With the advancements in the field of mobile cloud computing, security is a major issue. As discovered while reviewing the existing and proposed frameworks of Mobile Cloud Computing, several major issues and challenges of mobile cloud computing were being synthesized. Here we present some of the major security challenges in mobile cloud computing that have been classified into an array of relevant categories:
Mobile Cloud Computing Security Challenges
1. Data Security and Privacy Issues In Mobile Cloud Computing
The most serious concern about storing data in cloud worries every mobile cloud user. Data security is one of the major challenges faced in the field of mobile cloud computing. It is intimidating to transfer important data to the cloud because of the following data concerns that are very common in the cloud:
- Risk of data theft
- Violation of privacy rights
- Loss of physical security
- Handling of encryption and decryption keys
- Security and auditing issues of virtual machines
- Lack of standard to ensure data integrity
- Services incompatibility due to the involvement of different vendors
The privacy of data stored in the cloud belongs to its customers. In case you want to encourage the use of cloud data services, it is extremely important to standardize the concerns in cloud computing around data life cycle. This includes the standardization of the generation of data, data transfer, use and share of data, data storage and the archival and destruction of data.
2. Attacks at End-User Mobile Device
Also, you need to protect the data on the cloud from any attack at end user mobile device as well. It is important to protect the data from the threats of device data theft, virus and malware attacks via wireless devices and the misuse of access rights from information security point of view in the cloud.
3. Information Security Issues
Some common information security issues of cloud computing are:
- System security of server and database
- Networking security
- User authentication
- Data protection
- System and storage protection
4. Architecture and Cloud Service Delivery Models Issue
Mobile cloud computing also faces some general challenges in terms of their architecture. These include the challenge of computing off-loading, security for mobile users, applications or data, improvement in efficiency rate of data access, the context-aware mobile cloud services, migration and interoperability, service level agreement and the cost and pricing.
- PaaS model security issues: structured query language related, application programming interface security
- SaaS model security issues: data security management, web application vulnerability and scanning
5. Mobile Cloud Infrastructure Issues
Due to the lack of the mobile cloud infrastructure, a variety of security attacks is possible on the cloud. These attacks again harm the security of the data of the cloud users. Some of these possible attacks from the cloud infrastructure point of view are attacks on virtual machines, vulnerabilities at the platform level, phishing, authorization and authentication and attacks from local users.
6. Mobile Cloud Communication Channel Issues
The area of mobile cloud communication channel requires having a lot of improvement at various levels. The following attacks are possible at communication channel:
- Access control attacks
- Data integrity attacks
- Attacks on authentication
- Attacks on availability
Low bandwidth, latency problems, availability of desired services, heterogeneity, and limited resources are other major challenges faced at the communication level.
Security and privacy requirements of MCC
Below listed are the general security requirements for MCC:
Conﬁdentiality: Confidentiality is undoubtedly one of the basic requirement that necessitates keeping mobile users’ data private in the cloud. Massive amount of data gets transmitted daily within the not-so-secure public networks. Thus the data should be securely processed in the public cloud servers - focusing on its safe storage and processing.
Integrity: Considering the mammoth amount of data stored and processed in the service provider’s end - integrity plays a significant role. In MCC, integrity refers to the assurance that the consistency and accuracy of users’ data are maintained. Integrity is crucial to prevent undetected modiﬁcation of any data by unauthorized systems or users. Lack of integrity may result in economic, business, and other losses.
Availability: It is important to ensure the all-time availability of cloud services at any places as per the requirement of mobile users. Ensuring availability prevents diﬀerent kinds of availability attacks which may result in probable delays, alteration, or interruption of the services.
Access Control and Authorization: It is important to determine users’ true identity before providing access to the data or application. After a successful authentication process, it is important to define access control to restrict the actions to viewing, editing, running, modifying or deleting.
For actually encouraging the use of mobile cloud computing, it is extremely important to overcome all of these security challenges in mobile cloud and making it a completely safe channel. Only then, users will be comfortable storing their crucial data on the cloud. Mobile cloud computing security is a major factor that will be closely debated.