Mobile edge computing (MEC), also called multi-access edge computing or simply multi-access computing, is part of the confluence of the Internet of Things (IoT) and mobile devices. MEC doesn’t mean processing data on mobile devices. MEC simply processes data closer to its origin.
Instead of sending data to the cloud, MEC utilizes edge computing resources like nearby servers or cell towers. Because it focuses on mobile (i.e., wireless) devices, the European Telecommunications Standards Institute (ETSI) is heavily involved in MEC.
This article briefly reviews ETSI MEC standards, examines how MEC works and some MEC application cases identified by ETSI, and concludes with a discussion of MEC security challenges.
The ETSI MEC Industry Specification Group (ISG) is responsible for creating the MEC standardization environment to support application integration across multi-vendor MEC platforms.
The ISG developed the standards in collaboration with the OpenFog Consortium. MEC is a subset of edge computing for mobile devices, while fog computing is a distributed computing architecture linking from the edge to the cloud, as shown in Figure 1.
Figure 1. MEC is a subset of edge computing and a subset of FOG computing. (Image: SDxCentral)
The ISG standards are designed to link devices with computing services within the 5G radio access network (RAN). The standards address the architectural framework, technical requirements, application protocol interfaces (APIs), terminology, and management protocols. Various management standards enable functions like creating, managing, and deleting MEC applications on the edge network.
How does MEC work?
MEC is designed to complement cloud computing, improve application performance, reduce response times and network congestion, and improve bandwidth efficiency. Instead of sending large quantities of data to the cloud, MEC performs initial processing on edge servers in base stations. When appropriate, data can be sent to the cloud for further processing and analysis to deliver optimal performance to mobile users, as represented in Figure 2.
Figure 2. MEC relies on edge servers and other computing resources in base stations. (Image: NYBSYS)
The emergence of vehicle-to-everything (V2X) connectivity was one of the initial MEC applications identified by ETSI. Since then, the potential application list for MEC has surged to include these (and more):
- Drones
- Autonomous vehicles
- Industrial IoT (IIot)
- Smart manufacturing
- Gaming
- Smart grid
- Video analytics
- Location services
- Optimized local content distribution
- Data caching
The wide array of MEC services brings a range of security challenges.
MEC security challenges
MEC presents a complex security environment. According to one analysis, there are three primary MEC attack surfaces that have a range of vulnerabilities, including, as shown in Figure 3:
- Insecure backhaul
- Shared infrastructure with third-party applications
- Attacks from the public Internet
Figure 3. Three areas of security concern for MEC are mobile backhaul, third-party applications, and the public Internet. (Image: Juniper Networks)
An insecure backhaul is susceptible to man-in-the-middle (MIM) attacks, eavesdropping, data interception, and other security challenges. To address those concerns, the 3GPP introduced the concept of a security gateway (SecGW) that provides mutual authentications between base stations and core networks. Two key 3GPP specifications related to the SecGW include:
3GPP 33.210: defines the security architecture for network domain IP-based control planes. It covers the control signaling between elements of Network Domain Security over Internet Protocol (NDS/IP) networks. It also acts as a central repository for cryptographic profiles for security above the IP layer.
3GPP 33.310: provides a common IP Multimedia Subsystem (IMS) specification that covers 2G, 3G, LTE, 5G, and (eventually) 6G radio technologies. It includes information on interconnect agreements, which are agreements between two operators to establish secure communications.
Even authorized third-party applications can increase security risks. MEC uses virtual network functions (VNFs) to minimize this vulnerability. VNFs can be used for routing, firewalling, load balancing, network address translation (NAT), and more.
Micro-segmentation within the MEC edge cloud based on zero-trust architecture can enhance security for third-party applications. Micro-segmentation divides the network into isolated segments and applies granular access controls and policies to each segment.
Finally, connection to the public internet provides a third attack surface susceptible to common attacks like spoofing, eavesdropping, etc. Security measures like a stateful firewall that can understand the context of network connections can protect against complex attacks.
Distributed Denial of Service (DDoS) protection can be used to monitor network traffic for suspicious patterns and automatically take actions to filter or redirect malicious traffic, ensuring normal operations continue.
Summary
MEC moves data processing from the cloud to base stations close to the application to reduce response times and network congestion and improve bandwidth efficiency. The ETSI ISG is highly active in developing MEC standards, and the 3GPP has developed some related security protocols.
References
5G Edge Cloud and Multi-access Edge Computing (MEC) Security, Juniper Networks
Demystifying Mobile Edge Computing, Appinventiv
How Does MEC Work?, NYBSYS
Mobile Edge Computing, Hewlett Packard Enterprise
Multi-access Edge Computing (MEC), ETSI
What is edge computing?, Microsoft
What’s the Difference Between MEC and Fog Computing?, SDxCentral
EEWorld Online related content
Orchestration at the edge reduces network latency
Platform management interface specification covers COM-HPC-based edge computing designs
Edge computing security: Challenges and techniques
Open-source edge computing platform now supports AI, computer vision
Exceptions, traps and interrupts, what’s the difference?
