Edge Devices Require New Security Approaches

The diversity of connected devices and chips at the edge — the vaguely defined middle ground between the end point and the cloud — is significantly widening the potential attack surface and creating more opportunities for cyberattacks.

The edge build-out has been underway for at least the past half-decade, largely driven by an explosion in data and increasing demands to process that data closer to the source. It takes too much time and energy to send all of that data to the cloud for processing, and demand for lower latency in everything from routers, smartphones, and tiny sensors used in safety-critical and mission-critical applications has limited what gets processed in the cloud. That leaves a lot of valuable data sitting in edge devices or moving through local networks, all of which have varying levels of security.

“It’s a pretty big tent,” said Vincent Mooney, an associate professor of computer science at Georgia Tech University. “Edge devices touch the outer limits and edges of the modern communication network, including satellites, because a lot of times people do go through satellites to access the internet. An edge device could be a satellite phone on a boat in the ocean. Then the question becomes who the attackers are that you’re worried about, and what they want.”

Because the edge covers such a wide array of devices, with all kinds of uses and price points, there is no one-size-fits-all security solution. Nevertheless, the proliferation of edge devices makes implementing security all the more pressing, particularly as governments begin to consider mandating such measures or ask industry to install them on a voluntary basis.

The edge opens new attack vectors
Until recently, many devices on the edge didn’t necessarily need security. In home networks, there was less data stored locally, and those devices that did require more security, such as set-top boxes, were not connected to other local devices. And in the office, a PC typically was connected to a server, so the connection by default was trusted.

“But now, if you’re on your laptop at home and you’re connecting to the work server, you have to go through an insecure telecoms network to get there, so you have to set up a trusted link,” said Lee Harrison, director of automotive IC solutions, Tessent, at Siemens EDA. “Everything that is now propagating into the workplace, and even these secure environments, is now classed as zero trust.”

This evolution has opened up a far larger amount of network endpoints, any of which is potentially vulnerable to attack. Alongside of that, there are new attack methods, and more sophisticated attackers.

“If you look at the attack vectors, a lot are common with other devices in the system,” said Dana Neustadter, senior director of product management for security solutions at Synopsys. “What’s more special about edge devices is that there are so many endpoints connected to networks, and they have a variety of roles. For example, if you connect a sensor to a more important network, that can be used as the launch point for an attack. And there are still the usual types of attacks, such as those that are communication-related — the sniffing of sensitive data, or stealing passwords or credentials from your fridge that’s now connected to your home network, as well as physical attacks such as side-channel hacks, or taking advantage of weak implementation of communication protocols.”

Implementing security solutions directly into an edge device is important and increasingly common, but that security also needs to extend to the network — particularly the interaction between the network and the edge device. The solutions cannot be on the edge alone, and must be an interaction between the network and the edge device.

“Payment is a good example,” said Marc Witteman, director of the device security research lab at Keysight. “If you go back 10 years, most banks had already introduced cards with a chip on it, and these chips are designed in a secure fashion. They are still the most secure hardware solutions that are out there now. Consumers wanted to have payment solutions on their cell phones, which was a bit of a pickle for banks because cell phones by themselves are not secure platforms. These devices are so complex that it’s very difficult to implement a completely secure hardware layer, which a smart property has. The way they try to solve that in their design is by using a certain level of security in the network combined with the edge device. So there are security protocols that run between the clouds, if you will, and the edge device that enhances its security.”

Because edge devices are such a broad category, with so many uses, designs, and price points, there is no single way to secure them. That means designers must think about security, according to Neustadter, “during all phases of operation, starting at power off to prevent theft of stored code and data. For instance, re-flashing of internal memory, or even replacing external memory. Then, during power up, it’s important to validate the device identity, as well as validating the software before execution. And then, during run time, it’s also critical to continuously check for threats and establish secure communications with external entities.”

New architectures, new opportunities
For a growing number of applications, security is a competitive feature. “We’re finally starting to see chip designs that actually incorporate security practices into them,” said Michael Daniel, president and CEO of the Cyber Threat Alliance.

All of the major chip vendors now incorporate security into their chips, including those based on the RISC-V instruction set architecture. Siemens’ Harrison noted that many of Siemens’ customers in the automotive industry, where security is seen as particularly paramount, have begun actively looking at RISC-V at least partially due to the security benefits of that infrastructure.

“There’s a whole ecosystem that’s grown up around RISC-V, in the same way that Arm has its own ecosystem,” Harrison observed. “RISC-V lagged behind Arm for a little while, because Arm is a closed ecosystem, but RISC-V has essentially caught up with that. Generally, if you adopt a RISC-V, then you’re very unlikely to need to create any new technology yourself. You can generally go out there and find it, whereas the x86 is a bit old, and there isn’t that ecosystem out there to support it.”

Whether it’s x86, Arm, ARC, RISC-V, or any other architecture, security on the edge relies on a strong root of trust. Daniel recommends building that root of trust directly into the hardware, pointing to Microsoft’s Trusted Programming Module as an example.

But creating a root of trust necessitates tradeoffs, which can be complex on edge devices. The actual size of the device can be limiting, and so can performance requirements and cost. Harrison compared this to a data center server, in which the area and power might not be the biggest concerns, so therefore the system can contain a root of trust that will have its own dedicated RISC-V processor running security software.

“Depending on the scale of the device, you could have a fully featured root of trust,” he said. “With all of these additional features, you could have a RISC-V as part of that root of trust running security software. But then, if you compare that to, say, a small sensor device, if you take that fully functioned root of trust with a security CPU, the area could be five times the size of the sensor.”

Protection against physical attacks
Edge devices are, by nature, easily accessible. Anyone can go out and buy a new smartphone, router, step counter, or any of the other myriad devices that can be classified as the end point of a network.

“If the attackers are really incentivized, they can invest more to connect to the device and use existing interfaces, test ports, side channel type of attacks, or even decapsulate to go even further for more high value edge devices,” said Synopsys’ Neustadter.

Witteman said secure boot approaches may be the best line of defense against these types of physical attacks. Still, while de rigueur among secure devices, secure boot has yet to truly catch on with edge devices. That lag is not due to hardware or software limitations, he said, but rather a need for better education among engineers and designers.

“Developers need to understand these concepts better, and there’s open source solutions that they can use,” Witteman said. “It’s not rocket science for somebody who has an understanding about security. It’s mostly a lack of awareness that limits the way developers use these concepts.”

Regulation is an added incentive
Recent governmental initiatives are having a major effect on the push to incorporate security into edge devices. In the E.U., the Cyber Resilience Act, proposed in 2022, is still pending formal adoption. Should it go into effect, it would require devices whose “intended and foreseeable use includes direct or indirect data connection to a device or network,” to meet new security requirements throughout their lifecycle.

In the U.S., the Federal Communications Commission introduced a voluntary cybersecurity program in March 2024, in which participating companies would be allowed to label their smart devices with a label stating they meet “robust cybersecurity standards.”

Witteman called the latter “a very good initiative” that could help move the industry toward “more demonstrable security,” but he believes it’s too early for any results to be noticeable.

Harrison likewise expressed optimism, saying both measures are beneficial. “Go back a couple of years and security was an option, but depending on who you spoke to, a lot of companies would say that security actually added no value to their products, because it doesn’t,” Harrison said. “There are no actual new features, no new functionality. There’s no visible value added by introducing the regulations and the standards. You’re able to put that little sticker on that adds value to your product, and especially, say, in Europe, the stickers are nice to have. But also in Europe, where you have the regulations, if the product doesn’t meet the regulations, you can’t go to market with it. There, it’s actually generating recognizable value within the security market.”

Others are wary that the voluntary route put forward by the FCC will generate the intended results. But Daniel said that while he’s cautious about regulation, he does believe legislation ultimately will be necessary. “Our experience has shown that completely voluntary standards often don’t get us to the level of cybersecurity that we want in many sectors,” he said. “You do some cybersecurity because it makes you better off, but because of the interconnected nature of the Internet, your risk is also my risk. It’s everybody’s risk. So there is a public good aspect to cyber security. Most economics teaches that if you have a public good, then purely private endeavors will under-invest in it.”

Conclusion
The proliferation of edge devices has necessitated a shifting of security to the edge, as well. Each device represents a possible target for attackers. However, security on the edge can’t be viewed in a vacuum. Instead, it must be seen as part of a continuum, with security measures implemented all along a network.

There isn’t a one-size-fits-all solution for security on the edge, due to the sheer variety of devices, each with different design needs and price points. But security must be considered early in the design, and there are minimum steps that can be incorporated, no matter the device’s ultimate cost, such as establishing a strong root of trust.

Governments have begun to take notice of edge devices and the threat that attackers can pose to consumers. With mandatory legislation pending in Europe, and a voluntary program in place in the United States, pressure will grow on designers to incorporate at least some security features into their edge devices.

Related Reading
As EDA Processes Becomes More Secure, So Do Chips
Researchers and engineers are working on increasingly secure processes in the EDA workflow, but they add to the cost.
Why It’s So Hard To Secure AI Chips
Much of the hardware is the same, but AI systems have unique vulnerabilities that require novel defense strategies.