From cellular networks to mobile cloud computing: security and efficiency of smartphone systems.

In my first year of my Computer Science degree, if somebody had told me that the few years ahead of me could have been the last ones of the so-called PC-era, I would have hardly believed him. Sure, I could imagine computers becoming smaller, faster and cheaper, but I could have never imagined that in such a short time the focus of the market would have so dramatically shifted from PCs to personal devices. Today, smartphones and tablets have become our inseparable companions, changing for the better numerous aspects of our daily life. The way we plan our days, we communicate with people, we listen to music, we search for information, we take pictures, we spend our free time and the way we note our ideas has been totally revolutionized thanks to them. At the same time, thanks also to the rapid growth of the Cloud Computing based services, most of our data and of the Internet services that we use every day are just a login-distance away from any device connected to the Internet that we can find around us. We can edit our documents, look our and our friends’ pictures and videos, share our thoughts, access our bank account, pay our taxes using a familiar interface independently from where we are. What is the most fascinating thing is that all these new possibilities are not anymore at the hand of technically-savvy geeks only, but they are available to newer and older generations alike thanks to the efforts that recently have been put into building user interfaces that feel more natural and intuitive even to totally unexperienced users. Despite of that, we are still far from an ideal world. Service providers, software engineers, hardware manufacturers and security experts are having a hard time in trying to satisfy the always growing expectations of a number of users that is steadily increasing every day. People are always longing for faster mobile connectivity at lower prices, for longer lasting batteries and for more powerful devices. On top of that, users are more and more exposed to new security threats, either because they tend to ignore even the most basic security-practices, or because virus writers have found new ways to exploit the now world-sized market of mobile devices. For instance, more people accessing the Internet from their mobile devices forces the existing network infrastructure to be continuously updated in order to cope with the constantly increase in data consumption. As a consequence, AT&T’s subscribers in the United States were getting extremely slow or no service at all because of the mobile network straining to meet iPhone users’ demand [5]. The company switched from unlimited traffic plans to tiered pricing for mobile data users in summer 2010. Similarly, Dutch T-Mobile’s infrastructure has not been able to cope with intense data traffic, thus forcing the company to issue refunds for affected users [6]. Another important aspect is that of mobile security. Around a billion of people today have their personal information on Facebook and half of them access Facebook from their mobile phone [7]; the size of the online-banking in America has almost doubled since 2004, with 16% of the American mobile users conducting financial-related activities from their mobile device [8]; on 2010, customers spent one billion of dollars buying products on Amazon via mobile devices [9]. These numbers give an idea of the amount of people that today could find themselves in trouble by not giving enough care into protecting their mobile device from unauthorized access. A distracted user who loses his phone, or just forgets it in a public place, even if for a short time only, could allow someone else to get unrestrained access to his online identity. By copying the contents of the phone, including passwords and access keys, an attacker could steal money from the user’s bank account, read the user’s emails, steal the user’s personal files stored on the cloud, use the user’s personal information to conduct scams, frauds, and other crimes using his name and so on. But identity theft is not the only security problem affecting mobile users. Between 2011 and 2012, the number of unique viruses and malwares targeting mobile devices has increased more than six times, according to a recent report [10]. Typically, these try to get installed in the target device by convincing the user to download an infected app, or by making them follow a link to a malicious web site. The problems just exposed are major issues affecting user’s experience nowadays. We believe that finding effective, yet simple and widely adoptable solutions may require a new point of view, a shift in the way these problems are tackled. For these reasons, we evaluated the possibility of using a hybrid approach, that is, one where different technologies are brought together to create new, previously unexplored solutions. We started by considering the issues affecting the mobile network infrastructure. While it is true that the usage of mobile connectivity has significantly increased over the past few years, it is also true that socially close users tend to be interested in the same content, like, the same Youtube videos, the same application updates, the same news and so on. By knowing that, operators, instead of spending billions [11] to update their mobile network, could try an orthogonal approach and leverage an ad-hoc wireless network between the mobile devices, referred to in literature as Pocket Switched Networks [12]. Indeed, most of the smartphones on the market today are equipped with short-ranged radio interfaces (i.e., Bluetooth, WiFi) that allow them to exchange data whenever they are close enough to each other. Popular data could be then stored and transferred directly between devices in the same social context in an ad-hoc fashion instead of being downloaded multiple times from the mobile network. We therefore studied the possibility of channeling traffic to a few, socially important users in the network called VIP delegates, that can help distributing contents to the rest of the network. We evaluated VIP selection strategies that are based on the properties of the social network between mobile devices users. In Chapter 2, through extensive evaluations with real and synthetic traces, we show the effectiveness of VIP delegation both in terms of coverage and required number of VIPs – down to 7% in average of VIPs are needed in campus-like scenarios to offload about 90% of the traffic. These results have also been presented in [1]. Next we moved to the security issues. On of the highest threats to the security of mobile users is that of an identity theft performed using the data stored on the device. The problem highlighted by this kind of attacks is that the most commonly used authentication mechanisms completely fail to distinguish the honest user from somebody who just happens to know the user’s login credentials or private keys. To be resistant to identity theft attacks, an authentication mechanism should, instead, be built to leverage some intrinsic and difficult to replicate characteristic of each user. We proposed the Personal Marks and Community Certificates systems with this aim in mind. They constitute an authentication mechanism that uses the social context sensed by the smartphone by means of Bluetooth or WiFi radios as a biometric way to identify the owner of a device. Personal Marks is a simple cryptographic protocol that works well when the attacker tries to use the stolen credentials in the social community of the victim. Community Certificates works well when the adversary has the goal of using the stolen credentials when interacting with entities that are far from the social network of the victim. When combined, these mechanisms provide an excellent protection against identity theft attacks. In Chapter 3 we prove our ideas and solutions with extensive simulations in both simulated and real world scenarios—with mobility traces collected in a real life experiment. This study appeared in [2]. Another way of accessing the private data of a user, other than getting physical access to his device, could be by means of a malware. An emerging trend in the way people are fooled into installing malware-infected apps is that of exploiting existing trust relationships between socially close users, like those between Facebook friends. In this way, the malware can rapidly expand through social links from a small set of infected devices towards the rest of the network. In our quest for hybrid solutions to the problem of malware spreading in social networks of mobile users we developed a novel approach based on the Mobile Cloud Computing paradigm. In this new paradigm, a mobile device can alleviate the burden of computationally intensive tasks by offloading them to a software clone running on the cloud. Also, the clones associated to devices of users in the same community are connected in a social peer-to-peer network, thus allowing lightweight content sharing between friends. CloudShield is a suite of protocols that provides an efficient way stop the malware spread by sending a small set of patches from the clones to the infected devices. Our experiments on different datasets show that CloudShield is able to better and more efficiently contain malware spreading in mobile wireless networks than the state-of-the-art solutions presented in literature. These findings (which are not included in this dissertation) appeared in [3] and are the result of a joint work with P.h.D student S. Kosta from Sapienza University. My main contribution to this work was in the simulation of both the malware spreading and of the patching protocol schemes on the different social networks datasets. The Mobile Cloud Computing paradigm seems to be an excellent resource for mobile systems. It alleviates battery consumption on smartphones, it helps backing up user’s data on-the-fly and, as CloudShield proves, it can also be used to find new, effective, solutions to existing problems. However, the communication between the mobile devices and their clones needed by such paradigm certainly does not come for free. It costs both in terms of bandwidth (the traffic overhead to communicate with the cloud) and in terms of energy (computation and use of network interfaces on the device). Being aware of the issues that heavy computation or communication can cause to both the battery life of the devices [13], and to the mobile infrastructure, we decided to study the actual feasibility of both mobile computation offloading and mobile software/data backups in real-life scenarios. In our study we considered two types of clones: The off-clone, whose purpose is to support computation offloading, and the back-clone, which comes to use when a restore of user’s data and apps is needed. In Chapter 5 we give a precise evaluation of the feasibility and costs of both off-clones and back-clones in terms of bandwidth and energy consumption on the real device. We achieved this by means measurements done on a real testbed of 11 Android smartphones and on their relative clones running on the Amazon EC2 public cloud. The smartphones have been used as the primary mobile by the participants for the whole experiment duration. This study has been presented in [4] and is the result of a collaboration with P.h.D. Student S. Kosta from Sapienza University. S. Kosta mainly contributed to the experimental setup, deployment of the testbed and data collection

From cellular networks to mobile cloud computing: security and efficiency of smartphone systems.

In my first year of my Computer Science degree, if somebody had told me that the few years ahead of me could have been the last ones of the so-called PC-era, I would have hardly believed him. Sure, I could imagine computers becoming smaller, faster and cheaper, but I could have never imagined that in such a short time the focus of the market would have so dramatically shifted from PCs to personal devices. Today, smartphones and tablets have become our inseparable companions, changing for the better numerous aspects of our daily life. The way we plan our days, we communicate with people, we listen to music, we search for information, we take pictures, we spend our free time and the way we note our ideas has been totally revolutionized thanks to them. At the same time, thanks also to the rapid growth of the Cloud Computing based services, most of our data and of the Internet services that we use every day are just a login-distance away from any device connected to the Internet that we can find around us. We can edit our documents, look our and our friends’ pictures and videos, share our thoughts, access our bank account, pay our taxes using a familiar interface independently from where we are. What is the most fascinating thing is that all these new possibilities are not anymore at the hand of technically-savvy geeks only, but they are available to newer and older generations alike thanks to the efforts that recently have been put into building user interfaces that feel more natural and intuitive even to totally unexperienced users. Despite of that, we are still far from an ideal world. Service providers, software engineers, hardware manufacturers and security experts are having a hard time in trying to satisfy the always growing expectations of a number of users that is steadily increasing every day. People are always longing for faster mobile connectivity at lower prices, for longer lasting batteries and for more powerful devices. On top of that, users are more and more exposed to new security threats, either because they tend to ignore even the most basic security-practices, or because virus writers have found new ways to exploit the now world-sized market of mobile devices. For instance, more people accessing the Internet from their mobile devices forces the existing network infrastructure to be continuously updated in order to cope with the constantly increase in data consumption. As a consequence, AT&T’s subscribers in the United States were getting extremely slow or no service at all because of the mobile network straining to meet iPhone users’ demand [5]. The company switched from unlimited traffic plans to tiered pricing for mobile data users in summer 2010. Similarly, Dutch T-Mobile’s infrastructure has not been able to cope with intense data traffic, thus forcing the company to issue refunds for affected users [6]. Another important aspect is that of mobile security. Around a billion of people today have their personal information on Facebook and half of them access Facebook from their mobile phone [7]; the size of the online-banking in America has almost doubled since 2004, with 16% of the American mobile users conducting financial-related activities from their mobile device [8]; on 2010, customers spent one billion of dollars buying products on Amazon via mobile devices [9]. These numbers give an idea of the amount of people that today could find themselves in trouble by not giving enough care into protecting their mobile device from unauthorized access. A distracted user who loses his phone, or just forgets it in a public place, even if for a short time only, could allow someone else to get unrestrained access to his online identity. By copying the contents of the phone, including passwords and access keys, an attacker could steal money from the user’s bank account, read the user’s emails, steal the user’s personal files stored on the cloud, use the user’s personal information to conduct scams, frauds, and other crimes using his name and so on. But identity theft is not the only security problem affecting mobile users. Between 2011 and 2012, the number of unique viruses and malwares targeting mobile devices has increased more than six times, according to a recent report [10]. Typically, these try to get installed in the target device by convincing the user to download an infected app, or by making them follow a link to a malicious web site. The problems just exposed are major issues affecting user’s experience nowadays. We believe that finding effective, yet simple and widely adoptable solutions may require a new point of view, a shift in the way these problems are tackled. For these reasons, we evaluated the possibility of using a hybrid approach, that is, one where different technologies are brought together to create new, previously unexplored solutions. We started by considering the issues affecting the mobile network infrastructure. While it is true that the usage of mobile connectivity has significantly increased over the past few years, it is also true that socially close users tend to be interested in the same content, like, the same Youtube videos, the same application updates, the same news and so on. By knowing that, operators, instead of spending billions [11] to update their mobile network, could try an orthogonal approach and leverage an ad-hoc wireless network between the mobile devices, referred to in literature as Pocket Switched Networks [12]. Indeed, most of the smartphones on the market today are equipped with short-ranged radio interfaces (i.e., Bluetooth, WiFi) that allow them to exchange data whenever they are close enough to each other. Popular data could be then stored and transferred directly between devices in the same social context in an ad-hoc fashion instead of being downloaded multiple times from the mobile network. We therefore studied the possibility of channeling traffic to a few, socially important users in the network called VIP delegates, that can help distributing contents to the rest of the network. We evaluated VIP selection strategies that are based on the properties of the social network between mobile devices users. In Chapter 2, through extensive evaluations with real and synthetic traces, we show the effectiveness of VIP delegation both in terms of coverage and required number of VIPs – down to 7% in average of VIPs are needed in campus-like scenarios to offload about 90% of the traffic. These results have also been presented in [1]. Next we moved to the security issues. On of the highest threats to the security of mobile users is that of an identity theft performed using the data stored on the device. The problem highlighted by this kind of attacks is that the most commonly used authentication mechanisms completely fail to distinguish the honest user from somebody who just happens to know the user’s login credentials or private keys. To be resistant to identity theft attacks, an authentication mechanism should, instead, be built to leverage some intrinsic and difficult to replicate characteristic of each user. We proposed the Personal Marks and Community Certificates systems with this aim in mind. They constitute an authentication mechanism that uses the social context sensed by the smartphone by means of Bluetooth or WiFi radios as a biometric way to identify the owner of a device. Personal Marks is a simple cryptographic protocol that works well when the attacker tries to use the stolen credentials in the social community of the victim. Community Certificates works well when the adversary has the goal of using the stolen credentials when interacting with entities that are far from the social network of the victim. When combined, these mechanisms provide an excellent protection against identity theft attacks. In Chapter 3 we prove our ideas and solutions with extensive simulations in both simulated and real world scenarios—with mobility traces collected in a real life experiment. This study appeared in [2]. Another way of accessing the private data of a user, other than getting physical access to his device, could be by means of a malware. An emerging trend in the way people are fooled into installing malware-infected apps is that of exploiting existing trust relationships between socially close users, like those between Facebook friends. In this way, the malware can rapidly expand through social links from a small set of infected devices towards the rest of the network. In our quest for hybrid solutions to the problem of malware spreading in social networks of mobile users we developed a novel approach based on the Mobile Cloud Computing paradigm. In this new paradigm, a mobile device can alleviate the burden of computationally intensive tasks by offloading them to a software clone running on the cloud. Also, the clones associated to devices of users in the same community are connected in a social peer-to-peer network, thus allowing lightweight content sharing between friends. CloudShield is a suite of protocols that provides an efficient way stop the malware spread by sending a small set of patches from the clones to the infected devices. Our experiments on different datasets show that CloudShield is able to better and more efficiently contain malware spreading in mobile wireless networks than the state-of-the-art solutions presented in literature. These findings (which are not included in this dissertation) appeared in [3] and are the result of a joint work with P.h.D student S. Kosta from Sapienza University. My main contribution to this work was in the simulation of both the malware spreading and of the patching protocol schemes on the different social networks datasets. The Mobile Cloud Computing paradigm seems to be an excellent resource for mobile systems. It alleviates battery consumption on smartphones, it helps backing up user’s data on-the-fly and, as CloudShield proves, it can also be used to find new, effective, solutions to existing problems. However, the communication between the mobile devices and their clones needed by such paradigm certainly does not come for free. It costs both in terms of bandwidth (the traffic overhead to communicate with the cloud) and in terms of energy (computation and use of network interfaces on the device). Being aware of the issues that heavy computation or communication can cause to both the battery life of the devices [13], and to the mobile infrastructure, we decided to study the actual feasibility of both mobile computation offloading and mobile software/data backups in real-life scenarios. In our study we considered two types of clones: The off-clone, whose purpose is to support computation offloading, and the back-clone, which comes to use when a restore of user’s data and apps is needed. In Chapter 5 we give a precise evaluation of the feasibility and costs of both off-clones and back-clones in terms of bandwidth and energy consumption on the real device. We achieved this by means measurements done on a real testbed of 11 Android smartphones and on their relative clones running on the Amazon EC2 public cloud. The smartphones have been used as the primary mobile by the participants for the whole experiment duration. This study has been presented in [4] and is the result of a collaboration with P.h.D. Student S. Kosta from Sapienza University. S. Kosta mainly contributed to the experimental setup, deployment of the testbed and data collection

Smartphone traffic characteristics and context dependencies

Smartphone traffic contributes a considerable amount to Internet traffic. The increasing popularity of smartphones in recent reports suggests that smartphone traffic has been growing 10 times faster than traffic generated from fixed networks. However, little is known about the characteristics of smartphone traffic. A few recent studies have analyzed smartphone traffic and given some insight into its characteristics. However, many questions remain inadequately answered. This thesis analyzes traffic characteristics and explores some important issues related to smartphone traffic. An application on the Android platform was developed to capture network traffic. A user study was then conducted where 39 participants were given HTC Magic phones with data collection applications installed for 37 days. The collected data was analyzed to understand the workload characteristics of smartphone traffic and study the relationship between participant contexts and smartphone usage. The collected dataset suggests that even in a small group of participants a variety of very different smartphone usage patterns occur. Participants accessed different types of Internet content at different times and under different circumstances. Differences between the usage of Wi-Fi and cellular networks for individual participants are observed. Download-intensive activities occurred more frequently over Wi-Fi networks. Dependencies between smartphone usage and context (where they are, who they are with, at what time, and over which physical interface) are investigated in this work. Strong location dependencies on an aggregate and individual user level are found. Potential relationships between times of the day and access patterns are investigated. A time-of-day dependent access pattern is observed for some participants. Potential relationships between movement and proximity to other users and smartphone usage are also investigated. The collected data suggests that moving participants used map applications more. Participants generated more traffic and primarily downloaded apps when they were alone. The analyses performed in this thesis improve basic understanding and knowledge of smartphone use in different scenarios

Cognitive privacy for personal clouds

This paper proposes a novel Cognitive Privacy (CogPriv) framework that improves privacy of data sharing between Personal Clouds for different application types and across heterogeneous networks. Depending on the behaviour of neighbouring network nodes, their estimated privacy levels, resource availability, and social network connectivity, each Personal Cloud may decide to use different transmission network for different types of data and privacy requirements. CogPriv is fully distributed, uses complex graph contacts analytics and multiple implicit novel heuristics, and combines these with smart probing to identify presence and behaviour of privacy compromising nodes in the network. Based on sensed local context and through cooperation with remote nodes in the network, CogPriv is able to transparently and on-the-fly change the network in order to avoid transmissions when privacy may be compromised. We show that CogPriv achieves higher end-to-end privacy levels compared to both noncognitive cellular network communication and state-of-the-art strategies based on privacy-aware adaptive social mobile networks routing for a range of experiment scenarios based on real-world user and network traces. CogPriv is able to adapt to varying network connectivity and maintain high quality of service while managing to keep low data exposure for a wide range of privacy leakage levels in the infrastructure

A Survey on Security for Mobile Devices

Nowadays, mobile devices are an important part of our everyday lives since they enable us to access a large variety of ubiquitous services. In recent years, the availability of these ubiquitous and mobile services has signicantly increased due to the dierent form of connectivity provided by mobile devices, such as GSM, GPRS, Bluetooth and Wi-Fi. In the same trend, the number and typologies of vulnerabilities exploiting these services and communication channels have increased as well. Therefore, smartphones may now represent an ideal target for malware writers. As the number of vulnerabilities and, hence, of attacks increase, there has been a corresponding rise of security solutions proposed by researchers. Due to the fact that this research eld is immature and still unexplored in depth, with this paper we aim to provide a structured and comprehensive overview of the research on security solutions for mobile devices. This paper surveys the state of the art on threats, vulnerabilities and security solutions over the period 2004-2011. We focus on high-level attacks, such those to user applications, through SMS/MMS, denial-of-service, overcharging and privacy. We group existing approaches aimed at protecting mobile devices against these classes of attacks into dierent categories, based upon the detection principles, architectures, collected data and operating systems, especially focusing on IDS-based models and tools. With this categorization we aim to provide an easy and concise view of the underlying model adopted by each approach

Improving Security and Privacy in Online Social Networks

Online social networks (OSNs) have gained soaring popularity and are among the most popular sites on the Web. With OSNs, users around the world establish and strengthen connections by sharing thoughts, activities, photos, locations, and other personal information. However, the immense popularity of OSNs also raises significant security and privacy concerns. Storing millions of users\u27 private information and their social connections, OSNs are susceptible to becoming the target of various attacks. In addition, user privacy will be compromised if the private data collected by OSNs are abused, inadvertently leaked, or under the control of adversaries. as a result, the tension between the value of joining OSNs and the security and privacy risks is rising.;To make OSNs more secure and privacy-preserving, our work follow a bottom-up approach. OSNs are composed of three components, the infrastructure layer, the function layer, and the user data stored on OSNs. For each component of OSNs, in this dissertation, we analyze and address a representative security/privacy issue. Starting from the infrastructure layer of OSNs, we first consider how to improve the reliability of OSN infrastructures, and we propose Fast Mencius, a crash-fault tolerant state machine replication protocol that has low latency and high throughput in wide-area networks. For the function layer of OSNs, we investigate how to prevent the functioning of OSNs from being disturbed by adversaries, and we propose SybilDefender, a centralized sybil defense scheme that can effectively detect sybil nodes by analyzing social network topologies. Finally, we study how to protect user privacy on OSNs, and we propose two schemes. MobiShare is a privacy-preserving location-sharing scheme designed for location-based OSNs (LBSNs), which supports sharing locations between both friends and strangers. LBSNSim is a trace-driven LBSN model that can generate synthetic LBSN datasets used in place of real datasets. Combining our work contributes to improving security and privacy in OSNs

Mobility models, mobile code offloading, and p2p networks of smartphones on the cloud

It was just a few years ago when I bought my first smartphone. And now, (almost) all of my friends possess at least one of these powerful devices. International Data Corporation (IDC) reports that smartphone sales showed strong growth worldwide in 2011, with 491.4 million units sold – up to 61.3 percent from 2010. Furthermore, IDC predicts that 686 million smartphones will be sold in 2012, 38.4 percent of all handsets shipped. Silently, we are becoming part of a big mobile smartphone network, and it is amazing how the perception of the world is changing thanks to these small devices. If many years ago the birth of Internet enabled the possibility to be online, smartphones nowadays allow to be online all the time. Today we use smartphones to do many of the tasks we used to do on desktops, and many new ones. We browse the Internet, watch videos, upload data on social networks, use online banking, find our way by using GPS and online maps, and communicate in revolutionary ways. Along with these benefits, these fancy and exciting devices brought many challenges to the research area of mobile and distributed systems. One of the first problems that captured our attention was the study of the network that potentially could be created by interconnecting all the smartphones together. Typically, these devices are able to communicate with each other in short distances by using com- munication technologies such as Bluetooth or WiFi. The network paradigm that rises from this intermittent communication, also known as Pocket Switched Network (PSN) or Opportunistic Network ([10, 11]), is seen as a key technology to provide innovative services to the users without the need of any fixed infrastructure. In PSNs nodes are short range communicating devices carried by humans. Wireless communication links are created and dropped in time, depending on the physical distance of the device holders. From one side, social relations among humans yield recurrent movement patterns that help researchers design and build protocols that efficiently deliver messages to destinations ([12, 13, 14] among others). The complexity of these social relations, from the other side, makes it difficult to build simple mobility models, that in an efficient way, generate large synthetic mobility traces that look real. Traces that would be very valuable in protocol validation and that would replace the limited experimentally gathered data available so far. Traces that would serve as a common benchmark to researchers worldwide on which to validate existing and yet to be designed protocols. With this in mind we start our study with re-designing SWIM [15], an already exist- ing mobility model shown to generate traces with similar properties of that of existing real ones. We make SWIM able to easily generate large (small)-scale scenarios, starting from known small (large)-scale ones. To the best of our knowledge, this is the first such study. In addition, we study the social aspects of SWIM-generated traces. We show how to SWIM-generate a scenario in which a specific community structure of nodes is required. Finally, exploiting the scaling properties of SWIM, we present the first analysis of the scal- ing capabilities of several forwarding protocols such as Epidemic [16], Delegation [13], Spray&Wait [14], and BUBBLE [12]. The first results of these works appeared in [1], and, at the time of writing, [2] is accepted with minor revision. Next, we take into account the fact that in PSNs cannot be assumed full cooperation and fairness among nodes. Selfish behavior of individuals has to be considered, since it is an inherent aspect of humans, the device holders (see [17], [18]). We design a market-based mathematical framework that enables heterogeneous mobile users in an opportunistic mobile network to compromise optimally and efficiently on their QoS 3 demands. The goal of the framework is to satisfy each user with its achieved (lesser) QoS, and at the same time maximize the social welfare of users in the network. We base our study on the consideration that, in practice, users are generally tolerant on accepting lesser QoS guarantees than what they demand, with the degree of tolerance varying from user to user. This study is described in details in Chapter 2 of this dissertation, and is included in [3]. In general, QoS could be parameters such as response time, number of computations per unit time, allocated bandwidth, etc. Along the way toward our study of the smartphone-world, there was the big advent of mobile cloud computing—smartphones getting help from cloud-enabled services. Many researchers started believing that the cloud could help solving a crucial problem regarding smartphones: improve battery life. New generation apps are becoming very complex — gaming, navigation, video editing, augmented reality, speech recognition, etc., — which require considerable amount of power and energy, and as a result, smartphones suffer short battery lifetime. Unfortunately, as a consequence, mobile users have to continually upgrade their hardware to keep pace with increasing performance requirements but still experience battery problems. Many recent works have focused on building frameworks that enable mobile computation offloading to software clones of smartphones on the cloud (see [19, 20] among others), as well as to backup systems for data and applications stored in our devices [21, 22, 23]. However, none of these address dynamic and scalability features of execution on the cloud. These are very important problems, since users may request different computational power or backup space based on their workload and deadline for tasks. Considering this and advancing on previous works, we design, build, and implement the ThinkAir framework, which focuses on the elasticity and scalability of the server side and enhances the power of mobile cloud computing by parallelizing method execution using multiple Virtual Machine (VM) images. We evaluate the system using a range of benchmarks starting from simple micro-benchmarks to more complex applications. First, we show that the execution time and energy consumption decrease two orders of magnitude for the N-queens puzzle and one order of magnitude for a face detection and a virus scan application, using cloud offloading. We then show that a parallelizable application can invoke multiple VMs to execute in the cloud in a seamless and on-demand manner such as to achieve greater reduction on execution time and energy consumption. Finally, we use a memory-hungry image combiner tool to demonstrate that applications can dynamically request VMs with more computational power in order to meet their computational requirements. The details of the ThinkAir framework and its evaluation are described in Chapter 4, and are included in [6, 5]. Later on, we push the smartphone-cloud paradigm to a further level: We develop Clone2Clone (C2C), a distributed platform for cloud clones of smartphones. Along the way toward C2C, we study the performance of device-clones hosted in various virtualization environments in both private (local servers) and public (Amazon EC2) clouds. We build the first Amazon Customized Image (AMI) for Android-OS—a key tool to get reliable performance measures of mobile cloud systems—and show how it boosts up performance of Android images on the Amazon cloud service. We then design, build, and implement Clone2Clone, which associates a software clone on the cloud to every smartphone and in- terconnects the clones in a p2p fashion exploiting the networking service within the cloud. On top of C2C we build CloneDoc, a secure real-time collaboration system for smartphone users. We measure the performance of CloneDoc on a testbed of 16 Android smartphones and clones hosted on both private and public cloud services and show that C2C makes it possible to implement distributed execution of advanced p2p services in a network of mobile smartphones. The design and implementation of the Clone2Clone platform is included in [7], recently submitted to an international conference. We believe that Clone2Clone not only enables the execution of p2p applications in a network of smartphones, but it can also serve as a tool to solve critical security problems. In particular, we consider the problem of computing an efficient patching strategy to stop worm spreading between smartphones. We assume that the worm infects the devices and spreads by using bluetooth connections, emails, or any other form of communication used by the smartphones. The C2C network is used to compute the best strategy to patch the smartphones in such a way that the number of devices to patch is low (to reduce the load on the cellular infrastructure) and that the worm is stopped quickly. We consider two well defined worms, one spreading between the devices and one attacking the cloud before moving to the real smartphones. We describe CloudShield [8], a suite of protocols running on the peer-to-peer network of clones; and show by experiments with two different datasets (Facebook and LiveJournal) that CloudShield outperforms state-of-the-art worm-containment mechanisms for mobile wireless networks. This work is done in collaboration with Marco Valerio Barbera, PhD colleague in the same department, who contributed mainly in the implementation and testing of the malware spreading and patching strategies on the different datasets. The communication between the real devices and the cloud, necessary for mobile com- putation offloading and smartphone data backup, does certainly not come for free. To the best of our knowledge, none of the works related to mobile cloud computing explicitly studies the actual overhead in terms of bandwidth and energy to achieve full backup of both data/applications of a smartphone, as well as to keep, on the cloud, up-to-date clones of smartphones for mobile computation offload purposes. In the last work during my PhD—again, in collaboration with Marco Valerio Barbera—we studied the feasibility of both mobile computation offloading and mobile software/data backup in real-life scenarios. This joint work resulted in a recent publication [9] but is not included in this thesis. As in C2C, we assume an architecture where each real device is associated to a software clone on the cloud. We define two types of clones: The off-clone, whose purpose is to support computation offloading, and the back-clone, which comes to use when a restore of user’s data and apps is needed. We measure the bandwidth and energy consumption incurred in the real device as a result of the synchronization with the off-clone or the back-clone. The evaluation is performed through an experiment with 11 Android smartphones and an equal number of clones running on Amazon EC2. We study the data communication overhead that is necessary to achieve different levels of synchronization (once every 5min, 30min, 1h, etc.) between devices and clones in both the off-clone and back-clone case, and report on the costs in terms of energy incurred by each of these synchronization frequencies as well as by the respective communication overhead. My contribution in this work is focused mainly on the experimental setup, deployment, and data collection

Mobiilin Internetin käytön mittaukset Suomessa

Mobile Internet is the outcome of two intense and global trends of the recent years: mobile/wireless and the Internet. Despite the potential the hundreds of millions of new mobile devices sold globally each year present, little information on mobile data service usage apart from mobile operator portals is currently available. In this research, mobile Internet usage was measured in fall 2005 using three fundamentally different methods to answer the question What are the characteristics of consumer mobile Internet usage in Finland? First, data on 80-90% of all Finnish mobile subscribers and terminals was collected with mobile operators' charging-oriented reporting systems. The observed Finnish mobile terminal installed base was old and did not widely support key features for data usage as e.g. packet data capability was in 48% and WCDMA capability in less than 1% of terminals. Nokia's market share was a remarkable 87%. Smartphones constituted 6% of all terminals, over 99% of which were Nokia's Symbian handsets and one third of these Nokia communicators. The terminal base was fairly concentrated as the 50 most common models made up 88% of all terminals. Some 92-94% of all mobile subscribers were postpaid subscribers, 75% of them consumers. While 99% of consumers had operators' default usage-based packet data tariff plan, the remaining 1% created 82% of all consumer subscriber packet data traffic. Second, 50% of all Finnish mobile network packet data traffic was captured in TCP/IP header collection -based measurements. Strikingly, the Windows operating system originated 65% of all packet data traffic in mobile networks. Moreover, VPN usage created 46% of traffic volume leading to a very high 85% share of UDP traffic. The Internet APN accounted for 90% of all packet data traffic. Third, a panel of 500 Finnish Symbian S60 handsets was monitored with software installed in the handsets. Panelists with higher radio capability handsets used packet data more frequently and in higher volumes. Data usage volumes were also higher for users with relatively cheaper fixed fee packet data plans. Operator sites and infotainment dominated web/wap site visits with 32% and 33% shares of all visits. Using handset as a modem formed a 21-25% part of all smartphone data traffic. The most active 20% of data users created 80% of traffic, even when modem traffic was excluded. Browsing was the most important data application area with a 72% share of non-modem traffic, and its relative share increased with data usage volume. In conclusion, Finnish mobile data usage is currently business driven. Traffic to non-operator controlled sites appears to be important. The usage of 3G terminals and effectively flat-rate packet data tariffs seems to increase data usage considerably, and browser is a central application also in mobiles. Mobile operators are recommended to include items on off portal traffic to their regular reporting. Similar measurements enabling evaluation of the development of Finnish mobile data usage should be repeated. The measurement methods could also be productized or sold to operators as a service by a 3rd party. Potential ways to utilize the handset-based data are numerous.Mobiili Internet on seurausta kahden viimeaikaisen voimakkaan ja globaalin trendin, liikkuvuuden ja Internetin yhdistymisestä. Huolimatta satojen miljoonien vuosittain globaalisti myytyjen mobiililaitteiden edustamasta potentiaalista, operaattoreiden portaalien ulkopuolista mobiilien datapalveluiden käyttöä ei tunneta hyvin. Tässä tutkimuksessa mitattiin mobiilin Internetin käyttöä syksyllä 2005 käyttäen kolmea erilaista menetelmää vastattaessa kysymykseen Mitkä ovat mobiilin Internetin kuluttajakäytön ominaispiirteet Suomessa? Ensimmäiseksi, mobiilioperaattoreiden laskutukseen perustuvien raportointijärjestelmien avulla kerättiin aineistoa 80-90% Suomen mobiilitilaajista ja -päätelaitteista. Suomen päätelaitekanta havaittiin vanhaksi ja datakäytölle keskeiset ominaisuudet rajallisesti levinneiksi, sillä pakettidatakyvykkyys oli 48% ja WCDMA kyvykkyys vain 1% päätelaitteista. Nokian markkinaosuus oli huomattava 87%. Kaikista päätelaitteista älypuhelimia oli 6%, joista 99% oli Nokian Symbian puhelimia ja näistä kolmannes Nokian kommunikaattoreita. Päätelaitekanta oli varsin keskittynyt 50 yleisimmän mallin vastatessa 88% kaikista päätelaitteista. Mobiilitilaajista 92-94% oli postpaid-tilaajia, 75% heistä kuluttajia. Vaikka 99% kuluttajista oli oletusarvoisen käyttöperusteisen pakettidatahinnoittelun piirissä, loput 1% loi 82% kuluttajatilaajien pakettidataliikenteestä. Toiseksi, 50% suomalaisten mobiiliverkkojen pakettidataliikenteestä mitattiin keräämällä TCP/IP otsakkeita. Silmäänpistävin tulos oli Windows-käyttöjärjestelmän 65% osuus kaikesta pakettidataliikenteestä. VPN-käyttö loi 46% liikennevolyymistä johtaen UDP-liikenteen hyvin korkeaan 85% osuuteen. Internet APN vastasi 90% kaikesta pakettidataliikenteestä. Kolmanneksi, 500 suomalaisen Symbian S60 puhelimen paneelia monitoroitiin puhelimiin asennetulla sovelluksella. Radioltaan kyvykkäämpiä puhelinten käyttäjät käyttivät pakettidataa useammin ja enemmän. Datakäytön volyymit olivat korkeampia suhteellisesti halvemman kiinteän hinnoittelun käyttäjillä. Operaattoreiden sivustot ja tietoviihde hallitsisivat web/wap käyttöä 32% ja 33% osuuksilla kaikista vierailuista. Modeemikäyttö muodosti 21-25% osuuden kaikesta älypuhelinten dataliikenteestä. Aktiivisin 20% datakäyttäjistä loi 80% liikenteestä, myös kun modeemikäyttöä ei huomioitu. Selainkäyttö oli tärkein datasovellusalue 72% osuudella ei-modeemiliikenteestä, sen suhteellinen osuus kasvoi datakäytön volyymin myötä. Suomalainen mobiilidatakäyttö on tällä hetkellä yrityskäyttäjävetoista. Operaattoreiden portaalien ulkopuolinen liikenne vaikuttaa tärkeältä. Kolmannen sukupolven päätelaitteiden ja kiinteän hinnoittelun käyttö näyttää kasvattavan datakäyttöä merkittävästi, ja selain on keskeinen sovellus myös mobiilissa. Mobiilioperaattoreiden tulisi liittää portaaliliikenteen ulkopuolinen käyttö sisäiseen raportointiinsa. Vastaavat mittaukset tulisi toistaa mobiilidatakäytön kehittymisen arvioimiseksi. Käytettyjen mittausmenetelmien tuotteistaminen tai myynti palveluna operaattoreille kolmannen osapuolen toimesta on mahdollista. Päätelaitepohjaisella aineistolla on lukuisia käyttökohteita