Bonn-Aachen International Center
for Information Technology





city life
cosec >students >Teaching >Winter 2013/2014 

Topics in applied cryptography: Cloud & More
Advanced cryptography: Cloud & More

This course is listed in Aachen Campus as Advanced cryptography: cloud & more, in Bonn Basis as MA-INF 3311 - Topics in Applied Cryptography: Cloud & More.


Prof. Dr. Joachim von zur Gathen


Michael Nüsken

Time & Place

First meeting: Tuesday, 29 October 2013.

All times subject to agreement in class.


Pre-exam meeting: 10 March 2014, 1100, b-it 1.25.
Exam: 12 March 2014, between 1000 and 1300, b-it bitmax.
Post-exam meeting:  18 March 2014, 1430-1530, b-it 1.25.

exam (repetitions only): 14 April 2014, between 1400 and 1700, b-it 1.25.
Post-exam meeting 2: probably 30 April 2014, 1330-1400, b-it 1.25.


The screen notes (PDF) contain all handwritten stuff (last updated 05 February 2014, 15:45).



Basic knowledge in cryptography is required.


Cloud computing is emerging as an almost omnipresent feature on the Internet for a few years now. Providers, like, google and others, offer computing facilities, networks and more in a very flexible way and not even expensive. From a commercial point of view it's a win-win for all: providers need computing and network resources for peak situations, but at most times only 10% of these resources are used. Their customers can use these facilities in a flexible way and so may be prepared for huge traffic without having to set up all the physical hardware stuff on their own. Also they need not to maintain software and care for security questions which frees a lot of man power for their very business.

On the other side of the medal we have to face serious privacy concerns. Transport and storage of sensitive data are two solvable issues. Computations with sensitive data in the cloud are a challenge.

The course will try to cover the present design of cloud computing and mostly the related security issues and solutions.



  1. Cloud computing & cloud security
    • Why?
      • Cheap.
      • Fast. (A mobile device may not be able to...)
      • Large memory.
      • Flexible.
      • Scalable.
    • Why not?
      • Privacy protection.
      • Legal obligations, eg. protection against confiscation of medical documents.
    • What is available?
      • Store stuff "in the cloud", eg. contacts, communication, pictures, blogs, ...
      • Compute "in the cloud", eg. image processing, ...
    • Definitions?
  2. Security recommendations (see BSI)
    1. Introduction
    2. Cloud Computing basics
    3. Security management by the provider
    4. Security architecture
      1. Data centre security
      2. Server security
      3. Network security
      4. Application and platform security
      5. Data security
      6. Encryption and key management
    5. ID and rights management
    6. Control options for users
    7. Monitoring and security incident management
    8. Business continuity management
    9. Portability and interoperability
    10. Security testing and Audit
    11. Requirements of personnel
    12. Drawing up agreements
      1. Transparency
      2. Service level agreements (SLA)
    13. Data protection and compliance
      1. Data protection
      2. Compliance
  3. Security questions
    1. Attack scenario(s).
      1. Security notions for (public-key) signatures and encryption schemes.
      2. Passive and active attackers.
      3. External, internal and insider attackers.
      4. Multi-party scenario: honest, semi-honest, malicious.
    2. Confidentiality, integrity & authenticity from/to the cloud.
      1. SSL/TLS.
        1. Key exchange.
        2. Authentication and PKI.
        3. Symmetric encryption.
        4. Message authentication codes.
      2. IPsec.
    3. Confidentiality, integrity & authenticity during storage.
      1. Public key encryption, hybrid encryption.
    4. Confidentiality, integrity & authenticity during computations.
      1. Virtualization and separation/isolation.
        1. Enforcement.
        2. Verification.
        3. Sealed cloud.
      2. Verifiable computation.
        1. Interactive proofs & zero-knowledge.
        2. PCP.
        3. "Muggles" proofs.
        4. Trusted computing modules (TCM), Trusted platform modules (TPM).
        5. Physically unclonable functions (PUF).
      3. Confidential computation.
        1. Multi-party computations.
        2. Fully homomorphic encryption.
        3. Assisted confidential computation.
          1. Spalka: confidential storage with fast but restricted searching. Indepently, see Popa, Li & Zeldovich (2013).


4+2 SWS.


We will put each member on the mailing list

[Sorry, you need to enable Javascript to see this.]
. You can also subscribe yourself. The list is intented for all participants of the course as a platform for discussions around the topic. Furthermore, announcements regarding the course are made here.

Imprint, webmaster & more