Multi-access edge computing (MEC), known by many by its previous name, mobile edge computing, is a network architecture that gives network operators and service providers cloud computing capabilities as well as an IT service environment at the network edge. The concept of MEC has grown increasingly popular over the past few years, with the curiosity of many interested parties snowballing alongside the expansion of the Internet of Things (IoT). In this three-part series of articles on MEC, we’ll look at how multi-access edge computing works, the security challenges it faces and how it can be protected and secured, and how it will be used to improve the networks and services of tomorrow.
As with any network technologies or architectures, multi-access edge computing is not immune to the various threats and hazards that lay in wait. Cyber security is the one of the fastest growing industries on the planet for a reason, after all.
One of the biggest points to take away from any discussion regarding network security is that all organisation should by this point be securing any applications that run on a network, regardless of what’s under the hood, be that edge computing architecture or otherwise.
With this being said, there are a few ways in which you can better prepare security measures for the implementation of multi-access edge computing architectures, which we’ll come to later.
Firstly, let’s take some time to get to know the threats facing MEC systems.
What Are the Threats?
There are various threats and hazards that could target or befall MEC networks or devices and network operators and administrators should always be aware of the dangers they face in their line of work. In order to better inform you about the risks facing multi-access edge computing, here is our list of five of the most common or disruptive attacks that MEC architectures or devices may be vulnerable to.
Compromised Protocols
One of the most consequential attacks that multi-access edge computing systems are vulnerable to is the compromising of unsecured internet protocols. If a hacker has compromised your edge system, they will most likely be able to both read and modify any data or network traffic that travels through any connected edge devices.
Many of these protocols are unsecure by default, and so consideration should always be given to what may need to be secured and what potential impacts the compromising of such protocols as SMTP (mainly used for email) and HTTP (mainly used for unsecure web browsing) would have on businesses and network operations.
Man-in-the-Middle Attacks
Speaking of protocols, they, alongside certain kinds of security measures, can also be vulnerable to man-in-the-middle attacks. These kinds of attacks are when a hacker or malicious agent intercepts, relays, and potentially alters the communications of two or more parties who believe they are communicating with each other directly.
DNS protocols are particularly vulnerable to attacks such as this, however, other protocols such as poorly configured cryptographic protocols can also become vulnerable to man-in-the-middle attacks. Attacks such as these are often indicative of an attacker having control over one or several edge devices.
Falsified Information & Logs
The situations detailed in the two above scenarios are bad enough in themselves, however, they can then lead to even bigger problems down the line for both your multi-access edge computing architecture and any connected networks or devices.
Falsified information and/or logs can have disastrous consequences for data integrity and overall business operations. This kind of attack could also be used to further tighten a malicious hacker’s grip on a system using falsified information to bypass security measures and grant access to other vulnerable subsystems or applications.
Loss of Policy Enforcement
The loss of policy enforcement functions such as VPN termination, IP whitelisting, or MPLS/VLAN labeling could also have an extremely significant impact on system and/or network integrity. Ensuring these situations are considered before deploying MEC systems can help to reduce their likelihood.
The failing of edge devices relied upon for enforcing security measures is something all those wishing to invest in MEC architectures will need to understand and know how to react to. If these measures fail, the hacker compromising your system would potentially have access to all the data coming from the vulnerable edge device or devices.
Loss of Data
The most obvious risk from inadequate security and protective measures is the loss of data to those who may wish to intercept and steal it. Not only is personal and sensitive data at risk of interception, but also the metadata generated by edge devices detailing your business’s or organisation’s internet usage and browsing behavior.
Details such as what services and applications you access, the identity of who is connecting to your network and all of the details that would be available through other network data such as email content and recipients could all be accessed by determined hackers with the right resources and know-how.
Securing MEC
Without a doubt, securing multi-access edge computing architectures is a challenge that is still being debated and solutions still being developed. Predicting how MEC architectures will influence security and protective measures is difficult at this stage due to there still being very few real-world examples of fully developed multi-access edge computing setups.
One approach to MEC security that appears to hold potential is that of a four-layered approach. This method would break down security for MEC architectures into four different layers. These would be a hardware layer, communications layer, cloud security layer, and a management layer.
The hardware layer would focus on a security-by-design approach being adopted by OEMs during the design period of their products, making it easier and simpler to implement further protections when and wherever needed. The communications layer would focus on how data is being transmitted and how best to secure it, using bespoke methods for both long and short-range communications.
The cloud security layer would be designed to take the most sensitive, personal, or confidential data and send it to the cloud where the strongest encryption services would be available to protect it. Cloud-based authentication measures could also be utilized within the cloud security layer.
The fourth and final layer would focus on the management and life-cycle aspects of MEC security. This would include downloading security and firmware updates in order to keep your system up to date.
In the final article of this three-part series, we’ll be looking at five ways in which multi-access edge computing will be used in the not-so-distant future.