Key components of edge computing

Edge computing is made possible by a network of interconnected components, each with a critical role in enabling efficient, low-latency data handling and real-time decision-making [10]. Understanding these components is critical for understanding how edge computing increases operational efficiency, and responsiveness. At the same time, edge computing supports new applications across multiple industries. We describe the key components of an edge computing framework [11] in the following subsections.

Fig. 3 represents the flow and interaction of components within an edge computing system. It outlines how data is collected, processed, and analyzed at various stages from edge devices to edge computing software, with security measures integrated throughout. We discuss every component of the edge network below.

[See PDF for image]

Fig. 3

Edge Computing Components

Edge Devices: Edge devices [12] are the primary endpoints in edge computing, where data originates and is first collected [13]. These devices come in a variety of forms, including industrial machines with sensors, cellphones, and Internet of Things sensors integrated into the infrastructure. Gathering unprocessed data from the real world like temperature readings, motion detection, video streams, or operational metrics [14], is their main duty. The capacity of edge devices to engage immediately with their surroundings and sense events and changes instantly sets them apart. They serve as the initial point of contact in the chain of data processing, starting the information flow that powers further analysis and decision-making. IoT sensors, smartphones, etc., are some of the examples.

Edge Nodes: Edge nodes [15] are intermediary devices that are positioned closer to edge devices in a localized network environment. They are essential in processing and combining data obtained from various edge devices before sending it via the data pipeline [16].

Edge nodes improve operational efficiency by removing unnecessary information from the stream, standardizing data formats [17], and carrying out simple calculations locally. By reducing the amount of data that needs to be sent to centralized cloud servers or other edge components, this preliminary data processing optimizes bandwidth utilization and minimizes delay. In addition, edge nodes facilitate local decision-making by acting as standalone data processing units, responding to events or triggers in real time using predetermined algorithms or rules. Local servers [18] and routers work as edge nodes.

Edge Data Centers: Edge data centers [19] are localized facilities that provide additional computing power and storage capacity near edge devices and nodes [20]. Unlike standard cloud data centers [21], which are often centralized and service wide geographic areas, edge data centers are intentionally spread to support specific locations or regions. For more complex computational processes and applications that demand more processing power than edge nodes alone can provide, they provide a reliable infrastructure.

By shortening the path between data collection and processing, edge data centers minimize latency [22] and facilitate quicker real-time data analysis. This results in increased responsiveness. Additionally, they are essential for managing and storing data, which guarantees local data availability and accessibility for vital edge-operating applications and services.

Edge Computing Software: Edge computing software includes a collection of frameworks, platforms, and middle ware [23] intended to efficiently oversee and coordinate edge computing activities [24]. These software solutions are designed to support different facets of edge computing, such as processing data, deploying applications, managing security [25], and integrating with centralized cloud services. They are crucial for optimizing how data moves and how communication is handled among edge devices, nodes, and central data centers. This ensures smooth functioning and performance across distributed networks. By using edge computing software, organizations can effectively deploy and oversee edge applications, tailoring them to specific industry needs and use cases. This enhances the overall scalability and flexibility of their systems.

Edge Gateways: Edge gateways [26] function as intermediate devices that link edge devices with broader network infrastructures or centralized cloud services [27]. They facilitate seamless connectivity and data transmission by managing communication protocols, aggregating data, and overseeing security functions at the edge. Integral to integrating diverse edge devices and nodes into a unified network environment, edge gateways ensure efficient interoperability and smooth data exchange. They enforce security measures such as data encryption, access control, and authentication to uphold data integrity and confidentiality during transmission between edge components and external networks or cloud-based services [28].

Edge Security: Edge security involves implementing protective measures at the network’s periphery to defend data, devices, and networks against cybersecurity [29] threats and unauthorized access [30]. These security measures are specifically adapted for edge computing environments, where data processing and storage occur nearer to the data source.

Edge security solutions encompass encryption methods, access controls, authentication protocols, and intrusion detection systems. Their purpose is to protect sensitive data and guarantee the confidentiality, integrity, and availability of information. Securing data at the edge helps organizations minimize risks linked to data breaches [31], unauthorized entry, and malicious assaults, thereby promoting confidence and dependability in edge computing implementations [32].

Every element of edge computing is essential to facilitating decentralized data processing [33], improving system performance, and opening up new possibilities for creative applications in a range of sectors. Through the utilization of edge devices, nodes, data centers, computing software, analytics capabilities, gateways, and strong security measures, enterprises can fully leverage edge computing’s potential to propel digital transformation [34], enhance decision-making, and provide customized experiences in the dynamic digital environment.

To effectively build and deploy edge computing solutions that meet specific use cases and business needs, one must have a thorough understanding of the functionality and interconnections of various components [35].

We illustrate the advantages of edge computing in the following subsection (see sec. 1.1.2).

Advantages of edge computing

In this section, we describe the advantages of edge computing over cloud and fog computing.

Low Latency and Real-Time Processing: Edge computing reduces latency by processing data closer to where it is generated, typically at the edge of the network [36]. This proximity minimizes the time it takes for data to travel between devices and centralized cloud servers, ensuring faster response times for critical applications. Real-time processing capabilities enable immediate actions based on up-to-date data, which is essential for applications like autonomous vehicles, industrial automation, and real-time analytics [37].

Strengthened Security and Privacy: Edge computing enhances security by keeping sensitive data localized and reducing exposure to external threats. Data can be encrypted at the edge before transmission to the cloud or other devices, ensuring confidentiality and integrity [38]. Localized processing also reduces the risk of data breaches during data transmission over public networks, addressing concerns related to data privacy compliance and regulatory requirements [39].

Efficient Bandwidth Management: Edge computing optimizes bandwidth usage by reducing the amount of data that needs to be transmitted to centralized cloud servers. Edge nodes [40] process and filter data locally, sending only relevant insights or summarized data to the cloud. This approach minimizes network congestion, lowers data transmission costs, and conserves bandwidth, especially in environments with limited network capacity or high data volumes [41].

Scalability and Adaptability: Edge computing [42] offers scalable solutions tailored to specific application needs and geographical locations. Organizations can deploy additional edge nodes or data centers as needed to handle increasing data volumes or computational demands [43]. This flexibility supports dynamic workload distribution and resource allocation across distributed networks, accommodating fluctuating demands and optimizing operational efficiency.

Improved Reliability and Continuity: Edge computing enhances reliability by enabling applications to operate autonomously even when connectivity to centralized cloud services is disrupted [44]. Edge nodes and devices continue to function and process data locally, ensuring uninterrupted operations in remote or challenging environments with unreliable network connectivity [45]. This capability is crucial for mission-critical applications in industries such as manufacturing, transportation, and utilities.

Please refer to the table 1 for a comparison of edge, cloud, and fog computing in different aspects. To make it easy for the viewers to understand the literature in this section, we represent the comparison between edge, fog, and cloud computing in table 1.

Table 1. Comparison of Edge, Cloud, and Fog Computing

In the following section(refer sec. 1.2, we discuss why we shifted to edge computing when the world was busy improvising and using cloud infrastructure.

Attribute-based encryption (ABE)

Attribute-Based Encryption [124] (ABE) is a type of public-key encryption where the secret key of a user and the cipher-text [125] are dependent upon attributes (e.g., user’s roles or other properties). In ABE, a user’s decryption key is associated with a set of attributes, and the cipher-text specifies an access policy over these attributes.

1. Key Policy Attribute-Based Encryption (KP-ABE):

   In KP-ABE, the ciphertext is associated with a set of attributes, and the user’s secret key is associated with an access policy. A user can decrypt a ciphertext [126] if and only if the attributes of the ciphertext satisfy the access policy in the user’s key.

   • Encryption Equation:$$\begin{array}{c}\hfill E=(C,{\{C_i=g^{r{A}_i}\}}_{iϵI})\end{array}$$ where C is the ciphertext, r is a random value, and $A_i$ are the attributes.

2. Cipher-text-Policy Attribute-Based Encryption (CP-ABE): In CP-ABE, the ciphertext [127] is encrypted with an access policy, and the user’s secret key is associated with a set of attributes. Decryption is possible only if the user’s attributes satisfy the access policy specified in the ciphertext.

   • Encryption Equation:$$\begin{array}{c}\hfill E=(C=M·{(g,g)}^{\alpha s}{\{C_i=g^{s{A}_i}\}}_{iϵI})\end{array}$$ where M is the message, $\alpha$ and s are random values, and $A_i$ are the attributes.

Searchable encryption

Searchable Encryption [128] (SE) enables search operations on encrypted data without revealing the plain-text. This is particularly useful in scenarios where data privacy is critical, but search functionality is required.

1. Searchable Symmetric Encryption (SSE): In SSE, both the data and the search queries are encrypted using symmetric keys. The server can perform search operations on the encrypted data without knowing the actual content.

   • Encryption Equation:$$\begin{array}{c}\hfill E_k(w)=\{c_i=En{c}_k(m_i)|iϵ[1,n]\}\end{array}$$ where w is the keyword, k is the symmetric key, and $m_i$ are the messages.

2. Searchable Asymmetric Encryption (SAE): In SAE, public-key encryption [129] is used, allowing anyone to encrypt the data, but only the holder of the private key can perform search operations.

   • Encryption Equation:$$\begin{array}{c}\hfill E_{\mathit{pk}}(w)=\{c_i=En{c}_{\mathit{pk}}(m_i)|iϵ[1,n]\}\end{array}$$ where w is the keyword, pk is the public key, and $m_i$ are the messages.

Homomorphic encryption

Homomorphic Encryption [116] allows computations to be performed on encrypted data without decrypting it. This property is beneficial for preserving privacy while enabling data analysis and processing in edge computing.

1. Partially Homomorphic Encryption (PHE): PHE supports specific types of operations, such as addition or multiplication, on encrypted data.

   • Example: RSA Homomorphic Addition$$\begin{array}{c}\hfill Enc(m_1)·Enc(m_2)=Enc(m_1+m_2)\end{array}$$ where $m_1$ and $m_2$ are messages.

2. Fully Homomorphic Encryption (FHE): FHE supports arbitrary computations [130] on encrypted data, allowing any operation to be performed without decryption.

   • Example: Gentry’s FHE Scheme$$\begin{array}{c}\hfill Enc(f(m_1,m_2))=f(Enc(m_1),Enc(m_2))\end{array}$$ where f is any computable function, and $m_1$ and $m_2$ are messages.

Code-based

Cryptography [131] relies on error-correcting codes for security, providing robust methods for securing communications and data storage.

• McEliece Cryptosystem:$$\begin{array}{c}\hfill c=mG+e\end{array}$$ where c is the ciphertext, m is the message, G is the generator matrix, and e is the error vector.

Lattice-based cryptography

Lattice-Based Cryptography [132] is based on the hardness of lattice problems, offering security against quantum attacks.

• Learning With Errors (LWE):$$\begin{array}{c}\hfill A·s+e=b\end{array}$$ where A is a random matrix, s is the secret vector, e is the error vector, and b is the resulting vector.

Multivariate Public Key Cryptography [133] (MPKC) uses multivariate polynomial equations as public keys, providing strong security and efficient computation.

• Multivariate Quadratic (MQ) Equations:$$\begin{array}{c}\hfill P(x)=x^{T}Qx+Lx+c\end{array}$$ where Q is a matrix, L is a vector, c is a constant, and x is the input vector.

Hash-Based Cryptography [134] leverages cryptographic hash functions for securing data and communications.

• Lamport Signatures:$$\begin{array}{c}\hfill Sig(m)=(h(s_1),h(s_2),...,h(s_n))\end{array}$$ where m is the message, $s_i$ are the secret keys, and h is the hash function.

Secure authentication

1. Immutable Records:  Blockchain ensures that all authentication records are immutable, meaning once data is recorded, it cannot be altered or deleted. This immutability prevents unauthorized modifications and provides a reliable audit trail.

2. Decentralized Control:  Unlike traditional centralized authentication systems, blockchain distributes control across multiple nodes. This decentralization [137] reduces the risk of a single point of failure and makes it more difficult for attackers to compromise the network.

3. Consensus Mechanisms:  Blockchain [138] uses consensus protocols such as Proof of Work (PoW) or Proof of Stake (PoS) to validate transactions and authentication attempts. These mechanisms ensure that only legitimate transactions are recorded, preventing fraudulent activities.

4. Cryptographic Security:  Blockchain relies on advanced cryptographic techniques [139] to secure authentication data. Public and private key pairs are used to authenticate users and devices, ensuring that only authorized entities can access the network.

5. Smart Contracts:  Self-executing contracts known as “smart contracts [140]” have their provisions encoded right into the code. They automate authentication processes, enforce security policies, and execute predefined actions when specific conditions are met, reducing the risk of human error.

Blockchain vulnerabilities

Although blockchain technology improves security, vulnerabilities still exist [141]. The following are some of the potential weaknesses in blockchain-based systems:

1. Smart Contract Exploits:   Vulnerabilities in smart contract code can be exploited by attackers to manipulate contract behavior [142]. Rigorous code auditing, formal verification, and adherence to best practices can mitigate smart contract vulnerabilities.

2. Consensus Protocol Attacks:  Consensus protocols [143] are critical to blockchain security, but they can be targeted by attacks such as 51 percent attacks, where an attacker gains control of the majority of the network’s computational power. Diversifying node ownership and using more secure consensus algorithms can reduce the risk of such attacks.

3. Sybil Attacks:  In a Sybil attack, an attacker creates multiple fake identities to gain disproportionate influence over the network [144]. Implementing identity verification mechanisms and limiting the influence of individual nodes can help prevent Sybil attacks [145].

4. Privacy Issues:  While blockchain provides transparency, it can also expose sensitive transaction data [146]. Techniques such as zero-knowledge proofs and confidential transactions can enhance privacy in blockchain networks.

Expanding the role of blockchain in securing edge computing

Blockchain technology not only guarantees security but has a much broader impact on the security and performance of all edge computing environments. Its decentralized, transparent, and tamper-resistant properties [147] provide a solid foundation to overcome some of the key challenges faced at edge computing in the process.

Data Integrity and Reliability: In edge computing, data is created and processed, often with no special capabilities [148]. Blockchain’s immutable ledger ensures that once data is recorded, it remains tamper-proof, authentic, and reliable in collecting data from edge nodes and this increasing accuracy is especially important in IoT ecosystems, where data from wearable devices are used to make important decisions. With a blockchain, any attempt to manipulate data is immediately reflected in the distributed network, creating trust in edge devices.

Decentralized information sharing: A key challenge in part computing is sharing statistics securely throughout allotted machines without counting on a critical server Blockchain gives decentralized records sharing, permitting aspect nodes to exchange secure records without failure now not even one [149]. This peer-to-peer sharing capability reduces latency and will increase community flexibility. Using blockchain, area computing systems can offer stable surroundings for depended-on users to trade touchy information together with clinical information or monetary transactions.

Access management and identity control: Blockchain has been broadly integrated into getting entry to manipulate structures in edge environments. It provides a method of managing identities and authorizations, and enables part devices to authenticate every other without a centralized authentication server [150]. This characteristic complements side network security, lowering the risks related to single points of failure around. Blockchain-based identification management can make certain that only authenticated and certified gadgets can get admission to the network, drastically decreasing the danger of unauthorized access.

IoT Device Security: Edge computing regularly is based on IoT gadgets, which can be regarded as having safety vulnerabilities. Blockchain strengthens the security of IoT gadgets by using presenting a secure framework for firmware updates, configuration control, and tool authentication [151]. Blockchain also can shop the virtual fingerprint of the tool’s firmware, permitting verification in opposition to a relied-on laser to ensure that the firmware has now not been tampered with this protection feature is important to ensuring IoT gadgets related to edge networks are not compromised.

IoT security challenges in edge computing

Edge computing performs a vital role in processing statistics in the direction in which IoT gadgets perform, reducing latency and allowing faster decision-making [154]. However, the decentralization and distribution of part nodes create new protection dangers for the IoT structures that rely upon them. Unlike cloud computing, wherein sources and safety features may be centralized and controlled more effectively, side nodes and IoT gadgets frequently operate in less-managed environments, making them more prone to attacks [155]. Some of the important challenges in securing IoT devices at the brink consist of

• Limited Resources for Security [156]: IoT devices, through format, prioritize low electricity intake, small shape elements, and value performance over robust safety functions. Many IoT devices lack the crucial computational power to put into effect superior security measures which include actual-time encryption, multi-issue authentication [157], or modern-day anomaly detection algorithms. As a result, they’ll be susceptible to commonplace attacks consisting of device tampering, statistics spoofing, and guy-in-the-center attacks.

• Physical Vulnerabilities- IoT gadgets deployed in far [158]: flung or publicly available places may be bodily tampered with, most importantly due to unauthorized right of entry to or the injection of malicious software programs [159]. For example, in commercial IoT settings, such gadgets may manipulate crucial features like equipment or energy structures, and any breach ought to have significant outcomes.

• Inconsistent Firmware and Security Updates [160]: Many IoT gadgets are constructed with proprietary firmware, and updates to patch safety vulnerabilities are often not on time or not supplied at all. This creates a developing attack floor, in particular, while IoT gadgets are deployed in large numbers, as visible in clever towns or smart domestic environments [161]. Edge nodes processing statistics from those devices need to be ready with mechanisms to locate unpatched or compromised IoT gadgets and isolate them from the network to save you from similar harm.

• Data Integrity and Privacy Concerns [162]: IoT devices regularly acquire sensitive records, which include place records, fitness metrics, or economic transactions. When such data is processed at the brink, making sure its integrity and confidentiality is an assignment, in particular, while encryption requirements are not uniformly achieved throughout gadgets. Attackers have to intercept or manipulate facts at the threshold, essential to capability breaches [163].

IoT security in cloud computing

In a cloud computing environment, IoT safety takes on a distinctive dimension. While IoT devices generate massive amounts of facts at the brink, an awful lot of these statistics are ultimately transmitted to the cloud for further processing, storage, and analysis. Cloud computing gives extra centralized management over safety, but it also introduces new demanding situations for defensive IoT data and devices. Some of those demanding situations include the following.

• Centralized Data Storage Risks [164]: Cloud systems often preserve the records generated through IoT devices, and this creates a single factor of failure if no longer properly secured. A breach inside the cloud infrastructure ought to show information from heaps of IoT devices, leading to mass-scale statistics leaks [165]. Thus, securing records in transit (from part to cloud) and at rest (in the cloud garage) is critical. Encryption, facts overlaying, and getting the right of entry to manage mechanisms need to be applied across each part and cloud to guard sensitive records.

• Cloud resource sharing and multi-tenancy: Resources in cloud environments are often shared between multiple clients or applications. For IoT applications that rely on cloud resources, this can lead to capacity weaknesses if strict separation is not maintained between tenants [166]. Attackers may want to exploit vulnerabilities in shared objects or cloud hypervisors to gain access to IoT records from different residents Security mechanisms including sandboxing, virtualization protection, and micro-partitioning are needed to ensure IoT-is covered data so efficiently in multi-tenant cloud architectures

• IoT data life-cycle Management: As IoT devices provide a continuous flow of data, managing the life-cycle of data-i.e., [167] from data generation to storage and eventual deletion-drastically evolves the cloud, it forces reinforcing this complex garage, enforcing record-keeping rules, and deleting secure information once it is no longer wanted.

Common threats to IoT security in edge and cloud environments

IoT gadgets, when integrated into both cloud and edge computing ecosystems, face quite a few threats which are compounded with the aid of their inherent barriers [168]. Some of the most prominent security threats consist of

• Botnet Attacks: IoT gadgets are the top goal for botnet attacks, in which attackers compromise big numbers of gadgets and use them to release dispensed denial-of-carrier (DDoS) attacks. The Mirai Botnet attack of 2016, as an example, exploited vulnerabilities in IoT gadgets, highlighting the vital need for more potent security controls in IoT ecosystems [169]. The distributed nature of side computing makes botnet attacks more difficult to detect and mitigate, as compromised IoT devices are spread across special places.

• Unauthorized Access: [170] Many IoT devices are deployed with default credentials or weak passwords, making them easy targets for unauthorized access. Attackers can exploit these weak access controls to take over devices, disrupt functionality, or use them as entry points to larger networks [171]. In both edge and cloud environments, stronger authentication mechanisms-such as public key infrastructure (PKI) and certificate-based authentication-are essential to prevent unauthorized access to IoT devices.

• Firmware Attacks: Since IoT devices often run on specialized firmware, attackers can cause vulnerabilities inside the firmware to gain manipulate over gadgets [172]. In aspect environments, compromised gadgets can infect special gadgets inside the network or control facts being processed via the threshold nodes. Regular firmware updates and monitoring for compromised gadgets are key to mitigating this risk.

• Data Exfiltration and Privacy Breaches: IoT devices accumulate massive volumes of touchy statistics, and attackers can make the maximum vulnerabilities in the communication channels amongst IoT gadgets, facet nodes, and the cloud to exfiltrate records [173]. Ensuring give up-to-surrender encryption and securing verbal exchange protocols (e.g., MQTT, CoAP) is vital to prevent information breaches in IoT systems.

Strengthening IoT security in edge and cloud computing

Given the scale and complexity of modern IoT systems, securing those gadgets across both cloud and edge environments requires a multifaceted approach.

• End-to-end Encryption: Data encryption should be carried out from the IoT tool to the cloud [174]. This ensures that although records are intercepted at any factor, they stay unreadable to attackers.

• Zero Trust Architecture [175]: Both edge and cloud environments can gain from a Zero Trust method, wherein no device, user, or service is inherently trusted, and entry is granted primarily based on continuous verification of identification and safety posture.

• Security Analytics and Anomaly Detection: Real-time monitoring and safety analytics can help find anomalous behavior in IoT gadgets [176]. Both edge and cloud systems need to lease devices getting to know algorithms to locate types of atypical activity, together with unauthorized access attempts, unusual records flow, or community intrusions.

• Regular Firmware and Security Patch Updates: Ensuring that IoT devices acquire everyday firmware updates and safety patches is critical to mitigating seemed vulnerabilities [177]. In area environments, automated mechanisms must be in the vicinity to push updates to faraway gadgets without user intervention.

• Dynamic Threat Modeling for Wireless Protocols : Unlike traditional cloud infrastructure, edge environments rely heavily on wireless communication protocols to transfer data between IoT devices and edge nodes [178]. Dynamic threat modeling can be used to continuously adapt security policies based on real-time traffic conditions and devices enable early detection of abnormal activity, such as unusual spikes in data flow or unauthorized access attempts. This model allows security systems to react faster to emerging threats before affecting application layers such as SQL databases, significantly reducing the window of opportunity for attackers.

• Edge device contextual knowledge : Edge device context awareness is an important aspect of security in IoT environments. Studies have shown that one of the major weaknesses in these areas is the lack of awareness of the device’s role in the network [179]. To address this, edge computing systems can benefit from implementing context-sensitive security measures. This policy will consider each device’s role in the network and its real-time status to inform the security policies applied to it. For example, if an edge device manages sensitive health information, its connections may be subject to stronger encryption and monitoring protocols than a device that monitors environmental conditions. This approach allows customized security measures, reduces unnecessary costs, and provides improved security where needed. Hacking research in IoT environments shows that one of the biggest vulnerabilities [170] lies in devices not knowing their contextual role in the network. Edge computing systems benefit from a context-sensitive security system [180], where each device’s activity and real-time status If equipped with a wearable device, its connections may be subject to strict encryption monitoring protocols if compared to a device that monitors environmental conditions. This differentiation, depending on the device context, will enable an appropriate approach to safety management, reducing unnecessary costs and increasing safety go-ahead where it matters most.

• Collaborative Edge-to-Cloud Security Models [181] : Current implementations on edge networks typically separate edge-to-cloud and device-to-edge communications using different security protocols [182]. A collaborative security model can be established where edge devices, edge nodes, and the cloud work together to monitor and react to threats at different network layers. A stated security approach together, for example, at the device layer (such as corrupted wireless data)., can detect anomalies [183], triggering local defensive actions at the stream and active threat mitigation at the cloud layer, ensuring complete system protection against wireless-based attacks [184].

• Active Firmware Integrity Check : A key vulnerability highlighted in IoT systems is regular maintenance and firmware updates. This challenge can be addressed with proactive integrity verification mechanisms that periodically check for firmware incompatibilities. This analysis can autonomously validate the integrity of edge device firmware in real-time using cryptographic hash functions [122], ensuring that devices running on old or corrupt firmware are flagged for immediate updates or quarantine This automated process on top of manual protection reduces dependencies, significantly reducing the risk of attacks due to unpatched vulnerabilities [185] on remote or hard to reach devices.

• Decentralization of security decisions [186]: Implementing security measures can be a significant breakthrough in IoT setups. Instead of all security measures being passed through a central authority, Edge devices can be powered for safety decisions based on pre-defined policies and real-time scenarios. Wireless communications, such as attempted man-in-the-middle attacks [187], are detected until the threat is resolved. This will enable faster response times to potential intrusions, especially on networks where latency or distance limits central control speed.

Dynamic security in cloud computing

Cloud computing environments [189] are relatively elastic, permitting organizations to scale their assets up or down as needed. However, this flexibility also introduces new demanding situations for keeping security. As digital machines (VMs), containers, and services are created, moved, or decommissioned, their associated security houses-including person permissions, encryption protocols [190], and get right of entry to controls-should be continuously monitored and adjusted to save your vulnerabilities.

The Dynamic Security Properties Monitoring Architecture provides a framework for this. It operates by:

• Real-Time Threat Detection and Alerts [191]: Security breaches can happen at any moment, and traditional methods that rely on periodic checks or manual interventions are insufficient. Dynamic monitoring systems scan for abnormal behavior continuously, allowing for real-time alerts and faster threat detection.

• Automated Security Protocol Updates [192]: In cloud environments, wherein offerings and programs evolve hastily, manual safety updates can introduce delays or inconsistencies. Dynamic protection systems automate the manner of updating protection rules and measures based totally on the real-time country of the cloud infrastructure. For example, if a new service is provisioned, admission to controls, and firewall guidelines [193]are updated right away to mirror the state-of-the-art protection requirements.

• Resource Efficiency in Monitoring [194]: Given the size of cloud environments, efficient useful resource use is essential. Dynamic monitoring systems prioritize critical security occasions and focus sources on high-chance areas, making sure that the general system performance isn’t compromised using the security overhead.

Dynamic security in edge computing

While cloud environments process large amounts of data in centralized locations, edge computing processes [195] data outside the network close to the data source This decentralization provides lower latency but also poses additional security risks, because edge devices tend to operate in less controlled environments.

Dynamic security monitoring in edge computing enables organizations to manage these risks

• Localized threat response [196]: Since edge nodes handle critical, real-time data processing (e.g., in autonomous vehicles or smart grids), any delay in identifying or addressing security threats can result in it’s a terrible result Dynamic monitoring enables wearable devices to automatically detect and deactivating threats waiting for centralized cloud monitoring.

• Context-Aware Security Adaptation [197]: Different edge zones are often diverse, and different types of devices are used in different environments-from industrial to public spaces, security systems can tailor their care based on the unique circumstances of each defective device, recognizing that safety risks vary widely or

• Improved scalability and Efficiency: As the number of connected devices increases, security measurements across multiple edge nodes become more complex [198]. Dynamic security monitoring can scale up the network, ensuring that every new edge device automatically joins the security architecture without manual configuration This helps ensure consistent security coverage across the edge network.

  By leveraging dynamic security monitoring in both cloud and edge environments, organizations can ensure a holistic and flexible security posture that adapts to changing infrastructure needs and emerging threats.

Evolution monitoring of security properties for cloud and edge applications

In each cloud and edge environment, protection isn’t a one-time implementation-it evolves alongside the systems it protects. As packages and offerings undergo updates, migrations, or expansions, their protection requirements change [188]. Evolution Monitoring is a forward-looking method that anticipates those changes and ensures that security measures evolve in parallel with technological improvements and new dangerous landscapes.

• Evolution in Cloud Security: Cloud environments are characterized by their speedy tempo of exchange. Applications are frequently up to date, new services are delivered, and workloads are moved among unique areas or statistics facilities [199]. Each of those modifications introduces new security challenges that must be addressed.

• Continuous Assessment of Security Posture: progress monitoring is irregular; This requires regular assessment and development of security characteristics of cloud applications based on their operational flexibility [200]. For instance, whilst an application migrates from one cloud provider to another, associated safety features-along with information encryption standards or firewall settings-need to be reassessed and adjusted as a consequence

• Proactive threat modeling and risk mitigation: The main advantage of this approach is its ability to identify potential security risks before they become a real threat Analyzing historical data and current trends, evolutionary systems can identify areas where future security vulnerabilities arise and make adjustments ahead of time [201]. where security properties can be consistent across cloud environments.

• Security as a Continuous Process: By treating safety as a reactive process, where maintenance is implemented after a breach [202], progress monitoring establishes safety as an ongoing process when cloud applications are evolving with the security measures that protect them, ensuring that the system is always ready to deal with new threats.

Application to edge computing

In edge computing, the evolution of security properties is even more critical, as edge devices frequently operate in dynamic environments. With edge computing’s decentralized nature and heterogeneous hardware, security protocols must be flexible enough to evolve in real-time as edge devices are added, removed, or updated. Key advantages of evolution-oriented protection [203] tracking in edge computing include:

• Dynamic Device Management [204]: In part environments, gadgets may additionally frequently be part of or depart the network. Each new tool introduces ability protection risks, mainly in IoT deployments wherein part devices have restrained computational electricity [205] and may run outdated software programs. Evolution-oriented monitoring ensures that security properties-such as device authentication, data encryption, and communication protocols-are continuously updated to reflect the current state of the edge network.

• Synchronization with Cloud Security [206]: As edge devices often send data to centralized cloud services, it is essential that security measures at the edge evolve in tandem with those in the cloud. For instance, if a cloud service updates its statistics garage protocols [207] to include new encryption standards, the edge devices transmitting that information should additionally evolve to ensure compatibility and protection. Evolution-oriented monitoring presents the vital framework to synchronize safety guidelines among the cloud and the edge.

• Edge-Specific Threat Adaptation [208]: Edge environments are extraordinarily susceptible to localized threats, along with physical tampering or network spoofing, particularly in commercial or public settings. Evolution-orientated monitoring [209] allows side devices adapt their safety features primarily based on the present day chance panorama of their specific operational context. For instance, an facet device in a smart town would possibly need to regulate its protection residences in real-time primarily based on nearby cyber danger intelligence reports.

• Holistic Security Evolution [210] Across Cloud and Edge: As cloud and edge computing come to be more and more intertwined, keeping protection across those environments requires a unified, evolving technique. By integrating evolution-oriented monitoring [211], groups can ensure that protection protocols dynamically adapt across each the cloud and the edge, offering a comprehensive defense toward emerging threats.

We discuss various attacks suffered by the edge network in the following section(see sec. 3).

Distributed denial of service (DDoS) attacks

In a DDoS attack [213], an aspect tool or community is flooded with internet visitors which will disrupt its ordinary functioning. These attacks can have a great impact on the availability of services leading to downtime hence denying legitimate users access to resources. Since they are distributed and often require little resource capacity, edge devices are prone to such kinds of attacks. Such an attack may occur at the network level on the edge computing architecture where devices connect to the internet and interconnect with other devices plus central servers [214].

Man-in-the-iddle (MitM) attacks

Man-in-the-middle attacks, also known as MitM attacks [215], happen when a third party listens in on two parties that are communicating and can change the content of the conversation. In aspect computing terms, this will mean that information is intercepted while moving among important servers and side gadgets resulting in information robbery or alteration. The incidents compromise statistics integrity in addition to confidentiality exposing full-size protection gaps. These attacks are possible within the conversation layer [216] where statistics are dispatched among area devices, gateways, and significant servers.

Data breaches

Data leakage can happen if anyone gets unauthorized access to personal information handled or stored on the edges of networks [217]. Often, these devices handle sensitive details such as weak encryption, vulnerabilities in device security or poor access controls that might lead to a breach. The financial costs for an organization which has been affected by a cyber attack can be enormous [218]. These types of attacks can occur in the data storage and processing layer through which sensitive information is kept on edge devices before being processed.

Device Hijacking

This involves gaining control of and using a device to conduct evil activities such as launching further [219]. Device hijacking is where a compromised device is used as part of a botnet for DDoS attacks or other malicious behavior. Mostly they take advantage of weak points in the security of devices often through obsolete firmware or not secured configurations. At the device layer, which encompasses individual edge devices, it can be done [220].

Physical attacks

Physical tampering with edge devices due to their deployment in less secure, often remote locations can lead to physical attacks [221]. These types of attack involve direct access to hardware and thereby enables attackers modify or destroy the device. Physical security measures should be put in place to mitigate these kinds of attacks that could cause data loss, device malfunctioning among others leading to unauthorized data access. In this case, it occurs at the bodily stage wherein side gadgets are deployed physically.

Firmware and software exploits

Exploiting software weaknesses or security vulnerabilities in the firmware or software that operate on the edge gadgets can deliver unauthorized people get right of entry to, enable them to execute arbitrary codes, or strengthen privileges [222]. The chance of such exploits may be mitigated by using ordinary updates and patch control. Any software and firmware that underlies tool operations make it possible for this sort of assault to manifest.

Eavesdropping

Eavesdropping attacks arise when information is intercepted unlawfully as it’s miles being transmitted between side devices and other network additives [223]. Such attacks are capable of capturing sensitive information including personal data, login credentials, and intellectual properties (IPs). Preventing eavesdropping from happening involves encrypting transmitted data. Such a form of attack is doable within the communication layer where data is sent across networks.

Data tampering

Tampering with records processed or stored on area devices can result in inaccurate or harmful effects [224]. Altering information can compromise the integrity of touchy facts, resulting in wrong picks or systematic errors. Such assaults can occur on the data garage and processing stage, in which facts integrity is vital.

Side-channel attacks

The use of bodily traits along with cutting-edge consumption or power to access sensitive person records is referred to as aspect-channel attacks [225]. These assaults can bypass traditional safety systems around through reading the bodily properties of a device at some stage in operation. Defending against side path attacks requires specialized countermeasures and secure hardware configuration. Such attacks can occur at the physical level, where attackers can access devices directly.

[See PDF for image]

Fig. 7

Distribution of various cyber attacks over the year 2023

Fig. 7 [226] depicts the distribution of numerous assaults that targeted edge networks in 2023, supplied as percentages of the overall number of cyber-attacks recorded for the duration of the 12 months. The most typical attack type changed into Man-in-the-Middle (MitM) [227], constituting 18.1% of the overall assaults, observed with the aid of Eavesdropping at 14.2%. Data Breaches accounted for 12.2%, and Data Tampering made up 11.4%. Device Hijacking represented 10.2%, even as Firmware Exploits were 8.1% of the whole. Side-channel attacks had been 6.1%, Physical Attacks were 4.9%, and Distributed Denial of Service (DDoS) attacks have been the least not unusual at 3.1%. This distribution underscores the various and multifaceted nature of cybersecurity threats encountered in 2023.

[See PDF for image]

Fig. 8

Sector Wise Attacks in the year 2023

Fig. 8 illustrates how data breaches were distributed across different sectors in 2023. It highlights that the Healthcare sector was the most affected, with 35% of breaches occurring in this field. The Finance sector experienced 25% of breaches, while the Education sector saw 20%. Both the Retail and Technology sectors were equally impacted each accounting for 10% of the breaches. This distribution underscores the varying levels of vulnerability across different sectors to data breaches during the year 2023.

In the next subsection, we will review several significant attacks that have occurred since 2010, with a particular focus on the Mirai Botnet attack, which is noted as one of the most severe cyber attacks of the past decade.

Mirai Botnet Attack (2016)

The Mirai botnet assault [228] leveraged thousands of compromised IoT gadgets, many of which acted as edge gadgets, to launch a massive Distributed Denial of Service (DDoS) assault [229]. This attack disrupted main websites and services, including Dyn, a DNS service issuer [230]. The assault brought on good-sized net outages, affecting users across the globe and exposing vital vulnerabilities in IoT and edge gadgets. It highlighted the convenience with which susceptible or default passwords will be exploited. The sheer scale of the assault, regarding as much as 600,000 gadgets, showcased the monstrous power of coordinated botnets [231] and the vulnerability of unprotected IoT ecosystems.

VPNFilter Malware (2018)

VPNFilter [232] malware infected more than 500,000 routers and network devices internationally. The malware changed into being able to intercept and exfiltrate facts, injecting malicious code, and rendering devices inoperable. The attack affected a huge variety of gadgets from exceptional manufacturers, causing a giant disruption to internet offerings and statistics integrity. VPNFilter’s [233] multi-stage attack approach, which included continual and non-chronic modules, made it notably hard to eliminate and highlighted massive security gaps in a router and network tool firmware.

Stuxnet Worm (2010)

While Stuxnet [234] did not concern edge computing, what is interesting to note is that other worms such as this one breached the air gap and compromised industrial control systems before zero-day vulnerabilities of hosts on the very edges of corporate networks came under attack. The cyber worm ’stuxnet’ tangibly damaged the Iranian nuclear program, changing the velocity of centrifuges and showing that hardware-specific attacks could be used to cause physical damage. This has illustrated not just the significance of securing industrial edge devices, but also how widespread cyber warfare can be. The sophistication of Stuxnet-using zero-day exploits and tightly directed to single targets like the centrifuges in Natanz [235], Iran’s uranium-enrichment facility (with code earmarks pointing back to Israel)-raised questions about whether nation-states were using cyber-war as an extension tool of state policy or whether vulnerabilities critical infrastructure had just started being exposed.

Triton/Trisis Malware (2017)

The Triton/Trisis [236] malware was identified, which hit an oil refinery in Saudi Arabia back in December 2017. The malware was designed to tamper with Triconex Safety Instrumented System (SIS) [237] controllers made by Schneider Electric [238]. Using the SIS controllers, they modified code in an attempt to disrupt safety processes and cause a physical incident. Fortunately, the possible harm was stopped by a system shutdown before any physical damage could be sown but still at an estimated $50 million cost for material response to mitigation. The factory was the subject of many production halts, including a full shutdown for weeks on end to investigate and fix the breach. This attack raised serious concerns about the security of industrial control systems, affecting the reputation of Schneider Electric and highlighting vulnerabilities in critical infrastructure.

NotPetya Attack (2017)

The NotPetya ransomware assault [239] came about in June 2017, broadly speaking affecting agencies in Ukraine but fast-spreading globally. Initially delivered through a malicious replacement to a popular Ukrainian accounting software program, NotPetya [240] exploited vulnerabilities in Windows systems to propagate unexpectedly throughout networks. The ransomware encrypted files and demanded a ransom fee, however, the primary motive was regarded to be disruption in preference to monetary advantage. Estimated worldwide monetary losses handed $10 billion, with most vital multinational agencies like Maersk [241], FedEx, and Merck reporting massive effects. The assault triggered considerable operational disruptions, major to business corporation continuity demanding situations and loss of productiveness. Maersk, for instance, had to reinstall 4,000 servers and 45,000 PCs, and FedEx counseled a $400 million impact on its operations.

Colonial Pipeline Ransomware Attack (2021)

The Colonial Pipeline ransomware assault [242] befell in May 2021, focused on the most important fuel pipeline device in the United States. The assault was done by using the DarkSide ransomware organization [243], which received entry to Colonial Pipeline’s community through a compromised VPN account. The attackers encrypted crucial data and demanded a ransom for its release. Colonial Pipeline paid a ransom of $4 million in cryptocurrency to the attackers, and the entire cost, consisting of operational losses and mitigation efforts, is anticipated to exceed $100 million. The pipeline closed down for several days, fundamental to gas shortages, and the rate will boom at some stage in the Eastern United States. The disruption affected diverse industries dependent on gas factors. The incident highlighted vulnerabilities in vital infrastructure and caused advanced scrutiny of cybersecurity practices [244] inside the power region. Colonial Pipeline confronted reputational damage and crook repercussions, prompting investments in stepped-forward cybersecurity measures and reaction capabilities.

Financial Losses

The Mirai botnet attack in 2016 [246] added high-quality economic losses, predicted at around $110 million. This occurred because of considerable carrier disruptions that affected essential online systems and offerings, leading to operational downtime and a lack of revenue. The assault’s impact prolonged businesses and groups reliant on net infrastructure, highlighting the giant financial expenses associated with huge-scale DDoS assaults [247]. Companies such as Dyn, a chief DNS provider, have been in particular hard-hit, resulting in cascading effects across several websites and offerings. The financial repercussions extended past instantaneous losses, encompassing charges for mitigation, healing, and implementation of improved safety features to prevent future incidents. The Triton/Trisis malware [248] assault’s capability damage became mitigated via a tool shutdown earlier than any physical harm may also need to arise, but the expected financial cost for mitigation and reaction end up round $50 million. The NotPetya attack [249] caused worldwide financial losses exceeding $10 billion, with most important multinational groups like Maersk, FedEx, and Merck reporting tremendous effects. Maersk, as an example, had to reinstall 4,000 servers and forty 5,000 PCs, and FedEx pronounced a $400 million effect on its operations. The Colonial Pipeline ransomware attack led to economic losses exceeding $100 million, which includes the ransom payment of $4.4 million in cryptocurrency, operational losses, and mitigation efforts.

Operational Disruption

In 2018, the VPNFilter [250] malware attack caused significant business disruption for businesses and people relying on switched-on devices. More than 500,000 routers and network gadgets were destroyed, causing severe damage to net offerings and data integrity. The malware’s ability to freeze and delete records, inject malicious code, and disable devices caused severe performance problems. Critical projects faced downtime, and teams had to invest in large assets to repair the affected buildings. The performance disruption highlighted vulnerabilities in party and local devices and underscored the importance of strong security practices in the form of simple firmware updates and comprehensive network management

The Triton/Trisis [251] malware attack brought on sizable operational disruptions, which included an entire shutdown of the petrochemical plant for an extended length to research and remediate the breach. The NotPetya assault [252] precipitated significant operational disruptions, leading to commercial enterprise continuity challenges and a lack of productivity. The Colonial Pipeline ransomware [253] assault brought about the shutdown of the pipeline for several days, causing gas shortages and rate increases across the Eastern United States.

Reputational Damage

Companies affected by data breaches and phishing incidents often suffer significant reputational damage, affecting customer trust and business relationships. For example, the Mirai botnet attack [254] led to a loss of trust in IoT device manufacturers due to weak passwords or defaults used on these devices and customers began to question the security of their devices, causing sales and their reputation to decrease. Similarly, the VPNFilter attack [255] tarnished the reputation of router and network equipment manufacturers, as they exploited vulnerabilities in their products Reputation damage extends beyond immediate financial loss, affects long-term customer loyalty and market positioning, and requires substantial PR efforts to restore trust. The Triton/Trisis malware attack [256] raised serious concerns about the security of industrial operating systems, affecting Schneider Electric’s reputation and exposing significant industry vulnerabilities. Companies affected by the NotPetya attack suffered reputation damage due to their inability to contain the attack and recover quickly. The Colonial Pipeline ransomware attack [257] has increased scrutiny of cybersecurity practices in the energy sector, resulting in reputational damage and legal repercussions for Colonial Pipeline.

Physical damages

The impact of the Stuxnet worm on physical infrastructure suggests that cyberattacks can wreak havoc on the real world, extending beyond the digital domain. It was discovered that in 2010, Stuxnet targeted the Industrial Control System (ICS) [258]. so especially. The destructive potential of the processors has been demonstrated, and the weaknesses of remote industrial devices have been exposed. The physical damage caused by Stuxnet is estimated to be worth more than $1 billion and highlights the need for increased security measures in technology this case highlighted the need to create ICS and SCADA (Supervisory Control and Data Acquisition) [259]. Emphasize the protection of the system against similar threats in the future.

[See PDF for image]

Fig. 9

Comparison of Damages from Major Cyber Assaults

We describe a comparative study on the impacts of the real-time attacks on edge computing in Fig. 9; Mirai Botnet (2016) [260], VPN Filter Malware (2018), Stuxnet Worm (2010), Triton/Trisis Malware (2017), NotPetya Attack (2017), and Colonial Pipeline Ransomware (2021). The Mirai Botnet [261] assault led to monetary losses expected at $110 million, caused essential websites and offerings to head down, and caused a loss of agreement with IoT device manufacturers. The VPN Filter [262] Malware attack brought on financial losses of $one hundred million, disrupted net offerings, impacted router, and network tool vendors, and took approximately potential records robbery and device incapacitation. The Stuxnet [263] Worm assault brought about over $1 billion in monetary losses, disrupted business operations, affected country-wide safety, and caused physical harm to nuclear centrifuges. The Triton/Trisis Malware attack resulted in financial losses estimated at $50 million, significant operational disruptions, and reputational damage to Schneider Electric. The NotPetya attack caused global financial losses exceeding $10 billion, widespread operational disruptions, and reputational damage to affected companies. The Colonial Pipeline ransomware attack led to financial losses exceeding $100 million, significant operational disruptions due to fuel shortages, and reputational damage to the energy sector.

Once we explore the scopes of various attacks on man edge computing networks, it is high time, we focus on the detection and prevention of these attacks on an edge network. We describe various measures to detect an attack on an edge network. We also provide several solutions to combat the attacks on an edge network.

Anomaly detection

Anomaly detection is a method of identifying deviations from the Hook sub-pattern of routine behavior in a community. This method is particularly useful for unknown attacks or any date entry that does not match any known signature.

1. Machine Learning (ML): ML algorithms are broadly used for anomaly detection in aspect networks. For instance, deep knowledge of models can be educated to understand everyday site visitor styles and perceive anomalies in real time [265]. A case study in smart grid systems tested the effectiveness of ML in detecting cyber-physical assaults by way of studying actual-time facts from sensors. However, the fulfillment of ML-primarily based detection depends on the availability of categorized facts and the ability to evolve to changing network conditions [266]. Recent studies indicate that ML fashions can reap an accuracy of over 95% in detecting anomalies, however, additionally, they require substantial computational sources, which can be challenging for aid-constrained side gadgets.

2. Statistical Methods: These techniques use audit techniques to create outsiders in network traffic [267]. For example, in an intelligent enterprise system, Statistical System Manipulate (SPC) can be used to confirm the performance of edge devices and identify obstacles that may indicate an attack. While much less computationally in-depth than ML, statistical techniques won’t be as powerful in detecting state-of-the-art, multi-level attacks [268]. A contrast between statistical methods and ML methods is that whilst statistical methods are quicker and require fewer sources, they have a better fake-fine fee, especially in complicated environments.

Table 2. Comparison of Anomaly Detection Techniques

Table. 2 provides a side-by-side comparison of numerous anomaly detection techniques used in edge computing. It evaluates the strategies based on accuracy, resource requirements, false positive Rate, and example use cases [269]. Machine studying strategies show off high accuracy however call for enormous computational assets, making them best for complicated environments like smart grids. In contrast, statistical techniques, although much less useful and resource-intensive, may additionally have higher false positive quotes and are ideal for less complicated IoT deployments.

Signature-based detection

Signature-primarily based detection entails figuring out recognized assault styles by comparing incoming visitors in opposition to a database of attack signatures [270]. This method is effective toward recognized threats but may additionally struggle to stumble on 0-day assaults or novel variations.

1. Intrusion Detection System (IDS): IDSs are commonly used on facet networks to monitor visitors and sense intercepted attack signatures [271]. For example, in a retail base network, an IDS may encounter calculable malware signatures between data transmission point-of-sale (POS) systems and critical servers. The mission with IDSs lies in maintaining an up-to-date signature database, mainly in swiftly evolving risk landscapes [272]. Recent improvements in IDS generation have stepped forward their detection charges, however, they still depend heavily on signature databases, making them much less powerful in opposition to new or unknown threats.

2. Rule-based detection: This approach uses custom rules to stumble upon attacks. For example, any chat code from a particular IP address change that is found to be associated with a malicious interest could be flagged [273]. Although primary rule detection is simple and easy to implement, it can produce false positives, especially in dynamic areas such as lateral interfaces Fully rule-based distinctions are signatures that depend primarily on detection in the healthcare IoT network And have a higher false-positive cost compared to -based-totally-identity which is more accurate.

Table 3. Comparison of Signature-based Detection Techniques

Table. 3 outlines the key challenges faced in detecting attacks on edge networks, such as limited processing power, decentralized data, and the heterogeneity of devices [274]. Each challenge is rated by severity and impact on security. The table highlights the significant constraints imposed by the edge environment, making traditional detection methods less effective.

Behavioral analysis

Behavioral evaluation involves tracking the behavior of customers, devices, and applications within the network to become aware of capacity threats [275]. This method is mainly effective in detecting insider threats and superior continual threats (APTs).

1. User and Entity Behavior Analytics (UEBA): UEBA solutions examine the conduct of users and devices to locate anomalies that may imply an assault [276]. For example, in an economic services facet network, UEBA should detect unusual rights of entry to styles that advocate a compromised account. A case look at a large financial institution showed that UEBA should hit upon over ninety% of insider threats, making it a treasured tool in securing facet networks. However, UEBA requires continuous tracking and the established order of conduct baselines, which can be aid-intensive.

2. Endpoint Detection and Response (EDR): EDR responds to screening of endpoint play and allows unique detection in endpoint conduct. In industrial IoT surroundings, EDR prefers to create suspicious activities on peripheral devices, including unauthorized firmware adjustments [277]. EDR has tested effective in detecting complex assaults, but it requires high-priced energy and might yield large amounts of records, making it difficult to use in area gadgets with restricted resources even though it is.

Table 4. Comparison of Behavioral Analysis Techniques

Table. 4 summarizes six notable real-time attacks on edge computing from 2010 to 2023, detailing the attack method, affected systems, impact, and financial losses [278]. It showcases the increasing sophistication and impact of cyberattacks over time, emphasizing the need for advanced security measures in edge networks.

Collaborative detection

Due to the distribution of the feature networks, collective detection methods have gained popularity [279]. These approaches leverage the capabilities of synergies and data on the network, two devices that work together to detect and respond to threats

1. Federated Learning: Federated learning enables a couple of facet gadgets to collaboratively teach a global machine mastering version without sharing their records. For instance, in a clever city environment, federated learning may be used to come across anomalies in traffic patterns across extraordinary areas of the city [280]. This approach enhances privacy and reduces the danger of statistics breaches. Recent research has proven that federated mastering can reap comparable accuracy to centralized fashions whilst significantly reducing the communication overhead between gadgets.

2. Distributed Intrusion Detection System(DIDS): DIDS works on a couple of side devices, stocks data, and coordinates responses to detected threats [281]. In an allotted electricity network, DIDS can become aware of site visitors throughout a couple of side nodes, and hit upon coordinated attacks which include dispensed provider denial (DDoS) attacks DIDS has unique talents in big, distributed environments with centralized detection that do not paint. However, state-of-the-art synchronization techniques and strong mechanisms for exchanging statistics between devices are required.

Table 5. Comparison of Collaborative Detection Techniques

Table. 5 presents an assessment of the financial, operational, reputational, and physical damages caused by key attacks on edge computing networks. It quantifies the damages in monetary terms and operational downtime, offering a clear picture of the consequences of these attacks [282]. The table underscores the substantial risks posed by cyber threats to both digital and physical infrastructures. Next, we discuss about the challenges faced while detecting an attack on the edge network.

Secure authentication and access control

Multi-Factor Authentication [290] (MFA): By requiring multiple forms of verification, MFA increases the security around accessing network resources. This combines something they know (password), something they have (a mobile device) and possibly even a third factor like biometrics.

For example, edge devices in a smart city infrastructure can use MFA to make sure that only authorized persons could access sensitive data or control systems attitude.

Role-Based Access Control (RBAC): [291] RBAC determines what resources are available to employees based on their jobs within the organization. Sensitive data [292] is only exposed to legitimate parties

Use case: In a healthcare IoT scenario, doctors can get the patient records whereas maintenance staff just need access to network settings.

Secure software updates

Over-the-Air (OTA) Updates: [293] Most edge devices need to be patched quite regularly, in order to fix security vulnerabilities and/or improve functionality. The OTC update system makes sure that the only updates which are to be installed in your device is the one being authorized, therefore it will be difficult for a malicious actor to introduce its own firmware into an already secure OTA [294] image.

Verification of Consistency: Security Guidelines prescribe that any updates are validated by the device as consistent update package which can be achieved using methods like cryptographic hashing [295] before applying to rest parts. This provides some degree of integrity and ensures that the update has not been tampered with in transit.

Rollback Capabilities: A secure rollback capability allows a device to revert to the last known good or stable version in case of any issues with an update - where as if for example, vulnerabilities are discovered after the recent upgrade.

Intrusion detection and prevention systems (IDPS)

[296] Real-Time Monitoring: IDPS answers constantly screen community traffic and machine sports for signs of malicious behavior, including uncommon site visitors styles, unauthorized get entry to tries, or recognised assault signatures. By figuring out threats in real-time, businesses can respond swiftly to mitigate dangers.

Behavioral Analysis: Advanced IDPS use behavioral evaluation to hit upon anomalies based on ancient facts. This enables in identifying new, formerly unknown threats that might not be detected via conventional signature-based totally strategies.

Automated Response: Some IDPS [297] solutions are equipped with computerized reaction mechanisms that can isolate compromised gadgets, block malicious visitors, or trigger signals to security teams for similarly investigation.

Regular Security Audits and Penetration Testing:

[298] Vulnerability Assessments: Regular safety audits assist become aware of vulnerabilities within the side computing surroundings. These tests involve reviewing security configurations, software program versions, and get right of entry to controls to make sure that they meet present day protection requirements.

Penetration Testing: Simulated attacks, referred to as penetration assessments, help perceive weaknesses inside the device through mimicking the strategies used by actual attackers. This proactive technique lets in groups to cope with vulnerabilities before they can be exploited inside the wild.

Compliance Audits: For industries with unique regulatory requirements, everyday compliance audits make sure that the edge computing infrastructure adheres to standards along with GDPR, HIPAA, or PCI-DSS [299], lowering prison and monetary risks.

Anomaly Detection Using AI/ML

Pattern Recognition: AI and machine learning algorithms [300] can examine vast amounts of data to stumble on styles that can imply safety threats. These systems can pick out subtle changes in conduct that would cross not noted by conventional safety features.

Adaptive Security: AI/ML [301]-pushed safety structures can adapt to new threats by using getting to know from beyond incidents. This non-stop knowledge of manner improves the accuracy and effectiveness of hazard detection over the years.

Physical Security

Securing Edge Devices: Edge devices are regularly deployed in environments wherein they may be more liable to bodily attacks. Implementing physical security features along with tamper-glaring seals, secure enclosures, and surveillance can deter unauthorized get admission to and tampering.

Environmental Controls: In addition to protecting against tampering, ensuring that edge gadgets are in environments with controlled temperature, humidity, and energy deliver is crucial to hold their operational integrity and save you failures that would lead to protection vulnerabilities.

Access Control to Physical Locations: Limiting entry to the physical places [302] wherein gadgets are deployed via bio-metric authentication, security employees, and get entry to logs facilitates in ensuring that handiest authorized people can engage with the hardware.

Network Segmentation

Micro segmentation: Network segmentation can be applied at a granular stage via micro segmentation [303], wherein person workloads or applications are divided from each other. This minimizes the danger of lateral movement through attackers inside the community, as every segment is independently secured.

Virtual LANs (VLANs) and Firewalls: By the use of VLANs and firewalls [304], one-of-a-kind components of the community may be divided based on function, sensitivity, or threat level. Firewalls can put in force strict get entry to manage rules between segments, in addition reducing the risk of assaults spreading.

[See PDF for image]

Fig. 10

Effectiveness of Security Measures in Edge Computing

Fig. 10 shows the comparative efficiency of different security measures used in edge computing environments for preventing attacks. Each bar represents a different level of security, with the height of the bar corresponding to its effectiveness at exposing potential security threats, and expressed as a percentage.For example, Multi-Factor Authentication (MFA) [305] shows an efficiency of 99.9%, which means it can prevent unauthorized access. Secure software updates follow closely behind with 98% effectiveness, emphasizing their role in preventing firmware changes. In contrast, Role-Based Access Control (RBAC) has a capacity drop of 40%, indicating a typical use case for reducing unauthorized access based on the roles used.This Figure also highlights other important measures such as Intrusion Detection and Prevention System (IDPS) 95% , anomaly detection using AI/ML [306] is 90%, routine security auditing and penetration testing is 80%, and network segmentation is 75%, showing their contribution to advanced security planning at the edge in computing.

In the following sections(refer to sec. 6, we discuss the technique that simulates a secure alternative to an insecure login system that is susceptible to SQL injection attacks, thereby illuminating the security problems associated with edge computing. The main distinctions between safe and insecure login implementations in an edge computing setting are outlined.

Overview of SQL Injection

SQL injection is one of the most common and dangerous vulnerabilities found in web applications. This happens when an attacker can enter or “use” a query that contains malicious SQL code, which is then executed by an external database. Such attacks allow someone to gain access to sensitive data, modify the data, or even take complete control of the database server.

Typically, SQL injection [330] results in useless input validation and proper sanitation in web forms or URL parameters. When a web application adds user information directly to SQL queries without adequate security, it is vulnerable. For example, a particular login form that passes a user’s input directly into an SQL query may allow an attacker to add additional SQL commands.

In its basic form, an attacker could put something like “’ OR ’1’=’1” in the entry field. If the application does not prepare this input, the resulting SQL query can always evaluate it as valid, providing access without the need for a valid password. More advanced SQL injection techniques [331] can be used to retrieve data from tables, perform business operations, or recover corrupted data.

The consequences of SQL injection attacks can be severe. An attacker can remove all data from the database, change or delete data, or even increase their access to gain control of the entire web server. High-profile breaches involving SQL injection have resulted in massive data loss, financial ruin, and reputational damage to organizations.

Regularly updating and updating the database management system and application in addition to using robust input validation to reduce SQL injections [332], using parameterized queries (prepared statements), and security best practices as a minimum privileged access to databases.

The SQL injection (SQLi) attack we implemented is an authentication bypass attack [333]. This type of attack exploits vulnerabilities in login forms, allowing unauthorized access by manipulating the SQL queries that validate user credentials. In our case, we created a simulated login process, where an attacker could attempt to input malicious SQL statements in the login fields to bypass authentication checks. In the upcoming section, we demonstrated how process has been implemented.

Simulation of SQL Injection Attack

To illustrate the SQL injection attack, we created a basic web application on an edge computing network with a login interface. The application included two input fields: Username and Password. The user is required to enter their credentials into these fields and then click the Login button.

Username Field: Users input their username.

Password Field: Users input their password.

When the user clicks the Login button, the application performs validation on the entered credentials. This validation is executed on the back end, where the input values are checked against stored records in the database [334].

Normal Login Process

When a legitimate user enters valid credentials, the back-end verifies these credentials against the database. If the credentials match a valid user record, the application grants access and displays a “Welcome Admin” message on the screen.

[See PDF for image]

Fig. 12

Secure Login Page

[See PDF for image]

Fig. 13

Authenticated web page

Fig.12 and Fig.13 demonstrate a successful login process where valid credentials (“admin” as the username and “password123” as the password) were provided, you can see it in Fig.12. The system correctly identifies these credentials as genuine and grants access to the admin user, redirecting them to a page that welcomes them as “admin”, refer Fig.13.

Handling Invalid Credentials

If a user enters incorrect credentials, the application prompts an error message, such as “Invalid Credentials.” This error message indicates that the username or password does not match any records in the database.

[See PDF for image]

Fig. 14

Insecure Login Page

Fig.14 shows the system is secured, where if an attacker attempts to guess the username and password, the application should prevent unauthorized access by returning this error message.

SQL Injection Attack Scenario

In cases where an SQL injection attack is attempted, the attacker might input malicious SQL code into the username or password fields. For example, the attacker could enter a SQL query that tricks the back-end into validating their input as legitimate, even when the credentials are incorrect or absent.

If the web application does not properly sanitize user inputs, the back-end [335] may execute the injected SQL code, leading to unauthorized access. In our simulation, when an SQL injection is successful, the attacker is granted access, and the application displays a “Welcome Hacker” message on the screen.

[See PDF for image]

Fig. 15

Hacker login

[See PDF for image]

Fig. 16

SQL injection detected

Figure 15: This figure shows a login attempt where the user inputs incorrect credentials combined with an SQL injection attempt (’ OR ’1’=’1). The system recognizes the input as an SQL injection and redirects the user to an unauthorized page with the message “Welcome, Hacker!” The unauthorized page is shown in the next figure, Figure 16.

These two images together demonstrate that the system successfully detected the SQL injection attack.

To further illustrate the implementation of this process, the following algorithm details the steps involved in simulating the login functionality and detecting SQL injection attempts within a Flask web application [336]. It initializes by creating an application instance and defining a simulated database D that stores valid username-password pairs. The login page is then rendered, allowing users to input their credentials. Upon form submission, the algorithm extracts the entered username U and password P from the request object R. It then checks whether the credentials match those stored in the database D. If the credentials are valid, a welcome message is returned; otherwise, an error message is displayed. This algorithm also serves as a foundation for demonstrating how SQL injection attacks can be detected when invalid or malicious inputs are processed.

Input Sanitization

To prevent SQL injection attacks, we added an input sanitizer to the back-end of our web application. The sanitizer works by examining and cleaning the data entered in the Username and Password fields before it is used in any SQL query [337]. This function removes or disables any potentially malicious SQL code that an attacker may attempt to inject.

For example, if an attacker tries to login by entering the username as administrator and the password ’ OR ’1’=’1, the input sanitizer detects and neutralizes the malicious input work. As a result, the back-end does not execute the embedded SQL code but a regular input string it behaves like.

If any attempt to pass the login system through SQL injection is detected, the device responds by way of showing an “invalid credentials” mistake message on the login web page. This prevents unauthorized right of entry and does now not crash the machine. After coming across SQL injection vulnerabilities in our simulated internet application, we applied strategies to save you from such attacks. The principal method used turned into back-end enter sanitation, which ensured that any person entered turned into well well-proven and cleaned up earlier than being processed utilizing the software.

[See PDF for image]

Fig. 19

SQL injection prevention

Fig.19 illustrates the effectiveness of the input sanitation process. Even when an attacker attempts to manipulate the input fields with SQL [338] injection, the application maintains security by blocking the attack and denying access.

To demonstrate a similar implementation of the SQL injection prevention policy [339], the following rule set creates the relevant steps to emulate login operations in the Flask web utility and stop the SQL injection attempt process from starting Flask an example of the utility is defined as a simulated database D that stores of valid username-password pairs. The login page is rendered, permitting users to input their credentials. Upon form submission, the set of rules extracts the entered username U and password P from the request object R. The entry is then sanitized to put off or neutralize any doubtlessly harmful SQL code. If the sanitized credentials stored in the database are healthy D, then the welcome message is again; In another case, an error message is displayed. This algorithm demonstrates how SQL injection attacks can be effectively prevented by input processing through a sanitation layer, ensuring that even invalid or malicious inputs no longer compromise the security of the utility.