• Programme
• Writing talks and theses
• Theses topics
• Teaching
  • Winter 2017
  • Summer 2017
  • IPEC Winter 2017
  • Winter 2016/2017
  • IPEC Summer 2016
  • Summer 2016
  • IPEC Winter 2016
  • Winter 2015/2016
  • IPEC Summer 2015
  • Summer 2015
  • IPEC Winter 2015
  • Winter 2014/2015
  • IPEC Summer 2014
  • Summer 2014
  • IPEC Winter 2014
  • Winter 2013/2014
  • Cryptography
  • Advanced cryptography/Topics in cryptography: Cloud & More
  • Lab Cryptography
  • Oberseminar Computer Security, Winter 2013/14
  • IPEC Summer 2013
  • Summer 2013
  • IPEC Winter 2013
  • Winter 2012/2013
  • IPEC Summer 2012
  • Summer 2012
  • IPEC Winter 2012
  • Winter 2011/2012
  • IPEC Summer 2011
  • Summer 2011
  • IPEC Winter 2011
  • Winter 2010/2011
  • IPEC Summer 2010
  • Summer 2010
  • IPEC Winter 2010
  • Winter 2009/2010
  • IPEC Summer 2009
  • Summer 2009
  • IPEC Winter 2009
  • Winter 2008/2009
  • IPEC Summer 2008
  • Summer 2008
  • IPEC Winter 2008
  • Winter 2007/2008
  • IPEC Summer 2007
  • Summer 2007
  • IPEC Winter 2007
  • Winter 2006/2007
  • IPEC Summer 2006
  • Summer 2006
  • IPEC Winter 2006
  • Winter 2005/2006
• Special events
• crypt@b-it
• Schüler-Krypto

Topics in applied cryptography: Cloud & More
Advanced cryptography: Cloud & More

This course is listed in Aachen Campus as Advanced cryptography: cloud & more, in Bonn Basis as MA-INF 3311 - Topics in Applied Cryptography: Cloud & More.

Responsible

Prof. Dr. Joachim von zur Gathen

Lecture

Michael Nüsken

Time & Place

• Tuesday 13³⁰-15⁰⁰, b-it Rheinsaal.
• Wednesday 13³⁰-15⁰⁰, b-it Rheinsaal.
• Tutorial: Tuesday 15¹⁵-16⁴⁵, b-it Rheinsaal.

First meeting: Tuesday, 29 October 2013.

All times subject to agreement in class.

Exam

Pre-exam meeting: 10 March 2014, 11⁰⁰, b-it 1.25.
Exam: 12 March 2014, between 10⁰⁰ and 13⁰⁰, b-it bitmax.
Post-exam meeting:  18 March 2014, 14³⁰-15³⁰, b-it 1.25.
Second exam (repetitions only): 14 April 2014, between 14⁰⁰ and 17⁰⁰, b-it 1.25.
Post-exam meeting 2: probably 30 April 2014, 13³⁰-14⁰⁰, b-it 1.25.

Notes

The screen notes (PDF) contain all handwritten stuff (last updated 05 February 2014, 15:45).

Exercises

• Exercise 1 (PDF, last updated 31 October 2013, 20:27).
• Exercise 2 (PDF, last updated 08 November 2013, 14:53).
• Exercise 3 (PDF, last updated 15 November 2013, 14:08).
• Exercise 4 (PDF, last updated 21 November 2013, 11:08).
• Exercise 5 (PDF, last updated 27 November 2013, 16:46).
• Exercise 6 (PDF, last updated 06 December 2013, 12:06).
• Exercise 7 (PDF, last updated 12 December 2013, 10:55).
• Exercise 8 (PDF, last updated 08 January 2014, 15:54).
• Exercise 9 (PDF, last updated 17 January 2014, 14:12).
• Exercise 10 (PDF, last updated 27 January 2014, 12:42).
• Exercise 11 (PDF, last updated 29 January 2014, 10:52).

Prerequisites

Basic knowledge in cryptography is required.

Contents

Cloud computing is emerging as an almost omnipresent feature on the Internet for a few years now. Providers, like amazon.com, google and others, offer computing facilities, networks and more in a very flexible way and not even expensive. From a commercial point of view it's a win-win for all: providers need computing and network resources for peak situations, but at most times only 10% of these resources are used. Their customers can use these facilities in a flexible way and so may be prepared for huge traffic without having to set up all the physical hardware stuff on their own. Also they need not to maintain software and care for security questions which frees a lot of man power for their very business.

On the other side of the medal we have to face serious privacy concerns. Transport and storage of sensitive data are two solvable issues. Computations with sensitive data in the cloud are a challenge.

The course will try to cover the present design of cloud computing and mostly the related security issues and solutions.

Literature

• BSI:  Security Recommendations for Cloud Computing Providers. (German page, but the paper is available in English.)
• Google Ideas & Arbor Networks: Digital Attack Map.
• Deutsche Telekom. Sicherheitstacho.
• A Google computing center. Streetview. All their locations.
• Raluca Ada Popa, Frank H. Li & Nickolai Zeldovich (2013). An Ideal-Security Protocol for Order-Preserving Encoding. ePrint 2013/129.

Structure

1. Cloud computing & cloud security
   
   • Why?
     • Cheap.
     • Fast. (A mobile device may not be able to...)
     • Large memory.
     • Flexible.
     • Scalable.
   • Why not?
     • Privacy protection.
     • Legal obligations, eg. protection against confiscation of medical documents.
   • What is available?
     • Store stuff "in the cloud", eg. contacts, communication, pictures, blogs, ...
     • Compute "in the cloud", eg. image processing, ...
   • Definitions?
2. Security recommendations (see BSI)
   
   1. Introduction
   2. Cloud Computing basics
   3. Security management by the provider
   4. Security architecture
      1. Data centre security
      2. Server security
      3. Network security
      4. Application and platform security
      5. Data security
      6. Encryption and key management
   5. ID and rights management
   6. Control options for users
   7. Monitoring and security incident management
   8. Business continuity management
   9. Portability and interoperability
   10. Security testing and Audit
   11. Requirements of personnel
   12. Drawing up agreements
       1. Transparency
       2. Service level agreements (SLA)
   13. Data protection and compliance
       1. Data protection
       2. Compliance
3. Security questions
   1. Attack scenario(s).
      1. Security notions for (public-key) signatures and encryption schemes.
      2. Passive and active attackers.
      3. External, internal and insider attackers.
      4. Multi-party scenario: honest, semi-honest, malicious.
   2. Confidentiality, integrity & authenticity from/to the cloud.
      1. SSL/TLS.
         1. Key exchange.
         2. Authentication and PKI.
         3. Symmetric encryption.
         4. Message authentication codes.
      2. IPsec.
   3. Confidentiality, integrity & authenticity during storage.
      1. Public key encryption, hybrid encryption.
   4. Confidentiality, integrity & authenticity during computations.
      1. Virtualization and separation/isolation.
         1. Enforcement.
         2. Verification.
         3. Sealed cloud.
      2. Verifiable computation.
         1. Interactive proofs & zero-knowledge.
         2. PCP.
         3. "Muggles" proofs.
         4. Trusted computing modules (TCM), Trusted platform modules (TPM).
         5. Physically unclonable functions (PUF).
      3. Confidential computation.
         1. Multi-party computations.
         2. Fully homomorphic encryption.
         3. Assisted confidential computation.
            1. Spalka: confidential storage with fast but restricted searching. Indepently, see Popa, Li & Zeldovich (2013).

Allocation

4+2 SWS.

• Master in Media Informatics: Computer and Communication Technology.
  8 ECTS credits.
  Optionally, 3+2 SWS, 6 ECTS credits. On request a breakpoint at about 3/4 of the teaching time will be defined, and only the course material up to that point will be relevant for their exams and grades.
• Master in Computer Science at University of Bonn: MA-INF 3311.
  9 CP.
  Students have to register this course with POS/BASIS.
• Recommendation for diploma students of University of Bonn - Computer Science: A or A1, respectively.

Mailinglist

We will put each member on the mailing list