A Reconfigurable Context-Aware Security Framework For Mobile Cloud Computing
Cloud computing has become an important solution to today's data processing problems due to its significant advantages in terms of storage, scalability, and cost. Inclusion of mobile devices in a cloud computing environment is an emerging paradigm and is referred to as mobile cloud computing. This paradigm enables mobile devices, such as smartphones and laptops, to utilize the computation power and storage in the cloud. However, mobile cloud computing involves several modes of communications that are governed by varied security standards, which makes them susceptible to a variety of different attacks. If the communication is compromised, then data security will be at risk and the services enabled by cloud infrastructures will be disrupted. The primary objective of this thesis is to propose a novel reconfigurable context-aware security framework for mobile cloud computing, which can be deployed in a cloud of cloud environment to provide an additional layer of security. In many application areas security mechanisms are highly heterogeneous, while the cloud server is common to these applications. Therefore, we contend that the proposed framework should be deployed at the cloud premises. The context-aware framework provides varied techniques to improve the quality of service and security of mobile cloud computing using three significant modules. The cognitive module serves as an access control layer to perform clustering-based learning and traffic filtration. The adaptive module operates as a software application. It is responsible for initiating virtual machines, offering cloud services, and self-healing of potentially compromised clouds. The authentication module performs light-weight mutual authentication using locations, timestamp, and message digests. We have used a novel clustering algorithm KD (K-Means and Density-based spatial clustering of applications with noise) to train the cognitive module with data sets consisting of current and previous inter-packet delays. Distance-based identification of anomalous traffic is performed to ensure effective filtration. The adaptive module is designed with a probabilistic model and validated using the PRISM model checker. Three proposed message digest based authentication schemes are evaluated using the protocol analyzer, Scyther. Our experimental results indicate that the proposed framework can withstand various attacks.