RUNNING HEAD: OVERVIEW AND ISSUES IN MOBILE CLOUD SECURITY 1

Overview and Issues of Mobile Cloud Security

Tiffany J. Jih
OVERVIEW AND ISSUES OF MOBILE CLOUD SECURITY 2

Abstract

Due to high and still rising mobile device popularity, mobile cloud computing is becoming a

widely popular area of research and development. While security protocols do currently exist for

mobile devices, the widespread use of mobile phones and increased levels of cybercrime has

made it necessary to develop other methods for securing sensitive data while still preserving

usability and user privacy. This paper contains an overview of mobile cloud security, some

common concerns pertaining to mobile security, common existing security approaches, and a

discussion of the importance of mobile cloud security in future research.

Keywords: mobile cloud, mobile cloud computing, mobile security

OVERVIEW AND ISSUES OF MOBILE CLOUD SECURITY 3

Overview and Issues of Mobile Cloud Security

With the growing development of mobile networks and cloud services, mobile cloud

computing has become a favored technology with many users. Mobile cloud computing falls

under the basic concepts of general cloud computing, the requirements of which are listed by

Mei et al. as adaptability, scalability, availability and self-awareness (as cited in Fernando,

Loke, Seng, & Rahayu, 2013, p.85), and is defined as a model for providing various IT

resources and information services over the mobile network by the means of on-demand self-

service by Suo, Liu, Wan, and Zhou (2013).

Due to the many benefits of hosting cloud services on mobile platforms, mobile cloud

computing has become more popular and widely used throughout the IT industry; however, the

issue of data security has also become an increasingly common concern among mobile phone

users. Gosgrove explains that the world is moving more and more toward mobile personal

computing, which in turn draws both wanted and unwanted attention to this new platform. (as

cited in Johnson, 2011, para. 3). In 2014, BT Group reported in the November issue of Financial

Times that there were mobile security breaches in over 40% of businesses in the UK over the

course of the past twelve months, due to growing rates of cyber crime and state-sponsored

aggression focused on smartphones (as cited in Nadler, 2014, para. 1).

This recent surge of security risks in mobile technology can be partly attributed to the

wide variety of information now carried on personal smartphones, such as personal and

professional communication, healthcare information, corporate access, and many other services,

making them more than desirable targets for cyber criminals (Nadler, 2014, para. 2). As mobile

usage and range of cloud services offered increases, users should be aware of common security
OVERVIEW AND ISSUES OF MOBILE CLOUD SECURITY 4

concerns found in the mobile platform. This paper will discuss some common issues found in

mobile security, specifically related to the mobile cloud, and currently existing forms of security.

Common Concerns

Mobile cloud computing inherits all the security issues found in cloud computing, with

the additional mobile-specific limitation of resource constraints. Due to physical size and OS

limitations, the normal security algorithms for cloud computing environments are inappropriate

for mobile devices. Instead, a lightweight framework with minimum required processing

overheads are required (Khan, Kiah, Khan S., & Madani, 2013, p. 1278). Other major issues in

mobile cloud security include data ownership, privacy, data security, and platform reliability.

According to recent surveys, 73% of IT Executives and CEOs are reluctant to fully adopt cloud

services, due to the risks associated with data privacy and security. Therefore, these issues must

be addressed to better facilitate the transition to secure cloud environments (Donald, Oli, &

Arockiam, 2013).

Data Ownership

Cloud computing allows users the ability to store their personal data and purchased media

on remote cloud servers, therefore, those users always run the risk of losing access to their stored

data. To best avoid those risks, cloud users should be fully aware of the rights related to their

purchased media, as mobile cloud computing utilizes location data and device and user profile

capabilities to optimize data access management (Donald et al., 2013).

Privacy

As some mobile applications outsource third party companies to remotely store users

data, there is the constant risk of that data being sold to government agencies without the
OVERVIEW AND ISSUES OF MOBILE CLOUD SECURITY 5

knowledge or consent of the user. Location-based services are an example, and one that is widely

utilized by many mobile apps today.

Data Security

Mobile terminal. Issues found in the mobile terminal can be very serious, as it includes

the OS, third-party software handling, personalization, and wireless Internet access capabilities

(Suo et al., 2013).

Malware. Due to the versatility of the mobile platform, the mobile terminal will always

always attract unwanted attention from hackers and other attackers. Users can unknowingly

introduce malware to their devices via automatically downloaded programs and systems. The

malware can then gain access to the users private information without their knowledge or

permission, thus potentially causing economic damage or information leakage to the user (Suo et

al., 2013).

Software vulnerabilities. Software vulnerabilities are commonly found, as the application

software on mobile terminals are not overly secured. Currently, smartphones are the main mobile

terminal, and most users manage their files through the management software already installed

on the device. The content synchronization process is usually done with FTP (File Transfer

Protocol), which transfers and saves the username and password through the network and into

the configuration file in clear text format. This means access to the phone can be gained illegally

by using FTP from other computers in the same network, which can lead to personal information

being accessed and malicious changes and deletions made to personal user accounts. (Suo et al.,

2013).

The operating system is also another source of software vulnerability. The software

within an OS is so complex that inevitably, there will be bugs found in the code. Under certain
OVERVIEW AND ISSUES OF MOBILE CLOUD SECURITY 6

circumstances, these bugs can be found and used to attack the mobile phone by hackers (Suo et

al., 2013).

Platform Reliability

The very nature of the cloud platform makes it attractive to attackers, as it contains such a

large quantity of user data and resources. Attackers can seek to steal that information or services,

as a malicious outsider, inside user, or even the cloud operators themselves, or they can also seek

to shut down the cloud entirely, via methods such as DOS (denial of service) attacks. If a user

does not have extensive backup methods or a paid disaster recovery service, they face risks of

possibly massive data loss (Suo et al., 2013).

Current Security and Privacy Approaches

Malware Detection

According to Oberheide and Jahanian (2010), while malware detection software has been

developed for mobile devices, they do not provide a significant detection capability and also

require significant power and resource overhead[s] (Resource Constraints section, para. 2).

The processing rates required for effective detection engines are also higher than appropriate for

mobile environments; for example, Oberheide and Jahanian (2010) report that fifty-seven

seconds are required for the ClamAV engine on the Nokia N800 device to access its signature

database. Previous research has suggested that hosting mobile-specific malware detection

services on a network or cloud service, rather than as an on-device application, would be a more

cost-efficient option.

The detection rate can also be improved by moving malware detection services to the

cloud. Suo et al. (2013) state that once malware is detected, legal software from the cloud can
OVERVIEW AND ISSUES OF MOBILE CLOUD SECURITY 7

be assigned to the mobile terminal and be run to remove the malware. CloudAV is an existing

example of one such anti-malware service that runs as an in-cloud network service.

Data Protection

As data security and privacy is always an issue during data synchronization between the

mobile device and the cloud, most enterprises today utilize encryption methods to secure their

corporate phones. This requires the user to input a password whenever they wish to upload files

to a cloud server through their mobile phones (Khan et al., 2013, p. 1285). Strong authentication

methods are also used to ensure that only authorized users with the correct credentials are

allowed to access cloud-based services.

Mobile virtualization can also help lower security breach rates by granting privacy and

information security for users, while still maintaining levels of user productivity (Nadler, 2014,

para. 3). What this ultimately means for users is that multiple co-existing phones will be

available on one physical device, which eliminates the need for carrying around multiple devices

for work or personal purposes (Barr et al., 2010, p. 124). Nadler (2014) gives the example of one

physical device containing a separate OS instance for personal communication, including text

messaging and social networking applications, another, most likely an encrypted OS instance for

professional purposes, and a third OS instance for financial planning.

This reduces the chance of an attacker accessing all the information on a mobile device if

they do manage to break through its security, though virtualization introduces its own security

risks due to the lack of perfect isolation among virtual machines on a single cloud server. Those

security risks can be reduced to some extent through virtual machine secure monitoring, mirror,

and migration (Khan et al., 2013, p. 1279), but there has yet to be a more permanent solution for

this issue.
OVERVIEW AND ISSUES OF MOBILE CLOUD SECURITY 8

Discussion

The largest security concern that mobile cloud computing faces is the protection of data

during synchronization between the cloud and the mobile device, and also the continued integrity

of the same data once it is on the cloud server. While malware and other software vulnerabilities

are also common concerns, those issues can be addressed through malware detection programs

and other security tools. Data security and privacy issues are a little more nebulous in their level

of security, as the responsibility for it is shared in different ways between the cloud platform

provider and the user themselves.

The use of virtualization as a security measure for data protection is especially

interesting, as it seems to be based on the premise that the mobile phone will inevitably contract

malware or be hacked by a malicious outside, in case of which the contaminated virtual instance

will simply be quarantined from the rest of the system, which is locked away into their own

separate compartments.

Conclusions

In a time when smartphones are quickly becoming the mostly widely used technology in

society, if they arent already, mobile cloud computing is an up-and-coming technology that will

no doubt soon become the norm worldwide. However, there are some concerns pertaining to the

security of the mobile cloud, particularly when it comes to data security and user information

privacy. Although there are existing security protocols, some problems, such as the imperfection

of VM isolation on cloud servers, have yet to produce a consistent solution. As mobile cloud

computing is only going to become more common in the near future, it is important that more

viable and easily accessible security approaches be researched and released to the public.

References
OVERVIEW AND ISSUES OF MOBILE CLOUD SECURITY 9

Donald, A. C., Oli, S. A., & Arockiam, L. (2013). Mobile cloud security issues and challenges:

A perspective. International Journal of Electronics and Information Technology (IJEIT),

ISSN, 2277-3754.

https://www.researchgate.net/profile/A_Donald/publication/260981217_Mobile_Cloud_S

ecurity_Issues_and_Challenges_A_Perspective/links/55126e6c0cf20bfdad513fc4.pdf

Khan, A. N., Kiah, M. M., Khan, S. U., & Madani, S. A. (2013). Towards secure mobile cloud

computing: A survey. Future Generation Computer Systems, 29(5), 1278-

1299.http://www.sciencedirect.com/science/article/pii/S0167739X12001598

Fernando, N., Loke, Seng., Rahayu, W. (2013). Mobile cloud computing: A survey. Future

Generation Computer Systems, 29. 84-106.

http://www.sciencedirect.com/science/article/pii/S0167739X12001318

Nadler, D. (2014). Mobile Virtualization: The Future of Security. Retrieved from:

http://www.networkcomputing.com/wireless/mobile-virtualization-future-

security/2136588642

Oberheide, J., & Jahanian, F. (2010, February). When mobile is harder than fixed (and vice

versa): demystifying security challenges in mobile environments. In Proceedings of the

Eleventh Workshop on Mobile Computing Systems & Applications (pp. 43-48). ACM.

http://dl.acm.org/citation.cfm?id=1734595
OVERVIEW AND ISSUES OF MOBILE CLOUD SECURITY 10

Suo, H., Liu, Z., Wan, J., & Zhou, K. (2013, July). Security and privacy in mobile cloud

computing. In Wireless Communications and Mobile Computing Conference (IWCMC),

2013 9th International (pp. 655-659). IEEE.

http://ieeexplore.ieee.org/abstract/document/6583635/?reload=true