Security in Mobile Cloud
From CIS Lab, SJTU, China
|Name:||Chen, Kefei||Huang, Zheng|
|Office:||Electr-Building 3#429||Electr-Building 3#331|
|Tel:||3420 4221||3420 5716|
Goal of this course
The goal of this course is to foster security mindset in mobile cloud computing environment, including identifying the threats in mobile cloud, understanding how Security protocols work, applying cryptography, trusted computing and virtualization technologies to mitigate threats.
Students will be able to build secure applications in mobile cloud after this course.
preliminary: students in this course should have attended Computer Networks, Operation System, Information Security and Cryptography Algorithms related courses.
This course concerns mobile cloud security issues by looking at the current state of mobile cloud security, vulnerabilities in mobile cloud computation, and how to use cryptography technical to address those vulnerabilities.
2 Network Security
3 Security in commercial Cloud
4 Security in Mobile Device
5 Security Standards in Mobile Cloud
6 Wrap up and Conclusion
1 Galois Field and AES analysis in Mobile Cloud
The Advanced Encryption Standard (AES) is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST). AES is the most used algorithm both in mobile and cloud server side. It is the key algorithm to protect mobile cloud security.
The calculation of AES is based on Galois Field (GF). GCM (Galois Counter Mode) which is one of AES's widely used working mode is also related with Galois Field. In this case study, we are going to explore the implementation of Galois Field calculation both on mobile device and the cloud server machine, we will also use our implementation to do linear analysis attack for AES.
2 Build secure mobile application using cloud service in progress
- How to Build Secure Application on Android phone using Amazon cloud service
- How to Build Secure Application on Android phone using MS cloud service
- How to Build Secure Application on Android phone using Google cloud service
- How to Build Secure Application on Android phone using OpenStack cloud service
3 What security mechanism can Processors offer in mobile device and cloud server in progress
- Intel AES-NI
- Speeding Up Galois Field Arithmetic
- Security in Intel Atom Processor
and more ...
- Mobile Device Data Backup System?
Textbook and Reading List
There is no mandatory text book for this course. Instead, the instructors will give a reading list:
- Amazon Web Services–Overview of Security Processes: http://d36cz9buwru1tt.cloudfront.net/pdf/AWS_Security_Whitepaper.pdf
- Google’s security philosophy:http://www.google.com/intl/en/corporate/security.html
- Windows Azure General Availability: http://blogs.technet.com/b/microsoft_blog/archive/2010/02/01/windows-azure-general-availability.aspx
- Trusted Mobile Computing: http://www.kiskeya.net/ramon/work/pubs/mobiwi06.pdf
- OpenID Authentication 2.0 - Final: http://openid.net/specs/openid-authentication-2_0.html
- The OAuth 1.0 Protocol.2010.4: http://tools.ietf.org/html/rfc5849.
- Security Guidance for Critical Areas of Focus in Cloud Computing V2.1: https://cloudsecurityalliance.org/csaguide.pdf
- Grading Policy
- Class and Office Hour Times
This Course is sponsored by Intel