Security as a Service for Mobile Cloud Computing (MCC ... · Security as a Service for Mobile Cloud Computing (MCC) Based On Multi-Cloud Service Providers Thulasi.Bikku1, A.S.Gousia

Security as a Service for Mobile CloudComputing (MCC) Based OnMulti-Cloud Service Providers

Thulasi.Bikku1, A.S.Gousia Banu2

1Computer Science and Engineering,Vignans Nirula Institute of Technology

and Science for Women, Palakaluru,Guntur, India-522005.

[email protected] Research Scholar,

Malla Reddy Engineering College,Hyderabad, India.

[email protected]

April 29, 2018

Abstract

Mobile Cloud Computing (MCC) consists of three com-ponents which consist of mobile devices or remote devices,cloud computing and mobile internet. Through the mediumof mobile cloud computing the applications are delivered tothe end user induced by the cloud infrastructure. Some ofthe issues that avert users from mobile cloud computing aresecurity, privacy and reliability. In order to overcome thissecurity and privacy problem, the data will be stored in anencrypted format. If we are using the cloud service providerfor storage and authentication purpose then the high leveladministrators may attain the user id and password whichleads to unauthorized usage. This model projected the se-cure cloud computing framework which creates the partition

1

International Journal of Pure and Applied MathematicsVolume 118 No. 24 2018ISSN: 1314-3395 (on-line version)url: http://www.acadpubl.eu/hub/Special Issue http://www.acadpubl.eu/hub/

of service provider. The cloud is used for data storage andthe cloud service provider is responsible for authentication,encryption/ decryption and auditing services. At long lastthe secure model was proposed based on the multi cloud ser-vice providers for providing common services to the clients.

Key Words:Mobile cloud computing, service provider,encryption, decryption.

1 INTRODUCTION

Present day cloud based data intensive applications tend to utilizeand coordinate services and assets from various clouds to permitinformation gathering, exchange and services conveyance to dis-tributed or worldwide users. Current improvement of the cloudrequires the advancement of composition of different clouds knownas multi-cloud and Inter-cloud models, designs, administration andintermixing of tools that could permit coordinating heterogeneouscloud based on the basic physical and organizational structures andfacilities provided to an organization services into existing enter-prise and campus infrastructures [1]. Mobile phones or devices areprogressively turning into an essential piece of human life as thebest and convenient communication. The Mobile phones or de-vices have significant thing to be followed for particular course tocomplete upon them on account of the significance and ubiquityof smaller sizes, bring down weights, longer battery life and otherquality [2].

The essential motivation behind Mobile Cloud Computing (MCC)is to encourage usage of rich portable applications on an overabun-dance of Mobile phones or devices, with a rich user nature as shownin Figure 1. MCC can be characterized as a rich computing in-novation that use joined versatile assets of differing clouds andsystem technologies toward boundless functionality, storage andportability to give an extent of Mobile phones or devices, when-ever through the Ethernet or internet regardless of different envi-ronments and platforms in light of the compensation as-you-utilizeguideline [3].The key focus is to offer the divide service providersfor storage and another for authentication, encryption/decryptionand auditing services. If the same service provider performs theencryption/decryption and storage which uses the encryption keys

2

International Journal of Pure and Applied Mathematics Special Issue

to access the user data. So the partition was to be made betweenencryption/decryption and storage which was done by the cloudservice provider [4].

Figure 1: Architecture Multi-cloud Computing

2 SECURITY ARCHITECTURE OF

MOBILE CLOUD COMPUTING (MCC)

Multi-cloud is the utilization of numerous distributed cloud com-puting services in a single heterogeneous framework. There arevarious reasons behind developing a multi-cloud architecture, in-cluding lessening dependence on any single stakeholder, expandingadaptability through decision, and relieving against fiascos [5]. Itis like the utilization of best-of-breed applications from numerousdesigners on a PC, instead of the defaults offered by the operatingsystem framework stakeholder. It is an acknowledgment of the waythat nobody provider can be everything for everybody. It contrastsfrom hybrid cloud in that it alludes to numerous cloud benefits asopposed to various deployment models (public, private, and her-itage).

3


Figure 2: Data flow in Multi-Cloud Computing

Here the Multi-Cloud Delivery Platform contains two interfaces,one is North-bound Interface and the other is South-bound Inter-face. The north-bound interface allows components or elements tocommunicate with higher level components like Application Ser-vice Providers (ASP), who provide services to the users and Users,who utilizes services provided by ASPs. The south-bound inter-face helps to communicate the network-level components with lowlevel components. Data security, privacy and protection is also ashared responsibility that contain: (1) Cloud service provider isresponsible to ensure to store data securely, data processing andinformation transfer provide necessary security and privacy mech-anisms to enable application level security; (2) Application servicedesigner duty is to effectively actualize the security of applicationin the cloud multitenant virtualized environment to provide userinformation security and individual data also to be secured, to in-corporate applications security with the cloud at different stagesecurity services and mechanisms provided, and give fundamentaland simple usable security services and mechanisms for end userto accurately application security; (3) End user obligation to guar-antee application security access to user , get to access credentialsand information [6] as shown in Figure 2.

2.1 Issues in cloud data storage:

Privacy: Cloud computing have security and privacy concerns inlight of the fact that the cloud service provider can access the in-formation on the cloud whenever. It could inadvertently or delib-erately adjust or even remove data.

4


Security: Security provided by cloud service provider or themore basic security of cloud is an emerging trend in security of thecomputer, security of the network and security of the data exten-sively. It explains different strategies on an expansive arrangement,advancements and behavior are considered to secure shield informa-tion, applications and the related cloud computing infrastructure.

Trust: It is a state related to living organisms and their partscontaining the goal to commit or safe keeping vulnerability in lightof positive desires of the aims.

Performance: Assessment of different cloud service providerson cost and execution as the day and age and area in which thebenchmark is performed can bring about by and large various out-comes.

Ownership: An endeavor must react this most pivotal inquirywhile going for any cloud facilitated benefits that is who claims theinformation.

Long term visibility: Though the cloud service provider getlost or grabbed by other organizations, the cloud computing usersought to make certain that the information put into the cloud willnever wind up unsatisfactory. The cloud service providers pro-vide substitution application for recovering users information, whenthere is a chance of losing valuable information.

Backup data: Cloud servers are having the redundant serversto do the reinforcement procedure which prompts numerous dupli-cate copies of information.

Data portability and conversion: There is troublesome inexchanging the information starting with one source then onto thenext which relies upon cloud service provider. The most pessimisticscenario is users need to pay for the information transportabilityThe security issues in Mobile Cloud Computing (MCC) can be clas-sified into two categories which are securing mobile users and se-curing data on clouds as shown in Figure 3.

5


Figure 3: Architecture of Mobile and Cloud Computing

Securing mobile users:Problem: Mobile users are presented to different attacks, for

example, Virus, Trojan horses and worms. These attacks emergesfrom methods for communication like short message services, in-teractive multi-media message services, Wi-Fi networks, Bluetoothand GSM which misuses software vulnerabilities from both the webbrowser and working framework. Mobile malware is malevolentsoftware that objectives mobile phones or devices, remote empow-ered individual computerized aide by causing the die down of theframework and misfortune or spillage of confidential data [7]. Asremote devices, wireless devices and Personal Digital Assistant sys-tems have turned out to be increasingly normal and have grownin intricacy it has turned out to be progressively unpredictable toensure their wellbeing and security against electronic attacks asviruses or other malware.

Schemes used to solve the issues:1. Security in operating systemSand boxing extends out the plan to characterize diverse pro-

cedures, counteracting them starting associating each other. Inview of the historical backdrop of working framework, sandboxinghas various implementations. For instance IOS will concentrateson restricting access to its open Application Program Interface forapplications from the application store.

2. Detecting the Root kitThe root kit in the framework is essential to evade such inter-

ruptions and to have the capacity to see them as often as couldbe allowed. Without a doubt there is worry that with this kindof vindictive program, the impact would be an incomplete or fin-ish sidestep of the security of devices, and the obtaining of head

6


rights by the aggressor. On the off chance that this happens, atthat point nothing keeps the attacker from considering or cripplingthe security features which scattering a technique for interruptionby a root kit to a more extensive gathering of people.

3. Process isolationThis approach is similar as a sandbox. While applications can

be malevolent, they can’t escape the sandbox saved for them bytheir identifiers which can’t meddle with the best possible workingof the framework. For e.g. it is impossible for a user procedure toend the procedure of another user, an application can’t hinder theusage of another.

4. File PermissionsIn android there is the method of lock permissions of memory.

It isn’t having the permission to adjust the permissions of filesand records introduced on the secure digital card from the mobiledevices and along these lines it is difficult to install applications

5. Security softwareIn systems such as firewall, for example, firewall can observe

the existing traffic on the system of a network and confirm that anoxious application does not communicate through it and an an-tivirus software can be distinguishes the vindictive executable filesby identification software.

Securing data on clouds:Encryption is the most broadly utilized technique to secure in-

formation in the Cloud. Truth is told, the Cloud Security Alliancedirection prescribes information to be ensured very still, in move-ment and being used.

Figure 4: Key Distribution of the Cloud

Encrypting information dodges undesired access to data. Bethat as it may, it involves new issues identified with access control

7


administration. A rule based approach would be attractive to giveexpressiveness. Yet, this assumes a major test for a data drivenapproach since information has no calculation capacities withoutanyone else’s input. It can’t uphold or compute any access con-trol rule or approach. This raises the issue of policy decision fora self-ensured information package: who ought to assess the prin-ciples upon an access request? The primary decision is have themassessed by the Cloud Service Providers, yet it could conceivablysidestep the rules [8]. Another alternative is have rules assessed bythe owner of the data, yet this infers either data couldn’t be sharedor the owner of the data ought to be online to take a decision foreach access request as shown in Figure 4. As indicated by [6], uti-lizing the clouds with a specific end goal to store the informationmay uncover the stored information, due to four fundamental fo-cuses: 1) Communication by means of Internet. 2) Monitory andauditing resources externally. 3) Cloud framework complexity and4) All users competing for same resource with other client. Thestorage of cloud computing endures the following issues: unauthen-ticated access of resources by the third party, there is no centralor distributed control mechanisms to monitor cloud users, lawfulvulnerability, lack of information about rules and regulations andmulti-cloud borders [9].

For the most part, the cloud service provider assumes the li-ability to apply the best possible procedures that ensure the putaway information; for example, single-server level and cross-serverlevel. The information will be separated into segments, encryptedand stored in single cloud; this strategy causes a file debasement ifany adjustment made to any section in the single-server level. Amechanism that certifications move down duplicate excess and thatby circulate more than duplicate of information go down cross inexcess of one cloud in cross-server level. In [10] the authors pro-posed a system based on the multi-cloud module. The multi-cloudcomputing module has been created with a specific end goal toaccomplish abnormal state of Quality of Service (QoS) and meetthe requirements of the user. The multi-clouds could be describedas an arrangement of geological conveyed clouds that will be ex-pended all the while or serially [11]. When proceeds with updatesinto utilizing the mobile devices or phones and so as to convey theupsides of cloud computing to the portable mobile computing. The

8


new cloud computing came into existence known as mobile cloudcomputing. The MCC conveys the advantages of the innovativecloud computing to the mobile cloud computing model, and de-feat the limitations of versatile cloud computing; and that couldbe abridged into different aspects such as: 1) broadens the lifetimeof the battery by computation tasks undertakings to the cloud, 2)enhance the abilities and storage capacity, and 3) improve the un-wavering quality by including the scalability and dynamic storageprovision [12].

Problems: By using the services provided by the cloud serviceprovider the cloud data can be stored and accessed in a remoteserver. The data stored in the cloud was accessed from anywherewhich leads to authentication and integrity issue. Schemes used forsolving the issues: cloud encryption/decryption and access controlprovides security to data on cloud storage.

3 EXISTING SYSTEM

Ibtihal Mouhib [13] foreseen the approach contains plotting andcompleting another plan to make data security in adaptable cloudenvironment. This outline relies upon everything as a service whichis a combination of models presented with cloud computing. Theyused an encryption/decryption cryptography as an organizationshow (EaaS (Enterprise as an administration)/CaaS (Communica-tions as a Service)) for completing the EaaS we have a private cloudas a trustable third party that empowers the users to have morecontrol over the structure and security in light of more requirementon the system framework and access to user. For this reason, wechoose open stack. EaaS is executed at the most reduced level ofthe cloud software, at the hypervisor level. Open stack is alarm ofEaaS and backings the provisioning of keys and encrypted picturesin the User Interface.

Chandni patel [14] proposed cryptographic usage proceduresfor recouping the security and protection of information which arecounter methods of piece based encryption and decryption that offervitality effective cryptographic methods by utilizing just XOR taskson Blocks and keys. Another plan named message authenticationcode (MAC) cryptographic mechanism is utilized for sanction the

9


uprightness of document or information. Standard hash functions isutilized to produce the integrity key from Password gave by mobileuser. Also, blowfish symmetric encryption function exhibit highexecution speed and throughput. It likewise devours less vitalityfor execution when contrasted with other symmetric algorithms. L.Arockiam [15] proposed strategy incorporating substitution ciphermechanism and transposition cipher mechanism underlines on recu-perating established encryption procedures. The cipher strategieslike substitution algorithm and transposition strategies have uti-lized alphabet in order to represent cipher text. In this algorithm,the plain content is changed over initially into equivalent AmericanStandards Code for Information Interchange (ASCII) code of everyletters in order. In traditional encryption method, the key esteemgoes in the vicinity of 1 and 26 or key might string (blend letters inorder). In any case, key esteem go from 1 to 256. This method isutilized as a part of request to encrypt the information of the cloudusers of the clouds. When the user is logged out, he/she will losethe control over the data. The encryption key goes about as theessential authentication for the user log in.

4 PROPOSED WORK

To enhance the usage cloud computing, users must have trust tostore their information in any condition by the strategies providedby the cloud service providers to ensure security for their data.To provide a special encryption and decryption service a businessmodel for mobile cloud computing has been proposed. It also canmanage the keys for cloud service providers and users. The man-aged keys are used for the encryption and decryption of the usersdata. In this innovative idea the users information is stored in Stor-age Service System with encryption. The decryption key, is used toretrieve the users data from the cloud, the cloud service providerswill not allow users to access data without the decryption key.

Step 1: Core architectureFigure 5, shows a case in which the utilizations isolate cloud

service for customer relationship management (CRM), storage andencryption/decryption. Based on the requirements of the user’sneeds, CRM Cloud Services could be swapped for other capacity

10


particular application services (e.g., Enterprise Resource Planning(ERP) Cloud Services, Account Software Cloud Services, Invest-ment Portfolio Selection and Financial Operations Cloud Services).Based on the development of encryption/decryption services, CRM,ERP and other cloud services will provide storage services to thecloud users.

This architecture creates the three cloud service provides whichare CSP1, CSP2 and CSP3. CSP1 is accountable for authentica-tion. CSP2 is responsible for storage and another CSP3 is respon-sible for encryption/decryption purpose.

Figure 5: Core Architecture of Cloud

Step 2: Authentication as a Service (AaaS)When the client sends the request to the service provider, it

verifies the user by two factor authentication method as shown inFigure 6. Finally it decides whether the user is authorized or not.

Figure 6: Authentication as a Service

Step 3: Encryption/decryption as a Service (EaaS)The CSP2 is accountable for encryption and decryption opera-

tion when the client needs the data to encrypt/decrypt as shownin Figure 7.

11


Figure 7: Encryption/ Decryption as a Service

Step 4: Storage as a Service (SaaS)Finally the proposed work is done by the multi cloud service

providers. The authentication phase was done by two factor au-thentication method to confirm whether the user is authorized ornot. Then it is allowed to CSP 2 which performs encryption/decryptionoperation. Finally it is allowed to CSP 3 which performs the stor-age operation as shown in Figure 8. RSA Algorithm for Generationof key:

Step1: Consider any two prime numbers A, BStep 2: Calculate the value of n=A B, V= (A-1) (B-1)Step 3: Select any small odd integer T so that gcd (T, V) =1Step 4: Calculate the value of P such that (P ×T) %V =1RSA algorithm for encryption/decryption:Encryption can be computed as E (M) = (MT) % nDecryption can be computed as D (M) = (E (M) P) %n

Figure 8: Storage as a Service

Step 5: Machine Learning as a Service (MLaaS)Machine learning as a service (MLaaS) is a wide range of services

that provide machine learning tools as part of cloud computing ser-vices and data science. MLaaS providers provides tools such as datavisualization, Application Programming Interfaces (APIs), image

12


processing, face recognition, natural language processing, predic-tive analytics and deep learning as shown in Figure 9.

Figure 9: Machine Learning as a Service

5 EXPERIMENTAL RESULTS

The four content records of various sizes are utilized to direct fourexperiments, where an examination of three calculations AES, DESand RSA is performed. Execution of encryption calculation is as-sessed thinking about the accompanying parameters. A. Encryp-tion Time in Table 2 B. Decryption Time in Table 3 The encryptiontime is viewed as the time that an encryption algorithm takes toproduces a cipher content from a plain content. Encryption timeis utilized to compute the throughput of an encryption method,is ascertained as the aggregate plaintext in bytes encryption sep-arated by the encryption time. Comparative investigations of theaftereffects of the chose distinctive encryption plot are performed[11].

TABLE 2: COMPARISONS OF DIFFERENT ALGORITHMSHAVING TIME FOR ENCRYPTION IN MILLISECONDS

TABLE 3: COMPARISONS OF DIFFERENT ALGORITHMSHAVING TIME FOR DECRYPTION IN MILLISECONDS

13


6 CONCLUSION

The secure cloud computing model was produced based on threecloud service providers. This model is integrated into the biomet-rics for verification of mobile user authentication which may be apassword or finger printing. If we are using the service providerfor encryption/decryption and storage purpose then the high leveladministrators may attain the user and password. Finally the unau-thorized disclosure of clients data was condensed by using multi-cloud service providers.

References

[1] Liaqat, Misbah, et al. ”Federated cloud resource management:Review and discussion.” Journal of Network and ComputerApplications 77 (2017): 87-105.

[2] Mary, A. Amala Christina, and MrArokia Marshal Roach.”CONCERT: A CLOUD-BASED ARCHITECTURE FORNEXT-GENERATION CELLULAR SYSTEMS.”

[3] Khan, Mohammad Arifin Rahman. ”Investigation for theWireless Communication and intended about the 5th Genera-tion Technology.” International Journal of Innovation and Ap-plied Studies 7.1 (2014): 401.

[4] Khan, Abdul Nasir, et al. ”Towards secure mobile cloud com-puting: A survey.” Future Generation Computer Systems29.5(2013): 1278-1299.

[5] Toosi, Adel Nadjaran, Rodrigo N. Calheiros, and Rajkumar-Buyya. ”Interconnected cloud computing environments: Chal-lenges, taxonomy, and survey.” ACM Computing Surveys(CSUR) 47.1 (2014): 7.

[6] Zissis, Dimitrios, and DimitriosLekkas. ”Addressing cloudcomputing security issues.” Future Generation computer sys-tems 28.3 (2012): 583-592.

[7] Aithal, P. Sreeramana. ”Improved Security Models & Proto-cols in Online Mobile Business Financial Transactions.” M.

14


Tech (IT), Dissertation thesis, Karnataka State Open Univer-sity, Mysore (2010).

[8] McDougal, Monty D., Eric G. Dodge, and Julian A. Zottl.”Systems and methods for malware lab isolation.” U.S. PatentNo. 9,876,810. 23 Jan. 2018.

[9] Vacca, John R. Computer and information security handbook.Newnes, 2012.

[10] Aceto, Giuseppe, et al. ”Cloud monitoring: A survey.” Com-puter Networks 57.9 (2013): 2093-2115.

[11] Bikku, Thulasi. ”A Novel Multi-Class Ensemble Model forClassifying Imbalanced Biomedical Datasets.” IOP ConferenceSeries: Materials Science and Engineering. Vol. 225. No. 1. IOPPublishing, 2017.

[12] Suciu, George, et al. ”Big data, internet of things and cloudconvergencean architecture for secure e-health applications.”Journal of medical systems 39.11 (2015): 141.

[13] Ibtihal, Mouhib, and Naanani Hassan. ”Homomorphic encryp-tion as a service for outsourced images in mobile cloud comput-ing environment.” International Journal of Cloud Applicationsand Computing (IJCAC) 7.2 (2017): 27-40.

[14] Patel, Chandni M., and Viral H. Borisagar. ”Survey on taxon-omy of ddos attacks with impact and mitigation techniques.”International Journal of Engineering Research & Technology(IJERT) 1.9 (2012): 1-8.

[15] Arockiam, L., and S. Monikandan. ”Data security and pri-vacy in cloud storage using hybrid symmetric encryption algo-rithm.” International Journal of Advanced Research in Com-puter and Communication Engineering 2.8 (2013): 3064-3070.

15


Documents

Security as a Service for Mobile Cloud Computing (MCC ... · Security as a Service for Mobile Cloud Computing (MCC) Based On Multi-Cloud Service Providers Thulasi.Bikku1, A.S.Gousia