The Edge Era began with the migration of
artificial intelligence
(AI) from the cloud to the network edge. Smart connected IoT devices in our
homes, offices, factories and cars now outnumber the billions of existing
cloud-connected PCs and smartphones.
By 2025, an estimated 50 billion connected devices will generate enormous
amounts of data. But processing and acting on terabytes of data generated by
even a single device can be a daunting task.
In the traditional IoT connectivity paradigm, the data is transmitted to the
cloud for processing, analysis and decision making. However, as machine
intelligence and computing power shift to the edge of the network, creating an
“application edge,” we’re seeing the rise of autonomous, edge-based decision
making in smart homes, factory and process automation, transportation, smart
city and public safety systems, precision farming and agriculture.
Processing critical data locally, meaning at the edge, reduces roundtrip
latency for time-sensitive applications and eases the burden on network
infrastructure, lowering total cost of ownership. An edge device running a
pre-trained ML model can make real-time decisions locally, improving the
overall user experience. Even without a cloud connection, for example, a smart
door lock with built-in facial recognition can unlock automatically when it
recognizes the homeowner. Moreover, the smart home data remains private and
more secure when processed and stored locally at the edge.
How Best to Secure the Edge
These intelligent edge devices generate large quantities of data, some of
which may still be shared with the cloud, and it is becoming increasingly
critical to protect these devices from intrusions and malicious attacks. Any
device that connects to other devices or to the cloud is a potential entry
point for attackers to steal data, hijack operations or gain unauthorized
access to the cloud. Edge devices are especially attractive, high-value
targets for attackers. Edge devices collect raw data from sensors and process
data closer to where it’s generated while also sharing information with remote
and cloud-based services as needed. In most cases, this information contains
sensitive, private data that must be protected.
Securing data has become even more challenging with the increasing number of
data sources from edge devices, the value of that data and the required
collaboration between devices and networks. This makes it vital to have a
security-by-design approach that starts with integration at the silicon level.
Ideally this continues throughout, from design concept and modeling, to
deployment and lifecycle management, including over-the-air (OTA) updates.
A Holistic Approach to Security: Expanding and Enhancing
At NXP, we believe security is a holistic system process and not an add-on
feature. A system is as secure as its weakest component that an attacker can
reach. Edge devices, in particular, can be a lucrative attack target,
particularly if connected to, and communicating with, many other devices.
These edge devices must be protected with robust, easy-to-deploy security
technology.
Additional protection and some level of intrusion detection must be
implemented for edge devices. At the system-on-chip (SoC) level, integrated
hardware capabilities, such as root of trust, tamper detection, secure boot
and secure enclaves, combined with software mitigation techniques can all be
used to protect devices and thwart intrusions and attacks. This is the heart
of the NXP approach to security.
EdgeLock® secure enclave ‘Security HQ’
Formidable Edge Device Security with EdgeLock® Secure Enclave
Embedded hardware security is a core competency of NXP i.MX crossover MCUs and
applications processor families, which are used in a wide range of edge ML
applications. Depending on application needs, the security capability can be
integrated or isolated with a secure subsystem. NXP also provides security
software to enable secure cloud connectivity for data sharing and OTA updates
for lifecycle management.
To further build trust and ease development of secure edge devices, the
EdgeLock® secure enclave
announced in 2021 is a preconfigured, self-managed and autonomous security
subsystem that enables embedded developers to achieve their device security
goals without requiring security expertise. This accessibility to secure any
edge device is key in NXP’s mission.
The EdgeLock secure enclave functions like a “security HQ” inside an i.MX SoC,
overseeing security functions to protect devices against various types of
local and remote security attacks. The enclave eases the complexity of
implementing robust, device-wide security intelligence for IoT applications
through autonomous management of critical security functions, such as root of
trust, run-time attestation, trust provisioning, secure boot, key management
and cryptographic services.
Because system security rules are kept isolated inside of the enclave,
critical security functions can be offloaded from the rest of the SoC. This
means various security assets (like secret keys) are not co-located within or
visible from the same environment as user or OEM deployed software and
firmware on the chip. Compared to common integrated security, this isolation
increases protection against spoofing and can significantly minimize the
attack surface. Furthermore, to help prevent new attack surfaces from
emerging, the enclave can intelligently track power transitions when
applications are running.
Another major benefit is that the secure enclave can be independently
certified against various relevant schemes, allowing for OEM reusability. One
interesting example is FIPS certification, (such as this
i.MX applications processor example
) which is mandatory for certain applications. Select secure enclave
deployments are FIPS certified as integrated cryptographic modules, which
saves the end-device developer the time and money usually spent through the
certification process.
The fully integrated, on-die EdgeLock security subsystem is a standard feature
across NXP i.MX 8ULP and i.MX 9 applications processors, providing scalable
options to deploy security in thousands of edge applications, from wearables
to smart home devices to industrial automation.
The intelligent edge has great potential to change how we interact with our
world in a more productive, safe and efficient way. There’s much more to
creating intelligent edge devices than adding ML capabilities like vision and
voice recognition. It’s critical to develop edge ML applications with the
latest security technologies. Start by working with an edge computing platform
supplier that embeds robust security at the silicon level. Built-in security
technologies like EdgeLock secure enclave will help simplify the path to final
device certification through real-time isolation, trust provisioning and
device lifecycle management.