Future Generation Computer Systems 29 (2013) 1300–1308

Contents lists available at SciVerse ScienceDirect

Future Generation Computer Systems

journal homepage: www.elsevier.com/locate/fgcs

CCBKE — Session key negotiation for fast and secure scheduling of scientificapplications in cloud computingChang Liu a,∗, Xuyun Zhang a, Chi Yang b, Jinjun Chen a

a Faculty of Engineering and Information Technology, University of Technology, Sydney, Australiab School of Computer Science and Software Engineering, The University of Western Australia, Australia

a r t i c l e i n f o

Article history:Received 7 November 2011Received in revised form12 March 2012Accepted 14 July 2012Available online 20 July 2012

Keywords:Hybrid environmentCloud computingSchedulingEfficiencyCommunication securityAuthenticated key exchange

a b s t r a c t

Instead of purchasing and maintaining their own computing infrastructure, scientists can now run data-intensive scientific applications in a hybrid environment such as cloud computing by facilitating its vaststorage and computation capabilities. During the scheduling of such scientific applications for execution,various computation data flows will happen between the controller and computing server instances.Amongst various quality-of-service (QoS) metrics, data security is always one of the greatest concernsto scientists because their data may be intercepted or stolen bymalicious parties during those data flows,especially for less secure hybrid cloud systems. An existing typical method for addressing this issue is toapply the Internet Key Exchange (IKE) scheme to generate and exchange session keys, and then to applythese keys for performing symmetric-key encryption which will encrypt those data flows. However, theIKE scheme suffers from low efficiency due to its asymmetric-key cryptological operations over a largeamount of data andhigh-density operationswhich are exactly the characteristics of scientific applications.In this paper, we propose Cloud Computing Background Key Exchange (CCBKE), a novel authenticatedkey exchange scheme that aims at efficient security-aware scheduling of scientific applications. Ourscheme is designed based on the randomness-reuse strategy and the Internet Key Exchange (IKE) scheme.Theoretical analyses and experimental results demonstrate that, compared with the IKE scheme, ourCCBKE scheme can significantly improve the efficiency by dramatically reducing time consumption andcomputation load without sacrificing the level of security.

© 2012 Elsevier B.V. All rights reserved.

1. Introduction

Great changes are taking place in today’s IT and computing in-dustry with the global popularity of hybrid computing environ-ments with the concept of cloud computing [1,2]. International ITcorporations are advertising on their commercial cloud platformssuch as Amazon EC2/S3, Microsoft Azure, Google App Engine andIBM SmartCloud, while a large number of enterprises and institu-tions have established their own private cloud for internal IT ser-vices. Cloud computing provides Infrastructure-as-a-service (IaaS),platform-as-a-service (PaaS) and/or software-as-a-service (SaaS),so that users may have computation tasks accomplished on thecloud in a pay-as-you-go mode and will not bother setting up andmaintaining their own computing facilities [3], which is particu-larly a cost-saving solution in data- and computation-intensive ap-plications such as applications in scientific research [2,4]. Severalcloud computing projects tailored for scientific users are already

∗ Corresponding author. Tel.: +61 4 22701995.E-mail addresses: changliu.it@gmail.com (C. Liu), xyzhanggz@gmail.com

(X. Zhang), cyang@csse.uwa.edu.au (C. Yang), jinjun.chen@uts.edu.au (J. Chen).

0167-739X/$ – see front matter© 2012 Elsevier B.V. All rights reserved.doi:10.1016/j.future.2012.07.001

in existence, for example, projects Nimbus [5] and Aneka [6] havebeen proven to be quite resourceful. By utilising cloud computingservices, the high cost in building andmaintaining a supercomput-ing or grid computing environment for scientific applications is ef-fectively reduced [7].

Security and privacy issues have been accompanying the pop-ularisation and development of today’s hybrid environments andthe paradigm of cloud computing as one of the greatest concernsfrompeople, ever since the start of their very presence [8–10]. Datain scientific applications particularly need to be carefully protectedas they are invaluable intellectual property which always directlyrelate to potential scientific discoveries and advanced technolo-gies.Most security threats that usersworry about come from insidethe cloud, because that is where the users lose their direct controlover the data. This is especially the case for a hybrid cloud systemwhere part of its structure always lies in the less-secure commonor public domain. In regard to years of developments in cryptogra-phy, keeping data encrypted is the most common and safe choiceto secure data in transmission, if encryption keys are managedproperly.

Cloud IaaS services can be divided into cloud storage servicesand cloud computing services. For cloud storage services such as

C. Liu et al. / Future Generation Computer Systems 29 (2013) 1300–1308 1301

Amazon S3, users could just encrypt their data before putting themon the cloud and decrypt them only when they have finished usingthe service, as storage service providers will not need access tothe contents of data [11]. Hence, there is no need in exchangingand managing encryption keys over the risky communicationenvironment in this case, as data are safe when transferring insidethe cloud if users keep their encryption keys to themselves. Plus,given the high efficiency of symmetric cryptology algorithms suchas stream ciphers or even block ciphers, encrypting/decryptingthe data will not be a very heavy burden, even for entitieswith only lightweight computation capabilities. However, in cloudcomputing environments such as Amazon EC2, the cloud serviceproviders need to apply computational operations on submitteduser data and return the results. In scientific applications, theseoperations can be very complex. Therefore, the ‘pre-encryption’strategy for cloud storage service is almost not applicable atall, as the resulting data will no longer be decryptable withthe original key unless a fully homomorphic encryption schemeis used. Although Gentry [12] proposed a first-in-history fullyhomomorphic encryption algorithm in 2009 through the useof ideal lattices, there is still a long way to go until we havean implemented fully homomorphic encryption scheme withreasonable efficiency. Current asymmetric-key cryptology allowsmultiple parties to communicate securely without exchangingkeys. However, asymmetric-key encryption algorithms (such asRSA, ElGamal, Rabin, ECC, etc.) contain a number of exponentialoperations over a large finite field. Therefore, they work veryslowly with large datasets, which is why current asymmetric-key cryptology based infrastructure such as the Public-KeyInfrastructure PKI [13,14] was not incorporated into cloudimplementations even if they are now very mature through yearsof development. To this end, exchanging a session key usingan asymmetric-key system and utilising it to encrypt data withsymmetric-key encryption (we will term it a ‘hybrid encryption’in the rest of this paper) is still the most efficient cryptologicalsolution in protecting data confidentiality and integrity, especiallyin data-intensive scientific applications under the context of cloudcomputing.

To use hybrid encryption, the Internet Key Exchange schemeVersion 2 (IKEv2) [15] is a common choice for authenticated keyexchange schemes to be used along with symmetric-key encryp-tion algorithms. IKE is a widely-adopted key exchange schemewhich is being used along with IPSec as the default network-leveldata protection standard in the TCP/IP Suite. Although symmetric-key algorithms (both stream ciphers and block ciphers such asSalsa20, AES and AES’s predecessors DES/3DES) encrypt/decryptvery fast, the before-hand user authentication and key exchangesteps in IKE are still tedious and time-consuming, especially aswe have at least thousands of independent service instances inthe cloud running concurrently, where thousands of key-exchangeoperations are needed to be performed in every single round ofcommunication.

In this paper we present the Cloud Computing BackgroundKey Exchange (CCBKE) scheme for security-aware schedulingin the background of cloud computing service providers. Ourscheme is developed based on the widely adopted Internet KeyExchange (IKE) scheme [15]. By incorporating randomness-reusestrategy, our scheme reduces the number of modular exponentialoperations on cloud controller side, and thereby reduces thecomputational load and execution time significantly compared tothe original IKE, which is the main research contribution of thispaper.

The rest of this paper is organised as follows. Section 2 discussesrelated work. Section 3 provides amotivating example in scientificapplications as well as detailed analysis to our research problem.Section 4 describes our CCBKE key exchange scheme in detail

based on a series of notations demonstrated at the beginningof this section, as well as providing security analysis. Section 5evaluates the performance and efficiency of our scheme throughexperimental results. Section 6 concludes our work and points outfuture work.

2. Related work

In recent years, the development of distributed systems, oralternatively, cyberinfrastructures [16], has helped in handlinglarge-scale computing tasks such as scientific applications. Asthe most popular paradigms among recently emerging hybridenvironments, a cloud has a significant cost advantage comparedwith traditional distributed systems such as clusters and grids [3].Scientific applications can utilise this advantage by migratingto the cloud [7], which is recently attracting a rapidly growingamount of research interest from research scholars. Recent cloudcomputing projects for scientific applications such as Nimbus [5]andAneka [6] aswell as somevery recent researchwork [17,18] areall aiming at the transformation from a traditional cluster or datacentre to a cloud architecture. Since the advent of cloud computing,a number of scheduling algorithms have been developed for thepicture of a cost-effective cloud computing environment. Severalmost recent examples are the work of Garg et al. [19] and Yuanet al. [20]; the former work assessed time and cost in cloudQoS, while the latter work investigated the trade-off betweendata storage, computation and economical cost in the cloud.However, none of them have yet taken into account the cost ofsecurity enhancement. Data flows are unprotected in their modelswhich totally neglected the importance of data security. Someoutstanding security issues in cloud computing were surveyedin [8–10]. Recently, much research work has also been done toaddress cloud security/privacy issues. Most of the approachesamongst them, however, were focused on cloud storage services.Yao et al. [11] proposed a scheme to ensure cloud storage securityby separating the encryption keys from the stored data whichwere encrypted by the keys. In [21], a privacy-preserving clouddata querying scheme is proposed from generally a data prospectof view, which aims to protect privacy-sensitive outsourced data.In [22] Wang et al. proposed a scheme to protect data integritybased on bilinear-pairing-based public-key cryptology, whichallows a third-party authority to check the outsourced data oncloud service users’ behalf. However, to our best knowledge, nonehas analysed data encryption on the backstage of cloud computingfrom an efficiency point of view. Our work starts to try and bridgethe gap.

Encryption-based data security protection approaches for cloudstorage services have been proposed, such as [11,23]. However,in a cloud computing environment, original input data need tobe processed on the cloud side. Some encryption schemes allowprocessing over encrypted data, and it can still be decrypted usingthe same key thereafter. However, in these schemes only limitedoperations are allowed. For example the approach in [24] onlyallows the k-NN (k nearest neighbours) algorithm to be appliedover encrypted data. Fully homomorphic encryption [12] allowsall operations on an encrypted dataset; however, no homomorphicencryption scheme with reasonable complexity has yet beenpublished. Therefore, the efficiency of key exchange still remainsa major obstacle to the efficiency overall.

Key exchange over a distrustful communication environmenthas been an extensively researched problem in public-keycryptography since Diffie and Hellman proposed the very firstkey exchange scheme [25] in 1976. Our problem here, essentially,is looking for an efficient key exchange scheme for exchangingdifferent keys over participating parties. Although the topic ofextending key exchange schemes in multi-party scenarios has

1302 C. Liu et al. / Future Generation Computer Systems 29 (2013) 1300–1308

been studied a lot in the past, to our best knowledge, thisproblem has not been well-addressed. This is probably becausethere was no requirement in doing research on this problemin the past, as a single key exchange process takes almost notime on modern hardware facilities. However, with thousandsof independent instances executing different tasks in the cloud,now it is essential to develop an optimised key exchange schemeunder this scenario if we are to use hybrid encryption to enhancecloud data security. Some existing key exchange schemes weretrying to optimise the multi-party-same-key scenario with usersjoining and leaving dynamically, such as [26–29]. In [30,31],extended security standards are formalised and researched forkey exchange schemes for the basic 2-party scenario. Some ofthe most recent research on authenticated key exchange schemesare focusing on password-based key exchange [32,33], whichallows two parties to share a session key through exchanginga low-entropy password. These approaches are advantageouswhen humans are involved because a low-entropy passwordcan be easily remembered. Unfortunately, no human action isrequired in our research problem. Kurosawa [34] and then Bellareet al. [35] studied the problem of asymmetric-key encryptionin a multi-user-different-data scenario with randomness-reusestrategy. Although their schemes cannot be directly applied tocloud computing environments due to the low efficiency ofasymmetric-key encryption/decryption over large datasets, thisidea is a direct inspiration of our work. IKE is a widely-adoptedauthenticated key exchange scheme which is being used alongwith IPSec as the default network-level data protection standard inthe TCP/IP Suite. The latest updated description of IKE can be foundin [15]. It has been known for its high security level [36], but lacksefficiency in distributed environments, especially in the cloud. Thisis the major motivation of this research.

3. Motivating example and problem analysis

3.1. Motivating example and research problem

In a typical cloud computing infrastructure, a central server isemployed for not only receiving and processing user requests inthe front, but it is also responsible for scheduling and splittingtasks through MapReduce in the back. This server is named thecloud controller (CLC) in the Eucalyptus system [37,38]; we willuse this denotation in this paper. Virtualised server instancesrunning on clusters of servers are responsible of processing thedivided tasks in a parallel fashion and returning the resultsafterwards, and then CLC is capable of assembling the results andreturn to the user. A structure of additional hierarchical levels isoften employed between CLC and end server instances as well,for more effective data management. However, we will ignorethese levels in this paper since they just do task scheduling and‘‘divide and deliver’’ on data and do not involve additional keymanagement or encryption/decryption operations. Throughminorvariations, our scheme can easily be applied on a multi-layeredcloud management system. Fig. 1 depicts the structure of a typicalcloud system for scientific applications.

Scientific research applications are often data and computationintensive, quite a few among which are time-critical. Take astro-physics research for example, Australian astrophysics researchersoperate a gigantic 64 m Parkes telescope [39] which generates alarge amount of data through constant observation. In a pulsarsearching workflow [20] the raw observation data are generatedat a 1 GB/s ratio. The beam file is generated for later pulsar search-ing through a local real-time compression operation on the rawdata file. A 1–20 GB beam file is generated from a 4 to 60 minobservation, which is still a large dataset generated in a shorttime to be executed. We can infer from this example that due

Fig. 1. Basic structure of a typical cloud computing system for scientificapplications.

to its data-intensive nature, deploying scientific applications incloud computing is extremely cost-saving, although there are stillseveral challenges standing. First, data generated from scientificresearch are intellectual property which may directly lead to sci-entific discovery, hence their value is inestimable. Therefore, datasecurity, specifically confidentiality and integrity, are of extremeimportance. Second, scientists usually need to access the results asearly as possible, as a late-coming result may cause an enormouseconomicalwaste and loss of scientific discovery. Another examplein astrophysics is gravitational wave detection [40] which is espe-cially time-critical. Due to its nature of real-time and streaming,delay in returning of a result of a task may lead to missing of anincoming gravitational wave. This will lead to loss of scientific dis-covery as the next wave would come after years. Moreover, thou-sands of hours of data-intensive computationwill be in vain, whichis a terrible economicalwaste. Hence, efficiency is also important incloud scheduling for scientific applications. These two challengesconstitute the main research problem our work tries to tackle.

We will investigate the security challenge from the commu-nication security aspect of view. Data security in cloud com-puting is a problem much more challenging than in traditionaldistributed systems due to clouds’ unique characteristics of con-solidation and multi-tenancy. Therefore, it is essential to encryptall data in transfer as well as to authenticate each party’s identityto ensure their confidentiality and integrity. As was discussed inSection 1, asymmetric-key encryptions is not suitable for our sce-nario because of its low efficiency. To utilise a symmetric encryp-tion scheme, CLC must at first exchange a session key with eachserver instance through an authenticated key exchange schemebefore distributing the divided data and tasks to server instances.Virtualisation is a distinct key feature of cloud computing; all vir-tualised server instances are isolated to avoid additional securitythreats brought by virtualisation [8]. In this regard, although thereare multiple instances running on the same physical machine, itis better that each instance encrypts its communication with CLCwith a distinct session key. This can also be considered for riskmanagement purposes. For example, say there are 100 instances ona single machine, each executing 10 MB data. If a malicious adver-sary gets to know one of the session keys throughmethods such asside-channel attacks, she or he will have access to only 10 MB dataother than that entire 1 GB dataset if we use different session keysto encrypt this total 1 GB data. Furthermore, if one of the serverinstances gets hijacked, this adversary will reveal all the followingdata sent to the same physical machine until she/he gets caught, asthey are all encrypted with the same session key. The consequence

C. Liu et al. / Future Generation Computer Systems 29 (2013) 1300–1308 1303

may be hundreds of times more data leakage, depending on howmany server instances are running on a single physical machine.

In a cloud computing system there are always numerous serverinstances running on background servers. Small-to-medium-sizedcloud systems such as an enterprise cloud or community cloud canhave hundreds to thousands of server instances, and this numberis even larger in large-scale cloud systems such as public cloudsand commercial clouds. As a distinct session key is needed to beexchanged between the CLC and each server instance, conductingkey exchanges between CLC and server instances becomes atedious and time-consuming task, especially in data-intensiveapplications such as scientific applications.

Based on the analysis above in this section, we can now seethe research problem here—with virtualisation technology, an ef-ficient authenticated key exchange scheme is needed to ensuredata security in cloud scheduling, especially for scientific appli-cations. IKE [15] is one of the most efficient, secure, standard-ised and widely applied authenticated key exchange schemes forcommunications over an unsecure communication channel. How-ever, when applied in our cloud computing scenario, the efficiencyof IKE is very low. Unfortunately, existing research on authenti-cated key exchange schemes tend not to seek improvements onmultiple-key-exchange schemes from an efficiency point of view.Previous research was mainly focusing on either strengthening se-curity in a two-party scenario [15,30,31], or multi-user-same-keyscenarios [26–29]. Therefore, an authenticated key exchange (AKE)scheme for efficient cloud scheduling is on demand, especially fordata- and operation-intensive scientific applications.

3.2. Problem analysis

As the CLC performs key exchange operations with all serverinstances and encryptions/decryptions of the entire dataset, itis acting as the bottleneck of the performance of our scheme.By utilising the square-and-multiply algorithm, the minimumcomplexity of a modular exponentiation operation of xy mod pis O((log2 x)3) for integers x, y, p where x, y < p. Therefore,modular exponentiations are by far the most costly, as most otheroperations in authenticated key exchange schemes are of linearcomplexity. (e.g. symmetric encryptions, pseudorandom functions,etc.) According to the fast evolving capability of computationfacilities, it is now unsafe to utilise in a typical application aDiffie–Hellman group with its size less than 1024 bits [15]. Henceit all comes down to Diffie–Hellman key exchange operationsperformed on CLC, which involves n times 1024 bit modularexponentiations for n server instances in each key exchangerounds, as n tends to be very large in typical cloud computingsystems.

Digital signatures are always necessary in key exchange sche-mes for identity authentication. Signing over a message couldalso be time-consuming if the message is long. In key exchangeschemes however, messages to be signed are usually of a shortfixed length (typically 128 bits which is the output size of a HMACfunction). In this regard, time consumption in signing messages issmall compared to those key exchange related computations over1024 bit keying materials.

Computations on server instances in key exchange processescan be completed almost instantly. Besides, data transfer takesalmost no time as well because only kilobytes of data need tobe transferred between the CLC and server instances in order tocomplete key exchange.

Based on the analyses above, we argue that the performanceof CLC is the bottleneck, mostly because of the amassed Diffie–Hellman operations performed on CLC. In our proposed CCBKEscheme, we will incorporate the randomness-reuse strategy toreduce the number of modular exponentiations on CLC, in orderto mitigate the workload of CLC and to achieve superior overallefficiency over IKE in a cloud computing environment.

4. Randomness-reuse based authenticated key exchange—CCBKE

Similar to IKE, our CCBKE scheme consists of 3 independentcomponents: system setup, initial exchange and rekeying. In thissection we will give notations to some symbols for formaliseddescription, demonstrate all these components in detail with thosesymbols, and provide a detailed security analysis for CCBKE.

4.1. Notations

Before start demonstrating how the CCBKE scheme works, wefirst define some notations to be used for a formalised description.

S: Server instances domainSi: The ith server instance in SC: Cloud controller (CLC)HDRi: Header contains security parameter indexesCertReqi: Certificate request, requesting for i’s certificateCert i: CertificateNi: i’s one-time nonceSA: Security associations, used in negotiating

cryptographic algorithmsIDi: Identity informationSigi: i’s signature, can be verified using pre-defined

algorithm and public key within Cert iprf(): Pseudorandom function{M}k: Encrypt messageM with session key k

4.2. CCBKE system setup:

The system choose a large prime integer p to form a Diffie–Hellman group, and a generator g of group Z∗

p , i.e., g is a primitiveroot modulo p. Normally p is a Sophie Germain prime where(p − 1)/2 is also prime, so that the group Z∗

p maximises itsresilient against square root attack to discrete logarithm problem.A certificate authority (CA) as in PKI is still needed in our securityframework so that communicating parties can identify each otherthrough exchanging verifiable certificates Certc and Certsi , as thecertificates contain public keys which can be used to verify thesession partners’ signatures, thereby their identities. Certificatesare relatively long-termed data which are issued to all participantsof communication before the commencing of communication, andCAwill not be participating itself unless re-verification of identitiesand revocation and re-issuing certificates for participants areneeded. As these should be done in a much lower frequency(e.g. once a day) than key exchanging (e.g. re-exchanging key inevery new session), they will not affect the efficiency of a keyexchange scheme for scheduling in general. Therefore, we willignore all communications involving CA in our scheme andwill notbe discussing further details on issuing and revoking certificates.

4.3. CCBKE initial exchange:

Initial exchange is used when a new task is to be executed,because that is when the CLC needs to decide how to distribute thisnew task to be executed on existing computation infrastructure,i.e., which of the server instances are involved. CLC picks a secretvalue x < p, computes its public keying material gx in Z∗

p , andbroadcasts the followingmessage to the domain of server instancesS which contains n instances S1, . . . , Sn:Round 1, C → S : HDRc, SAc1 , gx, Nc

whereHDR and SA for algorithm negotiation, gx for Diffie–Hellmankey exchange, and N for freshness verification. The initiator of a

1304 C. Liu et al. / Future Generation Computer Systems 29 (2013) 1300–1308

normal IKE scheme will generate n secret values x1, x2, . . . , xn,then compute and send out gx1 , gx2 , . . . , gxn , either throughmulticast or one by one, to establish separated security channelswith each receiver. In our scheme, although we still establish oneSA for each server instance Si where i = 1, 2, . . . , n, we are usingonly one single secret value x for CLC in all n messages in order toreduce cost.Wewill further analyse security and cost reduction forthis variation in Sections 4 and 5, respectively.

Upon receiving Message 1, each server instance generates theirsecret value yi < p, compute keymaterial gyi , then respond withinRound 2 as follows:

Round 2, S → C : HDRSi , SAsi1, gyi ,NSi , CertReqc,

for i = 1, . . . , n.

Note that round 2 involves n different messages sent fromS1, . . . , Sn separately. After exchanging the first two rounds ofmessages, the session keys gxy1 , . . . , gxyn are computed for allparties as follows:

C : gxy1 =gy1

x, . . . , gxyn =

gyn

xS1 : gxy1 =

gxy1

. . .

Sn : gxyn =gxyn .

The session keys are now shared between CLC and each serverinstance for the use of encryption of later communications.Although the Diffie–Hellman key exchange is completed, theCCBKE initial exchange is not finished as the participants have toauthenticate each other in order to prevent man-in-the-middle(MITM) attacks. Similar as in IKE, CLC generates signatures Sigciwhich are the signatures for these nmessages, using its secret keyfrom the key pair issued by CA:

Mci = prfprf

Nc∥NSi∥g

xyi∥gx

∥gyi∥SAc∥IDc,

for i = 1, . . . , n

and broadcast the following message to S:

Round 3, C → S : HDRc,IDc SAc2 Certc CertReqs1 Sigc

gxy1

∥IDc SAc2 Certc CertReqs2Sigc

gxy2

∥ · · · ∥IDc SAc2 Certc CertReqsn Sigc

gxyn , for i = 1, . . . , n.

The server instances can then verify the identity of the initiatorof this conversation by using its session key gxyi to decrypt itsown part of this message. Signatures can be verified through thepublic key contained in the certificate. Similarly, server instanceswill send out their own encrypted ID, signature and certificate toCLC for verification:

Round 4, S → C : HDRSi ,IDc SAsi2

Certsi Sigsigxyi

,

for i = 1, . . . , n

where, similar to round 3 but only signed separately, Sigsi is signa-tures by Si to messages:

Msi = prfprf

Nc∥NSi∥g

xyi∥gyi∥gx

∥SAsi∥IDsi

,

for i = 1, . . . , n.

Note that this round involves n messages as well. After the iden-tities of both CLC and server instances are authenticated throughround 3 and 4, CLC will send to S1, . . . , Sn the split task data whichare encryptedwith session keys gxy1 , . . . , gxyn using symmetric en-cryption such as AES. After task execution, S1, . . . , Sn returns to CLCthe resultswhich are encrypted using gxy1 , . . . , gxyn aswell. The prffunction is often implemented as an HMAC function such as SHA-1 or MD5, which outputs a fixed-length short message (commonly128 bits) and has high efficiency (around 200MB/s on today’s desk-top PCs) itself.

4.4. CCBKE rekeying:

Rekeying is often accomplished by running initial exchange allover again. However, in the following cases, alternative strategiesneed to be applied. We will also analyse in this section theefficiency of these strategies.

4.4.1. Failure recoveryIf any message that constitutes the initial exchange fails to

arrive, the CLC will simply start a one-on-one IKE key exchangesession with this specific instance. As this is only an accidentally-happening situation and can be tackled on-the-run, this additionaltime consumption can be considered negligible.

4.4.2. Multi-step tasksIn a multi-step task data need to be transferred back and forth.

In this situation it is not necessary for the participants to re-authenticate each other after the successful authentication in thefirst round because of the high dependency of data in a sametask. Therefore, only rounds 1 and 2 are needed to be performed,with new keying materials and minor changes to SA and HDRfields. Following the analyses in Section 3, as rounds 3 and 4 onlycontains fast operations such as signature and verification overshort messages as well as symmetric-key encryption/decryptionand HMAC functions, the computational overhead of rekeyingprocess on CLC is almost identical to the initial exchange from anefficiency point of view.

4.5. Security analysis for CCBKE

We will analyse the security of our scheme in two ways. Wewill show that our scheme is safe against both outside and insideattackers while maintaining perfect forward secrecy.

4.5.1. Security proofAs cryptanalysis on symmetric-key encryption algorithms is

outside the scope of this paper, the following discussions are under2 standard cryptographic assumptions as follows.

Assumption 1. Any participant in our scheme cannot retrieve anydata that was encrypted by any symmetric-key algorithm, unless ithas the session key which was used to encrypt the data in the firstplace, i.e., cryptanalysis is beyond this security discussion.

Assumption 2 (CDHAssumption).Given a cyclic groupG of order q,a generator g ofG and two random integers a, b ∈ {0, . . . , (q − 1)},retrieving gab in polynomial time using only

g, ga, gb

is compu-

tationally impossible.

Similar to most security analyses to public-key communicationprotocols, we now define the capabilities of an outsider attackerand an inside attacker.

Definition 1 (Cloud Outside Attacker). Amalicious outside attackerMo is an adversarywho is capable ofmonitor, intercept, and changeall communication traffic in thewhole cloud background structure,in order to gain access to protected data in transit. However, Modoes not have access to any of the node machines, and its identityis not legit, i.e. Mo cannot obtain a valid certificate to let itself beauthenticate by CLC or any server instance.

Definition 2 (Cloud Inside Attacker). A malicious inside attackerMi is an adversary who can be authenticated by CLC and actas a legitimate server instance of the communication. However,Mi does not have access to any other legitimate participants’,including server instances’ and CLC’s, private information.

We now prove that our scheme is secure against both thesetypes of attackers.

C. Liu et al. / Future Generation Computer Systems 29 (2013) 1300–1308 1305

Theorem 1. A cloud outside attacker Mo cannot retrieve in polyno-mial time any exchanged session key gxyi in CCBKE.Proof. Following Definition 1, we know that an outside attackerMo can gain access to all public keying materials g, p, gx, gy1 , . . . ,gyn by monitoring the entire network, but Mo cannot get secretinformation such as x, y1, . . . , yn. Considering the computationalhardness of computational Diffie–Hellman (CDH) problem, weknow that Mo cannot compute any gxyi where i = 1, . . . , n, inpolynomial time, with gx, gy1 , . . . , gyn . �

Theorem 2. Assume k = gxym is the session key negotiated betweena cloud inside attackerMi and CLC. Mi cannot retrieve in polynomialtime any session key gxyi other than k, unless a negligible probability.Proof. According to Definition 2, Mi has its own secret value yt , kin addition to information controlled byMo. Since all secret valuesy1, . . . , yn are generated by individual server instances themselvesinstead of allocated, there is a probability that the same secretvalue is generated and used for key exchange by different serverinstances, which we call a ‘collision’. For example, when a collisionbetweenMi and a legitimate server instance Sl (with its secret valueyl) happens, we have yl = ym. ThereforeMi can easily retrieve datasent by Sl using its own key gxym . Since y1, . . . , yn are randomlychosen over Z∗

p , the probability ϵ for a collision happening will be:

ϵ =

n−1i=1

1 −

ip

≈

n−1i=1

e−ip = e−

n(n−1)2p .

This is a similar situation to the famous birthday attack where ϵdepends on n/

√p as well. In our CCBKE scheme, p is commonly

1024 bit and n (number of server instances) is usually severalthousand which can be considered negligible compared to 2512.To this end, n/

√p is very close to 0. Thus, the probability for a

collision to happen is negligible, which means an inside attackercannot retrieve any of the others’ session keys except a negligiblepossibility. Combining this conclusion with Theorem 1, we havefinished proving Theorem 2. �

Since all identity information is encryptedwith the session keysin authentication rounds 3 and 4 and both outside attackers andinside attackers cannot retrieve others’ session keys, we have thefollowing lemma.

Lemma 1. Any pretending participants will fail authentication inrounds 3 and 4 .

Once the authentication of rounds 3 or 4 fail, the communicationwill then be terminated. A man-in-the-middle attack or any kinds ofidentity forgery attack to our scheme will hence not be successful.

4.5.2. Perfect forward secrecySame as in IKE, session keys used for encrypting communica-

tions are only used once until they are expired and destroyed. Thus,a previously used session key or secret keyingmaterial isworthlessto amalicious opponent even a previously-used key or a secret key-ing material is somehow exposed. This is one of the major advan-tages of using a key exchange scheme in hybrid encryption, whichis whywe did not choose to simply encrypt the session keywith anasymmetric-key encryption algorithm, even though it can be eas-ily done through PKI considering the fact that we have adopted aCA in our CCBKE architecture.

5. Experiment and evaluation

The CCBKE scheme proposed in this paper is generic. It can bedeployed with various scientific applications and on various cloudcomputing platforms to improve efficiency and reduce the cost inguaranteeing communication security.

According to the analyses in Section 3.2, time consumption ofoperations outside CLC can be considered negligible. In CCBKE,

Rounds 1 and 3 are carried out on CLC, which both containedn modular exponential operations. Since the CLC used only onerandomness x instead of {x1, . . . , xn} to conduct Diffie–Hellmankey exchange with {S1, . . . , Sn}, there are only 1 instead of nmodular exponential operations left. Hence, approximately halfof the modular exponential operations are cut out. In this regard,intuitively speaking, the CCBKE scheme can have vast efficiencyadvantage over IKE [15]. We now further conduct experiments toquantitatively demonstrate that CCBKE,when applied in cloud, canindeed improve the efficiency of IKE significantly.

5.1. Experiment environment

U-Cloud is a cloud computing system in University of Technol-ogy, Sydney (UTS) on which we built and conducted our experi-mental environment. The computing facilities of this system arelocated in several labs in the Faculty of Engineering and IT, UTS. Ontop of hardware and Linux OS, we installed KVM Hypervisor [41]which virtualises the infrastructure and allows it to provide uni-fied computing and storage resources. Upon virtualised data cen-tres, Hadoop [42] is installed to facilitateMapReduce programmingparadigm and distributed data management. Furthermore, weinstalled the OpenStack open source cloud platform [43] whichis responsible for global management, resource scheduling, taskdistribution and interaction with users. The structure of U-Cloudsystem is depicted in Fig. 2.

5.2. Experiment process

It is clear that the actual efficiency improvement brought by ourscheme highly depends on the size of dataset and the number ofserver instances in total. Experiments were conducted onmultipledatasets with a different number of server instances involved,which will be demonstrated in the next sub-section.

We will compare our scheme to the trivial scheme whereCLC exchanges keys with each server instance using IKE ina separated fashion. Asymmetric-key cryptosystems are muchslower (approximately 1000 times slower) than symmetric-keycryptosystems, thus large datasets are never encrypted withasymmetric-key cryptosystems in practice. Since our experimentsare conducted on datasets of at least gigabytes in size, we willnot compare the hybrid encryption scheme to an asymmetric-key encryption scheme because the results will be too predictablyobvious.

For evaluating the CCBKE scheme, we implemented 2 keyexchange schemes using Java: a basic multi-user IKE scheme andour CCBKE scheme. For parameters of the Diffie–Hellman keyexchange we used a 1024 bit MODP group [15] with a 1024 bitprime p and generator g = 2. We used MD5 as pseudorandomfunction prf, and RSA algorithm for signature. We ran the twokey exchange schemes under our cloud environment with a fewastrophysics datasets, and tested total time consumption on CLC.

According to the analysis in Section 3, we will evaluate the per-formance of our scheme by evaluating the efficiency improvementon CLC because we can infer from the analysis that time consumedelsewhere can be considered negligible. We will show in the nextsub-section that our scheme improved the efficiency of key ex-change significantly.

5.3. Experimental results and analysis

We first show that key exchange schemes are taking a largepercentage of run time when running under cloud computing,which indicates the significance of research on efficient authenti-cated key exchange schemes. When applying hybrid encryption totraditional data-intensive applications, key exchange schemes arealways being utilised in combination with symmetric-key encryp-tion to ensure data security. In these scenarios, time consumption

1306 C. Liu et al. / Future Generation Computer Systems 29 (2013) 1300–1308

Fig. 2. U-Cloud structure.

Table 1One-round runtime comparison on time consumption of key exchange and AES encryption on CLC.

Dataset size (GB) 2 8 12 15 32

Server instances involved 100 500 1000 1500 4000Data block size (MB) 20 16 12 10 8AES/GCM encryption time (s) 18.52 74.07 111.11 138.89 296.31IKE key exchange time (s) 4.04 20.48 41.77 61.92 163.10Key exchange take percentage of (%) 17.91 21.66 27.32 30.84 35.50

Table 2One-round runtime comparison on time consumption of key exchange and Salsa encryption on CLC.

Dataset size (GB) 2 8 12 15 32

Server instances involved 100 500 1000 1500 4000Data block size (MB) 20 16 12 10 8Salsa 20/12 encryption time (s) 3.11 12.44 18.66 23.33 49.77IKE key exchange time (s) 4.04 20.48 41.77 61.92 163.10Key exchange take percentage of (%) 56.50 62.21 69.12 72.63 76.62

of key exchange schemes can be neglected compared to the heavytime consumption on encryption. However, the situation is dif-ferent in cloud computing, and we demonstrate the difference. Acloud computing infrastructure often employs thousands of serverinstances. For a time-critical data-intensive application such as sci-entific applications, the GB dataset is split into MB blocks and thendistributed and executed on server instances through MapReduce.We use IKE time consumption data from our experiment to rep-resent the efficiency of the key exchange scheme. For symmetric-key encryption algorithms, we included two algorithms used fordataset encryption: the most widely-recognized block cipher, AES,in Galois Counter Mode (GCM) with 64 k tables, and Salsa20/12,a stream cipher which is a more popular kind in encrypting largedatasets because of its high efficiency. Both of the two algorithmswere proven to be secure against various kinds of cryptanalysis.For the efficiency of encryption algorithms, we refer to the per-formance result from Crypto++ benchmarks [44] which indicatesthe speed of AES/GCM with 64 k tables is 108 MB/s, and the speedof Salsa20/12 is 643 MB/s for data encryption. Experiments areconducted on several datasets taken from astrophysics research;results are listed in Tables 1 and 2.

From the results in the tables we can see that with increaseddataset size and number of involved server instances, the time

consumption of key negotiation increases more rapidly than thatof data encryption itself. We can also infer from the results that, ina hybrid cloud computing environment, key exchange operationsin a hybrid security scheme indeed take a large percent of timeconsumption.1 This means that the cost of key exchange willindeed take a considerable percentage in security-aware large-scale cloud computing applications such as scientific applications.2In other words, the overall performance of such applications willbe significantly improved if a key exchange scheme with betterefficiency is used.

As was analysed in Section 3, CLC run time is the only predom-inant factor in comparing the efficiency of an authenticated keyexchange scheme for scheduling in cloud computing. Comparedby time consumed on CLC, the efficiency of the two key exchangeschemes is demonstrated in Fig. 3.

We can see that our scheme only consumes about half ofthe run time on CLC compared to IKE, which is a significant

1 This percentage will be even higher in a real-world scenario since KE efficiencydepends heavily on the scheduling algorithm and the network status whileencryption time stays relatively stable.2 Wewill not provide a detailed quantitative comparison as it is outside the scope

of our paper.

C. Liu et al. / Future Generation Computer Systems 29 (2013) 1300–1308 1307

Fig. 3. Performance of our scheme compared in efficiency to IKE.

improvement. In time-critical multi-round applications wherethousands of server instances are involved, a total of hours of timeconsumption can be reducedwhichmeansmuch faster results anda much lesser chance of missing a scientific discovery.

6. Conclusions and future work

In this paper we have proposed a novel authenticated keyexchange scheme, namely Cloud Computing Background KeyExchange (CCBKE), which aimed at efficient security-aware sche-duling of scientific applications in hybrid computing environmentssuch as cloud computing. Our scheme has been designed basedon the commonly-used Internet Key Exchange (IKE) scheme andrandomness-reuse strategy. Both theoretical analyses and exper-imental results have demonstrated that, compared with the IKEscheme, our CCBKE scheme has significantly improved the effi-ciency by dramatically reducing time consumption and computa-tion load with the same level of security.

While we have proposed an efficient key exchange schemewhich can significantly reduce time consumption, efficiency ofsecurity-aware scheduling for scientific applications in hybridenvironments can be pushed further forward by incorporatingmore cost-efficient encryptionwhich, as the succeeding stage afterKey Exchange, still takes a large partition of time consumption,even in cloud computing for scientific applications. Therefore, inthe future, we will further investigate new strategies to improvethe efficiency of symmetric-key encryption towardsmore efficientsecurity-aware scheduling.

Acknowledgments

This research work is partly supported by Australian ResearchCouncil under Linkage Project LP0990393. The authors arealso grateful for the constructive comments of the anonymousreviewers and the useful discussions with researchers fromSwinburne University of Technology on astrophysics research.

References

[1] R. Buyya, C.S. Yeo, S. Venugopal, J. Broberg, I. Brandic, Cloud computing andemerging it platforms: vision, hype, and reality for delivering computing asthe 5th utility, Future Generation Computer Systems 25 (2009) 599–616.

[2] L. Wang, G.v. Laszewski, A.J. Younge, X. He, M. Kunze, J. Tao, C. Fu, Cloudcomputing: a perspective study, New Generation Computing 28 (2010)137–146.

[3] M. Armbrust, A. Fox, R. Griffith, A.D. Joseph, R.H. Katz, A. Konwinski, G.Lee, D.A. Patterson, A. Rabkin, I. Stoica, M. Zaharia, Above the clouds: aBerkeley view of cloud computing, Technical Report No. UCB/EECS-2009-28,University of California at Berkeley. Available: http://www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-28.pdf (accessed on: 24.10.2011).

[4] L.Wang,M. Kunze, J. Tao, G.v. Laszewski, Towards building a cloud for scientificapplications, Advances in Engineering Software 42 (2011) 714–722.

[5] K. Keahey, R. Figueiredo, J. Fortes, T. Freeman, M. Tsugawa, Science clouds:early experiences in cloud computing for scientific applications, in: FirstWorkshop on Cloud Computing and its Applications, CCA’08, Chicago, USA,2008, pp. 1–6.

[6] C. Vecchiola, R.N. Calheiros, D. Karunamoorthy, R. Buyya, Deadline-drivenprovisioning of resources for scientific applications in hybrid clouds withAneka, Future Generation Computer Systems 28 (2012) 58–65.

[7] E. Deelman, G. Singh, M. Livny, B. Berriman, J. Good, The cost of doingscience on the cloud: the montage example, in: ACM/IEEE Conference onSupercomputing, SC’08, Austin, Texas, 2008, pp. 1–12.

[8] S. Subashini, V. Kavitha, A survey on security issues in service delivery modelsof cloud computing, Journal of Network and Computer Applications 34 (2010)1–11.

[9] T. Mather, S. Kumaraswamy, S. Latif, Cloud Security and Privacy: An EnterprisePerspective on Risks and Compliance, O’Reilly Media, Sebastopol, 2009.

[10] D. Zissis, D. Lekkas, Addressing cloud computing security issues, FutureGeneration Computer Systems 28 (2011).

[11] J. Yao, S. Chen, S. Nepal, D. Levy, J. Zic, Truststore: making Amazon S3trustworthy with services composition, in: Proceedings of the 2010 10thIEEE/ACM International Conference on Cluster, Cloud and Grid Computing,CCGRID’08, Melbourne, Australia, 2010, pp. 600–605.

[12] C. Gentry, Fully homomorphic encryption using ideal lattices, in: Proceedingsof the 41st Annual ACM Symposium on Theory of Computing, STOC’09,Bethesda, USA, 2009.

[13] A. Boldyreva, M. Fischlin, A. Palacio, B. Warinschi, A closer look at PKI: securityand efficiency, in: Proceedings of the 10th International Conference onPracticeand Theory in Public-Key Cryptography, PKC’07, Beijing, PR, China, 2007,pp. 458–475.

[14] K.-W. Park, S.S. Lim, K.H. Park, Computationally efficient PKI-based single sign-on protocol, PKASSO for mobile devices, IEEE Transactions on Computers 57(2008) 821–834.

[15] C. Kaufman, P. Hoffman, Y. Nir, P. Eronen, Internet key exchange protocolversion 2 (IKEv2), in: The Internet Engineering Task Force Request forComments, IETF RFC, vol. 5996, September 2010. Available: http://tools.ietf.org/html/rfc5996 (accessed on: 24.10.2011).

[16] L. Wang, C. Fu, Research advances in modern cyberinfrastructure, NewGeneration Computing 28 (2010) 111–112.

[17] A. Iosup, S. Ostermann, M.N. Yigitbasi, R. Prodan, T. Fahringer, D.H.J. Epema,Performance analysis of cloud computing services for many-tasks scientificcomputing, IEEE Transactions on Parallel and Distributed Systems 22 (2011)931–945.

[18] S.N. Srirama, P. Jakovits, E. Vainikko, Adapting scientific computing problemsto clouds using MapReduce, Future Generation Computer Systems 28 (2012)184–192.

[19] S.K. Garg, S.K. Gopalaiyengar, R. Buyya, Virtual machine provisioning basedon analytical performance and QoS in cloud computing environments, in:Proceedings of the 40th International Conference on Parallel Processing,ICPP’11, Taipei, Taiwan, 2011.

[20] D. Yuan, Y. Yang, X. Liu, J. Chen, On-demand minimum cost benchmarking forintermediate dataset storage in scientific cloud workflow systems, Journal ofParallel and Distributed Computing 71 (2011) 316–332.

[21] N. Cao, Z. Yang, C. Wang, K. Ren, W. Lou, Privacy-preserving query overencrypted graph-structured data in cloud computing, in: IEEE InternationalConference on Distributed Computing Systems, ICDCS’11, 2011, pp. 393–402.

[22] Q. Wang, C. Wang, K. Ren, W. Lou, J. Li, Enabling public auditability anddata dynamics for storage security in cloud computing, IEEE Transactions onParallel and Distributed Systems 22 (2011) 847–859.

[23] K.P.N. Puttaswamy, C. Kruegel, B.Y. Zhao, Silverline: toward data confidential-ity in storage-intensive cloud applications, in: Presented at the 2nd ACM Sym-posium on Cloud Computing, SOCC’11, Cascais, Portugal, 2011.

[24] W.K. Wong, D.W.-L. Cheung, B. Kao, N. Mamoulis, Secure KNN computationon encrypted databases, in: Proceedings of the 35th SIGMOD InternationalConference on Management of Data, SIGMOD’09, Providence, USA, 2009, pp.139–152.

[25] W. Diffie, M. Hellman, New directions in cryptography, IEEE Transactions onInformation Theory 22 (1976) 644–654.

[26] E. Bresson, O. Chevassut, D. Pointcheval, Dynamic group Diffie–Hellman keyexchange under standard assumptions, in: Proceedings of the InternationalConference on the Theory and Applications of Cryptographic Techniques:Advances in Cryptology, EUROCRYPT’02, Amsterdam, Holland, 2002.

[27] Z. Zhou, D. Huang, An optimal key distribution scheme for secure multicastgroup communication, in: IEEE Conference on Computer Communications,INFOCOM’10, San Diego, USA, 2010.

[28] J. Katz, J.S. Shin, Modeling insider attacks on group key-exchange protocols, in:Proceedings of the 12th ACM Conference on Computer and CommunicationsSecurity, CCS’05, Alexandria, USA, 2005, pp. 180–189.

[29] J. Katz, M. Yung, Scalable protocols for authenticated group key exchange,Journal of Cryptology 20 (2007) 85–113.

[30] R. Küsters, M. Tuengerthal, Computational soundness for key exchangeprotocols with symmetric encryption, in: Proceedings of the 16th ACMConference on Computer and Communications Security, CCS’09, Chicago, USA,2009, pp. 91–100.

[31] J. Zhao, D. Gu, Provably secure authenticated key exchange protocol under theCDH assumption, Journal of Systems and Software 83 (2010) 2297–2304.

[32] A. Groce, J. Katz, A new framework for efficient password-based authenticatedkey exchange, in: Proceedings of the 17th ACM Conference on Computer andCommunications Security, CCS’10, Chicago, USA, 2010, pp. 516–525.

1308 C. Liu et al. / Future Generation Computer Systems 29 (2013) 1300–1308

[33] J. Katz, V. Vaikuntanathan, Round-optimal password-based authenticated keyexchange, in: Proceedings of the 8th Conference on Theory of Cryptography,TCC’11, Providence, USA, 2011, pp. 293–310.

[34] K. Kurosawa, Multi-recipient public-key encryption with shortened cipher-text, in: Proceedings of the 5th InternationalWorkshop on Practice and Theoryin Public Key Cryptosystems: Public Key Cryptography, PKC’02, Paris, France,2002, pp. 321–336.

[35] M. Bellare, A. Boldyreva, J. Staddon, Randomness re-use in multi-recipientencryption schemas, in: Proceedings of the 6th International Workshop onTheory and Practice in Public Key Cryptography, PKC’03, Miami, USA, 2003.

[36] R. Canetti, H. Krawczyk, Security analysis of IKE’s signature-based key-exchange protocol, in: Proceedings of the 22nd Annual InternationalCryptology Conference on Advances in Cryptology, CRYPTO’02, Santa Barbara,USA, 2002, pp. 143–161.

[37] Eucalyptus open source cloud platform. Available: http://open.eucalyptus.com/ (accessed on: 24.10.2011).

[38] D. Nurmi, R. Wolski, C. Grzegorczyk, G. Obertelli, S. Soman, L. Youseff,D. Zagorodnov, The eucalyptus open-source cloud-computing system, in:Proceedings of the 2009 9th IEEE/ACM International Symposium on ClusterComputing and the Grid, CCGRID’09, 2009, pp. 124–131.

[39] Australia telescope, Parkes observatory. Available: http://www.parkes.atnf.csiro.au/ (accessed on: 24.10.2011).

[40] D. Kawata, R. Cen, L.C. Ho, Gravitational stability of circumnuclear disks inelliptical galaxies, The Astrophysical Journal 669 (1) (2007) 232–240.

[41] KVM hypervisor. Available: www.linux-kvm.org/ (accessed on: 24.10.2011).[42] Hadoop mapreduce. Available: http://hadoop.apache.org (accessed on:

24.10.2011).[43] Openstack open source cloud software. Available: http://openstack.org/ (ac-

cessed on: 24.10.2011).[44] Crypto++ benchmarks. Available:

http://www.cryptocom/benchmarks.html (accessed on: 24.10.2011).

Chang Liuwas born in Jinan, China. He received his B.Eng.degree in computer science in 2005 and his M.Sc. degreein information security in 2008, both from Shandong Uni-versity, Jinan, China. He is currently a Ph.D. student in theFaculty of Engineering and Information Technologies atUniversity of Technology Sydney, Australia. His researchinterests include cloud computing, scheduling and re-source management, cryptography and data security.

Xuyun Zhang received the B.S. degree and M.E. degree incomputer science from Nanjing University, China, in 2008and 2011, respectively. He is currently working towardshis Ph.D. degree at the Faculty of Engineering and IT,University of Technology, Sydney. His research interestsinclude cloud computing, service computing, QoS, privacyand security.

Chi Yang received his B.S. in computer science fromShandong University, China, in 2004. He received hisM.S. (by Research) in computer science from SwinburneUniversity of Technology, Melbourne, Australia, in 2007.Currently, Chi Yang is a Ph.D. student at the Universityof Western Australia, Perth, Australia. His major researchinterests include the XML data stream query processingand optimization, the scientific workflow, cloud comput-ing, green computing and data processing techniques overwireless sensor networks.

Jinjun Chen is an Associate Professor from Faculty ofEngineering and IT, University of Technology Sydney,Australia. He holds a Ph.D. in Computer Science andSoftware Engineering (2007) from Swinburne, a masterdegree in engineering (1999) and a bachelor degree in ap-plied mathematics (1996) from Xidian University, China.Dr. Chen’s research interests include cloud computing,social computing, green computing, service computing,e-science/e-research, workflow management. His re-search results have been published in more than 100 pa-pers in high quality journals and at conferences, including

the ACM Transactions on Software Engineering and Methodology (TOSEM), IEEETransactions on Software Engineering (TSE), and the International Conference onSoftware Engineering (ICSE). He received the Swinburne Vice-Chancellor’s ResearchAward for early career researchers (2008), the IEEE Computer Society OutstandingLeadership Award (2008–2009), the IEEE Computer Society Service Award (2007),the Swinburne Faculty of ICT Research Thesis Excellence Award (2007).