2014 Sixth International Conference on Computational Intelligence and Communication Networks
Anti-Theft Cloud Apps for Android Operating System 1
Abdul Wahid, 2Khaleel Ahmad, 3Gaurav Tyagi, 4M A Rizvi CS & IT Department, Maulana Azad National Urdu University, Hyderabad, India 3 CSE Department, Swami Vivekanand Subharti University, Meerut, India 4 CSE Department, NITTTR, Bhopal, India 1 2
[email protected],
[email protected],
[email protected],
[email protected] 1,2
Abstract— Cloud computing is one of the major technologies which has gained popularity in computer sciences and information technology domain. Cloud computing has changed the way of doing business by an enterprise in general and data management, retrieval & storage within a business enterprise in particular. Smartphone usage has grown rapidly in tandem with cloud computing by providing different services/applications using cloud computing. Most of the Smartphone do run on Android operating system. Android OS is the widely used Smartphone operating systems with huge user base. Everyday hundreds and thousands of application are added to the repository of Android by different vendors and are easily available for installation to android users. As most of the applications are developed by third party giving way to possible loopholes which result in different threats to security & privacy of data. These threats are critical when a user is suing cloud storage or services on Smartphone devices and if the device is stolen it may lead to access of information by an unauthorized user. This unauthorized access to information can be misused which creates distrust among the users of cloud computing on android devices. In this paper a methodology has been proposed to secure data and information from unauthorized access using android cloud application.
applications comes from the third party and gain access over the user profile on the device can leads to breach in privacy of the user and can cause serious threat to security by exploiting the loop holes of hardware [6]. Cloud computing is a statement used to describe a diversity of computing notions that include many computers which are connected via a real-time communication network such as the Intranet. Cloud computing resembles with distributed computing over a network and it has potential to run a sole program or application on various interconnected computers at a given instance at different places. The cloud computing refers to network-based services which create virtual cloud space for where any user having access and privileges can access the cloud. This virtual environment does not physically exist but a user always gets a feel of interacting with a device which communicated with one user only. The cloud can migrate, scaled up or scaled down without affecting the end user and can keep on providing the services to all the users connected to the cloud [7]. Cloud computing provides services according to numerous basic models where these model are designed in a fashion to facilitate the user. These includes Infrastructure as a Service (IaaS) which is the basic model, Platform as a Service (PaaS) an intermediate model and Software as a Service (SaaS) have the details of the lower models with significant changes. Other significant models like Anything as a Service (XaaS) are described in the taxonomy model which include Collaboration-as-a-Service, Strategy-as-a-Service, Databaseas-a-Service, Business Process-as-a-Service etc., Network as a Service (Naas) and Communication as a Service (CaaS) have been included by ITU in the year 2012 as part of the fundamental cloud computing models [7].
I.INTRODUCTION With the fast pace of development in the field of technology smart devices with touch feature has flooded the technology market all across the globe. This has resulted in huge demand for the applications and services to manage these smart devices [1]. Android operating system has emerged as one of the best choice for users. Android is an open source technology and is based on root of the Linux kernel [3] which has made it very popular among the users of smart devices, tablets, and mobile phones [3]. As Android belongs to opensource family therefore any user can modify or change the operating system and the same can be distributed by mobile device manufacturers such as wireless carriers and software developers [4]. Android is widely used as an operating system for Smartphone all across the world [19] and has surpassed Symbian in 2010[20] based on the user user-base and popularity. Android is very popular among technology companies due to less cost, Open-Source software, lightweight OS and scope for customization[21]. The smart phones have penetrated rapidly replacing the traditional mobile phones resulting in huge demand for application which can be used on these smart phones. These application are freely available from the third party for enhancing the user experience and can be downloaded by users through an apps store like Google Play or by installing the APK file of particular application from a third-party site [5]. But these 978-1-4799-6929-6/14 $31.00 © 2014 IEEE DOI 10.1109/CICN.2014.165 10.1109/.165
THE THREE BASIC MODELS OF CLOUD SERVICES: •
Infrastructure as a Service (IaaS)
•
Platform as a Service (PaaS)
•
Software as a Service (SaaS)
The smart devices running on Andriod operating system can be exposed to different threat and have been classified in three groups [8] based on location of the threat as (threat to an application, website or network). Apart from the location based threats there are threats which are linked to the unauthorized data access on a Smartphone device when it is stolen or misplaced. The impact of this threat can be mitigated to a larger extent by storing the 766 765
for the consumers and service providers. This paper aims to identify the most vulnerable and precarious security threats in cloud computing and security threats associated with cloud computing are known to both end users and vendors.
on a cloud storage and ensuring a double authentication mechanism to ensure security of data. II. RELATED WORK In paper [9] discussed architectural framework for developing hybrid cloud environments which passes over traditional private clouds and public clouds. The fundamental objective of the framework is to provide full integration control to the enterprises using hybrid cloud to increase their IT capabilities. Three types of service integration patterns that are usually faced in developing cloud integration solutions for enterprises have been discussed.
In this paper [16] authors proposed new diversified Android security constraint that rely on the SD rules ASESD, which is a lightweight application security authentication service. By scrutinizing the Geinimi and using Geinimi to appraise their program and that program is valuable in questing precarious malware. In this paper [17] author provides (1) a practical knowledge to using App Inventor (2) demonstrations of potent teaching methods in order to help attendees decide how to provide similar courses (3) pilot projects discussions by the faculty about their experiences and research work carried by students (4) time for general knowledge for creating mobile applications as an basic idea of computing. Through this paper everyone can built android application using Google app inventor.
In paper [10] authors have explained the distributed cloud storage approaches and gave an overview of different security features such as systems support. They have noticed that privacy features are not currently used in such approaches, although considered to be a crucial feature especially for enterprises. Ruben Jonathan Garcia Vargas et. al. [8] have discussed about the Android version 2.3.7 where they have given an insight into the need of growing requirement of business with augmenting more security aspects and configurations that will meet the business security protocols. However, threats present in android operating system can result into leaking of information and data which is stored on the device. They did recommend that it is essential to include additional components like encryption, better user permissions, log storages, firewall and disallow unnecessary services implicitly.
In this paper [2] researchers presented a sandbox and developed for analyzing Android applications applicable for cloud service. Therefore, they had shown how the Android emulator can be easily used to execute Android applications in an isolated environment. Unlike other sandboxes, they had added a pre-check process that can analyze Android executables in a static way. This can notify usage of malicious patterns within source code of any apps.
In paper [11] authors proposed a applicable framework which is used to provide data storage and data sharing in cloud services environment with the use of two way user cloud security. This security measure increases reliability on the cloud storage due to two security measures first by user computing and second by admin computing.
III. INTRODUCTION TO CLOUD APPs FOR ANDROID SYSTEM There are three basic service models for cloud computing are used: a) Software as a Service (SaaS) provide applications to users online through a web browser which contains conventional functionality for example Google Docs. b)Platform as a Service (PaaS) provides offers the software platform for cloud systems such as Google App Engine. c) Infrastructure as a Service (IaaS) deals with set of virtualized computing resources are available online such as storage which are hosted in the cloud computing environment where customers deploy and run their own applications to access these services. Current examples are Amazon Elastic Compute Cloud (EC2), Simple DB and Simple Storage Service (S3).
Chia-Wei Chang et. al. [12] investigated the issues of nominating multiple cloud providers and described the advantage of having multiple cloud providers, and formally defined a mathematical framework or ameliorate the quality of those algorithms that are used to select such multiple cloud service providers. This framework is used for both the object functions and cost evaluation in which optimization problems can be defined.
IAAS is most popular these days and accepted by many organizations like Google, Drop box, Microsoft at free of cost and therefore applications are being designed for such services. In addition to these many third - party apps available on online or on the apps store. The Google Play Store application allows users to download new apps or update existing apps published by Google or third-party apps developers and the apps which are pre-installed on devices that follow Google's compatibility requirements [6].
Emre Erturk [13] discussed the broader issue as to the benefits and limitations of an open source operating system (Android) with respect to security and privacy. Static analysis of malicious code can provide good quality results and lead to a higher perception. As Android’s market growing exponentially around the world and android security will be an important area of research for IT professionals. Riyadh Mahmood [14] has drive a framework for automated security testing of Android based applications on the cloud. Which provide self test case generation and provide feedback of input that ensures code coverage and expose potential security defects with the fusion of scalable fuzzing.
One of the third party apps for cloud storages (like Google drive, Sky drive, box, Drop box) are ASTRO FILE MANAGER. There are also other apps for cloud storages like Cloud Copy 4 Google Drive, ES File Explorer and X-plore File Manager. Figure 5 shows that now a days the cloud
In this paper [15] authors discussed about the cloud computing popularity has brought many security inadequacy
766 767
computing is the first priority by organization in the field of technology [18].
Cloud facilities Cloud apps
Google drive
Sky drive
Drop box
Amazon
One time login
Anti theft technology
Astro file manager ES file Explorer X-plore file manager Our cloud app
TABLE 2: SHOWS OUR CLOUD APP CAPABILITY.
V. PROPOSED FRAMEWORK TO PROTECT CLOUD DATA FROM UNAUTHORIZED ACCESS Android applications are developed using Java language and Android software development kit (SDK). Android SDK includes a set of development tools like debugger, software libraries are used for developing applications. A handset emulator based on QEMU that is used to see results of the application developed on the system without installing on android smart-phone, documentation, code samples, and tutorials for novice users. However, Android application supports Integrated Development Environment (IDE) Eclipse which uses Android Development Tools (ADT) plug-in which is available on website; developer.android.com or www.eclipse.org.There are many other development tools that are available on the web, one of the tools are Native Development Kit which is used for developing android applications, Google Apps Inventor which is also developed by Google and it is a visual environment for novice software developers for android and mobile web applications frameworks. In proposed cloud, third party apps allow users to access their data when they sign-in into their account. When mobile phone stolen, user can send message from other mobile to his stolen mobile phone for logout from accounts of cloud storages APPS. If thief changes the SIM card before sending the message then this apps will logout from all accounts of cloud storages. The following figures explain how our methodology works:
Fig.5 Top Ten Technology Priorities
The Table 1 shows the cloud growth from year 2008 to 2012 [18]. Year
2008
201
Growth
$42
27%
2 Cloud Spending
IT
Total spending
IT
16 B
$383
$ 494 B
7%
$367
$ 452 B
4%
B
Total-cloud spend Cloud spend
$ B
Total
B 4%
9%
TABLE 1: CLOUD GROWTH
IV. PROBLEM DEFINITION AND SCENARIO When we use third party apps for any cloud storage facility on android which available on one of the apps store, we have to login into our account of particular cloud storage like Google drive, Sky drive, Drop box etc. on third party apps then we get the permission to access our files on cloud storage at any time in future without login again using third party apps. But problem comes, when our mobile phone lost and thief easily accesses our files and also can download our files because there is no need to login again into our cloud storage account.
767 768
FIG.6 ANTI THEFT CLOUD APP WORKING PROCESS
768 769
[11] Ashutosh Kumar Dubey, Animesh Kumar Dubey, Mayank Namdev, Shiv Shakti Shrivastava,”cloud user security based on RSA and MD5 algorithm for resource attestation and sharing in java environment”
VI. CONCLUSION Android is an operating system which is designed on the principles of the Linux kernel and developed for touch screen devices. Android OS is “open source” software for touch screen devices and Google has released the code of android under the Apache License. Most of the android applications use single level authentication mechanism wherein a user is prompted to login with username and password once. However, the proposed software will allow a user to logout from the cloud services as and when required allowing a user to secure the data Therefore in case when mobile phone is lost or stolen by someone then an attempt to access information stored on cloud storage facility will not be allowed to access as the user would have logged out from the cloud services by sending a SMS from other mobile phone or if someone changes the SIM card then also he would not able to access the users information stored on cloud storage because this software again allow a user to logout from the cloud services.
[12] Chia-Wei Chang, Pangfeng Liu, Jan-Jan Wu, ”Probablity based cloud storage providers selection algorithms with maximum availability”, 41st International Conference on Parallel Processing (2012) [13] Emre Erturk, ”A case study in open source software security and privacy: Android Adware”, World Congress on Internet Security (WorldCIS-2012). [14] Riyadh Mahmood, Naeem Esfahani, Thabet Kacem, Nariman Mirzaei, Sam Malek, Angelos Stavrou,” A whitebox approach for automated security testing of android application on the cloud”, IEEE AST 2012, Zurich, Switzerland. [15] Farhan Bashir Shaikh, Sajjad Haider, “Security threats in cloud computing”, 6th international conference on internet technology and secured transactions(2011). [16] Wei Tang, Guang Jin, Jiaming He, Xianliang Jiang, “Extending Android Security Enforcement with A Security Distance Model”, IEEE 2011.
VII. FUTURE WORK
[17] Hal Abelson, Mark Chang, Mark Friedman, Cyprien Lomas, Dave Wolber, “Workshop - Google App Inventor for Android: Creating Mobile Applications as a First Computing Experience”, 40th ASEE/IEEE Frontiers in Education Conference W1C-1(2010).
The proposed software will enhance the security of data stored on cloud storage from first-level to second-level with logout facility from cloud services. However, the application will not be of great help if the message center number is changed by an unauthorized person as the device will stop receiving messages due to which a legitimate user will not be able to logout from the cloud services. Therefore, the future course of research may be in extending this solution to secure the privacy and security of user data on cloud storage or to develop a new method/technique to ensure the safety and security of data and information stored on cloud storage.
[18] Shuai Z; Shufen Z; Xuebin C; Xiuzhen H; (2010), “Cloud Computing Research and Development Trend”, 2nd International conference on Future Networks, 2010. ICFN ' 10. pp 23, 22-24 Jan 2010. [19] “Google's Android becomes the world's leading smart phone platform". Canalys.com January 31, 2011. Retrieved 11 NOV 2013. [20] “Android steals Symbian's top Phonearena.com. 10 OCT 2013.
REFERENCES [1]
Joachim Schaper, “Cloud Services”, 2010 4th IEEE International Conference on Digital Ecosystems and Technologies (IEEE DEST 2010)
[2]
Thomas Bl¨asing, Leonid Batyuk, Aubrey-Derrick Schmidt, Seyit Ahmet Camtepe, and Sahin Albayrak, “An Android Application Sandbox System for Suspicious Software Detection”, 5th International Conference on Malicious and Unwanted Software (IEEE 2010)
[3]
“ANDROID OVERVIEW” Open Handset Alliance. 15 OCT 2013
[4]
http://en.wikipedia.org/wiki/Android_(operating_system) 11 NOV 2013
[5]
Ganapati, Priya (June 11, 2010). "Independent App Stores Take On Google's Android Market". Wired News. 2 NOV 2013.
[6]
"Android Compatibility". Android Open Source Project. 5 NOV 2013.
[7]
http://en.wikipedia.org/wiki/Cloud_computing, 11 NOV 2013
[8]
Ruben Jonathan Garcia Vargas, Ramon Galeana Huerta, Eleazar Aguirre Anaya, Alba Felix Moreno Hernandez, “Security Controls for Android”, Fourth International Conference on Computational Aspects of Social Networks (CASoN),(IEEE 2012)
[9]
Gerd Breiter, Vijay K. Naik, “A Framework for Controlling and Managing Hybrid Cloud Service Integration”, 2013 IEEE International Conference on Cloud Engineering.
Smartphone
OS
crown".
[21] Brodkin, Jon (2012-11-05). "On its 5th birthday, 5 things we love about Android". Ars Technical. Retrieved 17 OCT 2013.
[10] Daniel Slamanig, Christian Hanser, “on cloud storage and clouds of cloud approach”, The 7th International Conference for Internet Technology and Secured Transactions (ICITST-2012).
769 770
