Security as a Service in Cloud for Smartphones

subramanian, lakshmi

January 2011

Smartphone usage has been continuously growing in recent times. Smartphones offer Personal Computer (PC) functionality to the end user, hence they are vulnerable to the same sorts of security threats as desktop computers. Cloud computing is a new computing paradigm and a breakthrough technology of recent times. Its growing popularity can be attributed to its ability to transform computing to a utility, scalability, and cost effectiveness. More and more services are predicted to be offered in the cloud in the near future.Due to the resource constraints of smartphones, security services in the form of a cloud offering seems to be a natural fit (as the services could be provided in a very scalable form in the cloud while off-loading the smartphone).This project proposes a generic architecture for providing security services in the cloud for smartphones. To enable the design of this architecture, it is essential to analyze and identify possible security solutions that could be provided as a cloud service to the smartphone. Security requirements of smartphones have been analysed considering the various infection channels for smartphones, attacks and threats encountered in a smartphone environment, smartphone usage scenarios and the smartphone‟s limitations. Next, the security functions that must be implemented in the smartphone to overcome these threats are identified. Furthermore, a review of the existing architectures for mobile computing are presented and their security issues are examined.A detailed study of the analysed results has been used to build the architecture for offering security services to smartphones in the cloud, targeted use case scenario being the usage in a corporate environment. The functions to be handled by each of the components of the architecture have been specified. Furthermore, the proposed architecture has been examined to prove its feasibility by analysing it in terms of its security aspects, scalability and flexibility. Additionally, experiments to understand the performance enhancement by offering security services in the cloud for smartphones have been performed. This has been done by measuring the resource consumption of anti-virus software in a smartphone and performing the same measurement in an emulated smartphone in the cloud.

ntnudaim:6410

Security Issues in OpenStack

Slipetskyy, Rostyslav

January 2011

Security Issues in OpenStack

ntnudaim:6027

Securing Cloud Storage Service

Zapolskas, Vytautas

January 2012

Cloud computing brought flexibility, scalability, and capital cost savings to the IT industry. As more companies turn to cloud solutions, securing cloud based services becomes increasingly important, because for many organizations, the final barrier to adopting cloud computing is whether it is sufficiently secure.More users rely on cloud storage as it is mainly because cloud storage is available to be used by multiple devices (e.g. smart phones, tablets, notebooks, etc.) at the same time. These services often offer adequate protection to user's private data. However, there were cases where user's private data was accessible to other user's, since this data is stored in a multi-tenant environment. These incidents reduce the trust of cloud storage service providers, hence there is a need to securely migrate data from one cloud storage provider to another.This thesis proposes a design of a service for providing Security as a Service for cloud brokers in a federated cloud. This scheme allows customers to securely migrate from one provider to another. To enable the design of this scheme, possible security and privacy risks of a cloud storage service were analysed and identified. Moreover, in order to successfully protect private data, data protection requirements (for data retention, sanitization, and processing) were analysed. The proposed service scheme utilizes various encryption techniques and also includes identity and key management mechanisms, such as "federated identity management".While our proposed design meets most of the defined security and privacy requirements, it is still unknown how to properly handle data sanitization, to meet data protection requirements, and provide users data recovery capabilities (backups, versioning, etc.).

ntnudaim:8297

On Fully Homomorphic Encryption

Fauzi, Prastudy

January 2012

Fully homomorphic encryption is an encryption scheme where a party can receive encrypted data and perform arbitrary operations on this data efficiently.The data remains encrypted throughout, but the operations can be done regardless, without having to know the decryption key.Such a scheme would be very advantageous, for example in ensuring the privacy of data that is sent to a third-party service.This is in contrast with schemes like Paillier where you can not perform a multiplication of encrypted data without decrypting the data first, or ElGamal where you can not perform an addition of encrypted data without decrypting the data first.This thesis acts as a survey of the most recent fully homomorphic encryption schemes. We study some of the latest fully homomorphic encryption schemes, make an analysis of them and make a comparison.These schemes have some elements in common:1. An efficient lattice-based cryptosystem, with security based on the hardness of well-known lattice problems. 2. An evaluation function with definitions for $c_{add}$ and $c_{mult}$, such that the noise does not rapidly increase.3. Techniques to make the scheme fully homomorphic with this evaluation function. Whenever possible, we rewrite the main results of these schemes in a more detailed and readable format.Apart from Gentry's scheme, the schemes that we choose to discuss are very new. The earliest one was published in October 2011, while some are still only available as eprints. We hope this work can help readers be up to date with the field of fully homomorphic encryption, paving way to further advances in the field.

ntnudaim:7507

Web applications - New mobile service paradigm

Ngu, Phuc Huy

January 2012

The explosion of mobile applications both in number and variety raises the need of shedding light on their architecture, composition and quality. Indeed, it is crucial to understand which mobile application paradigm fits better to what type of application and usage. Such understanding has direct consequences on the user experience, the development cost and sale revenues of mobile apps. In this thesis, we identify four main mobile application paradigms and evaluate them from the viewpoints of developers, users and service providers. To ensure objectivity and accuracy we start by defining high level criteria and then breaking down into finer-grained criteria. After a theoretical evaluation an implementation was carried out as a practical verification to ensure that the method adopted in analysis and evaluation is trusted and applicable. The selected application is object recognition app, which is both exciting and challenging to develop.

ntnudaim:7449

Automated Security Compliance Tool for the Cloud

Ullah, Kazi Wali

January 2012

Security, especially security compliance, is a major concern that is slowing down the large scale adoption of cloud computing in the enterprise environment. Business requirements, governmental regulations and trust are among the reasons why the enterprises require certain levels of security compliance from cloud providers. So far, this security compliance or auditing information has been generated by security specialists manually. This process involves manual data collection and assessment which is slow and incurs a high cost. Thus, there is a need for an automated compliance tool to verify and express the compliance level of various cloud providers. Such a tool can reduce the human intervention and eventually reduce the cost and time by verifying the compliance automatically. Also, the tool will enable the cloud providers to share their security compliance information using a common framework. In turn, the common framework allows clients to compare various cloud providers based on their security needs. Having these goals in mind, we have developed an architecture to build an automated security compliance tool for a cloud computing platform. We have also outlined four possible approaches to achieve this automation. These possible four approaches refer to four design patterns to collect data from the cloud system and these are: API, vulnerability scanning, log analysis and manual entry. Finally, we have implemented a proof-of-concept prototype of this automated security compliance tool using the proposed architecture. This prototype implementation is integrated with OpenStack cloud platform, and the results are exposed to the users of the cloud following the CloudAudit API structure defined by Cloud Security Alliance.

ntnudaim:7219

An automatic protocol composition checker

Kojovic, Ivana

January 2012

Formal analysis is widely used to prove security properties of the protocols. There are tools to check protocols in isolation, but in fact we use many protocols in parallel or even vertically stacked, e.g. running an application protocol (like login) over a secure channel (like TLS) and in general it is unclear if that is safe. There are several works that give sufficient conditions for parallel and vertical composition, but there exists no program to check whether these conditions are actually met by a given suite of protocols.The aim of the master thesis project is to implement a protocol composition checker and present it as a service for registering protocols and checking compatibility of the protocols among each other. In order to establish the checker, it is necessary to collect and integrate different conditions defined through the literature. Also, we will define a framework based on Alice and Bob notation, so the checker can examine protocols in an unambiguous manner.Further we will develop a library of widely-used protocols like TLS that are provenly compatible with each other and define a set of negative example proto- cols to test the checker.We want to implement the checker as an extension of the existing Open-Source Fixed-Point Model-Checker OFMC to easily integrate our composition checker with a existing verification procedure that support Alice and Bob notation.

ntnudaim:7257

none

Hou, Yen-Hsing

15 June 2009

The most two popular products in 2009 are smart phone and net-book because of the emersion of mobile computing. Since the mobile computing makes the notebooks more mobile, these kinds of notebooks are called netbook and on the other hand, since the mobile computing makes the cell phones more computing, this kind of cell phones are called smartphone. My research focused mobile computing impact on communication industry. However, the communication industry is big and changing very fast. I tried to predict the communication trends and future competition carefully, and studied the research from the international institutions in good reputation. This research focused carriers, device manufacturers and software industries. The future trends of mobile computing are: Location Based Service, Pre-paradigmatic Design Phase Competition, and Prosumer. Each companies should follow the trends, depending on own resource to make strategies plan, and I tried to gave them suggestions.

Communication Industry

Mobile Computing

Smartphone

Strategy

Contextual mobile adaptation

Hall, Malcolm.

January 2008

Thesis (Ph.D.) - University of Glasgow, 2008. / Ph.D. thesis submitted to the Faculty of Information and Mathematical Sciences, Department of Computing Science, University of Glasgow, 2008. Includes bibliographical references. Print version also available.

Intra and inter piconet scheduling in Bluetooth personal area networks /

Chan, Ka-Lok.

January 2003

Thesis (M. Phil.)--Hong Kong University of Science and Technology, 2003. / Includes bibliographical references (leaves 79-81). Also available in electronic version. Access restricted to campus users.