20-04-2013, 04:23 PM
Secure Data Processing Framework for Mobile Cloud Computing
Secure Data Processing.pdf (Size: 334.13 KB / Downloads: 31)
Abstract
In mobile cloud computing, mobile devices can rely
on cloud computing and information storage resource to perform
computationally intensive operations such as searching, data
mining, and multimedia processing. In addition to providing
traditional computation services, mobile cloud also enhances
the operation of traditional ad hoc network by treating mobile
devices as service nodes, e.g., sensing services. The sensed information,
such as location coordinates, health related information,
should be processed and stored in a secure fashion to protect
user’s privacy in the cloud. To this end, we present a new mobile
cloud data processing framework through trust management
and private data isolation. Finally, an implementation pilot for
improving teenagers’ driving safety, which is called FocusDrive,
is presented to demonstrate the solution.
INTRODUCTION
The use of mobile devices to establish ad-hoc communication
systems is a viable solution that provides global
connectivity to support a broad range of applications. With
the development of wireless access technologies such as 3/4G,
LTE, and WiMax, mobile devices can gain access to the
network core over longer distance and higher bandwidth.
This allows for very effective communication between mobile
devices and the cloud infrastructure. A new secure mobile
cloud service architecture is necessary to address the requirements
of users in their unique operational environment. In
general, mobile users can be benefited greatly from cloud
services for computationally intensive information processing
and collection such as information search, data processing,
data mining, network status monitoring, field sensing, etc.
MOBILE CLOUD SECURE DATA PROCESSING MODEL
An ESSI is a virtual machine that is designed for an end
user having full control of the information stored in its virtual
hard drive. However, the networking functions and running
processes are customized through the mobile cloud service
provider. Note that the cloud trusted domain and cloud public
service and storage domain are physically isolated to provide
strong security protection to user’s data. They can belong to
two different cloud service providers.
Within the cloud trusted domain, strict security policies are
enforced through a distributed Firewall system (i.e., each ESSI
runs its own Firewall). Data flows in/out the trusted domain
must be scanned through the distributed Firewall system to
make sure no malicious traffic is sent/received. The mobile
cloud data processing model includes three main components:
trust management, multi-tenant secure data management, and
ESSI data processing model, which are described in details in
the following subsections.
Mobile Cloud Trust Management
The trust management model of mobile cloud includes
identity management, key management, and security policy
enforcement. An ESSI owner has the full control over the
data possessed in the ESSI, and thus a user-centric identity
management framework is a natural choice. The user-centric
identity management (also frequently referred to as identity 2.0
[2]) allows an individual has full control of his/her identities, in
which third party authenticates them. It also implies that a user
has control over the data his/her sharing over the Internet, and
can transfer and delete the data when required. In this paper,
we introduce an integrated solution involving identity-based
cryptography [3] and attribute-based data access control [4] as
the building blocks to construct the trust management system
for mobile cloud. Particularly, the presented mobile cloud
communication framework usually involves the establishment
of a virtual private communication group.
Multi-tenant Secure Data Management
As shown in Figure 1, the dashed lines represent the ad
hoc connection between entities, and the solid lines represent
dedicated secure connections. The cloud public service and
storage domain provides services for all mobile devices and
ESSIs. A mobile device can request services directly from
the public service and storage domain, or it can request
services through its ESSI. An ESSI is the security policy
enforcer for its associated mobile device(s). The user can
specify what data should be protected and stored in its ESSI.
Users’ private information is maintained in their corresponding
Secure Storage (SS).