User Privacy and Security Considerations

As a trusted third-party representative of mobile users in the cloud, a CPA must provide authentication and authorisation mechanisms to ensure that no user of CAMCS can access/use the CPA of another user. Additionally, all data supplied by the mobile user for the purposes of completing a task is stored with his/her CPA in the cloud. This can include personal data, and in a cloud environment must be secured to ensure privacy. Furthermore, the results of tasks must also be stored securely.

5.5.1 CAMCS Authorisation for User CPAs

To register with CAMCS, the mobile user is required to provide an email ad-dress, and a password. Registration takes place on the CAMCS Client with the Registration activity. The email address and password supplied during reg-istration is stored in the backing MongoDB database used by CAMCS. Pass-words are encrypted using the bcrypt hashing algorithm. The implementation of the algorithm uses a randomly generated 16-byte salt value, and produces a hashed password encoding of length 60 for storage in the database. The al-gorithm is designed to run slowly over several iterations, based on a strength value ranging from 4-31. The closer to 31 the strength value is, the longer the

algorithm will take to run; it is designed to deter hackers from performing repeated password checks. The default value used for strength is 10.

Successful registrations will automatically log the user into the CAMCS Client.

The user can logout and login again at any time. Logging out will prevent ac-cess to all CAMCS functionality, including CPA acac-cess. This means that while logged out, new tasks cannot be sent to the CPA, and all current and completed tasks cannot be viewed, including results. Logging out will not impact the CPA in completing any work. A consideration for future work can include lo-gin timeouts, such that after a certain period of time, the user is automatically logged out, and forced to login and authenticate again through the CAMCS Client. Otherwise, if the mobile device was ever stolen or shared with another user, the third-party could access all data and tasks stored with the user’s CPA.

All requests sent from the CAMCS Client to CAMCS are subject to HTTP basic username/password authentication, implemented using the Spring Security framework [121]. Each request to CAMCS, be it creating a new task, providing service parameters, or retrieving a task result, is authenticated by the email address and password combination of the user, which must be provided with each HTTP request. Only if authentication succeeds, will any CPA operations take place. If authentication fails, no operations can be called on the CPA by the user. This mechanism also prevents one user from accessing the CPA of another user, as each CPA is identified by the email address used for registra-tion. TLS, which is not used in the current implementation, can be added in future work to secure communication over the network, and prevent replay attacks on the HTTP authentication mechanism. This was not implemented due to a technical problem with the Spring Framework RESTful HTTP client on the Android mobile device; the client failed to make connections to servers with unsigned certificates when using TLS, and so for simplicity, TLS or SSL were not used,

A combination of private and public key security is used by CAMCS, based on work by Michael Lones [84]. When registration is completed successfully, CAMCS will generate a new 256-bit AES symmetric key. This key is then encrypted, using the RSA public key algorithm. CAMCS returns this RSA-encrypted AES key to the user on the CAMCS Client, and also stores a local copy. This key is used when the user requests that his/her CPA starts task ex-ecution, and when the user wants to retrieve the result for a task. This will be explained in the next subsection.

5.5.2 Privacy of User Data

The task model of CAMCS requires user data in order for CPAs to complete task work for the user. All data provided for completing tasks, along with task results, must be stored privately, such that no other user of CAMCS can access that data, i.e. one CPA can only access task data and results, for tasks as-signed to that CPA. Any individual CPA must not be able to read user and task data stored by any other CPA. In terms of access from a running copy of the CAMCS Client, this is handled by the authentication mechanisms described in the previous subsection.

Additionally, the use of private and public key security, discussed in the pre-vious subsection, is used for the purposes of encrypting the task result HTML files. The operation of starting the execution of a new task, once parameter data has been provided, requires the further step of the user providing the RSA-encrypted AES key, that was provided to the mobile device upon CAMCS registration. This is sent with the parameter data. Once the task has finished executing, the CPA will decrypt the RSA-encrypted AES key, using it’s own private key. Once the user’s AES key has been decrypted, this is used to en-crypt the result HTML file generated by CAMCS.

When the user wishes to retrieve and view a task result HTML file, the RSA-encrypted AES key must be provided from the mobile device again. This is used by CAMCS to decrypt the result HTML file, so that it can then be sent to the user. If the user provides an invalid AES key, then access to the result file is prohibited.

Features are also provided by CAMCS to store task results with a third-party cloud storage provider, such as Dropbox. Dropbox provides 256-bit AES en-cryption of all files stored with a user’s account. If a user is conscious of where his/her data is stored in the cloud, such as keeping all data in one place, or chooses to trust one provider over others, then this feature is very useful.

The mechanisms described and implemented for user authentication and data privacy are basic; they are not a complete security solution for CAMCS. For example, an important consideration must be made in future work. As the user’s data is stored with his/her CPA, it can be considered a single point of failure, such that it is a single target for attacks. A complete security evaluation with experienced researchers in cloud security, can be performed to identify any remaining vulnerabilities and risks associated with the current solution.

It is important to note that many strict security measures can inconvenience the user when accessing their CPA with the CAMCS Client, such that time and effort required to authenticate frequently can be considered detrimental to the user experience goal of the thesis project. Therefore, a balance must be found between security, and ease of accessibility, when a complete security review is undertaken.

5.6 Conclusions

In this chapter, a mobile cloud based solution for enabling description, discov-ery, and consumption of mobile cloud services was presented. Several con-tributions have been made. First, the service registry was presented, which stores service descriptions in a mobile cloud service description format, which was designed with user-oriented discovery in mind. It will allow users to be a part of the discovery process, not previously practical with mark-ups such as XML. This structure of this description format was shown, including the Service structure, which supports simple one-call services, and more complex services requiring multiple calls, as part of a Service Flow. Secondly, the dis-covery process allows the user to benefit from cloud-based services through the device.

How the solutions are used with CAMCS and user CPAs was shown; a mobile user can search for services to complete tasks; the user-oriented mobile cloud service descriptions from the registry are presented to the user for this, bring-ing them into the discovery process. Also shown was how data for service parameters (data inputs and context inputs) are collected from the user, and how task results from services are stored and presented, and possibly ranked with user context data from a social network such as Facebook, should the user allow it. Support for server-side and CPA-side sessions was also presented to support Service Flows. The user task model for CPAs was also presented, as well as automatic task execution. Automatic tasks enable the design objective of disconnected operation for CPAs.

User security and privacy considerations with CAMCS was also shown in terms of user authentication and authorisation. Each user can only access their CPA once they are registered and logged in on the CAMCS Client. As CPAs are tied to the user’s registered email address, a user cannot access or call

op-erations on other CPAs. The use of secure public and private keys was also shown for starting tasks, and encryption/decryption of task result data. The user’s AES key must be presented with HTTP requests in order for the user to start tasks, and retrieve task results, otherwise the user is blocked from access.

While this solution uses existing technologies and protocols, due to the user-oriented discovery process and services descriptions, this work opens a new direction in accessing cloud services by mobile users.

In the next chapter, resource usage considerations for mobile cloud comput-ing, in terms of energy usage, bandwidth usage, and cloud-server resource usage, are analysed. Models will be presented, and these will be applied to CAMCS and other existing mobile cloud computing solutions for comparison, to understand how these solutions make use of the limited resources available.

All sections of this chapter were based on [100], with the following exceptions, based on new functionality added since the original publication: Section 5.2 was heavily modified and extended, Subsections 5.2.3.1 and 5.2.3.2 were added as new; Section 5.3 was extended, Subsection 5.3.3 was added as new, and Sec-tion 5.5 was added as new. New figures were also added that were not present in the original publication, and some figures were modified to show devel-opments/modifications since the original publication. Various modifications have been made to the text throughout the chapter, to fit with the flow of the thesis.

Integrating Mobile and Cloud