2016 4th IEEE International Conference on Mobile Cloud Computing, Services, and Engineering

Flexible and Secure Resource Sharing for

Mobile Augmentation Systems
Andreas Reiter, Thomas Zefferer
Institute for Applied Information Processing and Communications (IAIK)
Graz University of Technology
Inffeldgasse 16a, 8010 Graz, Austria
{andreas.reiter, thomas.zefferer}@iaik.tugraz.at
AbstractAlthough mobile end-user devices are getting more
and more powerful, they still suffer from limited processing
capabilities and battery capacities. To address this problem, the
augmentation of mobile devices with resources from surrounding
devices or with cloud-based resources has gained popularity in
the recent years. Existing solutions that follow this approach and
ofoad computationally intensive tasks already yield great results
for specic use cases. Unfortunately, most of these solutions are
tailored to specic operating systems or programming languages,
and do not support the exible usage of resources. Furthermore,
existing solutions implicitly assume external resources to be
trustworthy, which is usually not the case in practice. To overcome
these limitations, we introduce a secure and exible resourcediscovery solution for mobile augmentation systems especially targeting the pervasive-computing paradigm. This solution enables
a dynamic use of external resources and assures that securitycritical computations are ofoaded to trusted resources only. We
demonstrate the feasibility and applicability of our proposed
solution by means of a proof-of-concept implementation.The
potential of this implementation to improve performance and save
energy at the same time is evaluated by means of two resourceintensive applications. Obtained evaluation results show that the
proposed solution signicantly speeds up applications on mobile
devices and reduces their power consumption by 50%. Thus,
the proposed solution enables fast, secure, and energy-saving
execution of complex mobile applications.

I.

of resource-demanding and energy-intensive tasks on these

devices.
To overcome these issues, the concept of cloud-based
mobile augmentation (CMA) has been introduced. The idea
behind this concept is simple: resource-intensive and energyconsuming tasks are outsourced to external resources. CMA
does not restrict the type of resource that can be used for
this purpose. Possible resource types comprise public clouds,
proximity devices such as wearables, stationary computers, or
other mobile end-user devices in reach. During the past few
years, several implementations of the CMA concept have been
proposed. Examples are MAUI introduced by Cuervo et al.
[2] or POWER introduced and discussed by Reiter and Zefferer [3]. Although currently available CMA solutions appear
promising at a rst glance, most of them suffer from two basic
limitations. First, available CMA solutions usually focus on
the client perspective only. They provide effective means to
split tasks and prepare them for outsourcing. However, they
usually do not provide efcient and exible means to connect
to external resources and to communicate with them. However,
this has inherent importance in pervasive congurations with
constantly moving users and changing environment conditions.
Second, available CMA solutions do not appropriately consider
security. Concretely, they implicitly assume that employed
external resources are trustworthy. This assumption may be
valid for frameworks relying on single resources without
dynamic components. When it comes to the dynamic sharing
of resources with different nodes, a thorough trust model
is required. Therefore, to achieve an improved utilization of
available computing units it is required to assign them a trust
level, in a way that a system can outsource appropriate tasks
to them.

I NTRODUCTION

Recent statistics on computing trends show that mobile

end-user devices such as smartphones or tablets are gradually
replacing desktop computers and laptops. For instance, in the
USA mobile devices have already outranked classical end-user
devices as the preferred means to access digital media [1].
Reasons for this omnipresent trend are apparent: smartphones
and tablet computers enable access to information and services
everywhere, at any time, and independent from the users
current context. This way, mobile devices are the perfect
enabler of the so-called modern always-on society.

In this paper, we address the two identied limitations

of current CMA solutions. Concretely, we propose and introduce an enhanced CMA solution that differentiates between
external ofoading resources and assigns tasks to these resources depending on their trustworthiness. Furthermore, the
proposed CMA solution relies on a exible peer-to-peer based
network architecture to connect external resources. This way,
the proposed solution achieves a higher level of security and
exibility compared to existing solutions. In this paper, we
elaborate on the architecture of the proposed CMA solution,
introduce a rst implementation and evaluate its performance
and energy efciency by means of two resource-intensive
mobile applications.

The continuing trend towards mobile computing brings

various new opportunities, but raises several challenges at the
same time. As mobile devices are typically battery-powered,
power consumption and energy efciency are perpetual issues.
Furthermore, mobile applications have to cope with reduced
processing and storage capabilities of smartphones and tablet
computers. Although their capabilities are continuously improved, mobile devices are still less powerful than desktops
computers or laptops. The battery-driven nature of mobile
devices and their limited capabilities prevent the application
978-1-5090-1754-6/16 $31.00 2016 IEEE
DOI 10.1109/MobileCloud.2016.8

The remainder of this paper is structured as follows. In Sec31

tion II, relevant background information and related work on

the concept of CMA are provided. Novel concepts and building
blocks of the proposed CMA solution are then discussed in
Section III. In Section IV, a concrete implementation of the
proposed CMA solution is introduced. Security, performance
and energy efciency of this implementation are subsequently
evaluated in Section V. Finally, conclusions are drawn in
Section VI and an outlook to future work is given.

clouds only. Accordingly, it only works, if an Internet connection is available. An improved version of this concept called
Hybrid Mobile Cloud Computing (HMCC) has been proposed
by Abolfazli et al. [9]. HMCC makes use of all described
types of resources and therefore gets the most out of available
computing capabilities. HMCC is also referred to as cloudbased mobile augmentation (CMA).
$

II.

+LJKODWHQF\FRQQHFWLRQ

BACKGROUND AND R ELATED W ORK

Resource augmentation of devices has become known

under different names. The overall concept of sharing resources among surrounding devices was rst introduced by
Satyanarayanan [4] in 2001 under the name surrogate computing. With the pervasiveness of smartphones, people started
shifting their daily work (e-mail, browsing, games, and many
others) to their mobile devices and were soon demanding
more computational power than available on these devices.
To satisfy this demand, software vendors started to outsource
heavy computations to the cloud. In cloud computing, the
separation between local execution and remote execution is
xed. If the employed cloud is not available or if no Internet
connection is available, the whole application does not work.
To overcome this issue, several other approaches to carry out
remote executions have been developed. To categorize these
approaches, Abolfazli et al. [5] introduced a categorization
scheme based on the type of utilized resources. This scheme
was further rened by Reiter and Zefferer [6] yielding the
following classes of resources:

5HVRXUFHFRQVWUDLQHG
GHYLFHV

/RZODWHQF\FRQQHFWLRQ
ZLWKDWWDFKHGFORXGOHW

RYLGHUV
&ORXGSURYLGHUV

+RPHFRPSXWHUV

/RZODWHQF\FRQQHFWLRQ

3UR[LPLW\GHYLFHV

Fig. 1: Overview of the utilized types of resources

Figure 1 summarizes all utilized resources and illustrates
their connectivity to a users device. High-latency connections
are exclusively used to connect to distant resources, if no
other connectivity is available. Otherwise, low-latency Wi
connections are used. The usage of cloudlets is twofold. On
the one hand, they may directly provide computing resources.
On the other hand, they may also act as fast gateways to distant
resources.
It is indeed important to make use of all available resources,
in order to achieve the best possible performance and to maintain battery life. At the same time, an ofoading framework
needs to be exible and dynamic, in order to react to changes in
the surrounding environment quickly. Furthermore, application
developers should not be forced to provide different instances
of their applications, in order to support ofoading to different
types of resources. An application installed on the end-user
device should contain everything required to execute it, even
if no external resources are available at the moment. This is
the main philosophy behind all frameworks targeting one of
these concept. They all follow very similar goals: save energy
and increase performance.

Distant Immobile Clouds are cloud resources from public

cloud providers like Amazon, Google, or Microsoft, as well
as private cloud resources from other companies. They are
geographically located far away from the user and offer virtually unlimited computing resources. However, from a mobile
devices perspective, their latency is rather high compared to
other types of resources.
Proximate Immobile Computing Entities are resources in
the proximity of the user. This includes e.g. ordinary stationary
computers and dedicated cloudlet resources as introduced by
Satyanarayanan et al. [7]. This type of resources offer a fair
amount of computing resources, but are usually unable to scale
up on heavy load.

For instance MAUI [2] was one of the rst solutions

targeting a cloud-based ofoading and following a systematic
approach for this purpose. It aims at extending battery lifetime
by ofoading computationally expensive parts. MAUI enables
application developers to use annotations, in order to dene
parts of the application that can be ofoaded. The framework then decides if ofoading is benecial based on current
conditions of the device. MAUI focuses on managed code
environments and is currently available as proof-of-concept
implementation targeting the .NET framework. In contrast
to MAUI, CloneCloud [10] aims to avoid developer-assisted
annotations. Instead, a virtual clone of the current mobile
system is operated in the cloud. Applications are automatically
analyzed and computationally intensive parts that can be
executed remotely are identied. This takes the burden from
the developer to the analysis tools. CloneClouds proof-ofconcept implementation targets Java applications on Android
platforms. The applicability of CloneCloud is hindered by its
need for a customized Android version to seamlessly catch the

Proximate Mobile Computing Entities refer to proximate

mobile devices like laptops, tablets, or smartphones. Ideally
they should have a similar movement pattern as the user,
in order to be available as long as possible. This type of
resources offer a relatively low amount of computing resources
but havein contrast to cloud-based resourceslow latency,
due to their proximity to the user.
Based on these types of resources, different approaches
to execute tasks remotely can be distinguished. The surrogatecomputing approach as introduced by Satyanarayanan [4] only
makes use of proximate mobile and proximate immobile computing entities. This leaves out a large group of resources with
very high potentials. The concept of Mobile Cloud Computing
(MCC), which has been described by Shiraz et al. [8] as
a new paradigm to extend the capabilities of devices with
constrained resources, uses resources from distant immobile

32

5HVRXUFH
FRQVWUDLQHGGHYLFH

introduced ofoading spots. To address this issue, ThinkAir

[11] combines the ideas of MAUI and CloneCloud. ThinkAir
employs the exibility of MAUI and the ease of use of
CloneCloud. Concretely, ThinkAir overcomes the issues of
CloneCloud by introducing a further compilation step, which
generates code for remote execution.

2IIORDGLQJHQJLQH

&ORXGEDVHG
UHVRXUFH

Application prolers analyze the application to determine performance values of application parts that can
be ofoaded. Some systems contain on-the-y prolers, which provide performance values at runtime,
others use static analysis approaches.

The decision engine keeps track of the current condition of the ofoading resource(s) and decides based
on performance values obtained from the application
proler whether or not ofoading is benecial.

The ofoading engine is in control of the whole ofoading process. If the decision engine determines to
ofoad a specic part, the ofoading engine performs
the technical processes to ofoad the task and reintegrates the results.

As shown in Figure 2, the connection to external resource

providers is established in a static manner using standard Internet protocols. This imposes a lot of responsibilities and efforts
to the resource providers. To set-up e.g. a new server-based
resource, a provider basically has to perform the following
steps:

All available frameworks described above utilize single

ofoading resources of type Distant Immobile Clouds only, or
assume that utilized resources are available. This reduces their
exibility with regard to the efcient use of external resources.
To overcome this issue, we took the described frameworks as
a basis to develop a more advanced architecture. Details of our
enhanced architecture are presented in the following section.
A RCHITECTURE

Server software needs to be installed and congured

according to available ports and other system congurations.

If a public IP-address is available, the rewall conguration needs to be adapted to open another port to
listen for incoming requests.

If no public IP-address is available, routers need to be

congured to forward requests to the new provided
resource.

If the used system supports a resource-discovery

mechanism, registration at the control point for resources needs to be performed.

Apparently, this is a very narrowing approach from a

resource-utilization perspective. Therefore, we extended the
basic architecture of existing ofoading solutions illustrated
in Figure 2. The resulting enhanced architecture is shown in
Figure 3. Static connections to external resource providers are
exchanged by a exible network structure, which supports easy
resource discovery and seamless connection establishment.
The goal is to have zero conguration overhead, regardless
where the resource provider is set-up. The proposed network
architecture will be discussed in detail in Section III-A.

In order to motivate the proposed architecture detailed in

this section, common components of ofoading frameworks
are identied rst. The four common components listed below can be extracted from existing frameworks. Interfaces
and interactions between these components are additionally
illustrated in Figure 2, which shows the basic architecture of
existing ofoading solutions.

'HFLVLRQHQJLQH
$SSOLFDWLRQSURILOHU

7UDQVSRUWPHGLXP
**:LILRWKHUV

Fig. 2: Extracted architecture from existing solutions

All above mentioned solutions yield good results for their

targeted platforms, but have mainly been tailored to native
mobile apps. However, in the recent years web-based applications have gained popularity due to various new and powerful web technologies such as web workers1 , web sockets2 ,
web-based real-time communication [12], or WebGL3 . These
technologies enable development of powerful native-like web
applications. In contrast to native apps, web-based applications
are not restricted to a certain platform. Unfortunately, webbased applications are not covered by the above-mentioned
ofoading frameworks. Still, some promising new approaches
are coming on stage. One ofoading approach for JavaScriptbased web applications has been proposed by Yu et al. [13].
Their solution enables analysis of JavaScript-based applications and the ofoading of relevant functions to the cloud.
In the web context, additional restrictions like the SameOrigin-Policy (SOP) must be considered. The SOP prevents
a web application from making uncontrolled requests across
multiple domains. Therefore, Yu et al. [13] introduce a cloudbased proxy, which serves the web application (also from another server) and provides computing resources for ofoading.
POWER [3] represents a more exible approach. Although
it targets web-based apps and cross-platform applications, it
does not rely on JavaScript directly. The proof-of-concept
implementation is based on Dart4 , a language that compiles
to efcient JavaScript code. Additionally, a server-side native
environment is provided, where Dart code can be executed
directly. To increase performance, the POWER framework
optimizes ofoading calls for efciency in terms of transfer
size.

III.

$SSOLFDWLRQ

The application contains computationally intensive

parts to be ofoaded to a remote resource.

On the application side, we propose to extend the architecture of existing ofoading solutions with:

1 http://www.w3.org/TR/workers/

2 https://tools.ietf.org/html/rfc6455
3 https://www.khronos.org/registry/webgl/specs/latest/2.0/
4 https://www.dartlang.org/

33

a resource repository that enables the ofoading

framework to keep track of currently available resources,

a background component to discover and constantly

assess available resources, and

a trust mediator that keeps track of the required level

of trust for a particular operation, and be aware of
the trustworthiness of each resource in the resource
repository.

architecture introduced in Section III-A eases the detection

of available resources. However, detected resources still need
to be assessed. To assess a newly detected resource, a direct
connection to the resource is established and relevant performance values like latency and bandwidth are gathered. This
is not a trivial task, and it is desirable to perform as little
assessments as possible. A naive approach is to start with
a list of geographically near resources. Agarwal and Lorch
[14] further improved this approach for online matchmaking.
They proposed an improved latency-prediction system that
combines geolocation-based and network coordinate based
prediction systems. Geolocation-based approaches predict the
latency based on the real-world distance of two nodes, which
already yields good results. The network-coordinate system
constantly renes the coordinates of the geolocation approach
based on the measured RTT. It is a collaborative approach,
which results in a large map of coordinates where the closest
nodes potentially have the lowest latency.

The resource repository and its associated mechanisms will

be discussed in detail in Section III-B. The trust mediator
and processes related to this component will be described in
Section III-C.
A. Flexible Network Architecture
Setting up new services always requires additional administration effort. Our exible network architecture avoids
this overhead by using a self-organizing resource-discovery
network with elaborate methods of direct connection establishment. The proposed resource-provider network is organized in
two layers. The upper layer keeps track of all available resources in a structured and well-dened peer-to-peer network.
The lower layer enables a direct connection establishment
between resource-constrained devices and resource providers
with zero conguration overhead. Peer-to-peer (P2P) networks
are mesh-like networks, where each peer can communicate
with all other peers, even if they do not have a direct connection. Depending on the inner structure of the P2P network,
a single node has usually only few connections to other
nodes but can accurately estimate the route to any other node.
Distributed Hash Tables (DHT) are one way to implement
self-organizing peer-to-peer networks. DHTs store key-value
associations in a distributed manner. Using DHTs, resource
providers can register for certain keys that can be used by
certain clients to nd available resources.

The assessment method described above appears to be a

promising approach. However, our proposed architecture is
exible enough to support arbitrary assessment methods. Irrespective of the concrete method used, the background resource
discovery and assessment component, which is part of the
proposed architecture, constantly monitors gathered resources.
If one of the performance values of a particular resource
goes beyond dened thresholds, the component restarts the
discovery process and tries to gather more resource.
C. Trust Mediator
Security and trust in the eld of distributed application execution is a hot topic. Reiter and Zefferer [6] dened securityrelated requirements for mobile cloud-computing systems and
assessed existing solutions. Their obtained results show that
none of the existing frameworks sufciently tackles security
issues. The use of multiple ofoading resources offered by potentially untrusted providers requires an elaborate trust model.
Tasks and their associated data are agged according their
level of sensitivity by the developer. According to the state the
system can decide if any of the currently connected resource
providers fulls the requirements and initiate the ofoading
process. If tasks have no specic requirements on the trust
level, they could be executed on any of the available resource
providers.

Unfortunately, communication over P2P networks is much

slower and error-prone than direct connections. Nodes are constantly leaving and joining the network, therefore connections
can be interrupted frequently. Furthermore, a message may
travel over multiple nodes until its nal destination is reached,
which negatively impacts the latency of the communication.
To overcome this issue, we propose to not only use the P2P
network as a resource-discovery mechanism, but also as an assistant for direct connection establishment. To establish a direct
connection between arbitrary nodes, various barriers have to be
overcome when network address translation (NAT) gateways
are involved. Without going into detail of different NAT
types, a node cannot establish a direct connection to another
without taking further actions if both nodes are behind NATs.
P2P networks come equipped with technologies to circumvent
NATs. With the P2P technology in hand, implementations will
result in very exible and error-resistant systems.

The trust mediator then follows a simple but effective trust

model. Users have to specify trusted resources or use predened lists of trusted resources. Trusted resources can e.g. be
determined by requiring a certicate-based authentication and
following a certicate pinning approach. If the resource can
authenticate with one of the trusted certicates, the resource is
considered as trusted, otherwise as untrusted. Backed by our
exible network architecture from Section III-A even a users
home computer can be used for highly sensitive operations and
still get the best possible results on the mobile device. Using
this approach, we put little burden on the developer and support
existing applications without major changes. Other approaches
like e.g. operating on encrypted data require non-trivial major
changes in the application logic and are hence difcult to
use for software developers. With the proposed architecture,
existing solutions can be extended to gain exibility and enable
applications in security-related domains.

B. Resource Repository
Most of currently available frameworks are limited to a
single ofoading resource. Our solution breaks up this association by introducing a repository of currently available, good
or near resources. Good or near resources are characterized
by having only a short round-trip time (RTT). Short RTTs
are important, Cuervo et al. [2] have shown that the energy
consumption of an ofoading operation almost doubles when
the RTT increases from 10ms to 25ms. The exible network

34

%DFNJURXQGUHVRXUFH
GLVFRYHU\DQGDVVHVVPHQW

5HVRXUFHFRQVWUDLQHGGHYLFH

7UDQVSRUWPHGLXP
**:LILRWKHUV

$SSOLFDWLRQ

1HWZRUN
GLVFRYHU\HDV\
FRQQHFWLRQ
HVWDEOLVKPHQW

'HFLVLRQHQJLQH
3URILOHU
7UXVWPHGLDWRU
2IIORDGLQJHQJLQH
5HSRVLWRU\RIFXUUHQWO\
DYDLODEOHDQGQHDU
RIIORDGLQJUHVRXUFHV

Fig. 3: Overview of the proposed architecture

IV.

I MPLEMENTATION D ETAILS

The proposed architecture aims at providing a sustainable

ofoading solution backed by an elaborate and exible network infrastructure. Looking at currently available solutions,
the POWER [3] framework is an ideal candidate for the
proposed extensions due to its modular design, its security
considerations, and the provided interoperability among all
major devices and platforms.

TRUSTED: Ensures that tasks are only executed on

resource providers which are fully trusted by the user,
according to the trust mediator. Tasks marked with
sensitivity level TRUSTED are operating on sensitive
data or data which needs protection.

PUBLIC: Tasks marked with sensitivity level

PUBLIC have no requirements on the condentiality
of the data or are operating on uncritical data.

a resource repository,

an enhanced ofoading engine making use of the

exible network architecture.

WebRTC enables a direct browser-to-browser communication without intermediate servers, but with the restriction that
a separate signaling channel is required. Figure 4 provides
an overview of WebRTC technology. Connection information needs to be exchanged using a separate channel prior
to establishing a direct connection. In our implementation,
connection establishment relies on the Interactive Connectivity
Establishment (ICE) protocol [15], in order to circumvent NAT
gateways. The protocol includes the discovery of a devices
public IP address using a STUN server [16]. If no direct
connection is possible, a relayed connection using TURN
servers [17] is established. The signaling channel can be
realized using e.g. a web server that serves a particular web
page, or using publicly available web-socket servers for crossdomain resource sharing.
Based on this technology, we realized a structured P2P
network with web socket based signaling servers that are used
for the initial connection to the P2P network. The P2P network
is composed of resource nodes and client nodes. Each node has
a unique ID used for addressing the peer. Even if two nodes
do not have a direct connection, they can send messages to
each other through other peers.

POWER implements all components outlined in Figure

2. It focuses on the ofoading and interoperability issue
by proposing a hybrid mobile cloud computing scheme on
a new level. To realize the proposed enhanced architecture
illustrated in Figure 3, we have extended POWER accordingly
by integrating

an enhanced decision engine being aware of the different trust requirements and resource providers with
different trust levels, and

Implementing a P2P framework in the browser based on

web technologies is a challenging task. In fact, a technology
is required that enables a direct browser-to-browser communication, without any intermediate servers. Our implementation
relies on WebRTC [12] technology to accomplish this task.
Major parts of the component are running on the particular
mobile device with support from distributed parts from other
nodes.

@OffloadMe ( SENSITIVITYLEVEL ) F u t u r e<S t r i n g > s a m p l e ( ) {

<y o u r c a l c u l a t i o n >
}

a exible network architecture,

A. Flexible Network Architecture

Listing 1: Annotation to identify parts of an application for

remote execution

a trust mediator,

Details on the implementation of these components are discussed in the following subsections.

POWER is an ofoading framework based on new web

technologies, targeted at web applications as well as at crossplatform mobile applications. The framework does not directly
use JavaScript, but uses the Dart programming language, which
is capable of producing highly efcient JavaScript code and
therefore is compatible with all major devices and platforms.
To identify parts of an application for remote execution, the
framework expects annotations from application developers as
illustrated in Listing 1. Additionally, developers can specify
a level of sensitivity, which inuences the selection of a
suitable ofoading resource. The application of trust levels is
not further described in the original paper. We extended the
SENSITIVITYLEVEL parameter to support two states:

The exible network architecture additionally provides

means to easily establish direct connections between peers.

35

3)
4)
5)

Try to establish a direct connection to the discovered

resource. If a direct connection is not possible, continue with Step 2.
Determine the current latency to the resource and
queue it into the resource repository.
Request a TLS-secured connection to assess the trust
level of the resource on request.

Fig. 4: WebRTC overview

The mechanisms use the same technologies as the P2P implementation: WebRTC as transport media, ICE protocol to
circumvent NAT gateways, and STUN/TURN server to discovery public IP addresses or establish a relayed connection.
The difference to the in parallel established P2P network
connection is the independence of central server structures.
Through the P2P network all nodes can communication with
each other, this is used to provide a decentralized signalling
channel, required to establish a direct connection between
client nodes and resource nodes. The direct connection works
completely transparent. For the further procedure, the P2P
network is used as communication media for peers that are
unable to establish a direct connection. The connection between two peers is secured with DTLS [18] using self-signed
certicates. According to the WebRTC specication, trust
should be ensured by the signaling channel. This is infeasible
for our distributed signaling channel. Therefore, we added
a layer of security by establishing a TLS channel over the
WebRTC connection using the Forge5 library, which enables
clients and resource providers to explicitly specify certicates.
The certicates can be used later on for the certicate pinning
approach.

Fig. 5: Resource discovery background task

As mentioned in Section III-B, step 3 and step 4 above
are time and resource consuming tasks. Therefore, we need to
discover resources that already fulll the requirements with a
high probability. We evaluated a straight geo-location based approach and an improved approach by Agarwal and Lorch [14].
Using the improved approach, the geographic location is used
as a starting point and is rened on a virtual map with
real latency values. Anyway, we found that this approach
does not suit mobile environments we are targeting, because
latency values on mobile devices are subject to large variations
due to their constantly changing connection environment. We
found that the geo-location based approach is sufcient. In the
discovery process geographically near resources are returned,
based on the available public IP information. This also yields
resources that do not fulll the performance requirements, they
are sorted out at the client.
A separate background task constantly gathers latency
values from connected peers to be able to react to slow
resources and changing network conditions. We are aiming at
resource-constrained mobile devices with potentially unstable
network connections and observed that latency can increase
rapidly for a single measurement, and be back at normal level
for the next measurement. Therefore, we keep the last few
collected latency measurements and use the median value.
This way, single outliers trigger expensive discovery and direct
connection procedures.

In summary, we implemented a scalable P2P network based

on new web technologies. The implemented network enables
the establishment of direct connections between peers. This
way, it minimizes latency and enhances performance.
B. Resource Repository
The resource repository is a constantly monitored and
assessed list of resources, to which computations can be
ofoaded. It is instantiated in the context of the application
on the mobile device to provide up-to-date resource informations. Resource requirements may differ from application to
application. Therefore, application properties directly inuence
the resource repositorys behavior, i.e. the size of the resource
repository, which species how many resources are allocated
and must be ready to use, and the maximum latency before
the search for better resources is started again. The discovery
and assessment background task, which maintains the resource
repository, is illustrated in Figure 5 and basically performs the
following operations:
1)
2)

In addition to the gathered resources, users may provide

local congurations with supplementary peer IDs to connect
to. This way, users can e.g. add their home computers and use
them to ofoad security-sensitive computations.
C. Decision Engine and Trust Mediator
The decision engine decides whether it is benecial to
ofoad a certain part of an application and hence is running
on the mobile device. Furthermore, it gives hints on ofoading
resources with good performance values for a particular task.
Some parts of the decision engine are already provided by the
POWER framework. We mainly extended POWERs decision
engine in two aspects. First, we improved the algorithm used to
determine if ofoading is benecial or not. Second, we added
a trust-mediator implementation to match requested trust levels
with the trust levels of connected resources.

Check if all properties are met (size of resource

repository, maximum latency). If properties are not
met, continue with Step 2.
Discover new resources using the P2P network with
signaling-server assistance.

5 https://github.com/digitalbazaar/forge

36

For performance reasons, it is crucial to only ofoad

application parts, for which remote execution pays off. In
practice, this is hard to predict for a particular application
part. For instance, a certain method may execute fast for
one input but may execute slow for another input. A sound
solution would be to analyze the code for a given input in
order to estimate the runtime. This does not seem feasible for
a practical application, as it causes signicant additional effort.
Hence, our implementation uses a more pragmatic approach:
All calls in an application are proled in a preceding proling
step. This yields a list of inputs and corresponding predicted
execution times that can be used by the decision engine for
accurate estimations. In practice, saving the whole input is
infeasible, requires too much storage space, and in fact is
not necessary. Our implementation hence only stores hashed
input values and their corresponding performance values. For
varying input values that have not been considered during the
preceding proling step, the decision engine can still do a
heuristic decision based on stored performance values for other
inputs. Furthermore application developers can give hints to
the ofoading engine e.g. to always ofoad a specic call and
skip the local proling. The proling of an application can also
be performed prior to deployment and the required proling
information can be provided by the application itself.

control of the user. She species the assigned trust level in

advance, and provides it to the application/framework. Another
option is to delegate the assessment to trusted third parties. In
other domains, certicate-pinning is used to protect the users
of web pages and applications from forged but technically
valid certicates. Due to limitations on web applications, we
currently intentionally follow a straight forward approach and
do not support trust based on e.g. certication authorities, as
this involves implementing a complex certicate validation and
revocation checking, which is not possible in the browser due
to browser protection mechanisms. We also aim to look at other
technologies like the Intel Trusted Execution Environment
(TXT) [19] to assess and increase the trust level of remote
resources.
D. Ofoading Engine
The ofoading engine technically carries out the migration
of the application execution to the remote side. POWER
already features an ofoading engine, which encodes and
transports the state of the application using JSON encoding.
However, throughout our tests we found out that JSON encoding and decoding gets painful slow for e.g. large lists
and collections. Thus, we improved POWER to support MessagePack6 , which provides far better performance than JSON,
at least for our special use case. We further improved the
data transmission of POWER by employing a compression
mechanism provided by lz47 , which turns out to meet best
our requirements.

To determine if a call should be ofoaded, the decision

engine considers multiple factors like the proled local execution time, already gathered remote execution times, and
the used proles. Proles tweak these parameters to fulll
a certain requirement. Our implementation currently supports
two proles:

V.

The performance prole maximizes the processed

computations and provides the best user experience.
In terms of e.g. games, this means to minimize the
latency on inputs and maximize the number of rendered frames. Our implementation of the performance
prole only ofoads a call, if remote execution pays
off. Of course, the performance prole still maintains
the requested trust levels.

E VALUATION

In this section, we evaluate the extended POWER framework and show the efciency of our proposed and implemented
improvements. Furthermore, we assess the applicability of the
proposed enhanced architecture for real-world scenarios and
highlight improvements in terms of performance and energy
efciency.
Throughout this paper we made two claims: to enable
exible and secure resource sharing. The exibility comes
from not tying particular users of an application to single
resources, but opening for a large number of resource providers
also coming from other users. The proposed decentralized
model is error resistant due to the absence of a single point
of failure. Although the current implementation does not
fully get rid of the centralized structure, it contributes to a
failure resistant system by enabling decentralized signalling
for a direct connection establishment between nodes. In terms
of security, the proposed extension for POWER is the rst
solution enabling a secure and privacy preserving execution in
hybrid mobile cloud computing frameworks. As it is the case
for other data sensitive use cases on the web, security comes
from identifying remote parties based on certicates. Based on
the sensitivity of performed computations and processed data,
the framework selects a user trusted resource provider. The
sensitivity of data and computations needs to be determined
by the developer. This puts a lot of burden on the developer, but
she could use automated assistant tools for the identication.
Due to the limited resources and the goal to unburden mobile

The energy saving prole tries to perform at the same

performance levels as a local execution would do, but
heavy computations are ofoaded. The energy saving
prole might block the reintegration of results for
a certain amount of time to adapt the performance
levels. Using this approach, energy-consuming components are only active for short periods of time to
save energy.

Once the decision engine has analyzed a particular call

and has decided if ofoading is benecial, the trust mediator
is invoked. The trust mediator also resides on the mobile
device and ensures that particular calls are only executed on
resources with a satisfying trust level. The required trust level
is specied by the developer, which is extracted by the trust
mediator. The specied trust requirements are based on the
sensitivity of the computation and on the sensitivity of the
data. The trust levels of connected resources are assessed
by different means. Currently we follow a certicate-pinning
like approach, where resource constrained devices assess the
trust level based on offered certicates. On the users side,
the level of trust assigned to a specic certicate is in full

6 http://msgpack.org/
7 https://github.com/pierrec/node-lz4

37

devices, we do not think that this task can be outsourced to

the mobile device and be performed at runtime.
Execution time in ms

Local execution
Remote execution optimized

Remote execution unmodied

Remote execution parallelized

8,000
6,000
4,000
2,000
0

s
s
id
ow
ow
dro
ind
ind
An
W
W
n
on
on
5o
40
45
fox
e4
me
om
fox
Fire
r
o
e
r
r
h
i
C
F
Ch
ux

om

Chr

on
42

Lin

ux

on
40

Lin

Fig. 7: Raytracer performance for rendering a 256 pixels by

256 pixels image

Fig. 6: Environment setup for the evaluation procedure

The test setup that has been used for evaluation is illustrated
in Figure 6. It is composed of three resources. Two resources
are accessible from the Internet via public IP addresses and
are able to accept direct connections. One resource is located
behind a symmetric NAT, which does not allow incoming
trafc on arbitrary ports. A STUN/TURN server is used to
provide direct-connection capabilities for the resource hidden
behind the NAT gateway. A separate web socket based server
is used for the initial P2P connection. The web applications
are served from the signaling server, but could also be served
from any other web server. We congured our test applications
to always maintain two resource connections and dynamically
pick the one with the best connection. We performed our evaluation with two web-based applications running on desktop
PCs and different Android 5 devices. We also looked into
other mobile operating systems like iOS and Windows Phone.
Unfortunately, their browsers do not yet support WebRTC
technology. Hence, these platforms could not be used for
evaluation. We used the two chosen applications to evaluate
the performance and energy efciency of our implementation.
Details of obtained evaluation results are presented in the
following subsections.

1600 ms on Chrome for Windows to nearly 8000 ms on

Chrome for Android. Such high execution times make the
application virtually unusable. By just applying the annotation
and not applying any other optimizations, we were already
able to improve the performance on mobile devices for an
ofoaded execution by about 30% to 5500ms. We could also
observe a gain in performance for desktop environments. Our
test application is written in the Dart programming language
and compiles to efcient JavaScript code to run in the browser.
The employed resources do not execute the JavaScript code,
but are running on dedicated Dart VMs. This yields a better
performance than the generated JavaScript code. However, the
resulting data was still large in size and consumed much time
even in our Wi-based setup. We were required to transfer
114kB on the wire, which uncompressed to 338kB.

Execution time in ms

Local execution
Remote execution optimized

A. Performance Evaluation
To evaluate performance improvements that can be
achieved with our ofoading solution, we executed the two
applications Raytracer and PBKDF2 on different Androidbased devices. Obtained results are discussed in the following.

Remote execution unmodied

Remote execution parallelized

30,000
20,000
10,000
0

s
s
x
oid
ow
ow
inu
ndr
ind
ind
nL
nA
0o
nW
nW
o
4
o
o
5
5
40
fox
e4
e4
om
fox
Fire
om
Chr
Fire
Chr
ux

2
e4
rom

Ch

on

Lin

Fig. 8: Raytracer performance for rendering a 512 pixels by

512 pixels image

1) Raytracer Performance: Our rst application under

evaluation was a straight-forward raytracer8 . It does not implement any optimizations from the eld of 3D graphics. The
input is a scene description, the output is a list of pixels,
i.e. a bitmap. Information required for ofoading (scene and
other application-state information) is encoded in 1165 bytes
and after compression has a length of 631 bytes. We used
the application to render the scene with 65535 pixels and
with 262144 pixels. We rendered 200 images and recorded
the average time needed for a rendering process. The devices
and computers under test were connected via high-speed Wi
to the resources and had low (single-digit) latencies.

Our next step was to slightly modify the Raytracer application, to not return a blunt list of pixels but already encode the
result as PNG image. The rst observation was that the size of
the transferred data rapidly decreased to 66.4kB. Furthermore,
the JavaScript processing of the raw PNG data was way
faster than it was when dealing with a large list of pixels.
Figure 7 shows that the average processing time for a single
frame on the mobile device decreased from nearly 8000ms
for local execution to 1140ms for this optimized solution
in the ofoading case. This is a performance gain of more
than 700%. Also for desktop environments, we again can see
a signicant gain in performance of, in average, more than
200%. To further improve our results, we parallelized our
application, rendered different parts on different resources, and

Figure 7 shows obtained results for rendering the image

with 65535 pixels. A pure local execution takes from about
8 https://github.com/dartist/raytracer

38

consolidated them locally. The results presented in Figure 7

show that we were not able to achieve a further improvement,
as the induced ofoading overhead overwhelmed the gained
performance. Still, this approach provides true multi-threading
also for web applications.

B. Energy Efciency
In addition to performance, we also evaluated the energy
efciency of the proposed ofoading solution, i.e. its inuence
on battery lifetime. In general, there are multiple ways of determining the energy consumption of applications. Hardwarebased approaches directly measure the consumption between
the battery and the mobile phone. This approach brings major
drawbacks in terms of mobility. Software-based approaches
are available as well. Zhang et al. [20] have proposed a
method, which generates models for specic devices. Based
on these models, the current power consumption of mobile
devices can be estimated. Unfortunately, models differ between
devices and accurate models are currently available for a
few selected devices only. In recent Android versions, the
system records battery-related events and information. Using
the Battery-Historian tool9 , this information can be analyzed
accurately. We used the Battery-Historian tool to analyze our
performance-based prole and our energy-saving prole with
regard to battery consumption. To get comparable results,
the mobile phone needs a dened power-consumption state,
which is not inuenced by background tasks. Using this
approach we also get an idea of the inuence of the introduced
components on the energy consumption. The following gures
all include the energy consumed by the framework components
as part of the application, wi and 3G. Before we started our
evaluations, we always fully charged the device, deactivated all
synchronization services, GPS, and all other background tasks.
The display remained always on with the lowest brightness
level.

Obtained results for rendering the image with 262144

pixels are shown in Figure 8. Here, achieved performance
improvements are even higher. On mobile devices, we reduced
the execution time from more than 30 seconds to 1950ms.
Interestingly, in the mobile case we even got an efciency
improvement for the parallelized version. The execution time
was reduced from 2370ms to 1950ms.
2) PBKDF2 Performance: As shown by Reiter and Zefferer [6], security is an emerging topic in the eld of mobilecloud computing. With the exception of POWER, no existing
framework considers security-related issues and hence disqualies for applications operating on sensitive data. We show that
our solution is also applicable for applications from securitysensitive elds. We do so by evaluating our solution with an
application that uses PBKDF2. PBKDF2 is an algorithm to
derive encryption keys from passwords. This is an computationally intensive task, as it requires the iterative execution
of complex computations. We collected performance values
for desktop and mobile browsers for 1000, 10000 and 100000
iterations. There are no general guidelines on selecting the
right number of iterations in order to achieve a sufcient level
of security. A rule of thumb is to select the number of iterations
in a way that the computation takes about one second, in order
to achieve a suitable trade-off between security and usability.
Apparently, derivation of secret keys should only be ofoaded
to trusted environments, such as own desktop computers. We
dened our resource behind the NAT to be a trusted resource.
Looking at the performance graph in Figure 9, the limit of one
second is only satised by desktop browsers for up to 10000
iterations at local execution. Mobile browsers already need
3253ms for 1000 iterations. Using our ofoading approach we
achieve magnitudes of performance improvements and perform
100000 PBKDF2 iterations in just 1426ms. Thus, our solution
improves the security of mobile applications by enabling them
to derive secret keys using a higher number of iterations within
an acceptable period of time.

Execution time in ms

Local execution 1000 iterations

Local execution 100000 iterations
Remote execution 10000 iterations

To evaluate the energy consumption of our performance

prole, we again ran the Raytracer application locally, remotely connected via Wi with low latencies, and remotely
connected via 3G with latencies around 220ms. Obtained
results are shown in Figure 10. Each bar shown in Figure
10 is divided into the major energy consumers. The local
execution bar shows that the screen is one major energy
consumer. Our goal for the performance prole is to get the
best performance without making improvements on energy
consumption. Against our expectations, even the performance
prole makes vast improvements in energy consumption. On
the Wi connection, the energy consumption of the application
was cut from 7.1% per hour to 3.3% per hour (including
Wi consumption). The 3G connection does not consumes
considerable more energy. Still, we were able to cut the
energy consumption to 6.8% per hour (including 3G energy
consumption). These values already include energy consumed
by our introduced modules and background tasks as well as
consumed energy for the ofoading operation.

Local execution 10000 iterations

Remote execution 1000 iterations
Remote execution 100000 iterations

105

Evaluation results of the energy saving prole are shown

in Figure 11. Again, the constant power consumption of the
screen can be observed. The overall power consumption of the
test application has been cut to 0.3% per hour when using the
Wi connection and to 1.16% per hour when using the 3G
connection.

104
103
102

me

kto

Des

o
Chr

45

fox

ire
pF
skto

De

40

o
Chr

45
me

on

oid
ndr

i)
(W

45
me

on

3G
id (

o
ndr

VI.

Chr

C ONCLUSIONS AND F UTURE W ORK

In this paper we presented a exible and dynamic way

of sharing resources in mobile augmentation systems. Based

Fig. 9: PBKDF2 performance graph on logarithmic scale

9 https://github.com/google/battery-historian

39

Battery consumption per hour in %

[2]
other

screen

wi

3G

application

13.63

15

13.04
9.88

10

[3]

5
[4]
0

)
Wi
te (
mo

l
oca

re

ote

)
(3G

[5]

rem

Battery consumption per hour in %

Fig. 10: Energy consumption using the performance prole

stacked by component

[6]

[7]
other
15

screen

wi

3G

application

13.63

[8]

10

7.45

7.01

5
0

[9]

al

loc

te
mo

i)
(W

re

ote

(3G

rem

[10]

Fig. 11: Energy consumption using the energy saving prole

stacked by component

[11]

on the architecture of existing frameworks, we proposed an

enhanced architecture that targets the usage of multiple types
of resources also for use cases where adherence to particular
trust requirements is required. By integrating the concept of a
trust mediator that matches trust requirements of applications
with trust levels provided by external resources, our proposed
solution can also be applied for security-critical applications.
The proof-of-concept implementation of the proposed solution
has been based on the POWER framework, an ofoading
framework targeting web- and cross-platform application. It
is improved with our proposed components and evaluated
concerning security and impact on the performance as well
as energy consumption of applications using this solution.
Evaluation results show the feasibility of the proof-of-concept
implementation and its underlying architecture. Even in highperformance mode we achieve a considerable saving in energy
and a striking boost in performance. In the energy saving mode
we managed to cut down the overall energy consumption to
as much as 50 percent.

[12]

[13]

[14]

[15]

[16]

[17]

[18]

In the future we will focus our activities on providing more

ne grained ways of specifying trust requirements for applications. Currently, these requirements are embedded in the
code in a non-standard format. The adaptation of standardized
and established ways will enable the usage of already existing
methods and software.

[19]

[20]

R EFERENCES
[1]

D.
Bosomworth,
Mobile
Marketing
Statistics
2015,
2015. [Online]. Available: http://www.smartinsights.com/mobilemarketing/mobile-marketing-analytics/mobile-marketing-statistics/

40

E. Cuervo, A. Balasubramanian, D.-k. Cho, A. Wolman, S. Stefan,

R. Chandra, and B. Paramvir, MAUI : Making Smartphones Last
Longer with Code Ofoad, in Proceedings of the 8th international
conference on Mobile systems, applications, and services, vol. 17, 2010,
pp. 4962.
A. Reiter and T. Zefferer, POWER : A Cloud-Based Mobile Augmentation Approach for Web- and Cross-Platform Applications, in IEEE
CloudNet, 2015.
M. Satyanarayanan, Pervasice Computing: Vision and Challenges,
IEEE Personal Communications, pp. 1017, 2001.
S. Abolfazli, Z. Sanaei, E. Ahmed, A. Gani, and R. Buyya, CloudBased Augmentation for Mobile Devices: Motivation, Taxonomies, and
Open Challenges, IEEE Communications Surveys & Tutorials, vol. 16,
no. 1, pp. 337368, 2014.
A. Reiter and T. Zefferer, Paving the Way for Security in Cloud-Based
Mobile Augmentation Systems, in 3rd IEEE International Conference
on Mobile Cloud Computing, Services, and Engineering (IEEE Mobile
Cloud 2015), 2015, pp. 89 98.
M. Satyanarayanan, P. Bahl, R. Caceres, and N. Davies, The Case
for VM-Based Cloudlets in Mobile Computing, Pervasive Computing,
IEEE, vol. 8, pp. 1423, 2009.
M. Shiraz, A. Gani, R. H. Khokhar, and R. Buyya, A Review
on Distributed Application Processing Frameworks in Smart Mobile
Devices for Mobile Cloud Computing, vol. 15, no. 3, pp. 12941313,
2013.
S. Abolfazli, A. Gani, and M. Chen, HMCC: A Hybrid Mobile
Cloud Computing Framework Exploiting Heterogeneous Resources, in
2015 3rd IEEE International Conference on Mobile Cloud Computing,
Services, and Engineering, 2015, pp. 157162.
B. Chun, S. Ihm, P. Maniatis, M. Naik, and A. Patti, Clonecloud:
Elastic Execution Between Mobile Device and Cloud, in Proceedings
of the sixth conference on Computer systems, 2011, pp. 301314.
S. Kosta, A. Aucinas, P. Hui, R. Mortier, and X. Zhang, ThinkAir:
Dynamic resource allocation and parallel execution in the cloud for
mobile code ofoading, in 2012 Proceedings IEEE INFOCOM. Ieee,
Mar. 2012, pp. 945953.
C. J. Adam Bergkvist Daniel C. Burnett and A. Narayanan,
WebRTC 1.0: Real-time Communication Between Browsers,
https://w3c.github.io/webrtc-pc/.
M. Yu, G. Huang, X. Wang, Y. Zhang, and X. Chen, JavaScript
Ofoading for Web Applications in Mobile-Cloud Computing, IEEE
Software, vol. 32, no. 2, pp. 66, 2015.
S. Agarwal and J. R. Lorch, Matchmaking for online games and other
latency-sensitive P2P systems, ACM SIGCOMM Computer Communication Review, vol. 39, no. 4, p. 315, 2009.
J. Rosenberg and Jdrosen.net, Interactive Connectivity Establishment
(ICE): A Protocol for Network Address Translator (NAT)
Traversal for Offer/Answer Protocols, 2010. [Online]. Available:
https://tools.ietf.org/html/rfc5245
J. Rosenberg, R. Mahy, P. Matthews, and D. Wing, Session
Traversal Utilities for NAT (STUN), 2008. [Online]. Available:
https://tools.ietf.org/html/rfc5389
Y. Mahy, P. Matthews, and J. Rosenberg, Traversal Using
Relays around NAT (TURN): Relay Extensions to Session
Traversal Utilities for NAT (STUN), 2010. [Online]. Available:
https://tools.ietf.org/html/rfc5766
D. McGrew, Cisco Systems, E. Rescorla, and R. Inc., Datagram
Transport Layer Security (DTLS) Extension to Establish Keys for
the Secure Real-time Transport Protocol (SRTP), 2010. [Online].
Available: http://tools.ietf.org/html/rfc5764
James
Greene,
Intel
Trusted
Execution
Technology,
Intel Whitepaper.
[Online].
Available:
http://www.intel.com/content/www/us/en/architecture-andtechnology/trusted-execution-technology/trusted-execution-technologysecurity-paper..html
L. Zhang, R. P. Dick, Z. M. Mao, Z. Wang, and A. Arbor, Accurate Online Power Estimation and Automatic Battery Behavior Based
Power Model Generation for Smartphones, Proceedings of the eighth
IEEE/ACM/IFIP international conference on Hardware/software codesign and system synthesis, pp. 105114, 2010.