The pervasive integration of ‘things‘ in the Internet of Things together with state-of-the-art computer systems provide a stimulating environment for creativity and business opportunities, but also a large range of security challenges. Engineering the security of such systems must acknowledge the peculiar conditions under which such systems operate: low computational capacity, distributed decision-making, significant node churn, etc. These conditions must, therefore, be supported by the techniques and methodologies for building secure and robust IoT systems. With CAAVI-RICS methodology we explore credibility, authentication, authorization, verification, and integrity of IoT and edge computing systems, through explaining the rationale, influence, concerns, and security solutions that accompany them. Our contribution is a complete and detailed systematic categorization and streamlining of security problems, covering the security environment of IoT and edge computing systems. Besides, we contribute to the debate on key aspects of edge computing security and state-of-the-art solutions.

Introduction

Since its appearance, cloud computing has provided the easiest way to remotely store and access data and services. Cloud computing has rapidly brought about a revolution in how we develop our services and applications by providing on-demand self-service, multi-tenant processing resources, broad network access, pooling of resources, fast provisioning, and rapid elasticity. Despite its capacity, the cloud-based application building model does not extend to use-cases where disrupting time-sensitive functionalities and inducing higher latency can result in catastrophic events (e.g. vehicle-to-vehicle communication). Even though the cloud offers a range of advantages, it introduces new concerns about security, privacy, availability of data and services, reliability, and performance. Hence the concepts of the Internet of Things (IoT) and Edge Computing (ECP) systems. IoT cyber-physical systems are enabled through a multitude of technological innovations: on-demand adaptive resource management frameworks, lightweight communication, and data protection protocols, etc. ECP is a computational framework/deployment methodology where data analytics and decision-making processes are moved from cloud closer to data sources, i.e. to the edge of the network. ECP vastly reduces the volume of data that is sent through the network, improves overall system security, responsiveness, and latency.