SECURITY ARCHITECTURE FOR MOBILE CLOUD COMPUTING



Similar documents
Security Considerations for Public Mobile Cloud Computing

Mobile Cloud Computing Security Considerations

Cloud Computing: The Next Computing Paradigm

Verifying Correctness of Trusted data in Clouds

CLOUD COMPUTING SECURITY ISSUES

SECURE CLOUD STORAGE PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD

CLOUD COMPUTING An Overview

Cloud SQL Security. Swati Srivastava 1 and Meenu 2. Engineering College., Gorakhpur, U.P. Gorakhpur, U.P. Abstract

White Paper on CLOUD COMPUTING

CLOUD COMPUTING SECURITY ARCHITECTURE - IMPLEMENTING DES ALGORITHM IN CLOUD FOR DATA SECURITY

[Sudhagar*, 5(5): May, 2016] ISSN: Impact Factor: 3.785

Keywords Cloud Storage, Error Identification, Partitioning, Cloud Storage Integrity Checking, Digital Signature Extraction, Encryption, Decryption

Cloud Computing Technology


Data Integrity Check using Hash Functions in Cloud environment

Data Storage Security in Cloud Computing

Improving data integrity on cloud storage services

Cloud Computing Submitted By : Fahim Ilyas ( ) Submitted To : Martin Johnson Submitted On: 31 st May, 2009

Cloud Computing Flying High (or not) Ben Roper IT Director City of College Station

Efficient Framework for Deploying Information in Cloud Virtual Datacenters with Cryptography Algorithms

Cloud Computing Service Models, Types of Clouds and their Architectures, Challenges.

Outline. What is cloud computing? History Cloud service models Cloud deployment forms Advantages/disadvantages

ADVANCE SECURITY TO CLOUD DATA STORAGE

A Secure Strategy using Weighted Active Monitoring Load Balancing Algorithm for Maintaining Privacy in Multi-Cloud Environments

The Cloud at Crawford. Evaluating the pros and cons of cloud computing and its use in claims management

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

Customer Security Issues in Cloud Computing

CLOUD COMPUTING IN HIGHER EDUCATION

Cloud Security and Algorithms: A Review Divya saraswat 1, Dr. Pooja Tripathi 2 1

Tufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao

Cloud Courses Description

FEDERATED CLOUD: A DEVELOPMENT IN CLOUD COMPUTING AND A SOLUTION TO EDUCATIONAL NEEDS

Enabling Public Auditing for Secured Data Storage in Cloud Computing

ISSN: (Online) Volume 2, Issue 5, May 2014 International Journal of Advance Research in Computer Science and Management Studies

A NOVEL APPROACH FOR MULTI-KEYWORD SEARCH WITH ANONYMOUS ID ASSIGNMENT OVER ENCRYPTED CLOUD DATA

Cloud Computing Services In Libraries: An Overview

RSA BASED CPDP WITH ENCHANCED CLUSTER FOR DISTRUBED CLOUD STORAGE SERVICES

Cloud Computing Architecture: A Survey

NCTA Cloud Architecture

How To Understand Cloud Usability

CLOUD COMPUTING. Keywords: Cloud Computing, Data Centers, Utility Computing, Virtualization, IAAS, PAAS, SAAS.

International Journal of Engineering Research and General Science Volume 3, Issue 1, January-February, 2015 ISSN

IJCSIET-ISSUE5-VOLUME1-SERIES1 Page 1

Cloud Computing. Bringing the Cloud into Focus

International Journal of Innovative Technology & Adaptive Management (IJITAM) ISSN: , Volume-1, Issue-5, February 2014

AN IMPLEMENTATION OF E- LEARNING SYSTEM IN PRIVATE CLOUD

How cloud computing can transform your business landscape

Cloud Computing/ Semantic Web Initiatives & Tutorial

A Review of Cloud Environment and Recognition of Highly Secure Public Data Verification Architecture using Secure Public Verifier Auditor

Research Paper Available online at: A COMPARATIVE STUDY OF CLOUD COMPUTING SERVICE PROVIDERS

Cloud Computing Services and its Application

Research Paper on Data Integrity Checking In Cloud Computing

Cloud Computing. Chapter 1 Introducing Cloud Computing

Mobile and Personal Cloud Computing The Next Step in Cloud Computing

Fully homomorphic encryption equating to cloud security: An approach

Future of Cloud Computing in India

Mobile Hybrid Cloud Computing Issues and Solutions

SCADA Cloud Computing

Information Security: Cloud Computing

Cloud Computing in Higher Education: Impact and Challenges

(C) Global Journal of Engineering Science and Research Management

Cloud Computing: Advantages and Security Challenges

Cloud Courses Description

Hadoop in the Hybrid Cloud

21/09/11. Introduction to Cloud Computing. First: do not be scared! Request for contributors. ToDO list. Revision history

DATA SECURITY MODEL FOR CLOUD COMPUTING

Keywords Cloud Computing, CRC, RC4, RSA, Windows Microsoft Azure

SaaS, PaaS & TaaS. By: Raza Usmani

Lecture 02a Cloud Computing I

How To Secure Cloud Computing, Public Auditing, Security, And Access Control In A Cloud Storage System

Role of Cloud Computing in Education

How To Design A Cloud Data Storage Service For A Cloud Computer System

Chapter 1: Introduction

Chapter 1 Introduction

Cloud Computing. Karan Saxena * & Kritika Agarwal**

CHALLENGES AND ISSUES OF DEPLOYMENT ON CLOUD

Cloud Computing. Chapter 1 Introducing Cloud Computing

Addressing Data Security Challenges in the Cloud

Data Integrity for Secure Dynamic Cloud Storage System Using TPA

Enhancing Security of Cloud Computing using Elliptic Curve Cryptography

A SURVEY OF CLOUD COMPUTING: NETWORK BASED ISSUES PERFORMANCE AND ANALYSIS

A Survey of Cloud Based Health Care System

Third Party Auditing For Secure Data Storage in Cloud through Trusted Third Party Auditor Using RC5

Secure Data transfer in Cloud Storage Systems using Dynamic Tokens.

An Efficient data storage security algorithm using RSA Algorithm

How cloud computing can transform your business landscape.

Cloud Computing. Chapter 1 Introducing Cloud Computing

THE IMPACT OF CLOUD COMPUTING ON ENTERPRISE ARCHITECTURE. Johan Versendaal

Where in the Cloud are You? Session Thursday, March 5, 2015: 1:45 PM-2:45 PM Virginia (Sheraton Seattle)

Enhancing Data Integrity in Cloud Storage by Ensuring Maximum Availability

CLOUD COMPUTING SECURITY CONCERNS

Transcription:

SECURITY ARCHITECTURE FOR MOBILE CLOUD COMPUTING Ali Newaz Bahar 1*, Md. Ahsan Habib 2, Md. Manowarul Islam 3 1, 2, 3 Department of Information and Communication Technology, Mawlana Bhashani Science and Technology University, Bangladesh * E-mail of the corresponding author:bahar_mitdu@yahoo.com ABSTRACT Cloud computing has become another buzzword to its tremendous business prospects. On the other hand cloud computing application on mobile internet are developed frequently, its leads security problems, in particular, is one of the most argued-about issues in the mobile cloud computing field. So, one of the key challenges is to design the cloud computing security architecture for mobile device on the internet. In this paper we proposed security architecture for mobile cloud. Keywords: Cloud computing, SaaS, PaaS, IaaS, MCC. 1. INTRODUCTION Cloud computing is a remote, internet-based computing, which provides shared resources, software, and information to computers and other devices such as mobile, PDA on demand. Now a day s, cloud computing is more and more cult to its agility, low cost, device independence, reliability (multiple redundant sites), scalability, security and reduced maintenance cost. Mobile cloud computing is a computing idea, where a mobile user got all the cloud computing services in his or her mobile devices through internet. Mobile cloud merged the elements of mobile networks and cloud computing, thereby providing the optimal services for mobile users. In mobile cloud computing, mobile devices do not need a powerful configuration (e.g., CPU speed and memory capacity) since all the data and complicated computing modules can be processed in the clouds [1] [2]. In cloud computing, top three IT cloud services challenges are security, availability and performance. The cloud computing security issue is always the key factor and it is ranked one [3]. 11

Security Availability Performance 83.30% 82.90% 87.50% On-demand payment model may cost more - Lack of interoperability standards Bringing back In-house may be difficuit Hard to integrate with in-house IT 76.80% 76.00% 79.80% 81.00% 82.20% Not enough ability to customer 70.00% 75.00% 80.00% 85.00% 90.00% Figure 1: Results of IDC survey ranking security challenges, 2010 [3] 2. THE CLOUD COMPUTING 2.1 Cloud Services Cloud computing service are broadly classified into three delivery models: the Infrastructure as a Service (IaaS); the Platform as a Service (PaaS); and the Software as a Service (SaaS) [8, 9, 10, 11]. 2.1.1 Software as a service (SaaS) It is a model of software deployment whereby the provider licenses an application to the customers for use as a service on demand. The capability provided to the End users is to use the provider s applications running on a cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a web browser (e.g., web enabled e-mail). The end users does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user specific application configuration settings. Today SaaS is offered by companies such as Google, Salesforce, Microsoft, Zoho, etc. 2.1.2 Platform as a service (PaaS) 12 It is the delivery of computing platform and solution stack as a service. The capability provided to the end users is to deploy onto the cloud infrastructure user created or acquired applications created using programming languages and tools supported by the provider. The end user does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage. PaaS providers offer a predefined combination of OS and application servers, such as WAMP platform [12] (Windows, Apache, MySql and PHP), LAMP platform (Linux, Apache, MySql and PHP), and XAMP(X-cross platform) limited to J2EE, and Ruby etc. Google Engine, Salesforce.com, etc are some of the popular PaaS examples. 2.1.3 Infrastructure as a service (IaaS) It is the delivery of computer infrastructure (typically a platform virtualization environment) as a service. The capability provided to the end users is to provision processing, storage, networks, and other fundamental computing resources where the end user is able to deploy and run arbitrary software, which can include operating systems

and applications. The user does not manage or control the underlying cloud infrastructure but it has control over operating systems, storage, deployed applications, and possibly limited control of select networking components. Some of the common examples are Amazon, GoGrid, 3tera, etc. SaaS PaaS IaaS Email, ERM, Collaborative, ERP Twitter, Facebook, Yahoo, Gmail lication Development, Decision Support Web Streaming Google s Engine, Microsoft Azure System Management, Caching Security, Networking Legacy AWS EC2, Joyent, Rackspace Figure 2: Cloud Service 2.2 Cloud lication Deployment Models There are three deployment models for Cloud computing: public, private, and hybrid [4]-[7]. 2.2.1 Public Cloud In this model, computing resources are dynamically provisioned over the Internet via Web applications or Web services from an offsite third party provider. Public clouds are run by third parties, and applications from different customers are likely to be mixed together on the cloud s servers, storage systems, and networks. 2.2.2 Private Cloud The physical infrastructure may be owned by and managed by the organization or the designated service provider [9] with an extension of management and security control planes controlled by the organization. 2.2.3 Hybrid Cloud This model of Cloud computing is a composition of two or more Clouds (public or private) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability. SaaS IaaS Hybrid SaaS PaaS IaaS P u b l i c PaaS Private Cloud Bing Map Service ArcGIS Online Service C l o u d ArcGIS ArcGIS Server Web Maps Maplt Figure 3: Cloud lication Deployment Models 13

3. MOBILE CLOUD COMPUTING Mobile computing [13] means using portable devices to run stand-alone applications and/or accessing remote applications via wireless networks. In mobile cloud computing mobile network and cloud computing are combined, thereby providing an optimal services for mobile users. Cloud computing exists when tasks and data are kept on the internet rather than on individual devices, providing on-demand access. lications are run on a remote server and then sent to the user [1, 2]. Figure 4 shows an overview of the mobile cloud computing architecture. Collaboration MW OS-1 PVI 1 Collaboration MW OS-1 PVI 1 Cloud Infrastructure Virtualization Hyper vision Storage PVI Management & Provisioning Manager Hardware Hardware Hardware Figure 4: Mobile Cloud Computing Architecture 4. DATA SECURITY ISSUES IN THE MOBILE CLOUD 4.1 Privacy and Confidentiality Once the client host data to the cloud there should be some guarantee that access to that data will only be limited to the authorized access. Inappropriate access to customer sensitive data by cloud personnel is another risk that can pose potential threat to cloud data. Assurances should be provided to the clients and proper practices and privacy policies and procedures should be in place to assure the cloud users of the data safety. 14 The cloud seeker should be assured that data hosted on the cloud will be confidential. 4.2 Integrity With providing the security of data, cloud service providers should implement mechanisms to ensure data integrity and be able to tell what happened to a certain dataset and at what point. The cloud provider should make the client aware of what particular data is hosted on the cloud, the origin and the integrity mechanisms put in place. 4.3 Location and Relocation

Cloud Computing offers a high degree of data mobility. Consumers do not always know the location of their data. However, when an enterprise has some sensitive data that is kept on a storage device in the Cloud, they may want to know the location of it. They may also wish to specify a preferred location (e.g. data to be kept in India). This, then, requires a contractual agreement, between the Cloud provider and the consumer that data should stay in a particular location or reside on a given known server. Also, cloud providers should take responsibility to ensure the security of systems (including data) and provide robust authentication to safeguard customers information. Another issue is the movement of data from one location to another. is initially stored at an appropriate location decide by the Cloud provider. However, it is often moved from one place to another. Cloud providers have contracts with each other and they use each other s resources. 4.4 Availability Customer data is normally stored in chunk on different servers often residing in different locations or in different Clouds. In this case, data availability becomes a major legitimate issue as the availability of uninterruptible and seamless provision becomes relatively difficult. 5. PRIVACY DESIGN BY MOBILE CLOUD The Fig. 3 shows a likely minimalist of mobile cloud computing architecture that maintains privacy and usability when data is encrypted and outsourced into the Cloud. This proposed architecture is mainly designed to overcome one of the challenging problems, this model ensuring that organizations that make legitimate requests are granted access to encrypted data requestor s agent and two service providers the Cloud access control service provider (ACSP) [14] and the Cloud data service provider (DSP). The consumer s agent encrypts data prior to sending it to the Cloud DSP, and issues access delegation to the Cloud ACSP that will handle data utilization requests from the requestor. When one party wants to access the data through his or her mobile device, he or she contact the cloud access control service provider for access authorization, for the sake of privacy protection requester would not go directly to the Cloud DSP [15]. Upon authentication of the requestor, and satisfaction of any criteria set out in the access delegation, the Cloud ACSP would issue an access authorization to the requestor. This proposed authorization message would consist of three components, each with a different effect. First, it would indicate to the Cloud DSP that the requestor had been authenticated, and was permitted to access the consumer s data. Second, the Cloud ACSP would include in the message any available information regarding the subset of data to be released to the requestor, with the goal of restricting requestor access to be only the minimum required for its stated purposes. Finally, the authorization message would also contain a decryption key for the released data, engineered so as to only allow the requestor decrypt capabilities. Should the requestor be able to circumvent this system, contacting the Cloud DSP directly and managing to succeed in retrieving data, the absence of the appropriate decryption key implies that all that is retrieved is meaningless cipher text. Similarly, if the Cloud DSP were compromised or actively colluded with the requestor, again, only cipher text could be obtained. This architecture needs to collaborate between two agents the consumer s agent and the 15

Consumer Agent Access Delegation Requester Agent ACS Cloud Identity Service Provider Access Request CSP Access Author Encrypted Encrypted Decrypted Figure 5: Privacy design model for mobile cloud 6. PRIVACY SCHEMA DETAILS Our proposed security model involves three steps: o Key Generation o Encryption o Decryption 6. 1. Key Generation Before the data is encrypted, Key generation should be done by the Cloud Identity Service Provider. Let F be a pseudo-random function, let Ƞ be a pseudo-random permutation and let H be a cryptographic hash function. Generate pk = (N, g) and sk = (e, d, v), such that ed 1(modp q ), e is a large secret prime such that e > λ and d > λ, g is a generator of QRN and v R {0, 1}k. Output (pk, sk). Tag Block (pk, sk, m, i): 1. Let (N, g) = pk and (d, v) = sk. Generate Wi = v i. 16 Compute Ti,m = (h(wi) gm) d mod N. 2. Output (Ti,m, Wi). 6.2 Encryption Encryption is the process of converting original plain text (data) into cipher text (data). Steps: 1. Cloud service provider should give or transmit the Public Key (N, g) to the user who wants to store the data with him or her. 2. User data is now mapped to an integer by using an agreed upon reversible protocol, known as padding scheme. 3. is encrypted and the resultant cipher text (data) C is C = mg (mod N). 4. This cipher text or encrypted data is now stored with the Cloud service provider. 6.3 Decryption: Decryption is the process of converting the cipher text (data) to the original plain text (data).

Steps: 1. The cloud user requests the Cloud service provider for the data. 2. Cloud service provider verifies the authenticity of the user and gives the encrypted data i.e, C. 3. The Cloud user then decrypts the data by computing, m = Cd (mod N). 4. Once m is obtained, the user can get back the original data by reversing the padding scheme. 7. CONCLUSION In the field of computing, Mobile Cloud Computing (MCC) has brought a new dimension to Networking Service. The main vision of this service is interconnected Mobile Cloud where application providers and enterprises will be able to access valuable network and billing capabilities across multiple networks, making it easy for them to enrich their services whether these applications run on a mobile device, in the web, in a SaaS Cloud, on the desktop or an enterprise server. Mobile Cloud Computing (MCC) is a combination of mobile networks and cloud computing, so the MCC security related issues are then divided into two categories: mobile network security and data security on the cloud. In this paper, we have discussed the data security issues considering on mobile cloud computing and securing mobile cloud computing user s privacy. REFERENCES [1] http://www.smartdevelopments.org/?p=84 [2] http://www.readwriteweb.com/archives/why_clo ud_computing_is_the_future_of_mobile.php [3] F. Gens. (2010, Feb.). New IDC IT Cloud Services Survey: Top Benefits and Challenges, IDCeXchange,Available:<http://blogs.idc.com/ie/?p=730> [Feb. 18, 2010]. [4] R.J. Bayardo, and R. Srikant (2003) Technological Solutions for Protecting Privacy. IEEE Computer, 36(9), p. 115-118. [5] E. Bertino (2009) Privacy-preserving Digital Identity Management for Cloud Computing. IEEE Engineering Bulletin, 32, p. 21-27. [6] J.Brodkin (2008) Seven Cloud-Computing Security Risks. InfoWorld. seven-cloudcomputing-security-risks, p.853. [7] R. Buyya, C.S. Yeol, and S. Venugopal (2008) Market-Oriented Cloud Computing: Vision, Hype, and Reality for Delivering IT Services as Computing Utilities. In Proc. of 10th IEEE International Conference on High Performance Computing and Communications (HPCC 08), p.5-13. [8] NEC Company, Ltd. and Information and Privacy Commissioner, Ontario, Canada. Modelling Cloud Computing Architecture Without Compromising Privacy: A Privacy by Design roach, (2010), http://www.ipc.on.ca/images/resources/pbd- NEC-cloud.pdf. [9] https://wiki.cloudsecurityalliance.org/guidance/in dex.php/cloud_computing_architectural_frame work. [10] http://andromida.hubpages.com/hub/cloudcomputing-architecture. [11] Sun Microsystems, Inc., Introduction to Cloud Computing Architecture, White Paper, 1st Edition, (2009) June. [12] http://www.wampserver.com/en/ [accessed on 15 July 2012] [13] Mahadev Satyanarayanan, Mobile computing: The next decade, Proc. 11th Intl. Conf. on Mobile Management (MDM 10), Kansas, MO, 2010. [14] Q. Wang, C. Wang, J. Li, K. Ren, and W. Lou, Enabling public verifiability and data dynamics for storage security in cloud computing, in Proc. of ESORICS 09, Saint Malo, France, Sep. 2009. [15] Cloud Security Alliance, Security guidance for critical areas of focus in cloud computing, 2009 17

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information