Taking Edge Security in Hand

Authors: Basant Kumar, Senior Product Manager & Dmitry Kukushkin, Product Marketing Manager, & Srinivas Musti, Principal Engineer

Across a wide range of uses, from industrial and commercial automation to smart cities, smart retail, and even military applications, edge computing is becoming a key element of system architecture. But sitting intimately connected between the Internet of Things and critical cloud workloads, edge-computing platforms are ideal targets for cyber attacks. For instance an attack on an edge platform could disrupt the IoT network serving a power-generating facility. It could corrupt displays and transaction terminals in a large retail environment. It could slip its way through the network and compromise the security of an enterprise’s cloud workloads and their data.

Yet edge platforms have lacked the security infrastructure easily available to cloud developers. Edge developers have been left on their own to become security experts as well as system developers.

In order to be as secure as possible, edge platforms must protect code and data at rest and in transit between storage and memory — but also in transit between processes and during execution. And the platforms must provide a safe, access-controlled space in which trusted tasks can reside. The platforms must do this in an environment that will include untrusted tasks and links to the outside world. That is a challenging list of requirements for any development team not backed by security gurus.

The underlying hardware capabilities necessary for this level of security exist today in Intel technologies for secure boot, secure device onboarding, crypto acceleration, and secure virtualization, among others. There are standards for secure inter-process communication (IPC). And there are open-source OS releases, hypervisors, and container managers that can be configured, if you understand how, to operate in a secure manner. But it has been up to edge platform and apps developers to fit these pieces together into a secure system that is flexible, scalable, and portable.

The Intel® Trusted Edge Platform

That is a lot to ask. To make the task realistic, Intel has created the Intel® Trusted Edge Platform. The Intel® Trusted Edge Platform is not in itself a hardware technology, a software package, a shrink-wrapped edge-computing system, or a new approach to security. Rather, it is a framework that provides ready-to-configure and use elements that together make up a trusted edge environment. The Intel® Trusted Edge Platform includes, among many elements, BIOS and firmware settings to enable hardware security features; configurations for trusted open-source operating systems, hypervisors, and container managers; APIs that virtualize hardware security functions to eliminate specifics of which CPU supports which functions; libraries of secure microservices — relatively small routines, such as remote attestation or disk encryption, that are the building blocks of more complex security operations — and IPC APIs; reference solutions; code samples; and documentation.

The Intel® Trusted Edge Platform employs open-source elements and is designed for a small footprint. Yet it enables developers to produce systems with trusted VMs and containers, safe IPC, encryption for data and code in storage and memory, and strong isolation between regions. All this security begins in the hardware root of trust, and Intel secure boot and key management facilities, and the ability to extend trust from the root up through OS, hypervisor, and container layers, and on to applications.

Because the Intel® Trusted Edge Platform’s functions are abstracted from the underlying hardware functions by APIs, a system once built will function correctly across a range of Intel processor types, from Atom through generations of Core CPUs to Xeon, using the features each CPU has to offer. Because the Intel® Trusted Edge Platform is a framework that suggests particular trusted configurations for a wide variety of platforms, developers can build just about any sort of modern environment using Type 1 or Type 2 hypervisors, bare-metal containers, choices of operating software, and a mixture of trusted and insecure apps.

Building a Trusted System with Secure Applications

To build a trusted system using the Intel® Trusted Edge Platform, developers follow a series of steps:

1. Select a system configuration: containers, VMs, or some combination.
2. Select OS, hypervisor, or Docker versions provided in the Intel® Trusted Edge Platform and follow the configuration procedures given.
3. Employ the Intel® Trusted Edge Platform’s secure microservices libraries for creating new apps, freeing developers from becoming experts in security and in the details of secure applications.
4. Put trusted apps on trusted VMs or in secure containers.
5. Put non-trusted apps on ordinary VMs or in ordinary containers.
6. Link trusted and untrusted apps as necessary using, industry-standard Public-Key Cryptography Standards (PKCS) #11 interfaces.
7. Link trusted apps to external apps or cloud services via a remote attestation server using the Intel® Trusted Edge Platform’s secure APIs.

One Example in Action

Let’s look at a trusted edge system in use. One important case where a secure edge system may be necessary is edge AI. Not only do you want to protect the operation of the AI algorithm from outside tampering, but if the model is licensed from a third party you may be required to protect the model from copying during execution and at rest. To achieve this level of security, it is best to keep the model in a trusted environment backed by an encrypted storage. Secure IPC can be used to transport input data to the model and carry inference data back to the application.

Developers can construct this system using the Intel® Trusted Edge Platform as described in the steps above. Then at boot time, Intel’s secure boot process extends the chain of trust from the hardware root of trust and Trusted Platform Module (TPM) up through a hypervisor instance and into a trusted VM. In this VM, initialization instantiates a trusted OS instance and a library of the Intel® Trusted Edge Platform security microservices, and then Intel® OpenVINO model server — to contain and execute the licensed deep-learning model — and Intel® OpenVINO security module — to validate the license and decrypt the model. The system then initialized whatever guest VMs it needs, including one for the AI application.

At run time, when the application requires execution of the model, it sends a request and the necessary input data via the Intel® Trusted Edge Platform-provided secure IPC, to the Intel® OpenVINO model server. This module then calls the Intel® OpenVINO security module, which validates the model license with an external license server, decrypts the model, and hands it to the model server. The model server then executes the model and returns inference data through the secure IPC chain to the app.

This is just one example of how developers without special security expertise can create a trusted edge environment based in Intel hardware security functions and yet portable across Intel CPU families. Such an environment can provide a secure home for sensitive code and data. Yet it can coexist with and securely interact with other coresident apps, and apps on other edge platforms or in the cloud.

Beyond protecting sensitive AI models, these trusted environments are vital for applications running in industrial IoT systems. In such applications, IoT devices and their firmware may come from a wide variety of sources, trusted or untrusted. Yet data must be extracted from these devices, processed perhaps using a combination of trusted and untrusted apps, and results saved in a secure database. Needless to say with the increasing threat of cyber attacks against infrastructure and enterprise targets, it is vital that the entire system reside on a secure platform.

By enabling developers to create their own custom trusted edge environment, employing open-source software and global security standards, the Intel® Trusted Edge Platform can put edge developers back in control of the security of their systems, while keeping them in the mainstream of trusted-system technology and ready for the further evolution of edge-computing platforms.

If you have any questions or would like to get in contact with us, the TEP team, you can do so here.

For existing NDA customers, request evaluation access here.

Notices & Disclaimers

Intel technologies may require enabled hardware, software or service activation.

No product or component can be absolutely secure.

© Intel Corporation. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries. Other names and brands may be claimed as the property of others.