Security in CloneCloud for Mobile Cloud Computing - IEEE Xplore

Download PDF
7 downloads 69480 Views 299KB Size Report
Comment
users in terms of security, resources and computing power leads to necessity of ... applications from mobile device to the clone over cloud. This will speed up the ...
2015 Fifth International Conference on Communication Systems and Network Technologies

Security in CloneCloud for Mobile Cloud Computing

Payal Patel

Rajan Patel

Dept. of Computer Engineering Sankalchand Patel College of Engineering Visnagar-384315, India PG Student, [email protected]

Dept. of Computer Engineering Sankalchand Patel College of Engineering Visnagar-384315, India [email protected]

Abstract—Mobile Cloud Computing is an emerging technology in IT world. With the increasing demand of mobile users in terms of security, resources and computing power leads to necessity of accessing cloud resources in mobile device. Though there are some limitations in smartphones such as limited computing power and energy resources as compared to desktops. CloneCloud can be used as a solution to migrate the applications from mobile device to the clone over cloud. This will speed up the execution and reduce energy consumption in smartphones. There is a need to secure the communication that taken place in this scenario. For this purpose, proposed solution with elliptic curve cryptography and blowfish will ensure confidentiality and authentication between mobile device and clone server. Elliptic curve cryptography and blowfish have better performance in resource constrained devices. We have integrated modifications for blowfish to enhance the security.

II.

A. Mobile Cloud Computing In recent time, Mobile phones like android serials, window phones etc. have advanced facilities which make it possible to perform task that possible only in desktops previously. Mobile devices will have access to any resources available on cloud through internet [6][7]. It eliminates never ending need of increasing battery lifetime and processing power of mobile devices and also maximizes resource sharing of existing cloud resources by providing efficient mobile connectivity to mobile users [8]. There are many advantages of MCC [9]: Extended Battery life, improvement in Data storage and Processing power, improvement in Reliability, Scalability capacity and so on. Still there are some problems faced in MCC like resource poverty of mobile devices, limited network bandwidth and high latency, less network availability and security issues [10].

Keywords-CloneCloud; ECC; Blowfish; Clone Server

I.

THEORY BACKGROUND

INTRODUCTION

B. CloneCloud The issue of resource poverty in MCC can be overcome by executing computational intensive applications of mobile device on the cloud [5]. B.G.Chun [11] has introduced a flexible architecture for automatic partitioning the mobile application and offloads the parts from mobile devices to the cloud. Partitioning mechanism of CloneCloud is a combination of static analyzer and dynamic profiler, which aims to decide which parts of the application will execute on the mobile device and which will migrate to the cloud. At selected points, threads are automatically migrate from mobile device to the clone and other threads are keep executing on the device as shown in Fig. 1. Remote threads complete their execution in cloud and reintegrate back to the device with computed results.

Cloud computing is hottest research topic in scientific and industrial communities. It is a kind of technology in which large-scale servers or personal computers are interconnected in such a way that the data storage and processing capability in huge amount can be shared among the users [1]. Cloud computing is capable for supercomputing because of vast number of servers and Personal Computers [2]. Users do not have to worry about reliability of their data which store in cloud [3]. Nowadays the software and hardware of mobile devices are improved than traditional mobile devices. The demand for mobile applications is increasing, which require more resources to be provided to make user experience better [4]. Development and extension of cloud computing and mobile computing becomes the new technology, called Mobile Cloud Computing (MCC) [5]. The rest of the paper is organized as follows: Section II describes the background of mobile cloud computing, CloneCloud, Elliptic Curve Cryptography (ECC) and Blowfish algorithm. Section III is the discussion of work done in CloneCloud and data security. Section IV presents proposed solutions for the security problem. Finally, concluded remarks are given in section V.

4 1

Figure 1. CloneCloud system model

During the transmission of user’s data in CloneCloud architecture, there is a possibility that any adversary can

978-1-4799-1797-6/15 $31.00 © 2015 IEEE DOI 10.1109/CSNT.2015.288

752

infect the execution of applications onto clone and execute malware applications that can affect user’s mobile device. There is a need to secure the execution of applications by authenticating the clone before transmitting the applications and user’s private data must be kept secure from any unauthorized access. In our proposed system, we have used the cryptographic algorithms to provide the security to mobile device and the clone. Asymmetric algorithm used to authenticate the clone and for secret key exchange. Symmetric algorithm used to encrypt the file to be transmitted.

They find intermediate way between public and private cloud for sharing data. In this, cloud user can generate different keys for different user. For this, they used AES and RSA algorithms for secure communication. So that other users can access files with their keys and access permission will be decided by owner of that data. In 2013, M Bafandehkar et al. [20] implement ECC and RSA algorithms for resource constrained devices to compare the performance of both algorithms in small hand held devices. They compare the ECC with key size of 160 bit and RSA with key size 1024 bit. The conclusion is that the ECC has better performance over RSA algorithm. ECC with 160 bit provide the same security level as that of RSA with 1024 bit key size and ECC is faster algorithm compared to RSA. In 2012, A.Dubey et al. [21] proposed a trusted cloud environment which can control both client and cloud environment. Their approach is divided into two parts: one part is for client and another is for admin. For secure two way protocol, they have used RSA and MD5 algorithm. When client wants to upload data on the cloud, he will encrypt the data with RSA. When admin wants to update the data in cloud, he request to client for secure key. Then Client send secure key with a message digest tag by MD5 algorithm. In 2012, Gawali M.B. et al. [22] provide security in Multi tenant SaaS architecture. In this, multiple users can concurrently perform their computations on the same host. So there is a strong need of high security because any malicious user can attack on other user’s data residing on the same host. For security purpose, they have used RSA algorithm for digital signature and MD 5 algorithm for message digest. In 2010, Uma Somani et al. [23] proposed the concept of digital signature with RSA algorithm to encrypt the transmitted data between device and cloud. RSA is secure asymmetric algorithm and can be used for both digital signature and encryption. In 2011, O. P. Verma [24] et al. authors have evaluated the performance of four symmetric algorithms: AES, DES, 3DES and Blowfish. They have concluded that the blowfish algorithm provides better performance compared to other symmetric algorithms: DES, 3DES and AES. Energy consumption and execution time of blowfish algorithm is efficient compared to these algorithms. AES algorithm consumes more resources with increasing block size. 3DES requires more time than DES, because of its triple phase encryption. In 2010, Tingyuan Nie et al. [25] evaluated the performance of DES and Blowfish algorithms by considering the speed and power consumption. Result shows that Blowfish is faster executing algorithm than DES algorithm and power consumption of both algorithms are almost same. In 2013, B.Geethavani et al. [26] have modified the Blowfish algorithm to encrypt the transmitting information. They have modified the F function of algorithm by parallelize its operations. 32 XOR and 16 addition operations would be performed in modified F function. Due to parallelization, time of execution will reduce. In 2012, Jiali Bian et al. [27] proposed a strategy to provide hierarchical encryption mechanism and store the encryption keys more securely for Blowfish algorithm. They have modified Blowfish algorithm to make it more secure. They have used transformation matrix to XOR with plaintext so even if attacker will know encryption key, there still remain very high computational complexity because of randomization. User Password is used to create key array, so

C. Elliptic Curve Cryptography & Blowfish Algorithm ECC is a public key encryption based on algebraic structure of elliptic curves over Finite fields [13]. ECC has been used for establishing secure communication channel for digital signatures and key exchange. It provides same level of security with smaller key size compared to other public key encryptions. Blowfish is 64-bit symmetric block cipher of feistel network that iterating encryption function 16 times [14]. The algorithm includes two parts: data encryption part and key expansion part. In data encryption, 16-round feistel network is used to encrypt the data. Key expansion part expands the encryption key into 18 32-bit subkeys and P-array stores these subkeys. The round function F includes four substitution boxes, each containing 256 of 32-bit entries and output of s box performs modulo addition and XOR operations. III.

RELATED WORK

In 2014, Seyed Yahya Zaezpour et al. [15] proposed a SWAP scheme to provide security among co-resident Virtual Machines (VMs). They address two problems: how to allocate phone clones to physical host to minimize risk of information leakage and how to migrate phone clone when risk is become higher than a given threshold. They have concluded that proposed algorithm effectively work for clone allocation and migration. In 2013, Yash R. Dave et al. [16] have used augmented execution concept for mobile applications to increase the processing power and reduce the battery consumption. They have improved the security of mobile device and clone by means of mutual authentication. They have used RSA algorithm with key length of 1024-bit to accomplish authentication and data integrity. They have used Dalvik Virtual Machine as a clone of mobile device. In 2012, Macro V. Barbera et al. [17] design the ClousShield: a suite of protocols which running on peer-to-peer network of clones. This helps to stop worm spreading between smartphones. In this system, each smartphone is connected to clone and friend clones are connected to each other for content sharing. P2P network of clones are used to find the best strategy to patch the smartphones so that worm can be stopped quickly. In 2013, Prashant Rewagad et al. [18] proposed the architecture as a combination of authentication technique and key exchange algorithm with encryption technique. This referred as three way mechanism. Keys are generated with the Diffie-Hellman key exchange algorithm. Client and server are authenticated by digital signature. Finally user transfer data to cloud by encrypt it with AES algorithm. In 2013, Kajal Chachapar et al. [19] proposed a framework for sharing different data to different cloud users conditionally.

753

applied and when value is 0, the F function will applied to that round. This will speed up the execution of algorithm and enhance the security because every time new random number is generated and number of times the round function is executed will be varying. Table I gives brief view of literatures which have been surveyed.

that attacker will not have access to password which make system more secure. In 2012, Monika Agarwal et al. [28] used a random number to vary the execution of number of rounds in Blowfish algorithm. Random number is converted to 16 bit binary format and the positions in which value is 1, at that round number F function will not be

TABLE I. LITERATURE SURVEY Algorithm

Tools/ Testbed

Remark

Energy optimal application execution in the mobile cloud platform [15]

Problem /issue (Identified)

-

Mobile device and associated clone

Improve the security of mobile device and clone [16]

-

DVM

Energy consumption in the cloud side have to considered RSA with key length 1024 will slower the execution speed

Study the feasibility of mobile computation offloading and mobile data backups in real life [17]

-

16 real devices and Synchronizing the clones for backup requires less equal no. of clones in traffic than clones for data offloading cloud

Privacy, data security, confidentiality and authentication [18]

Diffie Hellman key exchange and AES

-

Due to 3 way mechanism hacker will not be able to decrypt the text

In public cloud there is no secure sharing of data among users [19]

RSA and AES

-

Gives the possibility to vary the permissions for data access for different users

Public key algorithm for resource constrained device [20]

ECC and RSA

-

ECC with 160 bit key size provide same security as RSA with 1024 bit

Create the trusted cloud environment which secured by both client and CSP [21]

RSA and MD5

-

It provides efficient security mechanisms both for client and CSP

In cloud, there are possibility that co-resident user can have access other’s data [22]

RSA and MD5

-

It will secure the computation of user from malicious user running on same host.

RSA

-

AES,DES,3DES and Blowfish

-

Evaluate performance of DES and Blowfish algorithm [25]

DES and Blowfish

-

Blowfish is faster algorithm then DES. Power consumption of both is almost same

Reduce the execution time of Blowfish algorithm [26]

Blowfish

-

It could be apply only to multi -core processors

Personal information leakage stored on smartphone [27]

Blowfish

-

Hierarchical encryption scheme provides higher encryption speed and secure key management scheme but Data of only static files on smartphone can be encrypt

Enhance the security level of blowfish algorithm and reduce the time of execution [28]

Blowfish

-

For every plaintext new random number will generate so that attacker will not have any clue to crack the algorithm

Data security in the cloud [23] Evaluate performance of symmetric algorithms[24]

IV.

RSA is very secure and most recognizable asymmetric algorithm Blowfish has better performance with respect to energy consumption and processing speed compared to other symmetric algorithms.

PROPOSED WORK

In proposed method, we have integrated ECC algorithm for key exchange and blowfish algorithm for data encryption. Initially, the encryption key of blowfish is exchanged with ECC. To prevent the stored blowfish expanded 18 subkeys, use the XOR operation between random number and plain text [27]. In order to minimize the number of rounds of blowfish, we use the random number [28]. Least significant 16-bit of this random number will be used to vary the number of rounds in the encryption and decryption. Hence the proposed solution is divided into two phases: fist minimization of number of blowfish rounds and prevention of blowfish key. The work is divided into two phases. Phase I: 64-bit random number is generated and least significant 16-bit of this random number will be taken in an array say f and checked that whether it contains minimum five 1s or not. 754

Based on these results, the algorithm will decide that how many numbers of rounds to be perform instead of 16 rounds of normal blowfish. The procedure of minimization of number of blowfish rounds based on random number is shown in Fig. 2. Phase II: According to position of 1’s in 16 bit number, the F function will be applied only to those corresponding rounds.F function will not be applied to rounds when there is 0s in 16bit number. The flowchart for modified blowfish algorithm is shown in Fig. 3. In this context, number of times the F function executed in encryption/decryption process will be varying.

Figure 2. Random number generation

Algorithm Proposed blowfish encryption algorithm Input to algorithm is 64 bit Plaintext say x: x = x XOR r Divide x into two 32-bit halves namely, xL and xR for i =1 to 16: if f[i] = 0 then xL = xL XOR Pi xR = xR else xL = xL XOR Pi xR = F (xL) XOR xR Swap xL and xR Swap xL and xR xR = xR XOR P17 xL = xL XOR P18 Recombine xL and xR

Figure 3. Proposed blowfish encryption algorithm

We have evaluated the execution time for modified blowfish. Fig. 4 shows the execution time of modified blowfish encryption when executed it with different input. Due to randomization, every time the number of rounds will y be vary.

Kelsey has succeed to crack algorithm with 3 rounds but unable to attack whole 16 round algorithm [29]. Rijmen has developed Second order differential attack that could attack only 4 round blowfish algorithm [30]. That is why in our proposed solution, we have constrained that the minimum four rounds must be execute in blowfish encryption and decryption process.

Fifure 4. Modified blowfish execution time(in milliseconds)

755

V.

[16] Y. R. Dave and V. Patel, “An Approach to Improve Security on Clone of Mobile Device during Augmented Execution,” In Nirma University International Conf. on Engineering, 2013, pp. 1-4, doi:10.1109/NUiCONE.2013.6780072. [17] M. V. Barbera, S. Kosta, Ju. Stefa, P. Hui, and A. Mei, "CloudShield: Efficient anti-malware smartphone patching with a P2P network on the cloud," In 2012 IEEE 12th Int. Conf. on Peer-to-Peer Computing (P2P) 2012, pp. 50-56, doi:10.1109/P2P.2012.6335810. [18] P. Rewagad, and Y. Pawar, "Use of Digital Signature with Diffie Hellman Key Exchange and AES Encryption Algorithm to Enhance Data Security in Cloud Computing," In Int. Conf. on Communication Systems and Network Technologies (CSNT), 2013, pp. 437-439, doi:10.1109/CSNT.2013.97. [19] K. Chachapara, and S. Bhadlawala, "Secure sharing with cryptography in cloud computing," In 2013 Nirma University International Conference on Engineering, 2013, pp. 1-3, doi:10.1109/NUiCONE.2013.6780085. [20] M. Bafandehkar, S. Yasin, R. Mahmod, and Z. Mohd Hanapi, "Comparison of ECC and RSA Algorithm in Resource Constrained Devices," In 2013 Int. Conf. on IT Convergence and Security, 2013, pp. 1-3, doi:10.1109/ICITCS.2013.6717816. [21] A. Dubey,, M. Namdev, and S.Shrivastava, "Cloud-user security based on RSA and MD5 algorithm for resource attestation and sharing in java environment," In 2012 CSI Sixth Int. Conf. on Software Engineering, 2012, pp. 1-8, doi:10.1109/CONSEG.2012.6349503. [22] M. B. Gawali, and R. B. Wagh. "Enhancement for data security in cloud computing environment," In 2012 Nirma University Int. Conf. on Engineering, 2012, pp. 1-6, doi:10.1109/NUICONE.2012.6493180 [23] U. Somani, K. Lakhani, and M. Mundra, "Implementing digital signature with RSA encryption algorithm to enhance the Data Security of cloud in Cloud Computing," In 2010 1st Int. Conf. on Parallel Distributed and Grid Computing, 2010, pp. 211-216, doi:10.1109/PDGC.2010.5679895. [24] O. P. Verma, R. Agarwal, D. Dafouti, and S. Tyagi, "Peformance analysis of data encryption algorithms," In 2011 3rd Int. Conf. on Electronics Computer Technology, 2011, vol. 5, pp. 399-403, doi:10.1109/ICECTECH.2011.5942029. [25] Tingyuan Nie, C. Song, and X. Zhi, "Performance Evaluation of DES and Blowfish Algorithms," In 2010 ICBECS , 2010, pp. 1-4, doi: 10.1109/ICBECS.2010.5462398. [26] B. Geethavani, E. V. Prasad, and R. Roopa, "A new approach for secure data transfer in audio signals using DWT," In 2013 15th Int. Conf. on Advanced Computing Technologies (ICACT) , 2013, pp. 1-6, doi:10.1109/ICACT.2013.6710492. [27] J. Bian, B. Lu, and J. Kuang, "A new hierarchical file encryption system based on smartphone," In 2012 2nd Int. Conf. on Computer Science and Network Technology (ICCSNT) , 2012, pp. 943-946, doi:10.1109/ICCSNT.2012.6526082. [28] M. Agrawal, and P. Mishra, "A Modified Approach for Symmetric Key Cryptography Based on Blowfish Algorithm," Int.Journal of Engineering and Advanced Technology (IJEAT), 2012, pp. 79-83. [29] B. Schneier: The blowfish encryption algorithm - one year later. Dr. Dobb 's Journal. (1995) [30] Blowfish (cipher): http://en.wikipedia.org/wiki/Blowfish_(cipher)

CONCLUSION

Mobile cloud computing brings innovation in the mobile world. Augmented execution of mobile applications through cloning is very good concept to improve computational power and battery life of mobile devices. The clone must be authenticated to deploy mobile devices’ data. There must be some mechanisms to protect communication between mobile and clone. Use of cryptographic algorithms at mobile and clone side will protect the system from malicious users. ECC and blowfish algorithm have better performance in resource constrained devices. Our proposed solution will have higher security and better performance in CloneCloud architecture. The proposed solution will be implemented in android emulator as a smartphone and VMWare server for cloning. REFERENCES [1] [2]

[3] [4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12] [13] [14]

[15]

Cloud Computing: http://en.wikipedia.org/wiki/Cloud_computing R. Cohen. (2010)The cloud computing opportunity by the numbers. [Online]. Available: http://www.elasticvapor.com/2010/05/cloudcomputing-opportunity-by-numbers.html G. Boss, P. Malladi, D. Quan, L. Legregni, and H. Hall, “Cloud computing,” IBM white paper, Version, vol. 1, 2007. S. Qureshi, T. Ahmad, K. Rafique and Shujan-ul-islam, "Mobile cloud computing as future for mobile applications-Implementation methods and challenging issues," In 2011 IEEE Int. Conf. on Cloud Computing and Intelligence Systems (CCIS), 2011, pp. 467-471, doi:10.1109/CCIS.2011.6045111 H. Qi, and A. Gani, "Research on mobile cloud computing: Review, trend and perspectives," In 2012 Second Int. Conf. on Digital Information and Communication Technology and it's Applications (DICTAP) , 2012, pp. 195-202, doi:10.1109/DICTAP.2012.6215350. Z. Sanaei, S. Abolfazli, A. Gani, and M. Shiraz, "SAMI: Service-based arbitrated multi-tier infrastructure for mobile cloud computing," In 2012 1st IEEE Int. Conf. on Communications in China Workshops (ICCC), 2012, pp. 14-19, doi:10.1109/ICCCW.2012.6316466. J. Park, H. Yu, K. Lee, "Markov Chain Based Monitoring Service for Fault Tolerance in Mobile Cloud Computing," In 2011 IEEE Workshops of Int. Conf. on Advanced Information Networking and Applications (WAINA) , March 2011, pp. 520-525, doi:10.1109/WAINA.2011.10. M. Rahman, J. Gao, and W.Tsai, "Energy saving in mobile cloud computing," In IEEE Int. Conf. on Cloud Engineering (IC2E), 2013, pp. 285-291, doi:10.1109/IC2E.2013.37. A. Mojtaba, and W. Hassan, "Challenges and opportunities of mobile cloud computing," In 2013 9th IWCMC, 2013, pp. 660-666, doi:10.1109/IWCMC.2013.6583636. L.Zhong, B. Wang, and H. Wei, "Cloud computing applied in the mobile internet," In 7th Int. Conf. on Computer Science & Education (ICCSE) , 2012, pp. 218-221, doi:10.1109/ICCSE.2012.6295061. B.-G. Chun, S. Ihm, P. Maniatis, M. Naik, and A. Patti. “Clonecloud: elastic execution between mobile device and cloud,” In Proceedings of the sixth conference on Computer systems, 2011, pp. 301–314. B.G. Chun, and P. Maniatis, "Augmented Smartphone Applications Through Clone Cloud Execution," In HotOS, 2009, vol. 9, pp. 8-11. Elliptic Curve Cryptography: http://en.wikipedia.org/wiki/Elliptic_curve_cryptography B. Schneier, “Description o f a New Variable-Length Key, 64-Bit Block Cipher (Blowfish)”, Fast Software Encryption, Cambridge Security Workshop Proceedings (December 1993), pp. 191-204. S. Y. Vaezpour, R. Zhang, Kui Wu, J. Wang, and G. C. Shoja, "SWAP: Security aware provisioning and migration of phone clones over mobile clouds," In Networking Conference, 2014 IFIP, pp. 1-9 , doi:10.1109/IFIPNetworking.2014.6857123.

756