High performance and high security will become a requirement for the IoE, but right now they do not go together.
The Internet of Everything will require a new breed of networks to handle data from billions of devices quickly and securely, but how exactly that will happen isn’t completely clear.
The terms “high performance” and “high security” are generally incompatible in the networking world because the security technology in use today bogs down network performance. To have a high level of security requires scrutiny of software and/or hardware components, and the high-security algorithms required to make that happen add overhead and tend to be resource hogs. While there is progress being made in high-speed cryptography, it is still difficult to put high-security overlays on high-speed networks.
So far, this discontinuity has remained well under the radar, but that’s about to change. With the IoE beginning to ramp, the amount of data flying around is growing. The data is being managed well enough by big data tools, but at this point there is no “big cryptography” to use with it.
“High-performance networks have been around for awhile, but they have mostly been associated with the cloud – the backend infrastructure,” says Simon Blake-Wilson, vice president of products and marketing for Rambus’ Cryptography Research Division.
Outside of that market slice, performance historically has not been deemed as critical. That’s changing relatively quickly, particularly with the advent of more high-definition video streaming and high-resolution images. Advances in security are progressing much more slowly.
“There is a real difference in network requirements for a high-definition video stream, for example, compared to some tiny temperature sensor at some remote location in Idaho, tracking weather changes,” says Andreas Schlapka, director of marketing for Micron.
The security requirements for each can vary, as well. “These (criminal) elements need to stay a step ahead of the authorities, so they are constantly pushing the envelope to find new ways to go thought the layers of security,” notes Nilam Ruparelia, Microsemi ’s senior director of strategic marketing. “If there is only one layer, regardless of whether it is hardware, software or middleware, it’s easier it is to break through. Therefore, the security requirements can end up being quite challenging across the high-speed network landscape.”
Today, much of the security on these networks is software-based. For traditional enterprise-type networks, that has worked relatively well. However, the emerging landscape will be a much more heterogeneous mix of various networks, from M2M, to legacy ISM networks, to unlicensed networks and the IoE. All of them will need to be able to interconnect a variety of end points, as well as support centralized control of the network. “There will be a number of new challenges around the massive number of end points that will be the IoE,” says Rambus’ Blake-Wilson.
That will both require and challenge the bandwidth. Many of these networks and devices won’t have the option of running bloated software-based security, so they will have to use hardware-based cryptography for multiple layers.
Wireless adds another challenge. It is a principal component of the IoE, whether for short-range platforms like Bluetooth or the macro world of cellular. And all of these will have to be secured. Throw in legacy networks, and the challenges grow even larger.
Consider a next-generation hub, which likely will have a much higher number of connections of IoE devices—1 million is not unrealistic. This will become a typical scenario because of the billions of devices that will become part of the IoE, as opposed to the traditional thinking of limiting connections to each device to ensure ample bandwidth. “From a high-performance networking perspective, it is fundamentally a million pipes with decent bandwidth, as opposed to five pipes with thrilling bandwidth,” according to Blake-Wilson.
But there are different issues with that many connections. As long as that network is humming along flawlessly, data finds its way in and out of the hub at decent speeds. If there are only five devices connected to it and the hub goes down, the impact is minimal. And if it takes five seconds to reroute, or reconnect each connections, that is a very short period of time in the overall picture.
But with 1 million pipes connected to an IoE hub, if that hub goes down a lot of devices will be affected. If it takes 5 seconds each to reconnect these devices, the impact can last for some time and affect a large perimeter. How big this problem could become no one knows for sure because there are few, if any models in existence that can be used to see the effects of such multitudes of connections across masses of devices in high-speed networks. But once this scenario begins deployment, it’s clear there will be a new set of challenges to overcome.
One of the cases that will present some interesting scenarios is 5G. Today 5G is mostly associated with mobile to mobile smartphone communications protocol. “The reality is that the 5G infrastructure will cover everything from a mobile phone, and all its data capabilities, to all of the IoE applications,” says Micron’s Schlapka,
In fact, 5G is expected to drive the IoE. That makes it a very high-bandwidth demand ecosystem. This might just be the perfect storm for high-speed, high-security networks. “This scenario will be a combination of bands across many different networks, and technologies,” notes Schlapka.
This case will really test the design of high-performance, high-security networks, particularly for wireless. The 5G infrastructure will have to integrate everything from low-frequency RFID to military, satellite, ISM unlicensed, yet to be developed >100 GHz frequency bands, and the IoE. That will likely be the biggest challenge to the next generation of high-performance networks, and the security such diversified networks will require.
Another complication involves vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communications. In this scenario, speed adds another dimension in terms of passing data though the network, while plugging life-safety concerns into the system. High speed networks must be able to move data in and out quickly with very low latency. If the brake message gets sent to the particular vehicle processor quickly, it can’t sit there and let the processor queue the message because it is being hit from many vectors simultaneously. This requires available bandwidth plus throughput.
On top of that, security, or message authentication, must be fast and foolproof. “There are some interesting tradeoffs to be made in such a scenario,” notes Blake-Wilson. This is another challenge because, today, fast cryptography across fast-firing networks has some difficultly be implemented in many cases. “Clearly, one doesn’t want V2V communications to be disrupted from a security perspective. You don’t want to have to wait five seconds for the system to establish communications in a safety-critical situation. These are some really challenging secure, high-speed networking issues.”
Perhaps the first commandment of such networks is that they must be always available. Commandments number two and three are that they must be highly reliable, and secure. To accomplish that a variety of metrics must be met. Top on the list is that network processors must provide intelligence so that the data is managed and routed to the destination with a minimum of delay using the best available path. That means high-performance networks must be self-organizing and self-regulating to utilize network resources effectively.
It also requires taking advantage of the latest chip design technologies, such as adding ECC to all memories within chips and using watchdog timers. Communications accelerators also help to keep the bandwidth unclogged.
High-performance, highly secure networks for IoE applications have some particular requirements that must be satisfied compared with typical networks in order to maintain high reliability.
One of the major challenges is integrating security at all the nodes. It is easy to do in some cases, where bandwidth is plentiful and power is not an issue. But for edge devices that isn’t always the case. There, network design must consider packet processing as the first order of business. The same efficiency design at core nodes, such as data processing centers, clouds and enterprise locations, must be stratified to the edge. This generally means some type of enhanced connectivity support.
In the end, perhaps the most promising solution will be software-defined networks. Such networks will be able to provide, on-the-fly and in real time, the various levels of service that such a global umbrella of hybridized networks will require.
Security elements include secure boot, trust architectures, as well as supply chain and manufacturing protection. These must be implemented across edge networks. These are the elements that create trusted nodes, which are especially significant for IoE apps and devices that run at the edge, and there is work underway to make sure data remains intact.
“The first consideration is whether data within the system is processed securely,” said Ron Moore, vice president of marketing for the ARM‘s Physical IP Division. “So whether it’s a networking box or a phone, the processor needs to maintain integrity. But ARM does have a team of people working on how data goes node to node.”
The reason this matters at the edge is because edge networks sensors and other devices capture and transmit user-specific data between nodes. Such data (text, social media) is often user-specific and kept in edge networks, especially with wireless. That means it goes from device to device rather than through backbone networks. It also means that it easily can be linked to the user.
But with higher levels of data transfers there also is the implication of higher malicious file transfers. As transfer rates ramp up, data exfiltration or large malicious file transfers could more easily slip through the cracks. So when 5G hits, it also will fully enable applications such as remote surgery and driverless cars. Here the consequence of security breaches could be life threatening.
This creates a rather unique security landscape. Encryption, which we all know is a must, is sparsely applied in today’s IoE apps and devices. This is something that will have to change going forward, and there is already a growing awareness in some areas such as automotive.
With such a huge number of devices hanging on the IoE, it will be easy to snoop on them, and to corrupt the software that runs on them. One solution is to make these devices trusted nodes, regardless whether they are smart cars or smart toothbrushes. But how to make this happen isn’t clear. Encryption can be implemented at the node, the access point, the cloud, the network, and any number of other points. There is plenty of debate about what works best and where.
One thing that is becoming clear is that more vector points to the hardware. “To date, there has been a lot of security built in at the software layers,” notes Ruparelia. “But when it comes to hardware, there is much less.”
Hardware-level security is the best solution for many situations around high-performance networks because software requires too much overhead. That doesn’t mean software security is going away. In cases where there is plenty of bandwidth, it is often the better solution because of its expansive catalog of solutions. It also works well in large-footprint landscapes where the bounds are defined and the network can be controlled, such as some enterprises, and certain wireless networks such as metrocells. But much of this still is not well defined for 5G and the IoE.
There is no doubt that the future is high-speed, high-performance, and high-security networks. There is a decent well of knowledge around these factors today, but many of these networks have their roots in proprietary technology.
The difficulty will come in trying to make networks homogeneous. It will be a major challenge to assimilate everything out there. While there are some promising technologies on the horizon, like software-defined networks, virtualization and self-organizing networks, these are just coming on line and in limited deployments. There will be a lot of redesign in the next few years, with lots of tears along the way.
Will it come together? Most likely. But how quickly is anyone’s guess.