Mobile Cloud Computing
Introduction
With the development of cloud computing and the popularity of smart mobile devices, people used to a new era of data sharing, Typically the data is stored on the cloud via mobile devices to store / retrieve data from the cloud, Mobile devices and computers have limited storage space, On the contrary, the cloud has a huge amount of resources In such a scenario, To achieve satisfactory performance It is necessary to use the resources provided by the cloud service provider (CSP) To store and sharing data, At present, have used many of the cloud, mobile applications on a large scale, In these applications, people can (data owners) upload their pictures and videos, documents and other files to the cloud, Share this data with other people that want to participate, Function data management to the owners of the data Especially if sensitive personal data, allows data owners to choose to save their data in its files, or it can be shared only with specified data users. It is clear that the issue of data privacy is a major concern for many owners, especially data, sensitive data. Control mechanisms provided by the administration techniques, (CSP) That because it is not enough, Or because it is uncomfortable Because they cannot meet all the requirements of the data owners. . First, when people upload their data files on the cloud, Are their data will remain safe when it is loaded, or they are prone to spying by the service providers. Second, people have to send the password for each user data only if they want to sharing encrypted data with some users, which is very cumbersome. Apparently, in order to solve the above problems must encrypt sensitive personal data before uploading to the cloud so that they are safe data is not authorized it to come by
the cloud service provider. However, the Data Encryption brings new problems, And how to provide access control mechanism to decode the encrypted data so that it can only authorized users access to the plaintext data is a challenge. There have been many research on the issue of data access control via the cipher text In these researches, They have the following assumptions:
First: The cloud service provider are an honest and curious at the same time, Second: it is all sensitive data is encrypted before they are loaded into the cloud, And it checks the user authorizations on certain data through the distribution of encryption / decryption keys. In general, these methods can be divided into several categories : Simple text encrypted access, pyramidal Access control, And access control on the basis of fully homomorphic encryption, Access control based encryption based on characteristic (ABE), All these proposals have been designed to work environment cloud fixed and non-mobile, And also consume a large amount of storage, and these resources are not available in mobile devices. According to the experimental results, the basic operations of (ABE) take much longer on mobile devices 27 times compared to the time it takes for the personal computer. This means that the encryption process, which will take one minute on the Computer device, It will take about half an hour to finish on Mobile device, Furthermore Current solutions do not solve the problem of changing the user privilege very well, It is clear that there is no safe and effective solutions to solve the problem of sharing data in the available technologies, As the mobile phone has become very important in human life, The cloud is becoming more and more popular, and provide efficient secure data exchange in the cloud mobile mechanism has become an urgent need.
2 . Literature Review
Through this section, we concentrate on to the works of cipher text gain access to Through this section, we concentrate on to the works of cipher text gain access to control schemes which are closely related to our research.
[1]Access control is an important mechanism of data privacy protection to ensure that data can only be acquired by genuine users. There has been substantial research on the issues of data gain access to control in the cloud, mostly focusing on access control over ciphertext. Typically, the cloud is considered honest and curious. Sensitive data needs to be encrypted before sending to the cloud. User authorization is achieved through key distribution. The proposal can be generally divided into four areas: simple ciphertext access control, hierarchical access control, access control based on completely homomorphic encryption [2] and access control based on attribute-based encryption (ABE). Simple ciphertext access control refers to that after data file encryption , the encryption keys are distributed in a secure way to achieve authorization for trusted users [3]. To reduce the overhead cost to do business of massive user key distribution, [4] designed a system called Mobil flage that allows PDE plausibly deniable encryption on mobile devices by hiding encrypted volumes via random data on a device's external storage. However, the system needs to obtain large amount of information of keys. borrows the access control method used in conventional distributed storage [6]separating users into different groups according to access rights and give different keys to groups. This reduces the overhead of key management, but it cannot meet the demand for fine-grained access control. Hierarchical access control has good performance in reducing the overhead of key distribution in ciphertext access control [7]. As a result, there are substantial research on ciphertext access control based on hierarchical access control method. In hierarchical access control method, keys can be derived from private keys and a public token table. However the procedure on small table is complicated and generates high cost. Besides, the token table is stored in the cloud. Its privacy and security cannot be guaranteed [8]. Full homomorphic encryption algorithm can operate directly on the ciphertext. Its working results are the same with operating on plaintext and then encrypting the data [13] uses full homomorphic encryption algorithm to do functions such as retrieval and calculation directly on ciphertext. That can solve {the situation that the cloud is untrustworthy fundamentally because all data update operations and user privilege change businesses can be done on ciphertext directly. However, this encryption scheme is too complex to implement in practical applications. Attribute-based encryption algorithm comes from identity-based encryption. It embeds decryption guidelines in the encryption algorithm, which avoids recurrent key syndication. [14] and [15] suggested key-policy attribute-based encryption (KP-ABE) and ciphertext-policy attribute-based encryption (CP-ABE). In functional applications, CP-ABE has been thoroughly analyzed [16][17][18] since it is comparable to role-based gain access to control (RBAC) structure [19]. In CP-ABE, the ownership of 1 attribute key means that the main element owner owns matching attribute, and feature keys can't be reclaimed after they are distributed. As a total result, whenever a data user's feature is revoked, how to ensure data privateness becomes a hard concern [14]. Liang et al [16] propose attribute-based proxy re-encryption (ABPRE) system to solve this issue. However, in their solution, whenever a user's feature is revoked, all the users who own this feature will eventually lose this feature at exactly the same time, which cannot meet fine-grained gain access to control needs. Tian et al [20] incorporate CP-ABE and general public key cryptography to attain ciphertext gain access to control. However, it brings high cost to data owners. [21] add a time stamp to characteristics to limit the utilization of attribute secrets to cope with attribute revocation problem. However, in this situation, data users need to periodically apply for attribute tips and the users' attribute can't be revoked prior to the time stamp expires. [22] propose some ongoing work of revocation can be outsourced to CSP, whereas CSP should have a certain reliability, and access control policy which has "or" romantic relationship or "threshold" romantic relationship is not supported. [23] also proposed a scheme to address the cloud computing challenging that keep hypersensitive user data private against untrusted servers by exploiting and exclusively merging techniques of attribute-based encryption (ABE), proxy re-encryption, and lazy re-encryption.
[22] suggested a novel system that enabling effective gain access to control with vibrant policy upgrading for big data in the cloud that focusing on growing an outsourced insurance policy updating method for ABE systems. It designed insurance policy updating algorithms for different types of gain access to procedures also.
All the above works concentrate on the presssing issue of data access control in the cloud. They are simply mainly for non-mobile devices and cannot be applied for data sharing in mobile cloud environment. Regarding to data privacy in mobile cloud, some ongoing works have been done in this field [23]. [24] propose MobiCloud, where traditional Mobile Ad-hoc Networks (MANETs) is transformed into service-oriented communication architecture. In such a architecture, each mobile device is regarded as something node, and the operations are outsourced to the cloud. However, in MobiCloud, users need to totally trust the cloud, which is false in fact. [25] designed and implemented a graph theoretic algorithm to place mediation prompts that protect every resource access, while avoiding repetitive prompting and prompting in background tasks or third-party libraries, for the challenge of mediating resource accesses in mobile applications. [26] proposed an ABDS scheme to accomplish secure data storage in the cloud. However, this design is not suitable for data writing and has no clear solution for feature revocation. [27] considered a particular cloud computing environment where data are accessed by resource-constrained mobile devices, and proposed novel modifications to ABE, which assigned the bigger computational overhead of cryptographic procedures to the cloud supplier and lowered the full total communication cost for the mobile user.
In summary, current proposals on data access control in the cloud are for non-mobile terminals usually, which is not suited to mobile devices. Besides, current alternatives don't solve the situation of individual privilege change scenarios very well given that they bring high revocation cost. This is not relevant for mobile devices which only have limited processing vitality and capacity. Existing studies on mobile cloud don't possess a great choice to secure data sharing when servers aren't credible.
4. Objectives
will design new approaches to ensure data integrity. To further tap the potential of mobile cloud,
a. Encrypt the data before it is uploaded to the Cloud Mobile.
b. Reduce the overhead resulting from uploading data to the cloud through the development of algorithms used.
c. Study how to do ciphertext retrieval over existing data sharing schemes.
6. Assumptions
There have been substantial researches on the issue of data access control over ciphertext. In these Proposal, they have the following common assumptions.
1. The CSP is considered honest and curious.
2. All the sensitive data are encrypted before uploaded to the Cloud.
3. User authorization on certain data is achieved through encryption/decryption key distribution.