Abstract
Providing Web services from the mobile cloud is a current research topic. The mobile cloud provides the computing resources and infrastructure to support the seamless provision of Web services in a lightweight manner. Security has become a major concern with the emergence of mobile cloud Web services. In this paper, we investigate the security aspects of a system for complex mobile Web service provisioning. We characterize the security requirements of the individual components and present a security framework to provide authentication and confidentiality between clients and mobile hosts. Our solution is based on the use of existing security protocols between clients and the mobile hosts as well as a key management protocol between the individual mobile hosts implementing an out-of-band key exchange that is simple in practice, flexible and secure. We examine the performance of this approach by evaluating a prototype implementation of our security framework.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Abolfazli S et al (2015) Mobile cloud computing: the-state-of-the-art, challenges, and future research. In: Murugesan S, Bojanova I (eds) Encyclopedia of Cloud Computing, Wiley, USA (submitted)
Aijaz F, Adeli SM, Walke B (2008) Middleware for communication and deployment of time independent mobile Web services. In: IEEE International Conference on Web Services, 2008, ICWS ’08. IEEE, pp 797–800
AlShahwan F, Faisal M (2014) Mobile cloud computing for providing complex mobile web services. In: 2014 2nd IEEE international conference on (IEEE) mobile cloud computing, services, and engineering (MobileCloud), pp 77–84
AlShahwan F, Moessner K (2010) Providing SOAP Web services and RESTful Web services from mobile hosts. In: 5th international conference on internet and Web applications and services (ICIW 2010), Barcelona, Spain, pp 174–79
Asif M, Majumdar S, Dragnea R (2008) Partitioning the WS execution environment for hosting mobile web services. In: IEEE international conference on services computing (SCC ‘08) (2; USA), pp 315–22
Berger S et al (2003) Web services on mobile devices-implementation and experience. In: Proceedings of 5th IEEE workshop on mobile computing systems and applications, Monterey, California, USA, pp 100–09
Bilogrevic I et al (2011) Meetings through the cloud: privacy-preserving scheduling on mobile devices. J Syst Softw 84(11):1910–1927
Chow R et al (2010) Authentication in the clouds: a framework and its application to mobile users. In: Proceedings of the 2010 ACM workshop on cloud computing security workshop (ACM), pp 1–6
Fernando N, Loke SW, Rahayu W (2013) Mobile cloud computing: a survey. Future Gener Comput Syst 29(1):84–106
Fonseca J et al (2010) A security framework for SOA applications in mobile environment. arXiv:1004.0774
Halang WA, Komkhao M, Sodsee S (2014) Secure cloud computing. In: Boonkrong S, Unger H, Meesad P (eds) Recent advances in information and communication technology. Advances in intelligent systems and computing, vol 265. Springer International Publishing, pp 305–14
Huang D et al (2010) MobiCloud: building secure cloud framework for mobile computing and communication. 2010 Fifth IEEE international symposium on (IEEE) service oriented system engineering (SOSE), pp 27–34
Huang D et al (2011) Secure data processing framework for mobile cloud computing. In: 2011 IEEE conference on (IEEE) computer communications workshops (INFOCOM WKSHPS), pp 614–18
Hung S-H et al (2012) Executing mobile applications on the cloud: framework and issues. Comput Math Appl 63(2):573–587
Jin Y et al (2011) An intelligent task allocation scheme for multi-hop wireless networks. IEEE Trans Parallel Distrib Syst 23(3):444–451
Li J et al (2014) Securely outsourcing attribute-based encryption with checkability. IEEE Trans Parallel Distrib Syst 25(8):2201–2210
Li J et al (2010) Fuzzy keyword search over encrypted data in cloud computing. 2010 Proceedings IEEE (IEEE) INFOCOM, pp 1–5
Li J et al (2013) Fine-grained access control system based on outsourced attribute-based encryption. Computer security–ESORICS 2013, Springer, pp 592–609
Lomotey RK, Deters R (2014) Management of mobile data in a crop field. 2014 IEEE international conference on (IEEE) mobile services (MS), pp 100–107
Luqun L (2008) An integrated Web service framework for mobile device hosted Web service and its performance analysis. In: 10th IEEE international conference on high performance computing and communications, 2008. HPCC ‘08, pp 659–64
Mahadev S et al (2009) The case for VM-based cloudlets in mobile computing. IEEE Pervas Comput 8(4):14–23
Marinelli EE (2009) Hyrax: cloud computing on mobile devices using MapReduce. (DTIC Document)
OASIS (2005) SAML V2.0, Security Assertion Markup. http://www.oasisopen.org/committees/download.php/13786/sstc-saml-techoverview-2.0-draft-07-diff.pdf
Ong S-A (2006) A mobile Web server-based approach for tele-monitoring of measurement devices. In: 4th international conference on mobile systems, applications and services (MobiSys), ACM SIGMOBILE, Uppsala, Sweden
Prasanth A et al (2015) Cloud computing: a survey of associated services’, book chapter of cloud computing: reviews, surveys, tools, techniques and applications—an open-access eBook published by HCTL Open
Pursani PJ, Ramteke PL (2013) Mobile cloud computing. Int J Adv Res Comput Eng Technol (IJARCET) 2(4):1512–1517
Sepulveda C, Alarcon R, Bellido J (2015) QoS aware descriptions for RESTful service composition: security domain. World Wide Web 18(4):767–794
Sheng X, Gong W (2010) Mobility can help: protect user identity with dynamic credential. In: 2010 Eleventh international conference on mobile data management (MDM), pp 378–380
Song W, Wang XS (2010) In-device spatial cloaking for mobile user privacy assisted by the cloud. In: 2010 Eleventh international conference on mobile data management (MDM), pp 381–386
Srirama SN et al (2010) Security aware mobile Web service provisioning. arXiv preprint arXiv:1007.3640
Srirama SN, Jarke M, Prinz W (2006) A mediation framework for mobile web service provisioning. In: 10th IEEE International enterprise distributed object computing conference workshops, 2006. EDOCW ‘06
Tsugawa M, Matsunaga A, Fortes JAB (2014) Cloud computing security: what changes with software-defined networking? Secure Cloud Computing, Springer, pp 77–93
Vogels WA (2008) Head in the clouds—the power of infrastructure as a service. First workshop on cloud computing and in applications (CCA’08) (October 2008)
Yang K, Ou S, Chen HH (2008) On effective offloading services for resource-constrained mobile devices running heavier mobile internet applications. Commun Mag IEEE 46(1):56–63
Yu-Jia C, Li-Chun W (2011) A security framework of group location-based mobile applications in cloud computing. In: 2011 40th international conference on parallel processing workshops (ICPPW), pp 184–90
Zhou M et al (2010) Security and privacy in cloud computing: a survey. In: 2010 Sixth international conference on (IEEE) semantics knowledge and grid (SKG), pp 105–112
Pi (2010). In: Wikipedia: the free encyclopedia. Wikimedia Foundation Inc., Encyclopedia on-line. http://en.wikipedia.org/wiki/Pi. Accessed 20 June 2010
Acknowledgments
This research is funded by Kuwait Foundation for Advancement of Sciences (KFAS) under Grant Number P114-18EO-02.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
AlShahwan, F., Faisal, M. & Ansa, G. Security framework for RESTful mobile cloud computing Web services. J Ambient Intell Human Comput 7, 649–659 (2016). https://doi.org/10.1007/s12652-015-0308-5
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-015-0308-5