Mobile Cloud Computing Security Issues
-
Upload
sambit-kumar-sahoo -
Category
Documents
-
view
231 -
download
0
Transcript of Mobile Cloud Computing Security Issues
-
8/3/2019 Mobile Cloud Computing Security Issues
1/22
Presented by:
ABHISHEK ANAND B080264CS
SAMBIT KR. SAHOO B080322CSSHAHSI KUMAR B080442CSVIBHUTI BHUSHAN B080487CSVIVEK RANJAN B080572CS
-
8/3/2019 Mobile Cloud Computing Security Issues
2/22
Mobile cloud computing could be defined
asthe availability of cloud computing
services in a mobile ecosystem.
This incorporates many elements including
consumer, enterprise, transcoding, end to
end security, home gateways and mobile
broadband enabled services. Also since the terms mobile and wireless
are used interchangeably, as Mobile
anywhere anytime and wireless is without
wires. Thus mobile is wireless. Hence, Mobile Cloud Computing
essentially means Anywhere anytime
secure data access .
-
8/3/2019 Mobile Cloud Computing Security Issues
3/22
A mechanism to authenticate weblets
belonging to the same application and
user to each other. This is especially
important when they are running on
different platforms. Authentication is theprerequisite to building secure
communication between weblets.
-
8/3/2019 Mobile Cloud Computing Security Issues
4/22
A mobile application can consist of one
or moreweblets
, which functionindependently, but communicate witheach other.
When the application is launched, anapplication manager running on thedevice monitors the resourcerequirements of the weblets of the
application , and make decisions wherethey should be launched.
-
8/3/2019 Mobile Cloud Computing Security Issues
5/22
Image and video processing usually strain theprocessors of mobile devices, therefore they
can be launched on one or more platforms inthe cloud; while User Interface components(UI) or those needing extensive access tolocal data may be launched on the device.
In very general scenarios, the applicationmanager can also make decisions aboutmigrating running weblets from the device to
cloud, or from cloud to device, according tochanges in computing constraints on thedevice or changes in user preferences.
-
8/3/2019 Mobile Cloud Computing Security Issues
6/22
When a user downloads and installs anapplication, the integrity of all weblets
are verified by the installer of the deviceby re-computing and comparing theirhashes and with those in the bundle.After successful integrity verification, the
installer registers the application with theDM(Device Manager).
The DM maintains a table of installedapplications on the device which need
device application manager support,each with detailed information ofweblets including signed hash valuesand migration settings.
-
8/3/2019 Mobile Cloud Computing Security Issues
7/22
Whenever an elastic application wants
to launch a weblet or any UI componentinvoked by the user, it first connects tothe DM, which decides where to launchthe weblet.
DM generates a pair of weblet sessionkeys (wsk) and a secret (wss) for theapplication if this is the first weblet to be
launched. These are shared by allweblets during a single session.
-
8/3/2019 Mobile Cloud Computing Security Issues
8/22
When DM decides to launch a weblet inlocal device, it executes the installed
weblet function with LaunchWeblet( localhost,wid,wss,wsk).
Upon invoking, the weblet ,constructionmethod records wid, wsk, and wss into its
member variables. The weblet returns a valid URL endpoint
which is used to communicate with otherweblets with http(s).
DM then updates a weblet table whichrecords the active weblets URL, wid,and wsk
-
8/3/2019 Mobile Cloud Computing Security Issues
9/22
If DM decides to launch a weblet in a cloud,
it calls the CFI(cloud fabric interface)s web
method LaunchWeblet (cfi , wid,wsk,wss). This
method has to be done with https as ittransfers a session secret wss.
Based on its service logic, the CFI queries its
cloud manger and decides on which cloudnode the weblet will be loaded.
The corresponding weblet is either installed in
the application manager of CS, or download
from the URL provided by DM . Once this isdecided, CFI call the targetnode managers
LaunchWeblet (nodeid, wid, wsk, wss), again
with https as it goes via public Internet.
-
8/3/2019 Mobile Cloud Computing Security Issues
10/22
The node manager executes webletbinaries provided by the applicationmanager of the CS, similar to launching a
weblet by the DM locally. The successfully launched weblet returns a
valid URL endpoint to the node manager,which in turn is passed back to CFI and DM.
DM updates the weblet table withreturned result.
Before updating, DM verifies if the
WebletOK message is generated by thelaunched weblet,by checking theHMAC(Hash-based MessageAuthentication Code) value with wss.
-
8/3/2019 Mobile Cloud Computing Security Issues
11/22
A local weblet can query DM to obtainthe list of all active weblets in the same
session by call DEM::GetWeblet( wsk).DMreturns the URLs of all weblets by queryingthe table.
The local weblet can broadcast the URLs
to any other weblet that needs tocommunicate.
Interfaces of a weblet invoke another
weblets method or receive a call fromanother weblet.
-
8/3/2019 Mobile Cloud Computing Security Issues
12/22
Specifically, when calling, the callingweblet generates a nonce, and creates
a HMAC value by calculating allparameters with the nonce, its own wid,the target wid, and its own wss.
When responding to a call, the weblet
first verifies the HMAC with its wss, andprocesses the request if successes;otherwise, it denies the calling.
-
8/3/2019 Mobile Cloud Computing Security Issues
13/22
There are 2 main categories of mobileapp risks. The category of Malicious
Functionality is a list of unwanted anddangerous behaviors that are stealthilyplaced in a Trojan app that the user istricked into installing. The user thinks they
are installing a game or utility andinstead get hidden spyware, phishing UI,or unauthorized premium dialing.
-
8/3/2019 Mobile Cloud Computing Security Issues
14/22
Activity monitoring and data retrieval
Unauthorized dialing, SMS, and
payments Unauthorized network connectivity
(exfiltration or command & control)
UI Impersonation
System modification (rootkit, APN proxyconfig)
Logic or Time bomb
-
8/3/2019 Mobile Cloud Computing Security Issues
15/22
The category of Vulnerabilities areerrors in design or implementation that
expose the mobile device data tointerception and retrieval byattackers. Vulnerabilities can also
expose the mobile device or thecloud applications used from thedevice to unauthorized access.
-
8/3/2019 Mobile Cloud Computing Security Issues
16/22
Sensitive data leakage (inadvertent orside channel)
Unsafe sensitive data storage
Unsafe sensitive data transmission Hardcoded password/keys
-
8/3/2019 Mobile Cloud Computing Security Issues
17/22
-
8/3/2019 Mobile Cloud Computing Security Issues
18/22
Is a licence required to offer CloudComputing services?
Ans:Despite the lack of specific regulation,in certain jurisdictions the provision of Cloud
-
8/3/2019 Mobile Cloud Computing Security Issues
19/22
Computing services will require thesupplier to obtain a licence. For
example, in China The provision of SaaS, PaaS or IaaS
services will require the supplier to obtain
a Type
-
8/3/2019 Mobile Cloud Computing Security Issues
20/22
Contractual How is Cloud Computing currently
regulated? Cloud Computing is not currently subject
to specific regulation. However,customers
and suppliers of Cloud Computing maybe potentially subject to a range of laws:for
example, data protection legislation(please see below) and any relevantindustry sector regulations (e.g. financialservices and healthcare).
-
8/3/2019 Mobile Cloud Computing Security Issues
21/22
Complication
The situation may be further complicated
where Cloud Computing services are'bundled' with other services, such asinternet connection, as such otherservices may be subject to specific
regulatory and/or licensing requirements.Storing and processing customer data atremote data centres gives rise topotentially complex data protection
issues which need to be addressed inorder to avoid customers and suppliersbreaching applicable regulations.
-
8/3/2019 Mobile Cloud Computing Security Issues
22/22
Data Export Restrictions: in many jurisdictionsthe export of data to other jurisdictions is
prohibited or subject to onerous restrictions; Monitoring Data Handling
Regulated Industries: customers operating in
regulated industries such as financial servicesor healthcare may be subject to even morestringent data .
Protection obligations given the financialvalue or sensitivity of data such as bankdetails and medical records; MultipleJurisdictions.