Abstract
Mobile offloading systems have been proposed to migrate complex computations from mobile devices to powerful servers. While this may be beneficial from the performance and energy perspective, it certainly exhibits new challenges in terms of security due to increased data transmission over networks with potentially unknown threats. Among possible security issues are timing attacks which are not prevented by traditional cryptographic security. Metrics on which offloading decisions are based must include security aspects in addition to performance and energy-efficiency. This paper aims at quantifying the security attributes and their impact on the performance of mobile offloading systems. The offloading system is modeled as a hybrid CTMC and queueing model. The proposed model focuses on state transition and state-based control. The quantification analysis is carried out for steady-state behavior of the CTMC model as to optimize the weighted-sum cost measure. By transforming the security model to a model with absorbing state, we compute the “mean time to security failure” (MTTSF) measure. Finally, a security and performance tradeoff measure is computed based on the system model and optimum parameter set is found for the system.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Kumar, K., Liu, J., Lu, Y.-H., Bhargava, B.: A survey of computation offloading for mobile systems. Mobile Networks and Applications 18(1), 129–140 (2013)
Hong, J.I., Landay, J.A.: An infrastructure approach to context-aware computing. Human-Computer Interaction 16(2), 287–303 (2001)
Kumar, K., Lu, Y.-H.: Cloud computing for mobile users: Can offloading computation save energy? Computer (4), 51–56 (2010)
Wang, Q., Wolter, K.: Reducing task completion time in mobile offloading systems through online adaptive local restart. In: Proceedings of the 6th ACM/SPEC International Conference on Performance Engineering, ICPE 2015, pp. 3–13. ACM, New York (2015)
Wolski, R., Gurun, S., Krintz, C., Nurmi, D.: Using bandwidth data to make computation offloading decisions. In: IEEE International Symposium on Parallel and Distributed Processing, IPDPS 2008, pp. 1–8. IEEE (2008)
Hong, Y.-J., Kumar, K., Lu, Y.-H.: Energy efficient content-based image retrieval for mobile systems. In: IEEE International Symposium on Circuits and Systems, ISCAS 2009, pp. 1673–1676. IEEE (2009)
Kosta, S., Aucinas, A., Hui, P., Mortier, R., Zhang, X.: Thinkair: dynamic resource allocation and parallel execution in the cloud for mobile code offloading. In: 2012 Proceedings IEEE INFOCOM, pp. 945–953. IEEE (2012)
Ding, A.Y., Han, B., Xiao, Y., Hui, P., Srinivasan, A., Kojo, M., Tarkoma, S.: Enabling energy-aware collaborative mobile data offloading for smartphones. In: 2013 10th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks (SECON), pp. 487–495. IEEE (2013)
Brumley, D., Boneh, D.: Remote timing attacks are practical. Computer Networks 48(5), 701–716 (2005)
Zhao, Y., Thomas, N.: Efficient solutions of a PEPA model of a key distribution centre. Performance Evaluation 67(8), 740–756 (2010)
Zhang, J.-F., Liu, F., Zheng, L.-M., Jia, Y., Zou, P.: Using network security index system to evaluate network security. In: Qi, E., Shen, J., Dou, R. (eds.) The 19th International Conference on Industrial Engineering and Engineering Management, pp. 989–1000. Springer, Heidelberg (2013)
Lenkala, S.R., Shetty, S., Xiong, K.: Security risk assessment of cloud carrier. In: 2013 13th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid), pp. 442–449. IEEE (2013)
Rebeiro, C., Mukhopadhyay, D., Bhattacharya, S.: An introduction to timing attacks. In: Timing Channels in Cryptography, pp. 1–11. Springer (2015)
Köpf, B., Basin, D.: Automatically deriving information-theoretic bounds for adaptive side-channel attacks. Journal of Computer Security 19(1), 1–31 (2011)
Brumley, B.B., Tuveri, N.: Remote timing attacks are still practical. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 355–371. Springer, Heidelberg (2011)
Weiss, M., Heinz, B., Stumpf, F.: A cache timing attack on AES in virtualization environments. In: Financial Cryptography and Data Security, pp. 314–328. Springer (2012)
Palanisamy, B., Liu, L.: Mobimix: protecting location privacy with mix-zones over road networks. In: 2011 IEEE 27th International Conference on Data Engineering (ICDE), pp. 494–505. IEEE (2011)
Meng, T., Wang, Q., Wolter, K.: Model-based quantitative security analysis of mobile offloading systems under timing attacks. In: Remke, A., Manini, D., Gribaudo, M. (eds.) ASMTA 2015. LNCS, vol. 9081, pp. 143–157. Springer, Heidelberg (2015)
Reinecke, P., Krauß, T., Wolter, K.: Phase-type fitting using hyperstar. In: Balsamo, M.S., Knottenbelt, W.J., Marin, A. (eds.) EPEW 2013. LNCS, vol. 8168, pp. 164–175. Springer, Heidelberg (2013)
Stewart, W.J.: Probability, Markov chains, queues, and simulation: The mathematical basis of performance modeling. Princeton University Press (2009)
Neuts, M.F.: Matrix-geometric solutions in stochastic models: an algorithmic approach. Courier Corporation (1981)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Meng, T., Wolter, K., Wang, Q. (2015). Security and Performance Tradeoff Analysis of Mobile Offloading Systems Under Timing Attacks. In: Beltrán, M., Knottenbelt, W., Bradley, J. (eds) Computer Performance Engineering. EPEW 2015. Lecture Notes in Computer Science(), vol 9272. Springer, Cham. https://doi.org/10.1007/978-3-319-23267-6_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-23267-6_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-23266-9
Online ISBN: 978-3-319-23267-6
eBook Packages: Computer ScienceComputer Science (R0)