Policy-based security channels for protecting network communication in mobile cloud computing

In this paper we present a set of policy-driven security protocols for ensuring the confidentiality and integrity of enterprise data in mobile cloud computing environments. The proposed protocols leverage trusted authority entities and the “elastic” virtualized nature of the cloud computing model to provide energy-efficient key management mechanisms and policy-driven data protection techniques that support the secure interaction of the mobile client with an assortment of cloud software and storage services. The main contribution lies in: (1) Offloading the intensive asymmetric key agreement mechanisms from the mobile client and delegating them to resource-lucrative trusted authority sites. This is achieved by aggregating the security associations, required to agree on symmetric keys between the client and the cloud services, in a single security association between the client and the trusted authority. The aggregation concept results in major energy savings especially when the client consumes a relatively large set of services as is the case in cloud computing today. (2) Designing a customizable policy-based security architecture that considers the sensitivity of cloud data to provide multi-level and fine-grained data protection methodologies that suit the energy-limited mobile devices and the low-bandwidth wireless networks characterizing current mobile cloud computing models. The system is implemented in a real cloud computing environment and the savings in terms of energy consumption and execution time are analyzed.