You are on page 1of 22
Presented by: ABHISHEK ANAND SAMBIT KR. SAHOO SHAHSI KUMAR VIBHUTI BHUSHAN VIVEK RANJAN B080264CS B080322CS B080442CS

Presented by:

ABHISHEK ANAND SAMBIT KR. SAHOO SHAHSI KUMAR VIBHUTI BHUSHAN VIVEK RANJAN

B080264CS

B080322CS

B080442CS

B080487CS

B080572CS

  • Mobile cloud computing could be defined as the availability of cloud computing services in a mobile ecosystem.

  • This incorporates many elements including

consumer, enterprise, transcoding, end to

end security, home gateways and mobile

broadband enabled services.

  • Also since the terms ‘mobile’ and ‘wireless’ are used interchangeably, as Mobile – ‘anywhere anytime’ and wireless is ‘without wires’. Thus mobile is ‘wireless’.

  • Hence, Mobile Cloud Computing

essentially means ‘Anywhere anytime secure data access’ .

A mechanism to authenticate weblets belonging to the same application and user to each other. This
A mechanism to authenticate weblets belonging to the same application and user to each other. This

A mechanism to authenticate weblets

belonging to the same application and

user to each other. This is especially

important when they are running on different platforms. Authentication is the

prerequisite to building secure

communication between weblets.

  • A mobile application can consist of one or more weblets, which function independently, but communicate with each other.

  • When the application is launched, an application manager running on the device monitors the resource requirements of the weblets of the application , and make decisions where they should be launched.

  • Image and video processing usually strain the

processors of mobile devices, therefore they can be launched on one or more platforms in the cloud; while User Interface components

(UI) or those needing extensive access to local data may be launched on the device.

  • In very general scenarios, the application manager can also make decisions about migrating running weblets from the device to cloud, or from cloud to device, according to changes in computing constraints on the device or changes in user preferences.

  • When a user downloads and installs an application, the integrity of all weblets are verified by the installer of the device

by re-computing and comparing their

hashes and with those in the bundle.

After successful integrity verification, the

installer registers the application with the

DM(Device Manager).

  • The DM maintains a table of installed applications on the device which need device application manager support, each with detailed information of weblets including signed hash values and migration settings.

  • Whenever an elastic application wants to launch a weblet or any UI component invoked by the user, it first connects to the DM, which decides where to launch the weblet.

  • DM generates a pair of weblet session keys (wsk) and a secret (wss) for the

application if this is the first weblet to be launched. These are shared by all

weblets during a single session.

  • When DM decides to launch a weblet in

local device, it executes the installed weblet function with LaunchWeblet

( localhost,wid,wss,wsk).

  • Upon invoking, the weblet ,construction method records wid, wsk, and wss into its member variables.

  • The weblet returns a valid URL endpoint which is used to communicate with other weblets with http(s).

  • DM then updates a weblet table which records the active weblet’s URL, wid, and wsk

  • If DM decides to launch a weblet in a cloud, it calls the CFI(cloud fabric interface)’s web method LaunchWeblet (cfi , wid,wsk,wss). This method has to be done with https as it transfers a session secret wss.

  • Based on its service logic, the CFI queries its cloud manger and decides on which cloud node the weblet will be loaded.

  • The corresponding weblet is either installed in the application manager of CS, or download from the URL provided by DM . Once this is decided, CFI call the targetnode manager’s LaunchWeblet (nodeid, wid, wsk, wss), again with https as it goes via public Internet.

  • The node manager executes weblet

binaries provided by the application

manager of the CS, similar to launching a

weblet by the DM locally.

  • The successfully launched weblet returns a valid URL endpoint to the node manager, which in turn is passed back to CFI and DM.

  • DM updates the weblet table with returned result.

  • Before updating, DM verifies if the WebletOK message is generated by the launched weblet,by checking the

HMAC(Hash-based Message Authentication Code) value with wss.

  • A local weblet can query DM to obtain the list of all active weblets in the same session by call DEM::GetWeblet( wsk).DM returns the URLs of all weblets by querying the table.

  • The local weblet can broadcast the URLs to any other weblet that needs to

communicate.

  • Interfaces of a weblet invoke another

weblet’s method or receive a call from

another weblet.

  • Specifically, when calling, the calling weblet generates a nonce, and creates a HMAC value by calculating all parameters with the nonce, its own wid, the target wid, and its own wss.

  • When responding to a call, the weblet first verifies the HMAC with its wss, and

processes the request if successes;

otherwise, it denies the calling.

 There are 2 main categories of mobile app risks. The category of Malicious Functionality is
  • There are 2 main categories of mobile app risks. The category of Malicious Functionality is a list of unwanted and

dangerous behaviors that are stealthily

placed in a Trojan app that the user is

tricked into installing. The user thinks they

are installing a game or utility and

instead get hidden spyware, phishing UI, or unauthorized premium dialing.

 Activity monitoring and data retrieval  Unauthorized dialing, SMS, and payments  Unauthorized network connectivity
  • Activity monitoring and data retrieval

  • Unauthorized dialing, SMS, and payments

  • Unauthorized network connectivity

(exfiltration or command & control)

  • UI Impersonation

  • System modification (rootkit, APN proxy

config)

  • Logic or Time bomb

  • The category of Vulnerabilities are

errors in design or implementation that expose the mobile device data to

interception and retrieval by

attackers. Vulnerabilities can also expose the mobile device or the

cloud applications used from the

device to unauthorized access.

 Sensitive data leakage (inadvertent or side channel)  Unsafe sensitive data storage  Unsafe sensitive


Sensitive data leakage (inadvertent or side channel)

Unsafe sensitive data storage

Unsafe sensitive data transmission

Hardcoded password/keys

 Is a licence required to offer Cloud Computing services? Ans:Despite the lack of specific regulation,
  • Is a licence required to offer Cloud Computing services?

Ans:Despite the lack of specific regulation, in certain jurisdictions the provision of Cloud

  • Computing services will require the supplier to obtain a licence. For example, in China

  • The provision of SaaS, PaaS or IaaS services will require the supplier to obtain a Type

Contractual

  • How is Cloud Computing currently regulated?

  • Cloud Computing is not currently subject to specific regulation. However, customers

  • and suppliers of Cloud Computing may be potentially subject to a range of laws: for

  • example, data protection legislation

(please see below) and any relevant

industry sector regulations (e.g. financial services and healthcare).

Complication

The situation may be further complicated where Cloud Computing services are 'bundled' with other services, such as

internet connection, as such other

services may be subject to specific regulatory and/or licensing requirements.

Storing and processing customer data at

remote data centres gives rise to potentially complex data protection

issues which need

to

be addressed in

order to avoid customers and suppliers breaching applicable regulations.

  • Data Export Restrictions: in many jurisdictions

the export of data to other jurisdictions is

prohibited or subject to onerous restrictions;

  • Monitoring Data Handling

  • Regulated Industries: customers operating in regulated industries such as financial services

or healthcare may be subject to even more

stringent data .

  • Protection obligations given the financial

value or sensitivity of data such as bank

details and medical records; Multiple Jurisdictions.