the network<br />
Also difficult to create securiy rules for a changing network<br />
<br />
==== Attacks ====<br />
; Eavesdropping: Monitor channel to steal data<br />
;# DoS<br />
: take control of network by sending fake requests<br />
;# DDoS<br />
: interrupt normal services provided by different servers<br />
;# Data Tampering<br />
: Attacker can alter the data transmitted over comm channel <br />
;False data injection<br />
:Attacker injects false code in network which brings all data to the attacker<br />
;Physical attack<br />
:Physical protection of edge infra is weak, which allows attackers to compromise the physical locations of edge devices.<br />
; Rogue gateway<br />
:inject large amounts of traffic into edge network infra, similar to MITM <br />
<br />
==== Privacy issues in edge computing =====<br />
# weak security techniques for system protection<br />
# unsafe communication between devices<br />
# difficult recovery and data backup<br />
# no specific pattern of update reception <br />
# lack of proper network visibility<br />
# lack of user's selective data collection<br />
<br />
==== Countermeasures for Fog Computing ====<br />
;Efficient encryption techniques<br />
:Allows for resource constrained edge devices to encrypt communcations with complex algorithms <br />
;Decoy technique<br />
:Authenticate data of user present the computing network by replacing original information with fake information that is provided to attackers<br />
When breached, the attackers find the decoy files <br />
;Intrusion detection system<br />
:Detect and protect from attacks including DoS, insider attackers, port scanning attacks, flooding attacks on virtual machine, MITM<br />
;Blockchain security for fog computing<br />
:Blockchain is a way to cryptographically ensure the validity of a system while simultaneously increasing it's security. Using blockchain for edge computing reduces single point failure, increases network security and helps with tracking node status effectively.<br />
<br />
==6.3 Security Protocols and Frameworks for Edge Systems==<br />
<br />
To further illustrate the edge computer security concepts, we will give a couple of short case studies where edge<br />
computing security plays a prevalent role, as well as some solutions:<br />
<br />
===Securing Egyptian VMSs Smart City Infrastructure===<br />
Over hundreds of thousands of these edge devices such as traffic sensors, surveillance cameras,<br />
smart lighting systems, and environmental monitors are deployed in an urban Smart City. We<br />
have on the `the city edge cloud' these instruments for real-time traffic flow management, public<br />
safety alarm, environmental monitoring with life supports among the green plants – in the area<br />
usually known as! This city suffered a massive blackout, when multiple traffic lights were compromised at the source which caused them to act irregularly: Not<br />
issuing signals, leading to gridlocks.<br />
====Challenges:====<br />
How were the traffic controllers found to be vulnerable? Meaning they hack the password hole<br />
punch so they can bypass the external username password and gain direct access to the temples<br />
of our data. Moreover, on some cameras, the public IP of that camera is exposed, making remote<br />
attack possible: it was obviously a disadvantage for them. The edge network stutters steps from<br />
one organization to the next, making it hard however much one tries to apply security policy<br />
uniformly, as whose department is solely responsible for a given thing?<br />
====Solutions Introduced:====<br />
;Net Separation<br />
: The city designed its infrastructure with isolation zones; meaning traffic<br />
systems are completely isolated from all other municipal services so if one zone is attacked all<br />
other zones of that type remain intact.<br />
;Password Overhaul<br />
: Each unit was provided with a complete rehash to change its default<br />
passwords and other weak credentials to hardened unique passwords. Remote administrative<br />
access was only accepted with Multi-Factor Authentication.<br />
;Embrace of a Zero Trust Model<br />
: In this city, we employed a robust, Zero Trust model. A<br />
central token service gives authorization to every device communication and does not assume<br />
the inherent trust of devices.<br />
;Firmware Handling<br />
: The OTA management system required by installation ensures known<br />
exploits like traffic light management are repaired when discovered. Firmware cannot be<br />
updated at weaker sites as the assumption is it is regularly updated.<br />
;AI-based IDS Deployment<br />
: An AI-based IDS at a traffic control center learns about every<br />
equipment normal behavior going on at this session (like how frequently commands are sent out<br />
for lighting systems) generate alerts, activate promise lockdowns any time an abnormal behavior<br />
appears Mechanisms for rapid dissemination throughout the city.<br />
==== Outcome:====<br />
As a result of the proactive settings, these attempts were quickly identified and contained, with a<br />
limited impact on operations. For example, a virus event that targeted digital kiosks was<br />
contained through micro-segmentation and AI detection mechanisms that quickly isolated and as<br />
such quarantined the attack. It led to enhanced overall resilience of this intelligent city — its<br />
citizens’ trust in IoT services is continually getting better.<br />
<br />
<br />
=== IIOT (INDUSTRIAL IOT) IN MANUFACTURING===<br />
The production floor of a manufacturing company has integrated an IIoT system that is edge-<br />
based. Sensors associated with the machinery connect to edge gateways that track the health of<br />
the equipment for predictive maintenance. One extreme incident involved the main assembly<br />
robot producing inaccurate sensor readings that were altered, driving the robot to malfunction<br />
and claim weeks of expensive downtime on production. This revealed the insertion of an<br />
unauthorized device, a small single-board computer that was disguised as a sensor node and<br />
which fed erroneous data back to the control system.<br />
====CHALLENGES:====<br />
Even though it was optimized for efficiency, the factory edge network didn't include a device<br />
authentication protocol; attackers could access new sensors without the need for tight controls.<br />
Ensuring up time and keeping operational was prioritized often at the expense of timely<br />
application of security updates. Moreover, the presence of devices from many vendors further<br />
complicated efforts to establish consistent security standards, and production engineers received<br />
little training in cybersecurity best practices.<br />
====SOLUTIONS IMPLEMENTED====<br />
To solve these problems, stringent onboarding procedures were put in place: each sensor or<br />
controller must now present a digital certificate signed by the organization before being allowed<br />
onto the network. Any unknown device attempting to gain access is rejected and notification<br />
alerts are immediately sent out to ensure the remedying of bogus sensors does not take place in<br />
future.<br />
Additionally, they created a blockchain ledger to monitor device identities and to log any<br />
configuration changes over time. Every new addition or firmware update triggers a blockchain<br />
transaction being recorded to guarantee the creation of an immutable audit trail that can be<br />
reviewed by IT as well as OT (operational technology) teams increasing trust and accountability<br />
between departments. They segmented their network by listener and gateway: your sensors only<br />
talk to local gateway, and then your gateway only talks to central controls understanding that if<br />
any one part is breached there are limitations to how much of your network is attacked. More<br />
importantly, they rolled out an AI-powered detection system that monitored sensor readings for<br />
abnormalities.<br />
For known rogue sensors where outputs were statistically different from expected machine<br />
behavior; it is likely that ML models would have picked up on this irregularity early enough to<br />
allow for preemptive safety shutters before doing damage.In addition, maintenance processes<br />
were revised to ensure that scheduled downtimes were regular intervals of time explicitly<br />
dedicated towards security (for example, patching software vulnerabilities and routine<br />
equipment calibration checks). Training of staff on basic cyber hygiene such as ensuring that a<br />
USB drive or laptop was validated before connecting it into the organization edge networks have<br />
reduced the threat of the organization network being infected by malware.<br />
====OUTCOME====<br />
Then after enhancements made at this facility had enabled quick identification of anomalies; The<br />
next, an internal attempt by someone trying to connect using unauthorized monitoring tools was<br />
quickly detected and blocked ensuring nothing could affect operations in our pursuit against<br />
cyber-physical threats going forward. This includes how to properly secure our edges given their<br />
unique properties tightly coupled with how data generation happens right at the host itself which<br />
underlines an edge rather than left assume by further maintaining data access principles and<br />
protocols as logs have significantly aided audits of compliance as well being fitted into our own<br />
investigation processes during incidents reducing times taken before identifying potential<br />
problems where an immutable changelog was adapted into the process itself. Key Takeaways –<br />
Smart cities & IIOT factories share common challenges yet demonstrate needs for customized<br />
solutions & technologies but also show similar trends including segmentation, authentication<br />
continuous supervision Reacting quickly overcoming new challenges through advanced<br />
technology tools - Artificial Intelligence& Blockchain technologies just to name a few.<br />
<br />
==Citations==<br />
Y. Xiao, Y. Jia, C. Liu, X. Cheng, J. Yu and W. Lv, "Edge Computing Security: State of the Art and Challenges," in Proceedings of the IEEE, vol. 107, no. 8, pp. 1608-1631, Aug. 2019, doi: 10.1109/JPROC.2019.2918437.<br />
keywords: {Edge computing;Servers;Task analysis;Security;Cloud computing;Mobile handsets;Computer science;Smart phones;Internet of Things;Network security;Data security;edge computing;Internet of Things;network security},</div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=Chapter_6:_Edge_Security_and_Privacy&diff=684Chapter 6: Edge Security and Privacy2025-04-16T20:04:10Z<p>Ali Siddiqi: /* 6.1 Overview of Security Challenges in Edge Computing */</p>
<hr />
<div>==6. Edge Security and Privacy==<br />
<br />
==6.1 Overview of Security Challenges in Edge Computing==<br />
From previous chapters, Edge Computing has shown that it is here to stay and it will keep rapidly growing throughout the years. However, Edge Computing has its own security challenges that have to be addressed, because it is not a perfect system. Edge Computing has many security challenges that have to be dealt with in order to keep data safe. In this section, we will be talking about the different kinds of attacks that can happen on an Edge server or device, as how they are able to do this. <br />
<br />
==='''DDoS'''===<br />
''DDoS'' is a type of cyberattack in which an attacker aims to disrupt services provided by one or more servers based on distributed based on distributed resources such as a cluster of compromised Edge devices, which are also known as ''botnets''. <br />
<br />
''DDoS attacks'' occur when an attacker persistently sends streams of packets to a victim from compromised electronic devices, which causes the hardware resources of the victim to be quickly exhausted by handling these malicious packets and can no longer process any legitimate request on time. There are two kinds of DDoS attacks: Flooding-based and Zero-day DDoS attacks. <br />
<br />
[[File: DDoS-Botnet.png|300px]]<br />
<br />
*''Flooding-based'' DDoS attacks are a type of of DDoS attacks aiming to shut down normal service of a server based on large amount of flooded malformed or malicious network packets and are mainly classified as UDP flooding, ICMP flooding, SYN flooding, ping of death (PoD), HTTP flooding, and Slowloris.<br />
<br />
[[File: UDPFLOODING.png|300px]]<br />
<br />
*''Zero-Day'' DDoS attacks are when an attacker must find an unknown vulnerability in a piece of code running on the target Edge server or device, which can cause memory corruption and finally result in a service shutdown. For example, newly built Edge servers could have ''code vulnerabilities'', such as a hanging pointers or stack overflows, and an attacker can abuse those vulnerabilities in order to cause the Edge servers or devices to overload due to memory issues and shut down.<br />
<br />
[[File: ZeroDayDDoS.png|300px]]<br />
<br />
==='''Side-Channel Attacks'''===<br />
<br />
''Side-Channel Attacks'' happen when an attacker constantly obtains certain ''side-channel information'', like using public information that is not privately-sensitive for a user, from the target edge computing infrastructure and then feeds it into specific algorithms or machine learning models that outputs the desired sensitive information. There are three kinds of Side-Channel attacks: attacks exploiting communication channels, attacks exploiting power consumption, and attacks exploiting smartphone-based channels.<br />
<br />
*''Attacks exploiting communication channels'' are when an attacker can use a malicious node, that doesn't have to be an edge server or device, in order to exploit communication channels and uses the node to continuously sniff the network traces and wishes to extract sensitive information out of them. <br />
<br />
*''Attacks exploiting power consumption'' are when attackers use smart meters and oscilloscopes in order to measure the power consumption of a system since it carries information related to either the device that consumes the energy as different devices have different power. <br />
<br />
*''Attacks exploiting smartphone-based channels'' are when attackers exploit vulnerabilities using /proc and smartphone embedded sensors due to how sensors can leak information and send malware to the user that they can install but disguised as something important and attack /proc.<br />
<br />
[[File: sidechannelattack.png|300px]]<br />
<br />
==='''Malware Injection'''===<br />
<br />
''Malware Injection'' is when an attacker injects malicious code, or ''malware'', into edge devices or servers and is classified as either server-side or device-side injections. <br />
<br />
#''Server-side injections'' are separated into four types: SQL, XSS, CSRF and SSRF, and XML. <br />
<br />
*''SQL injection'' is a code injection technique that attackers can use in order to destroy back-end databases by using the SQL query and escape sequences to trick the server into thinking the code is valid.<br />
*''XSS injection'' is a client-side attack in which an attacker injects malicious code into data content, which can be accessed and executed automatically by the servers. <br />
*''CSRF injection'' is an attack in which an end user is forced to execute unwanted actions through Web applications. <br />
*'SSRF injection'' is an attack in which Edge servers are abused to read or alter the internal resources. <br />
*''XML injection'' is an attack which an attacker intercepts an XML message and edits with malicious code so that it is sent to the Edge servers using ''Simple Object Access Protocol'' (SOAP).<br />
<br />
#''Device-side injection'' is when an attacker injects the malware directly into IoT devices since IoT devices are highly heterogeneous, so an attacker can physically inject or use third-party malicious libraries that are powerful and less likely to get detected.<br />
<br />
[[File: SQLinjectionattack.png|300px]]<br />
<br />
==='''Authorization and Authentication Attacks'''===<br />
<br />
When these attacks happen, an attacker can bypass authentication processes and gain unauthorized access by using four techniques: dictionary attacks, attacks exploiting vulnerabilities in authorization protocols, attacks exploiting vulnerabilities in authorization protocols, and overprivileged attacks. <br />
<br />
''Dictionary attack'' is when an attacker possesses a dictionary containing the most used credentials or passwords and inputs all possible entries in this dictionary in order to brute force a match. <br />
<br />
''Attacks exploiting vulnerabilities in authorization protocols'' are when attackers look for design flaws in how authentication protocols are being used, like finding vulnerabilities in WPA2 or WPA3 protocols which can give an attacker messages that have encrypted information. They can also use 4G or 5G vulnerabilities in order to find a person's location and inject fabricated paging messages to mess with them and gain more information.<br />
<br />
''Attacks exploiting vulnerabilities in authorization protocols'' are when attackers look for flaws in how authorization protocols are designed, such as an attacker using vulnerabilities in OAuth single sign-in which let them access victims personal information without authorization. <br />
<br />
''Overprivileged attacks'' are when attackers are able to develop malicious apps that can do things that they do not have permission to do without needing to authenticate, such as changing door pins and setting off fire alarms in a house. <br />
<br />
[[File: dictionaryattack.png|300px]]<br />
<br />
==='''How are attackers able to perform these attacks?'''===<br />
<br />
Attackers are able to attack Edge devices or servers using different attack techniques, but it is more than just that. Attackers are able to abuse vulnerabilities and flaws in the Edge systems, specifically protocol-level design flaws, implementation-level flaws, code-level vulnerabilities, data correlations, and lacking in fine-grained access controls.<br />
<br />
''Protocol-level design flaws'' are caused by many protocols edge computing having adopted design flaws due to their designers mainly focus on utility and user experience rather than not providing security as well. <br />
<br />
''Implementation-level flaws'' are logic flaws that can cause security strength to decrease significantly after being proved that it was strictly secure on paper, because developers may misunderstand the foundations of the protocol and migrating a protocol from other platforms to the edge computing platform may cause adaptivity inconsistency. <br />
<br />
''Code-level vulnerabilities'' can be system bugs that cause memory failure or corruptness, like stack or heap overflow, and can be caused when a person is programming millions of lines of code but leaves something like a dangling pointer. <br />
<br />
''Data correlations'' is caused when there could be hidden correlations between sensitive and insensitive data that edge produces that might not be straightforward to notice, which an attack can abuse using side-channels. <br />
<br />
''Lacking in fine-grained access controls'' means that Edge computing systems cannot implement fine-grained access controls, because it cannot be adapted to edge computing due to the more complex and fine-grained permissions scenarios, making it easier to attack edge systems.<br />
<br />
Overall, the Edge security challenges can be avoided if there was more attention to the potential vulnerabilities or flaws. In the next sections, the content that will be discussed is about data privacy on Edge systems, security protocols that Edge systems use to combat attacks on their systems, and real cases about actual security breaches that happened on the edge.<br />
<br />
==6.2 Data Privacy and Compliance in Edge Applications==<br />
<br />
===Privacy Issues in Fog Computing===<br />
<br />
====Attack Vectors====<br />
----<br />
Below are some of the major attack vectors that plague existing edge and fog networks.<br />
; Forgery<br />
:Forgery is a security threat where the attacker copies someone else's identities and behavior by producing fake information. This is a serious issue that degrades existing network resources for everyone in the network. <br />
;Tampering<br />
: Attackers alter data that is to be sent to other websites. This is difficult to detect since users in an edge environment are mobile and we can't differentiate if the data has been tampered with or anomalous behavior is due to packet loss. <br />
;Spam<br />
:Attackers send fake information that overwhelms the processing power of the edge devices. Similar to DoS, on a smaller scale.<br />
;Sybil<br />
:Attackers fake identity to control the performance of edge network. Falsifying their identity allows them to create fake crowdsensing reports, which affects the reliability of the whole network.<br />
;Jamming<br />
:Attackers generate large amounts of packets to jam transmission channels and occupy important resources<br />
;Eavesdropping<br />
:Attackers listen to confidential data of genuine users from transmission channel by pretending to be a part of the network<br />
; Man in the Middle (MITM)<br />
: MITM is a type of cyberattack where the attacker not only eavesdrops on communication between two devices, but also modifies the payload for destructive payloads.<br />
;Collusion<br />
:Multiple groups band together to mislead fog nodes<br />
;Impersonation<br />
:Attacker acts as real server to trick users to steal all their data <br />
;Virtual Machine Attack<br />
:Attackers take control of hypervisor for the virtual machine's VM<br />
;Side channel<br />
: Attackers brute force passwords to steal information being shared between two parties. Due to the poor resource availability of edge devices, there is a constraint on the use of computationally expensive hashing algorithms.<br />
; Session Hijacking<br />
: Attackers intercept and steal user session to get access to confidential data <br />
<br />
<br />
==== Privacy Issues in Fog Computing ====<br />
# User privacy<br />
## fog computing contains large number of IoT devices that are inter-connected via sensors <br />
## generated senesitive data and transmit to fog nodse for processing. This sensitive data includes personal information which can be stolen<br />
# Identity Privacy<br />
## ID of users is extremely vulnerable of getting disclosed while having auth to nodes including name, phone , address<br />
# Data Privacy<br />
## data can be exposed to network attacker who is trying to steam user's personal data from the transmission medium or relay nodes<br />
# Usage privacy<br />
## Pattern in which accesses services of fog computing <br />
## intruder knows when user is accessing the channel for data transmission and when he is not communicating<br />
## intruder attacks on user's confidential information or the channel<br />
# Location Privacy<br />
## location privacy helps attackers know the trajectory of the user<br />
# Network Privacy <br />
## wireless connections always at risk<br />
## maintenance of fog nodes is challenging since they are present at edge of internet<br />
## privacy breach is not difficult to occur<br />
<br />
=== Security and Privacy issues for edge computing===<br />
# nodes of edge connected to large number of IoT<br />
## these have limited resources <br />
## heterogeneous internal components<br />
## Key management for ensuring privacy of data is difficult<br />
<br />
==== Issues ====<br />
# Edge nodes are near to users which makes large amount of sensitive data, which might be stolen <br />
# Edge computing possess low network resources so doesn't support expensive encryption algos <br />
# Edge environment consists of dynamic env which is changing, which allows attackers multiple ways to join the network<br />
Also difficult to create securiy rules for a changing network<br />
<br />
==== Attacks ====<br />
; Eavesdropping: Monitor channel to steal data<br />
;# DoS<br />
: take control of network by sending fake requests<br />
;# DDoS<br />
: interrupt normal services provided by different servers<br />
;# Data Tampering<br />
: Attacker can alter the data transmitted over comm channel <br />
;False data injection<br />
:Attacker injects false code in network which brings all data to the attacker<br />
;Physical attack<br />
:Physical protection of edge infra is weak, which allows attackers to compromise the physical locations of edge devices.<br />
; Rogue gateway<br />
:inject large amounts of traffic into edge network infra, similar to MITM <br />
<br />
==== Privacy issues in edge computing =====<br />
# weak security techniques for system protection<br />
# unsafe communication between devices<br />
# difficult recovery and data backup<br />
# no specific pattern of update reception <br />
# lack of proper network visibility<br />
# lack of user's selective data collection<br />
<br />
==== Countermeasures for Fog Computing ====<br />
;Efficient encryption techniques<br />
:Allows for resource constrained edge devices to encrypt communcations with complex algorithms <br />
;Decoy technique<br />
:Authenticate data of user present the computing network by replacing original information with fake information that is provided to attackers<br />
When breached, the attackers find the decoy files <br />
;Intrusion detection system<br />
:Detect and protect from attacks including DoS, insider attackers, port scanning attacks, flooding attacks on virtual machine, MITM<br />
;Blockchain security for fog computing<br />
:Blockchain is a way to cryptographically ensure the validity of a system while simultaneously increasing it's security. Using blockchain for edge computing reduces single point failure, increases network security and helps with tracking node status effectively.<br />
<br />
==6.3 Security Protocols and Frameworks for Edge Systems==<br />
<br />
To further illustrate the edge computer security concepts, we will give a couple of short case studies where edge<br />
computing security plays a prevalent role, as well as some solutions:<br />
<br />
===Securing Egyptian VMSs Smart City Infrastructure===<br />
Over hundreds of thousands of these edge devices such as traffic sensors, surveillance cameras,<br />
smart lighting systems, and environmental monitors are deployed in an urban Smart City. We<br />
have on the `the city edge cloud' these instruments for real-time traffic flow management, public<br />
safety alarm, environmental monitoring with life supports among the green plants – in the area<br />
usually known as! This city suffered a massive blackout, when multiple traffic lights were compromised at the source which caused them to act irregularly: Not<br />
issuing signals, leading to gridlocks.<br />
====Challenges:====<br />
How were the traffic controllers found to be vulnerable? Meaning they hack the password hole<br />
punch so they can bypass the external username password and gain direct access to the temples<br />
of our data. Moreover, on some cameras, the public IP of that camera is exposed, making remote<br />
attack possible: it was obviously a disadvantage for them. The edge network stutters steps from<br />
one organization to the next, making it hard however much one tries to apply security policy<br />
uniformly, as whose department is solely responsible for a given thing?<br />
====Solutions Introduced:====<br />
;Net Separation<br />
: The city designed its infrastructure with isolation zones; meaning traffic<br />
systems are completely isolated from all other municipal services so if one zone is attacked all<br />
other zones of that type remain intact.<br />
;Password Overhaul<br />
: Each unit was provided with a complete rehash to change its default<br />
passwords and other weak credentials to hardened unique passwords. Remote administrative<br />
access was only accepted with Multi-Factor Authentication.<br />
;Embrace of a Zero Trust Model<br />
: In this city, we employed a robust, Zero Trust model. A<br />
central token service gives authorization to every device communication and does not assume<br />
the inherent trust of devices.<br />
;Firmware Handling<br />
: The OTA management system required by installation ensures known<br />
exploits like traffic light management are repaired when discovered. Firmware cannot be<br />
updated at weaker sites as the assumption is it is regularly updated.<br />
;AI-based IDS Deployment<br />
: An AI-based IDS at a traffic control center learns about every<br />
equipment normal behavior going on at this session (like how frequently commands are sent out<br />
for lighting systems) generate alerts, activate promise lockdowns any time an abnormal behavior<br />
appears Mechanisms for rapid dissemination throughout the city.<br />
==== Outcome:====<br />
As a result of the proactive settings, these attempts were quickly identified and contained, with a<br />
limited impact on operations. For example, a virus event that targeted digital kiosks was<br />
contained through micro-segmentation and AI detection mechanisms that quickly isolated and as<br />
such quarantined the attack. It led to enhanced overall resilience of this intelligent city — its<br />
citizens’ trust in IoT services is continually getting better.<br />
<br />
<br />
=== IIOT (INDUSTRIAL IOT) IN MANUFACTURING===<br />
The production floor of a manufacturing company has integrated an IIoT system that is edge-<br />
based. Sensors associated with the machinery connect to edge gateways that track the health of<br />
the equipment for predictive maintenance. One extreme incident involved the main assembly<br />
robot producing inaccurate sensor readings that were altered, driving the robot to malfunction<br />
and claim weeks of expensive downtime on production. This revealed the insertion of an<br />
unauthorized device, a small single-board computer that was disguised as a sensor node and<br />
which fed erroneous data back to the control system.<br />
====CHALLENGES:====<br />
Even though it was optimized for efficiency, the factory edge network didn't include a device<br />
authentication protocol; attackers could access new sensors without the need for tight controls.<br />
Ensuring up time and keeping operational was prioritized often at the expense of timely<br />
application of security updates. Moreover, the presence of devices from many vendors further<br />
complicated efforts to establish consistent security standards, and production engineers received<br />
little training in cybersecurity best practices.<br />
====SOLUTIONS IMPLEMENTED====<br />
To solve these problems, stringent onboarding procedures were put in place: each sensor or<br />
controller must now present a digital certificate signed by the organization before being allowed<br />
onto the network. Any unknown device attempting to gain access is rejected and notification<br />
alerts are immediately sent out to ensure the remedying of bogus sensors does not take place in<br />
future.<br />
Additionally, they created a blockchain ledger to monitor device identities and to log any<br />
configuration changes over time. Every new addition or firmware update triggers a blockchain<br />
transaction being recorded to guarantee the creation of an immutable audit trail that can be<br />
reviewed by IT as well as OT (operational technology) teams increasing trust and accountability<br />
between departments. They segmented their network by listener and gateway: your sensors only<br />
talk to local gateway, and then your gateway only talks to central controls understanding that if<br />
any one part is breached there are limitations to how much of your network is attacked. More<br />
importantly, they rolled out an AI-powered detection system that monitored sensor readings for<br />
abnormalities.<br />
For known rogue sensors where outputs were statistically different from expected machine<br />
behavior; it is likely that ML models would have picked up on this irregularity early enough to<br />
allow for preemptive safety shutters before doing damage.In addition, maintenance processes<br />
were revised to ensure that scheduled downtimes were regular intervals of time explicitly<br />
dedicated towards security (for example, patching software vulnerabilities and routine<br />
equipment calibration checks). Training of staff on basic cyber hygiene such as ensuring that a<br />
USB drive or laptop was validated before connecting it into the organization edge networks have<br />
reduced the threat of the organization network being infected by malware.<br />
====OUTCOME====<br />
Then after enhancements made at this facility had enabled quick identification of anomalies; The<br />
next, an internal attempt by someone trying to connect using unauthorized monitoring tools was<br />
quickly detected and blocked ensuring nothing could affect operations in our pursuit against<br />
cyber-physical threats going forward. This includes how to properly secure our edges given their<br />
unique properties tightly coupled with how data generation happens right at the host itself which<br />
underlines an edge rather than left assume by further maintaining data access principles and<br />
protocols as logs have significantly aided audits of compliance as well being fitted into our own<br />
investigation processes during incidents reducing times taken before identifying potential<br />
problems where an immutable changelog was adapted into the process itself. Key Takeaways –<br />
Smart cities & IIOT factories share common challenges yet demonstrate needs for customized<br />
solutions & technologies but also show similar trends including segmentation, authentication<br />
continuous supervision Reacting quickly overcoming new challenges through advanced<br />
technology tools - Artificial Intelligence& Blockchain technologies just to name a few.<br />
<br />
==Citations==<br />
Y. Xiao, Y. Jia, C. Liu, X. Cheng, J. Yu and W. Lv, "Edge Computing Security: State of the Art and Challenges," in Proceedings of the IEEE, vol. 107, no. 8, pp. 1608-1631, Aug. 2019, doi: 10.1109/JPROC.2019.2918437.<br />
keywords: {Edge computing;Servers;Task analysis;Security;Cloud computing;Mobile handsets;Computer science;Smart phones;Internet of Things;Network security;Data security;edge computing;Internet of Things;network security},</div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=Chapter_6:_Edge_Security_and_Privacy&diff=683Chapter 6: Edge Security and Privacy2025-04-16T20:03:02Z<p>Ali Siddiqi: /* 6.1 Overview of Security Challenges in Edge Computing */</p>
<hr />
<div>==6. Edge Security and Privacy==<br />
<br />
==6.1 Overview of Security Challenges in Edge Computing==<br />
From previous chapters, Edge Computing has shown that it is here to stay and it will keep rapidly growing throughout the years. However, Edge Computing has its own security challenges that have to be addressed, because it is not a perfect system. Edge Computing has many security challenges that have to be dealt with in order to keep data safe. In this section, we will be talking about the different kinds of attacks that can happen on an Edge server or device, as how they are able to do this. <br />
<br />
==='''DDoS'''===<br />
''DDoS'' is a type of cyberattack in which an attacker aims to disrupt services provided by one or more servers based on distributed based on distributed resources such as a cluster of compromised Edge devices, which are also known as ''botnets''. <br />
<br />
''DDoS attacks'' occur when an attacker persistently sends streams of packets to a victim from compromised electronic devices, which causes the hardware resources of the victim to be quickly exhausted by handling these malicious packets and can no longer process any legitimate request on time. There are two kinds of DDoS attacks: Flooding-based and Zero-day DDoS attacks. <br />
<br />
[[File: DDoS-Botnet.png|300px]]<br />
<br />
''Flooding-based'' DDoS attacks are a type of of DDoS attacks aiming to shut down normal service of a server based on large amount of flooded malformed or malicious network packets and are mainly classified as UDP flooding, ICMP flooding, SYN flooding, ping of death (PoD), HTTP flooding, and Slowloris.<br />
<br />
[[File: UDPFLOODING.png|300px]]<br />
<br />
''Zero-Day'' DDoS attacks are when an attacker must find an unknown vulnerability in a piece of code running on the target Edge server or device, which can cause memory corruption and finally result in a service shutdown. For example, newly built Edge servers could have ''code vulnerabilities'', such as a hanging pointers or stack overflows, and an attacker can abuse those vulnerabilities in order to cause the Edge servers or devices to overload due to memory issues and shut down.<br />
<br />
[[File: ZeroDayDDoS.png|300px]]<br />
<br />
==='''Side-Channel Attacks'''===<br />
<br />
''Side-Channel Attacks'' happen when an attacker constantly obtains certain ''side-channel information'', like using public information that is not privately-sensitive for a user, from the target edge computing infrastructure and then feeds it into specific algorithms or machine learning models that outputs the desired sensitive information. There are three kinds of Side-Channel attacks: attacks exploiting communication channels, attacks exploiting power consumption, and attacks exploiting smartphone-based channels.<br />
<br />
''Attacks exploiting communication channels'' are when an attacker can use a malicious node, that doesn't have to be an edge server or device, in order to exploit communication channels and uses the node to continuously sniff the network traces and wishes to extract sensitive information out of them. <br />
<br />
''Attacks exploiting power consumption'' are when attackers use smart meters and oscilloscopes in order to measure the power consumption of a system since it carries information related to either the device that consumes the energy as different devices have different power. <br />
<br />
''Attacks exploiting smartphone-based channels'' are when attackers exploit vulnerabilities using /proc and smartphone embedded sensors due to how sensors can leak information and send malware to the user that they can install but disguised as something important and attack /proc.<br />
<br />
[[File: sidechannelattack.png|300px]]<br />
<br />
==='''Malware Injection'''===<br />
<br />
''Malware Injection'' is when an attacker injects malicious code, or ''malware'', into edge devices or servers and is classified as either server-side or device-side injections. <br />
<br />
''Server-side injections'' are separated into four types: SQL, XSS, CSRF and SSRF, and XML. <br />
<br />
*''SQL injection'' is a code injection technique that attackers can use in order to destroy back-end databases by using the SQL query and escape sequences to trick the server into thinking the code is valid.<br />
*''XSS injection'' is a client-side attack in which an attacker injects malicious code into data content, which can be accessed and executed automatically by the servers. <br />
*''CSRF injection'' is an attack in which an end user is forced to execute unwanted actions through Web applications. <br />
*'SSRF injection'' is an attack in which Edge servers are abused to read or alter the internal resources. <br />
*''XML injection'' is an attack which an attacker intercepts an XML message and edits with malicious code so that it is sent to the Edge servers using ''Simple Object Access Protocol'' (SOAP).<br />
<br />
''Device-side injection'' is when an attacker injects the malware directly into IoT devices since IoT devices are highly heterogeneous, so an attacker can physically inject or use third-party malicious libraries that are powerful and less likely to get detected.<br />
<br />
[[File: SQLinjectionattack.png|300px]]<br />
<br />
==='''Authorization and Authentication Attacks'''===<br />
<br />
When these attacks happen, an attacker can bypass authentication processes and gain unauthorized access by using four techniques: dictionary attacks, attacks exploiting vulnerabilities in authorization protocols, attacks exploiting vulnerabilities in authorization protocols, and overprivileged attacks. <br />
<br />
''Dictionary attack'' is when an attacker possesses a dictionary containing the most used credentials or passwords and inputs all possible entries in this dictionary in order to brute force a match. <br />
<br />
''Attacks exploiting vulnerabilities in authorization protocols'' are when attackers look for design flaws in how authentication protocols are being used, like finding vulnerabilities in WPA2 or WPA3 protocols which can give an attacker messages that have encrypted information. They can also use 4G or 5G vulnerabilities in order to find a person's location and inject fabricated paging messages to mess with them and gain more information.<br />
<br />
''Attacks exploiting vulnerabilities in authorization protocols'' are when attackers look for flaws in how authorization protocols are designed, such as an attacker using vulnerabilities in OAuth single sign-in which let them access victims personal information without authorization. <br />
<br />
''Overprivileged attacks'' are when attackers are able to develop malicious apps that can do things that they do not have permission to do without needing to authenticate, such as changing door pins and setting off fire alarms in a house. <br />
<br />
[[File: dictionaryattack.png|300px]]<br />
<br />
==='''How are attackers able to perform these attacks?'''===<br />
<br />
Attackers are able to attack Edge devices or servers using different attack techniques, but it is more than just that. Attackers are able to abuse vulnerabilities and flaws in the Edge systems, specifically protocol-level design flaws, implementation-level flaws, code-level vulnerabilities, data correlations, and lacking in fine-grained access controls.<br />
<br />
''Protocol-level design flaws'' are caused by many protocols edge computing having adopted design flaws due to their designers mainly focus on utility and user experience rather than not providing security as well. <br />
<br />
''Implementation-level flaws'' are logic flaws that can cause security strength to decrease significantly after being proved that it was strictly secure on paper, because developers may misunderstand the foundations of the protocol and migrating a protocol from other platforms to the edge computing platform may cause adaptivity inconsistency. <br />
<br />
''Code-level vulnerabilities'' can be system bugs that cause memory failure or corruptness, like stack or heap overflow, and can be caused when a person is programming millions of lines of code but leaves something like a dangling pointer. <br />
<br />
''Data correlations'' is caused when there could be hidden correlations between sensitive and insensitive data that edge produces that might not be straightforward to notice, which an attack can abuse using side-channels. <br />
<br />
''Lacking in fine-grained access controls'' means that Edge computing systems cannot implement fine-grained access controls, because it cannot be adapted to edge computing due to the more complex and fine-grained permissions scenarios, making it easier to attack edge systems.<br />
<br />
Overall, the Edge security challenges can be avoided if there was more attention to the potential vulnerabilities or flaws. In the next sections, the content that will be discussed is about data privacy on Edge systems, security protocols that Edge systems use to combat attacks on their systems, and real cases about actual security breaches that happened on the edge.<br />
<br />
==6.2 Data Privacy and Compliance in Edge Applications==<br />
<br />
===Privacy Issues in Fog Computing===<br />
<br />
====Attack Vectors====<br />
----<br />
Below are some of the major attack vectors that plague existing edge and fog networks.<br />
; Forgery<br />
:Forgery is a security threat where the attacker copies someone else's identities and behavior by producing fake information. This is a serious issue that degrades existing network resources for everyone in the network. <br />
;Tampering<br />
: Attackers alter data that is to be sent to other websites. This is difficult to detect since users in an edge environment are mobile and we can't differentiate if the data has been tampered with or anomalous behavior is due to packet loss. <br />
;Spam<br />
:Attackers send fake information that overwhelms the processing power of the edge devices. Similar to DoS, on a smaller scale.<br />
;Sybil<br />
:Attackers fake identity to control the performance of edge network. Falsifying their identity allows them to create fake crowdsensing reports, which affects the reliability of the whole network.<br />
;Jamming<br />
:Attackers generate large amounts of packets to jam transmission channels and occupy important resources<br />
;Eavesdropping<br />
:Attackers listen to confidential data of genuine users from transmission channel by pretending to be a part of the network<br />
; Man in the Middle (MITM)<br />
: MITM is a type of cyberattack where the attacker not only eavesdrops on communication between two devices, but also modifies the payload for destructive payloads.<br />
;Collusion<br />
:Multiple groups band together to mislead fog nodes<br />
;Impersonation<br />
:Attacker acts as real server to trick users to steal all their data <br />
;Virtual Machine Attack<br />
:Attackers take control of hypervisor for the virtual machine's VM<br />
;Side channel<br />
: Attackers brute force passwords to steal information being shared between two parties. Due to the poor resource availability of edge devices, there is a constraint on the use of computationally expensive hashing algorithms.<br />
; Session Hijacking<br />
: Attackers intercept and steal user session to get access to confidential data <br />
<br />
<br />
==== Privacy Issues in Fog Computing ====<br />
# User privacy<br />
## fog computing contains large number of IoT devices that are inter-connected via sensors <br />
## generated senesitive data and transmit to fog nodse for processing. This sensitive data includes personal information which can be stolen<br />
# Identity Privacy<br />
## ID of users is extremely vulnerable of getting disclosed while having auth to nodes including name, phone , address<br />
# Data Privacy<br />
## data can be exposed to network attacker who is trying to steam user's personal data from the transmission medium or relay nodes<br />
# Usage privacy<br />
## Pattern in which accesses services of fog computing <br />
## intruder knows when user is accessing the channel for data transmission and when he is not communicating<br />
## intruder attacks on user's confidential information or the channel<br />
# Location Privacy<br />
## location privacy helps attackers know the trajectory of the user<br />
# Network Privacy <br />
## wireless connections always at risk<br />
## maintenance of fog nodes is challenging since they are present at edge of internet<br />
## privacy breach is not difficult to occur<br />
<br />
=== Security and Privacy issues for edge computing===<br />
# nodes of edge connected to large number of IoT<br />
## these have limited resources <br />
## heterogeneous internal components<br />
## Key management for ensuring privacy of data is difficult<br />
<br />
==== Issues ====<br />
# Edge nodes are near to users which makes large amount of sensitive data, which might be stolen <br />
# Edge computing possess low network resources so doesn't support expensive encryption algos <br />
# Edge environment consists of dynamic env which is changing, which allows attackers multiple ways to join the network<br />
Also difficult to create securiy rules for a changing network<br />
<br />
==== Attacks ====<br />
; Eavesdropping: Monitor channel to steal data<br />
;# DoS<br />
: take control of network by sending fake requests<br />
;# DDoS<br />
: interrupt normal services provided by different servers<br />
;# Data Tampering<br />
: Attacker can alter the data transmitted over comm channel <br />
;False data injection<br />
:Attacker injects false code in network which brings all data to the attacker<br />
;Physical attack<br />
:Physical protection of edge infra is weak, which allows attackers to compromise the physical locations of edge devices.<br />
; Rogue gateway<br />
:inject large amounts of traffic into edge network infra, similar to MITM <br />
<br />
==== Privacy issues in edge computing =====<br />
# weak security techniques for system protection<br />
# unsafe communication between devices<br />
# difficult recovery and data backup<br />
# no specific pattern of update reception <br />
# lack of proper network visibility<br />
# lack of user's selective data collection<br />
<br />
==== Countermeasures for Fog Computing ====<br />
;Efficient encryption techniques<br />
:Allows for resource constrained edge devices to encrypt communcations with complex algorithms <br />
;Decoy technique<br />
:Authenticate data of user present the computing network by replacing original information with fake information that is provided to attackers<br />
When breached, the attackers find the decoy files <br />
;Intrusion detection system<br />
:Detect and protect from attacks including DoS, insider attackers, port scanning attacks, flooding attacks on virtual machine, MITM<br />
;Blockchain security for fog computing<br />
:Blockchain is a way to cryptographically ensure the validity of a system while simultaneously increasing it's security. Using blockchain for edge computing reduces single point failure, increases network security and helps with tracking node status effectively.<br />
<br />
==6.3 Security Protocols and Frameworks for Edge Systems==<br />
<br />
To further illustrate the edge computer security concepts, we will give a couple of short case studies where edge<br />
computing security plays a prevalent role, as well as some solutions:<br />
<br />
===Securing Egyptian VMSs Smart City Infrastructure===<br />
Over hundreds of thousands of these edge devices such as traffic sensors, surveillance cameras,<br />
smart lighting systems, and environmental monitors are deployed in an urban Smart City. We<br />
have on the `the city edge cloud' these instruments for real-time traffic flow management, public<br />
safety alarm, environmental monitoring with life supports among the green plants – in the area<br />
usually known as! This city suffered a massive blackout, when multiple traffic lights were compromised at the source which caused them to act irregularly: Not<br />
issuing signals, leading to gridlocks.<br />
====Challenges:====<br />
How were the traffic controllers found to be vulnerable? Meaning they hack the password hole<br />
punch so they can bypass the external username password and gain direct access to the temples<br />
of our data. Moreover, on some cameras, the public IP of that camera is exposed, making remote<br />
attack possible: it was obviously a disadvantage for them. The edge network stutters steps from<br />
one organization to the next, making it hard however much one tries to apply security policy<br />
uniformly, as whose department is solely responsible for a given thing?<br />
====Solutions Introduced:====<br />
;Net Separation<br />
: The city designed its infrastructure with isolation zones; meaning traffic<br />
systems are completely isolated from all other municipal services so if one zone is attacked all<br />
other zones of that type remain intact.<br />
;Password Overhaul<br />
: Each unit was provided with a complete rehash to change its default<br />
passwords and other weak credentials to hardened unique passwords. Remote administrative<br />
access was only accepted with Multi-Factor Authentication.<br />
;Embrace of a Zero Trust Model<br />
: In this city, we employed a robust, Zero Trust model. A<br />
central token service gives authorization to every device communication and does not assume<br />
the inherent trust of devices.<br />
;Firmware Handling<br />
: The OTA management system required by installation ensures known<br />
exploits like traffic light management are repaired when discovered. Firmware cannot be<br />
updated at weaker sites as the assumption is it is regularly updated.<br />
;AI-based IDS Deployment<br />
: An AI-based IDS at a traffic control center learns about every<br />
equipment normal behavior going on at this session (like how frequently commands are sent out<br />
for lighting systems) generate alerts, activate promise lockdowns any time an abnormal behavior<br />
appears Mechanisms for rapid dissemination throughout the city.<br />
==== Outcome:====<br />
As a result of the proactive settings, these attempts were quickly identified and contained, with a<br />
limited impact on operations. For example, a virus event that targeted digital kiosks was<br />
contained through micro-segmentation and AI detection mechanisms that quickly isolated and as<br />
such quarantined the attack. It led to enhanced overall resilience of this intelligent city — its<br />
citizens’ trust in IoT services is continually getting better.<br />
<br />
<br />
=== IIOT (INDUSTRIAL IOT) IN MANUFACTURING===<br />
The production floor of a manufacturing company has integrated an IIoT system that is edge-<br />
based. Sensors associated with the machinery connect to edge gateways that track the health of<br />
the equipment for predictive maintenance. One extreme incident involved the main assembly<br />
robot producing inaccurate sensor readings that were altered, driving the robot to malfunction<br />
and claim weeks of expensive downtime on production. This revealed the insertion of an<br />
unauthorized device, a small single-board computer that was disguised as a sensor node and<br />
which fed erroneous data back to the control system.<br />
====CHALLENGES:====<br />
Even though it was optimized for efficiency, the factory edge network didn't include a device<br />
authentication protocol; attackers could access new sensors without the need for tight controls.<br />
Ensuring up time and keeping operational was prioritized often at the expense of timely<br />
application of security updates. Moreover, the presence of devices from many vendors further<br />
complicated efforts to establish consistent security standards, and production engineers received<br />
little training in cybersecurity best practices.<br />
====SOLUTIONS IMPLEMENTED====<br />
To solve these problems, stringent onboarding procedures were put in place: each sensor or<br />
controller must now present a digital certificate signed by the organization before being allowed<br />
onto the network. Any unknown device attempting to gain access is rejected and notification<br />
alerts are immediately sent out to ensure the remedying of bogus sensors does not take place in<br />
future.<br />
Additionally, they created a blockchain ledger to monitor device identities and to log any<br />
configuration changes over time. Every new addition or firmware update triggers a blockchain<br />
transaction being recorded to guarantee the creation of an immutable audit trail that can be<br />
reviewed by IT as well as OT (operational technology) teams increasing trust and accountability<br />
between departments. They segmented their network by listener and gateway: your sensors only<br />
talk to local gateway, and then your gateway only talks to central controls understanding that if<br />
any one part is breached there are limitations to how much of your network is attacked. More<br />
importantly, they rolled out an AI-powered detection system that monitored sensor readings for<br />
abnormalities.<br />
For known rogue sensors where outputs were statistically different from expected machine<br />
behavior; it is likely that ML models would have picked up on this irregularity early enough to<br />
allow for preemptive safety shutters before doing damage.In addition, maintenance processes<br />
were revised to ensure that scheduled downtimes were regular intervals of time explicitly<br />
dedicated towards security (for example, patching software vulnerabilities and routine<br />
equipment calibration checks). Training of staff on basic cyber hygiene such as ensuring that a<br />
USB drive or laptop was validated before connecting it into the organization edge networks have<br />
reduced the threat of the organization network being infected by malware.<br />
====OUTCOME====<br />
Then after enhancements made at this facility had enabled quick identification of anomalies; The<br />
next, an internal attempt by someone trying to connect using unauthorized monitoring tools was<br />
quickly detected and blocked ensuring nothing could affect operations in our pursuit against<br />
cyber-physical threats going forward. This includes how to properly secure our edges given their<br />
unique properties tightly coupled with how data generation happens right at the host itself which<br />
underlines an edge rather than left assume by further maintaining data access principles and<br />
protocols as logs have significantly aided audits of compliance as well being fitted into our own<br />
investigation processes during incidents reducing times taken before identifying potential<br />
problems where an immutable changelog was adapted into the process itself. Key Takeaways –<br />
Smart cities & IIOT factories share common challenges yet demonstrate needs for customized<br />
solutions & technologies but also show similar trends including segmentation, authentication<br />
continuous supervision Reacting quickly overcoming new challenges through advanced<br />
technology tools - Artificial Intelligence& Blockchain technologies just to name a few.<br />
<br />
==Citations==<br />
Y. Xiao, Y. Jia, C. Liu, X. Cheng, J. Yu and W. Lv, "Edge Computing Security: State of the Art and Challenges," in Proceedings of the IEEE, vol. 107, no. 8, pp. 1608-1631, Aug. 2019, doi: 10.1109/JPROC.2019.2918437.<br />
keywords: {Edge computing;Servers;Task analysis;Security;Cloud computing;Mobile handsets;Computer science;Smart phones;Internet of Things;Network security;Data security;edge computing;Internet of Things;network security},</div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=Chapter_6:_Edge_Security_and_Privacy&diff=567Chapter 6: Edge Security and Privacy2025-04-07T00:55:46Z<p>Ali Siddiqi: /* Citations */</p>
<hr />
<div>==6. Edge Security and Privacy==<br />
<br />
==6.1 Overview of Security Challenges in Edge Computing==<br />
From previous chapters, Edge Computing has shown that it is here to stay and it will keep rapidly growing throughout the years. However, Edge Computing has its own security challenges that have to be addressed, because it is not a perfect system. Edge Computing has many security challenges that have to be dealt with in order to keep data safe. In this section, we will be talking about the different kinds of attacks that can happen on an Edge server or device, as how they are able to do this. <br />
<br />
==='''DDoS'''===<br />
''DDoS'' is a type of cyberattack in which an attacker aims to disrupt services provided by one or more servers based on distributed based on distributed resources such as a cluster of compromised Edge devices, which are also known as ''botnets''. ''DDoS attacks'' occur when an attacker persistently sends streams of packets to a victim from compromised electronic devices, which causes the hardware resources of the victim to be quickly exhausted by handling these malicious packets and can no longer process any legitimate request on time. There are two kinds of DDoS attacks: Flooding-based and Zero-day DDoS attacks. <br />
<br />
[[File: DDoS-Botnet.png|300px]]<br />
<br />
''Flooding-based'' DDoS attacks are a type of of DDoS attacks aiming to shut down normal service of a server based on large amount of flooded malformed or malicious network packets and are mainly classified as UDP flooding, ICMP flooding, SYN flooding, ping of death (PoD), HTTP flooding, and Slowloris.<br />
<br />
[[File: UDPFLOODING.png|300px]]<br />
<br />
''Zero-Day'' DDoS attacks are when an attacker must find an unknown vulnerability in a piece of code running on the target Edge server or device, which can cause memory corruption and finally result in a service shutdown. For example, newly built Edge servers could have ''code vulnerabilities'', such as a hanging pointers or stack overflows, and an attacker can abuse those vulnerabilities in order to cause the Edge servers or devices to overload due to memory issues and shut down.<br />
<br />
[[File: ZeroDayDDoS.png|300px]]<br />
<br />
==='''Side-Channel Attacks'''===<br />
<br />
''Side-Channel Attacks'' happen when an attacker constantly obtains certain ''side-channel information'', like using public information that is not privately-sensitive for a user, from the target edge computing infrastructure and then feeds it into specific algorithms or machine learning models that outputs the desired sensitive information. There are three kinds of Side-Channel attacks: attacks exploiting communication channels, attacks exploiting power consumption, and attacks exploiting smartphone-based channels.<br />
<br />
''Attacks exploiting communication channels'' are when an attacker can use a malicious node, that doesn't have to be an edge server or device, in order to exploit communication channels and uses the node to continuously sniff the network traces and wishes to extract sensitive information out of them. ''Attacks exploiting power consumption'' are when attackers use smart meters and oscilloscopes in order to measure the power consumption of a system since it carries information related to either the device that consumes the energy as different devices have different power. ''Attacks exploiting smartphone-based channels'' are when attackers exploit vulnerabilities using /proc and smartphone embedded sensors due to how sensors can leak information and send malware to the user that they can install but disguised as something important and attack /proc.<br />
<br />
[[File: sidechannelattack.png|300px]]<br />
<br />
==='''Malware Injection'''===<br />
<br />
''Malware Injection'' is when an attacker injects malicious code, or ''malware'', into edge devices or servers and is classified as either server-side or device-side injections. ''Server-side injections'' are separated into four types: SQL, XSS, CSRF and SSRF, and XML. ''Device-side injection'' is when an attacker injects the malware directly into IoT devices since IoT devices are highly heterogeneous, so an attacker can physically inject or use third-party malicious libraries that are powerful and less likely to get detected.<br />
<br />
''SQL injection'' is a code injection technique that attackers can use in order to destroy back-end databases by using the SQL query and escape sequences to trick the server into thinking the code is valid. ''XSS injection'' is a client-side attack in which an attacker injects malicious code into data content, which can be accessed and executed automatically by the servers. ''CSRF injection'' is an attack in which an end user is forced to execute unwanted actions through Web applications. ''SSRF injection'' is an attack in which Edge servers are abused to read or alter the internal resources. ''XML injection'' is an attack which an attacker intercepts an XML message and edits with malicious code so that it is sent to the Edge servers using ''Simple Object Access Protocol'' (SOAP).<br />
<br />
[[File: SQLinjectionattack.png|300px]]<br />
<br />
==='''Authorization and Authentication Attacks'''===<br />
<br />
When these attacks happen, an attacker can bypass authentication processes and gain unauthorized access by using four techniques: dictionary attacks, attacks exploiting vulnerabilities in authorization protocols, attacks exploiting vulnerabilities in authorization protocols, and overprivileged attacks. <br />
<br />
''Dictionary attack'' is when an attacker possesses a dictionary containing the most used credentials or passwords and inputs all possible entries in this dictionary in order to brute force a match. ''Attacks exploiting vulnerabilities in authorization protocols'' are when attackers look for design flaws in how authentication protocols are being used, like finding vulnerabilities in WPA2 or WPA3 protocols which can give an attacker messages that have encrypted information. They can also use 4G or 5G vulnerabilities in order to find a person's location and inject fabricated paging messages to mess with them and gain more information. ''Attacks exploiting vulnerabilities in authorization protocols'' are when attackers look for flaws in how authorization protocols are designed, such as an attacker using vulnerabilities in OAuth single sign-in which let them access victims personal information without authorization. ''Overprivileged attacks'' are when attackers are able to develop malicious apps that can do things that they do not have permission to do without needing to authenticate, such as changing door pins and setting off fire alarms in a house. <br />
<br />
[[File: dictionaryattack.png|300px]]<br />
<br />
==='''How are attackers able to perform these attacks?'''===<br />
<br />
Attackers are able to attack Edge devices or servers using different attack techniques, but it is more than just that. Attackers are able to abuse vulnerabilities and flaws in the Edge systems, specifically protocol-level design flaws, implementation-level flaws, code-level vulnerabilities, data correlations, and lacking in fine-grained access controls.<br />
<br />
''Protocol-level design flaws'' are caused by many protocols edge computing having adopted design flaws due to their designers mainly focus on utility and user experience rather than not providing security as well. ''Implementation-level flaws'' are logic flaws that can cause security strength to decrease significantly after being proved that it was strictly secure on paper, because developers may misunderstand the foundations of the protocol and migrating a protocol from other platforms to the edge computing platform may cause adaptivity inconsistency. ''Code-level vulnerabilities'' can be system bugs that cause memory failure or corruptness, like stack or heap overflow, and can be caused when a person is programming millions of lines of code but leaves something like a dangling pointer. ''Data correlations'' is caused when there could be hidden correlations between sensitive and insensitive data that edge produces that might not be straightforward to notice, which an attack can abuse using side-channels. ''Lacking in fine-grained access controls'' means that Edge computing systems cannot implement fine-grained access controls, because it cannot be adapted to edge computing due to the more complex and fine-grained permissions scenarios, making it easier to attack edge systems.<br />
<br />
Overall, the Edge security challenges can be avoided if there was more attention to the potential vulnerabilities or flaws. In the next sections, they will talk about data privacy on Edge systems, security protocols that Edge systems use to combat attacks on their systems, and real cases about actual security breaches that happened on the edge.<br />
<br />
==6.2 Data Privacy and Compliance in Edge Applications==<br />
<br />
==6.3 Security Protocols and Frameworks for Edge Systems==<br />
<br />
==6.4 Case Studies: Real-World Security Breaches==<br />
<br />
==Citations==<br />
Y. Xiao, Y. Jia, C. Liu, X. Cheng, J. Yu and W. Lv, "Edge Computing Security: State of the Art and Challenges," in Proceedings of the IEEE, vol. 107, no. 8, pp. 1608-1631, Aug. 2019, doi: 10.1109/JPROC.2019.2918437.<br />
keywords: {Edge computing;Servers;Task analysis;Security;Cloud computing;Mobile handsets;Computer science;Smart phones;Internet of Things;Network security;Data security;edge computing;Internet of Things;network security},</div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=Chapter_6:_Edge_Security_and_Privacy&diff=566Chapter 6: Edge Security and Privacy2025-04-07T00:54:58Z<p>Ali Siddiqi: </p>
<hr />
<div>==6. Edge Security and Privacy==<br />
<br />
==6.1 Overview of Security Challenges in Edge Computing==<br />
From previous chapters, Edge Computing has shown that it is here to stay and it will keep rapidly growing throughout the years. However, Edge Computing has its own security challenges that have to be addressed, because it is not a perfect system. Edge Computing has many security challenges that have to be dealt with in order to keep data safe. In this section, we will be talking about the different kinds of attacks that can happen on an Edge server or device, as how they are able to do this. <br />
<br />
==='''DDoS'''===<br />
''DDoS'' is a type of cyberattack in which an attacker aims to disrupt services provided by one or more servers based on distributed based on distributed resources such as a cluster of compromised Edge devices, which are also known as ''botnets''. ''DDoS attacks'' occur when an attacker persistently sends streams of packets to a victim from compromised electronic devices, which causes the hardware resources of the victim to be quickly exhausted by handling these malicious packets and can no longer process any legitimate request on time. There are two kinds of DDoS attacks: Flooding-based and Zero-day DDoS attacks. <br />
<br />
[[File: DDoS-Botnet.png|300px]]<br />
<br />
''Flooding-based'' DDoS attacks are a type of of DDoS attacks aiming to shut down normal service of a server based on large amount of flooded malformed or malicious network packets and are mainly classified as UDP flooding, ICMP flooding, SYN flooding, ping of death (PoD), HTTP flooding, and Slowloris.<br />
<br />
[[File: UDPFLOODING.png|300px]]<br />
<br />
''Zero-Day'' DDoS attacks are when an attacker must find an unknown vulnerability in a piece of code running on the target Edge server or device, which can cause memory corruption and finally result in a service shutdown. For example, newly built Edge servers could have ''code vulnerabilities'', such as a hanging pointers or stack overflows, and an attacker can abuse those vulnerabilities in order to cause the Edge servers or devices to overload due to memory issues and shut down.<br />
<br />
[[File: ZeroDayDDoS.png|300px]]<br />
<br />
==='''Side-Channel Attacks'''===<br />
<br />
''Side-Channel Attacks'' happen when an attacker constantly obtains certain ''side-channel information'', like using public information that is not privately-sensitive for a user, from the target edge computing infrastructure and then feeds it into specific algorithms or machine learning models that outputs the desired sensitive information. There are three kinds of Side-Channel attacks: attacks exploiting communication channels, attacks exploiting power consumption, and attacks exploiting smartphone-based channels.<br />
<br />
''Attacks exploiting communication channels'' are when an attacker can use a malicious node, that doesn't have to be an edge server or device, in order to exploit communication channels and uses the node to continuously sniff the network traces and wishes to extract sensitive information out of them. ''Attacks exploiting power consumption'' are when attackers use smart meters and oscilloscopes in order to measure the power consumption of a system since it carries information related to either the device that consumes the energy as different devices have different power. ''Attacks exploiting smartphone-based channels'' are when attackers exploit vulnerabilities using /proc and smartphone embedded sensors due to how sensors can leak information and send malware to the user that they can install but disguised as something important and attack /proc.<br />
<br />
[[File: sidechannelattack.png|300px]]<br />
<br />
==='''Malware Injection'''===<br />
<br />
''Malware Injection'' is when an attacker injects malicious code, or ''malware'', into edge devices or servers and is classified as either server-side or device-side injections. ''Server-side injections'' are separated into four types: SQL, XSS, CSRF and SSRF, and XML. ''Device-side injection'' is when an attacker injects the malware directly into IoT devices since IoT devices are highly heterogeneous, so an attacker can physically inject or use third-party malicious libraries that are powerful and less likely to get detected.<br />
<br />
''SQL injection'' is a code injection technique that attackers can use in order to destroy back-end databases by using the SQL query and escape sequences to trick the server into thinking the code is valid. ''XSS injection'' is a client-side attack in which an attacker injects malicious code into data content, which can be accessed and executed automatically by the servers. ''CSRF injection'' is an attack in which an end user is forced to execute unwanted actions through Web applications. ''SSRF injection'' is an attack in which Edge servers are abused to read or alter the internal resources. ''XML injection'' is an attack which an attacker intercepts an XML message and edits with malicious code so that it is sent to the Edge servers using ''Simple Object Access Protocol'' (SOAP).<br />
<br />
[[File: SQLinjectionattack.png|300px]]<br />
<br />
==='''Authorization and Authentication Attacks'''===<br />
<br />
When these attacks happen, an attacker can bypass authentication processes and gain unauthorized access by using four techniques: dictionary attacks, attacks exploiting vulnerabilities in authorization protocols, attacks exploiting vulnerabilities in authorization protocols, and overprivileged attacks. <br />
<br />
''Dictionary attack'' is when an attacker possesses a dictionary containing the most used credentials or passwords and inputs all possible entries in this dictionary in order to brute force a match. ''Attacks exploiting vulnerabilities in authorization protocols'' are when attackers look for design flaws in how authentication protocols are being used, like finding vulnerabilities in WPA2 or WPA3 protocols which can give an attacker messages that have encrypted information. They can also use 4G or 5G vulnerabilities in order to find a person's location and inject fabricated paging messages to mess with them and gain more information. ''Attacks exploiting vulnerabilities in authorization protocols'' are when attackers look for flaws in how authorization protocols are designed, such as an attacker using vulnerabilities in OAuth single sign-in which let them access victims personal information without authorization. ''Overprivileged attacks'' are when attackers are able to develop malicious apps that can do things that they do not have permission to do without needing to authenticate, such as changing door pins and setting off fire alarms in a house. <br />
<br />
[[File: dictionaryattack.png|300px]]<br />
<br />
==='''How are attackers able to perform these attacks?'''===<br />
<br />
Attackers are able to attack Edge devices or servers using different attack techniques, but it is more than just that. Attackers are able to abuse vulnerabilities and flaws in the Edge systems, specifically protocol-level design flaws, implementation-level flaws, code-level vulnerabilities, data correlations, and lacking in fine-grained access controls.<br />
<br />
''Protocol-level design flaws'' are caused by many protocols edge computing having adopted design flaws due to their designers mainly focus on utility and user experience rather than not providing security as well. ''Implementation-level flaws'' are logic flaws that can cause security strength to decrease significantly after being proved that it was strictly secure on paper, because developers may misunderstand the foundations of the protocol and migrating a protocol from other platforms to the edge computing platform may cause adaptivity inconsistency. ''Code-level vulnerabilities'' can be system bugs that cause memory failure or corruptness, like stack or heap overflow, and can be caused when a person is programming millions of lines of code but leaves something like a dangling pointer. ''Data correlations'' is caused when there could be hidden correlations between sensitive and insensitive data that edge produces that might not be straightforward to notice, which an attack can abuse using side-channels. ''Lacking in fine-grained access controls'' means that Edge computing systems cannot implement fine-grained access controls, because it cannot be adapted to edge computing due to the more complex and fine-grained permissions scenarios, making it easier to attack edge systems.<br />
<br />
Overall, the Edge security challenges can be avoided if there was more attention to the potential vulnerabilities or flaws. In the next sections, they will talk about data privacy on Edge systems, security protocols that Edge systems use to combat attacks on their systems, and real cases about actual security breaches that happened on the edge.<br />
<br />
==6.2 Data Privacy and Compliance in Edge Applications==<br />
<br />
==6.3 Security Protocols and Frameworks for Edge Systems==<br />
<br />
==6.4 Case Studies: Real-World Security Breaches==<br />
<br />
==Citations==</div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=Chapter_6:_Edge_Security_and_Privacy&diff=511Chapter 6: Edge Security and Privacy2025-04-06T21:15:00Z<p>Ali Siddiqi: /* Authorization and Authentication Attacks */</p>
<hr />
<div>==6. Edge Security and Privacy==<br />
<br />
==6.1 Overview of Security Challenges in Edge Computing==<br />
From previous chapters, Edge Computing has shown that it is here to stay and it will keep rapidly growing throughout the years. However, Edge Computing has its own security challenges that have to be addressed, because it is not a perfect system. Edge Computing has many security challenges that have to be dealt with in order to keep data safe. In this section, we will be talking about the different kinds of attacks that can happen on an Edge server or device, as how they are able to do this. <br />
<br />
==='''DDoS'''===<br />
''DDoS'' is a type of cyberattack in which an attacker aims to disrupt services provided by one or more servers based on distributed based on distributed resources such as a cluster of compromised Edge devices, which are also known as ''botnets''. ''DDoS attacks'' occur when an attacker persistently sends streams of packets to a victim from compromised electronic devices, which causes the hardware resources of the victim to be quickly exhausted by handling these malicious packets and can no longer process any legitimate request on time. There are two kinds of DDoS attacks: Flooding-based and Zero-day DDoS attacks. <br />
<br />
[[File: DDoS-Botnet.png|300px]]<br />
<br />
''Flooding-based'' DDoS attacks are a type of of DDoS attacks aiming to shut down normal service of a server based on large amount of flooded malformed or malicious network packets and are mainly classified as UDP flooding, ICMP flooding, SYN flooding, ping of death (PoD), HTTP flooding, and Slowloris.<br />
<br />
[[File: UDPFLOODING.png|300px]]<br />
<br />
''Zero-Day'' DDoS attacks are when an attacker must find an unknown vulnerability in a piece of code running on the target Edge server or device, which can cause memory corruption and finally result in a service shutdown. For example, newly built Edge servers could have ''code vulnerabilities'', such as a hanging pointers or stack overflows, and an attacker can abuse those vulnerabilities in order to cause the Edge servers or devices to overload due to memory issues and shut down.<br />
<br />
[[File: ZeroDayDDoS.png|300px]]<br />
<br />
==='''Side-Channel Attacks'''===<br />
<br />
''Side-Channel Attacks'' happen when an attacker constantly obtains certain ''side-channel information'', like using public information that is not privately-sensitive for a user, from the target edge computing infrastructure and then feeds it into specific algorithms or machine learning models that outputs the desired sensitive information. There are three kinds of Side-Channel attacks: attacks exploiting communication channels, attacks exploiting power consumption, and attacks exploiting smartphone-based channels.<br />
<br />
''Attacks exploiting communication channels'' are when an attacker can use a malicious node, that doesn't have to be an edge server or device, in order to exploit communication channels and uses the node to continuously sniff the network traces and wishes to extract sensitive information out of them. ''Attacks exploiting power consumption'' are when attackers use smart meters and oscilloscopes in order to measure the power consumption of a system since it carries information related to either the device that consumes the energy as different devices have different power. ''Attacks exploiting smartphone-based channels'' are when attackers exploit vulnerabilities using /proc and smartphone embedded sensors due to how sensors can leak information and send malware to the user that they can install but disguised as something important and attack /proc.<br />
<br />
[[File: sidechannelattack.png|300px]]<br />
<br />
==='''Malware Injection'''===<br />
<br />
''Malware Injection'' is when an attacker injects malicious code, or ''malware'', into edge devices or servers and is classified as either server-side or device-side injections. ''Server-side injections'' are separated into four types: SQL, XSS, CSRF and SSRF, and XML. ''Device-side injection'' is when an attacker injects the malware directly into IoT devices since IoT devices are highly heterogeneous, so an attacker can physically inject or use third-party malicious libraries that are powerful and less likely to get detected.<br />
<br />
''SQL injection'' is a code injection technique that attackers can use in order to destroy back-end databases by using the SQL query and escape sequences to trick the server into thinking the code is valid. ''XSS injection'' is a client-side attack in which an attacker injects malicious code into data content, which can be accessed and executed automatically by the servers. ''CSRF injection'' is an attack in which an end user is forced to execute unwanted actions through Web applications. ''SSRF injection'' is an attack in which Edge servers are abused to read or alter the internal resources. ''XML injection'' is an attack which an attacker intercepts an XML message and edits with malicious code so that it is sent to the Edge servers using ''Simple Object Access Protocol'' (SOAP).<br />
<br />
[[File: SQLinjectionattack.png|300px]]<br />
<br />
==='''Authorization and Authentication Attacks'''===<br />
<br />
When these attacks happen, an attacker can bypass authentication processes and gain unauthorized access by using four techniques: dictionary attacks, attacks exploiting vulnerabilities in authorization protocols, attacks exploiting vulnerabilities in authorization protocols, and overprivileged attacks. <br />
<br />
''Dictionary attack'' is when an attacker possesses a dictionary containing the most used credentials or passwords and inputs all possible entries in this dictionary in order to brute force a match. ''Attacks exploiting vulnerabilities in authorization protocols'' are when attackers look for design flaws in how authentication protocols are being used, like finding vulnerabilities in WPA2 or WPA3 protocols which can give an attacker messages that have encrypted information. They can also use 4G or 5G vulnerabilities in order to find a person's location and inject fabricated paging messages to mess with them and gain more information. ''Attacks exploiting vulnerabilities in authorization protocols'' are when attackers look for flaws in how authorization protocols are designed, such as an attacker using vulnerabilities in OAuth single sign-in which let them access victims personal information without authorization. ''Overprivileged attacks'' are when attackers are able to develop malicious apps that can do things that they do not have permission to do without needing to authenticate, such as changing door pins and setting off fire alarms in a house. <br />
<br />
[[File: dictionaryattack.png|300px]]<br />
<br />
==='''How are attackers able to perform these attacks?'''===<br />
<br />
Attackers are able to attack Edge devices or servers using different attack techniques, but it is more than just that. Attackers are able to abuse vulnerabilities and flaws in the Edge systems, specifically protocol-level design flaws, implementation-level flaws, code-level vulnerabilities, data correlations, and lacking in fine-grained access controls.<br />
<br />
''Protocol-level design flaws'' are caused by many protocols edge computing having adopted design flaws due to their designers mainly focus on utility and user experience rather than not providing security as well. ''Implementation-level flaws'' are logic flaws that can cause security strength to decrease significantly after being proved that it was strictly secure on paper, because developers may misunderstand the foundations of the protocol and migrating a protocol from other platforms to the edge computing platform may cause adaptivity inconsistency. ''Code-level vulnerabilities'' can be system bugs that cause memory failure or corruptness, like stack or heap overflow, and can be caused when a person is programming millions of lines of code but leaves something like a dangling pointer. ''Data correlations'' is caused when there could be hidden correlations between sensitive and insensitive data that edge produces that might not be straightforward to notice, which an attack can abuse using side-channels. ''Lacking in fine-grained access controls'' means that Edge computing systems cannot implement fine-grained access controls, because it cannot be adapted to edge computing due to the more complex and fine-grained permissions scenarios, making it easier to attack edge systems.<br />
<br />
Overall, the Edge security challenges can be avoided if there was more attention to the potential vulnerabilities or flaws. In the next sections, they will talk about data privacy on Edge systems, security protocols that Edge systems use to combat attacks on their systems, and real cases about actual security breaches that happened on the edge.<br />
<br />
==6.2 Data Privacy and Compliance in Edge Applications==<br />
<br />
==6.3 Security Protocols and Frameworks for Edge Systems==<br />
<br />
==6.4 Case Studies: Real-World Security Breaches==</div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=Chapter_6:_Edge_Security_and_Privacy&diff=509Chapter 6: Edge Security and Privacy2025-04-06T21:13:25Z<p>Ali Siddiqi: /* Malware Injection */</p>
<hr />
<div>==6. Edge Security and Privacy==<br />
<br />
==6.1 Overview of Security Challenges in Edge Computing==<br />
From previous chapters, Edge Computing has shown that it is here to stay and it will keep rapidly growing throughout the years. However, Edge Computing has its own security challenges that have to be addressed, because it is not a perfect system. Edge Computing has many security challenges that have to be dealt with in order to keep data safe. In this section, we will be talking about the different kinds of attacks that can happen on an Edge server or device, as how they are able to do this. <br />
<br />
==='''DDoS'''===<br />
''DDoS'' is a type of cyberattack in which an attacker aims to disrupt services provided by one or more servers based on distributed based on distributed resources such as a cluster of compromised Edge devices, which are also known as ''botnets''. ''DDoS attacks'' occur when an attacker persistently sends streams of packets to a victim from compromised electronic devices, which causes the hardware resources of the victim to be quickly exhausted by handling these malicious packets and can no longer process any legitimate request on time. There are two kinds of DDoS attacks: Flooding-based and Zero-day DDoS attacks. <br />
<br />
[[File: DDoS-Botnet.png|300px]]<br />
<br />
''Flooding-based'' DDoS attacks are a type of of DDoS attacks aiming to shut down normal service of a server based on large amount of flooded malformed or malicious network packets and are mainly classified as UDP flooding, ICMP flooding, SYN flooding, ping of death (PoD), HTTP flooding, and Slowloris.<br />
<br />
[[File: UDPFLOODING.png|300px]]<br />
<br />
''Zero-Day'' DDoS attacks are when an attacker must find an unknown vulnerability in a piece of code running on the target Edge server or device, which can cause memory corruption and finally result in a service shutdown. For example, newly built Edge servers could have ''code vulnerabilities'', such as a hanging pointers or stack overflows, and an attacker can abuse those vulnerabilities in order to cause the Edge servers or devices to overload due to memory issues and shut down.<br />
<br />
[[File: ZeroDayDDoS.png|300px]]<br />
<br />
==='''Side-Channel Attacks'''===<br />
<br />
''Side-Channel Attacks'' happen when an attacker constantly obtains certain ''side-channel information'', like using public information that is not privately-sensitive for a user, from the target edge computing infrastructure and then feeds it into specific algorithms or machine learning models that outputs the desired sensitive information. There are three kinds of Side-Channel attacks: attacks exploiting communication channels, attacks exploiting power consumption, and attacks exploiting smartphone-based channels.<br />
<br />
''Attacks exploiting communication channels'' are when an attacker can use a malicious node, that doesn't have to be an edge server or device, in order to exploit communication channels and uses the node to continuously sniff the network traces and wishes to extract sensitive information out of them. ''Attacks exploiting power consumption'' are when attackers use smart meters and oscilloscopes in order to measure the power consumption of a system since it carries information related to either the device that consumes the energy as different devices have different power. ''Attacks exploiting smartphone-based channels'' are when attackers exploit vulnerabilities using /proc and smartphone embedded sensors due to how sensors can leak information and send malware to the user that they can install but disguised as something important and attack /proc.<br />
<br />
[[File: sidechannelattack.png|300px]]<br />
<br />
==='''Malware Injection'''===<br />
<br />
''Malware Injection'' is when an attacker injects malicious code, or ''malware'', into edge devices or servers and is classified as either server-side or device-side injections. ''Server-side injections'' are separated into four types: SQL, XSS, CSRF and SSRF, and XML. ''Device-side injection'' is when an attacker injects the malware directly into IoT devices since IoT devices are highly heterogeneous, so an attacker can physically inject or use third-party malicious libraries that are powerful and less likely to get detected.<br />
<br />
''SQL injection'' is a code injection technique that attackers can use in order to destroy back-end databases by using the SQL query and escape sequences to trick the server into thinking the code is valid. ''XSS injection'' is a client-side attack in which an attacker injects malicious code into data content, which can be accessed and executed automatically by the servers. ''CSRF injection'' is an attack in which an end user is forced to execute unwanted actions through Web applications. ''SSRF injection'' is an attack in which Edge servers are abused to read or alter the internal resources. ''XML injection'' is an attack which an attacker intercepts an XML message and edits with malicious code so that it is sent to the Edge servers using ''Simple Object Access Protocol'' (SOAP).<br />
<br />
[[File: SQLinjectionattack.png|300px]]<br />
<br />
==='''Authorization and Authentication Attacks'''===<br />
<br />
When these attacks happen, an attacker can bypass authentication processes and gain unauthorized access by using four techniques: dictionary attacks, attacks exploiting vulnerabilities in authorization protocols, attacks exploiting vulnerabilities in authorization protocols, and overprivileged attacks. <br />
<br />
''Dictionary attack'' is when an attacker possesses a dictionary containing the most used credentials or passwords and inputs all possible entries in this dictionary in order to brute force a match. ''Attacks exploiting vulnerabilities in authorization protocols'' are when attackers look for design flaws in how authentication protocols are being used, like finding vulnerabilities in WPA2 or WPA3 protocols which can give an attacker messages that have encrypted information. They can also use 4G or 5G vulnerabilities in order to find a person's location and inject fabricated paging messages to mess with them and gain more information. ''Attacks exploiting vulnerabilities in authorization protocols'' are when attackers look for flaws in how authorization protocols are designed, such as an attacker using vulnerabilities in OAuth single sign-in which let them access victims personal information without authorization. ''Overprivileged attacks'' are when attackers are able to develop malicious apps that can do things that they do not have permission to do without needing to authenticate, such as changing door pins and setting off fire alarms in a house. <br />
<br />
[[File: dictionaryattack.png]]<br />
<br />
==='''How are attackers able to perform these attacks?'''===<br />
<br />
Attackers are able to attack Edge devices or servers using different attack techniques, but it is more than just that. Attackers are able to abuse vulnerabilities and flaws in the Edge systems, specifically protocol-level design flaws, implementation-level flaws, code-level vulnerabilities, data correlations, and lacking in fine-grained access controls.<br />
<br />
''Protocol-level design flaws'' are caused by many protocols edge computing having adopted design flaws due to their designers mainly focus on utility and user experience rather than not providing security as well. ''Implementation-level flaws'' are logic flaws that can cause security strength to decrease significantly after being proved that it was strictly secure on paper, because developers may misunderstand the foundations of the protocol and migrating a protocol from other platforms to the edge computing platform may cause adaptivity inconsistency. ''Code-level vulnerabilities'' can be system bugs that cause memory failure or corruptness, like stack or heap overflow, and can be caused when a person is programming millions of lines of code but leaves something like a dangling pointer. ''Data correlations'' is caused when there could be hidden correlations between sensitive and insensitive data that edge produces that might not be straightforward to notice, which an attack can abuse using side-channels. ''Lacking in fine-grained access controls'' means that Edge computing systems cannot implement fine-grained access controls, because it cannot be adapted to edge computing due to the more complex and fine-grained permissions scenarios, making it easier to attack edge systems.<br />
<br />
Overall, the Edge security challenges can be avoided if there was more attention to the potential vulnerabilities or flaws. In the next sections, they will talk about data privacy on Edge systems, security protocols that Edge systems use to combat attacks on their systems, and real cases about actual security breaches that happened on the edge.<br />
<br />
==6.2 Data Privacy and Compliance in Edge Applications==<br />
<br />
==6.3 Security Protocols and Frameworks for Edge Systems==<br />
<br />
==6.4 Case Studies: Real-World Security Breaches==</div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=Chapter_6:_Edge_Security_and_Privacy&diff=508Chapter 6: Edge Security and Privacy2025-04-06T21:13:03Z<p>Ali Siddiqi: /* Side-Channel Attacks */</p>
<hr />
<div>==6. Edge Security and Privacy==<br />
<br />
==6.1 Overview of Security Challenges in Edge Computing==<br />
From previous chapters, Edge Computing has shown that it is here to stay and it will keep rapidly growing throughout the years. However, Edge Computing has its own security challenges that have to be addressed, because it is not a perfect system. Edge Computing has many security challenges that have to be dealt with in order to keep data safe. In this section, we will be talking about the different kinds of attacks that can happen on an Edge server or device, as how they are able to do this. <br />
<br />
==='''DDoS'''===<br />
''DDoS'' is a type of cyberattack in which an attacker aims to disrupt services provided by one or more servers based on distributed based on distributed resources such as a cluster of compromised Edge devices, which are also known as ''botnets''. ''DDoS attacks'' occur when an attacker persistently sends streams of packets to a victim from compromised electronic devices, which causes the hardware resources of the victim to be quickly exhausted by handling these malicious packets and can no longer process any legitimate request on time. There are two kinds of DDoS attacks: Flooding-based and Zero-day DDoS attacks. <br />
<br />
[[File: DDoS-Botnet.png|300px]]<br />
<br />
''Flooding-based'' DDoS attacks are a type of of DDoS attacks aiming to shut down normal service of a server based on large amount of flooded malformed or malicious network packets and are mainly classified as UDP flooding, ICMP flooding, SYN flooding, ping of death (PoD), HTTP flooding, and Slowloris.<br />
<br />
[[File: UDPFLOODING.png|300px]]<br />
<br />
''Zero-Day'' DDoS attacks are when an attacker must find an unknown vulnerability in a piece of code running on the target Edge server or device, which can cause memory corruption and finally result in a service shutdown. For example, newly built Edge servers could have ''code vulnerabilities'', such as a hanging pointers or stack overflows, and an attacker can abuse those vulnerabilities in order to cause the Edge servers or devices to overload due to memory issues and shut down.<br />
<br />
[[File: ZeroDayDDoS.png|300px]]<br />
<br />
==='''Side-Channel Attacks'''===<br />
<br />
''Side-Channel Attacks'' happen when an attacker constantly obtains certain ''side-channel information'', like using public information that is not privately-sensitive for a user, from the target edge computing infrastructure and then feeds it into specific algorithms or machine learning models that outputs the desired sensitive information. There are three kinds of Side-Channel attacks: attacks exploiting communication channels, attacks exploiting power consumption, and attacks exploiting smartphone-based channels.<br />
<br />
''Attacks exploiting communication channels'' are when an attacker can use a malicious node, that doesn't have to be an edge server or device, in order to exploit communication channels and uses the node to continuously sniff the network traces and wishes to extract sensitive information out of them. ''Attacks exploiting power consumption'' are when attackers use smart meters and oscilloscopes in order to measure the power consumption of a system since it carries information related to either the device that consumes the energy as different devices have different power. ''Attacks exploiting smartphone-based channels'' are when attackers exploit vulnerabilities using /proc and smartphone embedded sensors due to how sensors can leak information and send malware to the user that they can install but disguised as something important and attack /proc.<br />
<br />
[[File: sidechannelattack.png|300px]]<br />
<br />
==='''Malware Injection'''===<br />
<br />
''Malware Injection'' is when an attacker injects malicious code, or ''malware'', into edge devices or servers and is classified as either server-side or device-side injections. ''Server-side injections'' are separated into four types: SQL, XSS, CSRF and SSRF, and XML. ''Device-side injection'' is when an attacker injects the malware directly into IoT devices since IoT devices are highly heterogeneous, so an attacker can physically inject or use third-party malicious libraries that are powerful and less likely to get detected.<br />
<br />
''SQL injection'' is a code injection technique that attackers can use in order to destroy back-end databases by using the SQL query and escape sequences to trick the server into thinking the code is valid. ''XSS injection'' is a client-side attack in which an attacker injects malicious code into data content, which can be accessed and executed automatically by the servers. ''CSRF injection'' is an attack in which an end user is forced to execute unwanted actions through Web applications. ''SSRF injection'' is an attack in which Edge servers are abused to read or alter the internal resources. ''XML injection'' is an attack which an attacker intercepts an XML message and edits with malicious code so that it is sent to the Edge servers using ''Simple Object Access Protocol'' (SOAP).<br />
<br />
[[File: SQLinjectionattack.png]]<br />
<br />
==='''Authorization and Authentication Attacks'''===<br />
<br />
When these attacks happen, an attacker can bypass authentication processes and gain unauthorized access by using four techniques: dictionary attacks, attacks exploiting vulnerabilities in authorization protocols, attacks exploiting vulnerabilities in authorization protocols, and overprivileged attacks. <br />
<br />
''Dictionary attack'' is when an attacker possesses a dictionary containing the most used credentials or passwords and inputs all possible entries in this dictionary in order to brute force a match. ''Attacks exploiting vulnerabilities in authorization protocols'' are when attackers look for design flaws in how authentication protocols are being used, like finding vulnerabilities in WPA2 or WPA3 protocols which can give an attacker messages that have encrypted information. They can also use 4G or 5G vulnerabilities in order to find a person's location and inject fabricated paging messages to mess with them and gain more information. ''Attacks exploiting vulnerabilities in authorization protocols'' are when attackers look for flaws in how authorization protocols are designed, such as an attacker using vulnerabilities in OAuth single sign-in which let them access victims personal information without authorization. ''Overprivileged attacks'' are when attackers are able to develop malicious apps that can do things that they do not have permission to do without needing to authenticate, such as changing door pins and setting off fire alarms in a house. <br />
<br />
[[File: dictionaryattack.png]]<br />
<br />
==='''How are attackers able to perform these attacks?'''===<br />
<br />
Attackers are able to attack Edge devices or servers using different attack techniques, but it is more than just that. Attackers are able to abuse vulnerabilities and flaws in the Edge systems, specifically protocol-level design flaws, implementation-level flaws, code-level vulnerabilities, data correlations, and lacking in fine-grained access controls.<br />
<br />
''Protocol-level design flaws'' are caused by many protocols edge computing having adopted design flaws due to their designers mainly focus on utility and user experience rather than not providing security as well. ''Implementation-level flaws'' are logic flaws that can cause security strength to decrease significantly after being proved that it was strictly secure on paper, because developers may misunderstand the foundations of the protocol and migrating a protocol from other platforms to the edge computing platform may cause adaptivity inconsistency. ''Code-level vulnerabilities'' can be system bugs that cause memory failure or corruptness, like stack or heap overflow, and can be caused when a person is programming millions of lines of code but leaves something like a dangling pointer. ''Data correlations'' is caused when there could be hidden correlations between sensitive and insensitive data that edge produces that might not be straightforward to notice, which an attack can abuse using side-channels. ''Lacking in fine-grained access controls'' means that Edge computing systems cannot implement fine-grained access controls, because it cannot be adapted to edge computing due to the more complex and fine-grained permissions scenarios, making it easier to attack edge systems.<br />
<br />
Overall, the Edge security challenges can be avoided if there was more attention to the potential vulnerabilities or flaws. In the next sections, they will talk about data privacy on Edge systems, security protocols that Edge systems use to combat attacks on their systems, and real cases about actual security breaches that happened on the edge.<br />
<br />
==6.2 Data Privacy and Compliance in Edge Applications==<br />
<br />
==6.3 Security Protocols and Frameworks for Edge Systems==<br />
<br />
==6.4 Case Studies: Real-World Security Breaches==</div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=Chapter_6:_Edge_Security_and_Privacy&diff=507Chapter 6: Edge Security and Privacy2025-04-06T21:12:47Z<p>Ali Siddiqi: /* DDoS */</p>
<hr />
<div>==6. Edge Security and Privacy==<br />
<br />
==6.1 Overview of Security Challenges in Edge Computing==<br />
From previous chapters, Edge Computing has shown that it is here to stay and it will keep rapidly growing throughout the years. However, Edge Computing has its own security challenges that have to be addressed, because it is not a perfect system. Edge Computing has many security challenges that have to be dealt with in order to keep data safe. In this section, we will be talking about the different kinds of attacks that can happen on an Edge server or device, as how they are able to do this. <br />
<br />
==='''DDoS'''===<br />
''DDoS'' is a type of cyberattack in which an attacker aims to disrupt services provided by one or more servers based on distributed based on distributed resources such as a cluster of compromised Edge devices, which are also known as ''botnets''. ''DDoS attacks'' occur when an attacker persistently sends streams of packets to a victim from compromised electronic devices, which causes the hardware resources of the victim to be quickly exhausted by handling these malicious packets and can no longer process any legitimate request on time. There are two kinds of DDoS attacks: Flooding-based and Zero-day DDoS attacks. <br />
<br />
[[File: DDoS-Botnet.png|300px]]<br />
<br />
''Flooding-based'' DDoS attacks are a type of of DDoS attacks aiming to shut down normal service of a server based on large amount of flooded malformed or malicious network packets and are mainly classified as UDP flooding, ICMP flooding, SYN flooding, ping of death (PoD), HTTP flooding, and Slowloris.<br />
<br />
[[File: UDPFLOODING.png|300px]]<br />
<br />
''Zero-Day'' DDoS attacks are when an attacker must find an unknown vulnerability in a piece of code running on the target Edge server or device, which can cause memory corruption and finally result in a service shutdown. For example, newly built Edge servers could have ''code vulnerabilities'', such as a hanging pointers or stack overflows, and an attacker can abuse those vulnerabilities in order to cause the Edge servers or devices to overload due to memory issues and shut down.<br />
<br />
[[File: ZeroDayDDoS.png|300px]]<br />
<br />
==='''Side-Channel Attacks'''===<br />
<br />
''Side-Channel Attacks'' happen when an attacker constantly obtains certain ''side-channel information'', like using public information that is not privately-sensitive for a user, from the target edge computing infrastructure and then feeds it into specific algorithms or machine learning models that outputs the desired sensitive information. There are three kinds of Side-Channel attacks: attacks exploiting communication channels, attacks exploiting power consumption, and attacks exploiting smartphone-based channels.<br />
<br />
''Attacks exploiting communication channels'' are when an attacker can use a malicious node, that doesn't have to be an edge server or device, in order to exploit communication channels and uses the node to continuously sniff the network traces and wishes to extract sensitive information out of them. ''Attacks exploiting power consumption'' are when attackers use smart meters and oscilloscopes in order to measure the power consumption of a system since it carries information related to either the device that consumes the energy as different devices have different power. ''Attacks exploiting smartphone-based channels'' are when attackers exploit vulnerabilities using /proc and smartphone embedded sensors due to how sensors can leak information and send malware to the user that they can install but disguised as something important and attack /proc.<br />
<br />
[[File: sidechannelattack.png]]<br />
<br />
==='''Malware Injection'''===<br />
<br />
''Malware Injection'' is when an attacker injects malicious code, or ''malware'', into edge devices or servers and is classified as either server-side or device-side injections. ''Server-side injections'' are separated into four types: SQL, XSS, CSRF and SSRF, and XML. ''Device-side injection'' is when an attacker injects the malware directly into IoT devices since IoT devices are highly heterogeneous, so an attacker can physically inject or use third-party malicious libraries that are powerful and less likely to get detected.<br />
<br />
''SQL injection'' is a code injection technique that attackers can use in order to destroy back-end databases by using the SQL query and escape sequences to trick the server into thinking the code is valid. ''XSS injection'' is a client-side attack in which an attacker injects malicious code into data content, which can be accessed and executed automatically by the servers. ''CSRF injection'' is an attack in which an end user is forced to execute unwanted actions through Web applications. ''SSRF injection'' is an attack in which Edge servers are abused to read or alter the internal resources. ''XML injection'' is an attack which an attacker intercepts an XML message and edits with malicious code so that it is sent to the Edge servers using ''Simple Object Access Protocol'' (SOAP).<br />
<br />
[[File: SQLinjectionattack.png]]<br />
<br />
==='''Authorization and Authentication Attacks'''===<br />
<br />
When these attacks happen, an attacker can bypass authentication processes and gain unauthorized access by using four techniques: dictionary attacks, attacks exploiting vulnerabilities in authorization protocols, attacks exploiting vulnerabilities in authorization protocols, and overprivileged attacks. <br />
<br />
''Dictionary attack'' is when an attacker possesses a dictionary containing the most used credentials or passwords and inputs all possible entries in this dictionary in order to brute force a match. ''Attacks exploiting vulnerabilities in authorization protocols'' are when attackers look for design flaws in how authentication protocols are being used, like finding vulnerabilities in WPA2 or WPA3 protocols which can give an attacker messages that have encrypted information. They can also use 4G or 5G vulnerabilities in order to find a person's location and inject fabricated paging messages to mess with them and gain more information. ''Attacks exploiting vulnerabilities in authorization protocols'' are when attackers look for flaws in how authorization protocols are designed, such as an attacker using vulnerabilities in OAuth single sign-in which let them access victims personal information without authorization. ''Overprivileged attacks'' are when attackers are able to develop malicious apps that can do things that they do not have permission to do without needing to authenticate, such as changing door pins and setting off fire alarms in a house. <br />
<br />
[[File: dictionaryattack.png]]<br />
<br />
==='''How are attackers able to perform these attacks?'''===<br />
<br />
Attackers are able to attack Edge devices or servers using different attack techniques, but it is more than just that. Attackers are able to abuse vulnerabilities and flaws in the Edge systems, specifically protocol-level design flaws, implementation-level flaws, code-level vulnerabilities, data correlations, and lacking in fine-grained access controls.<br />
<br />
''Protocol-level design flaws'' are caused by many protocols edge computing having adopted design flaws due to their designers mainly focus on utility and user experience rather than not providing security as well. ''Implementation-level flaws'' are logic flaws that can cause security strength to decrease significantly after being proved that it was strictly secure on paper, because developers may misunderstand the foundations of the protocol and migrating a protocol from other platforms to the edge computing platform may cause adaptivity inconsistency. ''Code-level vulnerabilities'' can be system bugs that cause memory failure or corruptness, like stack or heap overflow, and can be caused when a person is programming millions of lines of code but leaves something like a dangling pointer. ''Data correlations'' is caused when there could be hidden correlations between sensitive and insensitive data that edge produces that might not be straightforward to notice, which an attack can abuse using side-channels. ''Lacking in fine-grained access controls'' means that Edge computing systems cannot implement fine-grained access controls, because it cannot be adapted to edge computing due to the more complex and fine-grained permissions scenarios, making it easier to attack edge systems.<br />
<br />
Overall, the Edge security challenges can be avoided if there was more attention to the potential vulnerabilities or flaws. In the next sections, they will talk about data privacy on Edge systems, security protocols that Edge systems use to combat attacks on their systems, and real cases about actual security breaches that happened on the edge.<br />
<br />
==6.2 Data Privacy and Compliance in Edge Applications==<br />
<br />
==6.3 Security Protocols and Frameworks for Edge Systems==<br />
<br />
==6.4 Case Studies: Real-World Security Breaches==</div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=Chapter_6:_Edge_Security_and_Privacy&diff=506Chapter 6: Edge Security and Privacy2025-04-06T21:12:24Z<p>Ali Siddiqi: /* 6.1 Overview of Security Challenges in Edge Computing */</p>
<hr />
<div>==6. Edge Security and Privacy==<br />
<br />
==6.1 Overview of Security Challenges in Edge Computing==<br />
From previous chapters, Edge Computing has shown that it is here to stay and it will keep rapidly growing throughout the years. However, Edge Computing has its own security challenges that have to be addressed, because it is not a perfect system. Edge Computing has many security challenges that have to be dealt with in order to keep data safe. In this section, we will be talking about the different kinds of attacks that can happen on an Edge server or device, as how they are able to do this. <br />
<br />
==='''DDoS'''===<br />
''DDoS'' is a type of cyberattack in which an attacker aims to disrupt services provided by one or more servers based on distributed based on distributed resources such as a cluster of compromised Edge devices, which are also known as ''botnets''. ''DDoS attacks'' occur when an attacker persistently sends streams of packets to a victim from compromised electronic devices, which causes the hardware resources of the victim to be quickly exhausted by handling these malicious packets and can no longer process any legitimate request on time. There are two kinds of DDoS attacks: Flooding-based and Zero-day DDoS attacks. <br />
<br />
[[File: DDoS-Botnet.png|200px]]<br />
<br />
''Flooding-based'' DDoS attacks are a type of of DDoS attacks aiming to shut down normal service of a server based on large amount of flooded malformed or malicious network packets and are mainly classified as UDP flooding, ICMP flooding, SYN flooding, ping of death (PoD), HTTP flooding, and Slowloris.<br />
<br />
[[File: UDPFLOODING.png]]<br />
<br />
''Zero-Day'' DDoS attacks are when an attacker must find an unknown vulnerability in a piece of code running on the target Edge server or device, which can cause memory corruption and finally result in a service shutdown. For example, newly built Edge servers could have ''code vulnerabilities'', such as a hanging pointers or stack overflows, and an attacker can abuse those vulnerabilities in order to cause the Edge servers or devices to overload due to memory issues and shut down.<br />
<br />
[[File: ZeroDayDDoS.png]]<br />
<br />
==='''Side-Channel Attacks'''===<br />
<br />
''Side-Channel Attacks'' happen when an attacker constantly obtains certain ''side-channel information'', like using public information that is not privately-sensitive for a user, from the target edge computing infrastructure and then feeds it into specific algorithms or machine learning models that outputs the desired sensitive information. There are three kinds of Side-Channel attacks: attacks exploiting communication channels, attacks exploiting power consumption, and attacks exploiting smartphone-based channels.<br />
<br />
''Attacks exploiting communication channels'' are when an attacker can use a malicious node, that doesn't have to be an edge server or device, in order to exploit communication channels and uses the node to continuously sniff the network traces and wishes to extract sensitive information out of them. ''Attacks exploiting power consumption'' are when attackers use smart meters and oscilloscopes in order to measure the power consumption of a system since it carries information related to either the device that consumes the energy as different devices have different power. ''Attacks exploiting smartphone-based channels'' are when attackers exploit vulnerabilities using /proc and smartphone embedded sensors due to how sensors can leak information and send malware to the user that they can install but disguised as something important and attack /proc.<br />
<br />
[[File: sidechannelattack.png]]<br />
<br />
==='''Malware Injection'''===<br />
<br />
''Malware Injection'' is when an attacker injects malicious code, or ''malware'', into edge devices or servers and is classified as either server-side or device-side injections. ''Server-side injections'' are separated into four types: SQL, XSS, CSRF and SSRF, and XML. ''Device-side injection'' is when an attacker injects the malware directly into IoT devices since IoT devices are highly heterogeneous, so an attacker can physically inject or use third-party malicious libraries that are powerful and less likely to get detected.<br />
<br />
''SQL injection'' is a code injection technique that attackers can use in order to destroy back-end databases by using the SQL query and escape sequences to trick the server into thinking the code is valid. ''XSS injection'' is a client-side attack in which an attacker injects malicious code into data content, which can be accessed and executed automatically by the servers. ''CSRF injection'' is an attack in which an end user is forced to execute unwanted actions through Web applications. ''SSRF injection'' is an attack in which Edge servers are abused to read or alter the internal resources. ''XML injection'' is an attack which an attacker intercepts an XML message and edits with malicious code so that it is sent to the Edge servers using ''Simple Object Access Protocol'' (SOAP).<br />
<br />
[[File: SQLinjectionattack.png]]<br />
<br />
==='''Authorization and Authentication Attacks'''===<br />
<br />
When these attacks happen, an attacker can bypass authentication processes and gain unauthorized access by using four techniques: dictionary attacks, attacks exploiting vulnerabilities in authorization protocols, attacks exploiting vulnerabilities in authorization protocols, and overprivileged attacks. <br />
<br />
''Dictionary attack'' is when an attacker possesses a dictionary containing the most used credentials or passwords and inputs all possible entries in this dictionary in order to brute force a match. ''Attacks exploiting vulnerabilities in authorization protocols'' are when attackers look for design flaws in how authentication protocols are being used, like finding vulnerabilities in WPA2 or WPA3 protocols which can give an attacker messages that have encrypted information. They can also use 4G or 5G vulnerabilities in order to find a person's location and inject fabricated paging messages to mess with them and gain more information. ''Attacks exploiting vulnerabilities in authorization protocols'' are when attackers look for flaws in how authorization protocols are designed, such as an attacker using vulnerabilities in OAuth single sign-in which let them access victims personal information without authorization. ''Overprivileged attacks'' are when attackers are able to develop malicious apps that can do things that they do not have permission to do without needing to authenticate, such as changing door pins and setting off fire alarms in a house. <br />
<br />
[[File: dictionaryattack.png]]<br />
<br />
==='''How are attackers able to perform these attacks?'''===<br />
<br />
Attackers are able to attack Edge devices or servers using different attack techniques, but it is more than just that. Attackers are able to abuse vulnerabilities and flaws in the Edge systems, specifically protocol-level design flaws, implementation-level flaws, code-level vulnerabilities, data correlations, and lacking in fine-grained access controls.<br />
<br />
''Protocol-level design flaws'' are caused by many protocols edge computing having adopted design flaws due to their designers mainly focus on utility and user experience rather than not providing security as well. ''Implementation-level flaws'' are logic flaws that can cause security strength to decrease significantly after being proved that it was strictly secure on paper, because developers may misunderstand the foundations of the protocol and migrating a protocol from other platforms to the edge computing platform may cause adaptivity inconsistency. ''Code-level vulnerabilities'' can be system bugs that cause memory failure or corruptness, like stack or heap overflow, and can be caused when a person is programming millions of lines of code but leaves something like a dangling pointer. ''Data correlations'' is caused when there could be hidden correlations between sensitive and insensitive data that edge produces that might not be straightforward to notice, which an attack can abuse using side-channels. ''Lacking in fine-grained access controls'' means that Edge computing systems cannot implement fine-grained access controls, because it cannot be adapted to edge computing due to the more complex and fine-grained permissions scenarios, making it easier to attack edge systems.<br />
<br />
Overall, the Edge security challenges can be avoided if there was more attention to the potential vulnerabilities or flaws. In the next sections, they will talk about data privacy on Edge systems, security protocols that Edge systems use to combat attacks on their systems, and real cases about actual security breaches that happened on the edge.<br />
<br />
==6.2 Data Privacy and Compliance in Edge Applications==<br />
<br />
==6.3 Security Protocols and Frameworks for Edge Systems==<br />
<br />
==6.4 Case Studies: Real-World Security Breaches==</div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=Chapter_6:_Edge_Security_and_Privacy&diff=503Chapter 6: Edge Security and Privacy2025-04-06T21:09:18Z<p>Ali Siddiqi: /* How are attackers able to perform these attacks? */</p>
<hr />
<div>==6. Edge Security and Privacy==<br />
<br />
==6.1 Overview of Security Challenges in Edge Computing==<br />
From previous chapters, Edge Computing has shown that it is here to stay and it will keep rapidly growing throughout the years. However, Edge Computing has its own security challenges that have to be addressed, because it is not a perfect system. Edge Computing has many security challenges that have to be dealt with in order to keep data safe. In this section, we will be talking about the different kinds of attacks that can happen on an Edge server or device, as how they are able to do this. <br />
<br />
==='''DDoS'''===<br />
''DDoS'' is a type of cyberattack in which an attacker aims to disrupt services provided by one or more servers based on distributed based on distributed resources such as a cluster of compromised Edge devices, which are also known as ''botnets''. ''DDoS attacks'' occur when an attacker persistently sends streams of packets to a victim from compromised electronic devices, which causes the hardware resources of the victim to be quickly exhausted by handling these malicious packets and can no longer process any legitimate request on time. There are two kinds of DDoS attacks: Flooding-based and Zero-day DDoS attacks. <br />
<br />
[[File: DDoS-Botnet.png]]<br />
<br />
''Flooding-based'' DDoS attacks are a type of of DDoS attacks aiming to shut down normal service of a server based on large amount of flooded malformed or malicious network packets and are mainly classified as UDP flooding, ICMP flooding, SYN flooding, ping of death (PoD), HTTP flooding, and Slowloris.<br />
<br />
[[File: UDPFLOODING.png]]<br />
<br />
''Zero-Day'' DDoS attacks are when an attacker must find an unknown vulnerability in a piece of code running on the target Edge server or device, which can cause memory corruption and finally result in a service shutdown. For example, newly built Edge servers could have ''code vulnerabilities'', such as a hanging pointers or stack overflows, and an attacker can abuse those vulnerabilities in order to cause the Edge servers or devices to overload due to memory issues and shut down.<br />
<br />
[[File: ZeroDayDDoS.png]]<br />
<br />
==='''Side-Channel Attacks'''===<br />
<br />
''Side-Channel Attacks'' happen when an attacker constantly obtains certain ''side-channel information'', like using public information that is not privately-sensitive for a user, from the target edge computing infrastructure and then feeds it into specific algorithms or machine learning models that outputs the desired sensitive information. There are three kinds of Side-Channel attacks: attacks exploiting communication channels, attacks exploiting power consumption, and attacks exploiting smartphone-based channels.<br />
<br />
''Attacks exploiting communication channels'' are when an attacker can use a malicious node, that doesn't have to be an edge server or device, in order to exploit communication channels and uses the node to continuously sniff the network traces and wishes to extract sensitive information out of them. ''Attacks exploiting power consumption'' are when attackers use smart meters and oscilloscopes in order to measure the power consumption of a system since it carries information related to either the device that consumes the energy as different devices have different power. ''Attacks exploiting smartphone-based channels'' are when attackers exploit vulnerabilities using /proc and smartphone embedded sensors due to how sensors can leak information and send malware to the user that they can install but disguised as something important and attack /proc.<br />
<br />
[[File: sidechannelattack.png]]<br />
<br />
==='''Malware Injection'''===<br />
<br />
''Malware Injection'' is when an attacker injects malicious code, or ''malware'', into edge devices or servers and is classified as either server-side or device-side injections. ''Server-side injections'' are separated into four types: SQL, XSS, CSRF and SSRF, and XML. ''Device-side injection'' is when an attacker injects the malware directly into IoT devices since IoT devices are highly heterogeneous, so an attacker can physically inject or use third-party malicious libraries that are powerful and less likely to get detected.<br />
<br />
''SQL injection'' is a code injection technique that attackers can use in order to destroy back-end databases by using the SQL query and escape sequences to trick the server into thinking the code is valid. ''XSS injection'' is a client-side attack in which an attacker injects malicious code into data content, which can be accessed and executed automatically by the servers. ''CSRF injection'' is an attack in which an end user is forced to execute unwanted actions through Web applications. ''SSRF injection'' is an attack in which Edge servers are abused to read or alter the internal resources. ''XML injection'' is an attack which an attacker intercepts an XML message and edits with malicious code so that it is sent to the Edge servers using ''Simple Object Access Protocol'' (SOAP).<br />
<br />
[[File: SQLinjectionattack.png]]<br />
<br />
==='''Authorization and Authentication Attacks'''===<br />
<br />
When these attacks happen, an attacker can bypass authentication processes and gain unauthorized access by using four techniques: dictionary attacks, attacks exploiting vulnerabilities in authorization protocols, attacks exploiting vulnerabilities in authorization protocols, and overprivileged attacks. <br />
<br />
''Dictionary attack'' is when an attacker possesses a dictionary containing the most used credentials or passwords and inputs all possible entries in this dictionary in order to brute force a match. ''Attacks exploiting vulnerabilities in authorization protocols'' are when attackers look for design flaws in how authentication protocols are being used, like finding vulnerabilities in WPA2 or WPA3 protocols which can give an attacker messages that have encrypted information. They can also use 4G or 5G vulnerabilities in order to find a person's location and inject fabricated paging messages to mess with them and gain more information. ''Attacks exploiting vulnerabilities in authorization protocols'' are when attackers look for flaws in how authorization protocols are designed, such as an attacker using vulnerabilities in OAuth single sign-in which let them access victims personal information without authorization. ''Overprivileged attacks'' are when attackers are able to develop malicious apps that can do things that they do not have permission to do without needing to authenticate, such as changing door pins and setting off fire alarms in a house. <br />
<br />
[[File: dictionaryattack.png]]<br />
<br />
==='''How are attackers able to perform these attacks?'''===<br />
<br />
Attackers are able to attack Edge devices or servers using different attack techniques, but it is more than just that. Attackers are able to abuse vulnerabilities and flaws in the Edge systems, specifically protocol-level design flaws, implementation-level flaws, code-level vulnerabilities, data correlations, and lacking in fine-grained access controls.<br />
<br />
''Protocol-level design flaws'' are caused by many protocols edge computing having adopted design flaws due to their designers mainly focus on utility and user experience rather than not providing security as well. ''Implementation-level flaws'' are logic flaws that can cause security strength to decrease significantly after being proved that it was strictly secure on paper, because developers may misunderstand the foundations of the protocol and migrating a protocol from other platforms to the edge computing platform may cause adaptivity inconsistency. ''Code-level vulnerabilities'' can be system bugs that cause memory failure or corruptness, like stack or heap overflow, and can be caused when a person is programming millions of lines of code but leaves something like a dangling pointer. ''Data correlations'' is caused when there could be hidden correlations between sensitive and insensitive data that edge produces that might not be straightforward to notice, which an attack can abuse using side-channels. ''Lacking in fine-grained access controls'' means that Edge computing systems cannot implement fine-grained access controls, because it cannot be adapted to edge computing due to the more complex and fine-grained permissions scenarios, making it easier to attack edge systems.<br />
<br />
Overall, the Edge security challenges can be avoided if there was more attention to the potential vulnerabilities or flaws. In the next sections, they will talk about data privacy on Edge systems, security protocols that Edge systems use to combat attacks on their systems, and real cases about actual security breaches that happened on the edge.<br />
<br />
==6.2 Data Privacy and Compliance in Edge Applications==<br />
<br />
==6.3 Security Protocols and Frameworks for Edge Systems==<br />
<br />
==6.4 Case Studies: Real-World Security Breaches==</div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=Chapter_6:_Edge_Security_and_Privacy&diff=487Chapter 6: Edge Security and Privacy2025-04-06T19:19:34Z<p>Ali Siddiqi: /* How are attackers able to perform these attacks? */</p>
<hr />
<div>==6. Edge Security and Privacy==<br />
<br />
==6.1 Overview of Security Challenges in Edge Computing==<br />
From previous chapters, Edge Computing has shown that it is here to stay and it will keep rapidly growing throughout the years. However, Edge Computing has its own security challenges that have to be addressed, because it is not a perfect system. Edge Computing has many security challenges that have to be dealt with in order to keep data safe. In this section, we will be talking about the different kinds of attacks that can happen on an Edge server or device, as how they are able to do this. <br />
<br />
==='''DDoS'''===<br />
''DDoS'' is a type of cyberattack in which an attacker aims to disrupt services provided by one or more servers based on distributed based on distributed resources such as a cluster of compromised Edge devices, which are also known as ''botnets''. ''DDoS attacks'' occur when an attacker persistently sends streams of packets to a victim from compromised electronic devices, which causes the hardware resources of the victim to be quickly exhausted by handling these malicious packets and can no longer process any legitimate request on time. There are two kinds of DDoS attacks: Flooding-based and Zero-day DDoS attacks. <br />
<br />
[[File: DDoS-Botnet.png]]<br />
<br />
''Flooding-based'' DDoS attacks are a type of of DDoS attacks aiming to shut down normal service of a server based on large amount of flooded malformed or malicious network packets and are mainly classified as UDP flooding, ICMP flooding, SYN flooding, ping of death (PoD), HTTP flooding, and Slowloris.<br />
<br />
[[File: UDPFLOODING.png]]<br />
<br />
''Zero-Day'' DDoS attacks are when an attacker must find an unknown vulnerability in a piece of code running on the target Edge server or device, which can cause memory corruption and finally result in a service shutdown. For example, newly built Edge servers could have ''code vulnerabilities'', such as a hanging pointers or stack overflows, and an attacker can abuse those vulnerabilities in order to cause the Edge servers or devices to overload due to memory issues and shut down.<br />
<br />
[[File: ZeroDayDDoS.png]]<br />
<br />
==='''Side-Channel Attacks'''===<br />
<br />
''Side-Channel Attacks'' happen when an attacker constantly obtains certain ''side-channel information'', like using public information that is not privately-sensitive for a user, from the target edge computing infrastructure and then feeds it into specific algorithms or machine learning models that outputs the desired sensitive information. There are three kinds of Side-Channel attacks: attacks exploiting communication channels, attacks exploiting power consumption, and attacks exploiting smartphone-based channels.<br />
<br />
''Attacks exploiting communication channels'' are when an attacker can use a malicious node, that doesn't have to be an edge server or device, in order to exploit communication channels and uses the node to continuously sniff the network traces and wishes to extract sensitive information out of them. ''Attacks exploiting power consumption'' are when attackers use smart meters and oscilloscopes in order to measure the power consumption of a system since it carries information related to either the device that consumes the energy as different devices have different power. ''Attacks exploiting smartphone-based channels'' are when attackers exploit vulnerabilities using /proc and smartphone embedded sensors due to how sensors can leak information and send malware to the user that they can install but disguised as something important and attack /proc.<br />
<br />
[[File: sidechannelattack.png]]<br />
<br />
==='''Malware Injection'''===<br />
<br />
''Malware Injection'' is when an attacker injects malicious code, or ''malware'', into edge devices or servers and is classified as either server-side or device-side injections. ''Server-side injections'' are separated into four types: SQL, XSS, CSRF and SSRF, and XML. ''Device-side injection'' is when an attacker injects the malware directly into IoT devices since IoT devices are highly heterogeneous, so an attacker can physically inject or use third-party malicious libraries that are powerful and less likely to get detected.<br />
<br />
''SQL injection'' is a code injection technique that attackers can use in order to destroy back-end databases by using the SQL query and escape sequences to trick the server into thinking the code is valid. ''XSS injection'' is a client-side attack in which an attacker injects malicious code into data content, which can be accessed and executed automatically by the servers. ''CSRF injection'' is an attack in which an end user is forced to execute unwanted actions through Web applications. ''SSRF injection'' is an attack in which Edge servers are abused to read or alter the internal resources. ''XML injection'' is an attack which an attacker intercepts an XML message and edits with malicious code so that it is sent to the Edge servers using ''Simple Object Access Protocol'' (SOAP).<br />
<br />
[[File: SQLinjectionattack.png]]<br />
<br />
==='''Authorization and Authentication Attacks'''===<br />
<br />
When these attacks happen, an attacker can bypass authentication processes and gain unauthorized access by using four techniques: dictionary attacks, attacks exploiting vulnerabilities in authorization protocols, attacks exploiting vulnerabilities in authorization protocols, and overprivileged attacks. <br />
<br />
''Dictionary attack'' is when an attacker possesses a dictionary containing the most used credentials or passwords and inputs all possible entries in this dictionary in order to brute force a match. ''Attacks exploiting vulnerabilities in authorization protocols'' are when attackers look for design flaws in how authentication protocols are being used, like finding vulnerabilities in WPA2 or WPA3 protocols which can give an attacker messages that have encrypted information. They can also use 4G or 5G vulnerabilities in order to find a person's location and inject fabricated paging messages to mess with them and gain more information. ''Attacks exploiting vulnerabilities in authorization protocols'' are when attackers look for flaws in how authorization protocols are designed, such as an attacker using vulnerabilities in OAuth single sign-in which let them access victims personal information without authorization. ''Overprivileged attacks'' are when attackers are able to develop malicious apps that can do things that they do not have permission to do without needing to authenticate, such as changing door pins and setting off fire alarms in a house. <br />
<br />
[[File: dictionaryattack.png]]<br />
<br />
==='''How are attackers able to perform these attacks?'''===<br />
<br />
Attackers are able to attack Edge devices or servers using different attack techniques, but it is more than just that. Attackers are able to abuse vulnerabilities and flaws in the Edge systems, specifically protocol-level design flaws, implementation-level flaws, code-level flaws, data correlations, and lacking in fine-grained access controls.<br />
<br />
==6.2 Data Privacy and Compliance in Edge Applications==<br />
<br />
==6.3 Security Protocols and Frameworks for Edge Systems==<br />
<br />
==6.4 Case Studies: Real-World Security Breaches==</div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=Chapter_6:_Edge_Security_and_Privacy&diff=485Chapter 6: Edge Security and Privacy2025-04-06T19:13:47Z<p>Ali Siddiqi: /* 6.1 Overview of Security Challenges in Edge Computing */</p>
<hr />
<div>==6. Edge Security and Privacy==<br />
<br />
==6.1 Overview of Security Challenges in Edge Computing==<br />
From previous chapters, Edge Computing has shown that it is here to stay and it will keep rapidly growing throughout the years. However, Edge Computing has its own security challenges that have to be addressed, because it is not a perfect system. Edge Computing has many security challenges that have to be dealt with in order to keep data safe. In this section, we will be talking about the different kinds of attacks that can happen on an Edge server or device, as how they are able to do this. <br />
<br />
==='''DDoS'''===<br />
''DDoS'' is a type of cyberattack in which an attacker aims to disrupt services provided by one or more servers based on distributed based on distributed resources such as a cluster of compromised Edge devices, which are also known as ''botnets''. ''DDoS attacks'' occur when an attacker persistently sends streams of packets to a victim from compromised electronic devices, which causes the hardware resources of the victim to be quickly exhausted by handling these malicious packets and can no longer process any legitimate request on time. There are two kinds of DDoS attacks: Flooding-based and Zero-day DDoS attacks. <br />
<br />
[[File: DDoS-Botnet.png]]<br />
<br />
''Flooding-based'' DDoS attacks are a type of of DDoS attacks aiming to shut down normal service of a server based on large amount of flooded malformed or malicious network packets and are mainly classified as UDP flooding, ICMP flooding, SYN flooding, ping of death (PoD), HTTP flooding, and Slowloris.<br />
<br />
[[File: UDPFLOODING.png]]<br />
<br />
''Zero-Day'' DDoS attacks are when an attacker must find an unknown vulnerability in a piece of code running on the target Edge server or device, which can cause memory corruption and finally result in a service shutdown. For example, newly built Edge servers could have ''code vulnerabilities'', such as a hanging pointers or stack overflows, and an attacker can abuse those vulnerabilities in order to cause the Edge servers or devices to overload due to memory issues and shut down.<br />
<br />
[[File: ZeroDayDDoS.png]]<br />
<br />
==='''Side-Channel Attacks'''===<br />
<br />
''Side-Channel Attacks'' happen when an attacker constantly obtains certain ''side-channel information'', like using public information that is not privately-sensitive for a user, from the target edge computing infrastructure and then feeds it into specific algorithms or machine learning models that outputs the desired sensitive information. There are three kinds of Side-Channel attacks: attacks exploiting communication channels, attacks exploiting power consumption, and attacks exploiting smartphone-based channels.<br />
<br />
''Attacks exploiting communication channels'' are when an attacker can use a malicious node, that doesn't have to be an edge server or device, in order to exploit communication channels and uses the node to continuously sniff the network traces and wishes to extract sensitive information out of them. ''Attacks exploiting power consumption'' are when attackers use smart meters and oscilloscopes in order to measure the power consumption of a system since it carries information related to either the device that consumes the energy as different devices have different power. ''Attacks exploiting smartphone-based channels'' are when attackers exploit vulnerabilities using /proc and smartphone embedded sensors due to how sensors can leak information and send malware to the user that they can install but disguised as something important and attack /proc.<br />
<br />
[[File: sidechannelattack.png]]<br />
<br />
==='''Malware Injection'''===<br />
<br />
''Malware Injection'' is when an attacker injects malicious code, or ''malware'', into edge devices or servers and is classified as either server-side or device-side injections. ''Server-side injections'' are separated into four types: SQL, XSS, CSRF and SSRF, and XML. ''Device-side injection'' is when an attacker injects the malware directly into IoT devices since IoT devices are highly heterogeneous, so an attacker can physically inject or use third-party malicious libraries that are powerful and less likely to get detected.<br />
<br />
''SQL injection'' is a code injection technique that attackers can use in order to destroy back-end databases by using the SQL query and escape sequences to trick the server into thinking the code is valid. ''XSS injection'' is a client-side attack in which an attacker injects malicious code into data content, which can be accessed and executed automatically by the servers. ''CSRF injection'' is an attack in which an end user is forced to execute unwanted actions through Web applications. ''SSRF injection'' is an attack in which Edge servers are abused to read or alter the internal resources. ''XML injection'' is an attack which an attacker intercepts an XML message and edits with malicious code so that it is sent to the Edge servers using ''Simple Object Access Protocol'' (SOAP).<br />
<br />
[[File: SQLinjectionattack.png]]<br />
<br />
==='''Authorization and Authentication Attacks'''===<br />
<br />
When these attacks happen, an attacker can bypass authentication processes and gain unauthorized access by using four techniques: dictionary attacks, attacks exploiting vulnerabilities in authorization protocols, attacks exploiting vulnerabilities in authorization protocols, and overprivileged attacks. <br />
<br />
''Dictionary attack'' is when an attacker possesses a dictionary containing the most used credentials or passwords and inputs all possible entries in this dictionary in order to brute force a match. ''Attacks exploiting vulnerabilities in authorization protocols'' are when attackers look for design flaws in how authentication protocols are being used, like finding vulnerabilities in WPA2 or WPA3 protocols which can give an attacker messages that have encrypted information. They can also use 4G or 5G vulnerabilities in order to find a person's location and inject fabricated paging messages to mess with them and gain more information. ''Attacks exploiting vulnerabilities in authorization protocols'' are when attackers look for flaws in how authorization protocols are designed, such as an attacker using vulnerabilities in OAuth single sign-in which let them access victims personal information without authorization. ''Overprivileged attacks'' are when attackers are able to develop malicious apps that can do things that they do not have permission to do without needing to authenticate, such as changing door pins and setting off fire alarms in a house. <br />
<br />
[[File: dictionaryattack.png]]<br />
<br />
==='''How are attackers able to perform these attacks?'''===<br />
<br />
Attackers are able to attack Edge devices or servers using different attack techniques, but it is<br />
<br />
==6.2 Data Privacy and Compliance in Edge Applications==<br />
<br />
==6.3 Security Protocols and Frameworks for Edge Systems==<br />
<br />
==6.4 Case Studies: Real-World Security Breaches==</div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=File:Dictionaryattack.png&diff=475File:Dictionaryattack.png2025-04-06T18:40:39Z<p>Ali Siddiqi: </p>
<hr />
<div></div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=Chapter_6:_Edge_Security_and_Privacy&diff=474Chapter 6: Edge Security and Privacy2025-04-06T18:40:25Z<p>Ali Siddiqi: /* 6.1 Overview of Security Challenges in Edge Computing */</p>
<hr />
<div>==6. Edge Security and Privacy==<br />
<br />
==6.1 Overview of Security Challenges in Edge Computing==<br />
From previous chapters, Edge Computing has shown that it is here to stay and it will keep rapidly growing throughout the years. However, Edge Computing has its own security challenges that have to be addressed, because it is not a perfect system. Edge Computing has many security challenges that have to be dealt with in order to keep data safe.<br />
<br />
==='''DDoS'''===<br />
''DDoS'' is a type of cyberattack in which an attacker aims to disrupt services provided by one or more servers based on distributed based on distributed resources such as a cluster of compromised Edge devices, which are also known as ''botnets''. ''DDoS attacks'' occur when an attacker persistently sends streams of packets to a victim from compromised electronic devices, which causes the hardware resources of the victim to be quickly exhausted by handling these malicious packets and can no longer process any legitimate request on time. There are two kinds of DDoS attacks: Flooding-based and Zero-day DDoS attacks. <br />
<br />
[[File: DDoS-Botnet.png]]<br />
<br />
''Flooding-based'' DDoS attacks are a type of of DDoS attacks aiming to shut down normal service of a server based on large amount of flooded malformed or malicious network packets and are mainly classified as UDP flooding, ICMP flooding, SYN flooding, ping of death (PoD), HTTP flooding, and Slowloris.<br />
<br />
[[File: UDPFLOODING.png]]<br />
<br />
''Zero-Day'' DDoS attacks are when an attacker must find an unknown vulnerability in a piece of code running on the target Edge server or device, which can cause memory corruption and finally result in a service shutdown. For example, newly built Edge servers could have ''code vulnerabilities'', such as a hanging pointers or stack overflows, and an attacker can abuse those vulnerabilities in order to cause the Edge servers or devices to overload due to memory issues and shut down.<br />
<br />
[[File: ZeroDayDDoS.png]]<br />
<br />
==='''Side-Channel Attacks'''===<br />
<br />
''Side-Channel Attacks'' happen when an attacker constantly obtains certain ''side-channel information'', like using public information that is not privately-sensitive for a user, from the target edge computing infrastructure and then feeds it into specific algorithms or machine learning models that outputs the desired sensitive information. There are three kinds of Side-Channel attacks: attacks exploiting communication channels, attacks exploiting power consumption, and attacks exploiting smartphone-based channels.<br />
<br />
''Attacks exploiting communication channels'' are when an attacker can use a malicious node, that doesn't have to be an edge server or device, in order to exploit communication channels and uses the node to continuously sniff the network traces and wishes to extract sensitive information out of them. ''Attacks exploiting power consumption'' are when attackers use smart meters and oscilloscopes in order to measure the power consumption of a system since it carries information related to either the device that consumes the energy as different devices have different power. ''Attacks exploiting smartphone-based channels'' are when attackers exploit vulnerabilities using /proc and smartphone embedded sensors due to how sensors can leak information and send malware to the user that they can install but disguised as something important and attack /proc.<br />
<br />
[[File: sidechannelattack.png]]<br />
<br />
==='''Malware Injection'''===<br />
<br />
''Malware Injection'' is when an attacker injects malicious code, or ''malware'', into edge devices or servers and is classified as either server-side or device-side injections. ''Server-side injections'' are separated into four types: SQL, XSS, CSRF and SSRF, and XML. ''Device-side injection'' is when an attacker injects the malware directly into IoT devices since IoT devices are highly heterogeneous, so an attacker can physically inject or use third-party malicious libraries that are powerful and less likely to get detected.<br />
<br />
''SQL injection'' is a code injection technique that attackers can use in order to destroy back-end databases by using the SQL query and escape sequences to trick the server into thinking the code is valid. ''XSS injection'' is a client-side attack in which an attacker injects malicious code into data content, which can be accessed and executed automatically by the servers. ''CSRF injection'' is an attack in which an end user is forced to execute unwanted actions through Web applications. ''SSRF injection'' is an attack in which Edge servers are abused to read or alter the internal resources. ''XML injection'' is an attack which an attacker intercepts an XML message and edits with malicious code so that it is sent to the Edge servers using ''Simple Object Access Protocol'' (SOAP).<br />
<br />
[[File: SQLinjectionattack.png]]<br />
<br />
==='''Authorization and Authentication Attacks'''===<br />
<br />
When these attacks happen, an attacker can bypass authentication processes and gain unauthorized access by using four techniques: dictionary attacks, attacks exploiting vulnerabilities in authorization protocols, attacks exploiting vulnerabilities in authorization protocols, and overprivileged attacks. <br />
<br />
''Dictionary attack'' is when an attacker possesses a dictionary containing the most used credentials or passwords and inputs all possible entries in this dictionary in order to brute force a match. ''Attacks exploiting vulnerabilities in authorization protocols'' are when attackers look for design flaws in how authentication protocols are being used, like finding vulnerabilities in WPA2 or WPA3 protocols which can give an attacker messages that have encrypted information. They can also use 4G or 5G vulnerabilities in order to find a person's location and inject fabricated paging messages to mess with them and gain more information. ''Attacks exploiting vulnerabilities in authorization protocols'' are when attackers look for flaws in how authorization protocols are designed, such as an attacker using vulnerabilities in OAuth single sign-in which let them access victims personal information without authorization. ''Overprivileged attacks'' are when attackers are able to develop malicious apps that can do things that they do not have permission to do without needing to authenticate, such as changing door pins and setting off fire alarms in a house. <br />
<br />
[[File: dictionaryattack.png]]<br />
<br />
==6.2 Data Privacy and Compliance in Edge Applications==<br />
<br />
==6.3 Security Protocols and Frameworks for Edge Systems==<br />
<br />
==6.4 Case Studies: Real-World Security Breaches==</div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=File:SQLinjectionattack.png&diff=472File:SQLinjectionattack.png2025-04-06T18:23:52Z<p>Ali Siddiqi: </p>
<hr />
<div></div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=Chapter_6:_Edge_Security_and_Privacy&diff=471Chapter 6: Edge Security and Privacy2025-04-06T18:23:31Z<p>Ali Siddiqi: /* 6.1 Overview of Security Challenges in Edge Computing */</p>
<hr />
<div>==6. Edge Security and Privacy==<br />
<br />
==6.1 Overview of Security Challenges in Edge Computing==<br />
From previous chapters, Edge Computing has shown that it is here to stay and it will keep rapidly growing throughout the years. However, Edge Computing has its own security challenges that have to be addressed, because it is not a perfect system. Edge Computing has many security challenges that have to be dealt with in order to keep data safe.<br />
<br />
==='''DDoS'''===<br />
''DDoS'' is a type of cyberattack in which an attacker aims to disrupt services provided by one or more servers based on distributed based on distributed resources such as a cluster of compromised Edge devices, which are also known as ''botnets''. ''DDoS attacks'' occur when an attacker persistently sends streams of packets to a victim from compromised electronic devices, which causes the hardware resources of the victim to be quickly exhausted by handling these malicious packets and can no longer process any legitimate request on time. There are two kinds of DDoS attacks: Flooding-based and Zero-day DDoS attacks. <br />
<br />
[[File: DDoS-Botnet.png]]<br />
<br />
''Flooding-based'' DDoS attacks are a type of of DDoS attacks aiming to shut down normal service of a server based on large amount of flooded malformed or malicious network packets and are mainly classified as UDP flooding, ICMP flooding, SYN flooding, ping of death (PoD), HTTP flooding, and Slowloris.<br />
<br />
[[File: UDPFLOODING.png]]<br />
<br />
''Zero-Day'' DDoS attacks are when an attacker must find an unknown vulnerability in a piece of code running on the target Edge server or device, which can cause memory corruption and finally result in a service shutdown. For example, newly built Edge servers could have ''code vulnerabilities'', such as a hanging pointers or stack overflows, and an attacker can abuse those vulnerabilities in order to cause the Edge servers or devices to overload due to memory issues and shut down.<br />
<br />
[[File: ZeroDayDDoS.png]]<br />
<br />
==='''Side-Channel Attacks'''===<br />
<br />
''Side-Channel Attacks'' happen when an attacker constantly obtains certain ''side-channel information'', like using public information that is not privately-sensitive for a user, from the target edge computing infrastructure and then feeds it into specific algorithms or machine learning models that outputs the desired sensitive information. There are three kinds of Side-Channel attacks: attacks exploiting communication channels, attacks exploiting power consumption, and attacks exploiting smartphone-based channels.<br />
<br />
''Attacks exploiting communication channels'' are when an attacker can use a malicious node, that doesn't have to be an edge server or device, in order to exploit communication channels and uses the node to continuously sniff the network traces and wishes to extract sensitive information out of them. ''Attacks exploiting power consumption'' are when attackers use smart meters and oscilloscopes in order to measure the power consumption of a system since it carries information related to either the device that consumes the energy as different devices have different power. ''Attacks exploiting smartphone-based channels'' are when attackers exploit vulnerabilities using /proc and smartphone embedded sensors due to how sensors can leak information and send malware to the user that they can install but disguised as something important and attack /proc.<br />
<br />
[[File: sidechannelattack.png]]<br />
<br />
==='''Malware Injection'''===<br />
<br />
''Malware Injection'' is when an attacker injects malicious code, or ''malware'', into edge devices or servers and is classified as either server-side or device-side injections. ''Server-side injections'' are separated into four types: SQL, XSS, CSRF and SSRF, and XML. ''Device-side injection'' is when an attacker injects the malware directly into IoT devices since IoT devices are highly heterogeneous, so an attacker can physically inject or use third-party malicious libraries that are powerful and less likely to get detected.<br />
<br />
''SQL injection'' is a code injection technique that attackers can use in order to destroy back-end databases by using the SQL query and escape sequences to trick the server into thinking the code is valid. ''XSS injection'' is a client-side attack in which an attacker injects malicious code into data content, which can be accessed and executed automatically by the servers. ''CSRF injection'' is an attack in which an end user is forced to execute unwanted actions through Web applications. ''SSRF injection'' is an attack in which Edge servers are abused to read or alter the internal resources. ''XML injection'' is an attack which an attacker intercepts an XML message and edits with malicious code so that it is sent to the Edge servers using ''Simple Object Access Protocol'' (SOAP).<br />
<br />
[[File: SQLinjectionattack.png]]<br />
<br />
==6.2 Data Privacy and Compliance in Edge Applications==<br />
<br />
==6.3 Security Protocols and Frameworks for Edge Systems==<br />
<br />
==6.4 Case Studies: Real-World Security Breaches==</div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=File:Sidechannelattack.png&diff=469File:Sidechannelattack.png2025-04-06T17:52:08Z<p>Ali Siddiqi: </p>
<hr />
<div></div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=Chapter_6:_Edge_Security_and_Privacy&diff=468Chapter 6: Edge Security and Privacy2025-04-06T17:51:48Z<p>Ali Siddiqi: /* 6.1 Overview of Security Challenges in Edge Computing */</p>
<hr />
<div>==6. Edge Security and Privacy==<br />
<br />
==6.1 Overview of Security Challenges in Edge Computing==<br />
From previous chapters, Edge Computing has shown that it is here to stay and it will keep rapidly growing throughout the years. However, Edge Computing has its own security challenges that have to be addressed, because it is not a perfect system. Edge Computing has many security challenges that have to be dealt with in order to keep data safe.<br />
<br />
==='''DDoS'''===<br />
''DDoS'' is a type of cyberattack in which an attacker aims to disrupt services provided by one or more servers based on distributed based on distributed resources such as a cluster of compromised Edge devices, which are also known as ''botnets''. ''DDoS attacks'' occur when an attacker persistently sends streams of packets to a victim from compromised electronic devices, which causes the hardware resources of the victim to be quickly exhausted by handling these malicious packets and can no longer process any legitimate request on time. There are two kinds of DDoS attacks: Flooding-based and Zero-day DDoS attacks. <br />
<br />
[[File: DDoS-Botnet.png]]<br />
<br />
''Flooding-based'' DDoS attacks are a type of of DDoS attacks aiming to shut down normal service of a server based on large amount of flooded malformed or malicious network packets and are mainly classified as UDP flooding, ICMP flooding, SYN flooding, ping of death (PoD), HTTP flooding, and Slowloris.<br />
<br />
[[File: UDPFLOODING.png]]<br />
<br />
''Zero-Day'' DDoS attacks are when an attacker must find an unknown vulnerability in a piece of code running on the target Edge server or device, which can cause memory corruption and finally result in a service shutdown. For example, newly built Edge servers could have ''code vulnerabilities'', such as a hanging pointers or stack overflows, and an attacker can abuse those vulnerabilities in order to cause the Edge servers or devices to overload due to memory issues and shut down.<br />
<br />
[[File: ZeroDayDDoS.png]]<br />
<br />
==='''Side-Channel Attacks'''===<br />
<br />
''Side-Channel Attacks'' happen when an attacker constantly obtains certain ''side-channel information'', like using public information that is not privately-sensitive for a user, from the target edge computing infrastructure and then feeds it into specific algorithms or machine learning models that outputs the desired sensitive information. There are three kinds of Side-Channel attacks: attacks exploiting communication channels, attacks exploiting power consumption, and attacks exploiting smartphone-based channels.<br />
<br />
''Attacks exploiting communication channels'' are when an attacker can use a malicious node, that doesn't have to be an edge server or device, in order to exploit communication channels and uses the node to continuously sniff the network traces and wishes to extract sensitive information out of them. ''Attacks exploiting power consumption'' are when attackers use smart meters and oscilloscopes in order to measure the power consumption of a system since it carries information related to either the device that consumes the energy as different devices have different power. ''Attacks exploiting smartphone-based channels'' are when attackers exploit vulnerabilities using /proc and smartphone embedded sensors due to how sensors can leak information and send malware to the user that they can install but disguised as something important and attack /proc.<br />
<br />
[[File: sidechannelattack.png]]<br />
<br />
==6.2 Data Privacy and Compliance in Edge Applications==<br />
<br />
==6.3 Security Protocols and Frameworks for Edge Systems==<br />
<br />
==6.4 Case Studies: Real-World Security Breaches==</div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=Chapter_6:_Edge_Security_and_Privacy&diff=449Chapter 6: Edge Security and Privacy2025-04-06T02:42:00Z<p>Ali Siddiqi: /* Side-Channel Attacks */</p>
<hr />
<div>==6. Edge Security and Privacy==<br />
<br />
==6.1 Overview of Security Challenges in Edge Computing==<br />
From previous chapters, Edge Computing has shown that it is here to stay and it will keep rapidly growing throughout the years. However, Edge Computing has its own security challenges that have to be addressed, because it is not a perfect system. Edge Computing has many security challenges that have to be dealt with in order to keep data safe.<br />
<br />
==='''DDoS'''===<br />
''DDoS'' is a type of cyberattack in which an attacker aims to disrupt services provided by one or more servers based on distributed based on distributed resources such as a cluster of compromised Edge devices, which are also known as ''botnets''. ''DDoS attacks'' occur when an attacker persistently sends streams of packets to a victim from compromised electronic devices, which causes the hardware resources of the victim to be quickly exhausted by handling these malicious packets and can no longer process any legitimate request on time. There are two kinds of DDoS attacks: Flooding-based and Zero-day DDoS attacks. <br />
<br />
[[File: DDoS-Botnet.png]]<br />
<br />
''Flooding-based'' DDoS attacks are a type of of DDoS attacks aiming to shut down normal service of a server based on large amount of flooded malformed or malicious network packets and are mainly classified as UDP flooding, ICMP flooding, SYN flooding, ping of death (PoD), HTTP flooding, and Slowloris.<br />
<br />
[[File: UDPFLOODING.png]]<br />
<br />
''Zero-Day'' DDoS attacks are when an attacker must find an unknown vulnerability in a piece of code running on the target Edge server or device, which can cause memory corruption and finally result in a service shutdown. For example, newly built Edge servers could have ''code vulnerabilities'', such as a hanging pointers or stack overflows, and an attacker can abuse those vulnerabilities in order to cause the Edge servers or devices to overload due to memory issues and shut down.<br />
<br />
[[File: ZeroDayDDoS.png]]<br />
<br />
==='''Side-Channel Attacks'''===<br />
<br />
''Side-Channel Attacks'' happen when an attacker constantly obtains certain ''side-channel information'', like using public information that is not privately-sensitive for a user, from the target edge computing infrastructure and then feeds it into specific algorithms or machine learning models that outputs the desired sensitive information. There are three kinds of Side-Channel attacks: attacks exploiting communication channels, attacks exploiting power consumption, and attacks exploiting smartphone-based channels.<br />
<br />
''Attacks exploiting communication channels'' are when an attacker can use a malicious node, that doesn't have to be an edge server or device, in order to exploit communication channels and uses the node to continuously sniff the network traces and wishes to extract sensitive information out of them. ''Attacks exploiting power consumption'' are when attackers use smart meters and oscilloscopes in order to measure the power consumption of a system since it carries information related to either the device that consumes the energy as different devices have different power. ''Attacks exploiting smartphone-based channels'' are when attackers exploit vulnerabilities using /proc and smartphone embedded sensors due to how sensors can leak information and send malware to the user that they can install but disguised as something important and attack /proc.<br />
<br />
==6.2 Data Privacy and Compliance in Edge Applications==<br />
<br />
==6.3 Security Protocols and Frameworks for Edge Systems==<br />
<br />
==6.4 Case Studies: Real-World Security Breaches==</div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=Chapter_6:_Edge_Security_and_Privacy&diff=448Chapter 6: Edge Security and Privacy2025-04-06T02:41:09Z<p>Ali Siddiqi: /* Side-Channel Attacks */</p>
<hr />
<div>==6. Edge Security and Privacy==<br />
<br />
==6.1 Overview of Security Challenges in Edge Computing==<br />
From previous chapters, Edge Computing has shown that it is here to stay and it will keep rapidly growing throughout the years. However, Edge Computing has its own security challenges that have to be addressed, because it is not a perfect system. Edge Computing has many security challenges that have to be dealt with in order to keep data safe.<br />
<br />
==='''DDoS'''===<br />
''DDoS'' is a type of cyberattack in which an attacker aims to disrupt services provided by one or more servers based on distributed based on distributed resources such as a cluster of compromised Edge devices, which are also known as ''botnets''. ''DDoS attacks'' occur when an attacker persistently sends streams of packets to a victim from compromised electronic devices, which causes the hardware resources of the victim to be quickly exhausted by handling these malicious packets and can no longer process any legitimate request on time. There are two kinds of DDoS attacks: Flooding-based and Zero-day DDoS attacks. <br />
<br />
[[File: DDoS-Botnet.png]]<br />
<br />
''Flooding-based'' DDoS attacks are a type of of DDoS attacks aiming to shut down normal service of a server based on large amount of flooded malformed or malicious network packets and are mainly classified as UDP flooding, ICMP flooding, SYN flooding, ping of death (PoD), HTTP flooding, and Slowloris.<br />
<br />
[[File: UDPFLOODING.png]]<br />
<br />
''Zero-Day'' DDoS attacks are when an attacker must find an unknown vulnerability in a piece of code running on the target Edge server or device, which can cause memory corruption and finally result in a service shutdown. For example, newly built Edge servers could have ''code vulnerabilities'', such as a hanging pointers or stack overflows, and an attacker can abuse those vulnerabilities in order to cause the Edge servers or devices to overload due to memory issues and shut down.<br />
<br />
[[File: ZeroDayDDoS.png]]<br />
<br />
==='''Side-Channel Attacks'''===<br />
<br />
''Side-Channel Attacks'' happen when an attacker constantly obtains certain ''side-channel information'', like using public information that is not privately-sensitive for a user, from the target edge computing infrastructure and then feeds it into specific algorithms or machine learning models that outputs the desired sensitive information. There are three kinds of Side-Channel attacks: attacks exploiting communication channels, attacks exploiting power consumption, and attacks exploiting smartphone-based channels.<br />
<br />
''Attacks exploiting communication channels'' are when an attacker can use a malicious node, that doesn't have to be an edge server or device, in order to exploit communication channels and uses the node to continuously sniff the network traces and wishes to extract sensitive information out of them. ''Attacks exploiting power consumption'' are when attackers use smart meters and oscilloscopes, they can measure the power consumption of a system since it carries information related to either the device that consumes the energy as different devices have different power. ''Attacks exploiting smartphone-based channels'' are when attackers exploit vulnerabilities using /proc and smartphone embedded sensors due to how sensors can leak information and send malware to the user that they can install but disguised as something important and attack /proc.<br />
<br />
==6.2 Data Privacy and Compliance in Edge Applications==<br />
<br />
==6.3 Security Protocols and Frameworks for Edge Systems==<br />
<br />
==6.4 Case Studies: Real-World Security Breaches==</div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=Chapter_6:_Edge_Security_and_Privacy&diff=447Chapter 6: Edge Security and Privacy2025-04-06T02:35:14Z<p>Ali Siddiqi: /* 6.1 Overview of Security Challenges in Edge Computing */</p>
<hr />
<div>==6. Edge Security and Privacy==<br />
<br />
==6.1 Overview of Security Challenges in Edge Computing==<br />
From previous chapters, Edge Computing has shown that it is here to stay and it will keep rapidly growing throughout the years. However, Edge Computing has its own security challenges that have to be addressed, because it is not a perfect system. Edge Computing has many security challenges that have to be dealt with in order to keep data safe.<br />
<br />
==='''DDoS'''===<br />
''DDoS'' is a type of cyberattack in which an attacker aims to disrupt services provided by one or more servers based on distributed based on distributed resources such as a cluster of compromised Edge devices, which are also known as ''botnets''. ''DDoS attacks'' occur when an attacker persistently sends streams of packets to a victim from compromised electronic devices, which causes the hardware resources of the victim to be quickly exhausted by handling these malicious packets and can no longer process any legitimate request on time. There are two kinds of DDoS attacks: Flooding-based and Zero-day DDoS attacks. <br />
<br />
[[File: DDoS-Botnet.png]]<br />
<br />
''Flooding-based'' DDoS attacks are a type of of DDoS attacks aiming to shut down normal service of a server based on large amount of flooded malformed or malicious network packets and are mainly classified as UDP flooding, ICMP flooding, SYN flooding, ping of death (PoD), HTTP flooding, and Slowloris.<br />
<br />
[[File: UDPFLOODING.png]]<br />
<br />
''Zero-Day'' DDoS attacks are when an attacker must find an unknown vulnerability in a piece of code running on the target Edge server or device, which can cause memory corruption and finally result in a service shutdown. For example, newly built Edge servers could have ''code vulnerabilities'', such as a hanging pointers or stack overflows, and an attacker can abuse those vulnerabilities in order to cause the Edge servers or devices to overload due to memory issues and shut down.<br />
<br />
[[File: ZeroDayDDoS.png]]<br />
<br />
==='''Side-Channel Attacks'''===<br />
<br />
''Side-Channel Attacks'' happen when an attacker constantly obtains certain ''side-channel information'', like using public information that is not privately-sensitive for a user, from the target edge computing infrastructure and then feeds it into specific algorithms or machine learning models that outputs the desired sensitive information. There are three kinds of Side-Channel attacks: attacks exploiting communication channels, attacks exploiting power consumption, and attacks exploiting smartphone-based channels.<br />
<br />
==6.2 Data Privacy and Compliance in Edge Applications==<br />
<br />
==6.3 Security Protocols and Frameworks for Edge Systems==<br />
<br />
==6.4 Case Studies: Real-World Security Breaches==</div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=File:ZeroDayDDoS.png&diff=446File:ZeroDayDDoS.png2025-04-06T02:26:18Z<p>Ali Siddiqi: </p>
<hr />
<div></div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=Chapter_6:_Edge_Security_and_Privacy&diff=445Chapter 6: Edge Security and Privacy2025-04-06T02:26:05Z<p>Ali Siddiqi: /* 6.1 Overview of Security Challenges in Edge Computing */</p>
<hr />
<div>==6. Edge Security and Privacy==<br />
<br />
==6.1 Overview of Security Challenges in Edge Computing==<br />
From previous chapters, Edge Computing has shown that it is here to stay and it will keep rapidly growing throughout the years. However, Edge Computing has its own security challenges that have to be addressed, because it is not a perfect system. Edge Computing has many security challenges that have to be dealt with in order to keep data safe.<br />
<br />
==='''DDoS'''===<br />
''DDoS'' is a type of cyberattack in which an attacker aims to disrupt services provided by one or more servers based on distributed based on distributed resources such as a cluster of compromised Edge devices, which are also known as ''botnets''. ''DDoS attacks'' occur when an attacker persistently sends streams of packets to a victim from compromised electronic devices, which causes the hardware resources of the victim to be quickly exhausted by handling these malicious packets and can no longer process any legitimate request on time. There are two kinds of DDoS attacks: Flooding-based and Zero-day DDoS attacks. <br />
<br />
[[File: DDoS-Botnet.png]]<br />
<br />
''Flooding-based'' DDoS attacks are a type of of DDoS attacks aiming to shut down normal service of a server based on large amount of flooded malformed or malicious network packets and are mainly classified as UDP flooding, ICMP flooding, SYN flooding, ping of death (PoD), HTTP flooding, and Slowloris.<br />
<br />
[[File: UDPFLOODING.png]]<br />
<br />
''Zero-Day'' DDoS attacks are when an attacker must find an unknown vulnerability in a piece of code running on the target Edge server or device, which can cause memory corruption and finally result in a service shutdown. For example, newly built Edge servers could have ''code vulnerabilities'', such as a hanging pointers or stack overflows, and an attacker can abuse those vulnerabilities in order to cause the Edge servers or devices to overload due to memory issues and shut down.<br />
<br />
[[File: ZeroDayDDoS.png]]<br />
<br />
==6.2 Data Privacy and Compliance in Edge Applications==<br />
<br />
==6.3 Security Protocols and Frameworks for Edge Systems==<br />
<br />
==6.4 Case Studies: Real-World Security Breaches==</div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=Chapter_6:_Edge_Security_and_Privacy&diff=444Chapter 6: Edge Security and Privacy2025-04-06T02:17:30Z<p>Ali Siddiqi: </p>
<hr />
<div>==6. Edge Security and Privacy==<br />
<br />
==6.1 Overview of Security Challenges in Edge Computing==<br />
From previous chapters, Edge Computing has shown that it is here to stay and it will keep rapidly growing throughout the years. However, Edge Computing has its own security challenges that have to be addressed, because it is not a perfect system. Edge Computing has many security challenges that have to be dealt with in order to keep data safe.<br />
<br />
==='''DDoS'''===<br />
''DDoS'' is a type of cyberattack in which an attacker aims to disrupt services provided by one or more servers based on distributed based on distributed resources such as a cluster of compromised Edge devices, which are also known as ''botnets''. ''DDoS attacks'' occur when an attacker persistently sends streams of packets to a victim from compromised electronic devices, which causes the hardware resources of the victim to be quickly exhausted by handling these malicious packets and can no longer process any legitimate request on time. There are two kinds of DDoS attacks: Flooding-based and Zero-day DDoS attacks. <br />
<br />
[[File: DDoS-Botnet.png]]<br />
<br />
''Flooding-based'' DDoS attacks are a type of of DDoS attacks aiming to shut down normal service of a server based on large amount of flooded malformed or malicious network packets and are mainly classified as UDP flooding, ICMP flooding, SYN flooding, ping of death (PoD), HTTP flooding, and Slowloris.<br />
<br />
[[File: UDPFLOODING.png]]<br />
<br />
''Zero-Day'' DDoS attacks are when an attacker must find an unknown vulnerability in a piece of code running on the target edge server or device, which can cause memory corruption and finally result in a service shutdown. For example, newly built edgh<br />
<br />
==6.2 Data Privacy and Compliance in Edge Applications==<br />
<br />
==6.3 Security Protocols and Frameworks for Edge Systems==<br />
<br />
==6.4 Case Studies: Real-World Security Breaches==</div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=File:UDPFLOODING.png&diff=443File:UDPFLOODING.png2025-04-06T02:15:57Z<p>Ali Siddiqi: </p>
<hr />
<div></div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=Chapter_6:_Edge_Security_and_Privacy&diff=442Chapter 6: Edge Security and Privacy2025-04-06T02:15:46Z<p>Ali Siddiqi: /* 6.1 Overview of Security Challenges in Edge Computing */</p>
<hr />
<div>==6. Edge Security and Privacy==<br />
<br />
==6.1 Overview of Security Challenges in Edge Computing==<br />
From previous chapters, Edge Computing has shown that it is here to stay and it will keep rapidly growing throughout the years. However, Edge Computing has its own security challenges that have to be addressed, because it is not a perfect system. Edge Computing has many security challenges that have to be dealt with in order to keep data safe.<br />
<br />
==='''DDoS'''===<br />
''DDoS'' is a type of cyberattack in which an attacker aims to disrupt services provided by one or more servers based on distributed based on distributed resources such as a cluster of compromised Edge devices, which are also known as ''botnets''. ''DDoS attacks'' occur when an attacker persistently sends streams of packets to a victim from compromised electronic devices, which causes the hardware resources of the victim to be quickly exhausted by handling these malicious packets and can no longer process any legitimate request on time. There are two kinds of DDoS attacks: Flooding-based and Zero-day DDoS attacks. <br />
<br />
[[File: DDoS-Botnet.png]]<br />
<br />
''Flooding-based'' DDoS attacks are a type of of DDoS attacks aiming to shut down normal service of a server based on large amount of flooded malformed or malicious network packets and are mainly classified as UDP flooding, ICMP flooding, SYN flooding, ping of death (PoD), HTTP flooding, and Slowloris.<br />
<br />
[[File: UDPFLOODING.png]]<br />
<br />
==6.2 Data Privacy and Compliance in Edge Applications==<br />
<br />
==6.3 Security Protocols and Frameworks for Edge Systems==<br />
<br />
==6.4 Case Studies: Real-World Security Breaches==</div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=Chapter_6:_Edge_Security_and_Privacy&diff=441Chapter 6: Edge Security and Privacy2025-04-06T02:13:39Z<p>Ali Siddiqi: </p>
<hr />
<div>==6. Edge Security and Privacy==<br />
<br />
==6.1 Overview of Security Challenges in Edge Computing==<br />
From previous chapters, Edge Computing has shown that it is here to stay and it will keep rapidly growing throughout the years. However, Edge Computing has its own security challenges that have to be addressed, because it is not a perfect system. Edge Computing has many security challenges that have to be dealt with in order to keep data safe.<br />
<br />
==='''DDoS'''===<br />
''DDoS'' is a type of cyberattack in which an attacker aims to disrupt services provided by one or more servers based on distributed based on distributed resources such as a cluster of compromised Edge devices, which are also known as ''botnets''. ''DDoS attacks'' occur when an attacker persistently sends streams of packets to a victim from compromised electronic devices, which causes the hardware resources of the victim to be quickly exhausted by handling these malicious packets and can no longer process any legitimate request on time. There are two kinds of DDoS attacks: Flooding-based and Zero-day DDoS attacks. <br />
<br />
[[File: DDoS-Botnet.png]]<br />
<br />
Flooding<br />
<br />
==6.2 Data Privacy and Compliance in Edge Applications==<br />
<br />
==6.3 Security Protocols and Frameworks for Edge Systems==<br />
<br />
==6.4 Case Studies: Real-World Security Breaches==</div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=Chapter_6:_Edge_Security_and_Privacy&diff=440Chapter 6: Edge Security and Privacy2025-04-06T02:13:08Z<p>Ali Siddiqi: </p>
<hr />
<div>==6. Edge Security and Privacy==<br />
<br />
==6.1 Overview of Security Challenges in Edge Computing==<br />
From previous chapters, Edge Computing has shown that it is here to stay and it will keep rapidly growing throughout the years. However, Edge Computing has its own security challenges that have to be addressed, because it is not a perfect system. Edge Computing has many security challenges that have to be dealt with in order to keep data safe.<br />
<br />
==='''DDoS'''===<br />
''DDoS'' is a type of cyberattack in which an attacker aims to disrupt services provided by one or more servers based on distributed based on distributed resources such as a cluster of compromised Edge devices, which are also known as ''botnets''. ''DDoS attacks'' occur when an attacker persistently sends streams of packets to a victim from compromised electronic devices, which causes the hardware resources of the victim to be quickly exhausted by handling these malicious packets and can no longer process any legitimate request on time. There are two kinds of DDoS attacks: Flooding-based and Zero-day DDoS attacks. <br />
<br />
[[File: DDoS-Botnet.png]]<br />
<br />
==6.2 Data Privacy and Compliance in Edge Applications==<br />
<br />
==6.3 Security Protocols and Frameworks for Edge Systems==<br />
<br />
==6.4 Case Studies: Real-World Security Breaches==</div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=Chapter_6:_Edge_Security_and_Privacy&diff=439Chapter 6: Edge Security and Privacy2025-04-06T02:12:59Z<p>Ali Siddiqi: /* 6.1 Overview of Security Challenges in Edge Computing */</p>
<hr />
<div>==6. Edge Security and Privacy==<br />
<br />
==6.1 Overview of Security Challenges in Edge Computing==<br />
From previous chapters, Edge Computing has shown that it is here to stay and it will keep rapidly growing throughout the years. However, Edge Computing has its own security challenges that have to be addressed, because it is not a perfect system. Edge Computing has many security challenges that have to be dealt with in order to keep data safe.<br />
<br />
==='''DDoS'''===<br />
''DDoS'' is a type of cyberattack in which an attacker aims to disrupt services provided by one or more servers based on distributed based on distributed resources such as a cluster of compromised Edge devices, which are also known as ''botnets''. ''DDoS attacks'' occur when an attacker persistently sends streams of packets to a victim from compromised electronic devices, which causes the hardware resources of the victim to be quickly exhausted by handling these malicious packets and can no longer process any legitimate request on time. There are two kinds of DDoS attacks: Flooding-based and Zero-day DDoS attacks. <br />
<br />
<br />
[[File: DDoS-Botnet.png]]<br />
<br />
==6.2 Data Privacy and Compliance in Edge Applications==<br />
<br />
==6.3 Security Protocols and Frameworks for Edge Systems==<br />
<br />
==6.4 Case Studies: Real-World Security Breaches==</div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=File:DDoS-Botnet.png&diff=438File:DDoS-Botnet.png2025-04-06T02:12:00Z<p>Ali Siddiqi: </p>
<hr />
<div></div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=Chapter_6:_Edge_Security_and_Privacy&diff=437Chapter 6: Edge Security and Privacy2025-04-06T02:11:51Z<p>Ali Siddiqi: </p>
<hr />
<div>==6. Edge Security and Privacy==<br />
<br />
==6.1 Overview of Security Challenges in Edge Computing==<br />
From previous chapters, Edge Computing has shown that it is here to stay and it will keep rapidly growing throughout the years. However, Edge Computing has its own security challenges that have to be addressed, because it is not a perfect system. Edge Computing has many security challenges that have to be dealt with in order to keep data safe.<br />
<br />
==='''DDoS'''===<br />
''DDoS'' is a type of cyberattack in which an attacker aims to disrupt services provided by one or more servers based on distributed based on distributed resources such as a cluster of compromised Edge devices, which are also known as ''botnets''. ''DDoS attacks'' occur when an attacker persistently sends streams of packets to a victim from compromised electronic devices, which causes the hardware resources of the victim to be quickly exhausted by handling these malicious packets and can no longer process any legitimate request on time. There are two kinds of DDoS attacks: Flooding-based and Zero-day DDoS attacks. <br />
[[File: DDoS-Botnet.png]]<br />
<br />
==6.2 Data Privacy and Compliance in Edge Applications==<br />
<br />
==6.3 Security Protocols and Frameworks for Edge Systems==<br />
<br />
==6.4 Case Studies: Real-World Security Breaches==</div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=File:Ddos-attack.jpg.webp&diff=436File:Ddos-attack.jpg.webp2025-04-06T02:08:46Z<p>Ali Siddiqi: </p>
<hr />
<div></div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=Chapter_6:_Edge_Security_and_Privacy&diff=435Chapter 6: Edge Security and Privacy2025-04-06T02:08:26Z<p>Ali Siddiqi: /* DDoS */</p>
<hr />
<div>==6. Edge Security and Privacy==<br />
<br />
==6.1 Overview of Security Challenges in Edge Computing==<br />
From previous chapters, Edge Computing has shown that it is here to stay and it will keep rapidly growing throughout the years. However, Edge Computing has its own security challenges that have to be addressed, because it is not a perfect system. Edge Computing has many security challenges that have to be dealt with in order to keep data safe.<br />
<br />
==='''DDoS'''===<br />
''DDoS'' is a type of cyberattack in which an attacker aims to disrupt services provided by one or more servers based on distributed based on distributed resources such as a cluster of compromised Edge devices, which are also known as ''botnets''. ''DDoS attacks'' occur when an attacker persistently sends streams of packets to a victim from compromised electronic devices, which causes the hardware resources of the victim to be quickly exhausted by handling these malicious packets and can no longer process any legitimate request on time. There are two kinds of DDoS attacks: Flooding-based and Zero-day DDoS attacks. <br />
[[File: ddos-attack.jpg.webp]]<br />
<br />
==6.2 Data Privacy and Compliance in Edge Applications==<br />
<br />
==6.3 Security Protocols and Frameworks for Edge Systems==<br />
<br />
==6.4 Case Studies: Real-World Security Breaches==</div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=Chapter_6:_Edge_Security_and_Privacy&diff=434Chapter 6: Edge Security and Privacy2025-04-06T01:59:05Z<p>Ali Siddiqi: /* DDoS */</p>
<hr />
<div>==6. Edge Security and Privacy==<br />
<br />
==6.1 Overview of Security Challenges in Edge Computing==<br />
From previous chapters, Edge Computing has shown that it is here to stay and it will keep rapidly growing throughout the years. However, Edge Computing has its own security challenges that have to be addressed, because it is not a perfect system. Edge Computing has many security challenges that have to be dealt with in order to keep data safe.<br />
<br />
==='''DDoS'''===<br />
''DDoS'' is a type of cyberattack in which an attacker aims to disrupt services provided by one or more servers based on distributed based on distributed resources such as a cluster of compromised Edge devices, which are also known as ''botnets''. ''DDoS attacks'' occur when an attacker persistently sends streams of packets to a victim from compromised electronic devices, which causes the hardware resources of the victim to be quickly exhausted by handling these malicious packets and can no longer process any legitimate request on time.<br />
<br />
==6.2 Data Privacy and Compliance in Edge Applications==<br />
<br />
==6.3 Security Protocols and Frameworks for Edge Systems==<br />
<br />
==6.4 Case Studies: Real-World Security Breaches==</div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=Chapter_6:_Edge_Security_and_Privacy&diff=433Chapter 6: Edge Security and Privacy2025-04-06T01:58:26Z<p>Ali Siddiqi: /* 6.1 Overview of Security Challenges in Edge Computing */</p>
<hr />
<div>==6. Edge Security and Privacy==<br />
<br />
==6.1 Overview of Security Challenges in Edge Computing==<br />
From previous chapters, Edge Computing has shown that it is here to stay and it will keep rapidly growing throughout the years. However, Edge Computing has its own security challenges that have to be addressed, because it is not a perfect system. Edge Computing has many security challenges that have to be dealt with in order to keep data safe.<br />
<br />
==='''DDoS'''===<br />
''DDoS'' is a type of cyberattack in which an attacker aims to disrupt services provided by one or more servers based on distributed based on distributed resources such as a cluster of compromised Edge devices, which are also known as ''botnets''. DDoS attacks ''occur'' when an attacker persistently sends streams of packets to a victim from compromised electronic devices, which causes the hardware resources of the victim to be quickly exhausted by handling these malicious packets and can no longer process any legitimate request on time.<br />
<br />
==6.2 Data Privacy and Compliance in Edge Applications==<br />
<br />
==6.3 Security Protocols and Frameworks for Edge Systems==<br />
<br />
==6.4 Case Studies: Real-World Security Breaches==</div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=Chapter_6:_Edge_Security_and_Privacy&diff=432Chapter 6: Edge Security and Privacy2025-04-06T01:35:23Z<p>Ali Siddiqi: /* 6.4 Case Studies: Real-World Security Breaches */</p>
<hr />
<div>==6. Edge Security and Privacy==<br />
<br />
==6.1 Overview of Security Challenges in Edge Computing==<br />
==='''yes'''===<br />
<br />
==6.2 Data Privacy and Compliance in Edge Applications==<br />
<br />
==6.3 Security Protocols and Frameworks for Edge Systems==<br />
<br />
==6.4 Case Studies: Real-World Security Breaches==</div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=Chapter_6:_Edge_Security_and_Privacy&diff=431Chapter 6: Edge Security and Privacy2025-04-06T01:35:10Z<p>Ali Siddiqi: /* 6.3 Security Protocols and Frameworks for Edge Systems */</p>
<hr />
<div>==6. Edge Security and Privacy==<br />
<br />
==6.1 Overview of Security Challenges in Edge Computing==<br />
==='''yes'''===<br />
<br />
==6.2 Data Privacy and Compliance in Edge Applications==<br />
<br />
==6.3 Security Protocols and Frameworks for Edge Systems==<br />
<br />
=='''6.4 Case Studies: Real-World Security Breaches'''==</div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=Chapter_6:_Edge_Security_and_Privacy&diff=430Chapter 6: Edge Security and Privacy2025-04-06T01:34:51Z<p>Ali Siddiqi: /* 6.2 Data Privacy and Compliance in Edge Applications */</p>
<hr />
<div>==6. Edge Security and Privacy==<br />
<br />
==6.1 Overview of Security Challenges in Edge Computing==<br />
==='''yes'''===<br />
<br />
==6.2 Data Privacy and Compliance in Edge Applications==<br />
<br />
=='''6.3 Security Protocols and Frameworks for Edge Systems'''==<br />
<br />
=='''6.4 Case Studies: Real-World Security Breaches'''==</div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=Chapter_6:_Edge_Security_and_Privacy&diff=429Chapter 6: Edge Security and Privacy2025-04-06T01:34:40Z<p>Ali Siddiqi: /* 6.1 Overview of Security Challenges in Edge Computing */</p>
<hr />
<div>==6. Edge Security and Privacy==<br />
<br />
==6.1 Overview of Security Challenges in Edge Computing==<br />
==='''yes'''===<br />
<br />
=='''6.2 Data Privacy and Compliance in Edge Applications'''==<br />
<br />
=='''6.3 Security Protocols and Frameworks for Edge Systems'''==<br />
<br />
=='''6.4 Case Studies: Real-World Security Breaches'''==</div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=Chapter_6:_Edge_Security_and_Privacy&diff=428Chapter 6: Edge Security and Privacy2025-04-06T01:34:04Z<p>Ali Siddiqi: /* 6. Edge Security and Privacy */</p>
<hr />
<div>==6. Edge Security and Privacy==<br />
<br />
=='''6.1 Overview of Security Challenges in Edge Computing'''==<br />
==='''yes'''===<br />
<br />
=='''6.2 Data Privacy and Compliance in Edge Applications'''==<br />
<br />
=='''6.3 Security Protocols and Frameworks for Edge Systems'''==<br />
<br />
=='''6.4 Case Studies: Real-World Security Breaches'''==</div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=Main_Page&diff=427Main Page2025-04-06T01:32:45Z<p>Ali Siddiqi: </p>
<hr />
<div><span style="color: red;"> Please note that: </span><br />
* you can only create or edit a page when you are on campus or connected to the UM VPN. <br />
* read this help page for formatting: [https://www.mediawiki.org/wiki/Help:Formatting Formatting]<br />
* read this help page for user's guide: [https://www.mediawiki.org/wiki/Special:MyLanguage/Help:Contents User's Guide]<br />
<br />
<br />
Consult the [https://www.mediawiki.org/wiki/Special:MyLanguage/Help:Contents User's Guide] for information on using the wiki software.<br />
<br />
== Getting started ==<br />
* [https://www.mediawiki.org/wiki/Special:MyLanguage/Manual:Configuration_settings Configuration settings list]<br />
* [https://www.mediawiki.org/wiki/Special:MyLanguage/Manual:FAQ MediaWiki FAQ]<br />
* [https://lists.wikimedia.org/postorius/lists/mediawiki-announce.lists.wikimedia.org/ MediaWiki release mailing list]<br />
* [https://www.mediawiki.org/wiki/Special:MyLanguage/Localisation#Translation_resources Localise MediaWiki for your language]<br />
* [https://www.mediawiki.org/wiki/Special:MyLanguage/Manual:Combating_spam Learn how to combat spam on your wiki]<br />
<br />
== Structure of this WiKi ==<br />
<br />
1. [http://www.edgecomputingbook.com/index.php/Edge_Cloud:_Bringing_Computing_Close_to_the_User Edge Cloud Demo] - Sample <br />
<br />
2. [http://www.edgecomputingbook.com/index.php/Chapter_1:_Edge_Computing Edge Computing Chapter 1] - Reference Sample<br />
<br />
1. [http://www.edgecomputingbook.com/index.php/Introduction_to_Edge_Computing Introduction to Edge Computing] (Vrunda Kadam, Aayush Chopra, and Riya Pawar)<br />
<br />
1.1 [http://www.edgecomputingbook.com/index.php/Introduction_to_Edge_Computing#1.1_What_is_Edge_Computing? What is Edge Computing?]<br />
<br />
1.2 [http://www.edgecomputingbook.com/index.php/Introduction_to_Edge_Computing#1.2_Why_we_need_Edge_Computing? Why We Need Edge Computing?]<br />
<br />
1.3 [http://www.edgecomputingbook.com/index.php/Introduction_to_Edge_Computing#1.3_Edge_Computing_application_Domains_and_Typical_Applications Edge Computing Application Domains and Typical Applications]<br />
<br />
1.4 [http://www.edgecomputingbook.com/index.php/Introduction_to_Edge_Computing#1.4_Different_Edge_Computing_Paradigms Different Edge Computing Paradigms ]<br />
<br />
<br />
2.[http://www.edgecomputingbook.com/index.php/User:Farhan#Edge_Computing_Architecture_and_Layers Edge Computing Architecture and Layers (Amit Saha, Md Eleus, Farhan Tanvir)] <br />
<br />
2.1 [http://www.edgecomputingbook.com/index.php/User:Farhan#1.1_IoT,_Mobile,_and_Digital_Twins IoT, Mobile, and Digital Twins]<br />
<br />
2.2 [http://www.edgecomputingbook.com/index.php/User:Farhan#1.2_Cloud Cloud]<br />
<br />
2.3 [http://www.edgecomputingbook.com/index.php/User:Farhan#1.3_Edge_and_Fog Edge and Fog] <br />
<br />
2.4 [http://www.edgecomputingbook.com/index.php/User:Farhan#1.4_Edge-Cloud_Continuum Edge-Cloud Continuum] <br />
<br />
<br />
3.[http://www.edgecomputingbook.com/index.php/Edge_Computing_Products_and_Frameworks Edge Computing Products and Frameworks (Ashwin Alinkil, Jasmine Rabie, Nate Pierce, Brian Retterer)] <br />
<br />
3.1 [http://www.edgecomputingbook.com/index.php/Edge_Computing_Products_and_Frameworks#3.1_Industry_Products:_AWS_as_an_Example Industry Products: AWS as an Example]<br />
<br />
3.2 [http://www.edgecomputingbook.com/index.php/Edge_Computing_Products_and_Frameworks#3.2_Open_Source_Frameworks Open Source Frameworks]<br />
<br />
3.3 [http://www.edgecomputingbook.com/index.php/Edge_Computing_Products_and_Frameworks#3.3_Serverless_at_the_Edge Serverless at the Edge]<br />
<br />
<br />
4.[http://www.edgecomputingbook.com/index.php/Machine_Learning_at_the_Edge Machine Learning at the Edge] (Vlad Nitu, Joel Henry Arun, Ciaran Grabowski, and Haneen Syed)<br />
<br />
4.1 [http://www.edgecomputingbook.com/index.php/Machine_Learning_at_the_Edge#4.1_Overview_of_ML_at_the_Edge Overview of ML at the Edge]<br />
<br />
4.2 [http://www.edgecomputingbook.com/index.php/Machine_Learning_at_the_Edge#4.2_ML_Training_at_the_edge ML Training at the Edge]<br />
<br />
4.3 [http://www.edgecomputingbook.com/index.php/Machine_Learning_at_the_Edge#4.3_ML_Model_Optimization_at_the_Edge ML Model Optimization at the Edge]<br />
<br />
<br />
5. Federated Learning (Manoj Alexander, Ram Kumar Ippili, Sai Revanth Iddum, and Chakradhar Nidujuvvi )<br />
<br />
<br />
6.[http://www.edgecomputingbook.com/index.php/Chapter_6:_Edge_Security_and_Privacy Edge Security and Privacy] (Nitin Madhu, Ali Siddiqi, Jyotsana Sharma, Vedant Patel)<br />
<br />
6.1 [http://www.edgecomputingbook.com/index.php/Chapter_6:_Edge_Security_and_Privacy#6.1_Overview_of_Security_Challenges_in_Edge_Computing Overview of Security Challenges in Edge Computing]<br />
<br />
6.2 [http://www.edgecomputingbook.com/index.php/Chapter_6:_Edge_Security_and_Privacy#6.2_Data_Privacy_and_Compliance_in_Edge_Applications Data Privacy and Compliance in Edge Applications]<br />
<br />
6.3 [http://www.edgecomputingbook.com/index.php/Chapter_6:_Edge_Security_and_Privacy#6.3_Security_Protocols_and_Frameworks_for_Edge_Systems Security Protocols and Frameworks for Edge Systems]<br />
<br />
6.4 [http://www.edgecomputingbook.com/index.php/Chapter_6:_Edge_Security_and_Privacy#6.4_Case_Studies:_Real-World_Security_Breaches Case Studies: Real-World Security Breaches]<br />
<br />
<br />
7. [http://www.edgecomputingbook.com/index.php/Emerging_Research_Directions Emerging Research Directions (7.1~7.3: Erika Valle-Baird, Mohamed Aboulsaad, Matthew Kwan)]<br />
<br />
7.1 [http://www.edgecomputingbook.com/index.php/Emerging_Research_Directions#7.1_Task_and_Resource_Scheduling Task and Resource Scheduling]<br />
<br />
7.2 [http://www.edgecomputingbook.com/index.php/Emerging_Research_Directions#7.2_Edge_for_AR/VR Edge for AR/VR]<br />
<br />
7.3 [http://www.edgecomputingbook.com/index.php/Emerging_Research_Directions#7.3_Vehicle_Computing Vehicle Computing]<br />
<br />
7.4 [http://www.edgecomputingbook.com/index.php/Emerging_Research_Directions#7.4_Energy-Efficient_Edge_Architectures Energy-Efficient Edge Architectures (Zaid Ghazal, Matthew Correa)]<br />
<br />
7.5 [http://www.edgecomputingbook.com/index.php/Emerging_Research_Directions#7.5_Data_Persistence Data Persistence (Warren Lazarraga)]<br />
<br />
<br />
8. [http://www.edgecomputingbook.com/index.php/Applications_of_Edge_Computing Applications of Edge Computing: Underwater Internet of Things (UIoT)]<br />
<br />
8.1 [http://www.edgecomputingbook.com/index.php/Applications_of_Edge_Computing#8.1_Introduction_to_UIoT_and_AUVs Introduction to UIoT and AUVs]<br />
<br />
8.2 Edge Computing for AUVs: Benefits and Necessity<br />
<br />
8.3 Key Challenges in Applying Edge Computing to AUVs<br />
<br />
8.4 State-of-the-Art Edge Computing Solutions<br />
<br />
8.5 Future Research Directions<br />
<br />
<br />
9.Conclusion and Future Outlook (cannot be chosen by students)</div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=Chapter_6:_Edge_Security_and_Privacy&diff=426Chapter 6: Edge Security and Privacy2025-04-06T01:30:15Z<p>Ali Siddiqi: /* yes */</p>
<hr />
<div>=='''6. Edge Security and Privacy'''==<br />
<br />
=='''6.1 Overview of Security Challenges in Edge Computing'''==<br />
==='''yes'''===<br />
<br />
=='''6.2 Data Privacy and Compliance in Edge Applications'''==<br />
<br />
=='''6.3 Security Protocols and Frameworks for Edge Systems'''==<br />
<br />
=='''6.4 Case Studies: Real-World Security Breaches'''==</div>Ali Siddiqihttp://www.edgecomputingbook.com/index.php?title=Chapter_6:_Edge_Security_and_Privacy&diff=425Chapter 6: Edge Security and Privacy2025-04-06T01:29:56Z<p>Ali Siddiqi: /* yes */</p>
<hr />
<div>=='''6. Edge Security and Privacy'''==<br />
<br />
=='''6.1 Overview of Security Challenges in Edge Computing'''==<br />
=='''yes'''==<br />
<br />
=='''6.2 Data Privacy and Compliance in Edge Applications'''==<br />
<br />
=='''6.3 Security Protocols and Frameworks for Edge Systems'''==<br />
<br />
=='''6.4 Case Studies: Real-World Security Breaches'''==</div>Ali Siddiqi