MOBILE CLOUD COMPUTING SECURITY USING TRANSIENT AUTHENTICATION SYSTEM
HARDAYAL SINGH SHEKHAWAT
Associate Professor, Department of Information Technology, Govt. Engineering College Bikaner, Rajasthan.
[email protected]
ABSTRACT: Mobile devices like smart phones, PDA, palmtops, tablets, with their advance features to access internet are becoming very common in public around the world. These devices can be used to access cloud computing resources using internet from any where wirelessly. Cloud computing is also becoming very popular among the people and organizations due to its various advantages like low cost, pay per use, and elastic scalability. Due to small size and simple usability of mobile devices they are vulnerable to theft and loss. Once these devices are authenticated to access cloud services using simple authentication system and stolen, they can be misused to access the critical data stored in the cloud. This paper developed a transient authentication system to meet this challenge. In transient authentication system a wearable token is used which is constantly attached to the mobile device using radio frequency and monitors the presence of the device (user). When user is away from the mobile device the token and device will loose the contact and the device will not allow any one to access the cloud services.
Keywords: - Cloud computing, Mobile Devices, Security, Transient Authentication, Wearable Token.
1. INTRODUCTION
Cloud computing
system provides
infrastructure, software, platform, storage and processing power etc. as a service on demand.
The key characteristics of cloud computing includes reduced cost, scalability, security, elasticity, device independence, reduced
maintenance and
reduced manpower. The services provided by
cloud computing
becomes available to organizations of all size, educational institutes,
governments and
individuals which enables them to provide more scalable, resilient services to employees, partners and clients at lower cost and higher business agility [1].
Mobile cloud
computing is the availability of cloud computing service in combination with mobile devices. Mobile
cloud computing
provides optimal cloud computing services for mobile users. In mobile
cloud computing
environment, mobile device does not need high configuration like
CPU, memory,
computational speed because all computation is done in the cloud [2].
2. CLOUD COMPUTING
Cloud computing
environment offers IT functionality as service in a multi-tenant manner.
Cloud services are provided by the cloud vendor and that can be used by the cloud consumer on a pay per
use basis. The enabling technology includes virtualization, SaaS (Software as a service) enabled application platform (SEAP), Metering tools and technologies etc. These service exposed as industry standard interfaces like web services using Service Oriented Architecture SOA [3] or REST [4]
services or any proprietary services.
Cloud Computing Service Models The cloud computing services are basically classified in to three delivery models:
Software as a service (SaaS), Platform as a service (PaaS) and Infrastructure as a service (IaaS). SaaS offers applications like customer relationship management (CRM), e- mail, instant messaging, and office productivity applications are offered as a service by the cloud provider. For example salesforce.com services or google office productivity application, or Microsoft exchange online etc [5]. PaaS produces platform by integrating OS, Middleware, application
software, and
development
environment that is then delivered as a service by the cloud vendors. PaaS is provided to the clients using APIs, which is used by the user to interact with the platform [6]. IaaS made Servers, storage systems, switches, routers, and other systems are pooled and available to handle workloads that range
from application components to high- performance computing applications [6].
Cloud Computing Deployment Models The cloud computing deployments are basically classified into
four deployment
models: Public Cloud,
Private Cloud,
Community Cloud and Hybrid Cloud. Public cloud is a standard cloud computing model, in which a cloud service provider creates and offers the resources.
Public cloud computing services can be free or offered on pay per use basis [7]. Private clouds generally designed for an organization that needs more control over
the data and
applications stored in the cloud. Private cloud provides control to the owner organization over services, security of the data and applications [8]. Hybrid cloud is combination of both public and a private (or community) cloud which is best of both public and private cloud, client get benefit of both hosted delivery model and on premises highly secure model [9].
A community cloud is managed and used by a group of various organizations those have similar interest and goals, and have similar privacy, security, and regularity consideration.
The sectors like public sector, health care, energy and media industry can use community cloud [10].
3. Mobile Cloud Computing
Access to cloud computing resources or service using mobile devices is called as
mobile cloud
computing. Open Gardens blog defines
Mobile Cloud
Computing as "the availability of cloud computing services in a mobile ecosystem. This incorporates many elements, including consumer, enterprise, end-to-end security, home gateways, and mobile broadband- enabled services. [11]"
The data and
application in cloud environment are stored in the cloud server and can be accessed using internet and mobile devices. Applications run on the remote cloud servers and users can
access these
applications using mobile devices. Figure 1 shows basic architecture of the
mobile cloud
computing.
The Cloud
Figure 1. Mobile Cloud Computing Mobile
Device Mobile
Device Internet
3.1 Mobile Cloud Security
As mobile cloud computing involves cloud computing system and mobile devices, so mobile security can be divided in to tow categories mobile device security and
cloud computing
security [12].
Mobile Device
Security:
Mobile devices enable user to work when they are away from their desk, they allow users to work when they are travelling or in the
public place.
Unfortunately with the mobile advantage of these devices there is a threat of loss or stolen, due to their small size.
Once mobile device goes into the hands of the hackers, they can be misused to access critical user information stored in the cloud.
Security of user’s data stored in the cloud is the big issue in front of the cloud providers and users. Solution to device theft or lost problem includes configuration of mobile device, use of
Wi-Fi Network,
encryption and
antivirus.
Configuration of Mobile
Devices: The
configuration of mobile device means user must use strong password authentication system or
multi factor
authentication system.
User must always keep browser security system of their mobile device active and properly configured.
Wi-Fi Networks: User must disable all Wi-Fi systems of the device like Bluetooth, infrared, or Wi-Fi when not in use. User should not connect to any unknown Wi-Fi network [13]. In addition to that a Bluetooth enabled device can be attached to the mobile device for authentication purpose.
Encryption: The data travels between mobile device and cloud computing should be in encrypted form using
some strong
authentication. If intruder managed to access the data in transient, he/she should not be able to understand that data.
Encryption plays very important role in data security.
Antivirus: Virus is a big threat in front of mobile device users. User must install a strong antivirus system into their devices and they should also regularly update the antivirus to protect the device from newly developed viruses.
Cloud Computing Security:
Organizations and individuals are taking advantages of cloud computing by deploying their applications and storing their data in the cloud environment.
With various
advantages there are some security issues on using cloud computing for data storage, these challenges includes data security and, identity
and access
management.
Data Security: Cloud computing service providers uses various geographically
distributed and
interconnected data enters to store customer’s data.
Customer does not know where in the word their data is stored, which is a serious issue for cloud customers to adopt cloud computing system. The solution to this problem is encryption of the data.
The data should be encrypted using some strong encryption method and key before storing it in to the cloud storage system.
Similarly data in transit should also be in encrypted form for securing it from the intruders.
Identity and Access Management: Secure
user identity
management plays very important role in access management system which is a complex process in the cloud computing system.
Cloud’s identity management system must manage control
points, dynamic
composite and
decommissioned machines, virtual device or service identities, and user identity to provide high security against unauthorized access to the user data [14].
4. Authentication System
Authentication is the process of verifying the identity of a user, which is performed by a system that user want to access. It is performed on the basis of
credentials supplied by the user; authentication system compares these credentials with the credentials stored in the authentication server for that particular user. If mach in the credential found user is considered as authenticated user.
Authentication is also performed by the cloud computing system when usr want to access it.
4.1 Token Based Authentication
Systems:
Swipe Card: It is a plastic card with a
magnetic strip
containing encoded data that is read by passing the card through a device. These cards are generally used for electronic transections [15]. The main advantage of swipe card based authentication system is user does not need to remember user name, password and other credentials. The disadvantage of this authentication method is cards can be stolen and data on the card can be duplicated using some equipment [16].
USB Token: It is a small low cost device which contains user credentials and can be sued to for user identification and authentication purpose.
It use USB port of the computer for read and write purpose so no addition reader device is
needed. The
disadvantage of USB token is it can be lost stolen or broken.
Smart Card: It is a portable device which
contains a CPU, I/O devices and memory that is accessed by the CPU of the card. It can process, store and control the data stored in the card. It can provide high level of security when used for authentication purpose.
The disadvantage of smart card is it requires smart card reader which makes authentication system costly.
One Time Password (OTP) Generators:
These are the hardware devices used to generate password which is valid for one attempt only.
One time passwords are secure to reply attacks.
So if password is stolen by intruder, it can not be
reused. The
disadvantage of this method is it is difficult to remember new password for each login attempt.
4.2. Transient
Authentication System User does not authenticate mobile device frequently, device remains in authenticated mode until it is not revoked. If the device is lost or stolen when it is in authenticated mode it can be misused, which is a big threat with the light wait mobile devices. The threat of loss of device in authenticated mode and misused is resolved
with transient
authentication system [17].
Transient authentication is the system where a wearable token like IBM Linux wrist watch [18] is used in addition
to the mobile computing
device for
authentication purpose.
This token is connected with the mobile device wirelessly, using a technology which has a limited radio range like Bluetooth. Transient authentication system can also be used in cloud computing system for high security of the
user data and
information stored in the cloud.
In this model of transient authentication system the token provide authentication for mobile device, token works as authentication server and mobile device works as authentication client. As shown in figure 2 the
wearable token
continuously
authenticates to the mobile device using short range, wirelessly.
The communication between the device and token is in encrypted form, a session key is used for encrypting this communication.
The token periodically (let us say every second) sense the device to ensure user’s presence. As shown in figure 3 when user is away from the device token goes out of range with the mobile device then the device will secure itself and will be disconnected from the cloud computing system. When user returns and mobile device comes in the range of the token, connection will be re established and user will be allowed to connect to the cloud.
Authentication System
Advantages Swipe Card No need to
remember user credentials USB Token Uses USB port
for read write purpose. No extra card reader is required.
Smart Card Provides high level of security for
authentication One Time
Password Generators
Password can not be reused
Wearable Token (Transient Authentication)
Needs additional wearable token.
5. Conclusion
Cloud computing is gaining popularity due its various advantages like security, elastic
scalability, pay-as-you- go etc. Mobile devices have become very common among the people, so cloud users can use mobile devices to access cloud computing system.
Mobile devices are vulnerable to theft or loss. The loss of the device can be the loss of critical data of the user.
Transient authentication system solves the problem of data loss when device is lost. It uses a hardware token like wearable watch, which remains in continuous contact with the mobile devices using short range wireless connectivity.
When these tow devices are in contact it shows the presence of the user and allow to access the cloud. If these devices looses the connection with token it shows the absence of the user, and device will secure the users data and will be disconnected from the cloud also. This way if device is lost or theft and it is away from the token (real user), no one will be allowed to access the device and cloud.
Acknowledgment I am thankful to my supervisor Prof DP Sharma for his consistent support and review guidelines that helped me to complete this theoretical research paper.
Bibliography
[1] NEC Company, Ltd.
and information and privacy commissioner, Ontario, (2010), Canada. “Modelling Figure 2. Device present in the range
of token
Token Mobile
Device
Figure 3. Device not present in the range of token
?
Token
Table: Comparison of token based authentication systems
Cloud Computing Architecture without Compromising Privacy:
A Privacy by Design Approach”.
http://www.ipc.on.ca/im ages/resources/pbd- NEC-cloud.pdf
[2] Dinh Thai Hoang, Dusit Niyato, and Ping Wang, (2012), Optimal Admission Control Policy for Mobile Cloud Computing Hotspot with Cloudlet.
http://www.mobile.ecs.s oton.ac.uk/home/confer ence/wcnc2012/papers/
p3177-dinh.pdf
[3] The Open Group, (2012), The open group service
oriented architecture.
http://www.opengroup.
org/subjectareas/soa [4] Russell Kay, (2007),
Quick Study:
Representational State Transfer (REST).
http://www.computerwo rld.com/s/article/29742 4/Representational_Stat e_Transfer_REST_
[5] Ramkumar Dargha, (2009), Infosys – Cloud
Computing: Key
Consideration for Adoption.
http://www.infosys.com/
cloud/resourcecenter/D ocuments/cloud- computing.pdf
[6] Metasoft, (2011), Cloud Computing:
Truly Dependable and Highly Appriciable.
http://www.metasoftsol utions.com/CloudComp uting.html
[7] Tech Target, (2009), Public Cloud.
http://searchcloudcomp uting.techtarget.com/de finition/public-cloud [8] Jithesh Moothoor, Vasvi Bhatt, IBM, (2009), A Cloud Computing Solution for
Universities: irtual Computing Lab.
http://www2.gsu.edu/~
matpxp/SwIG/talks/ws- vcl.pdf
[9] GFI Software, (2010), ON-PREMISE VS. CLOUD-BASED SOLUTIONS.
http://www.gfi.com/whit epapers/Hybrid_Techno logy.pdf
[10] Dr. Matthias Henneberger, Dr.
Achim Luhn, (2010), Community Clouds supporting business ecosystems with cloud computing SIEMENS.
http://www.sourcingfoc us.com/uploaded/docu ments/Siemens_Commu nity_Clouds_Whitepape r.pdf
[11] Ajit, Open Gardens, (2010),
Mobile Cloud
Computing: Issues and Risks from a Security Privacy Perspective.
http://www.opengarden sblog.futuretext.com/ar chives/2010/03/mobile_
cloud_co_2.html [12]Soeung-Kon
(Victor) Ko,
JungHoonLee, Sung Woo Kim, (2012),
Mobile Cloud
Computing Security Considerations. SERSE:
Journal of security engineering, Volume 9, No.2, ISSN: 1738-7531
[13] Valerie
Vogel, Theresa
Semmens, (2013), Mobile Device Security:
Ten Steps to Secure Your Mobile Device.
https://wiki.internet2.ed u/confluence/display/its g2/Mobile+Device+Sec urity
[14] Anu
Gopalakrishnan, (2009), Cloud Computing Identity Management.
SETLabs Briefings VOL7.
http://www.infosys.com/
infosyslabs/publications /setlabs-
briefings/Documents/cl oud-computing- identitymanagement.pdf [15] The Free Library,
(), Swipe Card.
http://www.thefreedicti onary.com/swi pe+card [16]Seth Thigpen, (), Authentication Methods Used for Banking.
http://www.infosecwrite rs.com/text_resources/p df/Authentication_Meth ods_For_Banking.pdf [17]Rania
Abdelhameed, Sabira Khatun, Borhanuddin Mohd Ali and Abdul Rahman Ramli. (2005), Application of Cell-
phonein Laptop
Security, Journal of Applied Sciences 5 (2):
215-219, 2005, ISSN 1812-5654.
[18] Anthony J.
Nicholson, Mark D.
Corner, and Brian D. Noble, (2006), Mobile Device Security Using Transient Authentication, IEEE TRANSACTIONS ON MOBILE
COMPUTING, VOL. 5, NO. 11.
