Building Trust at the Edge: Lessons Learned
AI inference is emerging as a primary case for edge computing. Moving the inference engine close to the data conserves network bandwidth and improves response time. Kubernetes on bare-metal has emerged as the preferred platform for edge inference due to the exceptional performance it delivers. However, for many service providers, the complexity associated with securing thousands of edge nodes outweighs the performance benefit.
Edge workloads have unique security considerations. The nodes are often located at unsecured remote sites, and a trained model is a valuable asset. It represents business intelligence. Therefore, ensuring both network and physical security -- without impacting performance -- is a primary concern.
Due to its nature, the edge security threat model vastly differs from the traditional cloud based deployments. Edge systems have to be modeled with the assumption that there is no reliable physical security at the edge. Furthermore, the nodes may be sitting on a less trusted/untrusted network, exposing them to both remote and local attack vectors.
The presenter will share lessons learned during a real world case study using Kubernetes to securely manage large scale edge AI deployments. In this talk, we start with a threat model and discuss about various challenges with securing the edge systems, and present a common set of design patterns and constructs to enable trust at the edge.
The security of the edge is modeled to protect against both remote and local attack vectors. It combined several complementary technologies:
- Secure enrollment and remote attestation of edge nodes with cloud controllers.
- Secure and measured boot via a hardware root of trust.
- Immutable drive partitions and encryption to protect the data at rest.
- TPM backed JWT and X.509 node/application identities for authenticating control plane and workloads with remote/cloud services.
- Run-time integrity monitoring and failure reporting.
- Secure OTA delivery of software updates.
- Securing and managing the supply-chain.
The session concludes with discussing possible future enhancements based on the current limitations/gaps observed with orchestrating security with disparate edge software stacks and ecosystems.