See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/316981947

Intrusion and Attacks over Mobile Networks and Cloud Health Systems

Conference Paper · May 2017

DOI: 10.1109/INFCOMW.2017.8116345

CITATIONS READS
0 180

4 authors:

Loai Tawalbeh Hala Tawalbeh

University of California, Santa Barbara Jordan University of Science and Technology
84 PUBLICATIONS   786 CITATIONS    10 PUBLICATIONS   64 CITATIONS   

SEE PROFILE SEE PROFILE

Houbing Song Yaser Jararweh

Embry-Riddle Aeronautical University Jordan University of Science and Technology
212 PUBLICATIONS   2,795 CITATIONS    239 PUBLICATIONS   1,959 CITATIONS   

SEE PROFILE SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Cloud Computing View project

Energy Optimization Techniques in Cloud and Mobile Cloud Computing View project

All content following this page was uploaded by Loai Tawalbeh on 26 May 2017.

The user has requested enhancement of the downloaded file.

 Intrusion and Attacks over Mobile Networks and Cloud Health Systems
Lo’ai A. Tawalbeh1,2 , Hala Tawalbeh2
Department of Computer Engineering,
1
Umm Al-Qura University, Makkah, KSA
2
Jordan University of Science and Technology, Jordan
Email: Latawalbeh@uqu.edu.sa
Abstract: In every existed technical tool and
specific-purpose application, security must be in
watch all the time. Each of these has its security
implications that need to be considered specifically
in order to protect all users’ data and information
and prevent putting them at risk. Moreover, the
rapid development and spread of many technologies
such as mobile networks and smart phones, IoT,
smart cities, and cloud computing, resulted in
increasing the demand on more security. There is a
needs to secure the communication networks that
transfer the users data, the application itself that
manipulates this data, the mobile device that runs
that application, and the cloud environment that
process and store this information. There is a
variety of the user’s information that need to be
protected including financial transactions, personal
data, and medical records. In the last few years,
there are many health care providers worldwide
integrated their systems with the mobile and cloud
environment solutions to compete in the IT-based
services. This integration brought up the need to
secure healthcare applications and systems against
cyber attacks. In this paper, we discuss the security
of associated technologies with mobile networks and
cloud-based health care systems. Also, we present a
combination of meet in the middle attack and Side
Channel Attack.
Key Words: Security; Mobile Cloud, Health Care
Systems; Cyber Attacks
I. INTRODUCTION
The recent trends and advances in communication
and mobile technologies combined with the wide
spread of smart mobile devices allowed majority of
people all over the world to use different useful
applications in daily basis. The users can use their
mobile devices to pay bills, determine locations and
shop over the internet [1].
Houbing Song 3 Yaser Jararweh2
3
Dept. of Electrical and Computer Eng.
West Virginia University
West Virginia, USA
Email:h.song@ieee.org Email: yaser.amd@gmail.com
Among the new technologies and developing trends
is the Internet of Things is a hot topic in both
business and technology circles. IoT defines a range
of technologies that allow us to potentially connect
anything electronic with each other in a network of
machines, appliance, devices and sensors [2]. It is
becoming an integral part of the Internet. By enabling
easy access and interaction with a wide variety of
devices such as, for instance, home appliances,
surveillance cameras, monitoring sensors, displays,
and vehicles, the IoT achieves the goal of making the
Internet even more immersive and pervasive [3].
Many different domain use IoT application such as
home and industrial automation and mobile
healthcare systems.
However, no secure internet that guarantees the
privacy of the user’s information [4]. A lack of IoT
security is a major concern holding back its rapid
growth. Consumers are constantly exposed to cyber
attacks due to the use of a wide range of available
smart devices because these devices are insecure and
users often do not know about security threats on
these appliances, applications and mobile
technologies they use [5]. The application of the IoT
paradigm to an urban context is of particular interest,
as a smart city which a huge number of machines
devices interconnected with each other and with
higher level control systems.
The spread of the IT technologies and useful
applications contributed to provide better services for
people around the globe at reasonable cost and effort,
and with maximum utilization of resources. The issue
of privacy is very important and among the most
critical concerns in the mobile devices and
technologies and cloud services [6]. The users of
mobile and wireless technologies can be anonymous
and might keep their mobile devices on the always-
on mode. This will make their data and devices
under possible cyber attack at any time [7].
Among the useful applications of mobile devices
and cloud computing is the mobile cloud health care
industry that is developed rapidly and has high
competence to provide the best services to the
patients and health care providers [8]. The patients
can access their records and lab tests at any time and
from anywhere without the need to visit the clinic.
Also, the healthcare provider can take the appropriate
medical decision by accessing the test results and x-
rays directly stored on the cloud servers directly from
their mobile devices [9].
In the next section we present related work. In
Section III we discuss the technology security issues.
Section IV presents combination of meet in the
middle attack and side channel attacks. Section V
concludes this paper.
II. RELATED WORK
In paper [10] authors presented smart grid which is
power industry is integrating the electrical
distribution system with communication networks to
form a two directional power and information flow
infrastructure , the background and requirements for
smart grid communication security. Authors
summarized the cyber security requirements and the
possible vulnerabilities in smart grid , found smart
grid faced several cyber related attacks even with
that great performance benefit from it to power
industry . Also surveying the current solutions on
cyber security for smart grid communications and
the major challenge of its security.
In paper [11] authors proposed importance of an
urban IoT in everyday life and some
implementations such as home appliances,
monitoring sensors, actuators, displays, vehicles, and
so on and analyzed the solutions currently available
for the implementation of urban IoTs . Authors
presented an urban IoT system that are designed to
support the Smart City vision , overview some of the
useful services in smart cities that might be enabled
by an urban IoT paradigm because they can realize
the win–win situation of increasing the quality and
enhancing the services offered to the citizens such as
smart parking ,smart lighting , air quality monitoring
and so on also provided survey of the enabling
technologies, protocols, and architecture for an urban
IoT and described some of devices interact with an
urban IoT such as smart phone ,smart tablet and
laptops .
In paper [12] Authors discussed IoT platforms
solution that can be efficiently to make cities smarter
but there is a gap between the different IoT platforms
to this purpose this paper proposes Cloud computing
a valid bridge of the IoT, Internet of people through
the Internet of Services, and services can be
implemented which arise by bridging Cloud of
Things (CoT) and IoT. The authors also survey the
smart city vision , providing information on the main
requirements and the benefits of merging different
IoT ecosystems within Cloud under this new CoT
vision.
In [13] the authors proposed a mobile cloud
computing system based on cloudlet infrastructure
for big data applications. The proposed model can be
used in many applications were big amounts of data
is collected and analyzed such as health care and GPS
applications.
To protect the privacy of the users over mobile
networks, the users are recommended to stop sharing
private information such as names and addresses with
strangers) [14]. One of the dangerous threats of
Social Networks is to de-anonymize user’s identities
and share their private information with third
advertising party. Sybil attack is another dangerous
threat in which attackers claim several fake identities
in order to expose the network and break the honesty
of it [15]. This attack is performed when the attackers
have goals like ruining a voting application and
changing its results and like breaking a specific
network’s trust mechanism [15]. A threat is
introduced which is a new kind of a web robot that
perform software scripts over the interne that is
Socialbots [16]. It is a computer algorithm that acts
brings out content and react to humans’ behavior
over Social Media like a human.
The authors in [17] proposed an efficient and secure
mobile cloud computing model based on software
defined approach. The model addresses the security
issue in mobile cloud applications from software
perspective. The authors provide secure model and at
the same time keeping high level of efficiency.
 Figure 1: MiTM-Side Channel combined attack
III. TECHNOLOGY SECURITY
Here, we highlight some vulnerabilities and threats
that happen to the used technologies themselves. The
effect of these threats increases as using of modern
technologies proliferates in smart cities because
deploying advanced technologies imposes dealing
with massive amounts of data that are
multidirectional and diverse, high level of
connectivity and dependency and fast speeds. Thus,
security considerations are more critical when we talk
about technology [18]. Internet security researchers
say that technologies adapted by smart cities are
more vulnerable and susceptible to hacks and threats
than computers and handheld devices. This goes at
the first place to the governments and authorities who
are responsible for buying and adapting new
technologies. The problem is that these authorities
only care about the functionality, modernity and
advance such technologies provide for smart cities
and the do not pay much attention for security-wise
testing. On the other side, modern technologies
indicate to transfer data wirelessly to handle services,
which need powerful encryption to ensure security.
Nevertheless, technology firms fail to grant this must
security.
Technology companies follow obscurity for
technologies they provide for the sake of ensuring
more security. This means that such companies keep
everything regarding their provided technologies
vague. They hide details about the development
process, the designs, codes, etc.; and most of these
companies prevent security researchers and
companies from testing their technologies even if
they were buying their products [18]. Moreover,
some of these companies consider security
researchers and research companies as threats; and
even when they hire researchers and hackers to detect
security vulnerabilities in their products, they usually
delay publishing the updates and upgrades needed to
overcome these vulnerabilities which mean that their
clients will stay open to attacks and threats until the
security fix becomes available.
Handling technology security concerns in the today’s
digital world starts from the authorities [19]. They
need only to transact business and make deals with
technology firms that are trustworthy, allow security
testing and have fixing plans for security issues. And
make sure that the manufacturers have fixing and
recovery plans for security threats and attacks.
 IV. A COMBINATION OF MITM
ATTACK AND SIDE CHANNEL
ATTACK
Attackers always search for attack combinations to
build attacks that are more sophisticated for platforms
and applications. Such attacks provide higher-level of
severity as they combine characteristics of both
attacks to cover vulnerabilities of each. In this
section, we present new combined attack, which
consists characteristics of both MiTM and Side-
Channel combined attack.
In the previous section, we defined MiTM attack as
unauthorized secret interception of specific
communication between two parties, that happened
by a third unauthorized intruder. In MITM attack, the
attacker has to impersonate successfully each
communication party using a technique called ARP
spoofing. Thus, each of them believes that he is
communicating with whom he supposed to
communicate with. Therefore, when data flow
through the malicious communication channel, they
actually flow to the attacker system. To defeat MITM
attack when attacks particular system in the smart
city, strong encryption such as AES between sender
and receiver is necessary. Side-Channel Attack can
be used to defeat the protection that AES assures for
the communication between two parties. Side-
Channel Attack uses information about physical
implantation of used cryptographic system (let’s say
ACE) such as execution time and power
consumption. All cryptosystems implemented for
embedded systems are exposed to Side-Channel
Attack.
Here we are proposing an idea of combining these
two attacks, MITM attack and Side-Channel Attack
for one powerful attack that targets embedded
systems of smart cities. By MITM attack, the attacker
aims to listen to the conversation between sender and
receiver; by Side-Channel Attack, the attacker aims
to break the cryptosystem of the same targeted
system (Figure 1) [19].
The basic idea of Man in the Middle attack is to
intercept the Secure Socket Layer SSL connection by
cloning proxy certificates in a way that client won’t
notice that he trusts the interceptor. First, the
interceptor must create a Certification Authority CA
Certificate to sign the cloned certificate. Thus, the
client trusts this CA certificate, otherwise the attack
will be detected and SSL connection won’t be
intercepted. Second, client must be configured to use
the intercepting proxy, and the interceptor must
accept the TCP connection sent by the client. Third,
SSL connection has to be established and server’s
certificate has to be verified, then a new certificate
must be created and signed by the new proxy CA.
Once the client trusts the interceptor’s proxy CA, the
upgrade to the new SSL will be accepted. Finally,
transferred data will be encrypted using the
interceptor’s SSL.
V. CONCLUSION
In this paper, we presented the importance and wide
spread of the mobile technologies. These
technologies and applications are used in almost
every aspect of our life including the health care
sector that integrates advanced technologies such as
cloud computing and mobile systems. This
integration brought up the need to secure healthcare
applications and systems against cyber attacks. In this
paper, we discuss the security of associated
technologies with mobile networks and cloud-based
health care systems. Also, we present a combination
of meet in the middle attack and Side Channel
Attack.
ACKNOWLEDGMENT
The authors would like to thank the Deanship of
Scientific Research at Umm Al-Qura University for
the continuous support. This work was supported
financially by the Deanship of Scientific Research at
Umm Al-Qura University to Dr. Lo’ai Tawalbeh
(Grant Code: 15-COM-3-1-0017).
REFERENCES
[1] Lo'ai, A. Tawalbeh, and Waseem Bakhader. "A Mobile
Cloud System for Different Useful Applications." In Future
Internet of Things and Cloud Workshops (FiCloudW),
IEEE International Conference on, pp. 295-298. IEEE,
2016.
[2] AlOtaibi, Majed, A. Lo’ai, and Yaser Jararweh.
"Integrated Sensors System Based on IoT and Mobile
Cloud Computing."
[3] Atzori, Luigi, Antonio Iera, and Giacomo Morabito.
"The internet of things: A survey." Computer networks 54,
no. 15 (2010): 2787-2805.
[4] Lo'ai, A. Tawalbeh, Turki F. Somani, and Hilal
Houssain. "Towards secure communications: Review of
side channel attacks and countermeasures on ECC."
In Internet Technology and Secured Transactions
 (ICITST), 2016 11th International Conference for, pp. 87-
91. IEEE, 2016.
[5] Lo’ai, A. Tawalbeh, and Turki F. Somani. "More
Secure Internet of Things Using Robust Encryption
Algorithms Against Side Channel Attacks."
[6] Moh’d, Abidalrahman, Nauman Aslam, Hosein Marzi,
and L. A. Tawalbeh. "Hardware implementations of secure
hashing functions on FPGAs for WSNs." In Proceedings of
the 3rd International Conference on the Applications of
Digital Information and Web Technologies (ICADIWT).
2010.
[7] Sklavos, Nicolas, and Xinmiao Zhang, eds. Wireless
security and cryptography: specifications and
implementations. CRC Press, 2007.
http://www.socialmediatoday.com/content/rise-social-bots.
[17] Tawalbeh, Lo'ai, Yousef Haddad, Omar Khamis,
Elhadj Benkhelifa, Yaser Jararweh, and Fahd AlDosari.
"Efficient and secure software-defined mobile cloud
computing infrastructure." International Journal of High
Performance Computing and Networking 9, no. 4 (2016):
328-341.
[18] ] U.S. Department of Homeland Security’s Office of
Cyber and Infrastructure Analysis (DHS/OCIA) “The
Future Of Smart Cities: Cyber-Physical Infrastructure
Risk.” U.S. (2015).
[19] Cerrudo, Cesar. "Hacking Smart Cities." In RSA
Conference 2015, pp. 2-18. 2015.

[8] Lo'ai, A. Tawalbeh, Rashid Mehmood, Elhadj

Benkhelifa, and Houbing Song. "Mobile Cloud Computing
Model and Big Data Analysis for Healthcare Applications."
IEEE Access Journal. Vol 4, pp 6171-6180. Sept 2016

[9] Lo’ai, A., Waseem Bakheder, Rashid Mehmood, and

Houbing Song. "Cloudlet-based Mobile Cloud Computing
for Healthcare Applications." IEEE GLOBECOM, 2016 in
Washington D.C, December 4-8, 2016

[10] Ye Yan, Yi Qian, Hamid Sharif and David Tipper

(2012) ,"A Survey on Cyber Security for Smart Grid
Communications ", IEEE COMMUNICATIONS
SURVEYS & TUTORIALS, VOL. 14, NO. 4, FOURTH
QUARTER 2012.

[11] Andrea Zanella, Senior Member,Nicola Bui, Angelo

Castellani,Lorenzo Vangelista, and Michele Zorzi, Fellow
(2014) ,"Internet of Things for Smart Cities”, IEEE
INTERNET OF THINGS JOURNAL, VOL. 1, NO. 1,
FEBRUARY 2014.

[12] Riccardo Petrolo, Valeria Loscrì and Nathalie Mitton

(2015) , "Towards a smart city based on cloud of things, a
survey on the smart city vision and paradigms

[13] Lo'ai, A. Tawalbeh, Waseem Bakheder, and Houbing

Song. "A mobile cloud computing model using the cloudlet
scheme for big data applications." In Connected Health:
Applications, Systems and Engineering Technologies
(CHASE), 2016 IEEE First International Conference on,
pp. 73-77. IEEE, 2016.

[14] N. A. V. Shmatikov, "De-anonymizing social

networks," in 30th IEEE symposium on security and
privacy, 2009.

[15] R. Gunturu, "Survey of Sybil attacks in social

networks," arXiv preprint arXiv:1504.05522, 2015.

[16] "SocialMedia Today," [Online]. Available:

View publication stats