Call for Papers

      SSR 2016: 3rd International conference on Security
                   Standardization Research

      5th-6th December 2016, NIST, Gaithersburg, MD, USA

Over the last two decades a huge range of standards have been
developed covering many different aspects of cyber security.
These documents have been published by national and
international formal standardization bodies, as well as by
industry consortia. Many of these standards have become very
widely used - to take just one example, the ISO/IEC 27000
series have become a commonly used basis for managing corporate
information security.

Despite their wide use, there will always be a need to revise
existing security standards and to add new standards to cover
new domains. The purpose of this conference is to discuss the
many research problems deriving from studies of existing
standards, the development of revisions to existing standards,
and the exploration of completely new areas of standardization.
Indeed, many security standards bodies are only beginning to
address the issue of transparency, so that the process of
selecting security techniques for standardization can be seen
to be as scientific and unbiased as possible.

This conference is intended to cover the full spectrum of
research on security standardization, including, but not
restricted to, work on cryptographic techniques (including
security management, security evaluation criteria, network
security, privacy and identity management, smart cards and RFID
tags, biometrics, security modules, and industry-specific
security standards (e.g. those produced by the payments,
telecommunications and computing industries for such things as
payment protocols, mobile telephony and trusted computing).

Papers offering research contributions to the area of security
standardization are solicited for submission to the SSR 2016
conference. Papers may present theory, applications or
practical experience in the field of security standardization,
including, but not necessarily limited to:
* access control
* biometrics
* cloud computing
* critical national infrastructure (CNI) protection
* consistency and comparison of multiple standards
* critiques of standards
* cryptanalysis
* cryptographic protocols
* cryptographic techniques
* evaluation criteria
* formal analysis of standards
* history of standardization
* identity management
* industrial control systems security
* internet security
* interoperability of standards
* intrusion detection
* key management and PKIs
* management of the standardization process
* mobile security
* network security
* open standards and open source
* payment system security
* privacy
* regional and international standards
* RFID tag security
* risk analysis
* security controls
* security management
* security protocols
* security services
* security tokens
* smart cards
* telecommunications security
* trusted computing
* web security

Papers addressing the following more general topics are
particularly welcome:
 * Do standards processes promote complexity that detracts from
 * Are there processes or approaches that can minimize complexity?
 * Are there technical areas in which standards are misaligned
   with the security models developed in research? Studies that
   show areas of misalignment are interesting, as is work that
   aims to improve alignment.
 * How long does it take for good ideas to propagate from
   research to standards to adoption and deployment? How long does
   it take for security problems in standards to be identified by
   the research community? How can we improve communication
   between these communities in order to expedite both of these
 * What is the impact of nationally-driven security
   research on international security standards?
 * Are there cases in which a security standard was done well or
   done poorly? Studies that describe processes that should (or
   should not) be emulated are welcome.
 * Is Open Source replacing security standards development
   organizations, or changing the way that they operate? What are
   the implications on security standards?

Submissions must be original and must not substantially
duplicate work that any of the authors has published elsewhere
or has submitted in parallel to any journal or to any other
conference or workshop that has published proceedings.

All accepted papers will be published in the conference
proceedings, and it is intended that these proceedings will be
published in the Springer-Verlag Lecture Notes in Computer
Science (LNCS) series (, as has been the
case for the two preceding conferences in the series. The
proceedings will be available at the conference. Papers
published in the LNCS series are indexed by both EI and ISTP.

Authors of accepted papers must guarantee that their paper will
be presented at the conference, and at least one author of
every accepted paper must register for the conference.

All submissions will be blind-reviewed. Papers must be
anonymous, with no author names, affiliations,
acknowledgements, or obvious references. A submitted paper
should begin with a title, a short abstract, and a list of

Clear instructions for the preparation of a final proceedings
version will be sent to the authors of accepted papers. Authors
are strongly recommended to submit their papers in the standard
LNCS format (see for
details), with length at most 15 pages (excluding bibliography
and appendices). Committee members are not required to review
more pages than this, so papers should be intelligible within
this length. Submissions not meeting these guidelines risk
rejection without consideration of their merits.

The conference will take place at the NIST headquarters in
Gaithersburg, Maryland, USA.

Papers must be submitted using the EasyChair conference
management system at:
Please send any enquiries to:

Key dates

 Deadline for submissions: Monday, 30 May 2016 (23:59 Hawaii)
 Notifications to authors: Monday, 8 August 8 2016
 Camera ready due:	   Monday, 19 September 2016
 Opening of conference:	   Monday, 5 December 2016

Conference organisation

General Chair

 Lily Chen, NIST, USA

Programme Committee Chair

 David McGrew, Cisco, USA
 Chris Mitchell, RHUL, UK

Programme Committee:

 Colin Boyd, Norwegian University of Science and Technology (NTNU)
 Nancy Cam-Winget, Cisco Systems
 Liqun Chen, Hewlett Packard Labs
 Takeshi Chikazawa, IPA
 Cas Cremers, University of Oxford
 Scott Fluhrer, Cisco Systems
 Aline Gouget, Gemalto
 Feng Hao, Newcastle University
 Jens Hermans, KU Leuven - ESAT/COSIC and iMinds
 Dirk Kuhlmann
 Xuejia	Lai, Shanghai Jiaotong University
 Pil Joong Lee, Postech
 Peter Lipp, Graz University of Technology
 Joseph	Liu, Monash University
 Javier	Lopez, University of Malaga
 Catherine Meadows, NRL
 Jinghua Min, China Electronic Cyberspace Great Wall Co., Ltd.
 Atsuko Miyaji
 Valtteri Niemi, University of Helsinki
 Pascal Paillier, CryptoExperts
 Kenneth Paterson, Royal Holloway, University of London
 Sihan Qing, School of Software and Microelectronics, Peking University
 Kai Rannenberg, Goethe University Frankfurt
 Matt Robshaw, Impinj
 Christoph Ruland, University of Siegen
 Mark Ryan, University of Birmingham
 Kazue Sako, NEC
 Ben Smyth, Huawei
 Jacques Traore, Orange Labs
 Claire Vishik, Intel Corporation (UK)
 Debby Wallner, National Security Agency
 Michael Ward, MasterCard
 William Whyte, Security Innovation
 Yanjiang Yang, Huawei Singapore Research Center
 Jianying Zhou, Institute for Infocomm Research