This document discusses security and privacy issues with mobile cloud computing applications. It outlines potential security threats facing mobile devices, networks, and cloud platforms in mobile cloud computing models. These include malware, software vulnerabilities, privacy violations, and data breaches. The document also summarizes several proposed approaches to address these issues, such as malware detection techniques, access control methods, and encryption. Finally, it reviews some existing solutions and open challenges in securing mobile cloud computing.
Capitol Tech U Doctoral Presentation - April 2024.pptx
Mobile Cloud Security Issues
1. Internet
Computing
Laboratory
Security and Privacy Issues with Mobile
Cloud Computing Applications
Category : Mobile Cloud Computing, Mobile Cloud Security, Security and Privacy Issues
1
Present by
MERLEC M.
2016.06.08
3. Internet
Computing
Laboratory
Introduction
3
⦿ Why we need Mobile Cloud Computing (MCC)?
To extend the capabilities of mobile devices
Processing power, Data storage capacity, etc.
Enable users to execute computational and data-intensive applications on MDs,
Computation offloading
Extend battery life,
Improve reliability, etc.
Cloud computing taxonomy
⦿ Recently several approaches have been proposed to integrate mobile devices
with cloud computing systems.
Cloud Computing
Static Cloud Computing
(Data Center) Mobile Cloud Computing
Infrastructure-based
Mobile Cloud
Infrastructure-less (ad hoc)
Mobile Cloud
4. Internet
Computing
Laboratory
Motivation and Objective
4
⦿ MCC is based on anytime, anywhere computing paradigm,
Integrates mobile computing with cloud computing infrastructures.
Through mobile wireless communication network systems such as cellular network.
⦿ Recently, MCC has attracted significant attention of industries and academia
Promises to meet the need for richer mobile applications and services
⦿ However, due to the integration of several technologies
Privacy and Security are big concerns in mobile cloud computing.
⦿ we aimed to investigate on the security and privacy issues related to MCC
By analyzing these issues from three main perspectives:
Mobile Device Terminals, Mobile Communication Network and Cloud Infrastructure
6. Internet
Computing
Laboratory
Security and privacy issues in MCC
6
Security issues Threats examples
Mobile
Device
terminal
Malware threats
Phishing, Spyware, Surveillance attacks, Botnets,
etc.
Software vulnerabilities
(OS, application software)
-System or input validation errors,
-Buffer overflows, SQL injection,
-Code injection, E-mail injection, etc.
Others (lack of security awareness,
mis-operation)
Users’ data leakage and privacy violation
Mobile
Network
Information leakage or
Malicious attack
Connectivity heterogeneity
- Wi-Fi, 3G, LTE, Bluetooth, etc.
Internet
Cloud
Platform
Platform reliability & availability DOS attacks, side-channel attacks, ...
Shared technology shared dangers
Data and privacy protection
Data breaches :
- System vulnerabilities
(Phishing, fraud, and software vulnerabilities)
- Hacked interfaces and APIs
- Compromised credentials and broken authentication
- (Permanent) data loss
Malware Treats
to mobile OS
8. Internet
Computing
Laboratory
Security and privacy issues : Potential approaches
8
Security issues Potential approaches
Mobile
terminal
Malware threats
Prevention and Detection (signature or anomaly
-based) CloudAV
Software vulnerabilities
(OS, application software)
-Periodically update the mobile devices’ OS
-Download and installing the system patches
-Checking the software legitimacy and
integrity
Others
(lack of security awareness,
mis-operation)
Regulating the users' behavior
Mobile
Network
Information leakage or
Malicious attack
- Data encryption
- Secure network and communication protocols
Cloud
Platform
Platform reliability Integrating the current security technologies:
-VPN, Authentication and access control
- Key management and data encryption;
-Privacy and data protection, etc.
-Complete backup and recovery solutions
Data and privacy protection
9. Internet
Computing
Laboratory
Related Work : Proposed approaches & existing
solutions
9
Criminals attack the weakest link to get access to sensitive data
Mobile devices are one of the easiest
paths to sensitive data.
- Outside of the perimeter:
usually outside of an organization’s
control
⦿ [11] Privacy and Data security investigation from enterprise mobility and productivity
management perspective
Mobile is the new playground for thieves :
How to protect against mobile malware ?
10. Internet
Computing
Laboratory
Related Work : Proposed approaches & existing
solutions
10
MaaS360 works with Trusteer to detect, analyze and remediate mobile malware in
compromised devices.
Detect and analyze mobile malware signatures from a continually updated database
⦿IBM MaaS360 Mobile Threat Management
Enterprise mobility management platform to enable productivity and data protection for the
way people work [12].
11. Internet
Computing
Laboratory
Related Work : Proposed approaches & existing
solutions
11
[6] Investigates the security and privacy protection in Mobile Healthcare Networks (MHNs)
from the Quality of Protection (QoP) perspective.
MHN applications Mobile healthcare network
12. Internet
Computing
Laboratory
Related Work : Proposed approaches & existing
solutions
12
Sybil attack detection for MHNs.
⦿ Sybil attack is one of these serious threats to MHNs,
where Sybil attackers maliciously manipulate a large number of pseudonyms (or identities)
to cheat others.
• E.g. during fitness experience sharing in MHNs, Sybil attackers may repeatedly send the same fitness
experiences to the same users with multiple identities to mislead other users’ opinions and preferences.
14. Internet
Computing
Laboratory
Related Work : Proposed approaches & existing
solutions
14
A VPN connection to virtual phone
⦿ [7] Proposed a mobile cloud execution framework
which execute mobile applications in a cloud-based virtualized execution environment,
with encryption and isolation to protect against eavesdropping from cloud providers.
15. Internet
Computing
Laboratory
Conclusion and Open issues
15
⦿ In summary, MCC is an emerging computing paradigm
Integrates cloud computing with mobile computing technologies
Through mobile communication networks.
Offers many opportunities to design and develop next generation of distributed
smart and digital convergence solutions
⦿ As discussed, security and privacy are one of big the concerns that need
to be considered with MCC solutions.
Further researches are necessary in order to address these challenging issues.
16. Internet
Computing
Laboratory
References
1.Daojing He, Sammy Chan and Mohsen Guiszani, “User Privacy and Data Trustworthiness in Mobile Crowd Sensing”,
IEEE Wireless Communications (Volume:22 , Issue: 1 ), February 2015
2.Fangming Liu et al., “Gearing Resource-Pour Mobile Devices with Powerful Clouds: Architectures, Challenges, and Ap
plications”, IEEE Wireless Communications (Volume:20, Issue 3), June 2013
3.Daojing He, Sammy Chan and Mohsen Guiszani, “Mobile Application Security: Malware Threats and Defenses”, IEEE
Wireless Communications (Volume:22 , Issue: 1 ), February 2015
4.Hui Suo, Zhuohua Liu, Jiafu Wan, Keliang Zhou, “Security and Privacy in Mobile Cloud Computing”, 2013 9th Interna
tional on Wireless Communications and Mobile Computing Conference (IWCMC), Sardinia, 1-5 july 2013
5.D. Huang, X. Zhang ; M. Kang ; J. Luo, “MobiCloud: Building Secure Cloud Framework for Mobile Computing and Co
mmunication”, 2010 Fifth IEEE International SOSE, Nanjing, 4-5 June 2010
6.Kuan Zhang et al., “Security and privacy for mobile healthcare networks: from a quality of protection perspective”,
IEEE Wireless Communications (Volume:22 , Issue: 4 ), August 2015
7. Shih-Hao Hung et al., “An Online Migration Environment for Executing Mobile Applications on the Cloud”, 5th Inter-
nation Conference on Innovative, IEEE 2011
8.Shih-Hao Hung, Chi-Sheng Shih, Jeng-Peng Shieh ∗, Chen-Pang Lee, Yi-Hsiang Huang, “An Online Migration Environ
ment for Executing Mobile Applications on the Cloud”, IEEE 2011
9.Gonzalo Huerta-Canepa, Dongman Lee, “Virtual Cloud Computing Provider for Mobile Devices”, MCS'10 procee-
dings of the 1st ACM Workshop on Mobile Cloud Computing & Services, California, USA
10.IBM Security, “Mobile is the new playground for thieves. How to protect against mobile malware”, White Paper,
IBM Corporation 2016
16