Security Infrastructure for Trusted Offloading in Mobile Cloud Computing

Security Infrastructure for Trusted Offloading in Mobile Cloud Computing Professor Kai Hwang University of Southern California Presentation at Huawei Forum, Santa Clara, Nov. 8, 2014 Mobile Cloud Security and Big Data Privacy Issues and their plausible Solutions Convergence of Five Emerging Technologies: Big Data Science, Cloud Computing, Social Networks, Mobile Systems, and the IoT. Cloud-based Radio Access Networks (C-RAN) for building the 5G Mobile Core Networks. New Solutions from Academia and Industry: WiFi cloudlets, mobile clouds, Data Coloring, PowerTrust Reputation System, Network Worm Containment, Hybrid IDS, Spam Filtering, and Security Analytics. Point of Contact: kaihwang@usc.edu 1

Privacy and Security Enforcement Infrastructure security Data Privacy Data Management Integrity/ Reactive Security Secure Computations in Distributed Programming Frameworks Security Best Practices for Nonrelational Data Stores Privacy Preserving Data Mining and Analytics Cryptographically Enforced Data Centric Security Granular Access Control Secure Data Storage and Transaction Logs Granular Audits Data Provenance End-point validation and filtering Real time Security Monitoring Source: K. Hwang, G. Fox, and J. Dongarra, Distributed and Cloud Computing : from Parallel Processing to The Internet of Things, Morgan Kaufmann, Oct. 2011 2

Security and Trust Barriers in Mobile Cloud Computing Protecting datacenters must first secure cloud resources and uphold user privacy and data integrity. We suggested the use of a trust overlay network to build reputation systems for trusted cloud computing A watermarking technique is suggested to protect shared data objects and massively distributed software modules. These techniques safeguard user authentication and tighten the data access-control control in public clouds. The new approach could be more cost-effective than using the traditional encryption and firewalls Prof. Kai Hwang, USC

Cloudlets- A trusted portal for Mobile Devices with cognitive abilities and pervasive capacity to access distance cloud to catch special events, check security alerts, and make intelligent decision making, etc. Source: Satyanarayana, et al, The Case of VM-based Cloudlets in Mobile Computing, IEEE Pervasive Computing, April 2009 Prof. Kai Hwang, USC, Huawei Forum, Nov.8, 2014 9-4

Fast VM synthesis makes it possible to build VM overlay in transient cloudlets, that is customized to bind cloud resources in distance to satisfy the user need. Trust and security issues are major factors in Cloudlet deployment. Prof. Kai Hwang, USC, Huawei Forum, Nov.8, 2014 9-5

Basic Concept of Extending the Cloudlets into A Mobile Mesh

Mobile Cloud Offloading Environment Cloudlet Mesh Remote Cloud Cloudlet Cloudlet The Internet Cloudlet Mobile Devices Remote Cloud Source: Y. Shi, S. Abhilash and K. Hwang, Cloudlet Mesh for Securing Mobile Clouds: Security Infrastructure and Protocols, IEEE Int l Conf. Mobile Cloud Computing, March 2015 (submitted in Nov. 2014)

Two approaches for Cloudlet: VM migration (~8GB) Dynamic VM synthesis (100 ~ 200MB) Performance is determined by local recourses: Bandwidth Compute power 8

For 100 Mbps links: VM overlay is 100~200MB Synthesizing a VM takes around 60 ~ 90s Other New Wireless Technologies 802.11n: 300~600Mbps UWB: 100~480 Mbps 60-GHz radio: 1~5 Gbps Some Design Considerations by Satyanarayana, et al, (2009): 9

Mobility Support and Security Measures for Mobile Cloud Computing Prof. Kai Hwang, USC, Huawei Forum, Nov.8, 2014 9-10

Security Mechanisms in Cloudlet Mesh Prof. Kai Hwang, USC, Huawei Forum, Nov.8, 2014 9-11

Security Protocols Developed at USC for Mobile Cloud Computing Prof. Kai Hwang, USC, Huawei Forum, Nov.8, 2014 9-12

Collective Intrusion Detection Results by Multiple Cloudlets in the Mesh Prof. Kai Hwang, USC, Huawei Forum, Nov.8, 2014 9-13

Cloud Service Models and Their Security Demands Source: K. Hwang and D. Li, Trusted Cloud Computing with Secure Resources and Data Coloring, IEEE Internet Computing, Vol.14, Sept. 2010. Prof. Kai Hwang, USC

An DHT-based Trust Overlay Network for Developing Reputation Systems to Secure Cloud Resources over Datacenters Sources: (1). M. Cai, K. Hwang, Y. K. Kwok, S. Song, and Y. Chen, Collaborative Internet Worm Containment, IEEE Security and Privacy, May/June 2005, pp.25-33. (2) Y. Chen, K. Hwang, and W. S. Ku, Collaborative Detection of DDoS Attacks over Multiple Network Domains, IEEE Trans. on Parallel and Distributed Systems, Dec. 2007.

Cloud and Data Security and Copyright Protection Source: S. Song, K. Hwang, R Zhou, and Y.K. Kwok, Trusted P2P Transactions with Fuzzy Reputation Aggregation, IEEE Internet Computing, Special Issue on Security for P2P and AD Hoc Networks, Vol.9, Nov/Dec. 2004.

Data Coloring for Privacy Protection on The Cloud Source: K. Hwang and D. Li, Trusted Cloud Computing with Secure Resources and Data Coloring, IEEE Internet Computing, Vol.14, Sept. 2010.

Data Color Matching for owner/user authentication and authorization purposes in a cloud environment

This work were cited 511 times by Google Scholar Citations as of today 19

HIDS for Automated Intrusion Response generation Source: K. Hwang, M. Cai, Y. Chen, and M. Qin, Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes, IEEE Trans. on Dependable and Secure Computing, Vol.4, No.1, Jan-March, 2007.

CSA Top 10 Data Security and Privacy Challenges 1. Secure computations 2. Secure non-relational datastores 3. Secure data storage and logs 4. End-point input validation/filtering 5. Real time security monitoring 6. Privacy- preserving data mining and analytics 7. Cryptographic access control 8. Granular access control 9. Granular audits 10. Data provenance 2 1

BYOD (Bring your Own Device) vs. BYOC (Bring Your Own Cloud) The BYOD has already posed an increased risk to many business organizations. With BYOC, employees are installing public cloud services such as Dropbox and icloud on their corporate desktops and mobile devices. BYOC introduces additional security threats to the organizations by blurring the boundaries between personal data and business confidential data. This makes the organizations to deman more control on their security policy for access and distribution of corporate information. BYOC Demands More Security Enforcement 2 2 Prof. Kai Hwang, USC, May 28, 2014

Building Accountability Systems To Establish SLA Compliance Between Users and Providers 23

From 3G and 4G to 5 G Mobile Core Networks Prof. Kai Hwang, USC, Huawei Forum, Nov.8, 2014 9-24

Virtual Base Station Pool and C-RAN Bear Network (3)

Trusted Cloud Mashup for Big Data Apps Prof. Kai Hwang, USC, 2014

MapReduce Filtering of Twitter Spams on The AWS EC2 Platform Prof. Kai Hwang, USC, 2014

MapReduce Filtering Results of Spam Detection in Twitter Blogs over The Amazon EC2 Cloud Source: Y. Shi, S. Abhilash and K. Hwang, Cloudlet Mesh for Securing Mobile Clouds: Security Architecture and Protocols, IEEE Int l Conf. Mobile Cloud Computing, March 2015 Prof. Kai Hwang, USC, Huawei Forum, Nov.8, 2014 9-28

Architecture of The Internet of Things Application Layer Merchandise Tracking Environment Protection Intelligent Search Telemedicine Intelligent Traffic Smart Home Cloud Computing Platform Network Layer Mobile Telecom Network The Internet Information Network RFID Sensor Network GPS Sensing Layer RFID Label Sensor Nodes Road Mapper Source: K. Hwang, G. Fox, and J. Dongarra, Distributed and Cloud Computing : from Parallel Processing to The Internet of Things, Morgan Kaufmann Publisher, Oct. 2011 Prof. Kai Hwang, USC, Huawei Forum, Nov.8, 2014 9-29

Cloud Support of the Internet of Things and Social Network Applications 1. Smart and pervasive cloud applications for individuals, homes, communities, companies, and governments, etc. 2. Coordinated calendar, itinerary, job management, events, and consumer record management (CRM) services 3. Coordinated word processing, on-line presentations, web-based desktops, sharing on-line documents, datasets, photos, video, and databases, content distribution, etc. 4. Deploy conventional cluster, grid, P2P, social networking applications in the cloud environments, more cost-effectively. 5. Earthbound applications that demand elasticity and parallelism to avoid large data movement and reduce the storage costs Prof. Kai Hwang, USC, Huawei Forum, Nov.8, 2014 9-30

Big Data Security in Clouds 3 1 Prof. Kai Hwang, USC, Nov. 8, 2014

Concluding Remarks : Mobile cloud security and big data privacy are facing a trust dilemma by the general public. Without security assurance, most users will be reluctant to accept clouds, P2P, social networks, and IoT apps in the future. Due to the economies of scale, the cloud providers must have dedicated teams of security professionals or specialists. Cloud datacenters must have stronger protection in par of the military standards. SMACT technologies (Social, Mobile, Analytics, Clouds, and IoT) are changing our world, reshaping the human relations, promoting the global economy, and triggering even some societal and political reforms in different regions of the world like it or not. Contact: kaihwang@usc.edu