29-08-2016, 09:36 AM
1451216748-SecurityinMobileCloudComputingAReviewPrashantandNaela.doc (Size: 176 KB / Downloads: 5)
Abstract. With the implementation of cloud platforms in mobile system, the storage of bulk data by client has become easier. IT Industries are also exploiting the benefits of cloud computing by producing more and more smart phones that takes full benefit of the features of clouds. As the use of smart phones by users is increasing rapidly, the issue of security related to use of cloud computing technique in mobile computing environment has emerged as one of the biggest challenges in this regard. Security with respect to mobile cloud computing can be addressed at three levels viz. mobile terminal, mobile network security, and cloud storage. Although many attempts have been made in developing a model which ensures privacy and security of data in mobile cloud system, no model is free from malicious attacks. In this review paper, we have focused on few models which are aimed at giving security and privacy of data in mobile cloud.
1 Introduction
Cloud computing and mobiles are two significant technological trends observed in last few years. When cloud computing, mobile computing and wireless networks are combined together such that rich computational resources can be given to mobile users, it gives rise to Mobile Cloud Computing. Network operators as well as cloud service providers also enjoy the availability of rich computational resources as such. Because of mobile cloud computing, all the computational power and storage capacity which were previously with held with mobile devices are transferred to more powerful and centralized platforms located in cloud. It provides various IT resources and information services over the mobile network by the means of on-demand self service. Mobile users are presented with new type of services and facilities by taking the full advantage of cloud computing. Resources in mobile cloud computing are located in various virtualized distributed computers and not on a single local computer. Different companies offer different mobile cloud products such as android operating system offered by Google for the benefits of consumers and enterprises. Geographic search and Google maps are new services launched by Google with the use of mobile terminals in cloud computing. Microsoft introduced a program called LiveMess which is a platform including software and services and through which users can access and share their data and applications. Apple introduced iCloud for storage and backup of data for apple users. Mobile cloud computing can break through the hardware limits of limited calculation ability and limited storage capacity and allows convenient access to data.
In section 2 we discuss the architecture of mobile cloud computing with services required at client’s and servers’ level. Security issues in mobile cloud computing at all the three levels is discussed in section 3 while section 4 gives a brief review of some of the literature related to security in mobile cloud. Section 5 gives the advantages, disadvantages and future work of the discussed models
2.1 Services Required by Mobile Client
Some of the services required by mobile cloud clients are discussed below:
• Sync: It keeps track of and synchronizes the state changes if any to the mobile or its application.
• Push: Any state update from the cloud server is managed by push.
• OfflineApp: It manages and creates the coordination between services such as Sync and Push.
• Network: It establishes proper communication easily and handles the communication channel which is used for receiving Push notification from the server.
• Database: Local data storage for the mobile application is managed by databases.
2.2 Services Required by Mobile Server
Some of the services needed by mobile cloud servers are discussed
• Sync: It synchronizes device side app state changes with the original location of data. It also needs to mobilize the backend data.
• Push: It monitors data channels from backend for updates and once updates are detected devices gets notification regarding this.
• Secure Socket-Based Data Services: On the basis of security requirements, this service must provide plain socket server or a SSL-based socket server or both.
• Security: Authentication and authorization services are provided by this service in order to allow mobile devices connected to cloud server to access the system.
3 Security Issues in Mobile Cloud Computing
Below we address the security in mobile cloud computing at three levels:
3.1 Mobile Terminal
It is an open operating system which allows wireless access of internet anytime anywhere. It also supports third-party software and personalization. So security issues in mobile terminals are very important and as such below we discuss them with respect to malware, software vulnerabilities and other point of view.
Malware. Malware gets access to personal information of users as they automatically downloaded and carried which remains unknown to the users. So many anti malware software have been developed but due to limited resources and capacity of mobile terminals significant computational resources are difficult to achieve. So, solutions for malware detection and prevention in mobile terminals are needed.
Software Vulnerabilities. In case of application software, user name and password are transferred to network by using FTP and these are stored in clear text format. This allows illegal access of mobile phones from computers on the same network and so personal information not remains secured.
Where as in operating system, there exist coding bugs and in some conditions these leads to the destruction of mobile phones by attackers.
3.2 Mobile Network Security
The mobile devices can access the network in many ways such as by using phone services, sending Short Messaging Service (SMS) and other internet services. Also through Wi-Fi and Bluetooth network can be accessed by smart phones. So, these accesses modes lead to security threats and malicious attacks.
3.3 Mobile Cloud
The security in mobile cloud is addressed with respect to two issues viz. platform reliability and data and privacy protection. These two are discussed below:
Platform Reliability: Because cloud provides high storage of valuable information resources, so there is always the threat of being attacked. These attacks may be from outside malware, cloud users or insiders. The target of the attackers is to destroy the cloud services. For example DOS (Denial of Service) close the services of the cloud by destroying the platform available.
Data and Privacy Protection: The ownership and management of users’ data resides at separate locations and also the users do not know the exact location of the infrastructure where their data are stored. So, data protection and privacy is of great concern in mobile cloud computing environment.