Download syllabus in PDF

Hello and welcome to CSCI S-49a (2019. Summer 2)! We are looking forward to an exciting summer term with all of you, exploring a range of applied Cryptography and Identity Management concepts and technologies.

Confidentiality, integrity, availability, authentication, authorization, and accountability are the most critical security requirements that serve as the basis for deploying and delivering trustworthy IT applications, and services in enterprises, mobile devices and via Cloud providers. Adopting cryptography and identity management techniques addresses those security requirements, and has become a vital part of all business applications and electronic transactions. This course provides the ground-up coverage on the high-level concepts, applied mechanisms, architecture and real-world implementation practices of using cryptography and identity management techniques applied to Blockchain and Cloud hosted applications and services.

To begin with, the course will examine the fundamentals of cryptography, access control principles, identity management and assurance strategies applied to IT applications and Cloud infrastructure based services.  The course will delve deep in to the use of cryptographic algorithms, mechanisms and applied technologies intended for encrypting data in transit, use, and at rest, managing cryptographic key operations lifecycle,  deploying private blockchain infrastructures (Ethereum/Hyperledger Fabric), integrating public-key infrastructures and certificate authorities, verifying and validating personal, device and host identities with digital signatures, creating directory services, enabling single sign-on authentication, enforcing access control and authorization policies in IT resources,  monitoring, logging and recording audit trails and leading to meet compliance with industry and regulatory mandates.  The course will describe applied cryptography in Blockchain and Cloud infrastructures,  industry standard based services/protocols such as TLS, IPSec/IKE, LDAP, OCSP, SAML, XACML, OAuth2, OpenID Connect (OIDC), and leverage data protection and identity management guidelines set forth by NIST, ENISA and Cloud Security Alliance (CSA).

Class Prerequisites

CSCI E-49 or CSCI E-90 or CSCI E-118 any equivalent. Alternatively, hands-on experience with web application development and/or systems administration using a Cloud provider will be helpful.

If you are registered for this course, please make sure you obtain AWS Educate credit (contact softwarerequest@labstaff.dce.harvard.edu) and gain access to AWS Cloud environment for lab exercises.

General Course Information 

Course Objectives & Outcomes 

Students will learn and develop an understanding of the following:

• Fundamentals of cryptography and its usage scenarios.
• Understand the concepts, guiding principles, applied cryptographic mechanisms used in Blockchain and Cloud infrastructures.
• Design security architectures that assure comprehensive data protection using encryption at all layers of IT infrastructure, enforce end-to-end identity and access management controls, monitoring and auditing processes and compliance with industry and regulatory mandates.
• Use of Cloud-based services and technologies solutions that builds on Public-Key infrastructures (PKI), Cryptographic Key Management Services (KMS),  Certificate Authorities (CA), Cryptographic Hardware Security Modules (HSM), Identity and Access Management (IAM) infrastructures for directory services, identity provisioning, Zero-Knowledge Identity, Web Single Sign-on (SSO), Multi-factor Authentication (MFA) and enabling identity federation across enterprises and Cloud providers.
• Hands-on experience with cryptographic libraries and providers (ex. OpenSSL. JCE)  and Identity Management solutions (ex. Shibboleth, OpenLDAP,/Active Directory, OpenSAML/OAuth2, Google Authentication, OpenID Connect) using a Cloud provider infrastructure.
• Understand emerging Quantum resistant cryptographic methods like Post-Quantum Cryptography (PQC) algorithms and Quantum Key Distribution (QKD)
• Understanding of Security of Cloud Identity and Access Control policies..

Class Meeting Times

• Course start and end dates: July 15, 2019 - August 2, 2019
• Monday – Thursday (6:30 PM – 9:30 PM EST), Science Center Room #105
• Sections will be delivered via Zoom conferencing during weekends of the 3-week course (Saturdays 10:00 AM)

Weekly Topics

Class Exercises & Labs

• For all lab and practical purposes, this course will use "Amazon Web Services (AWS) Cloud Provider" environment. Students are required to register and obtain AWS Educate (Free-tier) account using their Harvard email account (ex. youremailid@g.harvard.edu). If the student already has an account with AWS Educate using Harvard email-id, no action is necessary.
• Students already having AWS Educate account through Harvard but find the AWS credit is running below $25 may contact one of our course TAs for obtaining additional credit.
• For more information, refer to https://www.awseducate.com/
• IMPORTANT: If you are registered for CSCI S-49a, you may contact softwarerequest@labstaff.dce.harvard.edu before the course begins and obtain your AWS credit.
• All students must have access to a notebook computer with Wi-Fi running Microsoft Windows, Mac OS X, or Linux (Ubuntu, SuSE, or Red Hat). For Microsoft Windows users: Administrator access to the computer is required.  Students should familiarize with using Secure Shell (SSH) to access the Cloud environment using SSH clients (ex. Putty) -- Guidance will be provided for those need help.

Questions