ETSI MEC Security: Status of Standards Support and Future Evolutions
Published in May 2021, this ETSI White Paper, ETSI MEC Security: Status of Standards Support and Future Evolutions, analyses security-related use cases and requirements, highlighting inadequate industry approaches to cloud security. Tackling issues like security, privacy and trust need to be prioritised along with the challenges brought by edge cloud federations and (far) edge devices, e.g., IoT environments, with end-to-end (E2E) approaches by adopting standards relevant to edge computing systems. In this context, end-to-end security in edge environments has implications on all the elements coming from stakeholders in the system.
It gives an overview of ETSI MEC standards and support for security with references to other relevant standards in the domain, e.g., ETSI TC CYBER, ETSI ISG NFV, 3GPP SA3, as well as cybersecurity regulation potentially applicable to edge computing, concluding with perspectives on future evolutions and standards directions. Standards for infrastructure virtualisation and management include critical building blocks for MEC system security design.
IoT use cases may differ substantially both within and across industry segments. Sectorial requirements and national requirements for privacy and security can bring further complications in terms of overall performance and compliance. E2E security in MEC systems is therefore very important. Moreover, MEC platforms can handle application traffic and various application elements may reside not only in MEC hosts but also on User Equipment (UE) and end-devices, where the security capabilities of the latter come into the E2E picture of security. The deployment of IoT devices in a MEC environment may also involve additional support that an IoT device may require, e.g., due to security constraints, power limitations and compute or communication capabilities.
Because of the highly distributed nature of MEC clouds, Trusted Computing concepts are highly recommended. The Trusted Computing Group (TCG) defines the widely accepted TP standard and related standards. In MEC environments, TCG is important for physical platform security.