International Journal of Scientific & Engineering Research, Volume 4, Issue 9, September-2013 2531
ISSN 2229-5518
Security Aspects of Mobile Cloud Computing
Deepak. G, Dr. Pradeep. B. S, Shreyas. S
Abstract— Cloud computing is a distributed computing system that offers managed, scalable and secured and high available computation resources and software as a service. Mobile computing is the combination of the heterogeneous domains like Mobile computing, Cloud computing & wireless networks.This paper mainly discusses the literature review on Cloud and the Mobile cloud computing. Here in this paper we analyse existing security challenges and issues involved in the cloud computing and Mobile cloud environment. This paper identifies key issues, which are believed to have long-term significance in cloud computing & mobile cloud security and privacy, based on documented problems and exhibited weaknesses.
Index Terms— Cloud, Mobile Cloud, SaaS, PaaS, IaaS, Virtualization, Latency, Reliability.
—————————— ——————————
s the need of information storage, retrieval and computing are increasing day by day, the approach of organization are moving towards the distributed architecture from the traditional monolithic processing and storage model to a Cloud based approach. Cloud computing
incorporates virtualization, on-demand deployment.
Cloud computing is the latest addition to the myriad of distributed computing paradigm, it shifts the location of computing infrastructure to the network in order to reduce the costs associated with the management of hardware and software resources. Cloud computing is an evolving term that describes the development of many existing technologies and approaches to computing into something different. Cloud separates application and information resources from the underlying infrastructure, and the mechanisms used to deliver them. Cloud enhances collaboration, agility, scaling, and availability, and provides the potential for cost reduction through optimized and efficient computing. Cloud consists of the collection of services, applications, information, and infrastructure which comprises pools of computer, network, information, and storage resources.
Cloud environments - by virtue of their flexibility, openness, and often public availability, it challenges many fundamental assumptions on application security. Some of these assumptions are well understood, however many of them are still not understood. Cloud Computing is a particular challenge for applications across the layers of Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS). Cloud- based software applications needs a
design of rigorous applications that resides in a classic DMZ. This includes the analysis of the traditional aspects of managing the confidentiality of the information, integrity, and availability. Since the data is public available security is the main concern for securing the theft of data or vulnerabilities [14] for these various security measures like encryption & access schemes has to be taken.
————————————————
• Deepak. G, working as Assistant Professor at Dayananda Sagar College of Engineering, India, And pursuing Ph.d at VTU, Belgaum, India. His area of interests includes Security issues of Cloud & Mobile Cloud Computing. Email-ID:- deepak.dsce@gmail.com
• Dr. Pradeep B.S, working as a Director at International R&D division, Infotop Network pvt. Ltd., Linyi, China-276000. His area of interest includes Mobile computing, Security issues in Cloud and Mobile Cloud Computing. Email-ID:- pradeepbs78@yahoo.com
• Shreyas S, pursuing B.E degree in Department of ISE under VTU at Dayananda Sagar College of engineering, Bangalore, India. His areas of interest include wireless Communication, artificial intelligence and Cloud computing. . Email-ID:- shreyassrinath94@gmail.com
Current internet security protocols have been struggling to keep up with the fast evolution from traditional data centers to today’s mobile cloud computing technologies and the changing requirements following these advances. Traditional IT architecture uses a static security configuration, but today’s
IJSER © 2013
International Journal of Scientific & Engineering Research, Volume 4, Issue 9, September-2013 2532
ISSN 2229-5518
advanced mobile cloud computing architecture needs dynamic security configuration for handling mobile users. Mobile cloud computing was defined on 5th March 2010 entry in the open gardens blog as “The availability of cloud computing services in mobile echo system”. This incorporates elements, including consumer, enterprise, end-to-end security and mobile broadband-enabled services. Mobile cloud computing provides availability of the services in a mobile ecosystem. This incorporates elements including consumer, enterprise, femto-cells, transcoding, end to end security, home gateways and mobile broadband enabled services. The information housed on the cloud is often seen as valuable to individuals with malicious intent. There is a lot of personal information and potentially secure data that people store on their computers, and this information is now being transferred to the cloud. This makes it critical for us to understand the security measures that our cloud provider has in place, and it is equally important to take personal precautions to secure our data [17]. The first thing we must look into is the security measures that your cloud provider already has in place. These vary from provider to provider and among the various types of clouds. What encryption methods do the providers have in place? What methods of protection do they have in place for the actual hardware that your data will be stored on? Will they have backups of our data? Do they have firewalls set up?.
Mobile cloud computing is unique from other computing models like global computing, grid computing, and internet computing in various aspects of on demand service provision, user centric interfaces, guaranteed Quality of Service and autonomous system’s. The techniques used in cloud computing are as follows
3. Application Programming Interface (API): API’s plays the vital role cloud computing. The cloud services depend on the APIs which allow’s deployment and configuration through
them. Based on the API category used viz. control, data and application, different functions of APIs are invoked and services are rendered to the users accordingly.
All According to a Gartner survey on cloud computing revenues, the cloud market was worth USD 58.6B in 2009, is expected to be USD 68B in 2010 and will reach USD 148B by
2014. These revenues imply that cloud computing is a promising platform. On the other hand, it increases the attackers’ interest in finding existing vulnerabilities in the model [6].
Some of the Essential characteristics of the cloud computing are as stated below [15]:-
IJSER © 2013 http://www.ijser.org
International Journal of Scientific & Engineering Research, Volume 4, Issue 9, September-2013 2533
ISSN 2229-5518
server.
Cloud provides offers services that can be grouped into 3 categories:-
1. Software as a Service (SaaS): Its can be referred as on demand software, it’s a software delivery model in which software and associated data are centrally hosted on the cloud. SaaS is accessed by users using a thin client via a web browser. In SaaS, a complete application is offered to the customer, as a service on demand. A single instance of the service runs on the cloud & multiple end users are serviced. On the customer’s side, there is no need for upfront investment in servers or software licenses, while for the provider, the costs are lowered, since only a single application needs to be hosted & maintained, where cloud providers deliver applications hosted on the cloud infrastructure as internet based service for end users without installing the application on customer’s computer [1], [2].
2. Platform as a Service (Paas): Platform as a service (PaaS) provides a computing platform and a solution stack as a service. The consumer creates the software using tools and/or libraries from the provider. The consumer also controls software deployment and configuration settings. The provider provides the networks, servers, storage and other services PaaS attempts to support use of the application by many concurrent users, providing concurrency management, scalability, and security. The customer has the freedom to build his own applications, which runs on the provider’s infrastructure. To meet manageability and scalability requirements of the applications, PaaS providers offer a prede- fined combination of OS and application servers, such as LAMP platform (Linux, Apache, MySql and PHP) etc. Services provided by this model include all phases of the system development life cycle (SDLC) and can use application program interface (API), website portals, or gateway software. Buyers do need to look closely at specific solutions, because some providers do not allow software created by their customers to be moved off the provider’s platform.
3. Infrastructure as a Service (Iaas): IaaS provides basic storage and computing capabilities as standardized services over the network. Servers, storage systems, networking equipment, data centre space etc. are pooled and made available to handle workloads. The customer would typically deploy his own software on the infrastructure. As the name implies, you are buying infrastructure. You own the software and are purchasing virtual power to execute as needed. This service model is based on the virtualization technology. This is much like running a virtual server on your own equipment, except you are now running a virtual server on a virtual disk.
Deploying cloud computing can differ depending on requirements, each with specific characteristics that support the needs of the services and users of the clouds in particular ways. The cloud computing model has three service delivery models and main four deployment models [8]. The deployment models are:-
a. Private Cloud — the cloud infrastructure has been deployed, and is maintained and operated only for a specific organization. The cloud may be hosted within the organization or externally and is managed internally or by a third-party. This model does not benefit from the less hands on management, or from the economic advantages that make cloud computing such an intriguing concept.
b. Public Cloud — a public cloud can be accessed by any subscriber with an internet connection and access to the cloud space . The cloud infrastructure is made available to the public on a commercial basis by a cloud service provider. This enables a consumer to develop and deploy a service in the cloud with very little financial implications compared to the capital expenditure requirements normally associated with other deployment options.
c. Community cloud — the cloud infrastructure is shared among a number of organizations with similar interests and requirements. It can be managed internally or by a third party and hosted within the organization or externally. The costs are shared among fewer users than a public cloud. Hence a community cloud benefits from medium costs as a result of a sharing policy. By means of comparison, with the private cloud the costs increase alongside the level of expertise needed.
d. Hybrid cloud — is a combination of two or more clouds (private, community or public) that remain unique entities but are bound together, offering the benefits of multiple deployment models. By utilizing “hybrid cloud” architecture, companies and individuals are able to obtain degrees of fault tolerance combined with locally immediate usability without being entirely dependent on third party services. Hybrid Cloud architecture requires both on-premises resources and off-site (remote) server based cloud infrastructure. Hybrid
IJSER © 2013 http://www.ijser.org
International Journal of Scientific & Engineering Research, Volume 4, Issue 9, September-2013 2534
ISSN 2229-5518
clouds lack the flexibility, security and certainty of in-house applications. However, they provide the flexibility of in-house applications with the fault tolerance and scalability of cloud based services.
The fundamental factor defining the success of any new computing technology is the level of security it provides [12]. At-least we can access our hard drives and systems whenever we wish to, but cloud servers could potentially reside anywhere in the world and any sort of internet breakdown can deny us access to the data stored in the cloud. The cloud service providers insist that their servers and the data stored in them is sufficiently protected from any sort of invasion and theft. Such companies argue that the data on their servers is inherently more secure than data residing on a myriad of personal computers and laptops. However, it is also a part of cloud architecture, that the client data will be distributed over these individual computers regardless of where the base repository of data is ultimately located. There have been instances when their security has been invaded and the whole system has been down for hours.
Although cloud computing service providers touted the security and reliability of their services, actual deployment of cloud computing services is not as safe and reliable as they claim. In 2009, the major cloud computing vendors successively appeared several accidents. Amazon's Simple Storage Service was interrupted twice in February and July
2009. This accident resulted in some network sites relying on a single type of storage service were forced to a standstill. In March 2009, security vulnerabilities in Google Docs even led to serious leakage of user private information. Google Gmail also appeared a global failure up to 4 hours. It was exposed that there was serious security vulnerability in VMware virtualization software for Mac version in May 2009. People with ulterior motives can take advantage of the vulnerability in the Windows virtual machine on the host Mac to execute malicious code. Microsoft's Azure cloud computing platform also took place a serious outage accident for about 22 hours. Serious security incidents even lead to collapse of cloud computing vendors. As administrators’ misuse leading to loss of 45% user data, cloud storage vendor Link Up had been forced to close. When it comes to Security, cloud really suffers a lot [7], [11]. The vendor for Cloud must make sure that the customer does not face any problem such as loss of data or data theft. There is also a possibility where a malicious user can penetrate the cloud by impersonating a legitimate user, there by infecting the entire cloud thus affecting many customers who are sharing the infected cloud. Some of the problem which is faced by the Cloud computing [9].
there is a lack of data integrity in cloud computing.
IJSER © 2013 http://www.ijser.org
International Journal of Scientific & Engineering Research, Volume 4, Issue 9, September-2013 2535
ISSN 2229-5518
Open Grid Forum, Open Cloud Consortium, National Institute of Standards and Technology, Storage Networking Industry Association etc., centered their activity on the development of working standards for different aspects of the cloud technology. The excitement around cloud has created a flurry of standards and open source activity leading to market confusion. That is why certain working groups like Cloud Standards Coordination, TM Forum, and etc. act to improve collaboration, coordination, information and resource sharing between the organizations acting in this research field [10].
The irony is that, in terms of reliability, cloud providers have set high standards which are rarely achieved in an internal environment. However, because these outages affect large numbers of consumers it cast doubts in the minds of IT decision makers over the viability of replacing desktop functionality with the functionality offered by the cloud. Also, in this industry, the leading companies have set some high level quality services. Those levels are not easy to be reached by the other cloud service providers which do not have such a well-developed infrastructure. Unfortunately for the clients these quality services may come at higher costs and sometimes the decision makers, lured by the cheaper services, will be reluctant to collaborate with such a provider.
In case of a public-cloud computing scenario, we have multiple security issues that need to be addressed in comparison to a private cloud computing scenario. A public cloud acts as a host of a number of virtual machines, virtual machine monitors, and supporting middleware etc. The secu- rity of the cloud depends on the behaviour of these objects as well as on the interactions between them. Moreover, in a pub- lic cloud enabling a shared multi-tenant environment, as the number of users increase, security risks get more intensified and diverse. It is necessary to identify the attack surfaces which are prone to security attacks and mechanisms ensuring successful client-side and server-side protection. Because of the multifarious security issues in a public cloud, adopting a private cloud solution is more secure with an option to move to a public cloud in future, if needed.
IJSER © 2013 http://www.ijser.org
International Journal of Scientific & Engineering Research, Volume 4, Issue 9, September-2013 2536
ISSN 2229-5518
provider. In this case, the SP is the company that delivers the hypervisor software such as VMware or Xen.
(ii) PaaS Security Issues
Service-oriented Architecture (SOA) model. This leads to
inheriting all security issues that exist in the SOA domain such
as DOS attacks, Man-in-the-middle attacks, XML-related
attacks, Replay attacks, Dictionary attacks, Injection attacks
and input validation related attacks. Mutual Authentication,
authorization and WS-Security standards are important to
secure the cloud provided services. This security issue is a shared responsibility among cloud providers, service providers and consumers.
IJSER © 2013 http://www.ijser.org
International Journal of Scientific & Engineering Research, Volume 4, Issue 9, September-2013 2537
ISSN 2229-5518
The CML components include SLA management, service monitoring, billing, elasticity, IaaS, PaaS, SaaS services regis- try, and security management of the cloud. Such a layer is very critical since any vulnerability or any breach of this layer will result in an adversary having control, like an administra- tor, over the whole cloud platform. This layer offers a set of APIs and services to be used by client applications to integrate with the cloud platform. This means that the same security issues of the PaaS model apply to the CML layer as well.
(v) Cloud Access Methods Security Issues
Cloud computing is based on exposing resources over the internet. These resources can be accessed through: Web browsers (HTTP/HTTPS), in case of web applications - SaaS; SOAP, REST and RPC Protocols, in case of web services and APIs – PaaS and CML APIs.; Remote connections, VPN and FTP in case of VMs and storage services – IaaS. Security con- trols should target vulnerabilities related to these protocols to protect data transferred between the cloud platform and the consumers [2].
Some of the Security issues relating to the Mobile cloud are as follows [15], [16]:-
Cloud computing, in the recent years, has taken the ability to prove its necessity in terms of data outsourcing. But it also poses a threat to the data owner in terms of privacy and security of data. As Cloud Computing becomes prevalent, more and more sensitive information are being centralized
into the cloud, such as e-mails, personal health records, company finance data, and government documents, etc. The fact that data owners and cloud server are no longer in the same trusted domain may put the outsourced unencrypted data at risk. The cloud server may leak data information to unauthorized entities or even be hacked. Although Cloud computing can be seen as a new phenomenon which is set to revolutionise the way we use the Internet, there is much to be cautious about. There are many new technologies emerging at a rapid rate, each with technological advancements and with the potential of making human’s lives easier. However, one must be very careful to understand the security risks and challenges posed in utilizing these technologies. Cloud computing is no exception. This paper helps to identify what mobile cloud computing is and what are the challenges and the issues relating to the Mobile cloud computing.
The authors are thankful to management of Rajarajeshwari College of engineering and Dayananda Sagar Institutions Bangalore, India for providing necessary facilities to carry out the research work.
[1] Cloud Computing Security Issues by Florin OGIGAU-NEAMTIU.
[2] An Analysis of the Cloud Computing Security Problem by Mohamed
Al Morsy, John Grundy and Ingo Müller.
[3] Security Issues for Cloud Computing by Kevin Hamlen, The Universi- ty of Texas at Dallas, USA Murat Kantarcioglu, The University of Texas at Dallas, USA Latifur Khan, The University of Texas at Dallas, USA Bhavani Thuraisingham, The University of Texas at Dallas, USA.
[4] Cloud Computing Security Issues and Challenges by Kuyoro S. O., Ibikunle F. & Awodele O.
[5] Data Security and Privacy Protection Issues in Cloud Computing by
Deyan Chen and Hong Zhao.
[6] Cloud Hooks: Security and Privacy Issues in Cloud Computing by
Wayne A. Jansen, NIST.
[7] Cloud Computing Security Issues in Infrastructure as a Service by
Pankaj Arora, Rubal Chaudhry Wadhawan and Er. Satinder Pal Ahuja.
[8] Security and Privacy Issues in Cloud Computing by Jaydip Sen.
[9] A review on cloud computing security issues & challenges by F. A. Alvi1, B.S Choudary N. Jaferry , E.Pathan
[10] Survey on Security Issues in Cloud Computing and Associated Miti- gation Techniques by Rohit Bhadauria and Sugata Sanyal.
[11]Hassan Takabi and James B.D. Joshi, “Security and Privacy Challenges in Cloud Computing Environments”, IEEE computer and reliability socie- ties, Nov/Dec 2010.
[12] Tharam Dillon, Chen Wu and Elizabeth Chang,” Cloud Computing:
Issues and Challenges”, 24th IEEE International Conference on Advanced
Information Networking and Applications, 2010.
[13] Jianfeng Yang, Zhibin Chen, “Cloud Computing Research and Securi-
ty Issues”, IEEE, 2010.
[14] Bernd Grobauer, Tobias Walloschek, and Elmar Stocker, “Under-
standing Cloud Computing Vulnerabilities, IEEE computer and reliability societies, Mar/Apr 2011.
[15] Weiguang SONG, Xiaolong SU, “Review of Mobile cloud compu-
ting”, IEEE, 2011.
IJSER © 2013 http://www.ijser.org
International Journal of Scientific & Engineering Research, Volume 4, Issue 9, September-2013
ISSN 2229-5518
2538
[16] Le Guan, Xu Ke, Meina Song and Junde Song, "A Survey of Research on Mobile Ooud Computing", lOth IEEE / ACIS Intemational Conference on Computer and Information Science, 2011.
[17]Shahryar Shafique Qureshi, Toufeeq Ahmad, Khalid Rafique, Shuja
ui-islam, "mobile cloud computing as future for mobile apphcations - implementation methods and challenging issues", Proceedings of IEEE
cas,2011.
IJSER lb) 2013