Documente Academic
Documente Profesional
Documente Cultură
Tiffany J. Jih
OVERVIEW AND ISSUES OF MOBILE CLOUD SECURITY 2
Abstract
Due to high and still rising mobile device popularity, mobile cloud computing is becoming a
widely popular area of research and development. While security protocols do currently exist for
mobile devices, the widespread use of mobile phones and increased levels of cybercrime has
made it necessary to develop other methods for securing sensitive data while still preserving
usability and user privacy. This paper contains an overview of mobile cloud security, some
common concerns pertaining to mobile security, common existing security approaches, and a
With the growing development of mobile networks and cloud services, mobile cloud
computing has become a favored technology with many users. Mobile cloud computing falls
under the basic concepts of general cloud computing, the requirements of which are listed by
Mei et al. as adaptability, scalability, availability and self-awareness (as cited in Fernando,
Loke, Seng, & Rahayu, 2013, p.85), and is defined as a model for providing various IT
resources and information services over the mobile network by the means of on-demand self-
Due to the many benefits of hosting cloud services on mobile platforms, mobile cloud
computing has become more popular and widely used throughout the IT industry; however, the
issue of data security has also become an increasingly common concern among mobile phone
users. Gosgrove explains that the world is moving more and more toward mobile personal
computing, which in turn draws both wanted and unwanted attention to this new platform. (as
cited in Johnson, 2011, para. 3). In 2014, BT Group reported in the November issue of Financial
Times that there were mobile security breaches in over 40% of businesses in the UK over the
course of the past twelve months, due to growing rates of cyber crime and state-sponsored
This recent surge of security risks in mobile technology can be partly attributed to the
wide variety of information now carried on personal smartphones, such as personal and
professional communication, healthcare information, corporate access, and many other services,
making them more than desirable targets for cyber criminals (Nadler, 2014, para. 2). As mobile
usage and range of cloud services offered increases, users should be aware of common security
OVERVIEW AND ISSUES OF MOBILE CLOUD SECURITY 4
concerns found in the mobile platform. This paper will discuss some common issues found in
mobile security, specifically related to the mobile cloud, and currently existing forms of security.
Common Concerns
Mobile cloud computing inherits all the security issues found in cloud computing, with
the additional mobile-specific limitation of resource constraints. Due to physical size and OS
limitations, the normal security algorithms for cloud computing environments are inappropriate
for mobile devices. Instead, a lightweight framework with minimum required processing
overheads are required (Khan, Kiah, Khan S., & Madani, 2013, p. 1278). Other major issues in
mobile cloud security include data ownership, privacy, data security, and platform reliability.
According to recent surveys, 73% of IT Executives and CEOs are reluctant to fully adopt cloud
services, due to the risks associated with data privacy and security. Therefore, these issues must
be addressed to better facilitate the transition to secure cloud environments (Donald, Oli, &
Arockiam, 2013).
Data Ownership
Cloud computing allows users the ability to store their personal data and purchased media
on remote cloud servers, therefore, those users always run the risk of losing access to their stored
data. To best avoid those risks, cloud users should be fully aware of the rights related to their
purchased media, as mobile cloud computing utilizes location data and device and user profile
Privacy
As some mobile applications outsource third party companies to remotely store users
data, there is the constant risk of that data being sold to government agencies without the
OVERVIEW AND ISSUES OF MOBILE CLOUD SECURITY 5
knowledge or consent of the user. Location-based services are an example, and one that is widely
Data Security
Mobile terminal. Issues found in the mobile terminal can be very serious, as it includes
the OS, third-party software handling, personalization, and wireless Internet access capabilities
Malware. Due to the versatility of the mobile platform, the mobile terminal will always
always attract unwanted attention from hackers and other attackers. Users can unknowingly
introduce malware to their devices via automatically downloaded programs and systems. The
malware can then gain access to the users private information without their knowledge or
permission, thus potentially causing economic damage or information leakage to the user (Suo et
al., 2013).
software on mobile terminals are not overly secured. Currently, smartphones are the main mobile
terminal, and most users manage their files through the management software already installed
on the device. The content synchronization process is usually done with FTP (File Transfer
Protocol), which transfers and saves the username and password through the network and into
the configuration file in clear text format. This means access to the phone can be gained illegally
by using FTP from other computers in the same network, which can lead to personal information
being accessed and malicious changes and deletions made to personal user accounts. (Suo et al.,
2013).
The operating system is also another source of software vulnerability. The software
within an OS is so complex that inevitably, there will be bugs found in the code. Under certain
OVERVIEW AND ISSUES OF MOBILE CLOUD SECURITY 6
circumstances, these bugs can be found and used to attack the mobile phone by hackers (Suo et
al., 2013).
Platform Reliability
The very nature of the cloud platform makes it attractive to attackers, as it contains such a
large quantity of user data and resources. Attackers can seek to steal that information or services,
as a malicious outsider, inside user, or even the cloud operators themselves, or they can also seek
to shut down the cloud entirely, via methods such as DOS (denial of service) attacks. If a user
does not have extensive backup methods or a paid disaster recovery service, they face risks of
Malware Detection
According to Oberheide and Jahanian (2010), while malware detection software has been
developed for mobile devices, they do not provide a significant detection capability and also
require significant power and resource overhead[s] (Resource Constraints section, para. 2).
The processing rates required for effective detection engines are also higher than appropriate for
mobile environments; for example, Oberheide and Jahanian (2010) report that fifty-seven
seconds are required for the ClamAV engine on the Nokia N800 device to access its signature
database. Previous research has suggested that hosting mobile-specific malware detection
services on a network or cloud service, rather than as an on-device application, would be a more
cost-efficient option.
The detection rate can also be improved by moving malware detection services to the
cloud. Suo et al. (2013) state that once malware is detected, legal software from the cloud can
OVERVIEW AND ISSUES OF MOBILE CLOUD SECURITY 7
be assigned to the mobile terminal and be run to remove the malware. CloudAV is an existing
example of one such anti-malware service that runs as an in-cloud network service.
Data Protection
As data security and privacy is always an issue during data synchronization between the
mobile device and the cloud, most enterprises today utilize encryption methods to secure their
corporate phones. This requires the user to input a password whenever they wish to upload files
to a cloud server through their mobile phones (Khan et al., 2013, p. 1285). Strong authentication
methods are also used to ensure that only authorized users with the correct credentials are
Mobile virtualization can also help lower security breach rates by granting privacy and
information security for users, while still maintaining levels of user productivity (Nadler, 2014,
para. 3). What this ultimately means for users is that multiple co-existing phones will be
available on one physical device, which eliminates the need for carrying around multiple devices
for work or personal purposes (Barr et al., 2010, p. 124). Nadler (2014) gives the example of one
physical device containing a separate OS instance for personal communication, including text
messaging and social networking applications, another, most likely an encrypted OS instance for
This reduces the chance of an attacker accessing all the information on a mobile device if
they do manage to break through its security, though virtualization introduces its own security
risks due to the lack of perfect isolation among virtual machines on a single cloud server. Those
security risks can be reduced to some extent through virtual machine secure monitoring, mirror,
and migration (Khan et al., 2013, p. 1279), but there has yet to be a more permanent solution for
this issue.
OVERVIEW AND ISSUES OF MOBILE CLOUD SECURITY 8
Discussion
The largest security concern that mobile cloud computing faces is the protection of data
during synchronization between the cloud and the mobile device, and also the continued integrity
of the same data once it is on the cloud server. While malware and other software vulnerabilities
are also common concerns, those issues can be addressed through malware detection programs
and other security tools. Data security and privacy issues are a little more nebulous in their level
of security, as the responsibility for it is shared in different ways between the cloud platform
interesting, as it seems to be based on the premise that the mobile phone will inevitably contract
malware or be hacked by a malicious outside, in case of which the contaminated virtual instance
will simply be quarantined from the rest of the system, which is locked away into their own
separate compartments.
Conclusions
In a time when smartphones are quickly becoming the mostly widely used technology in
society, if they arent already, mobile cloud computing is an up-and-coming technology that will
no doubt soon become the norm worldwide. However, there are some concerns pertaining to the
security of the mobile cloud, particularly when it comes to data security and user information
privacy. Although there are existing security protocols, some problems, such as the imperfection
of VM isolation on cloud servers, have yet to produce a consistent solution. As mobile cloud
computing is only going to become more common in the near future, it is important that more
viable and easily accessible security approaches be researched and released to the public.
References
OVERVIEW AND ISSUES OF MOBILE CLOUD SECURITY 9
Donald, A. C., Oli, S. A., & Arockiam, L. (2013). Mobile cloud security issues and challenges:
ISSN, 2277-3754.
https://www.researchgate.net/profile/A_Donald/publication/260981217_Mobile_Cloud_S
ecurity_Issues_and_Challenges_A_Perspective/links/55126e6c0cf20bfdad513fc4.pdf
Khan, A. N., Kiah, M. M., Khan, S. U., & Madani, S. A. (2013). Towards secure mobile cloud
1299.http://www.sciencedirect.com/science/article/pii/S0167739X12001598
Fernando, N., Loke, Seng., Rahayu, W. (2013). Mobile cloud computing: A survey. Future
http://www.sciencedirect.com/science/article/pii/S0167739X12001318
http://www.networkcomputing.com/wireless/mobile-virtualization-future-
security/2136588642
Oberheide, J., & Jahanian, F. (2010, February). When mobile is harder than fixed (and vice
Eleventh Workshop on Mobile Computing Systems & Applications (pp. 43-48). ACM.
http://dl.acm.org/citation.cfm?id=1734595
OVERVIEW AND ISSUES OF MOBILE CLOUD SECURITY 10
Suo, H., Liu, Z., Wan, J., & Zhou, K. (2013, July). Security and privacy in mobile cloud
http://ieeexplore.ieee.org/abstract/document/6583635/?reload=true