Edge computing systems and applications open up new challenges with respect to security. There are issues regarding integrity, privacy and vulnarebility to be solved.
Challenges and goals
- The first challenge regarding security is due to the dependency on the integrity of the provided state information of the physical world. It is thus often times more important to guarantee data integrity than confidentiality (in contrast to legacy human-based applications like voice communication).
- The second challenge arises from the distributed nature of edge computing systems, which generally leads to a larger attack surface in comparison to centralized cloud systems.
- Finally, edge computing systems will also become primary storage points, leading to challenges with respect to security and privacy.
The goal of the security project is to address these challenges under the specific angle of the usually imposed real-time constraints, i.e., computationally lightweight methods are preferred while secure processing and storage at the edge are to be ensured.
Tasks and Methodologies
The project will focus on three tightly coupled objectives.
First we are interested in direct methods to enable secure data sources as well as secure data storage at the edge. Securing stored data involves preventing unauthorized parties from access to data, as well as preventing accidental or intentional destruction or corruption of information. The fundamental tools we will use to address these issues are lightweight, composable cryptographic primitives for data authentication and encryption. We will furthermore address secure distributed processing at the edge. Distributed processing involves communication with multiple remote parties across a network that cannot be fully controlled and trusted.
Cryptographic methods such as mutual authentication and partially homomorphic encryption will be our main tools. Finally, we will investigate low-latency cryptography with low-latency wireless systems.
The second objective in the project will focus on identities and identity management. Edge computing systems will benefit from a more open identity management. Examining new ways to handle device identities is therefore a key consideration that we will investigate. We expect that concepts such as Physical Unclonable Functions (PUFs) will provide a cost-effective, scalable and flexible solution. We will develop a methodology which meets growing demands for the management and protection of identities in edge applications.
The third objective relates to various forms of introducing robustness despite malicious attacks. Many of the attacks rely on machine learning. Even the exposure of the problem structure can lead to adversarial attacks on the classification systems. Through adversarial machine learning, our goal is to identify the worst-case (malicious) input to classifiers and to learning models, and subsequently improve the robustness of the system
Furthermore, we will address the problem of anomaly and intrusion detection through machine learning. To identify unusual patterns that do not conform to expected behavior, we will develop hybrid anomaly detectors combining unsupervised and supervised learning models.
Security and reliability, Computer systems
Wireless, Predictability, Edge computing
Edge computing, Resource management
Systems & safety engineering, Embedded control systems