Secure and quality-of-service-supported service-oriented architecture for mobile cloud handoff process

Accepted Manuscript Title: Secure, and quality-of-service-supported service-oriented architecture for mobile cloud handoff process Author: Abdul Razaque, Syed S. Rizvi, Meer Jaro Khan, Qassim Bani Hani, Julius P. Dichter, Reza Meimandi Parizi PII: DOI: Reference:

S0167-4048(17)30010-X http://dx.doi.org/doi: 10.1016/j.cose.2017.01.006 COSE 1095

To appear in:

Computers & Security

Received date: Revised date: Accepted date:

20-7-2016 19-12-2016 12-1-2017

Please cite this article as: Abdul Razaque, Syed S. Rizvi, Meer Jaro Khan, Qassim Bani Hani, Julius P. Dichter, Reza Meimandi Parizi, Secure, and quality-of-service-supported serviceoriented architecture for mobile cloud handoff process, Computers & Security (2017), http://dx.doi.org/doi: 10.1016/j.cose.2017.01.006. This is a PDF file of an unedited manuscript that has been accepted for publication. As a service to our customers we are providing this early version of the manuscript. The manuscript will undergo copyediting, typesetting, and review of the resulting proof before it is published in its final form. Please note that during the production process errors may be discovered which could affect the content, and all legal disclaimers that apply to the journal pertain.

Secure, and Quality-of-Service-Supported Service-Oriented Architecture for Mobile Cloud Handoff Process 1

Abdul Razaque

Computer Science Department New York Institute of Technology, USA [email protected]

2

Syed S. Rizvi

Department of Information Sciences and Technology, Pennsylvania State University, PA, USA [email protected]

3

Meer Jaro Khan

Engineering Department Rawal Cadet College Rawalpindi, Pakistan meerjk@ publicist.com

4

Qassim Bani Hani

Department of Computer Science & Engineering University of Bridgeport, CT-06604, USA [email protected]

5

Julius P. Dichter

Department of Computer Science & Engineering University of Bridgeport, CT-06604, USA [email protected]

6

Reza Meimandi Parizi

Computer Science Department

Page 1 of 31

New York Institute of Technology, Nanjing Campus, China [email protected]

Abdul Razaque received his PhD degree in Computer Science & Engineering from the University of Bridgeport, USA. His research interests include the wireless sensor networks, cloud computing security, design and development of mobile learning environments, multimedia applications and ambient intelligence. He has authored over 100 international academic publications including journals, conferences and book chapters. He is currently active researcher of Wireless and Mobile Communication (WMC) laboratory, UB, USA. He served as Editor-in-Chief for International Journal for Engineering and Technology (IJET), Singapore from 2012-2015. In addition, he is Editor, Associate Editor and Member of Editorial Board for several international Journals. He is currently working as an Assistant Professor of Computer Science in the School of Engineering and Computing Sciences at the New York Institute of Technology. You can reach at: [email protected]

Syed Rizvi is an Assistant Professor of Information Sciences and Technology at the Pennsylvania State University Altoona. He received his doctorate in Modeling and Simulation for large-scale networks from the University of Bridgeport in 2010. His research interests lie at the intersection of computer networking, information/computer security, multiuser communications, and modeling and simulation. Recently, he has been working on security issues in cloud computing, cognitive radios for wireless communications, and modeling and simulation of large-scale networks. His expertise includes the design, analysis, implementation, optimization, and comparisons of algorithms in the areas of wireless/multiuser communications, wireless sensor networks, information security, and parallel/distributed systems. He has authored and coauthored several technical refereed and non-refereed papers in various conferences, journal articles, and book chapters in research and pedagogical techniques. He is a member of IEEE Communications Society and the ACM.

Page 2 of 31

Meer Jaro Khan is undergraduate student senior high school student at Rawal Cadet College Rawalpindi, Pakistan. Meer is interested in designing the complex mathematical modeling including security of the cloud computing, wireless sensor networks and cyber physical system. He is IEEE student member. He can be contacted on email: [email protected]

Qassim Bani Hani is pursuing towards his Ph.D., Department of Computer Science and Engineering University of Bridgeport, Bridgeport, at the CT. Qassim’s interests are in Cloud computing, Cloud computing mobility, and Cloud localization. He has authored and coauthored several technical refereed papers in various conferences, and journal articles. He is IEEE member.

Julius Dichter is an Associate Professor in the department of Computer Science and Engineering at the University of Bridgeport in Connecticut. He received his M.S. degree from the University of New Haven and the Ph.D. from the University of Connecticut in the area of parallel computing optimization. He has authored and coauthored several technical refereed and non-refereed papers in various conferences, journal articles, and book chapters in research and pedagogical techniques. His research interests include parallel and distributed system performance, security of the cloud computing, algorithms and object-oriented systems. Dr. Dichter is a member of IEEE, ACM, and ISCA.

Page 3 of 31

Reza M. Parizi is a consummate technologist and researcher with an entrepreneurial spirit. He holds a Ph.D. degree in Software Engineering and has more than 5 years of working experience in industrial software development and project managing. His research interests are software engineering, cloud engineering, IoT, software testing and quality assurance, gamification and data, software traceability, object- and aspect-oriented programming, software development tools, and empirical studies. He has published several research papers in reputable scientific journals and international conferences and also has two copyrights to his credit. He is currently an Associate Professor of Computer Science in the School of Engineering and Computing Sciences at the New York Institute of Technology, Nanjing campus, China. Abstract: Mobile Cloud Computing (MCC) combines the features of mobile computing, cloud computing, and wireless networks to create the healthy computational resources to mobile cloud users. The MCC aims is to execute the highly attractive mobile applications on a plethora of mobile cellular telephones, with highly rich user experience. From perspective of mobile clouding computing, Quality of Service (QoS) provisioning depends on efficiency of the handoff process. Thus, it is highly important to introduce an energy efficient and secure hand off process to improve the performance. In this paper, we propose a Secure seamless Fast Handoff (SSFH) to improve the energy efficiency and QoS in the mobile cloud computing. The proposed paradigm consists of four exciting layers: application layer, service layer, Infrastructure layer, media layer. These four layers collectively handle the security, an energy-efficiency and QoS. Existing service-oriented architectures designed for the mobile cloud computing are based on the symmetric encryption cryptography to support the application layer, but it is much easier for adversary to expose the symmetric key and gain the access to the private data. The application layer is secured using attribute-based encryption cryptography based on asymmetric encryption cryptography. Extending the mobile lifetime, energy detection (ED) model is deployed at the infrastructure layer to detect the energy level of the mobile device prior to re-registration process. Furthermore, dual authentication process is performed on the service and application layers. Thus, there is less possibility of identity-high jacked or impersonate. The media layer supports the secure handoff process using policy enforcement module that allows only legitimate users to complete the re-registration process after initiating the handoff. Thus, a significant amount of the bandwidth and energy could be preserved. Finally, the secure service-oriented architecture is programmed using C++ platform and its performance is also compared with other known existing service-oriented architectures. The experimental results confirm the validity and effectiveness of our proposed architecture. Keywords: Mobile cloud computing, hand off process, service-oriented architecture, asymmetric encryption cryptography, attribute-based encryption cryptography, service-oriented architecture, energy detection, secure and strong authentication. 1.

Introduction

Cloud computing is an emerging information technology platform that has considerably transformed the idea of computing infrastructure, software distribution, and development models [1]. The cloud computing is the highly demanding model that provides the outstanding resources such as on-demand delivery, ubiquitous network access, self-service, location independent resource sharing, and usage-based pricing adaptation. The cloud computing is anticipated as the next generation advanced model [2], [3], [4]. The Cloud computing provides many advantages such as ground-breaking massive structure where clients can distantly store confidential information to gain ondemand critical computing resources. Furthermore, rapid deployment of mobile technology has greatly increased the significance of the cloud computing tremendously. Everyone wants to have an access to the cloud computing resources anytime and anywhere. Now-a-days the usage of the mobile devices increases rapidly, about 95% of the people are using mobile devices particularly the smart phones [5]. The smart phones offer several utilities such as short message service (SMS), multimedia message service (MMS) and videos [6]. Mobile cloud computing refers to the organization where both the data processing and data storage occur externally. Mobile devices get several cloud applications from remote places to exchange successful information. Mobile cloud computing is a smart structure for mobile applications whereby the storage and data processing are shifted from the mobile device to authoritative and consolidated computing environment in the clouds. Subsequently, these consolidated applications are retrieved using mobile devices. With use of the portable devices, the cloud computing has obtained even more attention from the research community. From one perspective, the cloud computing provides the several benefits using the portable

Page 4 of 31

devices. The mobile telephone provides the mobility support to move from one network to another network rapidly as this feature meets our needs. When the mobile devices move from one access point to another or change its attachment, the mobile’s battery starts to run out of the power because the energy contained in the battery for a mobile device is limited. Hence, one of the significant concerns met in the mobile cloud is the energy mobility management. When a mobile device accesses the cloud computing resources as a handoff initiates, more power and bandwidth are consumed and QoS parameters are affected. The handling of the handoff issue has been addressed and some approaches have been proposed [7], [8], [9], [10], [11], [12], [13]. However, all these existing handoff approaches obtain the cloud computing resources through the traditional way, which as a result, degrades the QoS provision. However, improving the efficiency of the mobile cloud computing, [14] has proposed the branch and bound technique based on the heuristic algorithms to obtain swapping [15]. The service-aware location updated structure is proposed in [16] for determining the incidence and location of the portable devices without use of periodic registration update. Another approach of the handover management in the heterogeneous cloud network was introduced [17] that integrates the heterogeneous small cell network and cloud computing. The approach combines the cloud radio access with the tiny cells to handle the hand over process. However, the scheme focuses on the cloud computing mitigation. Maintaining the handoff with a robust way is needed in the emerging cloud computing environment [18], [19], [20]. Mostly, the handoff process provides the platform for adversary to attack on our sensitive data [21-22]. Furthermore, there is high possibility to slow down the service [23]. There are several expected attacks on the mobile cloud computing such as privacy, integrity, and authentication [5]. In mobile computing, the large data is stored in the cloud servers. Here, we have to consider three factors; the mobile cloud should securely store the data, the data should be transferred correctly, and finally the data should be received by the correct user [6]. Handling to these three factors are cumbersome process. Thus, transferring the data from the cloud to mobile devices face the problem of malicious users that can exploit the confidential and sensitive data. Limiting the access of adversary to mobile cloud computing, secure packet authentication mechanism (SPAM) was introduced for the handover process, but it only provides minimal support for the users' privacy [24]. In addition, it attempts to reduce the computational cost but not an energy consumption. Follow-Me cloud was introduced to handle the mobility restriction and also supported to could handover. All existing approaches focus on the handover including the computational cost and a location update. However, there is the great lack of the paradigm to support the fast seamless handoff including user authentication, secure encryption and energy efficiency to improve the QoS provisioning. Thus, we introduce the state-of-art secure service-oriented architecture that consists of four layers: application, service, infrastructure and media for handling the seamless fast handoff. The architecture aims to support the mobile devices to gain the access to the mobile cloud severs securely and efficiently. The paper contributes as follows 



The novel dual authentication process is deployed to confirm only the access of the legitimate mobile device to use the resources of mobile cloud servers. The dual authentication process is performed on two layers: application and service. At the application layer, ‘N’ numbers of secure authentication servers are deployed that are the responsible to check the malicious behavior of mobile device prior to giving an access to serving mobile cloud servers. The secret key is partitioned and stored at different authentication servers and matched with the profile of mobile cloud user to determine its authenticity. If one authentication server is either compromised or behaving the maliciously, then there is minimum possibility to have an access of illegitimate mobile cloud users to the mobile cloud servers due to the storage of the secret key at the different authentication servers. As, this process controls the malicious behavior of the mobile device because there is high possibility rate of mobile device’s identity to be attacked during the handoff process. The most of attackers install their malicious nodes nearby access points or the base stations that could easily capture the identity of the of the handoff- initiating mobile device. Furthermore, second authentication process is performed for the International Mobile Subscriber Identity (IMSI) of the Equipment Identifier (UE) at the service layer. The service layer does authentication process using Machine Type Communication-Authentication, Authorization and Accounting (MTC-AAA) server. Thus, there is great possibility of mobile device using fake IMSI is blocked and an access to mobile cloud servers is restricted. The role-based management server is deployed at the application layer that does the job of the access control. It separately deals with each mobile cloud user based on its assigned rule so that it performs

Page 5 of 31







different functionalities for each mobile cloud user (e.g., Role-Based Encryption, Role-Based Decryption, Role Assignment and Management, user Insertion and deletion). As, these features do not allow any mobile cloud user to use the service for which that is not authorized for it. Location Locator Server is deployed at the server layer that determines the location of handoff-initiating mobile cloud user that could control the loss of data when initiating the handoff process. When a location of the mobile cloud user is unknown that is expected that outsourcing data should not reach to the handoff initiating mobile cloud user. As, this server helps improve the throughput, reduce the latency and data loss. Energy detection model is deployed at the infrastructure layer that helps calculate the consumed energy during the registration process. As, this feature provides energy information prior to transmitting or receiving the data. Furthermore, this model helps avoid the discontinuation of data delivery because mobile device can choose the data sending process based on the available energy. If the energy of the mobile cloud user is insufficient, then it does not need to choose upload or download the file, document, App etc. with larger size. As, this feature is highly recommended for improving the QoS parameters. Seamless fast handoff is used that is supported with new feature the policy enforcement module that permits only legitimate users to complete the re-registration process after initiating the handoff process. As, a result, reliable data delivery is possible. Thus, a considerable amount of the bandwidth and energy is saved.

The remainder of the paper is organized as follows. The section 2 discusses the problem significance and secure service-oriented architecture designed for the seamless fast handoff process including attribute-based encryption, secure authentication. The section 3 presents the experimental results and analysis. The section 4 presents the salient features of the existing approaches and finally entire paper is concluded in the section 5. 2.

PROBLEM SIGNIFICANCE AND SECURE SERVICE-ORIENTED ARCHITECTURE FOR HANDOFF

The main goal of mobile cloud computing is to offer suitable and speedy access to mobile users to obtain data from the cloud server; such expedient and speedy access means using the cloud computing resources efficiently through mobile devices. One of the major challenges in mobile cloud computing is in the handoff process. The nature of mobile devices including the characters, wireless connectivity, and limitation and restrictions could be a hurdle for the handoff process. As a result, there are the possibilities of data loss and security threats [25]. Moreover, wireless network connectivity is characterized by irregular, low-bandwidth and less reliable transmission. Maintaining the sessions during the handoff between nomadic mobile cloud computing users in the wireless network comprising assorted technologies and features is a serious concern to fully realize security and QoS [26] [27]. The sporadic connectivity due to handoff causes additional consumption of limited mobile resources, and an uneven application execution delay greatly affects QoS provisioning. Seamless handoff connectivity in a mobile cloud computing environment requires a consistent inter-system handoff approach to meet mobile user service requirements. Handling the efficient handoff process requires amalgamation and interoperation of mobility management methods. Because those methods should address intra- and inter-architectures, intersystem mobility is of particularly paramount significance for the mobile cloud computing environment. Hence, to reduce the overabundance of heterogeneity-driven issues, particularly congestion, rate adaptation and interoperation among different networks, the handoff process must be fully addressed. However, the radical scrambles in cyber-crimes and Internet extortions could be the cause of a handoff process. At a quick glimpse, security threats caused by the handoff process affect the wide-ranging functions of mobile applications on cellular telephones. Thus, privacy and confidentiality become more unpredictable in mobile cloud computing. Hence, the lack of an efficient, demanding and adaptive security architecture is a possible challenge with disastrous consequences for service providers and users in the mobile cloud computing environment. Realizing such a dynamic need for secure handoff and keeping these concerns as the first priority, we deploy a secure, energy-efficient and QoS-driven service-oriented architecture for successful handoff to avoid data loss and security threats. The architecture consists of four layers and involves several utilities depicted in Figure 1.    

Application layer Service layer Infrastructure layer Media layer

Page 6 of 31

2.1. Application Layer This layer involves two types of important servers which perform the secure authentication and role-based access control.   2.1.1.

Secure authentication Server Role-Based Management Server Secure Authentication Server

The secure authentication process is deployed at the Secure Authentication Servers (SASs) that provides the authentication prior to using the different types of services (e.g. Web, video-on-demand, videoconferencing, Internet-surfing, email, telephony, fax and voice over IP etc.). The secure authentication algorithm confirms the authenticity of mobile cloud user. The cloud service server is capable to encrypt the outsourcing data, but it does not have capability to authenticate the legitimacy of the mobile cloud user. Thus, our approach uses the unique authentication process to support full authentication by protecting the different types of services. In the most cases, single authentication server could be compromised and there is huge possibility for the malicious mobile device to gain the access of the mobile cloud server. Thus, our algorithm stores the validation key at the different servers by splitting into many pieces. If an adversary attempts to capture the resources of a single server to be authenticated illegitimacy, but this malicious action does not allow to the adversary to gain the access to the services because the pieces of the keys are stored on the different servers. The adversary cannot gain the access to the services until it captures all the authentication server. Practically, it is harder for the adversary to gain the access to all of the authentication servers. As a result, the SAS can certainly secure our services and personal data from the adversary. The key obtainment procedure is described in algorithm 1. Algorithm1:Mobile device authentication and key obtainment process using secure authentication servers 1. Initialization: { :Mobile cloud user, Cloud service server; : Main authentication server : Authentication servers : Subscriber information server; : Fragmented key; : Services; L: Legitimate; : Authentication token; : authenticated mobile cloud user} 2. Input: { } 3. Output: { , } 4. requests => 5. forwards to 6. If = L then 7. releases 8. declines 9. 10. compares 11. 12. endelse 13. For ( =0; 14. 15. 16. 17. otherwise 18. Denied access to 19. endif 20. endfor From the steps 1-3, the initialization, input and output processes are given. In step-4, the mobile cloud user : requests to the subscriber information server to be authenticated in order to obtain the services from the mobile cloud servers. In step-5, the subscriber information server forwards the request to the main authentication server

Page 7 of 31

. The authenticity of the mobile cloud user is checked in the step-6. If the mobile cloud user is legitimate, then main authentication server releases the authentication token in step-7. However, the mobile cloud user is not allowed to gain the access to the cloud servers until, the issued authentication token is further validated with the authentication key that is fragmented and stored on the other authentication servers. In step-8, the illegitimate mobile cloud user is declined without redirecting its request to the authentication servers for validation process. In the case of the legitimate mobile cloud user, the request for obtaining the service is redirected to other authentication servers in step-9. The mobile cloud user initiates the authentication process by sending the authentication token to the authentication servers given in step-10-12. The issued token is compared with the fragmented keys stored on the all authentication servers until the authentication token is either matched and verified or not matched explained in steps 13-14. If the authentication token of the mobile cloud user matches with all the fragmented parts of the key stored on the authentication servers, then mobile cloud user is declared as authenticated mobile cloud user described in steps 15-16. Thus, the authenticated mobile user is granted the access to use the cloud servers for obtaining different types of the services. If an authenticated token of the mobile cloud user could not be matched with the fragmented parts of the key, then access of the mobile cloud user is denied to the cloud server in step-18. The pictorial representation of the algorithm-1 is depicted in Figure 2. 2.1.2.

Model Construction and Role-Based Management Server

In constructing the system model, we prefer to use attribute-based encryption, which helps generate the public key for the data encryption and maintain the access control of the mobile cloud user. Our model supports a cloud service server to maintain the flexible and scalable control policy so that only authorized mobile users are allowed to gain access to the cloud. We focus on creating the key components to provide a seamless minimization of malicious activities without interjecting the legitimate cloud users. We use attribute-based encryption. Furthermore, we apply a compound-order bilinear process , in which the process is the combination of four prime numbers: . The entire process involving the sub-processes that strengthens the encryption process can be expressed as follows:

The proposed system consists of cipher-texts and keys that could work either semi-functionally or normally. We include the cipher-texts and normal keys in sub-processes , and are used with cipher-texts and semi-functional keys. In other words, are orthogonal with where cipher-texts and normal keys exist. Let us assume that represent the sub-process in T. We use a random generator that is used as an identity element for sub-processes that can be written as . Similarly, we can use , so is the random generator for the entire process. The distribution process of random generation is written as

We can describe the characteristics of random generation algorithm

where

as

: product, D: distribution process and e: elements

Page 8 of 31

We observed that

can be expressed with elements

.

The model consists of some important features given as    

Role-Based Encryption Role-Based Decryption Role Assignment and Management Mobile Cloud User Insertion and deletion

2.1.2.1. Role-Based Encryption

This process consists of five sub-processes.   

Initialization key setup process Key generation and sharing process



Encryption Process

i.

Initialization

This process helps initialize the secret key for the encryption process. Let C 1, C2 and Ck be three groups and be Tustin's method used in [26]. We randomly pick two generators—e.g., . Subsequently, we create two secret values and hash functions. Secret values:

& Hash function:

Therefore, the key space for the secret encryption key ‘

. can be obtained using a master secret key

given by

where K1: the maximum cloud users, K2: number of assigned roles to each cloud user

and

: public key.

ii. Key Setup Process The HSS generates two keys in the initialization process—master key and public key attribute , chooses two random element and publishes its public key as

—that are used for each

The HSS does not share the master key but keeps it confidential, written as

iii. Key Generation and Sharing Process The key generation process is written as . The generation of the key for for the attribute relating to the cloud service server and identity generator is given by

The cloud service server sends a set of public keys

to only authorized mobile cloud users

given by

Page 9 of 31

iv. Encryption Process Maintaining the security of the mobile cloud user is the most important task because encrypted data secure the privacy of the mobile cloud users. Let us assume that the cloud service server intends to encrypt the data for the specific role ‘ ’. Therefore, the HSS server chooses the random values . Thus, values can be calculated as follows:

The cloud service server applies the encryption scheme cipher text is uploaded as

to encrypt the data

with the key ‘n’. Thus, the

2.1.2.2. Decryption Process Let us assume that the cipher text message is encrypted; to decrypt the message, we first compute

service server uses the master key

for the subset of the rows these rows. Thus, the decryption process is computed as

The cloud service provider picks the constants

. The cloud

of H such that (1, 0, . . . , 0) is the extent of

such that

that

can be calculated as

Thus, after the decryption process, the original message can be obtained as follows:

2.1.2.3. Role Assignment and Management This process helps assign the role to mobile cloud users to use a secret key to enter into the cloud data against the assigned role. Let us assign the secret role to each mobile cloud user. Thus, the user secret role key is issued to each user based on the assigned role against user role identity , which can be written as

After the completion of role assignment and issuance of the decrypted key, managing the role is a critical process to determine the perfection of each mobile cloud user. Let us assume that the set of cloud users is ; then, the set of cloud user identities can be defined as

Page 10 of 31

All assigned roles to each mobile cloud user should be displayed in the role management table. Thus, the role manager accumulates and distributes the roles in the sequence-ordered pairs ) of public parameters in the cloud.

and 2.1.2.4. Cloud User Insertion and Deletion The role manager server has another responsibility to determine the legitimate mobile cloud users to insert them in sequence order according to their assigned specific roles. Let us assume that the role manager server wants to insert cloud user with assigned identity ‘ ’, and the total number of cloud users be ‘ ’, who are assigned the current roles . If the remaining mobile cloud user is not assigned to any role in the cloud, then the role manager server attempts to determine the remaining role to assign the remaining user to complete the role assignment procedure. Thus, the role manager server checks the remaining roles from the total roles ‘ ’ and selects two random variables if has an empty role or uses the existing otherwise. The role manager then inserts a new and forwards the sequence order of newly inserted mobile cloud users. Therefore, new forwarded sequence-ordered pairs ( ) to the cloud using secure channel communication are given by

and

where : number of messages and

: hash function

The cloud distributes another role parameter

set as follows:

The role manager can also delete cloud user from the sequence-ordered pairs (pole list of mobile cloud users). Let us assume that the role manager desires to delete the cloud user’s identity ‘ ’ from the total number of cloud users ‘ ’. If the expected deletion of cloud user either does not perform the assigned task according to the roles or does so as an adversary, the role manager deletes the cloud user’s identity ‘ ’ from . Furthermore, assigned roles are also deleted from the total roles ‘ ’ by selecting the two random variables . The role manager then deletes the entry of cloud user and sends the deleted records to the sequence-ordered pairs to update the list of cloud mobile users including roles that can be recomputed as follows:

Page 11 of 31

And,

The role manager distributes another role parameter

given by

2.2. Service Layer MTC-AAA (Machine Type Communication-Authentication, Authorization and Accounting) server is used to mapping of the International Mobile Subscriber Identity (IMSI) with the external identifier of the Equipment Identifiers (UE). MTC-AAA helps send the Subscriber Information Retrieval (SIR) request to the Subscriber Information Server (SIS). When the SIR request is received from the MTC-AAA, then SIS initiates the checking process to determine the valid subscription of the legitimate mobile cloud user. The SIR includes the mobile cloud user’s identity that consists of IMSI. If identity of subscribed mobile cloud user is already stored in the SIS then, it sends the positive response to MTC-AAA and Location Locator Server (LLS) otherwise, request is declined by the SIS. As a result, negative message is forwarded to the MTC-AAA server. In case of the valid subscription, LLS is the responsible to find the location of the mobile cloud user. The LLS determines the trajactory of the mobile cloud user as

The transition probability is used to determine the distance from the original location of the moving mobile cloud user to its current location using the following property:

where : number of mobile cloud user; : Location; : trajectory; : state of the mobile cloud user Therefore, we can determine the exact current location to the mobile cloud user as:

Thus,

We introduce a generating function for the mobile cloud user when it initiates the handoff process as follows:

The service layer involves the Feature Integrating Server (FIS) that combines the General Packet Radio Service (GPRS), IMSI and stores the location updates. Furthermore, it supports to the Message Service Center (MSC) functionality in order to send and receive the Short Message Service (SMS) in the mobile cloud network. Efficient Route Finding Server (ERFS) gets the location update from the LLS to perform the proper routing. This helps choose the better routing path when initiating the handoff process. The LLS provides the updated information with the correct Mobility Management Entity (MME) identity for the specified mobile cloud subscriber specified. In addition, ERFS successfully determines the correct serving mobile cloud user based upon the LLS. MPS holds the profile of the registered mobile cloud users that provides the authentication process at the service layer. Furthermore, MPS stores the QoS information for the particular service and a specific subscriber. 2.3. Infrastructure Layer

Page 12 of 31

This layer provides the support for different types of services such as Web, videoconferencing, video-on-demand, Internet, fax, email, telephony, and voice over IP service. IMS applies the registration process to obtain the updated location information of the mobile cloud user. The IMS consists of a call session control function (CSCF) that is particularly used for generating the binding between the IP address of a mobile cloud user and a public user identity. The CSCF consists of the following components:    2.3.1.

Proxy-CSCF (P-CSCF) Serving-CSCF (S-CSCF) Interrogating-CSCF (I-CSCF) Proxy-CSCF (P-CSCF)

The session initiation protocol (SIP) proxy is the first point to be used for interrelation with the IMS terminal. PCSCF could be set as a part of either a foreign network or a home network. The P-CSCF involves a dedicated session border controller (DSBC) to set the user network interface. Hence, DSBC characteristics help secure the IMS terminal and network. IMS terminal finds its P-CSCF using either an IMS management object or dynamic host configuration protocol (DHCP). P-CSCF is allotted to the IMS terminal prior to registration process and is not changed during the registration process. P-CSCF is responsible for accepting the encrypted signal and rejecting the unencrypted signal. Moreover, P-CSCF holds the policy decision function (PDF) that maintains the quality of service (QoS) of media resources. The PDF manages the bandwidth utilization efficiently. 2.3.2.

Serving- CSCF

The serving-CSCF performs session control and is set in the home network. It is responsible for maintaining the registration status of the mobile cloud users and setting the timer. The serving-CSCF consists of two important features. First, it interfaces to download the mobile cloud user’s profiles and generates the association. Second, it sits on the trajectory of signaling messages for the locally registered mobile cloud users and also screens out all traffic. S-CSCF makes decisions regarding the handover of the application to the SIP messages to provide the services. Furthermore, S-CSCF does the jobs of routing and overseeing the network operator’s policy. 2.3.3.

Interrogating-CSCF

The interrogating-CSCF performs a job as another SIP protocol. I-CSCF shares it identity with the domain name system (DNS). As a result, I-CSCF obtains the support of two additional components—the service record (SRV record) and name authority pointer (NAPTR)—to find the remote servers; the registration process for SIP packets can then be much easier. SRV records specify the data in a DNS that locates the hostname and port number of the specific services when a mobile cloud user attempts the handoff process. The NAPTR supports Internet telephony for mapping the mobile cloud user addresses and servers in SIP. I-CSCF is also responsible for forwarding the SIP request to the S-CSCF to rejuvenate the exiting registration process and also notifies the network regarding the updated situation of the mobile cloud user. Consequently, the mobile cloud user successfully completes the reregistration process. The re-registration activation process consists of two phases: Re-Registration for Change Capabilities (CCRR) and Periodic Re-Registration (PRR). Once, a registration process is completed, then The PRR and CCRR send the message to service layer for the authentication process. We determine the consumed energy during the registration process. Assume the consumed energy in these processes depend on the coding , modulation approaches and given by number of used sub-frames . Therefore, energy consumed for updated request

Where

Page 13 of 31

The number of actions

are mandatory for updating the each check point. Thus, the energy consumption

for each updated check point

given by

IMS updated event comprises of CCRR. Therefore, updated check point obtains CCRR. The probability density properties for updated check point can be calculated as

Let us assume that ‘Ψ’ is the number of PRR events times for two updated check points. Thus, IMS updated location can be expressed as

Time consumed for updated ‘t’ event can be calculated as

Therefore, we can infer that probability of obtained as

due to two updated check points, which can be

And the number of expected PRR events times for two updated check points

Thus, the energy cost

can be calculated as

of PRR event can be obtained as

Page 14 of 31

Total energy cost

for session establishment and IMS can be calculated as

2.4. Media Layer This layer offers the media-related functionalities such as organization of voice streams and playing of tones including the handling the seamless fast handoff process. The media layer consists of the media resource broker (MRB) and media resource function controller (MRFC). The MRFC performs as a media plane node to mix and process the media streams. It also controls the shared resources. The MRB handles suitable existing media resource function (MRF) information and carries appropriate MRF information to the intervening the component such as the authentication server. The MRB includes the in-line mode and query mode. In the query mode, MRB establishes the call by obtaining the response of the in-line mode and MRF. The MRB is responsible for sending the SIP request to the MRB. Additionally, the handoff process is managed in this layer. The MRB and MRFC are interconnected with IPv6 to guarantee the handoff process. Furthermore, the MRB is connected to the dynamic host configuration protocol (DHCP) server to support the handoff process depicted in Figure 3. 2.4.1.

Seamless Fast handoff

The mobile cloud user changes rapidly from its respective home domains. As a result, it suffers due to handoff packet loss and latency when no mobile IP protocol is used to handle this serious condition. By controlling this critical situation when mainly accessing the cloud environment, we propose fast seamless handoff mobile IPv6 (FSHIPv6), which supports localized mobility management (LMM). This protocol reduces the signaling load due to node mobility. FSHIPv6 contains the mobility management features inside the local domain managed by a mobility anchor point (MAP). The proposed architecture emphasizes dipping the signaling load within the intra domain (same domain) in the case of handoff. This improves the handoff performance by reducing the handoff latency and packet loss. Once a mobile cloud user is in the handoff process, the reregistration process is performed. Reregistration is triggered by two states: First, periodic reregistration (PRR) sometimes informs the “active” state of the mobile cloud user to the home network to avoid the termination of the set registration timer between the mobile cloud user and the home network. Second, reregistration for change capabilities (RRCC) is initiated when the mobile cloud user changes its features. Mostly in the second condition, the mobile cloud user moves and links to another entry point of the network. Thus, the registration process is originated. The PRR aims to identify whether the mobile cloud user is still registered with the home network. In this state, the home network begins the reregistration process because the registration timer is timed out. The RRCC aims to intimate the change in the location of the mobile cloud user to the network. The former is triggered periodically by the timer, and the latter is applied when fluctuating the parameters. Both the PRR and RRCC require restoration of the registration timer of the mobile cloud user, so the mobile cloud user should be enabled to initiate a new session. In our proposed fast handoff process, the IMS layer helps identify the mobile cloud user’s current registration status, which is entirely different from conventional networks. Thus, the smart cellular user is assured to gain access to Internet services including features such as instant messaging, social networking, online gaming, weather updates, Internet TV, document processing and remote Web applications in the mobile cloud computing environment.

Page 15 of 31

The events of recovering the cloud services also stipulate the registration status of mobile cloud users. Hence, IMS helps refresh the registration timer during the session establishment when accessing the cloud service server, which can reduce the PRR times. As a result, the mobile cloud user is enabled to save the time caused by whatever can save the power of the mobile periodic reregistration. 3.

Experimental Results and Analysis

To validate the performance of the proposed secure, energy-efficient and quality-of-service-supported serviceoriented architecture, the complete model is programmed using C++ coding and altered to be supported on GreenCloud. The GreenCloud simulator is installed on Ubuntu 16.04 operating system. The experiments are performed on a laptop PC with a 3.0 GHz Pentium Dual Core CPU and 6 GB of RAM. The test machine uses the 32-bit version of Windows 10. We generated a scenario identical to the real-time environment. The network size consists of 1600 × 1600 m2. We use 1830 chassis switches, 1424 line cards and 52 ports in the application layer. At the IMS layer, 230 chassis switches, 150 line cards and 52 ports are used. The cloud computing environment consists of 50 servers with no more than 14,000 mobile cloud users and frequently performs handoffs. Each mobile cloud user performs no more than 16 handoff processes. Each handoff process takes places between 1–5 min within the intra domain. Eight and 125 racks are used in the application and IMS layers, respectively. Each rack supports 118 hosts, and each host has a support of 8 processors with 132 GB of memory, 360 GB of storage and a 248 GB virtual disk. Different bandwidths are set for each layer with 240 GB, 80 GB, 15 GB, and 5 GB for the application layer, IMS layer, communication layer and media and connectivity layer, respectively. We used a priority queue with drop tail for buffering the packets. However, queue delay is negligible and cannot affect the transmission, but the burst time and idle time are set to 620 ms and 32 ms, respectively. The packet size is set to 1250. We analyzed the performance of the proposed secure seamless fast handoff based on the energy-efficient and quality-of-service-supported service-oriented architecture and compared it with well-known service-oriented architectures designed for mobile cloud computing: Dual Mode Self-Adaption Handoff (DMSAH) [28], Integrated Multi-Service Handoff (IMSH) [29], service-oriented Analytical Performance Model (SOAPM) [30], Proxy-based Seamless Connection Management Method (PSCMM) [31] and Handoff Strategy for Improving Energy Efficiency (HSIEE) [32]. Based on the experimental results, the collected data have been used in MATLAB to draw the graphs for the following parameters.    

Malicious Node Detection Probability Bandwidth Utilization Energy Consumption Reliable Data Access

3.1. Malicious Node Detection Probability Recently, the security of mobile cloud computing has been under a high level of threat, leading to security breaches. In Figure 4, we show the malicious detection capacity of our proposed approach SSFH compared with other competing approaches. In this experiment, when the number of malicious mobile cloud users increases, the malicious node detection probability starts to decrease. However, our proposed approach has an advantage over other competing approaches: in our approach, the node detection probability decreases by only 5.4% with 108 malicious mobile cloud users, whereas in other competing approaches, the malicious node detection probability decreases by 10.9–18.2%. Thus, the results demonstrate that our approach is much better than the other approaches. The reason behind the better performance is the use of a strong authentication process via the strong secure authentication algorithm that not only protects different type of services but also secures the encryption key that is fragmented and stored on different cloud servers. Thus, it is much more difficult for an attacker to collect all fragmented pieces to gain access to cloud services. However, if any malicious user attempts to gain access, it will be identified as an attacker because the collected pieces would not match the actual key size and description. In this case, the mobile cloud user gains access to the cloud servers, which would not be allowed by a role manager server that performs a dual authentication process to determine the legal status of the mobile cloud user. If the user is not

Page 16 of 31

legitimate, there is no record available in the insertion user profile, which will be identified as malicious. These are the factors that helped our approach determine the malicious mobile users. Existing approaches either use no proper authentication process or deploy weak authentication methods that can protect the ordinary network but cannot be suited for the mobile cloud computing environment [33–34].

3.2. Bandwidth Utilization Here, we observe the bandwidth utilization of our proposed method SSFH and compared DMSAH, IMSH, SOAPM, PSCMM and HSIEE. As shown in Figures 5–6. The realization of our proposed method is demonstrated in the obtained results, which are relatively similar to the realistic environment. Based on the results, we observed that SSFH uses minimal bandwidth consumption compared with the other competing approaches when initiating the handoff process. In the results, we notice that when the number of the mobile cloud users increases, the bandwidth consumption also increases. Thus, the bandwidth consumption is directly proportional to the number of mobile cloud users. SSFH consumes 52.1% bandwidth of the entire allotted bandwidth with no more than 9000 mobile cloud users, whereas other contending approaches use 60.3% to 94.3% of the bandwidth. When increasing the number of mobile cloud users to 13,500, our approach utilizes 56.3% of the bandwidth, whereas the other approaches consumed 74.3–99.3%. SOAPM is highly affected from the bandwidth consumption point of view. The reason behind the performance improvement in our approach is a shorter registration process compared with other approaches using the longer registration process and the deficiency of the limited mobility management features. As a result, other methods consume more bandwidth during the handoff process. The beauty of SSFH is the use of the policy enforcement module, which sets the policy for each mobile cloud user when initiating the handoff process. Furthermore, it has the support of media- and connectivity-related functionalities such as grouping of the voice streams and playing of tones including a fast, seamless process that handles the shared resources. As a result, unnecessary bandwidth utilization is avoided in our approach. 3.3. Energy Consumption Energy consumption is one of the serious problems that reduces the lifetime of the network and affects the efficiency of the mobile cloud user and the running of applications on the cloud [35–38]. In Figures 7-8, we show the energy consumption of SSFH and other competing handoff-supported approaches. Based on the results, we perceived that energy consumption increased as the number of mobile cloud users increased. SSFH consumes less energy overall compared with DMSAH, IMSH, SOAPM, PSCMM and HSIEE, as depicted in Figure 7. However, minor limitation is noticed in our approach; when few mobile cloud users initiate the handoff, then our approach utilizes slightly higher energy consumption, but this impact cannot degrade the overall performance of our approach. In real life, we do not introduce any approach for the fewer number of mobile cloud users. Therefore, our approach supports the maximum number of mobile cloud users. SSFH consumes 34.43 out of 50 J after completion of 5000 rounds, and an average 12–16 handoff processes are initiated by each mobile cloud user, whereas 35.1–42.3 J are consumed by other competing approaches after completion of the same number of rounds and handoff processes. The reason for the reduced energy consumption in our case is the use of a location update server, which is responsible for initiating the reregistration process after the handoff process. The reregistration activation process involves two stages: reregistration for change capabilities and periodic reregistration. Both stages are supported with the energy-aware model to determine in advance the number of initiated handoff processes by mobile cloud users. As a result, Infrastructure obtains the updated request and then sets the timer accordingly. Therefore, less energy is consumed. 3.4. Reliable Data Delivery When mobile cloud users initiate the handoff process, reliable data delivery is of high importance because there is ample possibility of dropping the data once the handoff is initiated. We show the reliable data delivery of SSFH and other competing handoff process approaches. Based on the results, we observed that SSFH has almost steady progress in reliable data delivery, which is between 99.1 and 99.8% with 9000 mobile cloud users and 12–16 handoff processes as depicted in Figure 9. The other competing approaches have lower reliable data delivery rates between 97.7 and 99.2%. In Figure 9, we increase the number of mobile cloud users to 13,500; data delivery is marginally affected by using our approach, between 98.9 and 99.6%, compared with other approaches in which the data delivery rate is between 95.4 and

Page 17 of 31

99.2% with the same number of mobile cloud users. The statistical data proved that the other approaches are not proficient as the number of mobile cloud users increases.

4.

Related Work

In this section, the salient features of the interesting contributions are discussed. The mobile cloud computing is getting high popularity due to its movable and utility features. However, it faces several challenges including handoff process that is the critical and performance-effective problem particularly in the mobile cloud computing environment. As a result, QoS provisioning and energy efficiency are greatly affected. Handling the mobile multimedia cloud service over the heterogeneous wireless network, Liao et.al [29] proposed dual mode self-adaption handoff mechanism for the mobile cloud computing in order to improve the handoff quality and reducing the bandwidth consumption. However, their results show that just improved a few seconds in the parsing time of the Real-time Transport Protocol (RTP) when executed the proposed algorithm during the handoff process. The algorithm has very little impact on the overall performance of the mobile device when initiating the handoff process. The faster speed has a negative impact on the performance of the mobile device when initiating the handoff, Qi et al [30] introduced an improved multi-service handoff mechanism for reducing the redundant signaling problem in the mobile cloud computing that degrades the performance. The proposed mechanism is based on the list method that involves Session Initiate Protocol (SIP) which makes an executable all the services during the handoff. The results demonstrate that multi-service handoff mechanism efficiently saved the energy consumption during the seamless handoff. On the other hand, the proposed mechanism cannot be more effective while considering the rapidly growing the number of the mobile devices in the cloud computing. There is the possibility of the data-loss and additional power consumption when mobile devices start the handoff process at the same time. The performance-prediction is of the paramount significance for measuring the performance when frequently handoff processes occur in the mobile cloud computing. Thus, handling this issue, Raei et al. [31] introduced the Markov reward approach and presented closed-form solutions of the sub-models to deal with this issue. The approach involves two features: request rejection probability and mean-response delay. However, some assumptions cannot be fit with the real world situation. In addition, the proposed model ignored the cost of provisioning in the public cloud. Another problem that mobile device experiences in the handoff process is when the number of mobileconnections increase with the mobile cloud server. As the result, the mobile handoff connection quality has to be declined that causes the several performance-effecting problems such as the network delay, retransmission, latency etc. Lee et al. [32] proposed proxy-based architecture to improve the link quality for each mobile handoff in the cloud computing. The experimental results demonstrated better performance than 802.11 access method. However, the approach consumed additional energy. Sateesh K. Peddoju [34] introduced the Multi-Criteria Decision Making (MCDM) TOPSIS method to reduce the energy consumption during the handoff process. The approach applied the priority-based algorithm to choose priority-driven sources that helps reduce the energy consumption. Furthermore, the approach suggested to use seamless handoff for creating the tradeoff between energy consumption and QoS provisioning. The mobility management protocol is an important for the support of the real-time services such as VoIP, streaming, and interactive game playing. Thus, Ryu et.al [38] proposed the Fast Mobility Handoff Internet Protocol v6 (FHIPv6) to improve the handoff and use the network resources efficiently. The proposed approach is partially compared with standard Mobile Internet Protocol v6 (MIPv6) so that it is harder to admit the effectiveness of the proposed approach. The mobile authentication during the handoff process is the vital in the mobile cloud computing. Xu et al. [40] proposed a new authentication scheme during the handover process. The scheme includes new option that helps the mobile users to handoff anonymously and leave no trace. The security and performance analysis show that the scheme has a positive impact for guaranteeing the secure mobile handoff for the cloud computing. The scheme also attempted to reduce the time-complexity. However, an additional energy is consumed. The lower end-to-end delay is one of the requirements for improving the QoS in the mobile cloud computing. When the service is executed in the cloud clone, the data transfer between the mobile terminal (MT) and its clone require the low end-to-end communication delay. However, it is difficult to predict the speed and direction of an MT in a timely fashion. Thus, the service handoff between different Access Points (APs) may cause the long handoff delay.

Page 18 of 31

To overcome this issue, Zhen et al. [41] proposed the Seamless Service Handoff Based on Delaunay Triangulation (SSHDT) to minimize the end-to-end delay for the mobile cloud computing. The approach also attempted to reduce the storage cost when handoff is frequently occurring. On the other hand, the proposed approach suggested to deploy different access technologies for the APs. Therefore, it is not easy to use different technologies for each seamless mobile cloud computing handoff process. All the existing approaches in the literature either attempted to handle the handoff process by reducing the energy consumption or improved the link quality during the mobility. Our proposed approach introduces the service-oriented architecture that is particularly designed for secure handoff process. The architecture involves the four layers: application, service, infrastructure and media. These layers collectively perform different functionalities at each layer in order to provide an energy efficient and the QoS provision handoff process. Furthermore, it consists of the policy-enforcement manager that helps determine the malicious IP-enabled mobile cloud user to avoid any serious damage at the media layer. 5.

Conclusion

A secure energy-efficient quality-of-service-supported service-oriented architecture is proposed for a fast, seamless handoff process for the mobile cloud computing environment. The proposed paradigm consists of dual authentication method and four layers: application, service, infrastructure and media. The application layer consists of two components: secure authentication server and role-based management server. The secure authentication server confirms the authenticity of the mobile cloud user prior to assigning the access to mobile cloud servers. The role-based management provides the features that support to access control (e.g., encryption, decryption, assignment, management, insertion and deletion). All of these features provided fully encrypted data outsourcing and reduce the possibility of attacks on data delivery. The service layer provides secure authentication to prevent illegitimate users from gaining access to the cloud computing environment and impersonating the legitimate mobile cloud users. The infrastructure layer handles the faster reregistration process to avoid unexpected delays and data loss. Furthermore, the infrastructure layer involves an energy-efficient detection model to determine the energy of each node when initiating the handoff process. The media layer particularly handles the intra-domain fast seamless handoff process and reduces the occurrence of extended delays during the handoff. The architecture is implemented using C++, and coding is converted to the object tool command language (OTCL) run on the GreenCloud platform. The results confirm the validity of our proposed SSFH and comply with QoS, energy efficiency and security parameters. The main goal of the model is to achieve the objectives of handoff processes that are almost accomplished. The results confirm that the proposed SSFH gains 5.5–12.8% higher malicious node detection and consumes 8.2– 42.2% less bandwidth than other competing approaches. In addition, SSFH consumes 0.67–7.87% less energy in 5000 rounds with an average number of 12–16 handoff processes and produces a 0.7–1.4% higher data delivery rate compared with other approaches. The results demonstrate that our proposed paradigm designed for the mobile cloud handoff process could be the best option for mobile cellular phones when initiating the handoff process in the cloud computing environment for improving the QoS, energy efficiency, reliability and security perspectives.

REFERENCES: 1. 2. 3. 4. 5. 6. 7. 8.

Razaque, Abdul, and Syed S. Rizvi. "Triangular data privacy-preserving model for authenticating all key stakeholders in a cloud environment." Computers & Security 62 (2016): 328-347. Shiraz, Muhammad, Abdullah Gani, Rashid Hafeez Khokhar, and Rajkumar Buyya. "A review on distributed application processing frameworks in smart mobile devices for mobile cloud computing." Communications Surveys & Tutorials, IEEE 15, no. 3 (2013): 1294-1313. Simoens, Pieter, Filip De Turck, Bart Dhoedt, and Piet Demeester. "Remote display solutions for mobile cloud computing." IEEE Internet Computing 13, no. 5 (2009). Choi, Min, Jonghyuk Park, and Young-Sik Jeong. "Mobile cloud computing framework for a pervasive and ubiquitous environment." The Journal of Supercomputing 64, no. 2 (2013): 331-356. Samad J, Loke SW, Reed K. Mobile Cloud Computing. Cloud Services, Networking, and Management. 2015:153-90. Nkosi MT, Mekuria F. Cloud computing for enhanced mobile health applications. InCloud Computing Technology and Science (CloudCom), 2010 IEEE Second International Conference on 2010 Nov 30 (pp. 629-633). IEEE. Ryu, Seonggeun, Kyunghye Lee, and Youngsong Mun. "Optimized fast handover scheme in Mobile IPv6 networks to support mobile users for cloud computing." The Journal of Supercomputing 59, no. 2 (2012): 658-675. Lee, DaeWon, HwaMin Lee, DooSoon Park, and Young-Sik Jeong. "Proxy based seamless connection management method in mobile cloud computing." Cluster computing 16, no. 4 (2013): 733-744.

Page 19 of 31

9. 10. 11. 12. 13. 14. 15. 16. 17.

Ferretti, Stefano, Vittorio Ghini, Fabio Panzieri, and Elisa Turrini. "Seamless support of multimedia distributed applications through a cloud." In Cloud Computing (CLOUD), 2010 IEEE 3rd International Conference on, pp. 548-549. IEEE, 2010. Sardis, Fragkiskos, Glenford E. Mapp, Jonathan Loo, Mahdi Aiash, and Alexey Vinel. "On the investigation of cloud-based mobile media environments with service-populating and QoS-aware mechanisms." IEEE transactions on multimedia (2013). Chen, Yuh‐Shyan, and Kun‐Lin Wu. "A cross‐layer partner‐assisted handoff scheme for hierarchical mobile IPv6 in IEEE 802.16 e systems." Wireless Communications and Mobile Computing 11, no. 4 (2011): 522-541. Chiu, Kuan‐Lin, Yuh‐Shyan Chen, and Ren‐Hung Hwang. "Seamless session mobility scheme in heterogeneous wireless networks." International Journal of Communication Systems 24, no. 6 (2011): 789-809. Zhu, Kun, Dusit Niyato, Ping Wang, Ekram Hossain, and Dong In Kim. "Mobility and handoff management in vehicular networks: a survey." Wireless communications and mobile computing 11, no. 4 (2011): 459-476. Y. Juhye and K. Jinsul, “The advanced Korea-computer access assessment system (K-CAAS) on smart mobile cloud environment”. Multimedia Tools and Applications, vol. 31, (2014), pp. 128-136. Qi, Qi, Jianxin Liao, and Yufei Cao. "Cloud service-aware location update in mobile cloud computing." Communications, IET 8, no. 8 (2014): 1417-1424. Zhang, Haijun, Chunxiao Jiang, Julian Cheng, and Victor Leung. "Cooperative Interference Mitigation and Handover Management for Heterogeneous Cloud Small Cell Networks." arXiv preprint arXiv:1504.08076 (2015). Mayuri, K., and K. S. Ranjith. "ANovel SECURE HANDOVER MECHANISM IN PMIPV6 NETWORKS." International Journal of Information Technology Convergence and Services 4, no. 4 (2014): 1.

18. Huerta-Canepa, Gonzalo, and Dongman Lee. "A virtual cloud computing provider for mobile devices." In Proceedings of the 1st ACM Workshop on Mobile Cloud Computing & Services: Social Networks and Beyond, p. 6. ACM, 2010.

19. Yang, Zhen, Xing Liu, Zhongwei Hu, and Chaowei Yuan. "Seamless Service Handoff Based on Delaunay Triangulation for Mobile Cloud Computing." Wireless Personal Communications (2014): 1-15.

20. Bellavista, Paolo, Giuseppe Carella, Luca Foschini, Thomas Magedanz, Florian Schreiner, and Konrad Campowsky. "QoS-aware 21. 22. 23.

24. 25. 26. 27. 28. 29. 30. 31. 32. 33. 34. 35. 36. 37. 38.

elastic cloud brokering for IMS infrastructures." In Computers and Communications (ISCC), 2012 IEEE Symposium on, pp. 000157000160. IEEE, 2012. Kumar K, Lu YH. Cloud computing for mobile users: Can offloading computation save energy?. Computer. 2010 Apr 1(4):51-6. Zissis D, Lekkas D. Addressing cloud computing security issues. Future Generation computer systems. 2012 Mar 31;28 (3):583-92. Rizvi S, Razaque A, Cover K. Cloud Data Integrity Using a Designated Public Verifier. InHigh Performance Computing and Communications (HPCC), 2015 IEEE 7th International Symposium on Cyberspace Safety and Security (CSS), 2015 IEEE 12th International Conferen on Embedded Software and Systems (ICESS), 2015 IEEE 17th International Conference on 2015 Aug 24 (pp. 1361-1366). IEEE Bifulco, Roberto, and Roberto Canonico. "Analysis of the handover procedure in Follow-Me Cloud." In CLOUDNET, pp. 185-187. 2012. Yang, Zhen, Xing Liu, Zhongwei Hu, and Chaowei Yuan. "Seamless Service Handoff Based on Delaunay Triangulation for Mobile Cloud Computing." Wireless Personal Communications (2014): 1-15. Jiang, Yiming, Xiaodong Hu, and Sen Wu. "Transformation Matrix for Time Discretization Based on Tustin’s Method." Mathematical Problems in Engineering 2014 (2014). N. Nasser, A. Hasswa, and H. Hassanein, “Handoffs in fourth generation heterogeneous networks,” IEEE Commun. Mag., vol. 44, no. 10, pp. 96–103, 2006. Liao, Jianxin, Qi Qi, Jing Wang, Jingyu Wang, and Yufei Cao. “A Dual Mode Self-Adaption Handoff for Multimedia Services in Mobile Cloud Computing Environment.” Multimedia Tools and Applications 75, no. 8 (2016): 4697–4722. doi:10.1007/s11042-0152498-4. Qi, Qi, Jianxin Liao, Jingyu Wang, Jing Wang, Qi Li, and Yufei Cao. “Integrated Multi-Service Handoff Mechanism with QoSSupport Strategy in Mobile Cloud Computing.” Wireless Personal Communications 87, no. 2 (2016): 593–614. doi:10.1007/s11277016-3210-3. Raei, Hassan, and Nasser Yazdani. “Analytical Performance Model for Mobile Network Operator Cloud.” The Journal of Supercomputing 71, no. 12 (2015): 4555–77. doi:10.1007/s11227-015-1551-4. DaeWon Lee·HwaMin Lee·DooSoon Park· Young-Sik Jeong “Proxy based seamless connection management method in mobile cloud computing.” Cluster Comput (2013) 16:733–744. doi: 10.1007/s10586-013-0249-8 Ravi, Anuradha, and Sateesh K. Peddoju. “Handoff Strategy for Improving Energy Efficiency and Cloud Service Availability for Mobile Devices.” Wireless Personal Communications 81, no. 1 (2015): 101–32. doi:10.1007/s11277-014-2119-y. Alizadeh, Mojtaba, Saeid Abolfazli, Mazdak Zamani, Sabariah Baharun, and Kouichi Sakurai. "Authentication in mobile cloud computing: A survey."Journal of Network and Computer Applications 61 (2016): 59-80. Chow, Richard, Markus Jakobsson, Ryusuke Masuoka, Jesus Molina, Yuan Niu, Elaine Shi, and Zhexuan Song. "Authentication in the clouds: a framework and its application to mobile users." In Proceedings of the 2010 ACM workshop on Cloud computing security workshop, pp. 1-6. ACM, 2010. Miettinen, Antti P., and Jukka K. Nurminen. "Energy Efficiency of Mobile Clients in Cloud Computing." HotCloud 10 (2010): 4-4. Othman, Mazliza, Sajjad Ahmad Madani, and Samee Ullah Khan. "A survey of mobile cloud computing application models." IEEE Communications Surveys & Tutorials 16, no. 1 (2014): 393-413. Kumar, Karthik, and Yung-Hsiang Lu. "Cloud computing for mobile users: Can offloading computation save energy?." Computer 43, no. 4 (2010): 51-56. Razaque, Abdul, and Khaled M. Elleithy. "Energy-efficient boarder node medium access control protocol for wireless sensor networks." Sensors 14, no. 3 (2014): 5074-5117

Page 20 of 31

39. Ryu, Seonggeun, Kyunghye Lee, and Youngsong Mun. “Optimized Fast Handover Scheme in Mobile IPv6 Networks to Support Mobile Users for Cloud Computing.” The Journal of Supercomputing 59, no. 2 (2012): 658–75. doi:10.1007/s11227-010-0459-2.

40. Yang, Xu, Xinyi Huang, and Joseph K. Liu. “Efficient Handover Authentication with User Anonymity and Untraceability for Mobile Cloud Computing.” Future Generation Computer Systems 62 (September 2016): 190–95. doi:10.1016/j.future.2015.09.028.

41. Yang, Zhen, Xing Liu, Zhongwei Hu, and Chaowei Yuan. “Seamless Service Handoff Based on Delaunay Triangulation for Mobile Cloud Computing.” Wireless Personal Communications, 2014, 1–15. doi:10.1007/s11277-014-2229-6.

Page 21 of 31

FIGURE CAPTIONS

Fig. 1. Secure and quality-of-service-supported service-oriented architecture for mobile cloud handoff Fig. 2. Secure authentication process for mobile cloud computing

Fig. 3. Figure 3: Dynamic Host Control Protocol with policy enforcement module supporting the seamless fast handoff process Fig: 4. Malicious node detection probability of SSFH and comparison with DMSAH, IMSH, SOAPM, PSCMM and HSIEE Fig 5: Bandwidth utilization of proposed SSFH and other competing approaches with 9000 mobile cloud users Fig 6: Bandwidth utilization of proposed SSFH and other competing approaches with 18000 mobile cloud users Figure 7: Energy consumption of proposed SSFH and other contending approaches Figure 8: Reliable data delivery of proposed SSFH and other contending approaches with 9000 mobile cloud users Figure 9: Reliable data delivery of proposed SSFH and other contending approaches with 18000 mobile cloud users

Page 22 of 31

BS

CLOUD SERVERS

BS

RMS BS SSFMH

BS

SAS1

SAS2

SAS3

SASN

APPLICATION LAYER

BS

LLS

DPI IPSec

I-GW P-GW

FIRE WALL

FIS

INTERNET

RNC

SIS

MTC-AAA

PCRF

S1

MME

-M

M

E

BS

SAS (Main)

ERFS

MPS

SERVICE LAYER

SGSN

S-CSCF

I-CSCF P-CSCF

MSC

INFRASTRUCTURE LAYER

GGSN

CIRCUIT SWITCHED REALM

CTM

Media Server

IMSMG

IPv6

MRB

MRFC

SS7

MGCF BGCF CIRCUIT SWITCHED REALM SIP/RTP VOIP

MRF

DHCP

MEDIA LAYER Fig.1.

Page 23 of 31

Start

Mobile Cloud User

No

Redirects the request for authentication

Denied cloud service access

Subscriber Information Server

Is authentication key matching with fragmented key?

Main Authentication Server

Yes

Is mobile cloud user legitimate?

Unauthorized mobile cloud user

Issued Authentication token

Fragmented Key-1 at Authenticated server-1

No

Authentication token is not issued

Request

Key-3 at Cloud Sever-3

Fragmented Key-2 at Authenticated server-2

Fragmented Key-3 at Authenticated server-3

Fragmented Key-n at Authenticated server-n

Yes

Granted cloud server access

Stop

Fig.2.

Page 24 of 31

Relayed DHCP Router-1 Discovery Process (2)

Router-2

DHCP Offer Process (3)

DHCP Offer Process (4)

Internet

Call Admission Control

DHCP Module

Information Storage Communication Module

Policy Enforcement Module

Call Admission Control

DHCP Module

Information Storage Communication Module

Policy Enforcement Module

Relay DHCP offer(5) Access Point-2 Access Point-1 C8A 9

IP Address of DHCP

Mobile Cloud Channel User Control Utilization

Fast Seamless Handoff parameters with Internet Protocol Version-6

DHCP Discovery Process(1)

IP Address of DHCP

C8A 9

Mobile Cloud Channel User Control Utilization

Fast Seamless Handoff

Intra Domain-1

Intra Domain-2

Fig.3.

Page 25 of 31

100 98

Malicious Detection Probability [%]

96 94 92 90 88 86

SSFH IMSH DMSAH

84

HSIEE SOAPM

82 80

PSCMM 0

11

22 33 44 55 66 77 88 Number of Malicious Mobile Cloud Users

99

Fig.4.

Page 26 of 31

100 90

Bandwidth Consumption [%]

80 70 60 50 40 30

SSFH IMSH DMSAH

20

HSIEE SOAPM

10 0

PSCMM 0

1000

2000

3000 4000 5000 6000 7000 Number of Mobile Cloud Users

8000 9000

Fig.5.

Page 27 of 31

Fig.6.

Page 28 of 31

Fig.7.

Page 29 of 31

Fig.8.

Page 30 of 31

15-20: An average number of handoff performed by each mobile cloud user 100 99 98

Reliable Data Access [%]

97 96 95 94 93

SSFH IMSH DMSAH

92

HSIEE SOAPM

91 90

PSCMM 0

2000

4000

6000 8000 10000 12000 14000 16000 18000 Number of Mobile Cloud Users Fig.9.

Page 31 of 31