Abstract
Preventing data leakage on the mobile client is a crucial security problem. Therefore, additional control and protection should be taken for the confidential data on the mobile clients that leave the boundaries of the organization. This paper presents a novel approach to the security of the corporate mobile clients, in particular when they operate in the offline mode. The presented approach includes the essential conceptualization and the definition of the core methodology to solve the problem of offline mobile security, i.e. the protection of the confidential data in use when the mobile client is not connected to the corporate cloud. The protection of the sensitive data is provided by the combination of cryptographic means and analytics methods to detect malicious user behavior. The proposed security architecture supports the basic mobile client protection principles: minimized traffic load and reduced communication with the cloud; usage of light-weighted operations and an optimized combination of the security methods.
Similar content being viewed by others
References
Cloud security alliance (2016) Top Threats Working Group https://cloudsecurityalliance.org/group/top-threats, accessed: 2016-01-15
B. D. S. BV (2016) Storgrid EFSS: Secure Enterprise File Sharing Software http://www.storgrid.com, accessed: 2016-01-15
Bellovin S M, Merritt M (1992) Encrypted key exchange: Password-based protocols secure against dictionary attacks Proceedings., 1992 IEEE Computer Society Symposium on Research in Security and Privacy. IEEE, pp 72–84
Bogos S, Boureanu I, Vaudenay S (2013) Primeless factoring-based cryptography Applied Cryptography and Network Security. Springer, pp 552–569
Campbell M (2015). Cloud data encryption is easy. Cloud Cyphercloud blog http://www.ciphercloud.com/blog/cloud-data-encryption-easy/, accessed: 2016-01-15
Chang H, Hari A, Mukherjee S, Lakshman T (2015) Design and architecture of a software defined proximity cloud. Advances in Mobile Cloud Computing Systems, p 123
Da Costa J, Thakre A, Roemer F, Haardt M (2009) Comparison of model order selection techniques for high-resolution parameter estimation algorithms Proceedings 54th International Scientific Colloquium (IWK’09), Ilmenau, Germany
Galibus T (2014) Access control for the cloud storage Proceeding of the 3rd Belarus-Korea Forum Science “Innovation, Production”, Minsk
Galibus T, Matveev G (2007) Generalized mignotte sequences in polynomial rings. ENTCS 186:39–45
Galibus T, Vissia H (2015) Cloud storage security Network Security and Communication Engineering: Proceedings of the 2014 International Conference on Network Security and Communication Engineering (NSCE 2014). CRC Press, Hong Kong, p 123
Galibus T, Matveev G, Shenets N (2008) Some structural and security properties of the modular secret sharing SYNASC’08. 10th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing. IEEE, pp 197–200
Galibus T, Gafurov S, Kaganovich D, Vissia H (2015) Mobile security based on the secret sharing. J Brest State Tech Univ 5:33–36. in Russian
Gartner (2015) Key challenges in cloud computing. Cloud Computing http://www.gartner.com/technology/topics/cloud-computing.jsp, accessed: 2016-01-15
Goyal V, Pandey O, Sahai A, Waters B (2006) Attribute-based encryption for fine-grained access control of encrypted data Proceedings of the 13th ACM Conference on Computer and Communications Security. ACM, pp 89–98
Heydari M, Sadough S M S, Farash M S, Chaudhry S A, Mahmood K (2016) An efficient password-based authenticated key exchange protocol with provable security for mobile client–client networks. Wirel Pers Commun 88(2):337–356
Higashi M (2015) Cloud data security and eu data privacy rules compliance with encryption and tokenization. Cloud Security, Compliance http://www.ciphercloud.com/blog/cloud-data-security-and-eu-data-privacy-rules-compliance-with-encryption-and-tokenization/, accessed: 2016-01-15
Huang C T, Chang R K, Huang P (2009) Signal processing applications in network intrusion detection systems. EURASIP J Adv signal Process 2009(1):1–2
Itani W, Kayssi A, Chehab A (2010) Energyefficient incremental integrity for securing storage in mobile cloud computing 2010 International Conference on Energy Aware Computing (ICEAC). IEEE, pp 1–2
James N, Elaine B, Lawrence B, William B, Morris D, James F, Roback E (2000) Report on the development of the advanced encryption standard (aes). NYST http://csrc.nist.gov/archive/aes/round2/r2report.pdf, accessed: 2016-01-15
Kaspersky (2014) Mobile cyber threats. Kaspersky Lab & INTERPOL Joint Report http://media.kaspersky.com/pdf/Kaspersky-Lab-KSN-Report-mobile-cyberthreats-web.pdf, accessed: 2016-01-15
Khan A N, Kiah M M, Khan S U, Madani S A (2013) Towards secure mobile cloud computing: A survey. Fut Gener Comput Syst 29(5):1278–1299
Khan AN, Kiah MM, Ali M, Madani SA, Shamshirband S et al (2014) Bss: block-based sharing scheme for secure data storage services in mobile cloud environment. J Supercomput 70(2):946–976
Khan A N, Kiah M M, Ali M, Shamshirband S et al (2015) A cloud-manager-based re-encryption scheme for mobile users in cloud environment: a hybrid approach. J Grid Comput 13(4):651–675
Khan AR, Othman M, Madani SA, Khan SU (2014) A survey of mobile cloud computing application models. Commun Surv Tutorials, IEEE 16(1):393–413
Kulkarni P, Khanai R (2015) Addressing mobile cloud computing security issues: a survey International Conference on Communications and Signal Processing (ICCSP). IEEE, pp 1463–1467
Lawson C, MacDonald N, Lowans B (2015) Market guide for cloud access security brokers. Gartner research http://www.gartner.com/technology/reprints.do?id=1-2RUEH70&ct=151110&st=sb, accessed: 2016-01-15
Lu W, Ghorbani A A (2009) Network anomaly detection based on wavelet analysis. EURASIP J Adv Signal Process 2009:4
Mayrhofer R (2015) An architecture for secure mobile devices. Secur Commun Netw 8(10):1958–1970
McAfee (2015) Mcafee labs threats report. http://www.mcafee.com/us/resources/reports/rp-quarterly-threats-aug-2015.pdf, accessed: 2016-01-15
Ren W, Yu L, Gao R, Xiong F (2011) Lightweight and compromise resilient storage outsourcing with distributed secure accessibility in mobile cloud computing. Tsinghua Sci Technol 16(5):520–528
Shila D M, Shen W, Cheng Y, Tian X (2016) Amcloud: Toward a secure autonomic mobile ad hoc cloud computing system. to appear
Skyhigh (2015) What is cloud access security broker. Skyhigh Cloud University https://www.skyhighnetworks.com/cloud-university/what-is-cloud-access-security-broker/, accessed: 2016-01-15
Tenório D F, Da Costa J P C, De Sousa Júnior R T (2013) Greatest eigenvalue time vector approach for blind detection of Malicious traffic. ICoFCS 2013 p 46
Van Lelyveld A (2013) Sap mobile platform secure mobile with mocana. SMP Enterprise Grade Mobility http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/8063ed15-0713-3110-c584-e75ac0395b20?QuickLink=index&overridelayout=true&58725087881424, accessed: 2016-01-15
Xia Y, Liu Y, Tan C, Ma M, Guan H, Zang B, Chen H (2015) Tinman: eliminating confidential mobile data exposure with security oriented offloading Proceedings of the Tenth European Conference on Computer Systems. ACM, p 27
Yang J, Wang H, Wang J, Tan C, Yu D (2011) Provable data possession of resource-constrained mobile devices in cloud computing. J Netw 6(7):1033–1040
Yovel Y (2014) Essential ways to protect my mobile apps. Security Intelligence e-magazine https://securityintelligence.com/how-to-protect-mobile-apps-essentials/, accessed: 2016-01-15
Zhao G, Rong C, Li J, Zhang F, Tang Y (2010) Trusted data sharing over untrusted cloud storage providers IEEE Second International Conference on Cloud Computing Technology and Science (CloudCom). IEEE, pp 97–103
Acknowledgments
The authors thank the Brazilian research and innovation Agencies CAPES - Coordination for the Improvement of Higher Education Personnel (Grant 23038.007604/2014-69 FORTE - Tempestive Forensics Project), FINEP - Funding Authority for Studies and Projects (Grant 01.12.0555.00 RENASIC/PROTO - Secure Protocols Laboratory of the National Information Security and Cryptography Network), FAPDF - Research Support Foundation of the Federal District (Grants 0193.001366/2016 UIoT - Universal Internet of Things and 0193.001365/2016 - Secure Software Defined Data Center - SSDDC), and CNPq - National Council for Scientific and Technological Development (Productivity Grant 303905/2014-0 and PVE Grant 88881.030392/2013-01), as well as the European CSF - Aerospace Technology Program (PDE scholarship within project 207644/2015-2), for their support to this research.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Galibus, T., de B. Vieira, T.P., de Freitas, E.P. et al. Offline Mode for Corporate Mobile Client Security Architecture. Mobile Netw Appl 22, 743–759 (2017). https://doi.org/10.1007/s11036-017-0839-4
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11036-017-0839-4