Items from security-related news (E81.Nov-2007)

IEEE Computer Society Administrative Meetings Week
  and Why the CS Wants You!

by Hilarie Orman and Jon Millen, TCSP

The IEEE Computer Society held meetings of its committees during the first week of November. I represented the Technical Committee on Security and Privacy (TCSP) by virtue of my position as the incoming Vice Chair of the committee.

The Computer Society announced some financial difficultites earlier this year, and by instituting cost cutting measures they have reduced their projected deficit by two-thirds. Further cost reductions are in the works, and there is no imminent crisis. However, the Society would like to increase membership, and each Technical Committee is looking for ways to attract student members, to find the most forward-looking topics in the Committee's core areas, and to reach out to potential members who are not primarily academic.

The TCSP has already taken some steps in these directions through involving its symposia in industry and government sponsorship for student travel to our events and by sponsoring co-located workshops in innovative new areas with the Security and Privacy Symposium. However, we do not spend time educating our attendees about the benefits of membership in IEEE and the Computer Society (except through the structure of our conference registration fees!) Thus, I encourage Cipher readers to consider the benefits of membership, as described by our current TC chair, Jon Millen:

Membership in the Computer Society comes with a free subscription to Computer, the society's flagship magazine. Computer is a resource that practitioners, researchers, and managers can rely on to provide timely information about current research developments, trends, best practices, and changes in the profession.

Another key Computer Society member benefit is access to the IEEE Computer Society Digital Library (CSDL). Get online, unlimited access to the best collection of computing information available anywhere for one low cost.

There are many other benefits, including free access to 1300 online technical courses and 500 IT books and articles. For more information on member benefits, go to [Ed. The Computer Society has not yet learned about tinyurl.]

Join today at You have nothing to risk, as the society will refund your membership dues if you are ever dissatisfied.

There are three new technical committees in the Computer Society now: haptics, nanotechnology, and mobile networking systems. All three are well-connected to their communities through their workshops and conferences. They certainly embody the Computer Society's committment to fostering the best of new technologies.

If you have ideas for activities that you think the TCSP could undertake that would be of interest to you, please let us know. Our email address is "tc curlya" (you may know curlya as "@"). We are, of course, especially interested in volunteers who can help us organize and carry out these events.

NIST Issues Call for a New 'Hash' Algorithm
November 8, 2007

The National Institute of Standards and Technology (NIST) has opened a competition to develop a new cryptographic "hash" algorithm, a tool that converts a file, message or block of data to a short "fingerprint" for use in digital signatures, message authentication and other computer security applications. The competition is NIST's response to recent advances in the analysis of hash algorithms. The new hash algorithm will be called Secure Hash Algorithm-3 (SHA-3) and will augment the hash algorithms currently specified in the Federal Information Processing Standard (FIPS) 180-2, Secure Hash Standard. NIST's goal is that SHA-3 provide increased security and offer greater efficiency for the applications using cryptographic hash algorithms. FIPS standards are required for use in federal civilian computer systems and are often adopted voluntarily by private industry.

FIPS 180-2 specifies five cryptographic hash algorithms, including SHA-1 and the SHA-2 family of hash algorithms. Because serious attacks have been reported in recent years against cryptographic hash algorithms, including SHA-1, and because SHA-1 and the SHA-2 family share a similar design, NIST has decided to standardize an additional hash algorithm to augment the ones currently specified in FIPS 180-2.

NIST issued a Call for a New Cryptographic Hash Algorithm (SHA-3) Family in a Federal Register Notice on Nov. 2, 2007. The announcement specifies the submission requirements, the minimum acceptability requirements, and the evaluation criteria for candidate hash algorithms. Entries for the competition must be received by Oct. 31, 2008. Details about the competition are available at

Media Contact: Ben Stein,, (301) 975-3097