Professional Documents
Culture Documents
Impact of Human Capital Development on the Managerial Workforce of SMEs in Sabah, Malaysia ...... 1
Noraini Abdullah and Nurul Fatihah Rosli
An Efficient Authentication Protocol for Mobile Cloud Environments using ECC ................................. 29
Mohammad Rasoul Momeni
International Journal of Computer Science and Business Informatics
IJCSBI.ORG
ABSTRACT
Globalisation and entrepreneurship expansion have led to the emergence of Small and
Medium Enterprises (SMEs) in economic development. These would contribute to a
countrys national income, poverty reduction, and thus increase the standard of living in
underdeveloped, rural and urban areas. However, restrictions on SMEs performances,
capital flows and entrepreneurship activities have not been studied extensively. The goal of
this study is thus to investigate the factors affecting the performances of these SMEs.
Factors under study were Entrepreneurship Orientation (EO), Human Resource
Management (HRM), Marketing Orientation (MO), and Information and Communication
Technology (ICT). Data were collected from 200 questionnaires distributed to the SMEs
services sector in Kota Kinabalu, in Sabah, Malaysia where only 129 were usable; hence, a
successful response rate of 64.5%. Structural equation modelling (SEM) using partial least
squares (PLS) method is conceptualized and executed. The data were analyzed and
interpreted using the Statistical Package for Social Science (SPSS) version 20.0 and
SmartPLS 3.0. The results found that male entrepreneurs constituted 61.2% with a low
women participation of 38.8% in the SMEs managerial workforce. Potential human capital
development can be focused based on age and education. Human resources management
(HRM) had highly contributed to the SMEs performances with 0.928 (composite reliability)
and 0.773 (path coefficient), and then followed by MO and EO. ICT was found to have a
significant impact, but its hypothesis was not supported. This study thus suggested that
entrepreneurial investment in ICT could further help the SMEs owners or managers
managed their businesses effectively and efficiently.
Keywords
Small and Medium Enterprises (SMEs), Partial Least Squares (PLS), Structural Equation
Modelling (SEM), human capital development, managerial workforce.
IJCSBI.ORG
1. INTRODUCTION
One of the most important role in generating national income is through
Small and Medium Enterprises (SMEs). Despite the competitive business
environment, the performances of Malaysian SMEs remained encouraging.
[1] recorded that SMEs had contributed 6.3% to the GDP growth compared
to 2012 with only 6%. Besides, SMEs had largely contributed by the
services sector, and further supported by the construction sector. It was also
recorded in 2013 that there was a growth of 6.8% value-added of SMEs in
the services sector compared with only 5.9%. in 2012. Thus, this strong
performance was driven by the overall services sector as well as related
services sub-sectors namely, telecommunications, private education, health
care, finance, insurance, professional and business services. In todays
competitive business environment the economy is constantly evolving,
therefore it is necessary to develop the human capital in order to face these
challenges. The shortage of skilled workers in SMEs and the characteristics
of SMEs owners-managers might restrict them to expand their businesses.
A survey which had been conducted by SME Corporation showed
that generally the respondents did not much emphasis on human capital
development [2]. There were various human capital development
programmes that had been implemented, such as the followings:
National Dual Training System (NDTS)
SME Training Needs Analysis
HR Capabilities Building Programme for SMEs
Entrepreneurship Development for Orang Asli Community
Inkubator Keusahawanan Ibu Tunggal (I-KIT)
SME Human Capital Development.
2. BACKGROUND STUDY
Management practice is defined in terms of funding, marketing, operations
and human resource [3] where sales, profit, business stability, business
growth, increase in the number of employees, customers satisfaction,
increase in the value of assets and business networking were some the
IJCSBI.ORG
SMEs business performance indicators. On the other hand, other indicators
on business performances were such as Entrepreneurship Orientation (EO),
Marketing Orientation (MO), Human Resource Management (HRM) and
Information and Communication Technology (ICT).
Entrepreneurial Orientation (EO) was defined by [4] as a managerial
attitude oriented toward the strategy-making processes that would provide
organizations with a basis for entrepreneurial decisions and actions, while
[5] stated that Marketing Orientation (MO) was one of the important tools in
measuring SMEs business performances. However, on Human Resource
Management (HRM) [6] claimed that it was important to note that unlike
other resources in organization, human resources were potentially be non-
obsolete, and their skills could be transferable. A research also had been
done in Malaysia regarding HRM practices enhanced organizational
performance of SMEs by [7]. The research had found that improved SMEs
performance could be gained through HRM practices and organizational
innovative capability. [8] further had found out that organizational
effectiveness was enhanced through the technology adoption in SMEs
where the use of technology would help SMEs to compete globally.
Meanwhile, [9] found that there was a positive relationship between ICT
adoption and SMEs performance.
3. LITERATURE REVIEW
In recent studies, [3] had identified that entrepreneurial characteristics and
management practices were important attributes for the performance of
enterprises. The sample comprised of a total of 158 small enterprises under
Tunas Mekar programme that operated in Terengganu and Kelantan,
Malaysia. Of the total population, only 62 respondents responded to the
survey. From the multiple regression analysis, the findings showed that
there were several determinants on the performance of small enterprises.
However, only three variables indicated significant relationships with the
enterprises performance, viz. entrepreneur characteristics, management
practice, training and guidance. This study claimed that the relationship
between entrepreneur characteristics and small businesses indirectly
supported the Theory of Economic Development. Furthermore, the
evidences clearly indicated that management practices especially on
financial, accounting, marketing and operations were very important factors
in determining the performance. Besides,this study also found that the more
training programmes and guidance undertaken by an enterprise, the better
would be the performance.
A study which was conducted in Bangladesh by [6] discussed the
significance on Human Resources Management (HRM) of the SMEs. This
study suggested that human resources were potentially be non-obsolete and
IJCSBI.ORG
their skills were transferable across varieties of products, technologies and
markets. In addition, HRM practices focused on human element activities
for sustainability of an organization. Thus, it was recommended that more
research on managing human resource in SMEs would be conducted.
Meanwhile, [10] analyzed the strategic human resource management
practices in Iranian international sector performance. Human resources
planning, managing change, performance of employee, compensation,
health, safety, legality, labor and industrial relations were the basic criteria
which every firm had to follow. The research found that the proposed
variables namely, recruitment, performance appraisal, compensation and
training had a considerable positive association with the international sector
performance.
Most of the SMEs were found not being able to sustain in recent
competitive environment. This was due to the lack of preparedness and too
dependable on government support [7]. Hence, SMEs need to implement
appropriate strategies, especially on human resources management (HRM).
In the Malaysian context, five basic HRM practices had been selected,
namely training and development, reward system, performance appraisal, as
well as communication and information sharing. In addition, [7] had
highlighted that SMEs were able to obtain better performances by an
effective use of their organizational resources and capabilities.This was
supported by [11] where HRM practices were systematically designed
towards improving the effectiveness of SMEs performances.
The role of ICT can be seen its vitality via the social media where it
was found to be one of the alternatives which gave direct influence in
business success [12]. A case study carried out in Zimbabwe had highlighted
on the several advantages to promote any business activities through the
social media, namely:
a) Gain better understanding of customer needs
b) Increase brand awareness
c) Create relationships between customers and suppliers
d) Create business network
e) Low cost of marketing strategy
IJCSBI.ORG
and information system. Hence, this approach could reduce any action that
might lead to the loss of customers interest, and consequently, leading to
losses in profit and sales.
4. METHODOLOGY
For this study, a survey questionnaire (closed-questions) served as an
instrument for data collection. A total of 200 SMEs services sector in Kota
Kinabalu, Sabah were selected from SME Corporation of Malaysia. Out of
200 questionnaires distributed to the owners or managers, only 129
questionnaires were usable. This produced a response rate of 64.5%.
The data were then analyzed and interpreted using the Statistical
Package for Social Science (SPSS) 20.0 and SmartPLS 3.0 software
program [14]. SPSS was used to analyze the demographic profiles of the
respondents, while the partial least squares-structural equation modelling
(PLS-SEM) was used to investigate the factors affecting the performances
of the SMEs.
The dependent and independent variables of the study were adopted
and modified from previous literatures. There were seven items measured
under entrepreneur orientation (EO) which were adopted from [15].
Similarly, seven items were measured under human resource management
(HRM) from [16]. For market orientation (MO), following [17], only six
items were measured. In addition, five information technology (ICT)s
measurements were used with single item measure for SMEs performance
had been adopted from [18].
IJCSBI.ORG
Management (HRM), Marketing Orientation (MO), Information and
Communication Technology (ICT) towards the dependent variable (DV):
the SMEs Performance. The following hypotheses were obtained:
H1: Entrepreneur Orientation is positively related to SMEs performance.
H2: Market Orientation positively related to SMEs performance.
H3: Human Resource Management is positively related to SMEs
performance.
H4: Information and Communication Technology is positively related to
SMEsperformance.
IJCSBI.ORG
Table 1: Validity Guidelines for PLS-SEM Analysis [22]
IJCSBI.ORG
still a low participation by the women workforce eventhough great efforts to
increase women participation in entrepreneurship had been made. However,
recent trends had indicated that the women entrepreneurs were seemed
trying to catch up with the male entrepreneurs due to their change in
attitudes and paradigm shift. Hence, there was an increase from the more
urbanized state of Selangor [21] where the females entrepreneurs formed
only 14.4% of the managerial workforce and the males were still in
dominance at 86%. This has thus indicated a dynamic participative role of
women entrepreneurship since the SME annual report of [2] on the
economic and human capital development of small and medium enterprises
(SMEs) between Malaysias urban (Selangor) and sub-urban areas (Sabah).
Next, this study considered the age of the SMEs respondents. In
Kota Kinabalu, 34.1% of the owner-mangers were between 21-35 years and
between 36-45 years, while about 31.8% of them were above 46 years and
above. This study revealed that most of the SMEs owners in sub-urban area
were dominated by younger entrepreneurs. Besides, 14.7% of the owners
were having educational qualification of primary school, with 52.7% were
found with secondary schools qualification and 28.7% with
Diploma/Degree qualifications. Only 3.9% with other qualifications. Thus,
it can be clearly suggested that in Sabah, more initiatives and activities
should be implemented especially on the human capital development.
As mentioned earlier, there were 7 items of EO, 7 items of HRM, 6
items of MO and 5 items measured under ICT. Items with indicator loadings
of greater than 0.5 and significant levels of more than 0.05 would remain in
the model. Hence, it could be seen from Table 3 that the items which had
remained in the model were three items of EO (E3, E4, E5), four items of
HRM (H4, H5, H6, H7), three items of MO ( MO2, MO4, MO5) and two
items of ICT (ICT4 and ICT5) that had achieved satisfaction level.
A measurement model has satisfactory internal consistency
reliability when the composite reliability (CR) of each construct exceeds the
threshold value of 0.7. Table 3 showed that the CR of each construct for
these SMEs ranged from 0.860 to 0.928. This indicated that the items used
had satisfactory internal consistency reliability.
Next, the indicator reliability was measured by examining the item
loadings. A measurement model is said to have satisfactory indicator
reliability when each items loading is at least 0.7 and significant at least at
the 0.05 level. As shown in Table 3, each item loading ranged from 0.790 to
0.923 except for item E5. Convergent validity is then assessed by its
average variance extracted (AVE) value. Convergent validity is adequate
when the constructs have AVE value of at least 0.50. From Table 3, it could
be seen that all constructs had AVE ranging from 0.607 to 0.775
respectively, hence greater than 0.50.
IJCSBI.ORG
Table 3: Internal Consistency, Indicator Reliability and Consistency Reliability
Model Construct Measurement Loadings CR AVE
Items
Entrepreneurs Orientation E3 0.834
(EO) E4 0.790 0.860 0.607
E5 0.692
Human Resources H4 0.894
Management (HRM) H5 0.918 0.928 0.684
H6 0.885
H7 0.898
Marketing Orientation (MO) MO2 0.820
MO4 0.870 0.906 0.707
MO5 0.808
Information & ICT4 0.802
Communication Technology ICT5 0.923 0.911 0.775
(ICT)
IJCSBI.ORG
values, while SmartPLS bootstrapping was used to generate the t-statistics
values [15]. The bootstrapping generated 500 sub-samples from 300
maximum iterations. The R value for model was 0.986. Each path
connecting two latent variables represented a hypothesis. Based on the t-
statistics output in Table 5, the significant level of each relationship was
examined with at least 0.1, positive sign direction and consist of a path
coefficient value () ranging from 0.061 to 0.773 [25; 26]. Assessment of
the path coefficients for the model showed that all the proposed hypothesis
were supported except for H4, i.e. Information and Communication
Technology (ICT) on the performance of SMEs in Sabah. This was
expected since Sabah is still a developing state whereby there is room for
improvement in the infrastructural facilities, physical development and
internet accessability. Human Resource Management (HRM) was the most
significant on the SMEs performance with a path coefficient of 0.773.
Table 5: Path Coefficients
Path Standard
Coefficients t-
Error Statistics
Supported Hypotheses
() (STERR)
EO => SMEs
Performance
0.264 0.104 2.555 YES H1
6. CONCLUSIONS
The results obtained in this study show that human capital development
involving Human Resources Management (HRM) has the highest
significant relationship on the SMEs performance compared to the other
determinants. This is supported by [7] who also claimed that improved
SMEs performance can be gained from human resource management. For
Malaysia to transform to the new Malaysian economic model, SMEs need to
seek opportunities to upgrade themselves besides developing their
organizational capabilities. This is in line with the Malaysian economic
strategies to become a high-income, developed country by 2020 [1]. Women
entrepreneurs in Sabah are found to have played a more promising role in
managerial activities as compared to Selangor [23]. From the PLS-SEM
analyses, there are positive relationships between entrepreneur orientation,
human resource management and marketing orientation with respect to the
performance of SMEs, except for information and communication
IJCSBI.ORG
technology. ICT is identified as an entrepreneurial investment for SMEs to
gain and exploit the positive outcomes in productivity growth, organization
expansion, efficiency, effectiveness, competitiveness, etc. as confirmed by
[27]. The structural model obtained demonstrated achievable satisfactory
validity and reliability of the performance indicators. This study thus
concludes that the SMEs owners or managers are able to manage their
businesses effectively and efficiently. However, there are several limitations
encountered in the study. Firstly, the study is merely carried out on the
service sectors only. Hence, more studies should be devoted on different
sectors of the SMEs in Malaysia. Secondly, this study had used four specific
independent variables only. Further research can thus be suggested to be
carried out on more independent variables and/or with the inclusion of
moderating variables. Finally, biasedness in answering the distributed
questionnaires may occur due to the respondentsdifferent background and
managerial experience.
7. ACKNOWLEDGMENTS
This research would not have been possible without the funding provided by
Universiti Malaysia Sabah under the grant number SBK0159-SS-2014 which the
authors would greatly like to thank for.
REFERENCES
[1] SME Annual Report. 2013/2014. Small and Medium Enterprise (SME) Annual Report
2014. [Retrieved from http://www.smecorp.gov.my/vn2/.
[2] SME Annual Report. 2012/2013. Small and Medium Enterprise (SME) Annual Report
2014. [Retrieved from http://www.smecorp.gov.my/vn2/
[3] Yaacob, Najihah M., Mahmood, R., Mat Zin, S., & Puteh, M. An Investigation of the
Small Business Start-Ups Performance. Journal of Basic and Applied Scientific
Research, 4(3s), pp.10-17. (2014).
[4] Jawad, H., Kamariah, I. & C. Shoaib, A. Linking Entrepreneurial Orientation with
Organizational Performance of Small and Medium Sized Enterprises: A Conceptual
Approach. Asian Social Science, 11(7), pp.1-10. (2015).
[5] Aliyu, M. S. & Rosli, M. Market Orientation and Organizational cultures impacton
SME Performance: A SEM approach. International Affairs and Global
Strategy,24,pp.1-10. (2014).
[6] Mohammad, A. A. & Ezaz, A. Managing Human Resources in Small and Medium
Enterprises (SMEs) in Developing Countries: A Research Agenda for Bangladesh
SMEs. International Proceedings of Economics Development and Research (IPEDR),
55, 2012, pp.215-219.
[7] Nazlina, K. Enhancing Organizational Performance of Malaysian SMEs Through
Human Resource Management (HRM) Practices and Organizational Innovative
Capability: A Proposed Framework. Proceedings of the 3rd International Conference
on Management, 10th - 11th June, 2013, Penang, Malaysia.
IJCSBI.ORG
[8] Abdullah, N.H., Wahab, E., & Shamsudin, A. Exploring the Common Technology
Adoption Enablers among Malaysian SMEs: Qualitative Findings. Journal of
Management and Sustainability, 3(4), pp.78-91. (2013)
[9] Bayo-Moriones, A., Billon, M., & Lera-Lopez, F. Perceived performance effects of
ICT in manufacturing SMEs. Industrial Management& Data Systems, 113(1), 117
135. (2013).
[10] Shila, S., & Choi, S. L. An Examination of Strategic Human Resource Management
Practices in Iranian International Sector Performance. Journal of Applied Sciences,
Engineering and Technology, 8 (23), pp.2363-2368. (2014).
[11] Agarwala, T. Innovative human resource practices and organizational commitment: an
empirical investigation. International Journal of Human Resource Management, 14(2),
pp.175-197. (2003).
[12] Samuel, M., Gwendolyn, Z. T., Muyaradzi, Z. & Caroline, R. Harnessing Social
Media for Business Success. Case Study of Zimbabwe. International Journal of
Computer Science and Business Information, 11 (1), pp.80 - 89. (2014).
[13] Amina, E. K. & A. Namir. An Approach for Customer Satisfaction, Evaluation and
Validation. International Journal of Computer Science and Business Information, 14
(1), pp.79 - 92. (2014).
[14] Ringle, C., Wende, S., & Will, A. SmartPLS 2.0.M3. [Retrieved from
http://www.smartpls.de. (2004).
[15] Rosli, M. & Norshafizah, H. Entrepreneurial Orientation and Business Performance of
Women-Owned Small and Medium Enterprises in Malaysia: Competitive Advantage
as a Mediator. International Journal of Business and Social Science, 4(1), pp.82-90.
(2013).
[16] Ahmad, S. & Schroeder, R. G. The Impact of Human Resource Management Practices
on Operational Performance; Recognizing Country and Industry Differences. Journal
of Operations Management, 21, pp.19-43. (2003).
[17] Tomaska, I. E. The Current Methods of Measurement of Market Orientation.
European Research Studies, 12 (3), pp.135-150. (2009).
[18] Chinomona, R. The Fostering Role of Information Technology on SMEss Strategic
Purchasing, Logistics Intergration and Business Performance. Southern African
Business Review, 17 (1), pp. 76-97. (2013).
[19] Moorthy, M., Annie T., Caroline C., Chang S. W., Jonathan T. Y. P. & Tan K. L.A
Study on Factors Affecting the Performance of SMEs in Malaysia. International
Journal of Academic Research in Business and Social Sciences, 2(4), pp.224-239.
(2012)
[20] Lei, P-W. & Wu, Q. Introduction to Structural Equation Modeling: Issues and
Practical Considerations. Instructional Topics in Educational Measurement, 33-43.
(2007).
[21] Henseler, J., Ringle, C.M., & Sinkovics, R. The use of Partial Least Squares path
modeling in International Marketing. International Marketing, 20, pp. 277-319. (2009).
[22] Kamarul, F. H. PhD. Thesis. Understanding the determinants of continuous knowledge
sharing intention within business online communities, Auckland University of
Technology.(2012).
[23] Noraini Abdullah & Nurul Fatihah Rosli. Gender Managerial Workforce and Partial
Least Squares On Small and Medium Enterprises (SMEs) in Selangor, Malaysia.
International Journal of Business & Management, 3(3), pp. 185-192. (March 2015).
IJCSBI.ORG
[24] Fornell, C. & Larcker, D.F. Evaluating structural equation models with unobservable
and measurement error. Journal of Marketing Research, 34(2), pp. 161-188. (1981).
[25] Hair, J.F., Ringle, C.M. & Sarstedt, M. PLS-SEM: Indeed a silver bullet. Journal of
Marketing Theory and Practice, 19(2), pp.139-151. (2011).
[26] Wetzels, M., Odekerken-Schroder, G. & van Oppen, C. Using PLS path modeling for
assessing hiererchical construct models: Guidelines and empirical illustration. MIS
Quarterly, 33(1), pp.177-195. (2009).
[27] Tarute, A. & Gatautis, R. ICT Impact on SMEs Performance. Procedia-Social and
Behavioural Sciences, 110, pp. 1218-1225. (2014).
IJCSBI.ORG
ABSTRACT
Despite explosive growth of mobile computing and its popularity, full exploiting from it, is
difficult due to lack of sufficient processing power, storage, also problems such as mobility,
frequent disconnections and so on. With exploiting cloud computing along mobile
computing a new technology appears called mobile cloud computing. It can overcome these
obstacles by executing mobile applications on the cloud instead of mobile devices. Mobile
cloud is a new and applicable technology that covers many fields such as: healthcare,
vehicular, gaming, commerce and so on. The ABI Research believes that the number of
mobile cloud computing users is expected to grow from 43 million (1.1% of total mobile
users) in 2008 to 998 million (19% of total mobile users) in 2015. This paper presents a
comprehensive survey of mobile cloud computing and explains its advantages, challenges
and approaches. Also the future research directions are given.
Key words:
Mobile cloud computing, mobile applications, mobile computing, mobility.
1. INTRODUCTION
By increasing usage of mobile computing, mobile devices play an important
role in human life as most effective communication tools are ready in every
place and time. Mobile users utilize various services from mobile
applications such as Google apps which run on mobile devices locally or are
offloaded to remote servers for remote execution.
Mobile devices are facing many problems about their resources (e.g. battery
life, storage and bandwidth) and communications (e.g. mobility and
security) [1], Hence QoS is not satisfying. Mobile devices cannot run
resource-intensive applications due to lack of sufficient processing power
and storage, hence mobile users prefer to utilize more powerful devices like
PCs and laptops about resource scarcity problems.
To overcome these obstacles we can support mobile computing by cloud
computing. Cloud computing can be defined as the aggregation of
IJCSBI.ORG
computing as a utility and software as a service [2], also called pay-as-you-
go-computing. Cloud service providers offer Infrastructure as a Service
(IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS).
Offloading heavy computing can help mobile devices to save energy and
mobile users to faster and more efficient execution. There are some
resource-intensive applications that mobile devices never can run but with
help of cloud computing, running them is easily, because cloud service
providers have many powerful resources. As a result, with supporting of
cloud computing for mobile users, mobile cloud- computing is introduced as
combination of cloud computing by mobile computing and network
technology, hence resource-intensive applications can be executed on
resource-constraint mobile devices.
The reminder of this paper is as follows: Section 2 provides a brief overview
of cloud computing including definitions, architecture and advantages.
Section 3 describes mobile cloud computing, including its definitions,
architecture, and motivation for developing, advantages, challenges and
future research directions. Finally section 4 is conclusions.
IJCSBI.ORG
Three delivery models are IaaS, PaaS and SaaS.
Infrastructure as a Service (IaaS): IaaS enables provision of key
components such as hardware, storage and network devices.
Amazon EC2 (Elastic cloud computing) and S3 (Simple storage
service) are examples of IaaS.
Platform as a Service (PaaS): It is the framework for building,
testing and deploying applications. Examples of PaaS are Google
App Engine and Microsoft Azure.
Software as a Service (SaaS): It enables subscribers to use
applications on pay-as- you-go basis. Examples of SaaS are
Salesforce and Microsoft Live Mesh.
2.1 Advantages of Cloud computing
Cloud computing moves us from a traditional technology to a dynamic and
flexible one. Cloud computing refers to both the applications delivered as
services over the Internet and the hardware and systems software in the
datacenters that provide those services [5].
In following some advantages of cloud computing discussed [6].
On-demand services: service providers can configure services per
subscriber requirements and they can access and use prepared
services on-demand.
Low cost: there is no need to prepare infrastructure, hardware and
software. In fact, subscribers connect to the cloud and use from the
infrastructure supplied by the service provider.
Robustness and flexibility: we need robustness and flexibility for
fast fault recovery and to adapt to non-deterministic nature of user
behavior and service access pattern.
IJCSBI.ORG
IJCSBI.ORG
IJCSBI.ORG
Some components of mobile applications are migrated from mobile devices
to resource rich computing device(s), hence mobile devices can save energy.
Remote execution (offloading or cyber foraging) is a popular option and
there are many researches in this field. The efficiency of this approach is
highly depends on partitioning concept.
- Remote storage:
In this approach applications and dada are kept outside the mobile devices
and storage space improves significantly. By using cloud resources such as
Jupiter [18] and SmartBox [19] instead of traditional resources, we have
more efficiency.
- Multi-tier programming:
In this approach, we develop applications which need to less native
resources. Heavy components of applications migrate from device and
lightweight components remain inside the device.
- Live cloud-streaming:
In this approach [20] execution process entirely occur in the cloud and then
results are transmitting to the mobile devices. There are some problems like
latency, bandwidth and network traffic congestion.
- Resource-aware computing:
In these approaches [21]-[23], researchers utilize application-level resource
management methods (with using software such as compiler and OS) thus
requirements of mobile applications are reduced. Resource conservation is
performed well via efficient selection of available execution approaches
[24].
- Fidelity adaptation:
When remote resources and online connectivity are not available, this
approach is an option to perform. Main idea is to decrease quality of
application execution that lead to resource conservation. For better
performance, researchers [25], [26] combined cyber foraging by fidelity
adaptation.
Cloud computing enables virtualization technology that facilitates access to
cloud services for users. Virtualization is needed for improving scalability
and resource utilization ratio. It enables the illusion of infinite resources to
the cloud subscribers [27].
3.4 Advantages
Before discussing advantages of mobile cloud computing in this section, in
order to better understanding mobile cloud computing concept, we examine
the definitions of mobile computing, cloud computing and network
IJCSBI.ORG
technology. Because mobile cloud computing consists of these three main
concepts.
- Mobile computing:
Information at fingertips anywhere, anytime [28]. Or The mobile
computing no longer requires users to maintain a fix and universally known
position in the network and enables almost unrestricted mobility [29].
- Cloud computing:
NIST defines Cloud computing as a model for enabling ubiquitous,
convenient on demand network access to a shared computing resources that
can be rapidly delivered with minimal managerial effort [3].
- Network technology:
Majority of communications occur in wireless environments.
Advantages of mobile cloud computing are:
- Improving processing power:
Resource-intensive mobile applications offload to cloud for execution,
because cloud resources (specially its processors) are powerful. Thus mobile
devices can virtually perform and actually deliver the results of heavy
transactions that usually cannot perform [16].
- Expanded storage capacity:
Mobile applications are constrained by storage capacity on mobile devices.
Due to handiness, size and price issues, Mobile devices cannot have large
storage capacity. A common solution is to use infinite storage capacity of
cloud resources. Amazon S3 prepares file storage service [30]. Another
example is Image Exchange which utilizes large storage capacity for mobile
users [31]. Also Flicker is the mobile photo sharing applications based on
mobile cloud computing [32].
- Improving battery lifetime:
Long time application execution and giant processing entities lead to large
amount of power consumption. A solution is to utilize offloading methods
and remote application execution that significantly extend battery lifetime.
In the other words, offloading heavy and energy-intensive applications to
the cloud for execution can save energy. For example researchers believe
offloading a compiler optimization for Image processing can reduce 41% for
energy consumption in a mobile device [33].
- Improving reliability:
Due to resource scarcity in the mobile devices, providing complex
encryption provisions and sufficient security services is not feasible. By
storing data in the cloud storage [34], [35] mobile users ensure data
protection and availability. Also cloud can provide security services such as
IJCSBI.ORG
authentication, virus scanning and malicious code detection for mobile users
[36]. To deal with data lost on mobile devices, offloading data to the cloud
is efficient because cloud can backup data on a group of computers.
- Easy content and resource sharing:
By storing data and applications in the cloud, mobile users can access to
contents every time, in the other words cloud service providers facilitate
content and resource sharing among authorized users.
3.5 Challenges in mobile cloud computing
- Service availability:
Service availability is a big concern in mobile cloud computing, because
majority of communications occur in wireless environments and wireless
communications are not confident. Mobile users are faced with problems
such as network traffic, network congestion and out-of-signal.
- Heterogeneity:
As mentioned in [10]. Heterogeneity in the mobile cloud computing refers
to existence of differentiated hardware, architectures, infrastructure and
technologies of mobile devices, clouds and wireless networks.
Intelligent Radio Network Access (IRNA [37]) is a model to deal with
dynamics and heterogeneity of networks. In order to utilize IRNA in the
mobile cloud computing, in [38] authors propose a context management
architecture for acquire, management
And distribution a context Information.
- Offloading:
As mentioned in previous section, computing offloading and then remote
execution is one way to improve battery lifetime. Note that offloading is not
always the optimal solution to save energy, because it might consume more
energy than local execution especially when the size of content is small.
Methods of offloading are classified into three main directions: client-server
communication methods, virtualization and mobile agents [27]. The
decision of when to offload and which partitions of application need to be
offloaded are important issues that need to be considered.
- Security and privacy:
Security and privacy issues are too complex in mobile cloud computing due
to inherent challenges of wireless communications such as insecure nature
and problems related to heterogeneity. Due to energy constraints in mobile
devices, mobile users need to lightweight security algorithms. Security
issues are classified into mobile application security framework and data
security framework.
- Mobile application security framework:
IJCSBI.ORG
Mobile devices are resource-constraint devices and cannot running heavy
security software such as: anti-virus, intrusion detection and firewall, thus
applications can be offloaded to the cloud for a detailed security assessment.
For example [38] presents a method to offload the threat detection
capabilities to the cloud instead of executing in the mobile device, that lead
to save energy significantly. Evaluation parameters for application security
frameworks are: application type, security features, assumption and
scalability [39]. Also in [57] authors proposed a security framework for
analyzing the security of mobile application and detecting mobile malwares.
The cloud based security approach provides strong security for mobile
devices.
- Data security framework:
Data security is very important because mobile users dont have direct
control on stored data on the cloud. Two important aspects of data security
are:
- Data integrity:
Data integrity is a big issue for mobile users. Several solutions proposed in
this area are such as [40], [41], and [43]. [42] Considers energy
consumption unlike the two methods. Proposed scheme in [42] includes
three main components: mobile client, cloud storage service and trusted
third party and has three phases namely initialization, update and
verification. Researchers used Message Authentication Code (MAC) in this
method. Significant improvement in this method is this idea that checking
and verification are performed on trusted third party and Mobile users only
comparison the results. This improvement lead to save energy and
bandwidth significantly.
- Authentication:
Authentication is an important initial step to guarantee the security of user
data and files stored on cloud. In [43] authors proposed an authentication
mechanism to authenticate the owner of the uploaded file on cloud and also
integrity of mobile users data stored on cloud. The proposed scheme
includes four components namely mobile device, cloud service provider,
certification authority and telecommunication module depicted in Figure 3.
IJCSBI.ORG
IJCSBI.ORG
Due to heterogeneity of wireless communications, maintaining a seamless
communication between mobile users and mobile service provider is
difficult. Mobility and frequent disconnections decrease resource utilization
ratio [16]. One solution after disconnection is local execution. Note that
Results obtained before disconnection is not sufficient and execution must
be resumed.
- Improving the efficiency of data access:
Handling the data resources on cloud is difficult due to some problems such
as low bandwidth, mobility and limitation of resource capacity of mobile
devices. One easy solution to improve the efficiency of data access is a local
storage cache [11]. For example [52] addresses three issues: maintaining
seamless communication among subscribers and cloud, handling cache
consistency and supporting data privacy. Proposed scheme has two main
functional blocks namely RFS client on the mobile device and RFS server
on cloud. In proposed scheme authors using RESTful web service [53] for
service provider and HTTP for communication protocol. Also it addresses
issues such as wireless connectivity and data privacy.
3.6 Future research directions
Some problems may occur when mobile users try to use cloud resources,
such as disconnection, congestion and signal attenuation. These problems
lead to user dissatisfaction and decreasing quality of service. Instead of
communicating with a remote cloud, a better solution is to connect to
Cloudlet [54]. A cloudlet is resource rich computer or cluster of computers
which is Connected to the Internet and available for use by close mobile
devices [11]. This approach enables mobile devices to bypass latency and
bandwidth issues caused by connecting to remote cloud. In the absence of
close cloudlets mobile users may using local execution or connection to
remote cloud server.
- Security, trust and privacy:
With the development of cyber-crime applying security, trust and privacy is
required to protect mobile user contents and success of mobile cloud
computing. Indeed, how cloud service providers ensure confidentiality of
user content is a critical factor. Trust establishment based on the service
providers reputation and aggregation of trust from each service node would
be a valuable approach that requires future research [10].
- Low bandwidth:
Due to inherent problems of wireless environment, still bandwidth is a big
problem for mobile users. One solution is to use 4G networks that improve
bandwidth capacity for mobile users. Advantages of 4G networks are:
broading mobile coverage area, differed services, etc. [55]. [56] Discusses
IJCSBI.ORG
about 4G wireless network issues such as architecture, quality of service,
etc.
4. CONCLUSIONS
Mobile cloud computing aims to augment the resource-constraint mobile
devices, but currently it is like a baby that requires attention. The ABI
research believes more than 240 million business will use services provided
by cloud service providers through mobile devices by 2015. Mobile cloud
computing is a growing technology that includes both cloud computing and
mobile computing benefits. Also it is highly applicable for mobile devices.
This paper has given an extensive and survey of mobile cloud computing
technology including its definitions, architecture, motivation for developing,
advantages, challenges and future research directions. For better
understanding of mobile cloud computing before describing it, cloud
computing is described.
REFERENCES
IJCSBI.ORG
Cloud Computing: Architecture, Applications, and Approaches Wiley wireless
communications and mobile computing, Vol.13, pp. 1587-1611.
[12] Modi, C., Patel, D., Borisaniya, B., Patel, B., Rajarajan, M., 2013. A survey on security
issues and solutions at different layers of Cloud computing springer Journal of
Supercomput, Vol.63, pp. 561592.
[13] K. Bent. (2012, May) Obama: Government Agencies Have One Year To Deploy
Smartphone-Friendly Services.
[14] T. Khalifa, K. Naik, and A. Nayak., 2011. A Survey of Communication Protocols for
Automatic Meter Reading Applications, IEEE Communications Surveys & Tutorials,
Vol. 13, No. 2, pp. 168182.
[15] R. Buyya, C. Vecchiola, and T. Selvi, 2013. Mastering Cloud Computing. Morgan
Kaufmann, USA.
[16] S. Abolfazli, Z. Sanaei, Ejaz Ahmed, Abdullah Gani, Rajkumar Buyya, 2013. Cloud-
Based Augmentation for Mobile Devices: Motivation, Taxonomies, and Open
Challenges IEEE Communications Surveys & Tutorials, Vol.16, pp. 337-368.
[17] K. Jackson. (2009) Missouri University Researchers Create Smaller and More Efficient
Nuclear Battery.
[18] Y. Guo, L. Zhang, J. Kong, J. Sun, T. Feng, and X. Chen, 2011. Jupiter: transparent
augmentation of smartphone capabilities through cloud computing, in Proc. ACM
MobiHeld 11, Cascais, Portugal.
[19] W. Zheng, P. Xu, X. Huang, and N. Wu, 2010. Design a cloud storage platform for
pervasive computing environments, Cluster Computing, vol. 13, no. 2, pp. 141151.
[20] G. Lawton, Cloud Streaming Brings Video to Mobile Devices, 2012. IEEE Computer,
vol. 45, no. 2, pp. 1416.
[21] B. Seshasayee, R. Nathuji, and K. Schwan, 2007. Energy-aware mobile service
overlays: Cooperative dynamic power management in distributed mobile systems, in
Proc. IEEE ICAC07, Jacksonville, Florida, USA, p. 6.
[22] Y. J. Hong, K. Kumar, and Y. H. Lu, 2009. Energy efficient content-based image
retrieval for mobile systems in Proc. IEEE ISCAS 09, Taipei, Taiwan, pp. 16731676.
[23] Kremer, J. Hicks, and J. Rehg, 2003. A compilation framework for power and energy
management on mobile computers, Languages and Compilers for Parallel Computing,
pp. 115131.
[24] S. Gurun and C. Krintz, 2003. Addressing the energy crisis in mobile computing with
developing power aware software, vol. 8, no. 64.
[25] J. Flinn and M. Satyanarayanan, 1999. Energy-aware adaptation for mobile
applications, in Proc. ACM SOSP 99, vol. 33, pp. 4863.
[26] E. D. Lara, D. S. Wallach, and W. Zwaenepoel, 2001. Puppeteer: Component-based
adaptation for mobile computing, in Proc. USENIX USITS, pp. 1425.
[27] Niroshinie Fernando, Seng W. Loke, Wenny Rahayu, 2013. Mobile cloud computing:
A survey Elsevier Future Generation Computer Systems, Vol.29, pp. 84106.
[28] M. Satyanarayanan, 2011. Mobile computing: the next decade, ACM SIGMOBILE
Mobile Computing and Communications Review, vol. 15, no. 2, pp. 210.
[29] T. Imielinski and H. Korth, 1996. Introduction to Mobile Computing, ser. The Springer
International Series in Engineering and Computer Science, vol. 353, pp. 143.
[30] http://aws.amazon.com/s3/
[31] E. Vartiainen, and K. V. -V. Mattila, 2010. User experience of mobile photo sharing in
IJCSBI.ORG
the cloud, in Proceedings of the 9th International Conference on Mobile and
Ubiquitous Multimedia (MUM).
[32] http://www.flickr.com/
[33] U. Kremer, J. Hicks, and J. Rehg, 2001. A Compilation Framework for Power and
Energy Management on Mobile Computers, in Proceedings of the 14th International
Conference on Languages and Compliers for Parallel Computing, pp. 115 - 131, August.
[34] W. Zheng, P. Xu, X. Huang, and N. Wu, 2010. Design a cloud storage platform for
pervasive computing environments, Cluster Computing, vol. 13, no. 2, pp. 141151.
[35] W. Zeng, Y. Zhao, K. Ou, and W. Song, 2009. Research on cloud storage architecture
and key technologies, in Proc. ACM ICIS 09, Seoul, Republic of Korea, pp. 1044
1048.
[36] J. Oberheide, K. Veeraraghavan, E. Cooke, J. Flinn, and F. Jahanian. 2008. Virtualized
in-cloud security services for mobile devices, in Proceedings of the 1st Workshop on
Virtualization in Mobile Computing, pp. 31-35.
[37] A. Klein, C. Mannweiler, and H. D. Schotten, 2009. A Framework for Intelligent
Radio Network Access Based on Context Models, in Proceedings of the 22nd WWRF
meeting 2009.
[38] A. Klein, C. Mannweiler, J. Schneider, and D. Hans, 2010. Access Schemes for Mobile
Cloud Computing, in Proceedings of the 11th International Conference on Mobile Data
Management (MDM), pp. 387.
[39] Abdul Nasir Khan, M.L. Mat Kiah, Samee U. Khan, Sajjad A. Madani, 2013. Towards
secure mobile cloud computing: A survey Elsevier Future Generation Computer
Systems Vol.29, pp.12781299.
[40] A. Tanenbaum and M. Van Steen, 2007. Distributed Systems: Principles and
Paradigms, Pearson Prentice Hall.
[41] W. Wang, Z. Li, R. Owens, and B. Bhargava, 2009. Secure and efficient access to
outsourced data, in ACM Cloud Computing Security Workshop (CCSW), pp. 55 - 66.
[42] W. Itani, A. Kayssi, and A. Chehab, 2011. Energy-efficient incremental integrity for
securing storage in mobile cloud computing, International Conference on Energy
Aware Computing (ICEAC), pp. 1.
[43] S.C. Hsueh, J.Y. Lin, M.Y. Lin, 2011. Secure cloud storage for conventional data
archive of smart phones, in: Proc. 15th IEEE Int. Symposium on Consumer Electronics,
ISCE 11, Singapore.
[44] R. Chow, M. Jakobsson, R. Masuoka, J. Molina, Y. Niu, E. Shi, and Z. Song,
2010.Authentication in the clouds: a framework and its application to mobile users, in
Proceedings of the 2010 ACM workshop on Cloud computing security workshop
(CCSW), pp. 1 - 6.
[45] Z. Song, J. Molina, S. Lee, S. Kotani, and R. Masuoka. 2009. TrustCube: An
Infrastructure that Builds Trust in Client, in Proceedings of the 1st International
Conference on Future of Trust in Computing.
[46] M. Jakobsson, E. Shi, P. Golle, and R.Chow, 2009. Implicit Authentication for Mobile
Devices, in Processing of the 4th USENIX Workshop on Hot Topics in Security
(HotSec).
[47] E. Shi, Y. Niu, M. Jakobsson, and R. Chow. 2010. Implicit Authentication through
Learning User Behavior, in Proceedings of the implicit authentication Security
Conference (ISC).
[48] M. Fahrmair, W. Sitou, B. Spanfelner, 2011. Security and privacy rights management
for mobile and ubiquitous computing, in: Workshop on UbiComp Privacy, pp. 9708.
IJCSBI.ORG
[49] J. Han, Y. Zhu, Y. Liu, J. Cai, L. Hu, 2005. Provide privacy for mobile p2p systems, in:
25th IEEE International Conference on Distributed Computing Systems Workshops, pp.
829834.
[50] J. Han, Y. Liu, Rumor, 2006. Riding: anonymizing unstructured peer-to-peer systems,
in: Proceedings of the 2006 14th IEEE International Conference on Network Protocols,
2006, ICNP06, pp. 2231.
[51] G. Ghinita, P. Kalnis, S. Skiadopoulos, 2007. Prive: anonymous location-based queries
in distributed mobile systems, in: Proceedings of the 16th International Conference on
World Wide Web , ACM, New York, USA, pp. 371380.
[52] Y. Dong, J. Peng, D. Wang, H. Zhu, F. Wang, Sun C. Chan, and Michael P. Mesnier,
2011. RFS: a network file system for mobile devices and the cloud, ACM SIGOPS
Operating Systems Review, vol. 45, no. 1, pp. 101-111.
[53] Jacson H. Christensen, 2009. Using RESTful web-services and cloud computing to
create next generation mobile applications, in Proceedings of the 24th ACM SIGPLAN
conference companion on Object oriented programming systems languages and
applications (OOPSLA), pp. 627-634.
[54] M. Satyanarayanan, P. Bahl, R. Caceres, N. Davies, 2009. The case for VM-based
cloudlets in mobile computing, IEEE Pervasive Computing Vol.8, pp. 1423.
[55] M. Rahman and F. A. M. Mir, 2007. Fourth Generation (4G) Mobile Networks -
Features, Technologies & Issues, in Proceedings of the 6th IEEE International
Conference on 3G and Beyond, pp. 1.
[56] U. Varshney and R. Jain, 2002. Issues in emerging 4G wireless networks, Computer,
vol. 34, no. 6, pp. 94 96.
[57] S. Zonouz, A. Houmansadr, R. Berthier, N. Borisov, W. Sanders, 2013. Secloud: A
cloud-based comprehensive and lightweight security solution for smartphones; Proc:
Elsevier.
[58] Md. AI-Hasan, Kaushik Deb, Mohammad Obaidur Rahman, 2013. User Authentication
Approach for Data Security between Smartphone and Cloud; Strategic Technology
(IFOST), 8th International Forum on, Publisher: IEEE.
[59] Hong gang Wang, Shaoen Wu, Min Chen, Wei Wang, 2014. Security Protection
between Users and the Mobile Media Cloud, IEEE Communications Magazine.
[60] 60. Momeni, M. R., 2014. A Lightweight Authentication Scheme for Mobile Cloud
Computing. International Journal of Computer Science and Business Informatics,
Vol. 14, No. 2, pp. 153-160.
IJCSBI.ORG
ABSTRACT
The growth of mobile cloud computing users is rapid and now many mobile users utilize
from mobile cloud computing technology. This technology makes mobile users stronger
beyond the mobile computing capabilities. The security risks have become a hurdle in the
rapid adaptability of the mobile cloud computing technology. Significant efforts have been
devoted in research organizations and academia to securing the mobile cloud computing
technology. In this paper we proposed a lightweight and efficient authentication protocol
for mobile cloud environment. According to significant advantages of ECC (elliptic curve
cryptosystem), it has been adopted through this paper. Our proposed protocol has many
advantages such as: supporting user anonymity, identity management and also resistance
against related attacks such as replay attack, stolen verifier attack, modification attack,
server spoofing attack and so on.
Key words
Mobile cloud computing, lightweight authentication, ECC, user anonymity, security risks.
1. INTRODUCTION
Mobile cloud computing is a technology that aims to augment mobile
devices beyond their capabilities. Mobile devices have limited processing
and storage capabilities and their battery lifetime will exhaust soon [1].
Authentication is the most important factor to protect systems against
attacks. If this mechanism works well other mechanisms can be lightweight.
Authentication methods are grouped to four classes. 1. What you are (E.g.
fingerprint), 2.what you have (E.g. smart cards), 3.what you know (E.g.
passwords) and 4.what you do or implicit authentication. Due to inherent
challenges of wireless communications such as insecure nature and
problems related to heterogeneity, security and privacy issues are too
complex in mobile cloud computing. ECC based schemes with smaller key
size, strict security and high efficiency are the best choice for securing the
mobile cloud computing technology. For example ECC with 160 bits key
size and RSA with 1024 bits key size have the same security level. ECC is
good for environments with these properties: low bandwidth, limited
processing power and storage capacity, battery lifetime limitation. Firstly
IJCSBI.ORG
lamport in 1981 proposed an authentication scheme over an open channel
[2]. His scheme was resistance against impersonation attack and servers
data eavesdropping attack but vulnerable to replay attack. Peyravian and
Zunic proposed an authentication scheme without encryption techniques [3].
It only used hash function. Lee et al. demonstrated that this scheme is
vulnerable to offline password guessing attack and then improved it [4].
Later ku et al showed lee et al scheme is vulnerable to attacks such as denial
of service, offline password guessing and stolen verifier [5]. Yoon et al then
improved lee et al scheme in the year 2004 [6], but ku et al demonstrated
this scheme is vulnerable to offline password guessing attack and stolen
verifier attack [7]. Later hwang and yeh demonstrated Peyravian and
Zunics scheme is vulnerable to password guessing attack and server
spoofing attack [8]. Then they improved it with public key cryptosystem.
Their scheme satisfies mutual authentication, but ku et al mentioned it is
vulnerable to replay attack [9]. Lin and hwang demonstrated denial of
service attack is applicable to hwang and yeh scheme [10]. Also they
mentioned hwang and yeh scheme cannot satisfy perfect forward secrecy.
Peyravian and Jeffries improved Peyravian and Zunics scheme [11], but
shim claimed that their scheme is vulnerable to offline password guessing
attack and denial of service attack [12]. Zhu et al mentioned that Hwang and
Yehs scheme still vulnerable to replay attack, stolen verifier attack and
impersonation attack and then proposed an improved scheme to eliminate
the weaknesses of Hwang and Yehs scheme [13]. Their scheme is based on
timestamp and salting techniques. Momeni proposed a lightweight
authentication scheme [14]. His protocol has little processing and
communication overhead and is enough strong against related attacks. The
rest of the paper is organized as follows: in Section 2, we propose our
authentication protocol. Section 3 and 4 describe the security and
performance analysis respectively. And finally section 5 concludes the
paper. The notations to be used in this paper are in Table 1.
IJCSBI.ORG
Table 1. Notations
Symbols Description
IDU User identity
PWU Password
S Private key (server)
Q = S.P Public key (server)
AKU = S.ZU Authentication key
ZU = PWU.P Password verifier
DIDU Dynamic identity of user
P Base point
|| Concatenation operator
H( ) Hash function
r1 , r2 Random numbers
EAK( ) Symmetric encryption function
2. PROPOSED SCHEME
In this section our protocol is presented. Our proposed protocol consists of
four phases namely: registration phase, mutual authentication and session
key agreement phase, password change phase and finally user eviction
phase. Now we describe the registration phase.
IJCSBI.ORG
Table 2. Users table
Identity Password Verifier Status bit
IDA ZA = PWA.P 0-1
IDB ZB = PWB.P 0-1
IDC ZC = PWC.P 0-1
IJCSBI.ORG
Then server obtains R and M by decrypting the message. Also in this step
server calculates the real identity from dynamic identity as follows: IDU =
DIDU H(AKU || R). Then validates it according to identities that exists in
the users table. Now the server generates r2 and calculates N = r2.Q. Finally
the server sends message M2 = ((M+N), H(N)) to mobile user.
3. After receiving M2, mobile user calculates N from M+N-M and then
computes H*(N) and compares it by received H(N) to detect modification
attack. If H is not equal to H* mobile user aborts the current session, Hence
denial of service can be eliminated. Mobile user computes message M3 =
(H(M || N), DIDU) and sends it to the server. Also he/she computes the
session key SK = r1.PWU.N = r1.PWU.r2.S.P = r1.r2.S.P.PWU in this step.
4. After receiving M3, the server computes H*(M || N) and then compares it
by received H(M || N) to detect modification attack. If H is not equal to H*
the server aborts the current session, Hence denial of service can be
eliminated. Now the server computes session key as follows: SK = r2.S.M =
r2.S.r1.PWU.P = r1.r2.S.P.PWU. Note that SK is valid only for this session.
Mutual authentication and session key agreement phase has shown in
following.
IJCSBI.ORG
Authentication
Mobile User Server
r1, R = r1.Q
M = r1.PWU.P 1
DIDU = H(AKU || R) IDU
M2 = ((M+N), H(N))
M+N-M = N, H*(N)
H(M || N)
3
SK = r1.PWU.N = r1.PWU.r2.S.P
= r1.r2.S.P.PWU
H*(M || N)
4 SK = r2.S.M = r2.S.r1.PWU.P =
r1.r2.S.P.PWU
IJCSBI.ORG
IJCSBI.ORG
3. SECURITY ANALYSIS
In this section security features of our proposed protocol is presented and
we demonstrate proposed protocol can withstand against related security
attacks.
3.1 Stolen verifier attack resistance
Our proposed protocol is robust against stolen verifier attack because server
does not keep any secret table or any pre-shared secret key. Hence adversary
cannot gain any valuable information from this attack.
3.2 Server spoofing attack resistance
Our proposed protocol provides mutual authentication for both participants.
Mobile user authenticates the server and also server can authenticate the
mobile user. Hence sever spoofing attack is ineffective.
3.3 Modification attack resistance
In order to avoid modification attack we used a collision free one way hash
function. If an adversary sends a modified message, soon mobile user will
know that the received message is not valid because two hash results are not
equal.
3.4 Replay attack resistance
Proposed scheme uses random numbers to avoid replay attack. It is hard for
adversary to guess the random numbers, because they change in each
session and every time of authentication. Thus this attack is not applicable
to our scheme.
3.5 Insider attack resistance
A client CL may register with some servers S1, S2 and so on using a
common password pw and the identity id for his convenience, and if the
privileged-insider U1 of S1 has the knowledge of CLs pw and id, then U1
may try to access other servers S2, S3, and so on by using the same pw and
id. In our proposed protocol the server only stores password verifier and
IJCSBI.ORG
extraction of password from it is very hard due to hardness of elliptic curve
discrete logarithm problem (ECDLP).
IJCSBI.ORG
5. CONCLUSIONS
In this paper we proposed a lightweight authentication protocol for mobile
cloud computing. In the proposed protocol we used elliptic curve
cryptosystem which has many advantages includes smaller key size, strict
security and high efficiency. Also our proposed protocol satisfies user
anonymity, mutual authentication, session key agreement and so on. In
terms of resistance against related attacks, our proposed protocol is robust
against replay attack, stolen verifier attack, modification attack, server
spoofing attack and so on. It is important to note that proposed protocol is
according to real communication scenarios.
REFERENCES
[1]. Momeni, M. R., 2015. A Survey of Mobile Cloud Computing: Advantages,
Challenges and Approaches. International Journal of Computer Science and Business
Informatics, special issue: Vol. 15, No. 4, pp. 14-28.
[2]. L. Lamport, Password authentication with insecure communication,
Communications of the ACM 24 (11) (1981) 770772.
[3]. M. Peyravian, N. Zunic, Methods for protecting password transmission, Computers
and Security 19 (5) (2000) 466469.
[4]. C.C. Lee, L.H. Li, M.S. Hwang, A remote user authentication scheme using hash
functions, ACM Operating Systems Review 36 (4) (2002) 2329.
[5]. W.C. Ku, C.M. Chen, H.L. Lee, Weaknesses of LeeLiHwangs Hash-based
password authentication scheme, ACM Operating Systems Review 37 (4) (2003) 1925.
[6]. E.J. Yoon, E.K. Ruy, K.Y. Roo, A secure user authentication scheme using hash
functions, ACM Operating Systems Review 38 (2) (2004) 6268.
[7]. W.C. Ku, M.H. Chaing, S.T. Chang, Weaknesses of YoonRyuYoos hash-based
password authentication scheme, ACM Operating Systems Review 39 (1) (2005) 8589.
IJCSBI.ORG
[9]. W.C. Ku, C.M. Chen, L. Hui, Cryptanalysis of a variant of PeyravianZunics
password authentication scheme, IEICE Transactions on Communications E86-B (5)
(2002) 16821684.
[10]. C.L. Lin, T. Hwang, A password authentication scheme with secure password
updating, Computers and Security 22 (1) (2003) 6872.
[11]. M. Peyravian, C. Jeffries, Secure remote user access over insecure networks,
Computer Communications 29 (5) (2006) 660667.
[12]. K.A. Shim, Security flaws of remote user access over insecure networks, Computer
communications 30 (1) (2006) 117121.
[13]. L. Zhu, S. Yu, X. Zhang, Improvement upon mutual password authentication
scheme, International seminar on business and information management, 2008, pp. 400
403.
[14]. Momeni, M. R., 2014. A Lightweight Authentication Scheme for Mobile Cloud
Computing. International Journal of Computer Science and Business Informatics,
Vol. 14, No. 2, pp. 153-160.
[15]. D. Wanga, Chun-guang, Cryptanalysis of a remote user authentication scheme for
mobile clientserver environment based on ECC, Information Fusion 14 (2013) 498
503.
[16]. Giridhar, P. Kumar, Distributed clock synchronization over wireless networks:
algorithms and analysis, in: Proceedings of the 45th IEEE Conference on Decision and
Control, IEEE, 2006, pp. 49154920.
[17]. D. Mills, Internet time synchronization: the network time protocol, IEEE
Transactions on Communications 39 (10) (1991) 13931482.
[18]. J. Han, D. Jeong, A practical implementation of IEEE 15882008 transparent clock
for distributed measurement and control systems, IEEE Transactions on Instrumentation
and Measurement 59 (2) (2010) 433439.
[19]. R. Baldoni, A. Corsaro, L. Querzoni, S. Scipioni, S. Piergiovanni, Coupling-based
internal clock synchronization for large-scale dynamic distributed systems, IEEE
Transactions on Parallel and Distributed Systems 21 (5) (2010) 607619.
[20]. SK Hafizul Islam, G.P. Biswas, Design of improved password authentication and
update scheme based on elliptic curve cryptography, Mathematical and Computer
Modelling 57 (2013) 27032717.