⚙️ Edge Computing & IoT Security Architecture

Vault punya embodied-ai-robotics yang fokus ke robotics + AI di edge, dan wireless-security-deepdive yang bahas RF attacks (Zigbee, BLE, WiFi). Tapi belum ada yang ngejembatin antara IoT device fisik, edge gateway, dan cloud backend dari sudut pandang arsitektur dan security. Catatan ini bahas edge computing secara vertikal: dari sensor constrained (ESP32, nRF52) yang jalan di baterai selama setahun, sampe edge gateway (Jetson, Raspberry Pi) yang jalanin ML inference, sampe cloud backend yang aggregate data. Setiap tier punya attack surface sendiri-sendiri — firmware signing, secure boot, OTA update, network segmentation buat OT/IIoT, dan supply chain security.

Posisi di Vault

Ini adalah jembatan antara embodied-ai-robotics (robotics AI), wireless-security-deepdive (RF communication), firmware-reverse-engineering-deepdive (firmware security), desain-sistem-otonom (autonomous systems), dan container-kubernetes-security-deepdive (cloud backend). Baca ini setelah paham dasar networking networking-fundamentals-tcpip-bgp dan sebelum mendalami hardware hacking hardware-hacking-re.


Daftar Isi


1. Edge Computing Arsitektur — 3 Tier

┌─────────────────────────────────────────────────────────────────┐
│  TIER 3: CLOUD / DATA CENTER                                    │
│                                                                  │
│  ┌─────────┐ ┌─────────┐ ┌─────────┐ ┌─────────┐                │
│  │ ML Ops  │ │ Data    │ │ Dashboard│ │ API     │                │
│  │ Training│ │ Lake    │ │ Grafana  │ │ Gateway │                │
│  └─────────┘ └─────────┘ └─────────┘ └─────────┘                │
│         ▲           ▲           ▲           ▲                     │
│         │           │           │           │                     │
│  ┌──────┴───────────┴───────────┴───────────┴──────┐              │
│  │     Cloud Ingress (Load Balancer, WAF, mTLS)    │              │
│  └───────────────────────┬─────────────────────────┘              │
│                          │ WAN (4G/5G/Satellite)                  │
├──────────────────────────┼──────────────────────────────────────┤
│  TIER 2: EDGE GATEWAY    │                                       │
│                          │                                       │
│  ┌───────────────────────▼─────────────────────────┐              │
│  │  Edge Gateway                                   │              │
│  │  ├── MQTT Broker (Mosquitto/NanoMQ)             │              │
│  │  ├── Local Processing (Python/Rust)              │              │
│  │  ├── AI Inference (ONNX/TensorRT)                │              │
│  │  ├── Data Buffer (SQLite/RocksDB)                │              │
│  │  └── OTA Manager                                 │              │
│  └───────────────────────┬─────────────────────────┘              │
│                          │ LAN (Zigbee/BLE/WiFi)                  │
├──────────────────────────┼──────────────────────────────────────┤
│  TIER 1: CONSTRAINED     │                                       │
│                          │                                       │
│  ┌──────┐ ┌──────┐ ┌────▼───┐ ┌──────┐ ┌──────┐                │
│  │Sensor│ │Sensor│ │Sensor  │ │Sensor│ │Sensor│                │
│  │Temp  │ │Humid │ │Motion  │ │Gas   │ │Vibration│             │
│  └──────┘ └──────┘ └────────┘ └──────┘ └────────┘               │
│                                                                  │
│  Microcontroller-based (ESP32, nRF52, STM32)                     │
│  Battery-powered, sleep-cycle, constrained (KB memory)           │
└─────────────────────────────────────────────────────────────────┘

Data flow:

  1. Sensor → MQTT/CoAP → Edge Gateway (LAN)
  2. Edge Gateway → MQTT/TLS → Cloud (WAN, periodic)
  3. Cloud → OTA update → Edge Gateway → sensor firmware update

1.1 Karakteristik Tiap Tier

AspekTier 1 — SensorsTier 2 — GatewayTier 3 — Cloud
HardwareESP32, nRF52, STM32RPi, Jetson, x86VM, K8s cluster
OSRTOS (FreeRTOS, Zephyr)Linux (Yocto, Ubuntu)Linux, server-grade
Memory256KB - 4MB1GB - 16GB16GB - 1TB+
PowerBattery (1-5 years)Mains / SolarMains
NetworkBLE, Zigbee, LoRaWANWiFi, 4G/5G, EthernetFiber, WAN
Update cycleMonthsWeeksDays
SecurityHardware-limitedModerateFull stack

2. Tier 1 — Constrained Devices (Sensors & Actuators)

2.1 Hardware Landscape

ChipCoreRAMFlashRadioSleep CurrentUse Case
ESP32Xtensa LX6520KB4MBWiFi, BLE5µAGeneral IoT, prototyping
ESP32-C6RISC-V512KB4MBWiFi6, BLE5, Zigbee, Thread2.5µAMatter-compatible
nRF52840Cortex-M4F256KB1MBBLE5, Thread, Zigbee0.4µABattery-operated sensors
STM32L4Cortex-M4128KB1MBOptional external0.1µAIndustrial, low-power
SAMD21Cortex-M0+32KB256KBOptional1µASimple sensors

2.2 Security Constraints

Masalah: constrained devices gak bisa jalani security full-stack:

  • TLS 1.3 handshake butuh ~50KB RAM — mungkin untuk ESP32, mustahil untuk SAMD21
  • Public key crypto (Ed25519 verify) butuh ~10K cycles — bertahan di baterai
  • Secure boot butuh hardware OTP (One-Time Programmable) memory — gak semua chip punya

Solusi tier-based security:

Security MeasureTier 1 (ESP32)Tier 1 (nRF52)Tier 1 (SAMD21)
Secure boot✅ (ESP32 Secure Boot v2)❌ (no HW OTP)
Flash encryption✅ (AES-XTS-128)
TLS✅ (mbedTLS, 50KB heap)🟡 (tROP — tiny TLS)❌ (CoAP + DTLS)
Attestation❌ (no TPM)
Firmware encryption✅ (NVS encryption)🟡 (soft AES)
Physical tamper❌ (no shield)

2.3 Power-Saving vs Security Trade-off

Deep sleep (10µA) ←→ Active (100mA)
  - Deep sleep = CPU off, RAM retention minimal
  - Wake on interrupt (sensor threshold, timer)
  - Security check: hanya di active window

Attack window: ketika device aktif mengirim data (ms)
  - Attacker punya limited time untuk inject malformed packet
  - Tapi replay attack masih mungkin kapan saja
  - Solusi: sequence number + timestamp di tiap message

3. Tier 2 — Edge Gateway

3.1 Fungsi Edge Gateway

Edge gateway bukan sekadar “router” — dia adalah otak dari edge deployment:

Edge Gateway Services:
  ┌─────────────────────────────────────┐
  │  MQTT Broker    │ NanoMQ, Mosquitto  │
  │  Local DB       │ SQLite, RocksDB     │
  │  Rule Engine    │ eKuiper, Node-RED   │
  │  AI Inference   │ ONNX Runtime, TFLite│
  │  VPN/ZeroTier   │ Tailscale, WireGuard│
  │  OTA Agent      │ Hawkbit, RAUC       │
  │  Container Host │ Docker, Podman      │
  └─────────────────────────────────────┘

3.2 Hardware untuk Edge Gateway

PlatformCPURAMStorageGPUPowerUse Case
Raspberry Pi 5Cortex-A76 (4x)8GBmicroSDVideoCore VII15WGeneral edge
Jetson Orin NanoCortex-A78AE (6x)8GBSSD40 TOPS Ampere15WAI inference
Intel NUCi5/i716-64GBNVMeIris Xe65WHeavy compute
Rockchip RK3588Cortex-A76 (4x) + A55 (4x)16GBeMMCMali G61010WCost-effective

3.3 Edge Gateway Security Checklist

✅ OS Hardening:
  - Read-only root filesystem (squashfs/EROFS)
  - No SSH password auth (key only)
  - Fail2ban untuk SSH
  - Auditd untuk system call monitoring

✅ Network:
  - WireGuard VPN ke cloud
  - mTLS antara gateway dan sensor
  - Rate limiting per-device

✅ Application:
  - Drop privileges (run as non-root container)
  - Seccomp profile untuk Docker/Podman
  - Read-only container filesystem

✅ Updates:
  - A/B partition update (RAUC / Mender)
  - Signed update bundle
  - Rollback otomatis jika boot gagal

4. Tier 3 — Cloud / Data Center

4.1 Cloud Architecture untuk IoT

┌──────────────┐     ┌──────────────┐     ┌──────────────┐
│  Message     │────→│  Stream      │────→│  Database    │
│  Broker      │     │  Processor   │     │  (TSDB)      │
│  (MQTT/AMQP) │     │  (Flink/Kafka│     │  InfluxDB/   │
│  EMQX/VerneMQ│     │   Streams)   │     │  TimescaleDB │
└──────────────┘     └──────────────┘     └──────────────┘
       │                                        │
       │                                  ┌─────▼──────┐
       │                                  │  Data Lake  │
       │                                  │  (S3/MinIO) │
       │                                  └─────────────┘
       │
  ┌────▼──────┐     ┌──────────────┐
  │  Device   │     │  Dashboard   │
  │  Registry │     │  (Grafana)   │
  │  + Shadow │     │  + Alerts    │
  └───────────┘     └──────────────┘

4.2 Device Identity & Authentication

Setiap IoT device harus punya identity unik yang terverifikasi:

{
  "device_id": "sensor-temp-042",
  "factory_id": "batch-2026-03",
  "public_key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE...",
  "attestation": {
    "manufacturer": "Acme Sensors Inc.",
    "model": "TEMP-2000",
    "firmware_version": "2.1.4",
    "security_level": "TLS-1.3",
    "issued_at": "2026-03-15T00:00:00Z",
    "expires_at": "2027-03-15T00:00:00Z"
  }
}

Cloud-side validation flow:

1. Device connect → kirim certificate (X.509 atau raw public key)
2. Cloud verifikasi signature dari device attestation
3. Cloud cek certificate revocation list (CRL)
4. Jika valid → allow MQTT publish/subscribe ke topic tertentu
5. Jika invalid → drop connection, log alert, block IP

4.3 IoT Cloud Platforms Comparison

PlatformMQTTStreamDevice ShadowFree TierSelf-Host
AWS IoT Core✅ Kinesis250K msg/mo
Azure IoT Hub✅ Stream Analytics8K msg/day
EMQX + Kafka✅ (self-host)Unlimited
Mosquitto + Node-RED🟡 CustomUnlimited

5. IoT Communication Protocols

5.1 Protocol Stack

Layer           Protocol Options
─────           ─────────────────────────────────────
Application     MQTT, CoAP, HTTP, gRPC, AMQP
Security        TLS 1.3, DTLS 1.3, OSCORE
Transport       TCP, UDP, QUIC
Network         IPv6 (6LoWPAN), IPv4, Thread
Link            WiFi, BLE, Zigbee, LoRaWAN, NB-IoT, LTE-M
Physical        2.4GHz, Sub-1GHz, 868/915MHz, Cellular

5.2 MQTT — #1 untuk IoT

# Publish sensor data via MQTT (ESP32 Micropython)
import network
import umqtt.simple as mqtt
import json
import time
 
# Connect WiFi
wlan = network.WLAN(network.STA_IF)
wlan.connect("ssid", "password")
 
# MQTT connect
client = mqtt.MQTTClient(
    client_id="sensor-temp-042",
    server="edge-gateway.local",
    port=8883,
    ssl=True,
    ssl_params={"certfile": "/cert/device.crt", "keyfile": "/cert/device.key"}
)
client.connect()
 
# Publish every 5 minutes
while True:
    payload = json.dumps({
        "temperature": 25.3,
        "humidity": 65.2,
        "battery": 3.7
    })
    client.publish(b"factory/zone-a/sensor-temp-042", payload, qos=1)
    time.sleep(300)
 
# MQTT topic design:
#   factory/{zone}/{device_id}/{metric}
#   factory/zone-a/sensor-temp-042/temperature
#   ACL: device cuma bisa publish ke topic sendiri

5.3 Protocol Perbandingan

AspekMQTTCoAPHTTPgRPC
TransportTCPUDPTCPHTTP/2
ModelPub/SubRequest/ResponseRequest/ResponseRPC
Header size2-14 bytes4 bytes> 100 bytes~ 50 bytes
QoS3 levelsConfirmable/NonN/AN/A
TLS✅ (DTLS)
Constrained🟡🟢
Use caseSensor → GatewayDevice → DeviceGateway → CloudInternal microservices

6. Firmware Security — Secure Boot & Signing

6.1 Secure Boot Chain

ROM Bootloader → Bootloader 1 → Bootloader 2 → Kernel → Rootfs
     │               │              │            │         │
  Verify ROM      Verify BL1     Verify BL2   Verify    Verify
  (hardware)      (public key)   (public key)  kernel    rootfs
                                               signature signature

ESP32 Secure Boot v2 Flow:

1. ROM: load bootloader dari flash
2. Bootloader: verify signature menggunakan public key di eFuse
3. Jika valid → boot aplikasi
4. Jika invalid → panic (tidak bisa boot)
5. Public key di-burn di eFuse (write-once, tidak bisa diubah)

Konsekuensi:

  • Tanpa secure boot → attacker bisa flash firmware custom → ambil alih device
  • Dengan secure boot → hanya firmware yang di-sign pabrik yang bisa boot
  • Tapi secure boot gak cegah side-channel attack (glitching, power analysis)

6.2 Firmware Signing

# Generate signing key
openssl ecparam -genkey -name prime256v1 -out firmware.key
openssl ec -in firmware.key -pubout -out firmware.pub
 
# Sign firmware binary
openssl dgst -sha256 -sign firmware.key -out firmware.bin.sig firmware.bin
 
# Verify (di device)
# 1. Hash firmware.bin → SHA256
# 2. Verify signature dengan public key dari eFuse
# 3. Jika valid → boot

6.3 Common Firmware Vulnerabilities

VulnerabilityDampakContoh
Hardcoded credentialsAkses ke device, cloud, atau backendUsername:password di firmware binary
Unencrypted storageEkstraksi data sensitif dari flashWiFi password, API key di plaintext
No signature verificationFirmware arbitrary uploadAttacker flash backdoor firmware
Debug interface enabledAkses via JTAG/SWD ke CPUUART dengan root shell
Default credentialsSSH/telnet dengan default passwordroot:root

Lihat firmware-reverse-engineering-deepdive untuk teknik extract dan analisis firmware.


7. OTA Update Security

7.1 OTA Architecture

┌─────────┐     ┌─────────┐     ┌─────────┐
│  Build   │────→│  Sign   │────→│  Upload │
│  Server  │     │  Server │     │  (S3)   │
│  (CI/CD) │     │  (HSM)  │     │         │
└─────────┘     └─────────┘     └────┬────┘
                                     │
                               ┌─────▼──────┐
                               │  OTA Server │
                               │  (Hawkbit)  │
                               │  / RAUC     │
                               └─────┬──────┘
                                     │
                          ┌──────────┴──────────┐
                          │                     │
                    ┌─────▼─────┐         ┌─────▼─────┐
                    │  Edge     │         │  Edge     │
                    │  Gateway  │         │  Gateway  │
                    │  A        │         │  B        │
                    └─────┬─────┘         └─────┬─────┘
                          │                     │
                    ┌─────▼─────┐         ┌─────▼─────┐
                    │ Sensors   │         │ Sensors   │
                    │  (OTA via  │         │  (OTA via  │
                    │  BLE/WiFi) │         │  BLE/WiFi) │
                    └───────────┘         └───────────┘

7.2 OTA Security Threats

ThreatDeskripsiMitigasi
Rollback attackPaksa device pake firmware lama yang vulnerableVersion counter di secure storage
Firmware interceptionMan-in-the-middle saat download firmwareTLS + signature verification
Malicious update serverAttacker tiru update serverCertificate pinning
Partial updateFirmware corrupt sebagianA/B partition + CRC check
Supply chain attackKompromi di build serverSLSA framework, signed builds

7.3 A/B Partition Update

Slot A (current): [Bootloader] [Kernel A] [Rootfs A]
Slot B (update):                               [Kernel B] [Rootfs B]

Update flow:
1. Download firmware ke slot B (inactive)
2. Verifikasi signature
3. Set boot flag ke slot B
4. Reboot
5. Jika boot gagal → rollback otomatis ke slot A
6. Konfirmasi sukses → slot A jadi target update berikutnya
# RAUC (Robust Auto-Update Controller) — A/B update untuk embedded Linux
# rauc/system.conf
[system]
compatible=my-edge-device
bootloader=uboot
 
[slot.rootfs.0]
device=/dev/mmcblk0p2
type=ext4
bootname=system-a
 
[slot.rootfs.1]
device=/dev/mmcblk0p3
type=ext4
bootname=system-b
 
# Update command
rauc install update-bundle.raucb

8. Network Segmentation untuk IIoT/OT

8.1 Purdue Model untuk OT Security

Purdue Enterprise Reference Architecture (PERA) adalah standar de facto untuk Industrial Control System (ICS) segmentation:

Level 5: Enterprise Network (ERP, email, internet)
    │ Firewall (DMZ)
Level 4: Site Business Operations (historian, asset mgmt)
    │ Firewall (industrial DMZ)
Level 3: Site Operations (SCADA, control center)
    │ Firewall
Level 2: Control (PLC programming, HMI)
    │
Level 1: Basic Control (PLC, RTU)
    │
Level 0: Process (sensors, actuators, motor)

Implementasi di homelab:

IoT VLAN (192.168.10.0/24)   — Tier 1 sensors
  ├── Hanya bisa MQTT ke gateway (port 8883)
  ├── Rate limit: 10 packets/s per device
  ├── DHCP lease: 1 hour
  └── Firewall: reject all inbound from other VLANs

Edge VLAN (192.168.20.0/24)  — Tier 2 gateways
  ├── Bisa MQTT ke cloud (via VPN)
  ├── SSH dari management VLAN only
  ├── DNS hanya ke internal resolver
  └── Firewall: allow outbound MQTT to cloud

Management VLAN (10.0.100.0/24) — Admin access
  ├── SSH bastion host
  ├── VPN termination (WireGuard)
  └── Firewall: allow SSH from VPN only

8.2 IIoT Security Checklist

# 1. Segmentasi jaringan — jangan campur IoT dengan corporate network
# 2. Device authentication — setiap device punya X.509 certificate
# 3. Network monitoring — Suricata/Zeeks di mirror port switch
# 4. Firmware version tracking — inventaris semua device + versi
# 5. Vulnerability scanning — Nessus/OpenVAS untuk known CVEs
# 6. Incident response plan — "ada sensor rogue, apa yang dilakukan?"
# 7. Physical security — jangan biarkan device fisik gak terkunci

9. Edge AI — Inferensi di Edge

9.1 Kenapa Inferensi di Edge?

  • Latency: <10ms response (gak bisa nunggu cloud round-trip)
  • Bandwidth: ngirim 1KB data inferensi vs 1MB raw video
  • Privacy: data sensitif gak perlu ke cloud
  • Offline: tetap jalan walau internet putus

9.2 Inference Engine Comparison

EngineFormatPlatformPerformanceUse Case
ONNX RuntimeONNXCPU/GPU/TPU🟢General purpose
TensorRTONNX → TRTNVIDIA GPU🟢🟢 (max perf)Jetson
TFLiteTFLiteCPU/GPU/Edge TPU🟡Mobile, RPi
OpenVINOIRIntel CPU/GPU/VPU🟢Intel hardware
MediaPipeTFLiteCPU/GPU🟡Vision pipelines

9.3 Example: People Counting di Edge

# ONNX Runtime — edge inference
import onnxruntime as ort
import cv2
import numpy as np
import json
 
# Load model
session = ort.InferenceSession("yolov8n.onnx")
input_name = session.get_inputs()[0].name
 
cap = cv2.VideoCapture(0)
while True:
    ret, frame = cap.read()
    if not ret:
        break
 
    # Preprocess
    input_tensor = cv2.resize(frame, (640, 640))
    input_tensor = input_tensor.transpose(2, 0, 1)[np.newaxis, ...].astype(np.float32) / 255.0
 
    # Inference
    outputs = session.run(None, {input_name: input_tensor})
 
    # Postprocess — count people
    detections = outputs[0][0]
    people_count = sum(1 for d in detections if d[4] > 0.5 and int(d[5]) == 0)
 
    # Publish MQTT (only if count changed)
    payload = json.dumps({"people_count": people_count, "zone": "entrance"})
    client.publish(b"factory/zone-a/camera-01/people", payload)

10. Supply Chain Security untuk IoT

10.1 Supply Chain Threats

1. Design phase: IP theft, malicious hardware backdoor
2. Manufacturing: counterfeit chips, firmware injection
3. Distribution: tampered packaging, swapped devices
4. Deployment: rogue device claiming legitimate identity
5. Decommission: data extraction from decommissioned devices

10.2 Mitigation

PhaseMitigationStandard
ManufacturingHardware root of trust (TPM, eFuse)TCG DICE
FirmwareSigned firmware, reproducible buildsSLSA Level 3+
IdentityX.509 certificate at manufacturingIDevID
DeploymentNetwork admission control (NAC)802.1X
MonitoringAnomaly detection (behavior baseline)NIST SP 800-183

11. Perbandingan Platform Edge Computing

PlatformTier 1Tier 2Tier 3Open SourceLearning Curve
AWS IoT Greengrass✅ AWS🟡Sedang
Azure IoT Edge✅ Azure🟡Sedang
KubeEdge✅ K8s✅ K8s✅ CNCFTinggi
EMQX + Neuron🟡✅ EMQXSedang
Home Assistant🟡🟡 CloudRendah
Custom (Docker + Mosquitto + Node-RED)🟡✅ CustomSedang

🔗 Koneksi ke Catatan Lain


✅ Checklist

  • Paham 3-tier edge architecture dan karakteristik tiap tier
  • Bisa jelasin trade-off keamanan di constrained device
  • Paham perbedaan MQTT vs CoAP vs HTTP untuk IoT
  • Bisa setup MQTT broker + TLS + ACL di edge gateway
  • Paham secure boot chain dari ROM → bootloader → kernel
  • Bisa implementasi A/B partition OTA update
  • Paham Purdue model untuk OT/IIoT segmentation
  • Bisa design VLAN segmentation untuk IoT deployment
  • Paham supply chain security threats untuk IoT device

Roadmap Belajar

HARI 1: Edge Architecture
  - Baca dokumen ini sampai selesai
  - Gambar arsitektur 3-tier untuk use case lo
  - Identifikasi attack surface tiap tier

HARI 2: Tier 1 — Constrained Devices
  - Setup ESP32 dengan Micropython atau ESP-IDF
  - Implementasi MQTT publish dengan TLS
  - Tes deep sleep + wake cycle, ukur power consumption

HARI 3: Tier 2 — Edge Gateway
  - Setup Raspberry Pi sebagai edge gateway
  - Install Mosquitto MQTT broker + TLS
  - Setup Node-RED untuk rule engine
  - ONNX Runtime untuk inferensi

HARI 4: Firmware Security
  - Implementasi secure boot dengan ESP32 Secure Boot v2
  - Setup A/B partition OTA dengan RAUC
  - Tes: flash firmware unsigned → harus gagal boot

HARI 5: Full Stack
  - Deploy EMQX + Kafka di cloud (docker compose)
  - Hubungkan edge gateway → cloud
  - Setup monitoring (Prometheus + Grafana)
  - Tulis incident response plan untuk compromised device

Bottom Line

Edge computing dan IoT bukan hanya soal hardware kecil — ini soal membangun trust dari chip ke cloud. Setiap tier punya attack surface sendiri: Tier 1 diserang via side-channel dan physical tamper, Tier 2 via OS dan software supply chain, Tier 3 via API dan cloud misconfiguration. Security edge yang baik bukan soal satu teknologi ajaib — tapi soal defense in depth yang dimulai dari secure boot di chip, berlanjut ke signed OTA updates, network segmentation, sampe ke cloud-side monitoring. Kelemahan di satu tier mengkompromikan seluruh sistem.

Ponytail

Catatan ini belum mencakup Matter protocol (smart home interoperability standard), LwM2M (Lightweight M2M — device management protocol), TPM/HSM untuk edge device, dan federated learning (AI training terdistribusi di edge tanpa centralize data). Tambahkan ketika implementasi Matter atau butuh hardware security module.