Security in Mobile Cloud

Security in Mobile Cloud

From CIS Lab, SJTU, China

Jump to: navigation, search


Name: Chen, Kefei Huang, Zheng
Office: Electr-Building 3#429 Electr-Building 3#331
Tel: 3420 4221 3420 5716
Email: some mail some mail

Goal of this course

The goal of this course is to foster security mindset in mobile cloud computing environment, including identifying the threats in mobile cloud, understanding how Security protocols work, applying cryptography, trusted computing and virtualization technologies to mitigate threats.

Students will be able to build secure applications in mobile cloud after this course.

preliminary: students in this course should have attended Computer Networks, Operation System, Information Security and Cryptography Algorithms related courses.

Course outline

1 Introduction

This course concerns mobile cloud security issues by looking at the current state of mobile cloud security, vulnerabilities in mobile cloud computation, and how to use cryptography technical to address those vulnerabilities.

2 Network Security

3 Security in commercial Cloud

4 Security in Mobile Device

5 Security Standards in Mobile Cloud

6 Wrap up and Conclusion

Case Studies

1 Galois Field and AES analysis in Mobile Cloud

The Advanced Encryption Standard (AES) is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST). AES is the most used algorithm both in mobile and cloud server side. It is the key algorithm to protect mobile cloud security.

The calculation of AES is based on Galois Field (GF). GCM (Galois Counter Mode) which is one of AES's widely used working mode is also related with Galois Field. In this case study, we are going to explore the implementation of Galois Field calculation both on mobile device and the cloud server machine, we will also use our implementation to do linear analysis attack for AES.


2 Build secure mobile application using cloud service

Currently, there are many cloud computing service, e.g. openstack, Amazon EC2, at your hand. A lot of internet applications choose cloud service to be their backend. This has the advantage of easy to startup and easy to maintenance. The client of the applications are more likely to be the hand held devices, such as mobile phones and pads. It is becomes more tricky to build secure applications in such environment, since the developers have to follow both the security guidelines on mobile phone and cloud service platform.


3 What security mechanism can Processors offer in mobile device and cloud server

  • Intel AES-NI
  • Speeding Up Galois Field Arithmetic
  • Security in Intel Atom Processor


and more ...

  • Mobile Device Data Backup System?

Textbook and Reading List

There is no mandatory text book for this course. Instead, the instructors will give a reading list:


  • Grading Policy
  • Class and Office Hour Times

This Course is sponsored by Intel