An efficient secure platform for storage in MCC
Karim ZKIK Maha TEBAA
University of University of
Mohammed-V, Mohammed-V,
Faculty of Sciences Faculty of Sciences
Rabat, Morocco, Rabat, Morocco,
Karim.zkik@gmail.com. maha.tebaa@gmail.com.
Abstract— The Mobile Cloud Computing offers more and more
services for data storage and sharing. It offers to users enormous
storage space and allows them to recover their data anywhere
and anytime. But the evolution of these services in the MCC
remains slow, in front of the many constraints it faces such as
processing power limitation, high energy consumption and
problems related to data security and confidentiality. We
propose an efficient structure for storing and sharing data that
ensures security and user privacy without overloading the mobile
device. Our structure enables quick and easy access to a Cloud
server for uploading and downloading data safely. Our platform
uses a system of files classification and a homomorphic keyword
research for more fluent and easy access.
Keywords-component; Mobile Cloud Computing; Security and
privacy; Encryption; Storage; Sharing data.
I. INTRODUCTION
The Mobile Cloud Computing (MCC) [1] is in full
expansion, and it is gaining more and more popularity due to
the industrial explosion of the mobile industry and prosperous
commerce of touchpad and smartphones. A recent study from
ABI Research [2] has expected that mobile cloud computing
industry revenues will boast and reach $5.2 billion by 2015.
The Mobile Cloud Computing offers many services [3-5] to
users, and it offers more processing resources and storage
space on demand. It has become an essential asset for mobile
users, and several researches [6-8] are being or have been
already made to offer even more options and flexible access for
mobile users.
Storage services are one of the main axes of the MCC but
their expansion is slower compared to other services offered by
cloud providers. Several recent studies [9-11] concluded that
problems related to data security and user privacy are the first
barriers against the fast deployment of these services,
especially in a mobile environment, because it is limited in
processing power, a low or average storage space, an
unpredictable Internet connectivity, and a very high energy
consumption.
W. Jia et al. [12] proposed a data security scheme to
encrypt, store and share data in the MCC environment, without
divulging information. This structure ensures data
confidentiality, but it has no authentication or resource
Ghizlane ORHANOU Said EL HAJJI
University of University of
Mohammed-V, Mohammed-V,
Faculty of Sciences Faculty of Sciences
Rabat, Morocco, Rabat, Morocco,
orhanou@fsr.ac.ma. elhajji@fsr.ac.ma.
management mechanism. W. Ren et al. [13] proposed a
structure that ensures confidentiality and integrity of user’s
files stored in the Cloud. They established a resource
management process to reduce mobile’s energy consumption
during encryption, storing and downloading data, but their
structure doesn’t allow sharing data with other users, and it
uses vectors coding or exclusive-OR for data encryption.
Sandeep K. Sood [14] proposed a security scheme for
authenticating users, and ensures data confidentiality and
integrity. This mechanism proposes a classification of data and
a flexible access to the cloud server, but it doesn’t allow
sharing data, and it has no resource management process. J.
Han et al. [15] proposed an Identity-based proxy re-encryption
schemes for authentication, confidentiality and secure sharing
data between mobile users in a MCC environment. This
mechanism provides no data classification or resource
management and doesn’t secure user data in case of loss of
mobile device or user’s password.
We propose in the present paper an efficient secure
platform “E.S.P” that allows mobile users to crypt and encrypt
their data, store and download them in and from a cloud server,
and share safely their personal data with other users, while
ensuring the authenticity, confidentiality and data integrity, and
without overloading the mobile device. Our structure is
composed of three main entities: the mobile device (MD),
cloud server (CLS) and a local server (LS). The mobile device
is responsible for encryption, decryption, sending, and
downloading data. The local server is responsible for mobile
users authentication, and generates session keys that allow
users to communicate with the cloud server safely. The Cloud
server stores users encrypted data.
II. SECURE PLATFORM FOR STORAGE
We will propose a secure platform “Fig. 1”, for storing and
downloading data from a mobile device to a cloud server. Our
secure platform process is divided into three steps:
First we will present a Storage Scheme that allows mobile
users to store their personal data in a distant cloud server
safely. Then we will present a Downloading Scheme that
enables mobile users to retrieve their data from the Cloud
server. Finally we will present a Sharing Scheme which will
enable mobile users to share data stored in the cloud with other
users safely.
 good level of data security without overloading the
Local Server
machine. Disclosure of public data (PD) doesn’t
Mobile User
represent any risk to users. For public data (PD) we
Registration and Authentication
will not need to use encryption function because
disclosure will not represent any risk to mobile users
nor compromise their privacy in any case.
Send the session key
 Then we will propose a mechanism that will allow us
to cut data into multiple blocks before encryption,
which will avoid overloading the machine during the
Upload Download processing of a very big quantity of data.
Data Data

Cloud Server Mobile User

Download Shared Data

Figure 1. Global structure of storing and sharing data

A. Efficient uploading Scheme

The mobile device sends a connection request to the local
server. The local server checks the request validity and sends a
session password that will allow the mobile users to access the
Cloud server and store their personal data.
Several attacks can compromise user’s security and privacy
especially in front of limited processing capacity and resources
of a mobile device [16-17]. Sniffing attacks [18] can be
especially very dangerous because they allow the attacker to
intercept communications between the various entities, to
intercept passwords and all client server communications, and
then easily retrieve sensitive user’s data. To avoid this problem,
we developed an encryption system that uses cryptographic
functions between different entities to protect communications.
So, all passwords and data are encrypted before being sent, in a Figure 2. Storage scheme process
way that only mobile user and local server that are concerned
can decrypt and interpret. Our secure storage scheme as shown in “Fig. 2” is as
follows:
Given the mobile devices limited capacities of processing
and calculating, data encryption and decryption can sometimes 1- Each user must authenticate to the server with his login
be cumbersome for the machine especially large data. To avoid (Log) and password (PWD), and sends a request to
this problem, we proposed a mechanism “Fig. 2” which retrieve a new session password (PWS) that will allow
encrypts and stores data without causing machine overload, and him to communicate with the cloud server.
keeps a high level of data security. For that we will process in
two ways: DM → LS: E [PKLS (Log, PWD, ID)], Rn,
Sig [PKLS (H (ID, Num))], H (ID, Num). (1)
 First we will propose a system that divides data into Rn is a random generated number for the proof of identity, H
three categories: highly sensitive data (HSD), standard is a standard hash function, PKLS represents the public key of
data (SD) and public data (PD). Disclosure of highly local server
sensitive data (HSD) represents a major risk to users, 2- Local server checks the validity of the request before
so we will use strong encryption and decryption sending the session password (PWS) to mobile user
functions which will allow us to keep a very high
level of security. Disclosure of standard data (SD) LS → DM: E [PKDM (ID, Num, Rn, PWS),
represents an average or minor risk, so we will use Sig [PKDM (H (ID, Num))]. (2)
standard encryption functions that do not require very PKDM represents the public key of mobile device
high computing power, which will allow us to keep a
3- Mobile user must select the files he wish to store in the 2- Local server checks validity of the request and the
cloud server, and select corresponding category for these signature and then sends a secret question (SQ) to
data. which only mobile user knows the answer.
4- The mobile device divides the selected file into n blocks LS → DM: E [PKDM (ID, Rn, SQ),
of equal size and then encrypts each one, the encryption is Sig [PKDM (H (ID, Num))]. (5)
made according to the category of selected data:
 If the data is HDS type, we encrypt each block
using strong encryption functions (SEF)
If file = HDS Mobile User Local Server
{Cut file into n parts:
File = {f1, ……, fn}; Authentication
Encrypt each part with strong encryption functions:
request for download
ESEF [f1] … ESEF [fn] ;}
- Verify validity of request
 If the data is SD type, we encrypt each block
Send the sercret question
using standard encryption functions (StdF)
If file = SD - Answer to the secret
question
{Cut file into n parts:
Cloud Server
File = {f1, ……, fn};
Encrypt each part with standard encryption functions: Send the session key and
request to download files
- Verify validity and the
EStdF [f1], …, EStdF [fn] ;} integrity of request
Send encrypted files
 If the data is PD type, we will not need to
encrypt it. - Decrypt files

5- The mobile device will then generate an electronic - verify integrity of files
signature to ensure the integrity of mobile user's data and and assemble different
send the file to the cloud server for storage. part to obtain original file

MD → CLS: PWS, ID, E (Data), Figure 3. Downloading scheme process

Sig [PKDM (H (ID, Num, R’n))]. (3)
R’n is a random generated number for the proof of identity 3- After correctly answering the secret question, user
sends a download request to the cloud server to
B. Downloading Scheme
retrieve the n pieces of encrypted file.
We will present a downloading scheme that allows mobile
users to recover their data stored in the cloud server. The goal DM → CLS: PWS, ID,
of this structure is to download files stored in Cloud server Sig [PKDM (H (ID, Num, R’n))]. (6)
safely, ensure the integrity of data and authenticity of mobile
users, and also propose measures against attacks targeting theft
4- The mobile device decrypts received files according
of data and user identities.
to their categories.
In case of loss of his mobile device or password, the user
may lose data. To avoid this problem we will ensure that each  If the data is HDS type, it decrypt each block
user responds to a secret authentication question before he can using strong encryption functions (SEF)
retrieve his personal data. This measure will help to protect If file = HDS
sensitive data of mobile users even in case of losing password.
{Receive the n parts:
Our secure downloading scheme as shown in “Fig. 3” is as
follows: ESEF [f1] … ESEF [fn];

1- To access to his data the mobile user sends a
download request to local server using the session
key.
DM → LS: E [PKLS (PWS, ID)], Rn,
Sig [PKLS (H (ID, Num))], H (ID, Num). (4)
Decrypt each part with strong encryption functions:
DSEF [f1] … DSEF [fn] → File= {f1, ……, fn};}
 If the data is SD type, it decrypt each block using
standard encryption functions (StdF)
 If file = SD
{Receive the n parts: Our secure sharing scheme as shown in “Fig. 4” is as follows:
EStdF [f1] … EStdF [fn]; 1- User interrogates local server to retrieve public key of
user B (PKUB) by using his ID (IDUB) and phone
Decrypt each part with strong encryption functions: number (NumUB).
DStdF [f1] … DStdF [fn] → File= {f1, ……, fn};}
DM → LS: E [PKLS (Log, PWD, IDUB, NumUB)], Rn,
 If the data is PD type, we will not need to Sig[PKLS (H (ID, Num))], H (ID, Num). (7)
decrypt it.
5- The mobile device checks the validity of the signature 2- The server checks request validity before sending a
and data integrity before assembling all the received response to user A.
pieces to recover the original file.
LS → DM: E [PKDM (ID, Rn, PKUB),
C. Sharing Scheme Sig [PKDM (H (ID, Num))]. (8)
We will present in this part a data sharing scheme that 3- User "A" encrypts data he wishes to share with the
allows concerned mobile users to download data stored in the user B using his public key PKB and sends the
cloud server. The purpose of this mechanism is to enable users encrypted data to the cloud server.
to share their data safely without losing it, and prevent
MD → CLS: PWS, ID, E[ PKUB (Data)],
malicious persons from seizing it.
Sig [PKUB (H (IDUB, NumUB))]. (9)
It is assumed that mobile users have already registered in
local server and that public encryption keys are properly shared 4- User B can retrieve this data at any time, and decrypt
between different entities. In our scheme we will present a it using his private key.
scenario that illustrates a mechanism which enables any
registered user A to share data with another user B. III. PERFORMANCE ANALYSIS

A. Key word homomorphic research

Looking for a specific file between stored data in the cloud
can be very annoying for users especially when data stored are
Data owner encrypted and divided into several parts. To overcome this
(user A) problem we have developed a keyword research system that
uses homomorphic encryption [19].
Cloud
Server Using this mechanism can only be achieved if our data is
encrypted with a homomorphic cryptosystem, this is why we
- Encrypt files with the have chosen in our tests to encrypt highly sensitive data (HSD),
public key PK of user B using RSA cryptosystem [20], which is homomorphic.
Send encrypted files
Homomorphic encryption allows us to make operations on
encrypted data without decrypting it. RSA cryptosystem is
-Store encrypted files homomorphic for multiplication, so it can be used to perform a
keyword research in a database of encrypted data without
decrypting it. RSA generator provides a public key used in the
encryption of data, mobile user can then send a request to cloud
Mobile User Send request to server in which it requests a keyword research or information
(user B) download files about the keyword that is already encrypted. Cloud server has
- Verify the validity and
the integrity of request no information on this research subject; it makes the research
requested by the customer, and then returns the response to the
Send encrypted files mobile, also encrypted. The mobile can decrypt it with his
- Decrypt files with the public key already generated.
secret key SK of user B
B. Performance analysis
- Verify the integrity of The proposed platform offers the possibility to
files and assemble communicate with a cloud server while ensuring data security
different part to obtain and user privacy. To evaluate our model and to demonstrate its
original file multiple functionality and efficiency, we will propose a
comparison of our security framework with other existing
models
Figure 4. Sharing scheme process
 TABLE I. COMPARAISON OF SECURE STORAGE DATA FRAMEWORKS

Secure storage data frameworks

Jia et al.[12] Ren et al. [13] Han et al. [15]

Our model
2011 2011 2013
Authentication No Yes Yes Yes
Confidentiality Yes Yes Yes Yes
Encryption Yes Yes No Yes
Sharing Data Yes No Yes Yes
Data integrity No Yes No Yes
Storage provider verification No No No Yes
Management of mobile resource No Yes No Yes
Keyword research No No No Yes
Secure Data even after loss password No No No Yes

The comparison table that we have established
demonstrates that our structure allows storing and sharing data
safely, and saves mobile resources and does not overload the
machine. Our structure allows also a data classification, and
research keyword using the homomorphic encryption.
IV. SIMULATION OF THE E.S.P
A. Experiment Environment
Practical evaluation is performed in a personal computer,
with the following characteristics:
 Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
(8 CPUs), ~2.2GHz.
 Memory 8192MB RAM
 Intel(R) HD Graphics Family (1696 MB).
request. The local server verifies the authenticity of the mobile
user and generates a session key.
The application allows users to select the data they want to
store, choose its class according to its level of importance and
sensitivity, and split the selected data into n blocks and encrypt
each block using corresponding encryption function to its
category. The application is also responsible of sending file
encrypted parts to Cloud server using session key that it had
previously received from local server.
To retrieve data stored in cloud server, the mobile
application sends a request to local server, which sends a secret
question to verify mobile user authenticity. After
authentication, the mobile application downloads the n
encrypted parts of the file from the cloud server, decrypts each
part, verifies data integrity and assembles these n parts to
recover the original file.

We developed our application with java and java android,
and we used an android smartphone for testing with the
following characteristics:
 Processor dual-core 1.2GHz.
 Memory 1 Go
N.B: We made test on virtual machine before implementing
our application in real machines.
B. Simulation process
We propose in this part an implementation of our platform
of storage, and sharing data in a Mobile Cloud computing
environment. We developed an application with java Android,
which splits the data into n blocks, encrypt and decrypt, then
sending and downloading data to and from the cloud server.
We have also set up a local server for authentication of mobile
users, and also for generating the session keys to allow users to
communicate with the cloud server.
The mobile application allows initially the registration of
users in the local server database, and then sends a storage
In order to share data with other users, the application sends
a request to local server to retrieve public keys of concerned
users. The mobile application repeats storage scheme, but by
using, during encryption, public key of the user with whom we
want to share data. This user can recover stored data by
following downloading scheme, and then decrypt it with his
private key.
C. Simulation results
In this part we make a test of our structure. Initially we
encrypt and send a PDF file to a cloud server, and then we try
to upload the encrypted data, decrypt it and recover our original
file.
Before encrypting our file we have to set its class, which is
needed to select the appropriate cryptosystem. In our tests we
used the RSA algorithm for sensitive data encryption and
decryption and the DES algorithm for standard data encryption
and decryption.
The “Fig. 5” represents a simulation of our uploading
scheme, and “Fig. 6” represents a simulation of our
downloading scheme.
 Figure 5. Simuation of uploading scheme

Figure 6. Simulation of downloading scheme

 The results of our test conclude that our platform can store
user data safely by ensuring its confidentiality and integrity,
along with user privacy.
CONCLUSION
Our efficient secure platform “E.S.P” model requires use
of a local server for storing data, which allows user to collect a
session key to communicate safely with the cloud server and
avoid replay attacks. Our system offers a classification and a
divided files process to save mobile resource, and encrypts
just sensitive files and therefore doesn’t overload mobile
device while processing large data. We have also developed a
keyword research mechanism to facilitate access to data stored
in the cloud server, using homomorphic encryption
specificities.
In a concern of continuous development, we plan to make our
platform faster and more efficient, especially for very large
data, which will allow us to extend the possibilities of its use.
We also plan to use the specificity of homomorphic encryption
while processing data, which will enable us to do calculations
on encrypted data from the Cloud server without overloading
our machine, and without losing user privacy.
REFERENCES
[1] N. Fernando, Seng W. Loke, W.enny Rahayu, “Mobile cloud
computing: A survey”, Future Generation Computer Systems 29, pp.
84–106, 2013.
[2] Enterprise Mobile Cloud Computing, available
https://www.abiresearch.com/market-research/product/1004607-
enterprise-mobile-cloud-computing/.
[3] Hoang T. Dinh, C. Lee, D. Niyato, P. Wang, “A survey of mobile cloud
computing: architecture, applications, and approaches”, Wireless
Communications and Mobile Computing, Volume 13, Issue 18, pp.
1587–1611, 2013.
[4] Jason H. Christensen, “Using RESTful web-services and cloud
computing to create next generation mobile applications”, Proceedings
of the 24th ACM SIGPLAN conference companion on Object oriented
programming systems languages and applications, pp. 627-634, 2009.
[5] X. Zhang, J. Schiffman, S. Gibbs, A. Kunjithapatham, S. Jeong,
“Securing elastic applications on mobile devices for cloud computing”,
Proceedings of the 2009 ACM workshop on Cloud computing security,
pp. 127-134, 2009.
[6] J. Yang, H. Wang, J. Wang, C. Tan, D. Yu1, Provable data possession of
resource constrained mobile devices in cloud computing, Journal of
Networks 6 (7), pp. 1033–1040, 2011.
[7] D. Huan, X. Zhang, M. Kang, J. Luo, “MobiCloud: building secure
cloud framework for mobile computing and communication”, in: Proc.
5th IEEE Int. Symposium on Service Oriented System Engineering,
SOSE ’10, Nanjing, China, 2010.
[8] K. Kumar , Y. Hsiang Lu, “Cloud Computing for Mobile Users: Can
Offloading Computation Save Energy?”, IEEE COMPUTER SOCIETY
DIGITAL LIBRARY (CSDL), vol.43 , pp. 51-56, 2010.
[9] John W. Rittinghouse, James F. Ransome, “Cloud Computing:
Implementation, Management, and Security”, 2009.
[10] D. Huang, Z. Zhou, L. Xu, T. Xing, “Secure data processing framework
for mobile cloud computing”, Computer Communications Workshops
(INFOCOM WKSHPS), pp. 614 – 618, 2011 IEEE Conference on,
2011.
[11] A. Nasir Khan, M. Kiah, Samee U. Khan, Sajjad A. Madani, “Towards
secure mobile cloud computing: A survey”, Future Generation Computer
Systems 29, pp. 1278–1299, 2013.
[12] W. Jia, H. Zhu, Z. Cao, L. Wei, X. Lin, “SDSM: a secure data service
mechanism in mobile cloud computing”, in: Proc. IEEE Conference on
Computer Communications Workshops, INFOCOM WKSHPS,
Shanghai, China, 2011.
[13] W. Ren, L. Yu, R. Gao, F. Xiong, Lightweight and compromise resilient
storage outsourcing with distributed secure accessibility in mobile cloud
computing, Journal of Tsinghua Science and Technology 16 (5), pp.
520–528, 2011.
[14] Sandeep K.Sood ,A combined approach to ensure data security in cloud
computing, Journal of Network and Computer Applications 35, pp.
1831–1838, 2012.
[15] J. Hana, W. Susilo, Y. Mu, “Identity-based data storage in cloud
computing”,Future Generation Computer Systems 29, pp. 673–681,
2013.
[16] Houmansadr, Zonouz, Berthier, “A cloud-based intrusion detection and
response system for mobile phones”, Dependable Systems and Networks
in :
Workshops (DSN-W), 2011 IEEE/IFIP 41st International Conference
on, 2011.
[17] F. Cheng, “Security Attack Safe Mobile and Cloud-based One-time
Password Tokens Using Rubbing Encryption Algorithm”, Journal
Mobile Networks and Applications, Volume 16 Issue 3, pp. 304-336,
June 2011.
[18] L. Cai, S. Machiraju, H. Chen, “Defending against sensor-sniffing
attacks on mobile phones”, Proceedings of the 1st ACM workshop on
Networking, systems, and applications for mobile handhelds, pp. 31-36,
2009.
[19] M. Ogburn, C. Turner, P. Dahal, “Homomorphic Encryption“, Procedia
Computer Science 20, pp. 502 – 509, 2013.
[20] R. Rivest, A. Shamir, L. M. Adleman, "A method for obtaining digital
signatures and public-key cryptosystems”, Communications of the
ACM, 21(2), pp.120-126, 1978.