Enhancing Security in Mobile Cloud Computing Jitendra Singh1, Kishori Sharan Mathur2 and Vikas Kumar3
Dept. of Computer Science, JJT University, Jhunjhunu–333001, Rajasthan, India 2 Dept. of Electronics & Communication, JJT University, Jhunjhunu–333001, Rajasthan, India 3 Asia-Pacific Institute of Management,3&4 Institutional Area, Jasola, Delhi–110025, India E-mail:
[email protected],
[email protected], 3
[email protected] 1
Abstract—Mobile cloud computing (MCC) is emerging as branch of cloud computing in which resources are accessed using mobile phones (Smart Phones), PDA’s and other wireless enabled devices. Primarily two models of MCC are in use, one in which mobile devices itself acting as node for the cloud and another having the analogy with client server technology. MCC which uses client server model, mobile devices act as client, while cloud is acting as a server. Present work has considered this second type of MCC. In wide area network of MCC, the response time is one of the big constraints because of the distance involved from cloud and these smart devices having limited processing and storage capabilities. To improve the response time in wireless network solution with the name cloudlet exists, in which related content is available in the cloudlet and these cloudlets are near to accessing devices, hence latency is reduced to a great extent but security of WLAN and the mobile devices particularly, smart phone is of great concern. Present work suggests improvement in the security of mobile cloud computing using two phase model. In first phase security vulnerability of WLAN is assessed and monitored considering the advancement of technology and attacks, ways to plug these securities loopholes are suggested. In second phase vulnerabilities in mobile devices used to access cloud resources is assessed and methods to improve security for mobile devices are suggested. As two phases model is evaluating the security both in WLAN and mobile devices, hence, will be very useful to improve the overall security in MCC. Keywords: Mobile Cloud Computing, Wireless Network, Cloudlet, Smart Device Security.
1. Introduction Computing is being transformed to a model as services, and delivered similar to utilities [1, 2] like water, electricity, gas and telephone. Services [3,4] for the resource requested will be provided on demand and transparent to the users. User has to pay for what has been used and data will be stored at remote location under the control of cloud provider. This computing model is known as cloud computing. To provide the ease and mobility to the user branch of cloud computing is emerged and known as mobile cloud computing. Mobile computing means using portable devices to run stand alone applications accessing remote services via wireless network. Mobile devices are coming with features which enable them to access resources from cloud. These devices are suitable to be accessed because of their ease and portability. In mobile cloud computing, mobile devices can be used for two purposes. In first type mobile devices act as a client to access
Enhancing Security in Mobile Cloud Computing
461
resources from the cloud because these mobile devices are having limited processing and storage, hence using cloud for storage and processing. This type of architecture is similar to client server architecture. In the second type mobile devices itself are acting as node for the cloud and resources are pooled from all participating mobile devices to overcome limited storage and processing power. Mobile cloud computing, using WAN have latency as one of the constrained. This constraint is overcome to a great extent by solution known as cloudlet, [4] provides data from the cloudlet when requested by the user rather from the cloud to reduce the latency. Considering the security of personal information, Huang et al. [5] suggested a new processing framework for mobile cloud computing through trust management and data isolation.
2. Security
for
WLAN
and
Mobile Device
Two phase security model perceive WLAN and mobile devices separately. In first phase monitoring of security improvement of WLAN is performed, while in second phase monitoring and security improvement of mobile devices, smart phone in particular has been considered. 2.1 Phase One Method In phase one following measures are required for WLAN. 2.1.1 Security Monitoring Security monitoring can be characterized as monitoring and assessment for security. Assessment means evaluation of security [6] in WLAN periodically i.e. weekly, monthly, quarterly etc. while monitoring is evaluating the security in real time so that corrective action can be taken immediately. Issues which are required to be monitored are as follows: 1. Unauthorized WLAN Device: unauthorized access of WLAN devices including access point (AP). 2. Unusual WLAN Usage Pattern: Excessive use of particular AP in comparison to other AP and high volume of WLAN traffic to a particular client. 3. DoS Attacks: Monitoring for the denial of services attack which may be event based and counting for threshold values. 4. Impersonation: Monitoring for the man in middle attacks. 2.1.2 Security Improvement • Standard Configuration for Common WLAN Components: configuration of WLAN common components with security specified for these devices as it makes external accessibility more difficult. Configuring devices to standard configuration takes less time and effort if security evaluation is automated. • Dual Connections Prohibition: Dual connections means device are connected both to wired network as well as wireless network such
462
Proceedings of M4D2012
as Bluetooth, radio communication and infrared etc. as attack on one risks other network, hence dual connection should be prohibited. • Vulnerability Monitoring: WLAN must be monitored and assessed for vulnerabilities within specific interval of time may be quarterly, half yearly or yearly depending upon sensitivity of the data used. • Configuring Mobile Device and AP with Organizational Policy: Mobile devices and access point should be configured to the organizational policy to improve the security further aligned with organization. 2.2 Phase Two Method Securing the mobile devices is a paramount, which is very challenging because of diversity of mobile devices. The best solution will be covering the diversity of the mobile devices and should in need with the some of the popular mobile phones like [7] Apple iOS, Windows phone 7, RIM Blackberry, WebOS, Nokia symbian and Android. 2.2.1 Security Monitoring • Unauthorized access: required to be monitored for any bypassed and unauthorized access. • Malware: Presence and ingress of malware as they opens the backdoor or may inflate your bills. • Spam: received spam mail or link available in the spam. • Electronic tracking: Monitoring to check whether mobile is tracked for its location • Server resident data: monitoring for data stored at server and its level of sensitivity. 2.2.2 Security Improvement While mobile devices provide productivity benefits, but lack a number of security[9] features commonly found in desktop computers. Hence, following measures will be improve the security significantly: • Physical Care and User Authentication: Mobile devices should be treated like credit cards and should not be left unattended, will help to prevent any activity by attacker. Using devices must be password and PIN based to give layer of security. • Reduce Data Exposure: Avoid keeping sensitive information such as personal information and financial information on mobile because authentication mechanism depicted earlier may be bypasses, accumulated information is subjected to high risk. • Curb wireless Interface: wireless interface with Wi-Fi and infrared should be curbed if not needed as they are the major source of malware. • Minimize Functionality: smart phones are supplied with number of functions and majority of them may not be needed. Extra features pose security threat, hence should be disabled if not needed.
Enhancing Security in Mobile Cloud Computing
463
• Organizational Security Policy: Organization should have security policy for mobile devices and determine whether computational devices will be held by individual or will be issued by the organization, as organizational issued devices can be easily managed centrally because of their known make and similarity with other devices.
3. Conclusion Mobile cloud computing enables the users to access the data from outside their corporate network and is highly suitable for users who remain mobile and require immediate response to tackle the business need. Mobile devices are also accessible to others hence security is needed for the mobile devices as well as wireless network from where the user is accessing the information. Variety of threats both simple as well as complex are emerging daily for the wireless network and the smart phones especially, SDK enabled. Considering the complexity of attack at one hand and the security of the data on the other it is essential that both network and mobile devices should be dealt separately for threats in real time so that remedial action can be taken instantly rather than after days, weeks, or months. Suggested methods will be very useful to improve the overall security in wireless network and mobile devices.
References [1] Rajkumar Buyya, Chee Shin Yeo, Srikumar Venugopal, et.al. “Cloud Computing and Emerging IT Platforms:Vision, Hype, and Reality for Delivering Computing as the 5th Utility”,10th IEEE International Conference on High Performance Computing and Communications (HPCC) 2008 [2] Michael Armbrust,Armando Fox,Rean Griffith,et.al. “Above the Clouds: A Berkeley View of Cloud Computing”, Electrical Engineering and Computer Sciences University of California at Berkeley, Technical Report No. UCB/EECS-2009-28,February 10, 2009 [3] B. Hayes, “Cloud computing”, Communication of the ACM, vol. 51, no. 7, pp. 9-11 [4] M. Satyanarayanan, P. Bahl, R. Cáceres, et. al. “The case for VM-based cloudlets in mobile computing,” IEEE Pervasive Computing, vol. 8, no. 4, pp.14-23, Oct. 2009 [5] Dijiang Huang, Zhibin Zhou, Le Xu, Tianyi Xing, Yunji Zhong, “Secure Data Processing Framework for Mobile Cloud Computing”, in proc. of IEEE INFOCOM 2011 Workshop on cloud computing, pp. 620-624 [6] Murugiah Souppaya, Karen Scarfone, “ Guidelines for Securing Wireless Local Area Networks (WLANs) (Draft)”, Rec. of NIST sept 2011, Special Publication 800-153 [7] Ricky M. Magalhaes, “The future computer mobile security”, 2011,available at �http:// www.windowsecurity.com/articles/The-future-computer-mobile-security.html [8] Wayne Jansen,Karen Scarfone, “ Guidelines on Cell Phone and PDA Security”, NIST Special publication 800-124, October 2008
