Professional Documents
Culture Documents
Secure Platform For Storage in MCC
Secure Platform For Storage in MCC
Secure Platform For Storage in MCC
Abstract— The Mobile Cloud Computing offers more and more management mechanism. W. Ren et al. [13] proposed a
services for data storage and sharing. It offers to users enormous structure that ensures confidentiality and integrity of user’s
storage space and allows them to recover their data anywhere files stored in the Cloud. They established a resource
and anytime. But the evolution of these services in the MCC management process to reduce mobile’s energy consumption
remains slow, in front of the many constraints it faces such as during encryption, storing and downloading data, but their
processing power limitation, high energy consumption and structure doesn’t allow sharing data with other users, and it
problems related to data security and confidentiality. We uses vectors coding or exclusive-OR for data encryption.
propose an efficient structure for storing and sharing data that Sandeep K. Sood [14] proposed a security scheme for
ensures security and user privacy without overloading the mobile
authenticating users, and ensures data confidentiality and
device. Our structure enables quick and easy access to a Cloud
server for uploading and downloading data safely. Our platform
integrity. This mechanism proposes a classification of data and
uses a system of files classification and a homomorphic keyword a flexible access to the cloud server, but it doesn’t allow
research for more fluent and easy access. sharing data, and it has no resource management process. J.
Han et al. [15] proposed an Identity-based proxy re-encryption
Keywords-component; Mobile Cloud Computing; Security and schemes for authentication, confidentiality and secure sharing
privacy; Encryption; Storage; Sharing data. data between mobile users in a MCC environment. This
mechanism provides no data classification or resource
I. INTRODUCTION management and doesn’t secure user data in case of loss of
mobile device or user’s password.
The Mobile Cloud Computing (MCC) [1] is in full
expansion, and it is gaining more and more popularity due to We propose in the present paper an efficient secure
the industrial explosion of the mobile industry and prosperous platform “E.S.P” that allows mobile users to crypt and encrypt
commerce of touchpad and smartphones. A recent study from their data, store and download them in and from a cloud server,
ABI Research [2] has expected that mobile cloud computing and share safely their personal data with other users, while
industry revenues will boast and reach $5.2 billion by 2015. ensuring the authenticity, confidentiality and data integrity, and
without overloading the mobile device. Our structure is
The Mobile Cloud Computing offers many services [3-5] to composed of three main entities: the mobile device (MD),
users, and it offers more processing resources and storage cloud server (CLS) and a local server (LS). The mobile device
space on demand. It has become an essential asset for mobile is responsible for encryption, decryption, sending, and
users, and several researches [6-8] are being or have been downloading data. The local server is responsible for mobile
already made to offer even more options and flexible access for users authentication, and generates session keys that allow
mobile users. users to communicate with the cloud server safely. The Cloud
Storage services are one of the main axes of the MCC but server stores users encrypted data.
their expansion is slower compared to other services offered by
cloud providers. Several recent studies [9-11] concluded that II. SECURE PLATFORM FOR STORAGE
problems related to data security and user privacy are the first We will propose a secure platform “Fig. 1”, for storing and
barriers against the fast deployment of these services, downloading data from a mobile device to a cloud server. Our
especially in a mobile environment, because it is limited in secure platform process is divided into three steps:
processing power, a low or average storage space, an
unpredictable Internet connectivity, and a very high energy First we will present a Storage Scheme that allows mobile
consumption. users to store their personal data in a distant cloud server
safely. Then we will present a Downloading Scheme that
W. Jia et al. [12] proposed a data security scheme to enables mobile users to retrieve their data from the Cloud
encrypt, store and share data in the MCC environment, without server. Finally we will present a Sharing Scheme which will
divulging information. This structure ensures data enable mobile users to share data stored in the cloud with other
confidentiality, but it has no authentication or resource users safely.
good level of data security without overloading the
Local Server
machine. Disclosure of public data (PD) doesn’t
Mobile User
represent any risk to users. For public data (PD) we
Registration and Authentication
will not need to use encryption function because
disclosure will not represent any risk to mobile users
nor compromise their privacy in any case.
Send the session key
Then we will propose a mechanism that will allow us
to cut data into multiple blocks before encryption,
which will avoid overloading the machine during the
Upload Download processing of a very big quantity of data.
Data Data
5- The mobile device will then generate an electronic - verify integrity of files
signature to ensure the integrity of mobile user's data and and assemble different
send the file to the cloud server for storage. part to obtain original file
1- To access to his data the mobile user sends a Decrypt each part with strong encryption functions:
download request to local server using the session DSEF [f1] … DSEF [fn] → File= {f1, ……, fn};}
key.
If the data is SD type, it decrypt each block using
DM → LS: E [PKLS (PWS, ID)], Rn, standard encryption functions (StdF)
Sig [PKLS (H (ID, Num))], H (ID, Num). (4)
If file = SD
{Receive the n parts: Our secure sharing scheme as shown in “Fig. 4” is as follows:
EStdF [f1] … EStdF [fn]; 1- User interrogates local server to retrieve public key of
user B (PKUB) by using his ID (IDUB) and phone
Decrypt each part with strong encryption functions: number (NumUB).
DStdF [f1] … DStdF [fn] → File= {f1, ……, fn};}
DM → LS: E [PKLS (Log, PWD, IDUB, NumUB)], Rn,
If the data is PD type, we will not need to Sig[PKLS (H (ID, Num))], H (ID, Num). (7)
decrypt it.
5- The mobile device checks the validity of the signature 2- The server checks request validity before sending a
and data integrity before assembling all the received response to user A.
pieces to recover the original file.
LS → DM: E [PKDM (ID, Rn, PKUB),
C. Sharing Scheme Sig [PKDM (H (ID, Num))]. (8)
We will present in this part a data sharing scheme that 3- User "A" encrypts data he wishes to share with the
allows concerned mobile users to download data stored in the user B using his public key PKB and sends the
cloud server. The purpose of this mechanism is to enable users encrypted data to the cloud server.
to share their data safely without losing it, and prevent
MD → CLS: PWS, ID, E[ PKUB (Data)],
malicious persons from seizing it.
Sig [PKUB (H (IDUB, NumUB))]. (9)
It is assumed that mobile users have already registered in
local server and that public encryption keys are properly shared 4- User B can retrieve this data at any time, and decrypt
between different entities. In our scheme we will present a it using his private key.
scenario that illustrates a mechanism which enables any
registered user A to share data with another user B. III. PERFORMANCE ANALYSIS
The comparison table that we have established request. The local server verifies the authenticity of the mobile
demonstrates that our structure allows storing and sharing data user and generates a session key.
safely, and saves mobile resources and does not overload the
machine. Our structure allows also a data classification, and The application allows users to select the data they want to
research keyword using the homomorphic encryption. store, choose its class according to its level of importance and
sensitivity, and split the selected data into n blocks and encrypt
each block using corresponding encryption function to its
IV. SIMULATION OF THE E.S.P category. The application is also responsible of sending file
encrypted parts to Cloud server using session key that it had
A. Experiment Environment previously received from local server.
Practical evaluation is performed in a personal computer,
To retrieve data stored in cloud server, the mobile
with the following characteristics:
application sends a request to local server, which sends a secret
Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz question to verify mobile user authenticity. After
(8 CPUs), ~2.2GHz. authentication, the mobile application downloads the n
encrypted parts of the file from the cloud server, decrypts each
Memory 8192MB RAM part, verifies data integrity and assembles these n parts to
Intel(R) HD Graphics Family (1696 MB). recover the original file.
We developed our application with java and java android, In order to share data with other users, the application sends
and we used an android smartphone for testing with the a request to local server to retrieve public keys of concerned
following characteristics: users. The mobile application repeats storage scheme, but by
using, during encryption, public key of the user with whom we
Processor dual-core 1.2GHz. want to share data. This user can recover stored data by
following downloading scheme, and then decrypt it with his
Memory 1 Go private key.
N.B: We made test on virtual machine before implementing
our application in real machines. C. Simulation results
In this part we make a test of our structure. Initially we
B. Simulation process encrypt and send a PDF file to a cloud server, and then we try
We propose in this part an implementation of our platform to upload the encrypted data, decrypt it and recover our original
of storage, and sharing data in a Mobile Cloud computing file.
environment. We developed an application with java Android, Before encrypting our file we have to set its class, which is
which splits the data into n blocks, encrypt and decrypt, then needed to select the appropriate cryptosystem. In our tests we
sending and downloading data to and from the cloud server. used the RSA algorithm for sensitive data encryption and
We have also set up a local server for authentication of mobile decryption and the DES algorithm for standard data encryption
users, and also for generating the session keys to allow users to and decryption.
communicate with the cloud server.
The “Fig. 5” represents a simulation of our uploading
The mobile application allows initially the registration of scheme, and “Fig. 6” represents a simulation of our
users in the local server database, and then sends a storage downloading scheme.
Figure 5. Simuation of uploading scheme