mobile cloud computing security issues

8/3/2019 Mobile Cloud Computing Security Issues

1/22

Presented by:

ABHISHEK ANAND B080264CS

SAMBIT KR. SAHOO B080322CSSHAHSI KUMAR B080442CSVIBHUTI BHUSHAN B080487CSVIVEK RANJAN B080572CS


2/22

Mobile cloud computing could be defined

asthe availability of cloud computing

services in a mobile ecosystem.

This incorporates many elements including

consumer, enterprise, transcoding, end to

end security, home gateways and mobile

broadband enabled services. Also since the terms mobile and wireless

are used interchangeably, as Mobile

anywhere anytime and wireless is without

wires. Thus mobile is wireless. Hence, Mobile Cloud Computing

essentially means Anywhere anytime

secure data access .


3/22

A mechanism to authenticate weblets

belonging to the same application and

user to each other. This is especially

important when they are running on

different platforms. Authentication is theprerequisite to building secure

communication between weblets.


4/22

A mobile application can consist of one

or moreweblets

, which functionindependently, but communicate witheach other.

When the application is launched, anapplication manager running on thedevice monitors the resourcerequirements of the weblets of the

application , and make decisions wherethey should be launched.


5/22

Image and video processing usually strain theprocessors of mobile devices, therefore they

can be launched on one or more platforms inthe cloud; while User Interface components(UI) or those needing extensive access tolocal data may be launched on the device.

In very general scenarios, the applicationmanager can also make decisions aboutmigrating running weblets from the device to

cloud, or from cloud to device, according tochanges in computing constraints on thedevice or changes in user preferences.


6/22

When a user downloads and installs anapplication, the integrity of all weblets

are verified by the installer of the deviceby re-computing and comparing theirhashes and with those in the bundle.After successful integrity verification, the

installer registers the application with theDM(Device Manager).

The DM maintains a table of installedapplications on the device which need

device application manager support,each with detailed information ofweblets including signed hash valuesand migration settings.


7/22

Whenever an elastic application wants

to launch a weblet or any UI componentinvoked by the user, it first connects tothe DM, which decides where to launchthe weblet.

DM generates a pair of weblet sessionkeys (wsk) and a secret (wss) for theapplication if this is the first weblet to be

launched. These are shared by allweblets during a single session.


8/22

When DM decides to launch a weblet inlocal device, it executes the installed

weblet function with LaunchWeblet( localhost,wid,wss,wsk).

Upon invoking, the weblet ,constructionmethod records wid, wsk, and wss into its

member variables. The weblet returns a valid URL endpoint

which is used to communicate with otherweblets with http(s).

DM then updates a weblet table whichrecords the active weblets URL, wid,and wsk


9/22

If DM decides to launch a weblet in a cloud,

it calls the CFI(cloud fabric interface)s web

method LaunchWeblet (cfi , wid,wsk,wss). This

method has to be done with https as ittransfers a session secret wss.

Based on its service logic, the CFI queries its

cloud manger and decides on which cloudnode the weblet will be loaded.

The corresponding weblet is either installed in

the application manager of CS, or download

from the URL provided by DM . Once this isdecided, CFI call the targetnode managers

LaunchWeblet (nodeid, wid, wsk, wss), again

with https as it goes via public Internet.


10/22

The node manager executes webletbinaries provided by the applicationmanager of the CS, similar to launching a

weblet by the DM locally. The successfully launched weblet returns a

valid URL endpoint to the node manager,which in turn is passed back to CFI and DM.

DM updates the weblet table withreturned result.

Before updating, DM verifies if the

WebletOK message is generated by thelaunched weblet,by checking theHMAC(Hash-based MessageAuthentication Code) value with wss.


11/22

A local weblet can query DM to obtainthe list of all active weblets in the same

session by call DEM::GetWeblet( wsk).DMreturns the URLs of all weblets by queryingthe table.

The local weblet can broadcast the URLs

to any other weblet that needs tocommunicate.

Interfaces of a weblet invoke another

weblets method or receive a call fromanother weblet.


12/22

Specifically, when calling, the callingweblet generates a nonce, and creates

a HMAC value by calculating allparameters with the nonce, its own wid,the target wid, and its own wss.

When responding to a call, the weblet

first verifies the HMAC with its wss, andprocesses the request if successes;otherwise, it denies the calling.


13/22

There are 2 main categories of mobileapp risks. The category of Malicious

Functionality is a list of unwanted anddangerous behaviors that are stealthilyplaced in a Trojan app that the user istricked into installing. The user thinks they

are installing a game or utility andinstead get hidden spyware, phishing UI,or unauthorized premium dialing.


14/22

Activity monitoring and data retrieval

Unauthorized dialing, SMS, and

payments Unauthorized network connectivity

(exfiltration or command & control)

UI Impersonation

System modification (rootkit, APN proxyconfig)

Logic or Time bomb


15/22

The category of Vulnerabilities areerrors in design or implementation that

expose the mobile device data tointerception and retrieval byattackers. Vulnerabilities can also

expose the mobile device or thecloud applications used from thedevice to unauthorized access.


16/22

Sensitive data leakage (inadvertent orside channel)

Unsafe sensitive data storage

Unsafe sensitive data transmission Hardcoded password/keys


17/22


18/22

Is a licence required to offer CloudComputing services?

Ans:Despite the lack of specific regulation,in certain jurisdictions the provision of Cloud


19/22

Computing services will require thesupplier to obtain a licence. For

example, in China The provision of SaaS, PaaS or IaaS

services will require the supplier to obtain

a Type


20/22

Contractual How is Cloud Computing currently

regulated? Cloud Computing is not currently subject

to specific regulation. However,customers

and suppliers of Cloud Computing maybe potentially subject to a range of laws:for

example, data protection legislation(please see below) and any relevantindustry sector regulations (e.g. financialservices and healthcare).


21/22

Complication

The situation may be further complicated

where Cloud Computing services are'bundled' with other services, such asinternet connection, as such otherservices may be subject to specific

regulatory and/or licensing requirements.Storing and processing customer data atremote data centres gives rise topotentially complex data protection

issues which need to be addressed inorder to avoid customers and suppliersbreaching applicable regulations.


22/22

Data Export Restrictions: in many jurisdictionsthe export of data to other jurisdictions is

prohibited or subject to onerous restrictions; Monitoring Data Handling

Regulated Industries: customers operating in

regulated industries such as financial servicesor healthcare may be subject to even morestringent data .

Protection obligations given the financialvalue or sensitivity of data such as bankdetails and medical records; MultipleJurisdictions.

mobile cloud computing security issues

Documents