security infrastructure for trusted offloading in...

1

Security Infrastructure for Trusted Offloading in Mobile Cloud Computing

Professor Kai HwangUniversity of Southern California

Presentation at Huawei Forum, Santa Clara, Nov. 8, 2014

� Mobile Cloud Security and Big Data Privacy Issues and

their plausible Solutions

� Convergence of Five Emerging Technologies: Big Data Science,

Cloud Computing, Social Networks, Mobile Systems, and the IoT.

� Cloud-based Radio Access Networks (C-RAN) for building the

5G Mobile Core Networks.

� New Solutions from Academia and Industry: WiFi cloudlets, mobile

clouds, Data Coloring, PowerTrust Reputation System, Network Worm

Containment, Hybrid IDS, Spam Filtering, and Security Analytics.

Point of Contact: [email protected]

Privacy and Security Enforcement

2

Infrastructure security

Secure Computations in

Distributed Programming Frameworks

Security Best Practices for

NonrelationalData Stores

Data Privacy

Privacy Preserving Data

Mining and Analytics

Cryptographically Enforced Data

Centric Security

Granular Access Control

Data Management

Secure Data Storage and

Transaction Logs

Granular Audits

Data Provenance

Integrity/ Reactive Security

End-point validation

and filtering

Real time Security

Monitoring

Source: K. Hwang, G. Fox, and J. Dongarra,Distributed and Cloud Computing : from Parallel Processing

to The Internet of Things, Morgan Kaufmann, Oct. 2011

Prof. Kai Hwang, USC

� Protecting datacenters must first secure cloud resources Protecting datacenters must first secure cloud resources Protecting datacenters must first secure cloud resources Protecting datacenters must first secure cloud resources and uphold user privacy and data integrity. and uphold user privacy and data integrity. and uphold user privacy and data integrity. and uphold user privacy and data integrity.

� We suggested the use of a trust overlay network to build reputation We suggested the use of a trust overlay network to build reputation We suggested the use of a trust overlay network to build reputation We suggested the use of a trust overlay network to build reputation systems for trusted cloud computing systems for trusted cloud computing systems for trusted cloud computing systems for trusted cloud computing

� A watermarking technique is suggested to protect shared data A watermarking technique is suggested to protect shared data A watermarking technique is suggested to protect shared data A watermarking technique is suggested to protect shared data objects and massively distributed software modules. objects and massively distributed software modules. objects and massively distributed software modules. objects and massively distributed software modules.

� These techniques safeguard user authentication and tighten the data These techniques safeguard user authentication and tighten the data These techniques safeguard user authentication and tighten the data These techniques safeguard user authentication and tighten the data accessaccessaccessaccess----control in public clouds. control in public clouds. control in public clouds. control in public clouds.

� The new approach could be more costThe new approach could be more costThe new approach could be more costThe new approach could be more cost----effective than using the effective than using the effective than using the effective than using the traditional encryption and firewalls traditional encryption and firewalls traditional encryption and firewalls traditional encryption and firewalls

Security and Trust BarriersSecurity and Trust BarriersSecurity and Trust BarriersSecurity and Trust Barriersin Mobile Cloud Computing

Prof. Kai Hwang, USC, Huawei Forum, Nov.8, 2014 9 - 4

Cloudlets- A trusted portal for Mobile Devices with

cognitive abilities and pervasive capacity to access distance cloud to catch special events, check security alerts, and make intelligent decision making, etc.

Source: Satyanarayana, et al, “The Case of VM-based Cloudlets in Mobile Computing”, IEEE Pervasive Computing, April 2009


Fast VM synthesis

makes it possible to

build VM overlay in

transient cloudlets, that

is customized to bind

cloud resources in

distance to satisfy the

user need.

Trust and security

issues are major factors

in Cloudlet deployment.

Basic Concept of Extending the

Cloudlets into A Mobile Mesh

Mobile Cloud Offloading Environment

Source: Y. Shi, S. Abhilash and K. Hwang, “Cloudlet Mesh for Securing Mobile Clouds: Security Infrastructure and Protocols”, IEEE Int’l Conf. Mobile Cloud

Computing, March 2015 (submitted in Nov. 2014)

Remote Cloud

Remote Cloud

Cloudlet

Cloudlet

Cloudlet

The Internet

Cloudlet Mesh

Mobile

Devices

�Two approaches for Cloudlet:

� VM migration (~8GB)

� Dynamic VM synthesis(100 ~ 200MB)

� Performance is determined by local recourses:

� Bandwidth

� Compute power

8

For 100 Mbpslinks:

� VM overlay is 100~200MB

� Synthesizing a VM takesaround 60 ~ 90s

Other New Wireless Technologies

� 802.11n: 300~600Mbps

� UWB: 100~480 Mbps

� 60-GHz radio: 1~5 Gbps

9

Some Design Considerationsby Satyanarayana, et al, (2009):


Mobility Support and Security Measures for Mobile Cloud Computing


Security Mechanisms in Cloudlet Mesh


Security Protocols Developed at USC for Mobile Cloud Computing


Collective Intrusion Detection Results by Multiple Cloudlets in the Mesh

Prof. Kai Hwang, USC

Cloud Service Models and Their Security Demands

Source: K. Hwang and D. Li, “ Trusted Cloud Computing with Secure Resources and Data Coloring”, IEEE Internet Computing, Vol.14, Sept. 2010.

An DHT-based Trust Overlay Network for Developing Reputation Systems to Secure Cloud Resources over Datacenters

(2) Y. Chen, K. Hwang, and W. S. Ku, “Collaborative Detection of DDoS Attacks over Multiple Network Domains”, IEEE Trans. on Parallel and Distributed Systems , Dec. 2007.

Sources: (1). M. Cai, K. Hwang, Y. K. Kwok, S. Song, and Y. Chen, “Collaborative Internet Worm Containment”, IEEE Security and Privacy, May/June 2005, pp.25-33.

Cloud and Data Security and

Copyright Protection

Source: S. Song, K. Hwang, R Zhou, and Y.K. Kwok, “Trusted P2P Transactions with Fuzzy Reputation Aggregation”, IEEE Internet Computing, Special Issue on Security

for P2P and AD Hoc Networks, Vol.9, Nov/Dec. 2004.

Data Coloring for Privacy Protection on The Cloud

Source: K. Hwang and D. Li, “ Trusted Cloud Computing with Secure Resources and Data Coloring”, IEEE Internet Computing, Vol.14, Sept. 2010.

Data Color Matching for owner/user authentication and authorization purposes in a cloud environment

19

This work were cited 511 times by Google Scholar Citations as of today

HIDS for Automated Intrusion Response generation

Source: K. Hwang, M. Cai, Y. Chen, and M. Qin, “Hybrid Intrusion Detection with

Weighted Signature Generation over Anomalous Internet Episodes”, IEEE Trans.

on Dependable and Secure Computing, Vol.4, No.1, Jan-March, 2007.

CSA Top 10 Data Security and Privacy Challenges

21

1. Secure computations

2. Secure non-relational datastores

3. Secure data storage and logs

4. End-point input validation/filtering

5. Real time security monitoring

6. Privacy- preserving data mining and analytics

7. Cryptographic access control

8. Granular access control

9. Granular audits

10. Data provenance

Prof. Kai Hwang, USC, May 28, 2014

2

2

� The BYOD has already posed an increased risk to many business

organizations. With BYOC, employees are installing public cloud

services such as Dropbox and iCloud on their corporate desktops

and mobile devices.

� BYOC introduces additional security threats to the organizations

by blurring the boundaries between personal data and business

confidential data. This makes the organizations to deman more

control on their security policy for access and distribution of

corporate information.

BYOD (Bring your Own Device) vs.

BYOC (Bring Your Own Cloud)

BYOC Demands More Security Enforcement

Building Accountability Systems To Establish SLA

Compliance Between Users and Providers

23


From 3G and 4G to 5 G Mobile Core Networks

Virtual Base Station Pool and C-RAN Bear Network (3)

Prof. Kai Hwang, USC, 2014

Trusted Cloud Mashup for Big Data Apps

Prof. Kai Hwang, USC, 2014

MapReduce Filtering of Twitter Spams on The AWS EC2 Platform


MapReduce Filtering Results of Spam Detectionin Twitter Blogs over The Amazon EC2 Cloud

Source: Y. Shi, S. Abhilash and K. Hwang, “Cloudlet Mesh for Securing Mobile Clouds: Security

Architecture and Protocols”, IEEE Int’l Conf. Mobile Cloud Computing, March 2015


Architecture of The Internet of Things

Merchandise Tracking

Environment Protection

Intelligent Search

Tele-medicine

Intelligent Traffic

Cloud Computing Platform

Smart Home

Mobile Telecom Network

The Internet

InformationNetwork

RFID

RFID Label

Sensor Network

Sensor Nodes

GPS

Road Mapper

Sensing Layer

Network Layer

Application Layer

Source: K. Hwang, G. Fox, and J. Dongarra, Distributed and Cloud Computing : from

Parallel Processing to The Internet of Things, Morgan Kaufmann Publisher, Oct. 2011


Cloud Support of the Internet of Things

and Social Network Applications

1. Smart and pervasive cloud applications for individuals, homes,

communities, companies, and governments, etc.

2. Coordinated calendar, itinerary, job management, events, and

consumer record management (CRM) services

3. Coordinated word processing, on-line presentations, web-based

desktops, sharing on-line documents, datasets, photos, video, and

databases, content distribution, etc.

4. Deploy conventional cluster, grid, P2P, social networking

applications in the cloud environments, more cost-effectively.

5. Earthbound applications that demand elasticity and parallelism to

avoid large data movement and reduce the storage costs

Prof. Kai Hwang, USC, Nov. 8, 2014

3

1

Big Data

Security

in Clouds

Concluding Remarks :

� Mobile cloud security and big data privacy are facing a trust

dilemma by the general public. Without security assurance,

most users will be reluctant to accept clouds, P2P, social

networks, and IoT apps in the future.

� Due to the economies of scale, the cloud providers must have

dedicated teams of security professionals or specialists.

Cloud datacenters must have stronger protection in par of the

military standards.

� SMACT technologies (Social, Mobile, Analytics, Clouds, and

IoT) are changing our world, reshaping the human relations,

promoting the global economy, and triggering even some

societal and political reforms in different regions of the world

like it or not.

Contact: [email protected]

security infrastructure for trusted offloading in...

Documents