Security Infrastructure for Trusted Offloading in Mobile Cloud Computing

1

Security Infrastructure for Trusted

Offloading in Mobile Cloud Computing

Professor Kai Hwang

University of Southern California

Presentation at Huawei Forum, Santa Clara, Nov. 8, 2014
Mobile Cloud Security and Big Data Privacy Issues and

their plausible Solutions

Convergence of Five Emerging Technologies: Big Data Science, Cloud Computing, Social Networks, Mobile Systems, and the IoT.

Cloud-based Radio Access Networks (C-RAN) for building the 5G Mobile Core Networks.

New Solutions from Academia and Industry: WiFi cloudlets, mobile clouds, Data Coloring, PowerTrust Reputation System, Network Worm Containment, Hybrid IDS, Spam Filtering, and Security Analytics.

Privacy and Security Enforcement

2 Infrastructure security Secure Computations in Distributed Programming Frameworks Security Best Practices for Nonrelational Data Stores Data Privacy Privacy Preserving Data Mining and Analytics Cryptographically Enforced Data Centric Security Granular Access Control Data Management Secure Data Storage and Transaction Logs Granular Audits Data Provenance Integrity/ Reactive Security End-point validation and filtering Real time Security Monitoring

Source: K. Hwang, G. Fox, and J. Dongarra,

Distributed and Cloud Computing : from Parallel Processing to The Internet of Things, Morgan Kaufmann, Oct. 2011

Prof. Kai Hwang, USC



Protecting datacenters must first secure cloud resources Protecting datacenters must first secure cloud resources Protecting datacenters must first secure cloud resources Protecting datacenters must first secure cloud resources and uphold user privacy and data integrity.

and uphold user privacy and data integrity. and uphold user privacy and data integrity. and uphold user privacy and data integrity.



We suggested the use of a trust overlay network to build reputation We suggested the use of a trust overlay network to build reputation We suggested the use of a trust overlay network to build reputation We suggested the use of a trust overlay network to build reputation systems for trusted cloud computing

systems for trusted cloud computing systems for trusted cloud computing systems for trusted cloud computing



A watermarking technique is suggested to protect shared data A watermarking technique is suggested to protect shared data A watermarking technique is suggested to protect shared data A watermarking technique is suggested to protect shared data objects and massively distributed software modules.

objects and massively distributed software modules. objects and massively distributed software modules. objects and massively distributed software modules.



These techniques safeguard user authentication and tighten the data These techniques safeguard user authentication and tighten the data These techniques safeguard user authentication and tighten the data These techniques safeguard user authentication and tighten the data access

accessaccess

access----control in public clouds. control in public clouds. control in public clouds. control in public clouds.



The new approach could be more costThe new approach could be more cost----effective than using the The new approach could be more costThe new approach could be more cost effective than using the effective than using the effective than using the traditional encryption and firewalls

traditional encryption and firewalls traditional encryption and firewalls traditional encryption and firewalls

Security and Trust Barriers

Security and Trust Barriers

Security and Trust Barriers

Security and Trust Barriers

Prof. Kai Hwang, USC, Huawei Forum, Nov.8, 2014 _{9 - 4}

Cloudlets-

A trusted portal for Mobile Devices with

cognitive abilities and pervasive capacity to access distance

cloud to catch special events, check security alerts, and

make intelligent decision making, etc.

Source: Satyanarayana, et al, “The Case of VM-based Cloudlets in Mobile Computing”, IEEE Pervasive Computing, April 2009

Prof. Kai Hwang, USC, Huawei Forum, Nov.8, 2014 _{9 - 5}

Fast VM synthesis

makes it possible to build VM overlay in

transient cloudlets, that is customized to bind cloud resources in distance to satisfy the user need.

Trust and security

issues are major factors in Cloudlet deployment.

Basic Concept

of Extending the

Cloudlets into

A Mobile Mesh

Mobile Cloud Offloading Environment

Source: Y. Shi, S. Abhilash and K. Hwang, “Cloudlet Mesh for Securing Mobile Clouds: Security Infrastructure and Protocols”, IEEE Int’l Conf. Mobile Cloud

Computing, March 2015 (submitted in Nov. 2014)

Remote Cloud Remote Cloud Cloudlet Cloudlet Cloudlet

The Internet

Cloudlet Mesh

Mobile Devices



Two approaches

for Cloudlet:



VM migration

(~8GB)



Dynamic VM

synthesis

(100 ~ 200MB)



Performance is

determined

by local

recourses:



Bandwidth



Compute power

8

For 100 Mbps links:



VM overlay is 100~200MB



Synthesizing a VM takes around 60 ~ 90s Other New Wireless Technologies



802.11n: 300~600Mbps



UWB: 100~480 Mbps



60-GHz radio: 1~5 Gbps 9

Some Design Considerations

by Satyanarayana, et al, (2009):

Prof. Kai Hwang, USC, Huawei Forum, Nov.8, 2014 _{9 - 10}

Mobility Support and Security Measures

for Mobile Cloud Computing

Prof. Kai Hwang, USC, Huawei Forum, Nov.8, 2014 _{9 - 11}

Prof. Kai Hwang, USC, Huawei Forum, Nov.8, 2014 _{9 - 12}

Security Protocols Developed at USC

for Mobile Cloud Computing

Prof. Kai Hwang, USC, Huawei Forum, Nov.8, 2014 _{9 - 13}

Collective Intrusion Detection Results

by Multiple Cloudlets in the Mesh

Prof. Kai Hwang, USC

Cloud Service Models and

Their Security Demands

Source: K. Hwang and D. Li, “ Trusted Cloud Computing with Secure Resources and Data Coloring”, IEEE Internet Computing, Vol.14, Sept. 2010.

An DHT-based Trust Overlay Network for Developing Reputation Systems to Secure Cloud Resources over Datacenters

(2) Y. Chen, K. Hwang, and W. S. Ku, “Collaborative Detection of DDoS Attacks over

Multiple Network Domains”, IEEE Trans. on Parallel and Distributed Systems , Dec. 2007. Sources: (1). M. Cai, K. Hwang, Y. K. Kwok, S. Song, and Y. Chen, “Collaborative Internet Worm Containment”, IEEE Security and Privacy, May/June 2005, pp.25-33.

Cloud and Data Security

and

Copyright Protection

Source: S. Song, K. Hwang, R Zhou, and Y.K. Kwok, “Trusted P2P Transactions with Fuzzy Reputation Aggregation”, IEEE Internet Computing, Special Issue on Security

Data Coloring for Privacy

Protection on The Cloud

Source: K. Hwang and D. Li, “ Trusted Cloud Computing with Secure Resources and Data Coloring”, IEEE Internet Computing, Vol.14, Sept. 2010.

Data Color Matching for owner/user authentication

and authorization purposes in a cloud environment

19

HIDS for Automated Intrusion Response

generation

Source: K. Hwang, M. Cai, Y. Chen, and M. Qin, “Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes”, IEEE Trans.

CSA Top 10 Data

Security and

Privacy Challenges

2 1 1. Secure computations

2. Secure non-relational datastores

3. Secure data storage and logs

4. End-point input

validation/filtering

5. Real time security monitoring

6. Privacy- preserving data mining

and analytics

7. Cryptographic access control

8. Granular access control

9. Granular audits

Prof. Kai Hwang, USC, May 28, 2014

2 2



The BYOD has already posed an increased risk to many business

organizations. With BYOC, employees are installing public cloud services such as Dropbox and iCloud on their corporate desktops and mobile devices.



BYOC introduces additional security threats to the organizations by blurring the boundaries between personal data and business confidential data. This makes the organizations to deman more control on their security policy for access and distribution of corporate information.

BYOD

(Bring your Own Device) vs.

BYOC

(Bring Your Own Cloud)

Building

Accountability Systems To Establish

SLA

Compliance Between Users and Providers

Prof. Kai Hwang, USC, Huawei Forum, Nov.8, 2014 _{9 - 24}

From 3G and 4G to 5 G

Mobile Core Networks

Virtual Base Station Pool and

C-RAN Bear Network (3)

Prof. Kai Hwang, USC, 2014

Prof. Kai Hwang, USC, 2014

MapReduce Filtering of Twitter

Spams on The AWS EC2 Platform

Prof. Kai Hwang, USC, Huawei Forum, Nov.8, 2014 _{9 - 28}

MapReduce Filtering Results of Spam Detection

in Twitter Blogs over The Amazon EC2 Cloud

Source: Y. Shi, S. Abhilash and K. Hwang, “Cloudlet Mesh for Securing Mobile Clouds: Security Architecture and Protocols”, IEEE Int’l Conf. Mobile Cloud Computing, March 2015

Prof. Kai Hwang, USC, Huawei Forum, Nov.8, 2014 _{9 - 29}

Architecture of The Internet of Things

Merchandise Tracking Environment Protection Intelligent Search Tele-medicine Intelligent Traffic Cloud Computing Platform Smart Home Mobile Telecom Network The Internet Information Network RFID RFID Label Sensor Network Sensor Nodes GPS Road Mapper Sensing Layer Network Layer Application Layer

Source: K. Hwang, G. Fox, and J. Dongarra, Distributed and Cloud Computing : from

Prof. Kai Hwang, USC, Huawei Forum, Nov.8, 2014 _{9 - 30}

Cloud Support of the Internet of Things

and Social Network Applications

1. Smart and pervasive cloud applications for individuals, homes, communities, companies, and governments, etc.

2. Coordinated calendar, itinerary, job management, events, and consumer record management (CRM) services

3. Coordinated word processing, on-line presentations, web-based desktops, sharing on-line documents, datasets, photos, video, and databases, content distribution, etc.

4. Deploy conventional cluster, grid, P2P, social networking

applications in the cloud environments, more cost-effectively.

5. Earthbound applications that demand elasticity and parallelism to avoid large data movement and reduce the storage costs

Prof. Kai Hwang, USC, Nov. 8, 2014 3 1

Big Data

Security

in Clouds

Concluding Remarks :



Mobile cloud security and big data privacy are facing a trust

dilemma by the general public. Without security assurance,

most users will be reluctant to accept clouds, P2P, social

networks, and IoT apps in the future.



Due to the economies of scale, the cloud providers must have

dedicated teams of security professionals or specialists.

Cloud datacenters must have stronger protection in par of the

military standards.



SMACT technologies (Social, Mobile, Analytics, Clouds, and

IoT) are changing our world, reshaping the human relations,

promoting the global economy, and triggering even some

societal and political reforms in different regions of the world

like it or not.