Professional Documents
Culture Documents
79]
On: 20 February 2015, At: 13:34
Publisher: Taylor & Francis
Informa Ltd Registered in England and Wales Registered Number: 1072954 Registered office: Mortimer House,
37-41 Mortimer Street, London W1T 3JH, UK
To cite this article: Al-kindy Athman Abdalla & Al-Sakib Khan Pathan (2014) On Protecting Data Storage in Mobile Cloud
Computing Paradigm, IETE Technical Review, 31:1, 82-91, DOI: 10.1080/02564602.2014.891382
Taylor & Francis makes every effort to ensure the accuracy of all the information (the Content) contained
in the publications on our platform. However, Taylor & Francis, our agents, and our licensors make no
representations or warranties whatsoever as to the accuracy, completeness, or suitability for any purpose of the
Content. Any opinions and views expressed in this publication are the opinions and views of the authors, and
are not the views of or endorsed by Taylor & Francis. The accuracy of the Content should not be relied upon and
should be independently verified with primary sources of information. Taylor and Francis shall not be liable for
any losses, actions, claims, proceedings, demands, costs, expenses, damages, and other liabilities whatsoever
or howsoever caused arising directly or indirectly in connection with, in relation to or arising out of the use of
the Content.
This article may be used for research, teaching, and private study purposes. Any substantial or systematic
reproduction, redistribution, reselling, loan, sub-licensing, systematic supply, or distribution in any
form to anyone is expressly forbidden. Terms & Conditions of access and use can be found at http://
www.tandfonline.com/page/terms-and-conditions
On Protecting Data Storage in Mobile Cloud
Computing Paradigm
Al-kindy Athman Abdalla and Al-Sakib Khan Pathan
Department of Computer Science, International Islamic University Malaysia, Kuala Lumpur 53100, Malaysia
ABSTRACT
To enhance the security of mobile cloud storage, a few proposals have been presented already, most of which
focus on securing data through passwords and encryption-decryption of data through cryptographic tools
and existing or rather new algorithms. However, these passwords and algorithms eventually get cracked by
the expert hackers who mostly spend their entire time learning the algorithms and the way to get through the
password-protected frameworks. It is for this reason that our article concentrates on a different way of secur-
ing data-storage for mobile cloud computing users. In this article, we present a secure framework that helps
protect the mobile-user data through storage in different servers located at different geographical locations
across the globe. In this way, it ensures strong data protection ability, because part of the data is stored in one
server located at a location and another part of the data is stored in another server located at a far different
Downloaded by [198.91.36.79] at 13:34 20 February 2015
location. We also analyse various facets of the issue and report on the state-of-the-art achievements.
Keywords:
Cloud, Data, Framework, Location, Mobile.
2. NEED FOR ENHANCED MOBILE their requirements will exceed the capabilities of
COMPUTING mobile devices. Therefore, to meet the rising demand,
it is necessary to augment and enhance the computa-
2.1 Current Trends tional capabilities of mobile devices through the use of
Cloud computing is basically on-demand network mobile cloud computing [4].
access to a shared pool of configurable computing
Another dimension of this is the integration of sophis-
resources (e.g. networks, servers, storage, applications
ticated and new wireless technologies. With the fast
and services) that can be rapidly provisioned and
development of wireless technology, mobile cloud
released with minimal management effort or service
computing has become an emerging cloud service
provider interaction. The functions of the cloud and its
model, where mobile devices and sensors are used as
use could be enhanced with various new technologies
the information collecting and processing nodes for
that are emerging. In fact, often technologies merge, or
converge, or help each others growth. With this inter- the cloud infrastructure. One such example is the Fi-
Wi cloud (fiber-wireless based cloud) [5]. This new
mingling of technologies, new needs often arise.
trend requires researchers and practitioners to con-
struct a trustworthy architecture for mobile cloud com-
Today, the electronics manufacturers are trying their
puting that includes a large number of lightweight,
best to enhance the features and functions of MIDs
resource-constrained mobile devices. In such a mobile
that could be suitable for different MCC environments.
cloud sensing environment, cloud users may request
Side-by-side, the application developers are also com-
Downloaded by [198.91.36.79] at 13:34 20 February 2015
CS are delivered and consumed on demand at any time, picture of the field alongside proposing a framework
through any access network, using any connected on how to protect the stored data in the cloud. Our
device with cloud computing technologies. proposed framework should enable the following:
To define it formally, a cloud service provider (CSP) is 1. protection of the CSUs stored data from hackers;
an organization that provides and maintains delivered 2. recovery of CSUs stored data in case of stolen or
cloud services. A cloud service user (CSU) is a person lost MIDs;
or organization that consumes delivered cloud serv- 3. data secrecy for companies or organizations.
ices. A CSU can include intermediate users that will
deliver cloud services provided by a CSP to actual 4. THREATS AGAINST MOBILE CLOUD
users of the cloud service, that is, the end users. End STORAGE
users can be persons, machines, or applications.
Figure 1 shows a typical mobile could service model In an MCC environment, a number of security con-
with different participating entities. In fact, MCC cerns may be raised with regard to the secrecy and
assures anywhere, anytime data access provided that confidentiality of data available in the MIDs of individ-
there is Internet connection with wireless access [9]. uals. Often users keep their most confidential data in
However, such data storage raises a number of secu- their mobile gadgets (e.g. Smartphones), however,
rity concerns as these data in the cloud is vulnerable to because MCC involves outside processing and storage
attacks by hackers [21] who mostly seek a pool of data of data, there exist other threats such as eavesdropping
located anywhere. Security issues may include: data and theft of data over the mobile cloud network.
leakage, data modification, data loss. Also, MIDs can be
stolen, crashed or lost. Because of these, the need for a One of the major problems in cloud computing is the
secure model of data protection is realized. fact that the security and confidentiality of a remote
resource cannot be technically validated by the cus-
Taking this scenario into consideration, in this work, tomer. As a consequence, the security aspect is still
we analyse various efforts and issues to give a clear subject to contracts and trust [10]. According to a study
of the National Vulnerability Database, there were 26 cloud services. According to an IDC report [13, 14],
and 18 vulnerabilities in Xen and VMware ESX, respec- when questioned, 74.6% of service providers answered
tively. A malicious insider or attacker can acquire arbi- that the most important issue for cloud services is
trary user data through these vulnerabilities via VM security. In addition, recent cloud computing attacks
escape attacks, hypervisor rootkits or executing mali- make it difficult to guarantee the trust and safety of
cious codes [7]. On the other hand, user carelessness cloud services [15]. However, service providers should
incurs client-side data leakage. If a user loses a mobile be aware of security problems that may arise when
device that is connected to the cloud storage service, they adopt and launch new cloud services.
then anyone who picks up this device can access the
users security sensitive data, or if a user accesses his Currently, a typical cloud storage service, Drop box,
or her cloud storage using untrusted devices, the offers server-side data encryption for security purpose.
users credentials or security-sensitive data can be However, we argue that such a method is not secure
intercepted by malicious programs (e.g. key logger enough because all the encryption keys are managed
programs, viruses or malicious codes can reside in by software and there is no attestation on the client
untrusted device and cause client-side data leakage software integrity. Moreover, a simple user identifica-
through the network) [7]. tion based on user ID and password is also easily com-
promised. Hence, a stronger method of data protection
The importance of the data stored in the smart phones is needed in this scenario.
is increased as more applications are deployed and
Downloaded by [198.91.36.79] at 13:34 20 February 2015
executed. Once the smart phone is damaged or lost, 5. ANALYSIS OF THE STATE-OF-THE-ART
the valuable information stored in the device is lost
altogether. If cloud storage can be integrated with Most of the frameworks proposed by some previous
cloud services for periodical data backup of a mobile research works use passwords and cryptographic algo-
client, the risk of data loss can be minimized. However, rithms to secure or protect the data in the cloud. With
the important data might be uncovered by a malicious this kind of framework, more powerful computational
third party during retrieval or transmission of infor- abilities are even required. Also, it leads to faster usage
mation using wireless cloud storage without proper and finishing of the low battery powers of MIDs.
authentication and protection [11]. Again, if the service
is provided via the internet, the data in transit is vul- Some commercial cloud storage services protect users
nerable to various kinds of network level attacks like data located in server-storages by introducing client-
eavesdropping and session hijacking. Hence, there is a based or server-based data encryption. When client-
need for a system that can provide cloud service to the based encryption is used, it is ensured that the users
organizations internally, which can be trusted for the data are encrypted before transmitting to the server.
confidentiality of data [12]. All components related to encryption, such as encryp-
tion process, library and data keys, are hosted by the
The ability to securely delegate computation to a client program. By using these components, the client
remote resource provider is becoming a key feature in program generates a one-time-use symmetric key for
resource outsourcing and cloud computing [22], where data encryption. This key will be encrypted using the
programs and data are distributed over a wide net- users asymmetric public key and uploaded with
work of machines and resources that can no longer be encrypted data to the server. When the user wants to
controlled by the customer. The customer has to trust download his or her data, the client program requests
the resource provider, because to date all software, this encrypted data key along with data and then
once transmitted to the remote resource provider, is decrypts the data key using users private key and
executed in unencrypted form and is entirely under finally decrypts the data. Similar operational architec-
the control of the resource owner [10]. Hence, some ture is presented in reference [7].
trust factors should work in the process of forming a
defence against the threats and vulnerabilities. Although the adoption of cloud computing services is
undergoing rapid proliferation, customers of critical
Mobile devices connect to application providers via cloud services are reluctant and sceptical about the
wireless or mobile network which is an enabler of com- integrity of their stored data in the remote cloud [16].
munication. It would be a mistake to assume that all This fact is further aggravated in mobile cloud com-
mobile network access-points are trusted, to an extent puting models that support battery-operated wireless
that no security measures are put in place to protect and mobile client devices with limited energy resour-
mobile devices that connect through them. However, ces. Any integrity enforcement mechanism should
service providers should be aware of security prob- securely support dynamic operations on remote data
lems that may arise when they adopt and launch new and consider the limitations of mobile customers by
employing energy-efficient algorithmic techniques and encryption-based mechanisms by themselves are not
cryptographic data structures. Moreover, in this kind enough. Indeed, we need a second line of defence to
Downloaded by [198.91.36.79] at 13:34 20 February 2015
of framework, stored data are less secure. Expert hack- protect the stored data. Hence, by data protection or
ers are known to crack passwords through brute-force data security in this paper, we mainly mean protecting
attacks and dictionary attacks and hack the entire sys- the cloud-storage-data once the communications have
tem over a given period of time. Hackers have made been done.
programs and codes that are mainly used to hack a
password-protected framework. Therefore, the tradi- The abstract model of generated data-storage (data
tional frameworks often fail to entirely secure the pool) and potential threat could be depicted as in
stored data in the cloud. Figure 2. When the Data Owner (DO) (e.g. mobile
user) stores data in the cloud, the hackers try to get
Data encryption methods do mitigate the risk of access to the data by hacking the system. There are
server-side data leakage, but several risks of data leak- mainly two categories of data in the cloud data storage
age still exist. First, in case of the client-based encryp- (Figure 3): sensitive data and non-sensitive data.
tion, the keys involved in the process of encryption are
managed by software. If that software gets corrupted, If the whole pool of data is non-sensitive and thus could
the keys could be exposed to the attacker. Second, in be shared with the public, hacking of the data-storage
the case of server-based encryption, the users data still may not really do harm; however, sensitive data
remain as plain text in the server before the encryption exposed by the hackers from a single storage location
process. Therefore, an attacker can exploit the vulner- would really cause harm. As the user (or, the commu-
abilities of servers to fetch the users data. Third, user nity or organization) is the owner of the data, extra
authentications are depend only on user ID and pass- protection should be desired by the owner from the
word. A user can access all of the content of cloud stor- storage mechanism in the mobile cloud. This is what
age if he or she logs in with valid pair of user ID and has persuaded us to develop our framework.
password [7].
6.2 Our Framework
6. OUR APPROACH
We use a different approach to data protection. Data
6.1 Security of Stored Data storage in the cloud is designed in such a way that
users can use mobile phones or such handheld devices
On the internet, users can be attacked everywhere. As as a platform to upload, download, share and synchro-
long as the internet is accessed to send a message, the nize information through cloud computing anywhere
message transmission is subject to attack [11]. Hence, at any time.
many of the issues we have mentioned in the previous
sections also resonate with cyber security issues. While 6.2.1 Topological and Operational Models
the existing defence mechanisms may be employed for
protecting communications, to mitigate the damage Figure 4 shows the topological model of our frame-
done to the databases or to pool of data by attacks like, work which depicts that mobile users could use wire-
for example, SQL Injection [17], password- or less access to just upload/download their data. In this
model, data will be stored in different servers that are sense. Hence, the hacker will have to get access to all
situated at different locations. Part of the data will be of the different servers in different geographical loca-
stored for instance, in Server 1 at Location C; another tions to eventually have the whole meaningful data.
part of the data will be stored in Server 2 at Location To facilitate upload or download, each MID may have
D, and so on. All of these servers are connected in a an application installed in it to access cloud service, or
structured manner. In that way, even if the hacker gets a website interface could be used for the same task. If a
access to the stored data of one server, it will only website is used, many typical cyber security issues
mean access to part of the data that does not make may arise during communications, which are beyond
the scope of this work, and any standard mechanism depict the operations, we have used two copies of the
or combination of mechanisms could be used. Other partial diagram. This figure illustrates that the mobile
than this, it should be noted here that the internal net- user (or CSU) uploads the data, which go through the
work structure could be any as long as such fragmented cloud service provider which has a data protection
storage is allowed. RAID (redundant array of indepen- manager (DPM) module. The DPM has mainly two
dent disks) [23], for instance, is one type of technology sub-modules: a user data fragmenter (UDF) that frag-
in which data are distributed across the drives in one ments the data and stores it in different locations; and
of several ways called RAID levels, depending on the a user data merger (UDM) that generates the original
level of redundancy and performance required. New data when a user downloads that on demand. The
techniques that can also be thought of as RAID may DPM has a data mapping function that allows frag-
not be appropriate for this case. We have shown here a mentation and merging for a particular client (i.e. the
hierarchical structure of the network; however, finding user). A table keeps the records and we assume that
the optimal structure or optimality issue would the DPM is well protected, which is essential for this
demand a completely separate work, both from a topo- framework. The fragmentation service is available if
logical and from an operational point of view. user chooses to have such data protection, which
should be defined in the service level agreement
Figure 5 shows an operational model of our frame- (SLA). Hence, the user should choose the service, pay
work. The dotted lines at the top of the figure mean for it, and it should be formally agreed upon and
that both the cloud diagrams are the same. To clearly recorded in the SLA. Also, the lifetime of data for a
Downloaded by [198.91.36.79] at 13:34 20 February 2015
particular user and other policy issues should be a protected manner. After a while, when the user gets
defined in the SLA. a PC (personal computer) or any other device, he could
access the uploaded data, which would be merged and
6.2.2 Use of Erasure Coding with our Framework served to the user by the CSPs DPM. Figure 5 shows
that the PC could be either wired or wirelessly
To enable such storage and protection of data, an era- connected.
sure coding (EC) [18] method could be applied. EC is
basically a data protection method in which data are The core idea of this work is that we do not fully agree
broken into fragments, expanded and encoded with with the available and usual data protection methods
redundant data pieces and stored across a set of differ- proposed so far such as using only usernames and
ent locations, such as disks, storage nodes or geo- passwords and encryption algorithms. Although those
graphic locations. A work based on EC has been mechanisms work to some extent, we thought about a
presented in reference [19]; however, that work mainly different way to protect user data so that, if it is com-
presents the issue from an operational point of view bined with the usual approaches, it could increase the
involving mathematical illustrations. In our work, we level of security. To clarify with an example, even if
have designed a framework (mainly a physical model) the user uses Dropbox (www.dropbox.com) kind of
that could support such data protection with practi- cloud service for data storage, the DPM in our frame-
cally placed devices. Moreover, our framework would work would ensure fragmentized storage for a better
enable the task to be performed from any mobile level of security. Dropbox allows users to create a spe-
Downloaded by [198.91.36.79] at 13:34 20 February 2015
hand-held device with the required application or cial folder on each of their computers, which Dropbox
interface via wireless communications. then synchronizes so that it appears to be the same
folder (with the same contents) regardless of which
To relate the concept of EC here, this method basically computer is used to view it. Files placed in this folder
creates a mathematical function to describe a set of also are accessible through a website and mobile
numbers so they can be checked for accuracy and phone applications. Our concept is that, unlike Drop-
recovered if one is lost. Referred to as polynomial box, we would store the data in different locations
interpolation or oversampling, this is the key concept with different parts using the UDF module and it
behind erasure codes. In mathematical terms, the pro- would still provide the service, especially for the users
tection offered by erasure coding can be represented in on the move.
simple form by the following equation: n k m. The
variable k is the original amount of data or number of
7. CONCLUSION AND FUTURE WORKS
symbols. The variable m stands for the extra or redun-
dant symbols that are added to provide protection The purpose of our framework is to enhance security
from failures. The variable n is the total number of and data protection of the vast stored data in the
symbols created after the EC process. mobile cloud environment. As our future work, we
like to develop a mathematical model of the operations
For example, in a 10 of 16 configuration, or EC 10/16, as well as conducting an empirical study on the perfor-
six extra symbols (m) would be added to the 10 base mance of such a framework. Other important issues
symbols (k). The 16 data fragments (n) would be spread could be Quality of Service, performance issues, opti-
across 16 drives, nodes or geographic locations. The mal structure of network for data storage, and data/
original file could be reconstructed from 10 verified traffic flow modeling for wireless networks [24, 25] in
fragments [20]. Hence, in our framework, the UDF could the MCC scenario.
divide the data into several pieces to store in different
servers and UDM could merge those again, possibly ACKNOWLEDGEMENT
using erasure coding method. The full mapping infor-
mation of the pieces and redundant portions (if used) This work was supported by NDC Laboratory, KICT, IIUM.
would be kept in the main cloud service provider. Al-Sakib Khan Pathan is the corresponding author.
Store-Tops-40-Billion-Downloads-with-Almost-Half-in-2012. 15. W. Jia, H. Zhu, Z. Cao, L. Wei, and X. Lin, SDSM: A secure
html (last accessed: 18 May 2013). data service mechanism in mobile cloud computing, in 2011
4. A. J. Paverd, M. R. Inggs, and S. L. Winberg, Towards a frame- IEEE INFOCOM Workshps, 1015 April 2011, pp. 10605.
work for enhanced mobile computing using cloud resources. 16. W. Itani, A. Kayssi, and A. Chehab, Energy-efficient incremen-
Available: http://www.satnac.org.za/proceedings/2011/papers/ tal integrity for securing storage in mobile cloud computing,
Work_In_Progress/Internet_Services_and_Applications/230.pdf in Proceedings of ICEAC, 1618 December 2010, Cairo.
(last accessed: 18 May 2013). 17. D. A. Kindy, and A.-S. K. Pathan, A walk through SQL injection:
5. T. H. Win, and A.-S. K. Pathan, On the issues and challenges Vulnerabilities, attacks, and countermeasures in current and
of fiber-wireless (Fi-Wi) networks, J. Eng., Vol. 2013, article ID future networks, in Building Next-Generation Converged Net-
645745, pp. 111. works: Theory and Practice, A. -S. K. Pathan, M. M. Monowar, Z.
6. Z. Zhou, and D. Huang, Efficient and secure data storage M. Fadlullah, Eds. Boca Raton, FL: CRC Press/Taylor & Francis,
operations for mobile cloud computing, in Proceedings of 2013, pp. 17197.
2012 8th International Conference and 2012 Workshop on 18. L. Rizzo, Effective erasure codes for reliable computer com-
SVM, 2226 October 2012, pp. 3745. munication protocols, in ACM SIGCOMM CCR, Vol. 27, no. 2,
7. J. Shin, Y. Kim, W. Park, and C. Park, DFCloud: A TPM-based 1997, pp. 2436.
secure data access control method of cloud storage in mobile 19. H.-Y. Lin, and W.-G. Tzeng, A secure erasure code-based
devices, in Proceedings of 2012 IEEE CloudCom, 36 cloud storage system with secure data forwarding, IEEE
December 2012, pp. 5516. Trans. Parallel Distributed Syst., Vol. 23, no. 6, 2012,
8. A. Klein, C. Mannweiler, J. Schneider, and H. D. Schotten, pp. 9951003.
Access schemes for mobile cloud computing, in 2010 MDM, 20. Erasure coding. Available: http://searchstorage.techtarget.
pp. 38792. com/definition/erasure-coding (last accessed: 18 May 2013).
9. L.-c, Zhou., and C.-d., Xiu, Cloud security service providing 21. N. K. Sehgal, S. Sohoni, Y. Xiong, D. Fritz, W. Mulia, and J. M.
schemes based on mobile internet framework, in 2012 ICC- Acken, A cross section of the issues and research activities
Downloaded by [198.91.36.79] at 13:34 20 February 2015
SEE, 2012, pp. 30711. related to both information security and cloud computing,
10. M. Brenner, J. Wiebelitz, G. V. Voigt, and M. Smith, Secret pro- IETE Tech. Rev., Vol. 28, no. 4, 2011, pp. 27991.
gram execution in the cloud applying homomorphic encryp- 22. S. Kaur, Pushing frontiers with the first lady of emerging tech-
tion, in 2011 Proceedings of 5th IEEE DEST, 31 May to 3 June nologies Cloud computing is like having an infinite credit
2011, pp. 1149. line!, IETE Tech. Rev., Vol. 29, no. 6, 2012, pp. 43841.
11. S.-C. Hsueh, J.-Y. Lin, and M.-Y. Lin, Secure cloud storage for 23. K. Hwang, H. Jin, and R. S. C. Ho, Orthogonal striping and
convenient data archive of smart phones, in 2011 IEEE ISCE, mirroring in distributed RAID for I/O-centric cluster computing,
pp. 15661. IEEE Trans. Parallel Distributed Syst., Vol. 13, no. 1, 2002,
12. S. Horrow, S. Gupta, A. Sardana, and A. Abraham, Secure pri- pp. 2644.
vate cloud architecture for mobile infrastructure as a service, 24. Z. Shi, C. Beard, and K. Mitchell, Analytical models for under-
in Proceedings of 2012 IEEE Eighth World Congress Services, standing space, backoff, and flow correlation in CSMA wireless
2012, pp. 14954. networks, Wireless Networks, Apr. 2013, Vol. 19, no. 3,
13. T. Kim, Y. Choi, S. Han, J. Y. Chung, J. Hyun, J. Li, and J. W.-K. pp. 393409.
Hong, Monitoring and detecting abnormal behavior in mobile 25. M. M. Monowar, M. O. Rahman, A.-S. K. Pathan, and C. S.
cloud infrastructure, in Proceedings of 2012 IEEE NOMS, Hong, Congestion control protocol for wireless sensor net-
pp. 130310. works handling prioritized heterogeneous traffic, Proceedings
14. F. Gens, IT cloud services user survey, pt.2: Top benefits & of SMPE08 Workshop in Conjunction with MobiQuitous 2008,
challenges. Available: http://blogs.idc.com/ie/?p=210 (last article no. 17, 2125 July 2008, Trinity College Dublin, Ireland,
accessed: 18 May 2013). 2008.
Authors
Al-kindy Athman Abdalla completed his BSc August 2009. His research interest includes wireless sensor networks,
degree in computer science from the Interna- network security, and e-services technologies. He is a recipient of sev-
tional Islamic University Malaysia (IIUM) in eral awards/best paper awards and has several publications in these
2013. During his BSc, he worked as an under- areas. He has served as a chair, organizing committee member, and
grad researcher at the Networking and Distrib- technical program committee member in numerous international con-
uted Computing Laboratory (NDC Lab.), KICT, ferences/workshops like GLOBECOM, GreenCom, HPCS, ICA3PP,
IIUM. In 2008, Athman received his Kenya Cer- IWCMC, VTC, HPCC, IDCS, etc. He was awarded the IEEE Outstand-
tificate of Secondary Education (K.C.S.E) from ing Leadership Award and Certificate of Appreciation for his role in
Allidina Visram High School. He also finished IEEE GreenCom13 conference. He is currently serving as the editor-
the Kenya Certificate of Primary School (K.C.P.E) in 2004. Currently, in-chief of IJIDS, an area editor of IJCNIS, editor of IJCSE, Inder-
he is planning to move ahead with his higher studies. His research science, associate editor of IASTED/ACTA Press IJCA and CCS,
interests include information security and network security. guest editor of many special issues of top-ranked journals, and edi-
tor/author of 11 books. One of his books has been included twice in
Email: athmanalkindy@yahoo.com Intel Corporations Recommended Reading List for Developers, 2nd
half 2013 and 1st half of 2014; three other books are included in IEEE
Communications Societys (IEEE ComSoc) Best Readings in Com-
Al-Sakib Khan Pathan received PhD degree munications and Information Systems Security, 2013, and a fifth book
(MS leading to PhD) in computer engineering is in process of being translated to simplified Chinese language from
in 2009 from Kyung Hee University, South English version. Also, two of his journal papers and one conference
Downloaded by [198.91.36.79] at 13:34 20 February 2015
Korea. He received BSc degree in computer paper are included under different categories in IEEE Communica-
science and information technology from tions Societys (IEEE ComSoc) Best Readings Topics on Communica-
Islamic University of Technology (IUT), Bangla- tions and Information Systems Security, 2013. He also serves as a
desh in 2003. He is currently an assistant pro- referee of numerous renowned journals. He is a senior member of
fessor at Computer Science Department in Institute of Electrical and Electronics Engineers (IEEE), USA; IEEE
International Islamic University Malaysia ComSoc Bangladesh Chapter, and several other international profes-
(IIUM), Malaysia. Till June 2010, he served as an assistant professor sional organizations.
at Computer Science and Engineering Department in BRAC Univer-
sity, Bangladesh. Prior to holding this position, he worked as a Email: sakib.pathan@gmail.com
researcher at Networking Lab, Kyung Hee University, South Korea till