A holistic approach to lightweight data security in embedded cloud computing

Cloud connectivity and increased support for applications have resulted in significant amount of data that needs to be handled by embedded devices. The growth of embedded cloud as a successful service model largely depends on effectively securing such data. Data security in the domain of cloud enabled embedded devices brings about its own theoretical and practical challenges. In contrast with traditional computing devices, user/application data in embedded cloud may reside at different locations (such as embedded device, network or cloud). For example, when a user accesses a cloud based application on a smartphone, cached application data may reside on the internal storage whereas the remote storage is accessed via network to retrieve the actual user data. The location-augmented variation in the data lifecycle poses unique challenges for data security due to the asymmetric nature of resource and usage environment across different medium. However, existing approaches for data security do not consider such factors crucial for the integration of cloud enabled embedded devices. Identification and mitigation of vulnerabilities are two complimentary but essential components of security research. Forensic techniques enable researchers in identifying such vulnerabilities while security techniques protect users from those. In this research, we first apply novel forensic techniques to identify data security vulnerabilities in cloud enabled embedded devices such as smartphones and netbooks. Next, we consider different stages of the data lifecycle leading to a holistic approach in developing data security techniques for embedded cloud computing. Specifically, we explore security solutions at three crucial parts of data lifecycle: data at the local storage (embedded device), data in communication (wireless medium) and data at the remote storage (storage cloud). Our goal is to design resource efficient techniques with flexible parameters to customize the schemes. Towards that end, we propose a novel reconfigurable encryption architecture to secure data at the local storage, a physical layer technique to secure data in wireless communication, and an information theoretic scheme to secure data at the remote storage. The reconfigurable encryption architecture supports the implementation of any user-defined symmetric encryption algorithm based on substitution-permutation network. The user can configure the contents of s-boxes, permutations at each round, and number of rounds in the encryption process. Due to the reconfigurable nature of the proposed architecture, it is not possible for an attacker to directly launch the cryptanalysis or power analysis attack before committing significant resources to retrieve the encryption structure. Besides, resource consumption of symmetric encryption algorithms is directly related to the number of encryption rounds as well as implementation area. Therefore, by appropriately choosing encryption parameters, configurable and resource efficient data security can be achieved in the local storage. The physical layer security technique is built upon constellation diversity i.e. the variation in the choices of bit sequences to symbol mapping during the modulation in wireless networks. Legitimate users can secure the data on the wireless medium by using a custom constellation not known to the attacker. Although a constellation with more bits per symbol increases the search space for attacker, it consumes more resources. Accordingly, by choosing a suitable constellation, users can secure the communication balancing the usage context and resource budget. The storage enforcing security measure verifies the integrity of the data stored at the remote storage. The core of the approach is a polynomial hash based on error correcting codes. The user generates and stores the hash of the data before storing the data remotely. Upon retrieval, the user can recalculate the hash and verify the integrity. The design allows the user to choose a suitable finite field size for the error correcting code based on the usage and security requirements. The proposed techniques instantiate a holistic approach for data security in cloud enabled embedded devices. Also, the design flexibility and resource efficiency of the proposed techniques show promise in usage context aware and power aware application scenarios as well.