Top Banner
1 Security Infrastructure for Trusted Offloading in Mobile Cloud Computing Professor Kai Hwang University of Southern California Presentation at Huawei Forum, Santa Clara, Nov. 8, 2014 Mobile Cloud Security and Big Data Privacy Issues and their plausible Solutions Convergence of Five Emerging Technologies: Big Data Science, Cloud Computing, Social Networks, Mobile Systems, and the IoT. Cloud-based Radio Access Networks (C-RAN) for building the 5G Mobile Core Networks. New Solutions from Academia and Industry: WiFi cloudlets, mobile clouds, Data Coloring, PowerTrust Reputation System, Network Worm Containment, Hybrid IDS, Spam Filtering, and Security Analytics. Point of Contact: [email protected]
32

Security Infrastructure for Trusted Offloading in …gridsec.usc.edu/.../Hwang-MobiloeCloudSecurity-Huawei-Nov8-2014.pdfSecurity Infrastructure for Trusted Offloading in Mobile Cloud

May 02, 2018

Download

Documents

vuthuy
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Security Infrastructure for Trusted Offloading in …gridsec.usc.edu/.../Hwang-MobiloeCloudSecurity-Huawei-Nov8-2014.pdfSecurity Infrastructure for Trusted Offloading in Mobile Cloud

1

Security Infrastructure for Trusted Offloading in Mobile Cloud Computing

Professor Kai HwangUniversity of Southern California

Presentation at Huawei Forum, Santa Clara, Nov. 8, 2014

� Mobile Cloud Security and Big Data Privacy Issues and

their plausible Solutions

� Convergence of Five Emerging Technologies: Big Data Science,

Cloud Computing, Social Networks, Mobile Systems, and the IoT.

� Cloud-based Radio Access Networks (C-RAN) for building the

5G Mobile Core Networks.

� New Solutions from Academia and Industry: WiFi cloudlets, mobile

clouds, Data Coloring, PowerTrust Reputation System, Network Worm

Containment, Hybrid IDS, Spam Filtering, and Security Analytics.

Point of Contact: [email protected]

Page 2: Security Infrastructure for Trusted Offloading in …gridsec.usc.edu/.../Hwang-MobiloeCloudSecurity-Huawei-Nov8-2014.pdfSecurity Infrastructure for Trusted Offloading in Mobile Cloud

Privacy and Security Enforcement

2

Infrastructure security

Secure Computations in

Distributed Programming Frameworks

Security Best Practices for

NonrelationalData Stores

Data Privacy

Privacy Preserving Data

Mining and Analytics

Cryptographically Enforced Data

Centric Security

Granular Access Control

Data Management

Secure Data Storage and

Transaction Logs

Granular Audits

Data Provenance

Integrity/ Reactive Security

End-point validation

and filtering

Real time Security

Monitoring

Source: K. Hwang, G. Fox, and J. Dongarra,Distributed and Cloud Computing : from Parallel Processing

to The Internet of Things, Morgan Kaufmann, Oct. 2011

Page 3: Security Infrastructure for Trusted Offloading in …gridsec.usc.edu/.../Hwang-MobiloeCloudSecurity-Huawei-Nov8-2014.pdfSecurity Infrastructure for Trusted Offloading in Mobile Cloud

Prof. Kai Hwang, USC

� Protecting datacenters must first secure cloud resources Protecting datacenters must first secure cloud resources Protecting datacenters must first secure cloud resources Protecting datacenters must first secure cloud resources and uphold user privacy and data integrity. and uphold user privacy and data integrity. and uphold user privacy and data integrity. and uphold user privacy and data integrity.

� We suggested the use of a trust overlay network to build reputation We suggested the use of a trust overlay network to build reputation We suggested the use of a trust overlay network to build reputation We suggested the use of a trust overlay network to build reputation systems for trusted cloud computing systems for trusted cloud computing systems for trusted cloud computing systems for trusted cloud computing

� A watermarking technique is suggested to protect shared data A watermarking technique is suggested to protect shared data A watermarking technique is suggested to protect shared data A watermarking technique is suggested to protect shared data objects and massively distributed software modules. objects and massively distributed software modules. objects and massively distributed software modules. objects and massively distributed software modules.

� These techniques safeguard user authentication and tighten the data These techniques safeguard user authentication and tighten the data These techniques safeguard user authentication and tighten the data These techniques safeguard user authentication and tighten the data accessaccessaccessaccess----control in public clouds. control in public clouds. control in public clouds. control in public clouds.

� The new approach could be more costThe new approach could be more costThe new approach could be more costThe new approach could be more cost----effective than using the effective than using the effective than using the effective than using the traditional encryption and firewalls traditional encryption and firewalls traditional encryption and firewalls traditional encryption and firewalls

Security and Trust BarriersSecurity and Trust BarriersSecurity and Trust BarriersSecurity and Trust Barriersin Mobile Cloud Computing

Page 4: Security Infrastructure for Trusted Offloading in …gridsec.usc.edu/.../Hwang-MobiloeCloudSecurity-Huawei-Nov8-2014.pdfSecurity Infrastructure for Trusted Offloading in Mobile Cloud

Prof. Kai Hwang, USC, Huawei Forum, Nov.8, 2014 9 - 4

Cloudlets- A trusted portal for Mobile Devices with

cognitive abilities and pervasive capacity to access distance cloud to catch special events, check security alerts, and make intelligent decision making, etc.

Source: Satyanarayana, et al, “The Case of VM-based Cloudlets in Mobile Computing”, IEEE Pervasive Computing, April 2009

Page 5: Security Infrastructure for Trusted Offloading in …gridsec.usc.edu/.../Hwang-MobiloeCloudSecurity-Huawei-Nov8-2014.pdfSecurity Infrastructure for Trusted Offloading in Mobile Cloud

Prof. Kai Hwang, USC, Huawei Forum, Nov.8, 2014 9 - 5

Fast VM synthesis

makes it possible to

build VM overlay in

transient cloudlets, that

is customized to bind

cloud resources in

distance to satisfy the

user need.

Trust and security

issues are major factors

in Cloudlet deployment.

Page 6: Security Infrastructure for Trusted Offloading in …gridsec.usc.edu/.../Hwang-MobiloeCloudSecurity-Huawei-Nov8-2014.pdfSecurity Infrastructure for Trusted Offloading in Mobile Cloud

Basic Concept of Extending the

Cloudlets into A Mobile Mesh

Page 7: Security Infrastructure for Trusted Offloading in …gridsec.usc.edu/.../Hwang-MobiloeCloudSecurity-Huawei-Nov8-2014.pdfSecurity Infrastructure for Trusted Offloading in Mobile Cloud

Mobile Cloud Offloading Environment

Source: Y. Shi, S. Abhilash and K. Hwang, “Cloudlet Mesh for Securing Mobile Clouds: Security Infrastructure and Protocols”, IEEE Int’l Conf. Mobile Cloud

Computing, March 2015 (submitted in Nov. 2014)

Remote Cloud

Remote Cloud

Cloudlet

Cloudlet

Cloudlet

The Internet

Cloudlet Mesh

Mobile

Devices

Page 8: Security Infrastructure for Trusted Offloading in …gridsec.usc.edu/.../Hwang-MobiloeCloudSecurity-Huawei-Nov8-2014.pdfSecurity Infrastructure for Trusted Offloading in Mobile Cloud

�Two approaches for Cloudlet:

� VM migration (~8GB)

� Dynamic VM synthesis(100 ~ 200MB)

� Performance is determined by local recourses:

� Bandwidth

� Compute power

8

Page 9: Security Infrastructure for Trusted Offloading in …gridsec.usc.edu/.../Hwang-MobiloeCloudSecurity-Huawei-Nov8-2014.pdfSecurity Infrastructure for Trusted Offloading in Mobile Cloud

For 100 Mbpslinks:

� VM overlay is 100~200MB

� Synthesizing a VM takesaround 60 ~ 90s

Other New Wireless Technologies

� 802.11n: 300~600Mbps

� UWB: 100~480 Mbps

� 60-GHz radio: 1~5 Gbps

9

Some Design Considerationsby Satyanarayana, et al, (2009):

Page 10: Security Infrastructure for Trusted Offloading in …gridsec.usc.edu/.../Hwang-MobiloeCloudSecurity-Huawei-Nov8-2014.pdfSecurity Infrastructure for Trusted Offloading in Mobile Cloud

Prof. Kai Hwang, USC, Huawei Forum, Nov.8, 2014 9 - 10

Mobility Support and Security Measures for Mobile Cloud Computing

Page 11: Security Infrastructure for Trusted Offloading in …gridsec.usc.edu/.../Hwang-MobiloeCloudSecurity-Huawei-Nov8-2014.pdfSecurity Infrastructure for Trusted Offloading in Mobile Cloud

Prof. Kai Hwang, USC, Huawei Forum, Nov.8, 2014 9 - 11

Security Mechanisms in Cloudlet Mesh

Page 12: Security Infrastructure for Trusted Offloading in …gridsec.usc.edu/.../Hwang-MobiloeCloudSecurity-Huawei-Nov8-2014.pdfSecurity Infrastructure for Trusted Offloading in Mobile Cloud

Prof. Kai Hwang, USC, Huawei Forum, Nov.8, 2014 9 - 12

Security Protocols Developed at USC for Mobile Cloud Computing

Page 13: Security Infrastructure for Trusted Offloading in …gridsec.usc.edu/.../Hwang-MobiloeCloudSecurity-Huawei-Nov8-2014.pdfSecurity Infrastructure for Trusted Offloading in Mobile Cloud

Prof. Kai Hwang, USC, Huawei Forum, Nov.8, 2014 9 - 13

Collective Intrusion Detection Results by Multiple Cloudlets in the Mesh

Page 14: Security Infrastructure for Trusted Offloading in …gridsec.usc.edu/.../Hwang-MobiloeCloudSecurity-Huawei-Nov8-2014.pdfSecurity Infrastructure for Trusted Offloading in Mobile Cloud

Prof. Kai Hwang, USC

Cloud Service Models and Their Security Demands

Source: K. Hwang and D. Li, “ Trusted Cloud Computing with Secure Resources and Data Coloring”, IEEE Internet Computing, Vol.14, Sept. 2010.

Page 15: Security Infrastructure for Trusted Offloading in …gridsec.usc.edu/.../Hwang-MobiloeCloudSecurity-Huawei-Nov8-2014.pdfSecurity Infrastructure for Trusted Offloading in Mobile Cloud

An DHT-based Trust Overlay Network for Developing Reputation Systems to Secure Cloud Resources over Datacenters

(2) Y. Chen, K. Hwang, and W. S. Ku, “Collaborative Detection of DDoS Attacks over Multiple Network Domains”, IEEE Trans. on Parallel and Distributed Systems , Dec. 2007.

Sources: (1). M. Cai, K. Hwang, Y. K. Kwok, S. Song, and Y. Chen, “Collaborative Internet Worm Containment”, IEEE Security and Privacy, May/June 2005, pp.25-33.

Page 16: Security Infrastructure for Trusted Offloading in …gridsec.usc.edu/.../Hwang-MobiloeCloudSecurity-Huawei-Nov8-2014.pdfSecurity Infrastructure for Trusted Offloading in Mobile Cloud

Cloud and Data Security and

Copyright Protection

Source: S. Song, K. Hwang, R Zhou, and Y.K. Kwok, “Trusted P2P Transactions with Fuzzy Reputation Aggregation”, IEEE Internet Computing, Special Issue on Security

for P2P and AD Hoc Networks, Vol.9, Nov/Dec. 2004.

Page 17: Security Infrastructure for Trusted Offloading in …gridsec.usc.edu/.../Hwang-MobiloeCloudSecurity-Huawei-Nov8-2014.pdfSecurity Infrastructure for Trusted Offloading in Mobile Cloud

Data Coloring for Privacy Protection on The Cloud

Source: K. Hwang and D. Li, “ Trusted Cloud Computing with Secure Resources and Data Coloring”, IEEE Internet Computing, Vol.14, Sept. 2010.

Page 18: Security Infrastructure for Trusted Offloading in …gridsec.usc.edu/.../Hwang-MobiloeCloudSecurity-Huawei-Nov8-2014.pdfSecurity Infrastructure for Trusted Offloading in Mobile Cloud

Data Color Matching for owner/user authentication and authorization purposes in a cloud environment

Page 19: Security Infrastructure for Trusted Offloading in …gridsec.usc.edu/.../Hwang-MobiloeCloudSecurity-Huawei-Nov8-2014.pdfSecurity Infrastructure for Trusted Offloading in Mobile Cloud

19

This work were cited 511 times by Google Scholar Citations as of today

Page 20: Security Infrastructure for Trusted Offloading in …gridsec.usc.edu/.../Hwang-MobiloeCloudSecurity-Huawei-Nov8-2014.pdfSecurity Infrastructure for Trusted Offloading in Mobile Cloud

HIDS for Automated Intrusion Response generation

Source: K. Hwang, M. Cai, Y. Chen, and M. Qin, “Hybrid Intrusion Detection with

Weighted Signature Generation over Anomalous Internet Episodes”, IEEE Trans.

on Dependable and Secure Computing, Vol.4, No.1, Jan-March, 2007.

Page 21: Security Infrastructure for Trusted Offloading in …gridsec.usc.edu/.../Hwang-MobiloeCloudSecurity-Huawei-Nov8-2014.pdfSecurity Infrastructure for Trusted Offloading in Mobile Cloud

CSA Top 10 Data Security and Privacy Challenges

21

1. Secure computations

2. Secure non-relational datastores

3. Secure data storage and logs

4. End-point input validation/filtering

5. Real time security monitoring

6. Privacy- preserving data mining and analytics

7. Cryptographic access control

8. Granular access control

9. Granular audits

10. Data provenance

Page 22: Security Infrastructure for Trusted Offloading in …gridsec.usc.edu/.../Hwang-MobiloeCloudSecurity-Huawei-Nov8-2014.pdfSecurity Infrastructure for Trusted Offloading in Mobile Cloud

Prof. Kai Hwang, USC, May 28, 2014

2

2

� The BYOD has already posed an increased risk to many business

organizations. With BYOC, employees are installing public cloud

services such as Dropbox and iCloud on their corporate desktops

and mobile devices.

� BYOC introduces additional security threats to the organizations

by blurring the boundaries between personal data and business

confidential data. This makes the organizations to deman more

control on their security policy for access and distribution of

corporate information.

BYOD (Bring your Own Device) vs.

BYOC (Bring Your Own Cloud)

BYOC Demands More Security Enforcement

Page 23: Security Infrastructure for Trusted Offloading in …gridsec.usc.edu/.../Hwang-MobiloeCloudSecurity-Huawei-Nov8-2014.pdfSecurity Infrastructure for Trusted Offloading in Mobile Cloud

Building Accountability Systems To Establish SLA

Compliance Between Users and Providers

23

Page 24: Security Infrastructure for Trusted Offloading in …gridsec.usc.edu/.../Hwang-MobiloeCloudSecurity-Huawei-Nov8-2014.pdfSecurity Infrastructure for Trusted Offloading in Mobile Cloud

Prof. Kai Hwang, USC, Huawei Forum, Nov.8, 2014 9 - 24

From 3G and 4G to 5 G Mobile Core Networks

Page 25: Security Infrastructure for Trusted Offloading in …gridsec.usc.edu/.../Hwang-MobiloeCloudSecurity-Huawei-Nov8-2014.pdfSecurity Infrastructure for Trusted Offloading in Mobile Cloud

Virtual Base Station Pool and C-RAN Bear Network (3)

Page 26: Security Infrastructure for Trusted Offloading in …gridsec.usc.edu/.../Hwang-MobiloeCloudSecurity-Huawei-Nov8-2014.pdfSecurity Infrastructure for Trusted Offloading in Mobile Cloud

Prof. Kai Hwang, USC, 2014

Trusted Cloud Mashup for Big Data Apps

Page 27: Security Infrastructure for Trusted Offloading in …gridsec.usc.edu/.../Hwang-MobiloeCloudSecurity-Huawei-Nov8-2014.pdfSecurity Infrastructure for Trusted Offloading in Mobile Cloud

Prof. Kai Hwang, USC, 2014

MapReduce Filtering of Twitter Spams on The AWS EC2 Platform

Page 28: Security Infrastructure for Trusted Offloading in …gridsec.usc.edu/.../Hwang-MobiloeCloudSecurity-Huawei-Nov8-2014.pdfSecurity Infrastructure for Trusted Offloading in Mobile Cloud

Prof. Kai Hwang, USC, Huawei Forum, Nov.8, 2014 9 - 28

MapReduce Filtering Results of Spam Detectionin Twitter Blogs over The Amazon EC2 Cloud

Source: Y. Shi, S. Abhilash and K. Hwang, “Cloudlet Mesh for Securing Mobile Clouds: Security

Architecture and Protocols”, IEEE Int’l Conf. Mobile Cloud Computing, March 2015

Page 29: Security Infrastructure for Trusted Offloading in …gridsec.usc.edu/.../Hwang-MobiloeCloudSecurity-Huawei-Nov8-2014.pdfSecurity Infrastructure for Trusted Offloading in Mobile Cloud

Prof. Kai Hwang, USC, Huawei Forum, Nov.8, 2014 9 - 29

Architecture of The Internet of Things

Merchandise Tracking

Environment Protection

Intelligent Search

Tele-medicine

Intelligent Traffic

Cloud Computing Platform

Smart Home

Mobile Telecom Network

The Internet

InformationNetwork

RFID

RFID Label

Sensor Network

Sensor Nodes

GPS

Road Mapper

Sensing Layer

Network Layer

Application Layer

Source: K. Hwang, G. Fox, and J. Dongarra, Distributed and Cloud Computing : from

Parallel Processing to The Internet of Things, Morgan Kaufmann Publisher, Oct. 2011

Page 30: Security Infrastructure for Trusted Offloading in …gridsec.usc.edu/.../Hwang-MobiloeCloudSecurity-Huawei-Nov8-2014.pdfSecurity Infrastructure for Trusted Offloading in Mobile Cloud

Prof. Kai Hwang, USC, Huawei Forum, Nov.8, 2014 9 - 30

Cloud Support of the Internet of Things

and Social Network Applications

1. Smart and pervasive cloud applications for individuals, homes,

communities, companies, and governments, etc.

2. Coordinated calendar, itinerary, job management, events, and

consumer record management (CRM) services

3. Coordinated word processing, on-line presentations, web-based

desktops, sharing on-line documents, datasets, photos, video, and

databases, content distribution, etc.

4. Deploy conventional cluster, grid, P2P, social networking

applications in the cloud environments, more cost-effectively.

5. Earthbound applications that demand elasticity and parallelism to

avoid large data movement and reduce the storage costs

Page 31: Security Infrastructure for Trusted Offloading in …gridsec.usc.edu/.../Hwang-MobiloeCloudSecurity-Huawei-Nov8-2014.pdfSecurity Infrastructure for Trusted Offloading in Mobile Cloud

Prof. Kai Hwang, USC, Nov. 8, 2014

3

1

Big Data

Security

in Clouds

Page 32: Security Infrastructure for Trusted Offloading in …gridsec.usc.edu/.../Hwang-MobiloeCloudSecurity-Huawei-Nov8-2014.pdfSecurity Infrastructure for Trusted Offloading in Mobile Cloud

Concluding Remarks :

� Mobile cloud security and big data privacy are facing a trust

dilemma by the general public. Without security assurance,

most users will be reluctant to accept clouds, P2P, social

networks, and IoT apps in the future.

� Due to the economies of scale, the cloud providers must have

dedicated teams of security professionals or specialists.

Cloud datacenters must have stronger protection in par of the

military standards.

� SMACT technologies (Social, Mobile, Analytics, Clouds, and

IoT) are changing our world, reshaping the human relations,

promoting the global economy, and triggering even some

societal and political reforms in different regions of the world

like it or not.

Contact: [email protected]