A secure and cost-efficient offloading policy for Mobile Cloud Computing against timing attacks

In Mobile Cloud Computing (MCC), offloading is a popular technique proposed to augment the capabilities of mobile systems by mitigating complex computation to resourceful cloud servers. While this may be beneficial from the performance and energy perspective, it certainly exhibits new challenges in terms of security due to increased data transmission over networks with potentially unknown threats. Among possible security issues are timing attacks which are not prevented by traditional cryptographic security. Timing attacks belong to side channel attacks in which the attacker attempts to compromise a system by analyzing the time it takes to respond to various queries. Offloading is particularly vulnerable to timing attacks because it often needs many times sending/receiving. This paper considers the specific threat of timing attacks against MCC systems. We present and evaluate a secure and cost-efficient offloading scheme which is the combination of regular rekeying and random padding. In order to proceed to a quantitative treatment, a hybrid Continuous-time Markov chain (CTMC) and queueing model is put forward, and the tradeoff analysis of the security and performance attributes is carried out. We propose security metrics which system architects need to make informed tradeoff decisions involving system security. The numerical results based on experimental data show that the security performance tradeoff is improved through the proposed scheme. Further, we found that the variance of random delays is the primary influencing factor to the mitigation effectiveness of random padding and that the extra number of measurements an attacker has to make grows linearly with the standard deviation of the random delays.