Subject: Electronic CIPHER, Issue 18, November 11, 1996 _/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/_/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/_/ _/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/ ==================================================================== Newsletter of the IEEE Computer Society's TC on Security and Privacy Electronic Issue 18 November 11, 1996 Carl Landwehr, Editor Hilarie Orman, Assoc. Editor Bob Bruen, Book Review Editor ==================================================================== Contents: [2525 lines total] o Letter from the TC Chair o Letter from the Editor Security and Privacy News Briefs: o LISTWATCH: Items from security-related lists, by Mary Ellen Zurko o Tamper attacks draw interest -- how new are they? o IEEE Security and Privacy Glossary: review requested o Next Generation Internet: faster, but more secure? o Productivity Means Virus Prevention? o Set Top Box Subject to US Crypto Export Controls o BSI Offers Free Security Guidelines CD-ROM for Comment o ACM approves Transactions on Information and System Security Commentary and Opinion o JavaSoft "forum" on Java security o Two Good Network Security Texts Reviewed by Bob Bruen Conference Reports: o DIMACS Trust Management Workshop by Clifford Kahn o New Security Paradigms WS by Mary Ellen Zurko and Cristina Serban o IFIP WC on Comm. and Multimedia Security by Alexander Roehm New reports available via FTP and WWW Interesting Links: Ping o' Death, Privacy Forum Who's Where: recent address changes Calls for Papers Reader's guide to recent security and privacy literature o Conference Papers: 12th ACSAC, 19th NISSC, ASIACRYPT '96, DIMACS TM wkshop, HASE '96 o Journal and Newsletter articles o Book Calendar Data Security Letter subscription offer >>>>>>>>>>>>>How to join/renew your TC Membership at no cost!<<<<<<< >>>>>>>>>>>>> PLEASE RENEW TODAY USING THIS FORM <<<<<<< Publications NOT for sale TC officers Information for Subscribers and Contributors ____________________________________________________________________ Letter from the TC Chair ____________________________________________________________________ Dear TC members, Autumn is a busy season for our TCSP. Here are a few dates to remember: o Reviewers needed for Computer Security and Privacy Glossary IEEE is preparing a Glossary of Terms under IEEE Standards Project P610. The Glossary on Security and Privacy Project, P610.9, requests volunteers from our TC on Security and Privacy to provide expert review during the month of November 1996. The Glossary has 19 Keyword Groups covering about 500 terms. Volunteers are needed to review one or more of the Keyword Groups. For more information on this effort and the IEEE Point of Contact, see Reviewers Requested for IEEE Standard P610.9 in this issue of Cipher. Do not send requests to Cipher or the TCSP Officers. o Did You Remember to (Re-)Enroll in the TCSP? From time to time, the IEEE updates the Technical Committee (TC) membership database and culls old records. To remain in our database of TCSP members, you must submit a membership application to IEEE Computer Society by December 31 of this year. If you have not already done so, please complete and submit the membership application in this issue of Cipher (How To Join the TC on Security and Privacy), or at http://www.computer.org/tab/tcapplic.htm for the fax or e-mail version, or http://www.computer.org:80/tab/Tcappli1.htm if you have a forms-enabled browser, as most are these days. Send your applications to the IEEE Computer Society (and not to Cipher or the TCSP Officers). Our TCSP no longer keeps its own membership list so we need you to register with IEEE Computer Society in order to keep our membership list current and complete. o Proceedings of the October Meeting of the TCSP Some items of note from the recent TCSP meeting, held at the NISSC in Baltimore: 1) The due date for submitting papers for the 1997 Symposium on Security and Privacy has been extended to December 2, 1996. See the 1997 IEEE Symposium on Security and Privacy Call For Papers in this issue of Cipher. 2) The due date for submitting papers for the November 1997 IEEE Software Magazine Special Issue on Security and Privacy is this November. This is a great opportunity to reach a much larger and broader audience of readers. For details, see the Call For Papers in this issue of Cipher. The next meeting of the IEEE Computer Society Technical Activities Board will be in mid-November. As your representative on the Board, I welcome your inputs. Send mail to dmcooper@ix.netcom.com. In particular, we will be reviewing how IEEE Computer Society can better serve its members and the technical community. o Special Thanks There are many unsung heroes in our TCSP. Special thanks to Tom Berson of Anagram Labs for his help with the IEEE Symposium on Security and Privacy. We continue to be indebted to the editors and volunteer contributors to Cipher who make our TCSP newsletter an outstanding success. There is always a need for more volunteers so if you have the time and spirit, become involved. Deborah M. Cooper TCSP Chair ____________________________________________________________________ Letter from the Editor ____________________________________________________________________ Dear Readers, Welcome to Bob Bruen, who has agreed to edit Cipher's previously dormant book review section. In this issue he contributes reviews of two recent books on network security, and I am hoping for more reviews in future issues. If you have books to suggest, or you would like to assist him, you can write him at bruen@mit.edu. Here are a few news tidbits that I didn't have time to include as full stories: US non-counterfeitable Social Security Card studies: the Welfare Reform Bill of 1996, now enacted as P.L. 104-193, directs the Commissioner of Social Security to develop a prototype counterfeit- resistant social security card that will be: (A) be made of a durable, tamper-resistant material such as plastic or polyester, (B) employ technologies that provide security features, such as magnetic stripes, holograms, and integrated circuits, and (C) be developed so as to provide individuals with reliable proof of citizenship or legal resident alien status. Prompted by a lawsuit filed by the ACLU against the state of Georgia, which has passed a law imposing criminal penalties on certain kinds of Internet communications, including some kinds of anonymous messages, the Washington Post noted editorially that 11 states have passed statutes restricting "Internet behavior" and wondered exactly who is covered by these laws -- people within the particular states? all traffic passing through them? The editorial hypothesized that the more local legislation is passed, the stronger will be the demand for anonymous remailers. Crypto policy debates and activities: although several major companies agreed to get on board with the administration's Key Recovery program, others resisted. As of this mailing, no actual Executive Order has been released that would implement the announced policy, but it has been reported that the administration will name an official who will have the responsibility for marshalling international support for the policy. Japan announced that, under the Wassenaar Arrangement on Export Controls (successor to COCOM), it would lower the threshold above which government approval for crypto export orders is required from the previous $91,000 to about $450. The Internet Architecture Board and the Internet Engineering Steering Group protested the key recovery plan, saying that any type of escrow system would "inevitably weaken the security of the overall cryptographic system, by creating new points of vulnerability that can and will be attacked... Sound cryptographic practice dictates that users never reveal their private keys to anyone, even a certification authority." The White House has asked the Federal Networking Council Advisory Committee to come up with recommendations on information security issues, including the key recovery plan. A Draft Treaty on Intellectual Property in Respect to Databases, prepared under the World Intellectual Property Organization (WIPO) drew considerable comment and criticism. The primary concern seems to be that scientific and technical data currently available to researchers without charge under fair-use exemptions may, under the proposed treaty, become accessible only via databases that charge for every access. Further information, including a copy of a letter from the heads of the National Academy of Sciences, National Academy of Engineering, and the Institute of Medicine to the Secretary of Commerce is available at http://ksgwww.harvard.edu/iip/intellec.html Thanks to the many contributors whose names you will find throughout the issue; they have been so generous this month that I won't take up any more space here, except to urge all Cipher readers to keep the contributions coming. Carl Landwehr Editor, Cipher Landwehr@itd.nrl.navy.mil ____________________________________________________________________ SECURITY AND PRIVACY NEWS BRIEFS ____________________________________________________________________ ____________________________________________________________________ LISTWATCH Security-Related News Items from Security-Related Mailing Lists by Mary Ellen Zurko, OSF Research Institute (zurko@osf.org) ____________________________________________________________________ This issue's highlights are from privacy, www-security, e$pam, risks, tbtf, ietf-tls and dcsb. A search engine called "Magellan Internet Guide" (http://www.mckinley.com) offers an option called Search Voyeur (exactly what I felt like), which displays a continually updated list of "20 randomly selected real-time searches that users like you are now performing on Magellan" (like me?). I was treated to several selections including "nude celbs", "how can meet tory aikman", "high school bands", "europiccola", "floral design projects", and "sexual harassment policy". Searches can clearly include worrisome information like personal names, and it's not clear from the home page (if you're just intent on issuing a search) that your search parameters could be broadcast to the Net. A bug in Netscape 3.0 (fixed in 3.01) allowed a web page with Javascript to send email (along with the configured email address) without warning the user. Discussion again brought up the need for more levels of defense (beyond disabling Javascript) such as signed applets. There was a lot of discussion about the significance of the cryptanalytic DES (and 3DES) attack announced by Biham and Shamir, which is a theoretical attack based on inducing faults via physical access (such as with microwave radiation). The concern is mostly about smartcards, and the attack was compared to other sorts of fraud that is tolerated with other kinds of payment mechanisms (cash, check, credit cards). An experiment verifying the theoretical results would raise the level of concern somewhat. They announced follow-up research on discovering secret keys even when the operation of the cryptosystem is unknown (such as with Skipjack). [For references to papers on this topic, see following news item -- CEL] Another challenge to ITAR based on freedom of speech is being raised by Peter Junger, a law professor at Case Western Reserve University. He argues that he can't even discuss the legality of ITAR in the presence of non-US students as the law is written (http://sun.soci.niu.edu/~cudigest/CUDS8/cud870). Discussion on the IETF's Transaction Level Security (TLS) working group centered on overall strategy and authentication methods. There is pressure to produce a document, and a cleaned-up version of SSL v3.0 would be easy and useful for future SSL developers. Proposals have been advanced for adding secret key authentication and Kerberos to TLS 1.0. Proponents cite practical deployment issues; opponents worry that weakness in chosen passwords or secret key schemes could damage the percieved strenght of TLS. Microsoft distributed a CD-ROM with a document infected with the WAZZU.A Word Macro virus at an exhibition in Switzerland. Even when MS officials were made aware of this virus, the CD-ROM continued to be distributed, and the document was available for downloading from a Web site. A Dallas judge has issued what is thought to be the first injunction delivered via email and usenet. "It's our position that under Texas state law whenever a person has knowledge of an order, that is sufficient notice," one of the attorneys in case said. For those of you who subscribe, the URL is http://www.nytimes.com/library/cyber/week/1017harass.html. Privacy Assured, which is a pilot program of the Electronic Frontier Foundation's eTrust project, will post its blue PA logo on Web sites that adhere to its standards. These standards include: not knowingly listing information about individuals that has not been volunteered for publication; not allowing reverse searches to determine individuals' names from e-mail addresses, phone numbers or other information; releasing only aggregated usage statistics, not individual information; and giving individuals the option to delete personal information from lists. Adam Shostack shared information derived from his real-world experience with code reviews. They find security & reliability bugs at about one per 20-50 lines of code, which is dropping to closer to one per hundred as he distributes copies of code review guidelines he wrote (www.homeport.org/~adam/review.html). Reviewing superficially takes about an hour for 500-1000 lines of commented code. A deep review to find tricky problems can take much longer. They've found that a review team of fewer than 4 people is less effective at finding problems. Reviewing more than about 2000 lines of code (2-3 hours) in a day can cause burn-out. The latest Clinton administration proposal for "key recovery" caused a lot of discussion. The proposal would still include communication keys, which are unnecessary for the recovery of data that is stored encrypted and only useful for the monitoring of communications. The main issue is privacy of these communications. It is still not clear what key recovery mechanisms the market would produce, since the government will have to approve of key recovery plans before allowing 56 bit encryption to be exported. Nonetheless, it's the first proposal with a carrot component, and many companies have announced that they intend to comply. Apple, often cheered in privacy advocate circles, has announced they will comply (along with IBM, Digital, RSA, and others), while Microsoft, often reviled in the same circles, is holding out (along with Netscape). Mitsubishi Electric Corp. said it has released the design principles and a sample program for its proprietary data encryption algorithm MISTY (http://www.melco.co.jp/rd_home/new/crypt_e.html). Proprietary encryption algorithms have a poor reputation in the cryptographic community, since they are often written by cryptographers with little experience, and many cryptographic algorithms have flaws that are only discovered after extensive and lengthy (years) peer review. I was not able to find the location of this information. Rumor has it that one or more spoof sites were able to take advantage of the syntax issues of URLs. Bob Dole announced a site at something like dole-kemp96.com at the end of one of the debates. Some variant of trying with and without the hyphen and using org instead of com got you to a spoof site. I can no longer find any spoofs, and both dolekemp96.com and dolekemp96.org look fairly legitimate. Dallas Semiconductor announced something called an iButton, which can be used for authentication. There were concerns raised over its random number generator and PIN protection. A co-worker showed me one embedded in a plastic ring, and it definitely evoked a "Captain Crunch Decoder Ring" feel, which made me want one. Jeff Schiller, IETF Security Area Director, formally recommended to the IPSEC working group that the mandatory key management protocol for IPv6 be ISAKMP/Oakley, and that SKIP be optional. ____________________________________________________________________ Tamper attacks draw interest -- how new are they? ____________________________________________________________________ The announcement in late September by Bellcore researchers of an attack on smart card security based on causing failures in the card (see Cipher EI #17) has been followed by several papers on attacks based on introducing faults into crypto systems, one from by Biham and Shamir in Israel, another by a group of researchers in Singapore, and a third from Ross Anderson proposing a tamper attack on DES. In addition, Ross Anderson and Markus Kuhn have posted a paper documenting various kinds of attacks on tamper-resistant devices, including one successful attack on a smartcard currently in circulation. At this writing, the Bellcore paper still seems available only as a press release. Finally, Paul Kocher contributed a note to the RISKS forum suggesting that these kinds of attacks are far from new. * Bellcore press release http://www.bellcore.com/PRESS/ADVSRY96/medadv.html * Biham - Shamir differential fault analysis (DFA) paper http://jya.com/dfa.htm * Another New Attack to RSA on Tamperproof Devices by Bao, Deng, Han, Jeng, Nagir, and Narasimhalu, summary note: http://www.itd.nrl.navy.mil/ITD/5540/ieee/cipher/news-items/961029.sgtamper.html * Anderson note on DES attack, distributed to Best-of-Security http://www.itd.nrl.navy.mil/ITD/5540/ieee/cipher/news-items/961102.rjaDES.html * Anderson and Kuhn paper on the limits of tamper resistance. http://www.cs.purdue.edu/homes/kuhn/anderson-kuhn-tamper.ps.gz or http://www.cl.cam.ac.uk/users/rja14/tamper.html * Paul Kocher's note to RISKS Vol. 18, No. 57. http://www.itd.nrl.navy.mil/ITD/5540/ieee/cipher/news-items/961105.PKdfa.html ____________________________________________________________________ Reviewers Requested for IEEE Standard P610.9: Glossary of Computer Security and Privacy Terms ____________________________________________________________________ The IEEE Computer Security and Privacy Glossary is currently in preparation, under IEEE Standards Project P610.9. The Glossary has been divided into a number of groups of terms, each of which is designated as a Keyword Group. Each keyword group contains up to several dozen terms, which are related to a common theme within the scope of the Glossary. Terms have also been included from a number of glossaries that have been compiled in the past. The IEEE Computer Dictionary, when completed, will contain a compendium of several such glossaries. Members of the IEEE Technical Committee on Security and Privacy are invited to review one or more of the keyword groups within the Security and Privacy Glossary. We ask only that you complete your review in a timely manner and return your comments, since the Glossary is now nearing completion. Send inquiries to: Bennett Meyer Project Leader, P610.9 Email: ben.meyer@ieee.org Please include your name, organizational affiliation, mailing address, email address, and phone number with your request, along with the names of the Keyword Groups you would like to review. The complete list of keyword groups is given below. IEEE COMPUTER SECURITY AND PRIVACY GLOSSARY, KEYWORD GROUPS KEYWORD GROUP NO. OF TERMS ============= ============ 1. Access concepts 50 2. Administrative security 22 3. Security assessment 38 4. Channel concepts 10 5. Communications security 32 6. Copy protection 27 7. Emanations security 6 8. Encryption 57 9. Erasing/overwriting 12 10. Formal verification methods 32 11. General 23 12. Hardware/software methods 67 13. Security levels/modes 84 14. Passwords 22 15. Physical security 8 16. Security policies/principles 13 17. Security threats 63 18. Trusted computing base 17 19. Types of security 26 Cipher readers may also be interested in the two-volume Unified Glossary of Security and Privacy Terms distributed gratis at the recent NISS 19 conference and (sometimes) available for online searching (see New Reports Available by FTP and WWW). ____________________________________________________________________ Next Generation Internet -- Faster, But More Secure? ____________________________________________________________________ On October 10, the Clinton administration announced a "Next Generation Internet" intended to connect universities and research labs with high speed networks from 100-1000 times faster those currently in use. The administration's press release, available at: http://www.iitf.nist.gov/documents/press/internet.htm suggested a variety of technologies and applications that might be the subject of experiments on the NGI, including health care, national security, distance education, and so on. "Software to assure reliability and security of information transmitted over the Internet" is listed last in a list of eight example technologies to be "identified and deployed" in the NGI to "help the Internet continue its exponential rate of growth." Identifying and deploying technologies does not seem to imply developing them. The administration plans to reallocate $100M of FY98 funds, $70M from the defense budget, to initiate the program. The funding will apparently flow into the budget of the High Performance Computing and Communications (HPCC) initiative, which has not been a strong contributor to security technology in the past. ____________________________________________________________________ Productivity Means Virus Prevention? ____________________________________________________________________ Each week, The Business Section of the Washington Post includes a list of top selling software packages in some particular category, such as entertainment, education, or "productivity" based on reports from stores in the local area. In the past month, both times productivity software has been highlighted, the top selling package listed was a virus scanner, beating out Netscape Navigator, Windows 95, and a variety of other popular packages. In addition, three of the top ten sellers were antivirus packages. ____________________________________________________________________ Set Top Box Export Subject to US Crypto Export Controls ____________________________________________________________________ A $300 set-top box being built in the U.S. by Sony and Philips Electronics that encrypts communications between the box and its server with 128-bit keys has consequently been classified as requiring a special export license, according to a report by John Markoff in the New York Times, November 8. If the box incorporated the new "key recovery" scheme that the administration announced in early October (see Cipher EI #17), the 128-bit crypto would not be a bar to its export. Or, if the producers could show plans to implement a key recovery sceme, they would presumably be permitted to export a version that restricted itself to using 56-bit keys. ____________________________________________________________________ BSI Offers Free 'Guidelines for Management of IT Security' CD-ROM For Comment ____________________________________________________________________ Carsten Schulz of the German Information Security Agency has sent the following offer to Cipher readers: IT Baseline Protection Manual 1996 GISA (the German Information Security Agency, also known as BSI, which is the German abbreviation) was founded in 1990. One of its tasks is the counselling and support of governmental agencies, companies, etc. about all questions of IT security, especially about how to develop IT security concepts. The activities of counselling and support also include the task to develop and improve methods for the development of IT security concepts. For this, up to now, mainly the method of detailed risk analysis is used. Performing a detailed risk analysis has the advantage that the safeguards selected following such a review are appropriate for the security requirements of the IT system considered. The disadvantage of this approach is that it is very time-consuming, and needs a lot of expertise to obtain best results. But these detailed considerations and results are really necessary only in case of high protection requirements. For all other cases, i.e. IT systems with low or medium protection requirements, the implementation of standard security safeguards is very often sufficient. This idea is known as baseline protection or as the application of codes of practice. The combination of using a detailed risk analysis where necessary, and a baseline approach where appropriate, offers the chance to minimise efforts and to achieve optimal results. This combined approach is also recommended in the 'Guidelines for the Management of IT Security' developed in ISO/IEC JTC1/SC27/WG1, and is used within companies and federal agencies. To realise these baseline ideas within Germany, GISA published a first version of the IT Baseline Protection Manual in 1994. This manual recommends IT security safeguards which are adequate and sufficient for medium-level protection requirements. For developing this manual, GISA estimated the risks on the basis of known threats and vulnerabilities and recommended countermeasures against these risks. The threats and safeguards are described in detail in attached catalogues. This serves to compare the actual security status with the recommended baseline safeguards. Threats and recommended security safeguards are summarised in generally applicable components, like organisation, personnel, contingency planning, data protection, infrastructure, cabling, server room, storage media archives, as well as in IT specific modules, like DOS personal computer, UNIX system, Laptop PC, server-based PC network, UNIX Network, data transmission systems, telecommunications system, firewalls, etc. For the version to be published 1997, modules about Windows NT (stand alone, client-server, and peer-to-peer), Novell-Netware, and Windows 95 are being developed. The recommended safeguards are economic and easy to implement. Furthermore, the description of each safeguard contained in the catalogues gives advice concerning responsibilities, implementation and audits. When using the IT Baseline Protection Manual, existing IT systems can be described by a combination of appropriate modules (contained in the chapters of the manual), which contain the recommended safeguards. Hence, the selection of safeguards can be accomplished by a simple comparison between already existing and recommended safeguards. This year, the IT Baseline Protection Manual is published on CD-ROM (German: html format, English: Winword2 format). It is planned to publish the English version also in HTML format in 1997. Maybe you would like to know more about the IT Baseline Protection Manual or to use it yourself. Fortunately, we can offer cost-free CDs at the moment, as long as stocks last. The IT Baseline Protection Manual is mainly written to be used by industry, governmental organisations, and anybody else having a professional interest in IT security. If you would like to order a CD, please send a short mail to the address given below. We will reply by sending you a registration form to be filled and sent back. After receiving the form, we will deliver the CD. We would like to ask all users of the IT Baseline Protection Manual to tell us their opinion, criticism, and suggestions for improvement and corrections. These suggestions will help the future development of the manual. Please contact: schulz@bsi.de ____________________________________________________________________ ACM Approves Transactions on Information and Systems Security ____________________________________________________________________ The Association for Computing Machinery's Publications Board has approved a new Transactions on Information and Systems Security, (TISSEC), according to the ACM Membernet newsletter. The ACM plans to publish the first issue of the new journal in January, 1998. Ravi Sandhu will serve as the publication's editor; the editorial board has not yet been announced. ____________________________________________________________________ COMMENTARY AND OPINION ____________________________________________________________________ ____________________________________________________________________ JavaSoft hosts "forum" on Java security ____________________________________________________________________ Marianne Mueller of JavaSoft invites Cipher readers to review comments by David Presotto, Bill Wulf, Peter Neumann, and moderator Ed Felton on the security (or lack thereof) provided by Java and its supporting environment at http://java.sun.com/forum/securityForum.html. This forum was posted in early October, and it includes some interesting discussion, including a frontal attack on the notion of a Trusted Computing Base by Bill Wulf. The forum also announces that JavaSoft is working with Blackwatch Technology, Inc. on the Java Security Reference Model, and with Computational Logic, Inc. on developing a formal model of Java semantics. You are invited to submit your own views for possible inclusion to forum@java.sun.com, though no additions have been posted to the forum since it first appeared. (Feel free to copy Cipher on your submissions!) ____________________________________________________________________ Reviews of two good textbooks on networks and security by Bob Bruen, Cipher Book Review Editor ____________________________________________________________________ Stallings, William. Network and Internetwork Security: Principles and Practice. Prentice-Hall & IEEE Press. 1995. 462 pages. Glossary, bibliography (183 entries), index, chapter appendices, standards citation list. LoC TK5105.5.S728. ISBN 0-02-415483-0. IEEE ISBN:-0-7803-1107-8. $58. ---------------- William Stallings has had numerous books published over the years. This recent addition to the network security field is a textbook covering some of the required basics. It has two major divisions, principles and practice. Principles are encryption, public keys, authentication and a chapter on intruders, viruses and worms. Practice covers crypto algorithms, authentication, email and SNMP. There is also an excellent overview of network security preceeding the two main divisions and he has provided a large number of illustrations, graphs, diagrams and even the list passwords used by the infamous Morris worm of 1988. Since this is a textbook, there are problem sets at the end of each chapter. He also does something I appreciate in a book, he puts recommended reading at the end of each chapter so that you have a subject bibliography, but he also includes all the reading in one large bibliography at the end of the book. Most author choose only one approach which limits its usefulness. Each chapter has several appendices that either provide the related math or an in depth discussion of particular topics that are helpful, but not necessary for understanding the chapter. For example, the chapter on public-key cryptography has an appendix to introduce number theory and one that covers the complexity of algorithms. The chapter itself covered the definition of PKs, RSA and key management. The chapter on conventional encryption has a five page, detailed explanation of the birthday attack as its appendix. His chapter on email security only includes PGP and PEM descriptions, but they are good introductions. The chapter on authentication includes a brief, but clear, twenty pages on Kerberos. The same chapter explains the Diffie-Hellman key exchange in a way that symbolizes his style throughout the book. He does not use Alice and Bob, but instead focuses on the algorithm, so you see more of "a mod p" in his text. While this is not a criticism of his style, it is an observation that differentiates his book from some other books. The LUC public-key algorithm, along with its basis, large integers in a Lucas sequence, has almost ten pages devoted to it. Schneier(1996) gives only one page to it saying it is not more secure than RSA and he does not trust it. LUC seems to be less commonly discussed than other algorithms which makes this a useful introduction. Another helpful contribution of Stalling is that SNMP gets a whole chapter at the end of the book, helping to round out the topic of network security. This book is useful for academic courses and for anyone looking for a good introduction to network security. Kaufman, Charlie, Radia Perlman and Mike Speciner Network Security: Private Communication in a PUBLIC World Prentice-Hall PTR. 1995. 504 pages. Bibliography (143 entries), glossary, index. ISBN 0-13-061466-1. $48. ------------------------ Network Security is another textbook for the security aware individual. It is divided into four main topics, Cryptography, Authentication, Electronic Mail and Leftovers. While covering the topics properly, it aims to educate the reader more about how the communications work with the math included when necessary instead of by default. The discussions of procedures with the math are included in the text and not as appendices. The Leftovers are interesting tidbits such as Lotus Notes, Microsoft, DCE and Clipper. This book brings out issues in addition to explanations, for example, the question of whether to publish cryptographic algorithms so that even the bad guys can see them, and the controversy over how many bits of key should be allowed for export. The introductory chapter presents network basics, firewalls, key escrow and the military model of security. The section on cryptography goes into the basic definitions, secret key cryptography, hashing and message digests, public keys and number theory. There are homework problems at the end of each chapter. Since so many subtopics are covered, some of them are covered rather quickly. The section on authentication covers authentication of systems and people, handshake pitfalls and Kerberos. The Kerberos chapters are slightly longer than might be expected in a survey work like this, compared to other topics, but the detail is certainly welcome. Both Kerberos4 and Kerberos5 are included. Electronic mail is the last major section with chapters on email security, PEM, PGP, and X.400. These are good introductions if you did not know what any of these are or you wanted to see some of the underlying message and object formats. These are mainly definitions of the structures and ideas, but not a user's view of how to make them work. This book, too, is useful for academic courses and for anyone looking for a good introduction to network security. Comparison ---------- Comparing Stallings and Kaufman first demands a disclaimer. The books are more complementary than competitive, in spite of the fact they both cover the same general area. Each has a different approach, each gives different weights to the same topics and each includes topics the other does not. Some of the more notable comparisons, for example, the Stallings book is about 10% shorter than the Kaufman book and seems to have more illustrations. Stallings has more items in the bibliography (183 vs. 143), and surprisingly, the overlap is not very large between the two. The Kaufman glossary has over 200 items with acronyms within it, while Stallings has over 50 items plus about 30 acronyms in a separate list. The overlap is again a smaller set than expected. The biggest difference is in the amount of attention Kerberos receives, four times greater in Kaufman. Stallings is geared towards algorithm description, hence more math, and Kaufman uses the Alice&Bob approach to explain topics. Kaufman has afforded space to issues such as key escrow and other legal problems. Kaufman covers MD with more history than Stallings which only covers MD4 and MD5. Kaufman does not cover differential and linear cryptanalysis which Stallings includes in the DES section, but Kaufman covers IDEA with DES, Stallings does not. Stallings covers LUC, Kaufman does not, but Kaufman covers El Gamal, and Stallings does not. Diffie-Hellman is more treated more in depth in Stallings. Kerberos, PGP and PEM get whole chapters in Kaufman, but Stallings has only sections. However, PGP in Kaufman has only two thirds the number of pages that Stallings has. PEM gets over forty pages in Kaufman, Stallings only gives it twenty. Kaufman also has a three page comparison of PEM, PGP and X.400. Both cover number theory, Euclid and Euler and give good surveys of cryptography. Stallings devotes more attention to primes than Kaufman, and is a little more readable, but he does not cover the Chinese Remainder Theorem as does Kaufman. Kaufman includes the number theory discussion in the text of the chapter instead of in an appendix as does Stallings. Finding big primes is given some more attention in the discussion of RSA in Kaufman. Except where a topic is given only brief attention, for example, the birthday attack in Kaufman is only a side bar, whereas Stallings gives it five pages, the explanations are pretty much equally good. Individual preference would probably determine which approach is more easily read and understood, but neither book should be criticized for technical reasons. Both should be considered for additions to your bookshelf. ______________________________________________________________________ CONFERENCE REPORTS ______________________________________________________________________ ______________________________________________________________________ Report on DIMACS Workshop on Trust Management by Clifford Kahn, The Open Group Research Inst. (ckahn@opengroup.org) ______________________________________________________________________ The DIMACS Workshop on Trust Management in Networks was held in South Plainfield, NJ from 9/30/96-10/2/96. Trust management is authentication and access control. The conference organizers say that those two standard concepts need to be lumped together. They say applications don't want to know the name of the remote principal. Applications just want to know whether the remote principal is OK, authorized, trusted. There are no proceedings. Abstracts can be found at http://jya.com/dimacs.txt GENERAL SECURITY SYSTEMS Four general security systems were debated at the conference. I will describe them, then review the big debates. They are: a) Simple Distributed Security Infrastructure (SDSI) b) PolicyMaker c) Simple Public Key Infrastructure (SPKI) d) X.509v3 X.509v3 ------- Steve Kent (BB&N) presented. The central concern of X.509 is authentication, not access control. X.509 is an ISO standard, part of the X.500 Directory series. A principal has a global name, like: C=US O=The Open Group OU=RI CN=Clifford Kahn X.509 certificates bind public keys to names. The X.509 standard does not say what trust to extend to each introducer, or "certification authority". But in the culture surrounding X.509, there is much reliance on a few well-known and trusted introducers--global certification authorities. [Another model with some good properties is roughly: trust your own ancestors and the other principal's ancestors as introducers.] X.509 is widely deployed. NetScape, Internet Explorer, Secure Electronic Transactions (SET), etc. X.509v3 provides for extensions, which can be used for authorization purposes. A certificate could, for example, designate someone as an officer of a corporation. Simple Distributed Security Infrastructure ------------------------------------------ SDSI is a proposal by Butler Lampson (Microsoft) and Ron Rivest (MIT). Lampson presented. SDSI provides for both authentication and access control. A group can consist of any set of principals--one from this company, three from that university. Groups can be defined as intersections and/or unions of other groups. Principals have names, generally. (Anonymous access is also possible.) Each principal defines its own name space for principals it knows about. This name space can contain symbolic links to other peoples' name spaces. The consensus at the conference was that if principals were going to have names, SDSI had the right approach to names. A principal can certify only names in its own name space. This is similar to the "only trust ancestors" rule. SDSI certificates have meanings expressible in English, a valuable rule so that humans can know what they are signing. In SDSI each certificate states its own revocation policy. SDSI is "an artful combination of well established ideas," says Lampson. Two implementations are due later this year. PolicyMaker ----------- PolicyMaker is work of Matt Blaze, Joan Feigenbaum, and Jack Lacy (AT&T Laboratories). Blaze presented. A certificate contains an executable program, a boolean function OK(A). A is an app-specific description of the action requested. If the keys match, the function is called. The function must be in a safe language. Right now that language is awkward, a safe version of awk. The function can impose authentication rules. Examples: - There can be only k introducers in a chain. - The principal must be vouched for by at least two independent chains of introducers. The function can make application-specific checks. Example: Yes if it's under $500. How real users control access to their resources with PolicyMaker is "an open question". PolicyMaker is available and is being used by researchers, who love its flexibility. Simple Public Key Infrastructure -------------------------------- SPKI is a draft IETF standard, being led by Carl Ellison (CyberCash). Ellison presented. SPKI has no names, in general. A certificate declares that a key's holder is allowed to do a particular thing. Examples: - telnet into a particular account on a particular host - read a certain directory and everything in it BIG DEBATES Should we identify a principal by name or by key? Should certificates be programs? Should we use X.509 or not? Identify Principal by Name or Key? Should we identify a principal by name or by key? ------------------------------------------------- Claim: An application doesn't want to know the name of the requestor. An application wants to know whether the requestor is allowed to do what it is asking to do. The security subsystem should answer that question. Names are beside the point. (This is the position of Blaze, Feigenbaum, and Lacy, among others.) What of security management? When granting someone access, should we identify them by name? Names are ambiguous. To resolve the ambiguity, you have to go out of band. If you're going out of band anyway, why not transmit a key out of band? So runs the argument. Ellison's view: before granting someone access, you should authenticate them in person and get their public key. Ellison works for CyberCash. It was observed that even credit card companies don't do what he recommends, much less publishers granting access to a document, etc. Steve Kent's view: when you use account numbers as names, there is no ambiguity. Forget having a single name for each person. "Let a thousand CAs bloom." Lampson's view: you need names for auditability. People need to be able to check whether the access controls are right. Should Certificates Be Programs? -------------------------------- Lampson: "The whole point of the security framework is to abstract drastically down from the full complexity of the application." With PolicyMaker, nobody will understand the security system. Specialized checks should be in the application, not in the certificate. Q: When a resource owner wants to grant someone access in PolicyMaker, what does he/she do? Write a program? A (Blaze): It's an open question. - Template policies? - A GUI for building these programs graphically? And: "I'm not concerned with whether the average COBOL programmer can produce certificates." Much less with whether the end user can do so, apparently. X.509 or Not? ------------- Anyone who thinks principal names are useless thinks X.509 is useless. That aside, X.509 notation is really ugly, hard to generate and decode. On the other hand, X.509 is widely deployed. In practice its cumbersomeness can be hidden from users and mostly from programmers. There is a big problem only if (as Ellison observes) one is trying to process X.509 certificates in a very small processor, such as a smart card. SPKI is designed to accommodate such small implementations. SOME OTHER TOPICS I don't cover every talk, just a selection. Trust Management in Web Browsers, Present and Future Ed Felten (Princeton University) -------------------------------- What can the user do about evil executables? Three alternatives: 1. Shrink wrap and trust. 2. Limit the app and don't trust. (Java's approach.) 3. Like 1, but delegate the trustworthiness decision to someone: an ISP, a corporate DP office. The warnings that web browsers emit about downloading apps amount to the "shrink wrap and trust" model: they ask the user to decide whether the source is reliable. The warnings are invisible to most people, "like a fly they swatted". Ed ran an experiment and confirmed this intuition. Approach 2 (Java's) can be made better if we empower applets more. For example, let them store an initialization file, but restrict its name (\AUTOEXEC.BAT should be rejected). Felten believes in a hybrid of these approaches. Rating of applets and pages by a rating agency ---------------------------------------------- WWW Consortium people described a system whereby rating agencies can rate Web pages for safety, much as they now rate them for pornography and violence. Users can decide which rating agencies they want to believe, perhaps even pay for the service. The porno and violence ratings are not generally signed today; it hasn't been necessary. Safety ratings would have to be signed, which means more infrastructure. Secure Time Stamps Stuart Haber (Bellcore) ----------------------- The obvious (after a bit of thought) way to do secure time stamps is to take a secure hash of a document and send it to a time-stamping server. The server then signs a certificate saying it witnessed the hash at a particular time. But the server has to be trusted. There's a way to do secure time stamps without adding a trusted server. A company publishes a secure hash each week in the New York Times. The point is that the hash is widely witnessed. Anyone can verify the hashes. Trust Management in ERLink Samuel I. Schaen (Mitre) ------------------------ The Federal government is moving to use the Web for emergency response, eg, to natural disasters. This poses a whole set of problems, like keeping the web servers from being swamped by the general public, and reserving their bandwidth for emergency workers. There is also a great need for both access control to prevent fraud and such, and for flexibility to allow emergency workers to get the job done. Untrusted Third Parties: Key Management for the Prudent Mark Lomas (Cambridge University) --------------------------------- Lomas showed how to tighten up protocols so that misbehaving certification authorities would be easier to catch. For example, the certification authority and the revocation authority would be separated. Trust Management for Mobile Agents Vipin Swarup (MITRE) -------------------- Swarup seemed to have a sophisticated and appropriate security model for mobile agents. He also presented ideas about how to achieve safety--how to keep a subverted agent from penetrating its new host--when an agent moved its execution context from one host to another. These ideas involved validation functions, but it was not clear whether the state of a general program could be validated. Policy-Controlled Key Release Dennis Branstad (TIS) --------------------- The user will be able to set criteria for releasing information, such as medical records: - to certain people - to people with certain roles (their doctor) - upon certain events or conditions Policies can have multiple authors (me, my doctor, my insurance company) and can have conflicting parts. There are priority rules. He wants to automatically analyze policies for completeness (does it make a decision in every case?) and consistency (can it make conflicting decisions, with no basis for picking one?). This is in an early prototype stage. ______________________________________________________________________ Report on the 1996 New Security Paradigms Workshop by Mary Ellen Zurko and Cristina Serban ______________________________________________________________________ The 1996 New Security Paradigms Workshop was held at the UCLA Conference in Lake Arrowhead, CA, September 17 - 20. Hilary Hosmer introduced the workshop, which she started in 1992. It was originally a workshop on impossible problems in computer security. It now emphasizes work on very recent, unfinished ideas which can serve as an inspiration to work by others. The first session was "Security in Its Contexts" chaired by Cathy Meadows. The first paper, "Harmonized Development Model for Information Security", by Jussipekka Leiwo, Monash University, had no presenters, and was skipped. The second paper was "Simulated Social Control for Secure Internet Commerce" by Lars Rasmussen and Swerker Jansson of Swedish Insitute of Computer Science, and was presented by Lars. They are trying to make a system with an emergent effect of fraud reduction to an acceptable level. Relying on game theory, they note that iterated prisoner's dilemmas reward cooperation, while a single instance of the dilemma rewards defection. They are trying to achieve soft security, with no central point of control. They run simulations of social control with hundreds of agents. Some of the simulations have painful transition phases for the cooperative agents. Much of the discussion centered on identity, reputation, and trust, since an iterated prisoners' dilemma relies on stable identity for the parties. Questions about modelling included issues such as a referred trusted party not acting in a trustworthy fashion because "it doesn't like my face", and modeling stereotypes such as gender stereotypes. Most of the discussion also centered on the singleton events that could produce bad results instead of when the tradeoff between good and bad events could be considered economically "good enough". The second session was "User Control of Security" chaired by Tom Lincoln. The first paper, "User-Centered Security" by Mary Ellen Zurko and Rich Simon of OSF Research Institute, was presented by Mary Ellen. They surveyed the history of "psychological acceptability" in secure systems, and considered whether making secure systems usable is an inherently particularly difficult task. They defined user-centered secure systems as those with usability as a primary goal or motivation. They presented three methodologies for achieving user-centered security: applying usability methods to secure systems, generating security models or mechanisms for Computer Supported Cooperative Work (CSCW), and motivating the design of security features based on identifiable user needs (user-centered design of security). Much of the discussion centered on the tension between security and usability. While more informative error messages can greatly enhance usability, they can also introduce covert channels. The lack of usability can work against security too; people try to work around things to make their life easier, at the expense of security, intentionally or not. One idea was to use knowledge bases to distinguish stupid behavior from malicious behavior. The second paper "A New Model of Security for Distributed Systems" by Chenxi Wang, William Wolf, and Darrell Kienzle of University of Virginia. It was presented by William. They start from the claim that the TCB doesn't work for large scale distributed systems. Legion, their system, has agressive scalability goals, so it is assumed it will run on top of fragile, insecure systems. There's no one thing that the system requires its users to trust. In fact, the system does not trust itself, since it could have been corrupted before it was downloaded ("rogue Legionnaire"). There is no owner of the distributed system. It is made up of a federation of folks who willingly sign up. Security has costs; not everyone is willing to pay, and there is no single security policy. Legion is based on three design principles: 1) "First, do no harm"': a correct Legion is not an avenue of attack. 2) "Caveat emptor: Let the buyer beware": ultimately individuals are responsible for themselves; the system is responsible for very little. 3) "Small is beautiful": if it is little, it's hard(er) to corrupt it to do something wrong. Legion is an object-oriented system. The designer of an object class is the responsible entity and the entity to be protected is the object. The name of the object is its public key. Discussion centered on how poor people are at doing difficult system management, and issues with the public key as a name such as key changes and identity comparisons. The next session was "Agent Security", chaired by John Dobson. The first paper was "Personal Security Assistance for Secure Internet Commerce" by Andreas Rasmussen and Swerker Jansson of Swedish Institute of Computer Science. Andreas presented. To answer the questions of how an end-user gains confidence and trust in downloaded programs, they presented a security assistant approach. It is an open architecture of agents acting as sensors. Each agent has responsibility for monitoring some aspect of a program's execution and notifying the user of unexpected activities. This relies on some statement about what a program should do. They hope to be able to categorize programs by expected behavior or class, such as all editors. These categories will list both expected and disallowed actions. Agents should be easy to find, add, and replace, but they have to be trusted. Most of the discussion centered on issues of coverage by the agents. For example, it was not clear what happened when an action that was not on either the allowed or disallowed list occurred. The second paper was "Communicating Security Agents" by Robert Filman of Software Technology Center and Ted Linden of Lockheed Missles and Space. Ted presented. Their work is motivated by the need for foolproof security controls for distributed systems that are both flexible and context sensitive. They suggested that since mammals devote a large fraction of processing to security that it might not be unreasonable for computer systems to devote two orders of magnitude of processing power to it. They are developing Safebots to translate very high level specification languages into executables that can wrap insecure components. In contrast to firewalls, this is a pervasive approach. Assurance comes from continuous mutual vetting of distributed Safebots. Discussion included considering English as a language for security ontology (ontosec), and the depth and redundancy security mechanisms needed for this approach. The final session of the first day was "New Paradigms for Security Policies" chaired Yvo Desmedt. The first paper was "A Credibility-Based Model of Computer System Security" by Shaw Chuang and Paul Wernick of University of Cambridge. It was presented by Shaw. They consider the credibility level of statements made on behalf of a particular user based on attributes such as context and time. Credibility is meant to be a qualitative, rankable value that can be compared within a system (and possibly across systems). It can be derived from statements from others, the quality of authentication mechanisms, the transmission medium, certification by a "trusted party", certification of a process (ISO 9000), knowledge/awareness of the assessor, and the assessor's perceptions of principal's trustworthiness. The credibility applies to some statements but not to others. There are user interface issues with determining what level/value of credibility is required. Discussion emphasized questions about composing credibilities, whether negative credibility would be supported, previous work using fuzzy logic, and whether Bayesian theory would help. The final paper of the first day was "The Emperor's Old Armor" by Bob Blakley of IBM NS Distributed Systems. Bob's discussion was mostly about the source of problems in the old paradigm, which he called the "Information Fortress Model." It relies on three problematic foundations: 1) system integrity: every part must be perfect, but humans and their artifacts are fallible, 2) cryptography for secrecy: again, implemenations must be perfect, and people are bad at keeping secrets anyway, 3) policy: security policy scales poorly and its administration is complicated and sensitive. This paradigm is used in a world where there are more systems which are less assured, the tasks they are used for are more complex, and we have made no progress in integrity, assurability, physical security, composability or policy simplification. Cryptographic protocols are better, but can't use strong cryptography in commercial products. Attacks can cause us to close the doors on our fortresses, causing a denial of service problem. One possible direction is to consider inherent vs. imposed properties of what we want to protect. Examples of inherent properties are size, weight, radioactivity, difficulty, and obscurity. Policies based on inherent properties are easier to maintain (for example, the size and weight of $1 billion dollars in gold make it harder to steal than bits). Bob suggested making electronic cash bit (many bits) to slow down stealing and illicit spending. Discussion against this idea included pointing out that convenience is a big selling point of electronic cash. Bob then pointed out that the strength of our cryptographic protections only depends on no one having found a way to break them. "How much of the wealth of the world are we willing to bet that our cryptographers are smarter than everyone who will born?" One of the attendees told a story of a fortified town where all the warriors had gone off to engage in battle. An enemy army approached the town, and the wise old patriarch left in charge had to defend his town using women, children, and old men. He opened up the gate of the town and, sitting on the top of the wall, invited the enemy commander in to talk. The commander considered the situation and determined that the invitation must be a trap, and so left the town untouched. The moral is good enough is good enough. The first session of the second day was "Architectures and Mechanisms" chaired by Pierangela Samarati. The first paper was "Developing and Using a Policy Neutral Access Control Policy" by Duane Olawsky, Todd Fine, Edward Schneider, and Ray Spencer of Secure Computing Corporation. Duane presented. The work reported had developed a policy-neutral security server for the DTOS microkernel. Each microkernel service is mapped to a subject, object, and permission, and a single request can perform many services. Security IDs are associated with subjects and objects, and mapped to security information. A security policy specification can be used by many audiences: assurance, developer, evaluators, accreditors. It is also used to generate most of the code that checks permissions. They have implemented MLS and Clark and Wilson in this system. They are considering ORCON. It is difficult to say which services are needed and which are extraneous, since they have discovered that many policies need only a handful of permissions. Discussion centered on issues of complexity for the administrator and support of policies such as least privilege and time-based ones. The second paper was "Run-time Security Evaluation: Can We Afford It?" by Cristina Serban and Bruce McMillin, University of Missouri-Rolla. Cristina presented. She discussed the performance issues that had arisen in their earlier work on run-time distributed security evaluation in the context of a distributed application with message exchange. They require a security specification or policy to determine what correctness means. They want to flag errors resulting from faults or intruders at run-time during each execution. The assertions are coded into the application, and run-time event histories are generated by each component and shared with all the others. The causal structure of the execution gives a partial ordering of event (using vector clocks). Each node checks all the shared histories against the security specifications, looking for disagreement. They measured a 40% decrease in performance (which compared well with the earlier paper that suggested two orders of magnitude was allowable). They want to consider how to get some of the benefits while reducing the costs. Discussion included considering the security impacts of this kind of evaluation. Since security specifications don't include many events that shouldn't happen, these don't get checked for. Someone asked, "If I use this on an A1 system, and it detects an error, do I still have an A1 system?" The second session was "New Paradigms For Access Control" chaired by Tom Haigh. The first paper was "A New Security Paradigm for Distributed Resource Management and Access Control" by Steven Greenwald of Naval Research Laboratory. Steven started by discussing the problems with the Jurassic Age Security Policy that dates back to the giant mainframe computers, lazily grazing on their data. A system administrator must be enlisted to manage the resources which users and applications need managed. This causes difficulties in distributed, heterogeneous environments. Users require the permission of system administrators to share their resources across domains. Steven considered maximizing the freedom of users while limiting system administration to only necessary functions. In the context of a Computer-Supported Cooperative Work (CSCW) application, he suggests that applications handle any needs for user IDs and roles, and that administrators merely need to give these applications access to their resources. They can then support anonymity and handle the accountability issues. They can manage distributed user identity and compartment information. Discussion centered on policies such as officer of the day for hospitals, and distributing the role of governor across individuals. The second paper was "Access Control in Federated Systems" by Pierangela Samarati and Sabrina De Capitani di Vimercati of Universita di Milano. Pierangela presented. They considered the issues involved in trading off local and federated control of resources and login identities in a federated system of cooperative yet autonomous component systems. Access control may be specified independently, bottom up, or top down, raising the issue of consistancy. Reconciliation may occur at different times such as whenever the policies get out of synch, on-demand, and whenever a object is accessed. Policies may also let the site retain full authorization power, give it to the federation, and require checks at both levels. Their work allows for negative authorizations at the local level only. Federation level groups and wildcards help with the scalability issues. Users may belong to just one group. Objects can be exported to the federation in a limited manner (such as read-only). Discussion included the issues around trusting other administrations, and enforcing policies with a dynamic component such as orcon. The next session was "Distributed Systems" chaired by Cathy Meadows. The first paper was "The Right Type of Trust for Distributed Systems" by Audun Josang of Norwegian University of Science and and Technology. His work attempts to understand trust as a human phenomenon and discuss how it applies to distributed systems. He tries to extract trust parameters from the real world. In a world of uncertainty it becomes very important to figure trust out. He presented a model with two entity types and two trust types. Entities can be passionate (humans) or rational (systems), or combinations of the two. Passionate entities can be honest or malicious, and can be tempted. Rational entities can be secure or insecure, and can be threatened. The trusting entity is passionate; the rational entity uses belief. Trust is potentially unstable, and reflects the state of knowledge about security or honesty. Trust is diverse over functions (trusting for different purposes) and time (very dynamic). While it is sufficient to be rational to assess the reliability of a system, assessing the reliability of humans takes skill and experience. Audun concluded by saying that to have stable trust, we need good knowledge. Discussion included questions on how to treat rational systems written by passionate people, and other aspects of trust: it's brittle, behaviour in animals is a result of adaptation, and it's a hypothesis about future behaviour. The second paper was "CAPSL: Common Authentication Protocol Specification Language" by Jonathan Millen of MITRE. The vision is that a CAPSL description of an authentication protocol (that uses cryptography) can be used as input to the wide variety of tools and approaches that are used to evaluate these protocols. This variety is needed since no one approach to vulnerability analysis is completely satisfactory. CAPSL is also meant to be usable by protocol designers/analysts to define protocols and to ease that task. The language takes a message list approach, and contains primitives for things like the data held by parties and their initial beliefs. Discussion centered on the details of the style choices in the language, such as using the same symbol for assignment and equality checking. Jonathan has an area on the Web for discussing these details collaboratively. The final session of the day was "Availability" chaired by Dixie Baker. In health care, availability means you might save a life, while privacy means you might get sued. Both papers were presented by Hilary Hosmer. The first paper was "Managing Time for Service and Security" by Ruth Nelson of Information Systems Security and Elizabeth Schwartz of University of Massachusetts at Boston. Hilary began by outlining problems such as security mechanisms being exploited to shut a system down and legitimate and reasonable use of the system can also produce unexpected denial of service problems (such as the day that Jerry Garcia died, when Deadheads bogged down the Well). Some systems find a way to limit the load by gradually throttling certain types of inputs (White House email is using this approach). The basic questions to the designer are: What are the required system services - to whom and how much?, Is service more important than security?, and What are the control mechanisms? (measuring and monitoring, audit vulnerabilities?). She suggests that system management techniques are applicable to security. Discussion centered on other current examples of availability problems. The last paper of the day was "Availability Policies in Adversarial Situations" by Hilary Hosmer of Data Systems Security. She called on us to rethink traditional availability policies such as "90% uptime". Availability is not always desirable; in the military, if your site is overrun, you must destroy it. In cyberspace we are interested in information availability. There are social threats to this (censors, marketeers). She wants to study policies where availability, confidentiality, and integrity are measured together. Discussion included references to real availability engineering as it is practiced today, identifying critical paths and single points of failure, and access control as a mechanism that can support availability. A final example of an availability problem was mentioned: Abbie Hoffman threw $300 in crisp new dollar bills on the floor of the NY Stock Exchange and brought it to its knees; what kind of attack is that? The final session on the final day was "Paradigms from Other Fields" chaired by Hilary Hosmer. The first paper of the day was "Positive Feedback and the Madness of Crowds" by Hilarie Orman of University of Arizona. Rich Schroeppel presented. The title of the paper is taken from a Dover reprint "Extraordinary Popular Delusions and the Madness of Crowds." Rich started by pointing out phenomena that built on positive feedback such as the tulip pricing bubble (when tulips became extremely popular) and various forms of stock market madness. He suggested the study of the composition of dynamic systems as an approach to the availability issues being raised, pariticularly in the context of the whole network. Simple, unbounded loops are easy to build and can cause feedback problems. The cannonical example is recursive email distribution lists. If you can identify a loop, you can limit the number of times a resource is consumed in a loop, or insert drag into it. Another type of feedback was dubbed "flash floods." An example is everyone going to the Cool Site of the Day on the Web. An approach to these problems is to insert drag or negative feedback into the system. One challenge is to add in random backoff without breaking things. One parameter that complicates the problem is time. The time constant ranges from nanoseconds to years (the latter is the case with recurring urban myths such as the Good Times Virus). The challenges include efficient specification and code analysis for potential resonances and runtime adaptation. Discussion included current problems (such as having a single cool site of the day instead of redundant copies) and attempted solution (such as Ethernet's exponential backoff on collision and the use of priorities). The final paper of the workshop was "Just Sick About Security" by Jeff Williams of Arca Systems. It was presented by Bill Wilson. It explored the analogies between response to disease and healthcare in general and computer security. While this is not a perfect analogy, we may be able to learn from the differences as well as the similarities. As we try to deal with increasing complexity in computer systems we look to the complexity of organisms for ideas. There is a tradeoff between performance and security in organisms; deeply recessed eyes are protected but less effective. Some of the comparisons he made were: fight or flight vs. shutdown, pain vs. auditing, FDA vs. evaluation organizations, and checkups vs. certification and accreditation. Can we leverage off "survival of the fittest" to produce selection criteria that tends to promote better security? In healthcare, wellness is a process. Should security professionals be certified? Can we make use of warning labels? We hope that there's no ebola coming, and we may use laws and law enforcement for those who are intentionally harmed. Discussion included exploration of the analogies, such as struggle for life, federation wrappers as a sense of self, and evolution as a process of running as hard as you can to stay in place. Software is currently a process of "survival of the fit enough." The state of software was likened to 19th century patent medicine. In response to the anthropomorphic analogy, Steven Greenwald suggested that computers really don't like it when you anthropomorphize them :-). Cathy Meadows was tasked with producing a synthesis of the ideas. She noted the emphasis on: decentralized, distributed systems, more user control, more flexibility for describing and enforcing, and interaction with global policy. Two other threads were: 1. assurance: making a convincing argument that system will work using game theory, dynamic systems, medicine, or runtime evaluation, and 2. how can different ideas support each other? using systems, policies, models, and metaphors. The workshop concluded with a business meeting. Proceedings will be put together in the near future. The initial call for papers for NSPW '97 will be available at NISSC in late October. We're still looking for a publications chair for the next workshop. ______________________________________________________________________ Report on the 1996 Communications and Multimedia Security Conference by Alexander Roehm ______________________________________________________________________ The joint IFIP TC6 and TC11 working conference on Communications and Multimedia Security 1996 was held on 23rd and 24th of September 1996 at the University of Essen (Germany). The working conference had approx. 90 attendees from 16 different countries. The conference was opened by the organization chair Mr. G. Pernul (University of Essen) and the program chair Mr. P. Horster (Technical University of Chemnitz/Zwickau). The conference was organized in 10 sessions, 5 each day, of which 2 per day took place in parallel tracks. Talks during the working conference were considered to take 25 min. with additional 5 min. for a discussion on the talk. The program served a wide range of interests from highly technical R&D projects to user oriented management and administration topics. Papers presented addressed a broad spectrum of communications and multimedia security related subjects, including: basic concepts, multimedia and hypertext systems, attacks, dedicated solutions, healthcare and telemedicine, cryptographic techniques, security infrastructures, payment systems, access control, models and policies, auditing and firewalls. Monday 23rd: The first session was chaired by Mr. Horster and addressed 'Multimedia Security'. Three talks were given by Mrs. Krannig, who presented a platform for secure multimedia applications called PLASMA, Mr. Fernandez presented about high level security issues in multimedia and hypertext systems, and Mr. Warren talked on security in healthcare multimedia systems. The next session was chaired by Mr. Katsikas and was on `Attacks`. Mrs. Laurent presented two security risks in the ATM Emulated LAN architecture and Mr. Michels showed a failure in a voting scheme of Itoh, Kurasawa and Park, who also attended the workshop. Mr. Pernul chaired the session 'Dedicated Solutions' where several ideas were presented. Mr. Olivier showed, how to use workflow to enhance security in federated databases. Mr. Kesdogan gave a talk about anonymous mobility management for third generation mobile networks which was followed by a description of security concepts for the WWW, given by Mr. Lipp. After the lunch break a session on 'Network Security' chaired by Mr. Fox took place. It consisted of two talks by Mr. Forne, about securing ISDN and Mr. Chrissikopoulos, who applied network security to a telemedicine system. During the first days last session 'Cryptographic Techniques', three Papers were presented. Mr.Cheng showed, that image decomposition can be used for encryption, Mr. Petersen presented a way to delegate rights by using digital signatures and Mr. Lucks argued, that a blockcipher algorithm, which divides plain text into two blocks, can be modified for arbitrary block sizes. Mr. Michels chaired this session. Tuesday 24th: Several aspects of key infrastructure were discussed during second days first session, which was chaired by Mr. Kraaibeek. Mr. Gustavson proposed a WWW based certification infrastructure, while Mr. Oppliger described a distributed registration and key distribution system for online universities. Mr. Schwenk talked proceeded on establishing a key hierarchy for conditional access. The next session was chaired by Mr. Lipp and began with Mr. Zangehnehs talk, who gave an introductory overview on payment systems in the Internet. Mr. Radus talk followed, where he described a blind signature scheme, which can be applied in e-cash systems. Afterwards Mr. Puetz presented a method for secure billing. At the same time a parallel session focusing on 'Access Control' took place, where Mr. Leitold talked about ISDN LAN Access, Mr. Trommler on secure WWW access to server groups and Mrs. Schmidt argued, that handwriting features should be added to electronic access control systems. This session was chaired by Mr. Fernandez. Two presentations were made at the session on Models and Policies, which was chaired by Mr. Vossbein. One by Mr. Kokolakis dealt with problems in up to the present existing security models, the other dealt with attack modeling and was made Mr. Katsikas. The last session of the conference was chaired by Mr. Roehm and was focused on Auditing and Firewalls. Mr. Sobirey presented a way to do privacy oriented auditing, while Mr. Katsikas described the expert system component of SECURENET. Last talk of Mr. Boshoff was on tracing routes using features of TCP/IP for increasing capabilities of firewalls. The conference is seen as a success by the attendees and speakers. The next Communications and Multimedia Security Conference will be held on 22nd and 23rd of September 1997 in Athens. There are few volumes of the proceedings left which can be purchased for DM 98,-- (approx. 65 US$). Orders will be treated on a fifo basis. For further information contact Alexader W. Roehm email: roehm@wi-inf.uni-essen.de ________________________________________________________________________ New Reports available via FTP and WWW ________________________________________________________________________ * http://www.rand.org/publications/RM/baran.list.html Not new, but newly available on the WWW: Paul Baran's RAND tech reports on packet switching that were forerunners to Arpanet's packet switching schemes. * http://www.perfassoc.com/papers/SECURITY.EPS MVS: Mainframe Virtual Security, by Brian Currah of BDC Computer Services, Picton, Ontario. From the conclusion of the report: "In spite of assertions that `The mainframe is dead' MVS-based systems continue to be the critical focal point for enterprise computing in many ... installations. This paper has attempted to demonstrate that these systems may be more vulnerable than generally perceived and that existing government programs for evaluation and certification of Trusted Systems may need improvement before consumers can place a higher level of confidence in ... evaluated products operating on MVS." * http://www.cs.purdue.edu/homes/kuhn/anderson-kuhn-tamper.ps.gz An interesting paper by Ross Anderson and Markus Kuhn discussing the limits of tamper resistance and how protected information was extracted from a tamper-protected smart card currently in circulation. To be presented at an upcoming USENIX conference. * http://www.bellcore.com/PRESS/ADVSRY96/facts.html Bellcore summary information about attack against tamperproof smartcards. The full report still seems not to have been released. * http://cis.isu.edu/security/glossary.html Unified Glossary of INFOSEC Related Terms. This document was distributed free of charge at NISSC 19, both as two thick softbound volumes and as a CD-ROM. The softbound volumes are quite bulky and the CD-ROM is readable only from Windows 95, 3.1x or DOS. You could until recently search it at this web site, although no way was provided to browse it. As Cipher is e-mailed, the document is said to be "under review." ________________________________________________________________________ Interesting Links [new entries only] ________________________________________________________________________ Ping o' Death Page: how to crash a variety of OS's with PING http://www.sophist.demon.co.uk/ping/ Privacy Forum http://www.vortex.com/privacy.html ________________________________________________________________________ Who's Where: recent address changes ________________________________________________________________________ Entered 24 Oct 1996: Dr. Yongfei Han Information Security Group Institute of Systems Science National University of Singapore Singapore 119597 yfhan@iss.nus.sg Tel. (office) (65) 7726742 Fax. (home) (65) 7744990 Entered 22 October 1996: Roberta J. (Robin) Medlock Mitretek Systems 7525 Colshire Drive McLean, VA 22102-7400 rmedlock@mitretek.org tel.:+1(703) 610-1666 Li Gong JavaSoft 2550 Garcia Avenue, MS UCUP01-202 Mountain View, CA 94043-1100, USA gong@eng.sun.com Tel: +1(408)343-1825 Fax: +1(408)343-1553 Entered 15 October 1996: Gary W. Smith SAIC 8301 Greensboro Dr. MS E-12-1 McLean, VA 22102-3600 gary.w.smith@cpmx.saic.com tel.: +1(703)821-4572 fax: +1(703)556-9722 Entered 14 October 1996: Les Fraim Automated Network Systems 1875 Campus Commons Drive Suite 220 Reston, VA 20191-1552 fraim@ans.net tel. 703-758-5141 Entered 10 October 1996: Eugene M. Bacic Texar Software, Corp. 56 Castlethorpe Crescent Nepean, Ontario K2G 5R CANADA wcsemb@ccs.carleton.ca or ebacic@texar.com [operational by end of October] tel. +1(613)724-9577 fax: +1(613)723-0603 Phillip A. Porras, EL231 Computer Science Laboratory SRI International 333 Ravenswood Avenue Menlo Park, CA 94025-3493 Porras@CSL.sri.com tel. +1(415) 859-3232 fax: +1(415) 859-2844 _______________________________________________________________________ Calls for Papers (new listings since last issue only -- full list on Web) ________________________________________________________________________ CONFERENCES Listed earliest deadline first. See also Cipher Calendar o IEEE Symposium on Security and Privacy, Oakland, California, May 4-7, 1997. The Symposium on Security and Privacy has, for 16 years, been the premier forum for the presentation of developments in computer security and for bringing together researchers and practitioners in the field. It seeks to build on this tradition of excellence by re-emphasizing work on engineering and applications while maintaining our interest in theoretical advances. See the conference Web page for information about electronic and paper submissions. Submissions are due Dec. 2, 1996 (NB this is an extension of the original deadline). o CSFW10 10th IEEE Computer Security Foundations Workshop, Rockport, Massachusetts, USA, 10-12 June, 1997. This workshop brings together researchers in computer science to examine foundational issues in computer security. We are interested both in papers that describe new results in the theories of computer security and in papers and panels that explore open questions and raise fundamental concerns about existing theories. The paper submission deadline is February 7, 1997. See the web page, or email Program Chair (s.foley@cs.ucc.ie) for full details. o 7th USENIX Security Symposium, San Antonio, Texas; January 26-29, 1998. The goal of this symposium is to bring together researchers, practitioners, system programmers, and others interested in the latest advances in security and applications of cryptography. This will be a four day symposium with two days of tutorials, followed by two days of refereed paper presentations, invited talks, works-in-progress presentations, and panel discussions. Conf Web page Submissions to securitypapers@usenix.org by September 9, 1997. JOURNALS Regular archival computer security journals: o Journal of Computer Security (JCS) [see Cipher Web pages or EI#9]; e-mail contacts for submissions: jajodia@isse.gmu.edu or jkm@mitre.org -- See also Web site: http://www.jcompsec.mews.org/ o Computers & Security [see Cipher Web pages or EI#9] e-mail contact for submissions: j.meyer@elsevier.co.uk o International Journal of Digital Libraries aims to advance the theory and practice of acquisition, definition, organization, management and dissemination of digital information via global networking. In particular, the journal will emphasize technical issues in digital information production, management and use, issues in high-speed networks and connectivity, inter-operability, and seamless integration of information, people, profiles, tasks and needs, security and privacy of individuals and business transactions and effective business processes in the Information Age. Electronic submission is encouraged to speed up the process (for details please send email to dlib@adam.rutgers.edu). For hard copy submission, please mail five copies to: Prof. Nabil R. Adam, CIMIC, Rutgers University, Newark, NJ 07102, (201) 648-5239, adam@adam.rutgers.edu. o ACM-MOBILE. ACM Mobile Computing and Communications Review. The wireless communication revolution is bringing fundamental changes to telecommunication and computing. Wide-area cellular systems and wireless LANs promise to make integrated networks a reality and provide fully distributed and ubiquitous mobile computing and communications, thus bringing an end to the tyranny of geography. Furthermore, services for the mobile user are maturing and are poised to change the nature and scope of communication. This publication serves to enhance the ability of ACM SIGMOBILE members to keep up-to-date in this rapidly moving field, as well as serve as a major focal point for the discussion of new directions of portable computation and mobile networks for both the research and market-driven communities. Specific topics of interest include security, scalability and reliability issues for mobile/wireless systems. Authors should see the submission instructions. Special Issues of Journals and Handbooks: listed earliest deadline first. o Papers are solicited for a special issue of IEEE Software to focus on security and privacy concerns and their impact on software development. The full announcement has all details. The goal of this special issue is to * advise programmers, practitioners, developers, and managers of the security implications of their development work; * encourage companies and researchers whose products and technologies have security implications to address those requirements, by giving examples of how others have addressed these requirements and where to go for advice and guidance; * showcase positive achievements in developing secure applications. Papers must be of high quality, oriignal, unpublished, and not submitted elsewhere. Authors should submit a complete article by November 15, 1996. Comments will be returned to the authors before the end of February 1997. If at all possible, prospective authors should submit the abstract by e-mail, as this abstract will be used to schedule reviewers (also by e-mail). The complete article can be submitted either electronically (in ASCII, MSWord format, or postscript) or by hardcopy. In the case of hardcopy submissions, 8 copies must be provided. o ACM-MONET. Special Issue of the Journal on Special Topics in Mobile Networking and Applications. Journal Web page. This special issue will concentrate on the problems associated with mobile and wireless networking in the Internet, primarily at the network layer and above. Internet security issues are a relevant topic. Authors should email an electronic Postscript copy of their paper to one of the guest editors by November 15, 1996. Submissions should be limited to 20 double spaced pages, excluding figures, graphs, and illustrations. Submissions can be sent to perk@watson.ibm.com. ________________________________________________________________________ Reader's Guide to Current Technical Literature in Security and Privacy Part 1: Conference Papers ________________________________________________________________________ The notation [conference information] indicates there is a link to information about the conference on the Cipher web pages. * 12th ACSAC Twelfth Annual Computer Security Applications Conference, San Diego, December 9-13,1996 [conference information] * Keynote Speaker, Jim Flyzik, Dept. of Treasury * Distinguished Lecture, Dr. Roger Schell, Novell, Inc. * An Evaluation of the JAVA Security Model, Andreas Sterbenz, University of Graz, Austria * Implementing Security Policy in a Large Defense Procurement, Michael Nash, Gamma Secure Systems, UK; Ronald Kennett, Royal Air Force, UK * An Authenticated Camera, John Kelsey, Bruce Schneier and Chris Hall, Counterpane Systems 10:30 Forum: SSE-CMM * A Case Study of Two NRL Pump Prototypes, Myong Kang, Ira Moskowitz, Bruce Montrose and James Parsonese, Naval Research Laboratory * Asymmetric Isolation, John Davidson, Norex * Starlight: Interactive Link, M. Anderson, C. North, J. Griffin, R. Milner, J. Yesberg and K. Yiu, * Security Measures for the Austrian "PAYCHIP" Electronic Purse Application, Manfred Holzbach, STUZZA, Austria * Design of a Secure Electronic Payment System for the Internet, Vijay Varadharajan, University of Western Sydney, Australia, and Micheal Hitchens, Sydney University, Australia * Innovative Secure Payments on the Internet Using the German Electronic Purse, Brigitte Althen, Brigitte Nebelung and Gerd Enste, debis Systemhaus GEI * Proxies for Anonymous Routing, Michael Reed, Paul Syverson and David Goldschlag, Naval Research Laboratory * Design Choices for Symmetric Key Based Inter-Domain Protocols for Distributed Systems, Vijay Varadharajan, University of West Sydney, Australia and Micheal Hitchens, Sydney University, Australia * Verifying the Correctness of Cryptographic Protocols Using "Convince", Randall Lichota, Hughes Technical Services; Steve Brackin, Arca Systems; Grace Hammonds, AGCS * Security Issues in an EDI Environment, N. Zhang, Manchester Metro University; Q. Shi, Liverpool J.M. University * Using FORTEZZA for Transparent File Encryption, Jeremy Epstein, Cordant; Tim Williams, General Kinetics * An Extended Capabilities Architecture to Enforce Dynamic Access Control Policies,I-Lung Kao, IBM; Randy Chow, University of Florida * Sigma: Security for Distributed Object Interoperability between Trusted and Untrusted Systems, John Sebes and Terry Vickers-Benzel, Trusted Information Systems * Operation Chain Link, Julie Connolly, The MITRE Corporation * Mandatory Protection for Internet Server Software, Richard Smith, Secure Computing Corporation * Using a Proxy X Server to Facilitate COTS Application Integration, Eric Kaydan, The MITRE Corporation 1:30 Web Technologies * A Comparison of Multilevel Structured Query language (SQL) Implementations, Rae Burns, AGCS; Yi-Fang Koh, Raytheon * A Role-Based Secure Database Design Tool, Luigi Giuri and Pietro Iglio, Fondazione Ugo Bordoni, Italy * Case-Based Reasoning for Intrusion Detection, Mansour Esmaili, Bala Balachandran, Rei Safavi-Naini and Josef Pieprzyk, University of Wollongong, Australia * A Modular Covert Channel Analysis Methodology for Trusted DG/UX, Richard Kemmerer, University of California, Santa Barbara; Charlie Martin and Tad Taylor, Data General * Formal Techniques for an ITSEC-E4 Secure Gateway, Pierre Bieber, CERT-ONERA, France Papers presented at the 19th National Information Systems Security Conference, Baltimore, MD, Oct. 21-25, 1996 * Keynote Address August Bequai * E4 ITSEC Evaluation of PR/SM on ES/9000 Processors Naomi Htoo-Mosher, Robert Nasser, Nevenko Zunic, IBM Julian Straw, Syntegra, UK * A High-Performance Hardware-Based High Assurance Trusted Windowing System Jeremy Epstein, Cordant, Inc. * WWW Technology in the Formal Evaluation of Trusted Systems E.J. McCauley, Silicon Graphics Computer Systems, Inc. * The Certification of the Interim Key Escrow System Ellen Flahavin, Ray Snouffer, National Institute of Standards and Technology * Configuration Management in Security related Software Engineering Processes Klaus Keus, Thomas Gast, Bundesamt fur Sicherheit in der Informationstechnik, Germany * The Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP) Jack Eller, DISA Mike Mastrorocco, Computer Security Consulting Barry C. Stauffer, CORBETT Technologies, Inc. * Trusted Process Classes William L.Steffan, Tracor Applied Science, Inc. Jack D. Clow, SenCom Corporation * Design Analysis in Evaluations Against the TCSEC C2 Criteria Frank Belvin, Deborah Bodeau, Shaan Razvi, The MITRE Corporation * System Security Engineering Capability Maturity Model and Evaluations: Partners within the Assurance Framework Charles G. Menk III, Department of Defense * Applying the TCSEC Guidelines to a Real-Time Embedded System Environment Jim Alves-Foss, Deborah Frincke, Gene Saghi, University of Idaho * EDI Moves from the VAN to the Internet Brian Bradford, University of Maryland * An International Standard for the Labeling of Digital Products Viktor E. Hampel, Hampel Consulting * The Business-LED Accreditor - OR.How to Take Risks and Survive Michael E J Stubbings, Government Communications Headquarters, UK * Integration of Digital Signatures into the European Business Register Helmut Kurth, Industrieanlagen Betriebsgesellschaft mbH, Germany * Industrial Espionage Today and Information Wars of Tomorrow Paul M. Joyal, INTEGER Inc. * B is for Business: Mandatory Security Criteria & the OECD Guidelines for Information Systems Security Prof. William J. Caelli, Queensland Univ. of Technology, Australia * Marketing & Implementing Computer Security Mark Wilson, National Institute of Standards and Technology * Secure Internet Commerce - - Design and Implementation of the Security Architecture of Security First Network Bank, FSB Nicolas Hammond, NJH Security Consulting, Inc. * Automatic Formal Analyses of Cryptographic Protocols Stephen H. Brackin, Arca Systems, Inc. * Surmounting the Effects of Lossy Compression on Steganography Daniel L. Currie, III, Fleet Information Warfare Center Cynthia E. Irvine, Naval Postgraduate School * Key Escrowing Systems and Limited One Way Functions William T. Jennings, Southern Methodist Univ. & Raytheon E-Systems James G. Dunham, Southern Methodist University * The Keys to a Reliable Escrow Agreement Richard Sheffield * The Advanced Intelligent Network _ A Security Opportunity Thomas A. Casey, Jr., GTE Laboratories, Inc. * Security Issues in Emerging High Speed Networks Vijay Varadharajan, University of Western Sydney, Australia Panos Katsavos, Hewlett Packard sponsored student, UK * A Case Study of Evaluating Security in an Open Systems Environment Daniel L. Tobat, TASC Errol S. Weiss, Science Applications International Corporation * Internet Firewalls Policy Development and Technology Choices Leonard J. D'Alotto, GTE Laboratories, Inc. * A Case for Avoiding Security-Enhanced HTTP Tools to Improve Security for Web-Based Applications Bradley J. Wood, Sandia National Laboratories * Applying the Eight Stage Risk Assessment Methodology to Firewalls David L. Drake, Katherine L. Morse, Science Applications International Corporation * Lessons Learned: An Examination of Cryptographic Security Services in a Federal Automated Information System Jim Foti, Donna Dodson, Sharon Keller, NIST * Intellectual Property Rights and Computer Software Dawn E. Bowman, University of Maryland * Case Study of Industrial Espionage Through Social Engineering Ira S. Winkler, National Computer Security Association * Legal Aspects of Ice-Pick Testing Dr. Bruce C. Gabrielson, Kaman Sciences Corp. * Security Through Process Management Jennifer L. Bayuk, Price Waterhouse, LLP. * Malicious Data and Computer Security W. Olin Sibert, InterTrust Technologies Corporation * Security Issues for Telecommuting Lisa J. Carnahan, Barbara Guttman, National Institute of Standards and Technology * An Isolated Network for Research Matt Bishop, L. Todd Heberlein, University of California, Davis * GrIDS-A Graph-Based Intrusion Detection System for Large Networks S. Staniford-Chen, S. Cheung, R. Crawford, M. Dilger, J. Frank, J. Hoagland, K. Levitt, C. Wee, R. Yip, D. Zerkle, Univ. of California, Davis * Attack Class: Address Spoofing L. Todd Heberlein, Net Squared Matt Bishop University of California, Davis * Generic Model Interpretations: POSIX.1 and SQL D. Elliott Bell, Mitretek Systems * The Privilege Control Table Toolkit: An Implementation of the System Build Approach Thomas R. Woodall, Roberta Gotfried, Hughes Aircraft Company * Use of the Zachman Architecture for Security Engineering Ronda Henning, Harris Corporation * Developing Secure Objects Deborah Frincke, University of Idaho * Deriving Security Requirements for Applications on Trusted Systems Raymond Spencer, Secure Computing Corporation * Security Implications of the Choice of Distributed Database Management System Model: Relational vs. Object-Oriented Stephen Coy, University of Maryland * Management Model for the Federal Public Key Infrastructure Noel A. Nazario, William E. Burr, W. Timothy Polk, NIST * Security Policies for the Federal Public Key Infrastructure Noel A. Nazario, National Institute of Standards and Technology * A Proposed Federal PKI using X.509 V3 Certificates William E. Burr, Noel A. Nazario, W. Timothy Polk, NIST * A Security Flaw in the X.509 Standard Santosh Chokhani, CygnaCom Solutions, Inc. * Computer Virus Response Using Autonomous Agent Technology Christine M. Trently, Mitretek Systems * Security Across the Curriculum: Using Computer Security to Teach Computer Science Principles Maj. Gregory White, Ph.D., Capt. Gregory Nordstrom (ret), USAF Academy * U.S. Government Wide Incident Response Capability Marianne Swanson, National Institute of Standards and Technology * MLS DBMS Interoperability Study Rae K. Burns, AGCS, Inc. Yi-Fang Koh, Raytheon Electronic Systems * MISSI Compliance for Commercial-Off-The-Shelf Firewalls Michael Hale, Tammy Mannarino, National Security Agency * Designing & Operating a Multilevel Security Network Using Standard Commercial Products Richard A. Griffith, Mac E. McGregor, Air Force C4 Technology Validation Office * Real World Anti-Virus Product Reviews and Evaluations - The Current State of Affairs Sarah Gordon, Richard Ford, Command Systems, Inc. * Security Proof of Concept Keystone (SPOCK) James McGehee, COACT, Inc. * Use of a Taxonomy of Security Faults Taimur Aslam, Ivan Krsul, Eugene H. Spafford, Purdue University * Protecting Collaboration Gio Wiederhold, Michel Bilello, Stanford University Vatsala Sarathy, Oracle Corp. XiaoLei Qian, SRI International * Design and Management of a Secure Networked Administration System: A Practical Solution Vijay Varadharajan, University of Western Sydney, Australia * Information Warfare, INFOSEC and Dynamic Information Defense J.R. Winkler, C.J. O'Shea, M.C. Stokrp, PRC Inc. * Security for Mobile Agents: Issues and Requirements William M. Farmer, Joshua D. Guttman, Vipin Swarup, The MITRE Corp. * Extended Capability: A Simple Way to Enforce Complex Security Policies in Distributed Systems I-Lung Kao, IBM Corporation Randy Chow, University of Florida * IGOR: The Intelligence Guard for ONI Replication R.W. Shore, The ISX Corporation Invited Papers * Ethical and Responsible Behavior for Children to Senior Citizens in the Information Age Gale S. Warshawsky, International Community Interconnected Computing eXchange * Privacy Rights in a Digital Age William Galkin, Esq., Law Office of William S. Galkin * Papers presented at ASIACRYPT '96, South Korea, November 4-7, 1996, [conference information] * A Message Recovery Signature Scheme Equivalent to DSA over Elliptic Curves, Atsuko Miyaji (Matsushita, Japan) * Cryptographic Protocols Based on Real-quadratic A-Fields, Ingrid Biehl, Bernd Meyer (Univ. des Saarlandes, Germany), Christoph Thiel (Gesellschaft fuer Automation und Organisation, Germany) * Minding your $p$'s and $q$'s, (#) Ross Anderson (Cambridge Univ., UK), Serge Vaudenay (ENS, France) * Authenticated Multi-Party Key Agreement, Mike Just (Carleton Univ., Canada), Serge Vaudenay (ENS, France) * Cryptography and the Internet : Lessons and Challenges Kevin McCurley (Sandia National Lab., USA) * Generating Standard DSA Signatures without Long Inversion, Arjen K. Lenstra (Citibank, USA) * A Fast Software Implementation for Arithmetic Operations in $GF(2^n)$, Erik De Win, Antoon Bosselaers, Servaas Vandenberghe, Peter De Gersem, Joos Vandewalle (Katholieke Univ. Leuven, Belgium) * Hash Function based on Block Ciphers and Quaternary Codes, Lars Knudsen, Bart Preneel (Katholieke Univ. Leuven, Belgium) * Generalized Feistel Networks, Kaisa Nyberg (Finnish Defence Forces, Finland) * On Applying Linear Cryptanalysis to IDEA, (#) Philip Hawkes (Univ. of Queensland, Australia), Luke O'Connor (Distributed Systems Technology Center, Australia) * A Multi-Recastable Ticket Scheme for Electronic Elections, Chun-I Fan, Chin-Laung Lei (National Taiwan Univ., Taiwan) * Some Remarks on a Receipt-free and Universally Verifiable Mix-type Voting Scheme, Markus Michels, Patrick Horster (Univ. of Technology Chemnitz-Zwickau, Germany) * Observations on Non-repudiation, Jianying Zhou, Dieter Gollmann (Univ. of London, UK) * On the Efficiency of One-time Digital Signatures, Daniel Bleichenbacher (Bell Lab., USA), Ueli Maurer (ETH Zuerich, Switzerland) * A Hidden Cryptographic Assumption in No-Transferable Identification Schemes, Kouichi Sakurai (Kyushu Univ., Japan) * Electronic Money and Key Management from Global and Regional Points of View, Shigeo Tsujii (Chuo Univ., Japan) * Limiting the Visible Space Visual Secret Sharing Schemes and their Application to Human Identification, Kazukuni Kobara, Hideki Imai (Univ. of Tokyo, Japan) * Towards Characterizing when Information-Theoretic Secret Key Agreement is Possible, Ueli Maurer, Stefan Wolf (ETH Zuerich, Switzerland) * Key Sharing Based on the Wire-tap Channel Type II Concept with Noisy Main Channel, V. Korjik, D. Kushnir (St. Petersburg Univ. of Telecommunications, Russia) * Generalization of Higher Order SAC to Vector Output Boolean Functions, Kaoru Kurosawa, Takashi Satoh, (Tokyo Institute of Technology, Japan) * On the Correlation Immune Functions and their Nonlinearity, Seongtaek Chee, Sangjin Lee, Daiki Lee, (Electronics and Telecommunications Research Institute, Korea), Soo Hak Sung (PaiChai Univ., Korea) * How to Date Blind Signatures, Masayuki Abe, Eiichiro Fujisaki (NTT, Japan) * Provably Secure Blind Signature Schemes, (#) David Pointcheval, Jacques Stern (ENS, France) * Cost-Effective Payment Schemes with Privacy Regulation, (#) David M'Raihi (Gemplus, France) * Mis-representation of Identities in E-Cash Schemes and How to Prevent it, Agnes Chan (Northeastern Univ.,USA), Yair Frankel, Philip MacKenzie (Sandia National Lab., USA), Yiannis Tsiounis (Northeastern Univ, USA) * "Indirect Discourse Proofs": Achieving Efficient Fair Off-Line E-cash, Yair Frankel (Sandia National Lab., USA), Yiannis Tsiounis (Northeastern Univ, USA), Moti Yung (IBM, USA) * The Validation of Cryptographic Algorithms, Jacques Stern (ENS, France) * Convertible Group Signatures, Seung Joo Kim (Sung Kyun Kwan Univ., Korea), Sung Jun Park (KISA, Korea), Dong Ho Won (Sung Kyun Kwan Univ., Korea) * How to Utilize the Transformability of Digital Signatures for Solving the Oracle Problem, Masahiro Mambo (JAIST, Japan), Kouichi Sakurai (Kyushu Univ., Japan), Eiji Okamoto (JAIST, Japan) * On the Risk of Disruption in Several Multiparty Signature Schemes, Markus Michels, Patrick Horster (Univ. of Technology Chemnitz-Zwickau, Germany) * Correlation Attacks on Cascades of Clock Controlled Shift Registers, Willi Geiselmann (Univ. of Karlsruhe, Germany), Dieter Gollmann (Univ. of London, UK) * Conditional Correlation Attack on Nonlinear Filter Generators, Sangjin Lee, Seongtaek Chee, Sangjoon Park, Sungmo Park (Electronics and Telecommunications Research Institute, Korea) * The Cryptographic Security of the Syndrome Decoding Problem for Rank Distance Codes, Florent Chabaud, Jacques Stern (ENS, France) * A World Wide Number Field Sieve Factoring Record: on to 512 Bits, James Cowie (Cooperating Systems Co., USA), Bruce Dodson (Lehigh Univ.,USA), R. Marije Elkenbracht-Huizing(Centrum voor Wiskunde en Informatica, The Netherlands) Arjen K. Lenstra (Citibank, USA), Peter L. Montgomery (USA) Joerg Zayer (USA) * HASE '96 (IEEE High-Assurance Systems Engineering Workshop), Niagara-on-the-Lake, Canada, October 21-22, 1996, [conference information] security-related papers: o A General Approach to Secure Component Composition Q. Shi, N. Zhang, Liverpool John Moores University, UK. o A Framework for MLS Interoperability. M.H. Kang, J.N. Froscher, and I.S. Moskowitz, Naval Research Laboratory, USA. o Multiversion Transaction Scheduler for Centralized MultiLevel Secure Database Systems. T.F. Keefe, Penn State U., W.T. Tsai, U. of Minnesota. * DIMACS Workshop on Trust Management in Networks, South Plainfield, NJ, September 30 - October 2, 1996. The conference program, which includes hyperlinks to abstracts of many of the following papers, can be found at http://dimacs.rutgers.edu/Workshops/Management/program.html The workshop did not produce a formal proceedings; readers are advised to check the abstracts and to contact authors directly for copies of the papers. * Let a Thousand (Ten Thousand?) CAs Reign. Stephen Kent, BBN Corp. * The PolicyMaker Approach to Trust Management. Matt Blaze, AT&T Laboratories (Joint work with J. Feigenbaum and J. Lacy) * SDSI: A Simple Distributed Security Infrastructure. Butler Lampson, Microsoft (Joint work with R. Rivest) * SPKI Certificates. Carl Ellison, Cybercash * Using PICS Labels for Trust Management. Rohit Khare, World Wide Web Consortium * Managing Trust in an Information-Labeling System. Martin Strauss, Iowa State Univ. (Joint work with M. Blaze, J. Feigenbaum, and P. Resnick) * Trust Management in Web Browsers, Present and Future. Ed Felten, Princeton University (Joint work with D. Dean and D. Wallach) * IBM Cryptolopes, SuperDistribution, and Digital Rights Management. Marc A. Kaplan, IBM Watson Research Center * Requirements and Approaches for Electronic Licenses. David Maher, AT&T Laboratories * PathServer. Michael Reiter, AT&T Laboratories (Joint work with S. Stubblebine) * Inferno Security. David Presotto, Bell Labs -- Lucent Technologies * Transparent Internet E-mail Security. Raph Levien, Univ. of Calfornia at Berkeley (Joint work with L. McCarthy and M. Blaze) * Cryptographically Secure Digital Time-Stamping to Support Trust Management. Stuart Haber, Bellcore (Joint work with S. Stornetta, Surety Technologies) * Untrusted Third Parties: Key Management for the Prudent. Mark Lomas, Cambridge University (Joint work with B. Crispo) * Distributed Trust Management using Databases. Trevor Jim, University of Pennsylvania (Joint work with C. Gunter) * Distributed Commerce Transactions: Structuring Multi-Party Exchanges into Pair-wise Exchanges. Steven Ketchpel, Stanford University (Joint work with H. Garcia-Molina) * Policy-Controlled Cryptographic Key Release. David McGrew, Trusted Information Systems, Inc. (Joint work with D. Branstad) * An X.509v3-based Public-Key Infrastructure for the Federal Government. William Burr, Nat'l. Inst. of Standards and Technology * The ICE-TEL Public-Key Infrastructure and Trust Model. David Chadwick, Salford University * A Distributed Trust Model. Alfarez Abdul-Rahman, Univ. College, London (Joint work with S. Hailes) * On Multiple Statements from Trust Sources. Raphael Yahalom, Hebrew University and MIT * Off-line Delegation in a Distributed File Repository. Arne Helme, University of Twente (Joint work with Tage Stabell-Kulo) * Operational Tradeoffs of Aggregating Attributes in Digital Certificates. Ian Simpson, Carnegie Mellon University * Trust Management for Mobile Agents. Vipin Swarup, MITRE (Joint work with W. Farmer and J. Guttman) * Trust Management in ERLink. Samuel Schaen, Mitre * Linking Trust with Network Reliability. Y. Desmedt, Univ. of Wisconsin at Milwaukee (Joint work with M. Burmester) * Trust Management Under Law-Governed Interaction. Naftaly Minsky, Rutgers University (Joint work with V. Ungureanu) * Tools for Security Policy Definition and Implementation. Polar Humenn, Blackwatch Technology, Inc. _______________________________________________________________________ Reader's Guide to Current Technical Literature in Security and Privacy Part 2: Journal and Newsletter Articles, Book Chapters _______________________________________________________________________ IEEE Trans. on Knowledge and Data Engineering Vol. 8, Number 5 (October 1996). V. Atluri, S. Jajodia, and E. Bertino. Alternative correctness criteria for concurrent execution of transactions in multilevel secure databases. pp. 839-854. Journal of Computer Security, Vol. 4, No. 1 (1996)[received 11/96]: B. d'Ausbourg and Ch. Calas. Controlling causal dependencies over a network. pp. 3-26. A.W. Roscoe, J.C.P. Woodcock, and L. Wulf. Non-interference through determinism. pp. 27-54. U. M. Maurer and P. E. Schmid. A calculus for security bootstrapping in distributed systems. pp. 55-80. A. Jiwa, T. Hardjono and J. Seberry. Beacons for authentication in distributed systems. pp. 81-96. R. Hauser, P. Janson, R. Molva, G. Tsudik, and E. Van Herreweghen. Robust and secure password and key change method. pp. 97-112. Computers & Security Volume 15, Number 4 (1996). (Elsevier) Special Features: Rossouw von Solms. Information security management: the second generation. pp. 281-288. Jacques Lemieux. Using RAD tools to develop secure client/server applications. pp. 289-296. Thomas Finne. The information security chain. pp. 297-316. Refereed papers: Joan Borrell and Joseph Rifa. An implementable secure voting scheme. pp. 327-338. Wen-Shenq Juang and Chin-Laung Lei. A collision-free secret ballot protocol for computerized general elections. pp.339-348. High Integrity Systems, Volume 1, No. 5 (1996). John Clark and Jeremy Jacob. Attacking Authentication Protocols. pp. 465-473. _______________________________________________________________________ Reader's Guide to Current Technical Literature in Security and Privacy Part 3: Books ________________________________________________________________________ Dorothy Denning. Manager's Guide to Cyberspace Attacks and Countermeasures. Published by the Computer Security Institute; claims to offer advice on "thwarting every known form of electronic threat, including the recent denial-of-service attacks, viruses, system break-ins, equipment theft and interception of network traffic." $10 (free to CSI members). From Martin David, Dept. of Information Industries, Adelaide: A new joint Australian/New Zealand standards publication is due to be issued on 5 November 1996. AS/NZS 4444:1996 - "Information Security Management" This new Australian/New Zealand standard proposes a set of recommended requirements, and controls for information systems design, implementation and operation to safeguard information resources of organizations from external and internal security threats, either accidental or intended. This Joint Standard includes a comprehensive list of terms relating to information security. While it is based on BS 7799, it has been enhanced and includes appendices with Australian and New Zealand legislation as well as guidelines and principles from the Organization for Economic Cooperation and Development (OECD). Approx AUD 60-00. In addition, the following report will also be issued. SAA MP75-1996 -- "Strategies for the Implementation of a Public Key Authentication Framework (PKAF) in Australia" Digital signatures are touted to be the solution for true electronic commerce for authentication purposes. The establishment of the proposed framework, PKAF, will provide the framework within which digital signature solutions can cooperatively function. Without a mechanism for interoperation between proprietary digital signature schemes, business could be forced to support a variety of schemes to be able to conduct business with different business partners. By creating a PKAF, the issue of who to trust is made redundant as the signatures are issued under the one framework with minimum standards of policies and procedures. Retail: Approx AUD 20-00. Standards Australia Sales Office contact details: Address: 1 The Crescent, Homebush NSW 2140, Australia. Tel: +61 (2) 9746 4600 ________________________________________________________________________ ________________________________________________________________________ Calendar ________________________________________________________________________ Gene Spafford reports he is starting a computer security events calendar at http://arisia.cs.purdue.edu/ -- check it out. ==================================================================== See Calls for Papers section for details on many of these listings. ==================================================================== "Conf Web Page" indicates there is a hotlink on the Cipher Web pages to conference information. Dates Event, Location Point of Contact/ more information ----- --------------- ---------------------------------- 10/ 1/96: RIDE '97; Birmingham, England, Conf Web page. Submissions due to peters@ece.nwu.edu; 10/ 1/96: TSMA '97. Nashville, TN. Submissions due to chairman; 10/11/96: FSE4, Haifa, Israel; Conf Web page. Submissions to biham@cs.technion.ac.il; 10/16/96-10/19/96: WebNet. San Francisco, CA Conf Web page 10/16/96-10/19/96: IC3N96, Rockville, Washington D. C. 10/21/96-10/25/96: ICECCS96; Montreal, Quebec. Conf Web page 10/22/96: HASE96. Niagara-on-the-Lake, Canada; Conf Web page 10/22/96-10/25/96: NISS96. Baltimore, Maryland 10/29/96-11/ 1/96: OSDI '96 Seattle, WA; Conf web page 10/29/96-11/ 1/96: ICNP96, Columbus, Ohio; Conf Web page 11/ 1/96: Data Mining special issue of JIIS; journal web page. Submissions due. 11/ 1/96: IEEE Network Magazine special issue on security, submissions due. 11/ 3/96-11/ 7/96: ASIACRYPT96, Kyongju, South Korea Conf Web page 11/11/96-11/12/96: MOBICOM96, Rye, NY; conf Web page 11/11/96-11/13/96: CSI '96,Chicago, Illinois 11/14/96-11/15/96: IPIC96, Cambridge, Massachusetts; Conf Web page 11/15/96: ENM '97, Montreal, Quebec. Submissions by mail; 11/15/96: DART96. Rockville, MD Conf Web page 11/15/96: ACM-MONET, Journal Web page 11/15/96: IEEE S&P, Oakland, California. Conf Web page; electronic submissions due 12/ 2/96-12/ 4/96: ASIAN '96, Singapore. Conf Web page 12/ 9/96-12/13/96: 12th Annual ACSAC, San Diego, CA. Conf web page. 1/ 8/97- 1/10/97: ICDT97, Delphi, Greece; Conf Web page 1/20/97- 1/22/97: FSE4, Haifa, Israel; Conf Web page. 2/ 8/97- 2/14/97: MMD '97. San Jose, California; Conf Web page 2/10/97- 2/11/97: SNDSS '97, San Diego, California. Conf Web page 2/23/97- 2/24/97: PAKDD '97, Singapore. Info hweeleng@iti.gov.sg; 3/ 5/97- 3/ 7/97: DCCA6. Garmisch-Partenkirchen, Germany. 3/20/97- 3/23/97: TSMA '97; Nashville, TN 4/ 1/97- 4/ 4/97: DASFAA '97; Melbourne, Australia Conf Web page 4/ 2/97- 4/ 4/97: 4th CCS, Zurich, Switzerland; Conf Web page 4/ 7/97- 4/11/97: ICDE '97, Birmingham, UK; Conf Web page 4/ 7/97- 4/ 8/97: RIDE '97. Birmingham, England Conf Web page 4/ 9/97- 4/11/97: ISADS97, Berlin, Germany; Conf Web page 4/14/97- 4/17/97: SICON97, Kent Ridge, Singapore 5/ 4/97- 5/ 7/97: IEEE S&P, Oakland, California; Conf Web page 5/13/97- 5/16/97: 9th CCSS, Ottawa; no e-mail address available 6/11/97- 6/12/97: ENM '97, Montreal, Quebec 7/??/97: ACISP'97, Syndney, Australia, vijay@st.nepean.uws.edu.au 9/ 9/97: USENIX Sec Symp. San Antonio, TexasConf Web page. Submissions to securitypapers@usenix.org; 1/26/98- 1/29/98: USENIX Sec Symp. San Antonio, Texas Conf Web page 5/ 3/98- 5/ 6/98: IEEE S&P 98; Oakland no e-mail address available 5/12/98- 5/15/98: 10th CCSS, Ottawa; no e-mail address available 5/ 2/99- 5/ 5/99: IEEE S&P 99; Oakland no e-mail address available 5/11/99- 5/14/99: 11th CCSS, Ottawa; no e-mail address available 4/30/00- 5/ 3/00: IEEE S&P 00; Oakland no e-mail address available 5/16/00- 5/19/00: 12th CCSS, Ottawa; no e-mail address available Key: * ACISP = Australasian Conference on Information Security and Privacy, * ACM-MOBILE = ACM Mobile Computing and Communications Review ACM-MOBILE * ACM-MONET = Special Issue of the Journal on Special Topics in Mobile Networking and Applications ACM-MONET * ACSAC = Annual Computer Security Applications Conference 12th Annual * ASIAN = Asian Computing Science Conference ASIAN '96 * ATMA = Advanced Transaction Models and Architectures ATMA * BDBIS = Baltic Workshop on DB and IS, BDBIS * CCS = ACM Conference on Computer and Communications Security * CCSS = Annual Canadian Computer Security Symposium * COMAD = Seventh Int'l Conference on Management of Data (India) * CISMOD = International Conf. on Information Systems and Management of Data * CFP = Conference on Computers, Freedom, and Privacy * COMPASS = Conference on Computer Assurance COMPASS'96 * CoopIS96 = First IFCIS International Conference on Cooperative Information Systems, CoopIS96. * CPAC = Cryptography - Policy and Algorithms Conference * CRYPTO = IACR Annual CRYPTO Conference CRYPTO96 * CSFW = Computer Security Foundations Workshop CSFW10 , Wrkshp Page * CSI = Computer Security Institute Conference CSI96 * CVDSWS = Invitational Workshop on Computer Vulnerability Data Sharing CVDSWS. * CWCP = Cambridge Workshop on Cryptographic Protocols * DART = Databases: Active & Real-Time DART '96 * DASFAA = Database Systems For Advanced Applications DASFAA '97. * DCCA = Dependable Computing for Critical Applications DCCA6 * DEXA = International Conference and Workshop on Database and Expert Systems Applications, DEXA96 * DMKD96 = Workshop on Research Issues on Data Mining and Knowledge Discovery,Web page and CFP. * ENM = Enterprise Networking ENM '97 * ESORICS = European Symposium on Research in Computer Security ESORICS'96 * FIRST = Computer Security Incident Handling and Response FIRST '96 * FISP = Federal Internet Security Plan Workshop, FISP96. * FISSEA = Federal Information Systems Security Educators' Association * FME = Formal Methods Europe, FME '96 * FMSP = Formal Methods in Software Practice * FSE = Fast Software Encryption Workshop FSE4 * HASE = High-Assurance Systems Engineering Workshop HASE96 * HPTS = Workshop on High Performance Transaction Systems * IC3N = International Conference on Computer Communications and Networks IC3N '96 * ICDCS96 = The 16th International Conference on Distributed Computing Systems, ICDCS96 * ICDE = Int. Conf. on Data Engineering ICDE '97 * ICDT = International Conference on Database Theory ICDT97. * ICECCS = International Conference on Engineering of Complex Computer Systems ICECCS '96 * ICI = International Cryptography Institute * ICNP96 = International Conference on Network Protocols ICNP96 * ICSSDBM = Int. Conf. on Scientific and Statistical Database Management * IEEE S&P = IEEE Symposium on Security and Privacy - IEEE S&P '97 * IFIP/SEC = International Conference on Information Security (IFIP TC11) * IFIP WG11.3 = IFIP WG11.3 10th Working Conference on Database Security * IFIP96 Mobile Commns = IFIP 1996 World Conference, Mobile Communications * IH Workshop '96 = Workshop on Information Hiding * IMACCC = IMA Conference on Cryptography and Coding, 5th IMACC * IMC96 = IMC'96 Information Visualization and Mobile Computing * INET = Internet Society Annual Conference * INET96 = The Internet: Transforming Our Society Now, INET96 * IPIC = Integration of Enterprise Information and Processes, IPIC96 * IPSWG = Internet Privacy and Security Workshop IPSWG '96 * IS = Information Systems (journal) * ISADS = Symposium on Autonomous Decentralized Systems ISADS '97 * ISTCS = Fourth Israeli Symposium on Theory of Computing and Systems, * IWES = International Workshop on Enterprise Security IWES * JBCS = Journal of the Brazilian Computer Society * JCMS = Journal of Computer Mediated Communication * JCS = Journal of Computer Security WWW issue * JDSE = Journal of Distributed Systems Engineering; Future Directions for Internet Technology JDSE * KDD96 = The Second International Conference on Knowledge Discovery and Data Mining (KDD-96) * MCN = ACM Int. Conf. on Mobile Computing and Networking. See MOBICOM * MCDA = Australian Workshop on Mobile Computing & Databases & Applications; * METAD = First IEEE Metadata Conference METAD * MMD = Multimedia Data Security MMD '97 * MMDMS = Wkshop on Multi-Media Database Management Systems MMDMS '96 * MOBICOM = Mobile Computing and Networking MOBICOM '96. * NCSC = National Computer Security Conference * NISS = National Information Systems Security Conference NISS96 * NSPW = New Security Paradigms Workshop NSPW '96 * OSDI = Operating Systems Design and Implementation OSDI '96 * PAKDD = First Asia-Pacific Conference on Knowledge Discovery and Data Mining, PAKDD97 * PISEE = Personal Information - Security, Engineering, and Ethics PISEE * RIDE = High Performance Database Management for Large Scale Applications * RTDB'96 = First International Workshop on Real-Time Databases: Issues and Applications, RTDB96. * SAC = Workshop on Selected Areas of Cryptography SAC '96 * SCRAPC = Smart Card Research and Advanced Application Conference SCRAPC96 * SDSP = UK/Australian International Symposium On DSP For Communication Systems SDSP '96 * SECURICOM = World Congress on the Security of Information Systems and Telecommunication, SECURICOM '96 * SFC = Society and the Future of Computing SFC '96 * SFTC-VI = Symposium on Fault Tolerant Computing - VI (Brazil) * SICON = IEEE Singapore International Conference on Networks SICON '97 * SIGMOD/PODS - ACM SIGMOD International Conference on Management of Data / ACM SIGACT SIGMOD-SIGART Symposium on Principles of Database Systems * SNDSS = Symposium on Network and Distributed System Security (Internet Society) NDSS '97 * SOC = 18th Biennial Symposium on Communications, SOC18. * TPHOLs = Theorem Proving in Higher Order Logics TPHOLs96 * TSMA = 5th International Conference on Telecommunication Systems - Modeling and Analysis TSMA '97 * USENIX Sec Symp = USENIX UNIX Security Symposium, 7th Annual. * VLDB = 22nd International Conference on Very Large Data Bases, VLDB96. * WDAG-9 = Ninth Int. Workshop on Distributed Algorithms * WebNet = World Conference of the Web Society, WebNet 96. * WECS = ACM Workshop on Computer Security Education, WECS '97 * WWWC = International World Wide Web Conference WWWC 96. ________________________________________________________________________ Data Security Letter Subscription Offer ________________________________________________________________________ A special subscription rate of $25/year for the Data Security Letter is now available to IEEE TC members. The DSL is an external, nonpartisan newsletter published by Trusted Information Systems, Inc. Eleven issues (usually 16 pages each) per year are published. The DSL welcomes reader suggestions and contributions and accepts short research abstracts (about 130 words) for publication on an ongoing basis. On occasion, the DSL will be republishing Cipher articles (with authors' approval), but such articles will constitute a small portion of DSL content (thus there will be very little duplication of Cipher material). IEEE TC members wishing to take advantage of the special subscription rate should send the following to sharon@tis.com. The information can also be faxed to 301-854-5363 (attention: DSL) phoned to 301-854-5338, or mailed to Trusted Information Systems, Inc., 3060 Washington Rd., Glenwood, MD 21738 USA. NAME: POSTAL ADDRESS: (Please indicate company name, if a business address) PHONE: (Please indicate if home or business) FAX: E-MAIL: IEEE Membership No. (if applicable): NOTE: If you are already a paying subscriber to the DSL, for the $25 you will receive a 2-year renewal; refunds, rebates, etc., on your current subscription are not available. If you have any questions about the offer or anything else pertaining to the DSL, you may contact the editor, Sharon Osuna, via E-Mail to sharon@tis.com or call her at 301-854-5338. ________________________________________________________________________ How to become <> a member of the IEEE Computer Society's TC on Security and Privacy ________________________________________________________________________ You do NOT have to join either IEEE or the IEEE Computer Society to join the TC, and there is no cost to join the TC. All you need to do is fill out an application form and mail or fax it to the IEEE Computer Society. A copy of the form is included below (to simplify things, only the TC on Security and Privacy is included, and is marked for you) The full and complete form is available on the IEEE Computer Society's Web Server at URL: http://www.computer.org:80/tab/tcapplic.htm (print & mail form) or http://www.computer.org:80/tab/Tcappli1.htm (HTML form for form-enabled browsers) IF YOU USE THE FORM BELOW, PLEASE NOTE THAT THE IT IS TO BE RETURNED (BY MAIL OR FAX) TO THE IEEE COMPUTER SOCIETY, >>NOT<< TO CIPHER. --------- IEEE Computer Society Technical Committee Membership Application ----------------------------------------------------------- Please print clearly or type. ----------------------------------------------------------- Last Name First Name Middle Initial ___________________________________________________________ Company/Organization ___________________________________________________________ Office Street Address (Please use street addresses over P.O.) ___________________________________________________________ City State ___________________________________________________________ Country Postal Code ___________________________________________________________ Office Phone Fax ___________________________________________________________ Email Address (Internet accessible) ___________________________________________________________ Home Address (optional) ___________________________________________________________ Home Phone ___________________________________________________________ [ ] I am a member of the Computer Society IMPORTANT: IEEE Member/Affiliate/Computer Society Number: ____________________ [ ] I am not a member of the Computer Society* Please Note: In some TCs only current Computer Society members are eligible to receive Technical Committee newsletters. Please select up to four Technical Committees/Technical Councils of interest. TECHNICAL COMMITTEES [ X ] T27 Security and Privacy Please Return Form To: IEEE Computer Society 1730 Massachusetts Ave, NW Washington, DC 20036-1992 Phone: (202) 371-0101 FAX: (202) 728-9614 ________________________________________________________________________ TC Publications for Sale (NOT) ________________________________________________________________________ Proceedings of past Symposium proceedings will be available again in a few months. The store is temporarily closed until our new checking account is opened. ________________________________________________________________________ TC Officer Roster ________________________________________________________________________ Chair: Vice Chair: Deborah Cooper Charles P. Pfleeger P.O. Box 17753 Trusted Information Systems, Inc. Arlington, VA 22216 3060 Washington Rd., (703)908-9312 voice and fax Glenwood, MD 21738 dmcooper@ix.netcom.com (301)854-6889 (voice) (301)854-5363 (fax) pfleeger@tis.com Newsletter Editor: Chair, Subcommittee on Academic Affairs: Carl Landwehr Prof. Karl Levitt Code 5542 University of California, Davis Naval Research Laboratory Division of Computer Science Washington, DC 20375-5337 Davis CA 95611 (202)767-3381 (916)752-0832 landwehr@itd.nrl.navy.mil levitt@iris.ucdavis.edu Standards Subcommittee Chair: Chair, Subcommittee on Security Conferences: Greg Bergren Dr. Stephen Kent 10528 Hunters Way BBN Corporation Laurel, MD 20723-5724 70 Fawcett Street (410)684-7302 Cambridge, MA 02138 (410)684-7502 (fax) (617) 873-3988 glbergr@missi.ncsc.mil kent@bbn.com ________________________________________________________________________ Information for Subscribers and Contributors ________________________________________________________________________ SUBSCRIPTIONS: Two options: 1. To receive the full ascii CIPHER issues as e-mail, send e-mail to (which is NOT automated) with subject line "subscribe". 2. To receive a short e-mail note announcing when a new issue of CIPHER is available for Web browsing or downloading from our ftp server send e-mail to (which is NOT automated) with subject line "subscribe postcard". To remove yourself from the subscription list, send e-mail to cipher-request@itd.nrl.navy.mil with subject line "unsubscribe". Those with access to hypertext browsers may prefer to read Cipher that way. It can be found at URL http://www.itd.nrl.navy.mil/ITD/5540/ieee/cipher CONTRIBUTIONS: to are invited. Cipher is a NEWSletter, not a bulletin board or forum. It has a fixed set of departments, defined by the Table of Contents. Please indicate in the subject line for which department your contribution is intended. For Calendar entries, please include an e-mail address for the point-of-contact. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. All reuses of Cipher material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy, publications using Cipher material should obtain permission from the contributors. BACK ISSUES: There is an archive that includes each copy distributed so far, in ascii, in files you can download at URL http://www.itd.nrl.navy.mil/ITD/5540/ieee/cipher/cipher-archive.html There is also an anonymous FTP server that contains the same files. To access the archive via anonymous FTP: 1. ftp www.itd.nrl.navy.mil 2. At prompt for ID, enter "anonymous" 3. At prompt for password, enter your actual, full e-mail address 4. Once you are logged in, change to the Cipher Directory: cd pub/cipher 5. Now you can request any of the files containing Cipher issues in ascii. Issues are named in the form: EI#N.9506 where N is the number of the issue desired and 9506 captures the year and month it first appeared. ========end of Electronic Cipher Issue #18, 11 November 1996=============