Subject: Electronic CIPHER, Issue 53, March 20, 2003 _/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/_/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/_/ _/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/ ==================================================================== Newsletter of the IEEE Computer Society's TC on Security and Privacy Electronic Issue 53 March 20, 2003 Jim Davis, Editor Hilarie Orman, Assoc. Editor Bob Bruen, Book Review Editor Anish Mathuria, Reader's Guide ==================================================================== http://www.ieee-security.org/cipher.html Contents: * Letter from the Editor * Conference and Workshop Announcements * Conference and Workshop Announcements o Information and Preliminary Program for the IEEE Symposium on Security and Privacy, the Claremont Resort, Oakland, CA, USA, May 11-14, 2003. o Cipher calls-for-papers and calendar 13 new calls added since Cipher E52: - IEEE Security & Privacy issue on Understanding Privacy (submissions due July 31, 2003) www.computer.org/security - The 9th IEEE International Conference on Emerging Technologies and Factory Automation (submissions due March 31, 2003) www.uninova.pt/etfa2003 - Sixth International Symposium on Recent Advances in Intrusion Detection (submissions due March 31, 2003) www.raid-symposium.org/raid2003 - The Second International Workshop on Mathematical Methods, Models and Architectures for Computer Networks Security (submissions due April 1, 2003) http://space.iias.spb.su/mmm-acns03/ - New Security Paradigms Workshop (submissions due April 4, 2003) www.nspw.org - International Conference on Software Engineering and Formal Methods (submissions due April 14, 2003) www.svrc.uq.edu.au/Events/SEFM03/cfp.html - The 2003 International Conference on Emerging Technologies (submissions due May 1, 2003) www.rfbinternational.com - The 10th ACM Conference on Computer and Communications Security (submissions due May 9, 2003) www.acm.org/sigs/sigsac/ccs/CCS2003/ - Adaptive and Resilient Computing Security Security (submissions due June 1, 2003) Email: robert.ghanea-hercock@bt.com - The 19th Annual Computer Security Applications Conference (submissions due June 1, 2003) www.acsac.org - The Workshop on Rapid Malcode (submissions due July 1, 2003) http://pisa.ucsd.edu/worm03/ - The First Theory of Cryptography Conference (submissions due August 27, 2003) www-cse.ucsd.edu/users/mihir/tcc/ - 2004 International Workshop on Practice and Theory in Public Key Cryptography (submissions due September 20, 2003) www.i2r.a-star.edu.sg/pkc2004/ o Program for the WITS'03, the Workshop on Issues in the Theory of Security, April 5-6, 2003 * Commentary and Opinion o Robert Bruen's review of Firewalls and Internet Security (2nd edition) by William Cheswick, Steven Bellovin and Aviel Rubin o Review of the Seventh International Financial Cryptography Conference (Gosier, Guadeloupe, January 27-30, 2003) by Jean Camp o Review of the Australian Industry Group's workshop on "Threats to Australia's Security" (Melbourne, February 19, 2003) by Vernon Stagg o NewsBits: Announcements and correspondence from readers * Reader's guide to recent security and privacy literature, by Anish Mathuria (new entries March 15, 2002) * List of Computer Security Academic Positions, by Cynthia Irvine * Staying in Touch o Information for subscribers and contributors o Recent address changes * Interesting Links and New reports available via FTP and WWW * Links for the IEEE Computer Society TC on Security and Privacy o Becoming a member of the TC o TC Officers o TC publications for sale ==================================================================== Letter from the Editor ==================================================================== Dear Readers: We are pleased to bring you this issue of Cipher! In it you will find conference reports by Vernon Stagg and Jean Camp, a book review by Robert Bruen, plus the links to new calls for papers. We would also like to thank Eugen Bacic for contributing the memoriam for our colleague Milan Kuchta. On another sad note, you have no doubt heard of the passing of our friend Roger Needham on February 28, 2003. You can find several nice tributes and recaps of Roger's very long list of contributions at http://research.microsoft.com/users/needham/needham.aspx and http://research.microsoft.com/users/needham/. It's not surprising to note that nearly everyone uses the word "pioneer" when describing his accomplishments. He was a truly a leader with a vision for our community and will be greatly missed. As always, thanks to our colleagues who contribute to Cipher! Best regards, Jim Davis davis@iastate.edu ==================================================================== Conference and Workshop Announcements ==================================================================== ==================================================================== Upcoming Calls-For-Papers and Events ==================================================================== The complete Cipher Calls-for-Papers is located at www.ieee-security.org/cfp.html. The Cipher event Calendar is at www.cs.utah.edu/flux/cipher/cipher-hypercalendar.html ____________________________________________________________________ Cipher Event Calendar ____________________________________________________________________ Calendar of Security and Privacy Related Events maintained by Hilarie Orman Date (Month/Day/Year), Event, Locations, web page for more info. -------------- * 3/26/03- 3/28/03: WPET 2003, Dresden, Germany; www.petworkshop.org * 3/31/03: ETFA 2003, Lisbon, Portugal; http://www.uninova.pt/etfa2003 * 3/31/03: RAID 2003, Pittsburgh, PA; http://www.raid-symposium.org/raid2003 -------------- * 4/01/03: MMM-ACNS-2003, St. Petersburg, Russia; http://space.iias.spb.su/mmm-acns03/ * 4/4/03: NSPW 2003, Ascona, Switzerland; http://www.nspw.org/ * 4/5/03- 4/ 6/03: WITS '03, Warsaw, Poland; http://www.dsi.unive.it/IFIPWG1_7/index.html * 4/13/03- 4/17/03: CT-RSA 2003, San Francisco, CA. http://reg2.lke.com/rs3/rsa2003/crypto.html * 4/16/03- 4/18/03: NetCompApp '03, Cambridge, MA. www.cs.utk.edu/~mbeck/NCA03/NCA03-cfp.pdf * 4/22/03: BITE 2003, Angers, France; www.iceis.org/ * 4/28/03- 4/29/03: PKI '03, Gaithersburg, MD. http://middleware.internet2.edu/pki03/ * 4/28/03- 4/30/03: ITCC, Las Vegas, Nevada www.cs.clemson.edu/~srimani/itcc2003/cfp.html -------------- * 5/1/03: ACNS '03, Kunming, China; http://www.onets.com.cn/dhe.htm * 5/1/03: ISC '03, Bristol, UK; http://www.hpl.hp.com/conferences/isc03/call_for_papers.htm * 5/1/03: ICET '03, Minneapolis, Minnesota; http://www.rfbinternational.com/ICET03.htm * 5/9/03: CCS 2003, Washington, DC; http://www.acm.org/sigs/sigsac/ccs/CCS2003/ * 5/11/03: SNPA 2003 www.icc2003.com/workshop1.html * 5/11/03- 5/14/03: IEEE S & P, Oakland, California. www.ieee-security.org/TC/SP-Index.html * 5/15/03: ICICS '03, Mongolia, China; http://www.cstnet.net.cn/icics2003/ * 5/18/03- 5/21/03: IRMA 2003, Hershey, PA, USA www.irma-international.org/ * 5/20/03- 5/24/03: WWW-SEC-2003, Budapest, Hungary; www.www2003.org -------------- * 6/1/03: ACSAC 19, Las Vegas, Nevada; http://www.acsac.org/ * 6/2/03- 6/3/03: SACMAT '03, Como, Italy. www.acm.org/sigsac/sacmat/ * 6/4/03- 6/6/03: POLICY 2003, Lake Como, Italy. www.labs.agilent.com/policy2003/ * 6/5/03- 6/6/03: EIT 2003, Indianapolis, IN. www.cis-ieee.org/eit2003 * 6/23/03: WISP, Eindhoven, Netherlands; http://www.iit.cnr.it/staff/fabio.martinelli/wisp-cfp.html * 6/25/03: AMS 2003, Seattle WA; http://www.caip.rutgers.edu/ams2003 * 6/26/03- 6/28/03: WISE 3, Monterey, CA, USA cisr.nps.navy.mil/wise3/ * 6/26/03- 6/27/03: FCS '03, Ottawa, Canada; http://www.cs.stanford.edu/~iliano/fcs03/ -------------- * 7/1/03: WORM, Washington, DC; http://pisa.ucsd.edu/worm03/ * 7/2/03: CSFW 16, Pacific Grove, CA. www.csl.sri.com/csfw/index.html * 7/9/03- 7/11/03: ACISP 2003, Wollongong, Australia; http://www.itacs.uow.edu.au/research/NSLabs/acisp03/ -------------- * 8/4/03- 8/ 6/03: IFIP WG11.3, Estes Park, Colorado; http://www.cs.colostate.edu/~ifip03 * 8/17/03- 8/21/03: CRYPTO '03, Santa Barbara, CA. www.iacr.org/conferences/crypto2003/cfp.html * 8/18/03- 8/21/03: NSPW 2003, Ascona, Switzerland; http://www.nspw.org/ * 8/25/03- 8/29/03: SIGCOMM 2003, Karlsruhe, Germany; http://www.acm.org/sigcomm/sigcomm2003 * 8/25/03- 8/26/03: ICET '03, Minneapolis, Minnesota; http://www.rfbinternational.com/ICET03.htm -------------- * 9/28/03-10/1/03: ICON 2003, Sydney, Australia. www.ee.unsw.edu.au/~icon/ * 9/1/03- 9/ 5/03: TRUSTBUS '03, Prague, Czech Republic; http://www.uni-regensburg.de/Fakultaeten/WiWi/pernul/dexa03ws/ * 9/8/03- 9/10/03: RAID 2003, Pittsburgh, PA; http://www.raid-symposium.org/raid2003 * 9/16/03- 9/19/03: ETFA 2003, Lisbon, Portugal; http://www.uninova.pt/etfa2003 * 9/20/03: PKC '04, Singapore; http://www.i2r.a-star.edu.sg/pkc2004/ * 9/20/03- 9/24/03: MMM-ACNS-2003, St. Petersburg, Russia; http://space.iias.spb.su/mmm-acns03/ -------------- * 10/1/03-10/ 3/03: ISC '03, Bristol, UK; http://www.hpl.hp.com/conferences/isc03/call_for_papers.htm * 10/2/03-10/ 3/03: CMS 2003, Turin, Italy; http://security.polito.it/cms2003/ * 10/10/03-10/13/03: ICICS '03, Mongolia, China; http://www.cstnet.net.cn/icics2003/ * 10/16/03-10/19/03: ACNS '03, Kunming, China, http://www.onets.com.cn/dhe.htm * 10/27/03-10/31/03: CCS 2003, Washington, DC; http://www.acm.org/sigs/sigsac/ccs/CCS2003/ * 10/27/03: WORM, Washington, DC; http://pisa.ucsd.edu/worm03/ -------------- * 12/8/03-12/12/03: ACSAC 19, Las Vegas, Nevada; http://www.acsac.org/ -------------- * 3/1/04- 3/ 4/04: PKC '04, Singapore, http://www.i2r.a-star.edu.sg/pkc2004/ ____________________________________________________________________ Journal, Conference and Workshop Calls-for-Papers ____________________________________________________________________ IEEE Security & Privacy, George Cybenko, Editor. Theme: Understanding Privacy, Nov/Dec 2003 Issue. (submissions due July 31, 2003) Privacy is a growing concern in today's networked world. The Nov./Dec. issue of IEEE Security & Privacy will be devoted to privacy—its technological, commercial, and social aspects. Papers dealing with the following privacy-related topics are welcome: - identity theft and related abuses; - consumer and business practices and trends affecting privacy; - information ownership, competing claims, unresolved ambiguity; - legal and criminal issues; - privacy leakage case studies; - relationships and trade-offs between security and privacy; - privacy-enhancing technologies; - relationships between privacy management and digital rights management; - formal models and definitions of privacy; and - database issues in privacy protection. See www.computer.org/security. ETFA'2003 The 9th IEEE International Conference on Emerging Technologies and Factory Automation (Special session on IT Security for Automation Systems), September 16-19, 2003, Lisbon, Portugal. (submissions due March 31, 2003) Due to the increased interconnection between plant-floor systems and enterprise-level computer systems up to and including public networks like the Internet, and based on Internet protocols (HTTP/TCP/IP), IT security issues and concerns have also reached the domains of automation IT systems and automation communication networks. IT security needs, constraints, and mechanisms for automation systems are in various ways different from those of the office computing environment, which creates the necessity, but also the opportunity, for novel approaches. For this special session papers are solicited which are concerned with: - Specific security needs of automation systems, e.g. with respect to security objectives, usage scenarios, system topologies/architectures or operating environment. - Specific security mechanisms, devices, processes, protocols and architectures for automation systems. - IT security audits for automation devices and systems. More information can be found at www.uninova.pt/etfa2003. RAID'2003 Sixth International Symposium on Recent Advances in Intrusion Detection, Pittsburgh, PA, USA, September 8-10, 2003 (submissions due March 31, 2003) The RAID International Symposium series is intended to further advances in intrusion detection by promoting the exchange of ideas in a broad range of topics. Paper submission and panel proposals are invited on the following types of topics: - Assessing, measuring, and classifying intrusion-detection systems - IDS cooperation and integration - IDS interoperability standards and standardization - IDSs in high-performance and real-time environments - Vulnerabilities and attacks - Innovative Approaches - Practical Considerations More information can be found on the conference web page at www.raid-symposium.org/raid2003. ECIW 2003 European Conference on Information Warfare and Security, University of Reading, United Kingdom, June 30-July 1, 2003. (abstracts due April 1, 2003) The second European Conference on Information Warfare and Security (ECIW) is an opportunity for academics, practitioners and consultants from Europe and elsewhere who are involved in the study, management, development and implementation of systems and concepts to combat information warfare or to improve information systems security to come together and exchange ideas. The conference in July 2003 is seeking qualitative, experience-based and quantitative papers as well as case studies and reports of work in progress from academics, information systems practitioners, consultants and government departments. Topics may include, but are not limited to, e-Intelligence/counter-intelligence, Perception management, Information warfare theory, Electro-magnetic pulse weapons, Information, computer and network security, Cryptography, Physical security, Security policy, Information warfare policy, Information warfare techniques, Hacking, Infra-structure warfare, National security policy, Corporate defence mechanisms, Security for small to medium enterprises, Cyber Terrorism, Ethical, Political and Social Issues relating to Information Warfare, Information warfare and security education, Legal issues concerned with information warfare and e-Crime, Cyber-terrorism. In addition to multiple streams of papers, the conference committee are inviting proposals for workshops and tutorials on topics related to Information Warfare and research methods applicable to this field. The full call-for-papers and registration details can be found www.mcil.co.uk/conf-management.htm. MMM-ACNS-2003 The Second International Workshop "Mathematical Methods, Models and Architectures for Computer Networks Security", September 20-24, 2003, St. Petersburg, Russia. (submissions due April 1, 2003) The objective of the 2003 workshop is to bring together leading researchers from academia and governmental organizations as well as practitioners in the area of computer networks and information security and facilitate personal interactions and discussions on various aspects of information technologies in conjunction with security problems arising in large-scale computer networks engaged in information storing, transmitting, and processing. The complete call for papers, with a list of topics of interest and information on local arrangements can be found on the work shop web page at http://space.iias.spb.su/mmm-acns03/. NSPW 2003 New Security Paradigms Workshop, Centro Stefano Francini, Ascona, Switzerland, August 18-21, 2003. (submissions due April 4, 2003) For eleven years the New Security Paradigms Workshop has provided a stimulating and highly interactive forum for innovative approaches to computer security. In order to preserve the small, focused nature of the workshop, participation is limited to authors of accepted papers and conference organizers. NSPW is highly interactive in nature. Authors are encouraged to present ideas that might be considered risky in some other forum. All participants are charged with providing feedback in a constructive manner. The resulting brainstorming environment has proven to be an excellent medium for furthering the development of these ideas. The proceedings, which are published after the workshop, have consistently benefited from the inclusion of workshop feedback. Because we expect new paradigms, we accept wide-ranging topics in information security. Papers that present a significant shift in thinking about difficult security issues or builds on a previous shift are welcomed. Our program committee particularly looks for new paradigms, innovative approaches to older problems, early thinking on new topics, and controversial issues that might not make it into other conferences but deserve to have their try at shaking and breaking the mold. More information can be found on the conference web page at www.nspw.org. ESORICS 2003 8th European Symposium on Research in Computer Security, Gjųvik, Norway, October 13-15, 2003 (submissions due April 11, 2003) Papers offering novel research contributions in any aspect of computer security are solicited for submission to the Eighth European Symposium on Research in Computer Security (ESORICS 2003). Organized in a series of European countries, ESORICS is confirmed as the European research event in computer security. The symposium started in 1990 and has been held on alternate years in different European countries and attracts an international audience from both the academic and industrial communities. From 2002 it will be held yearly. The Symposium has established itself as one of the premiere, international gatherings on Information Assurance. Papers may present theory, technique, applications, or practical experience on topics including: - access control - network security - accountability - non-interference - anonymity - privacy-enhancing technology - applied cryptography - pseudonymity - authentication - security as quality of service - covert channels - secure electronic commerce - cryptographic protocols - security administration - cybercrime - security evaluation - data integrity - security management - denial of service attacks - security models - dependability - security metrics - firewalls - security requirements engineering - formal methods in security - security verification - inference control - smartcards - information flow control - steganography - information warfare - subliminal channels - intellectual property protection - survivability - intrusion detection - system security - intrusion tolerance - transaction management - language-based security - trustworthy user devices More information about the conference can be found at www.hig.no/esorics2003/. SEFM'2003 International Conference on Software Engineering and Formal Methods, Brisbane, Australia, September 22-27, 2003. (submissions due April 14, 2003) The objective of the conference is to bring together practitioners and researchers from academia, industry and government to exchange views on the theoretical foundation of formal methods, their application to software engineering and the socio-economic impact of their use. Authors are invited to submit both research and tool papers. The scientific program will include paper and tool presentations, tool demonstrations, tutorials and invited talks. More information can be found on the conference web page at www.svrc.uq.edu.au/Events/SEFM03/cfp.html. First International Mobile IPR Workshop: Rights Management of Information Products on the Mobile Internet, Helsinki, Finland, August 27-28, 2003 (submissions due April 25, 2003) MobileIPR Workshop welcomes papers on all aspects of rights management related to information products such as music, electronic books, videos, multimedia, games, or software distributed on the Mobile Internet commercially or otherwise. Relevant topics include, but are not limited to: - Digital rights management (DRM) and technical tools to protect and manage rights, e.g. cryptographic systems, watermarking, rights expression languages, and rights management databases. - Intellectual property rights (IPR) copyright, database right, patent, and trademark. - Privacy in relation to rights management, including protection of confidential information. - Contracts, especially open source licensing models in software and content production. - Societal and policy issues, including the effect of non-governmental organizations and citizens activism. - Control of information products - economic and ethical rationales too. - Business models related to rights management. - User-contributed content and rights management. - Rights management in peer-to-peer, super-distribution, and other new distribution models. - Related enabling technologies and their impact on digital rights management. We welcome both full and short (experience) papers as well as extended abstracts that address different aspects of rights management. More information can be found on the workshop web page at www.hiit.fi/de/mobileipr/workshop/. ECOOP 2003 Workshop on Exception Handling in Object Oriented Systems: towards Emerging Application Areas and New Programming Paradigms, Darmstadt, Germany, July 21-25, 2003. (submissions due April 25, 2003) The workshop will provide a forum for discussing the unique requirements for exception handling in the existing and emerging applications, including pervasive computing, ambient intelligence, the Internet, e-science, self-repairing systems, collaboration environments. We invite submissions on research in all areas of exception handling related to object oriented systems, in particular: formalisation, distributed and concurrent systems, practical experience, mobile object systems, new paradigms (e.g. object oriented workflows, transactions, multithreaded programs), design patterns and frameworks, practical languages (Java, Ada 95, Smalltalk, Beta), open software architectures, aspect oriented programming, fault tolerance, component-based technologies. We encourage participants to report their experiences of both benefits and obstacles in using exception handling, reporting, practical results in using advanced exception handling models and the best practice in applying exception handling for developing modern applications in the existing practical settings. To participate in the workshop, the prospective attendees are required to submit 4-7 page position papers (in the LNCS format) to Alexander Romanovsky (alexander.romanovsky@ncl.ac.uk) by April 25. Additional information can be found on the workshop web page: www.cs.ncl.ac.uk/~alexander.romanovsky/home.formal/ehoos2003.html. SecCo 2003 1st International Workshop on Security Issues in Coordination Models, Languages and Systems (affiliated with ICALP 2003), Eindhoven, the Netherlands, June 28-29, 2003. (submissions due April 27, 2003) Coordination models and languages, which advocate a distinct separation between the internal behaviour of the entities and their interaction, represent a promising approach. However, due to the openness of these systems, new critical aspects come into play, such as the need to deal with malicious components or with a hostile environment. Current research on network security issues (e.g. secrecy, authentication, etc.) usually focuses on opening cryptographic tunnels between fully trusted entities. For this to work the structure of the system must be known beforehand. Therefore, the proposed solutions in this area are not always exploitable in this new scenario. The aim of the workshop is to cover the gap between the security and the coordination communities. More precisely, we intend to promote the exchange of ideas, focus on common interests, gain in understanding/deepening of central research questions, etc. Topics of interest include, but are not limited to: Theoretical foundations, specification, analysis, case-studies, applications for: - authentication coordination models - integrity open-distributed systems - privacy mobile ad-hoc networks - confidentiality agent-based infrastructures - access control -in- peer-to-peer systems - denial of service global computing - service availability context-aware computing - safety aspects component-based systems - fault tolerance ubiquitous computing More information can be found at cs.unibo.it/secco03 ISC'03 6th Information Security Conference, Bristol, United Kingdom, October 1-3, 2003. (submissions due May 1, 2003) Original papers are solicited for submission to ISC 2003. ISC aims to bring together individuals involved in multiple disciplines of information security to foster exchange of ideas. Topics of interest include, but are not limited to: Access Control Key Management Applied Cryptography Legal and Regulatory Issues Cryptographic Protocols Mobile Code & Agent Security Digital Rights Management Network & Wireless Security E-Commerce Protocols Software Security Formal Aspects of Security Security Analysis Methodologies Information Hiding Trust Management Intrusion Detection More information can be found on the conference web page at www.hpl.hp.com/conferences/isc03. ICET'03 The 2003 International Conference on Emerging Technologies, Minneapolis, Minnesota, USA, August 25-26, 2003. (submissions due May 1, 2003) The goal of this conference is to foster cross-disciplinary interaction in emerging technologies that are approaching sufficient maturity for initial commercialization. By providing insights from academia, research, industry, and funding communities the conference will foster discussions on interactions of emerging technologies, and the insights that can be harvested from other disciplines. Major areas of interest for this conference are: Trusted and Reliable Systems; Interconnected Computing; and Integrated Bio/hardware/software Systems. More information is available at www.rfbinternational.com. ACNS'03 First MiAn International Conference on Applied Cryptography and Network Security, Kunming, China, October 16-19, 2003. (submissions due May 1, 2003) The first MiAn International Conference on Applied Cryptography and Network Security (ACNS’03) will be held in Kunming, China on October 16-19, 2003, organized by MiAn (ONETS) Pte Ltd and in cooperation with the local government. Original paper on all aspects of applied cryptography and network security are solicited for submission to the conference. Areas of interests include but not restricted to: Biometric Security Applications, Cryptographic and Anti-cryptographic Analysis, Cryptographic Applications, Data Recovery and Coding, Differential Power Attacks, Efficient Implementation, Firewall and Intrusion Detection, GPRS and CDMA Security, Identification and Entity Authentication, Key Management Techniques, Network Protocol and Analysis, PKI/PMI and Bridge CA, Secure e-commerce and e-government, Security Management and Strategy, Smart Card Security, Verification and Testing of Secure Systems, Virus and Worms, VPN and SVN, WLAN and Bluetooth Security. More information can be found at the conference web page at www.onets.com.cn/dhe.htm. IICIS'2003 Sixth IFIP TC-11 WG 11.5 Working Conference on Integrity and Internal Control in Information Systems, Lausanne, Switzerland, November 13-14, 2003. (submissions due May 2, 2003) Confidentiality, integrity and availability are high-level objectives of IT security. The IFIP TC-11 Working Group 11.5 has been charged with exploring the area of the integrity objective within IT security and the relationship between integrity in information systems and the overall internal control systems that are established in organizations to support corporate governance codes. The goals for this conference are to find an answer to the following questions: what is the status quo of research and development in the area of integrity and internal control; where are the gaps between business needs on the one hand and research and development on the other and what needs to be done to bridge these gaps; and what precisely do business managers need to have confidence in the integrity of their information systems and their data. Topics of interest include: - integrity and internal control in Enterprise Resource Planning systems - integrity and internal control in e- and m-commerce applications and infrastructure - integrity and internal control in financial systems - developments in internal control concepts and the impact on integrity requirements - integrity standards - methods for dealing with incomplete or inconsistent information - efficient methods for checking integrity - integrity requirements necessary to implement an internal control structure within an organization - integrity of archival data - integrity and authentication of digital documents - trustworthy computation More information and the full call-for-papers can be found on the conference web site at http://lbd.epfl.ch/e/conferences/IICIS03/index.html. CCS2003 The 10th ACM Conference on Computer and Communications Security, Washington, DC, USA, October 27-31, 2003. (submissions due May 9, 2003) Papers offering novel research contributions in any aspect of computer security are solicited. The primary focus is on high-quality original unpublished research, case studies, and implementation experiences. Papers should have practical relevance to the construction, evaluation, application, or operation of secure systems. Theoretical papers must make convincing argument for the practical significance of the results. Theory must be justified by compelling examples illustrating its application. The primary criterion for appropriateness for CCS is demonstrated practical relevance. CCS can therefore reject perfectly good papers that are appropriate for theory-oriented conferences. Topics of interest include: - access control - accounting and audit - security for mobile code - data/ system integrity - cryptographic protocols - intrusion detection - key management - security management - information warfare - security verification - authentication - database and system security - applied cryptography - smart-cards and secure PDAs - e-business/ e-commerce - inference/ controlled disclosure - privacy and anonymity - intellectual property protection - secure networking - commercial and industry security More information can be found at www.acm.org/sigs/sigsac/ccs/CCS2003/. ICICS'03 5th International Conference on Information and Communications Security, Huhehaote City, Inner-Mongolia, China, October 10-13, 2003. (submissions due May 15, 2003) Information and communication security is a challenging topic at the best of times. This conference series brings together researchers and scholars to examine important issues in this area. Original papers on all aspects of information and communications security are solicited for submission to ICICS2003. Areas of interests include but not limited to: Access control, Anonymity, Authentication and Authorization, Biometric Security, Data and System Integrity, Database Security, Distributed Systems Security, Electronic Commerce Security, Fraud Control, Information Hiding and Watermarking, Intellectual Property Protection, Intrusion detection, Key Management and Key Recovery, Language-based Security, Operating System Security, Network Security, Risk Evaluation and Security Certification, Security for Mobile Computing, Security Models, Security Protocols, Virus and Worms. More information can be found on the conference web page at www.cstnet.net.cn/icics2003/. Adaptive and Resilient Computing Security (ARCS), Santa Fe Institute Workshop, SFI, NM, November 5-6, 2003. (submissions due June 1, 2003) This workshop is the second in the series and will focus on the theme of adaptive defence of information and computing networks. The aim is to stimulate novel approaches to securing the information infrastructure. In particular the workshop will consider long-term developments and research issues relating to the defence of information networks. The driving scientific motivation for this workshop is to further our understanding of adaptive and self-organising mechanisms that can be applied to the development of resilient and robust information networks. In particular it will provide a forum for commercial and academic researchers to exchange concepts and issues within this domain. Following a highly successful first event, this workshop will be based on two specific sub-themes. These are: - Bio-inspired Defence Systems - Adaptive Security Mechanisms Some of the specific problems, which will be addressed, include: - Design of self-healing networks - Optimization versus robustness - Machine learning and defence strategies - Dynamic stability in large-scale networks - Self & non-self recognition, Immunology models If interested please submit an extended 4 page abstract to Dr. Robert Ghanea-Hercock / BTexact technologies, Adastral Park, Admin 2, Martlesham, Suffolk, UK. Email: robert.ghanea-hercock@bt.com ACSAC 19 The 19th Annual Computer Security Applications Conference, Las Vegas, Nevada USA, December 8-12, 2003. (submissions due June 1, 2003) The 19th Annual Computer Security Applications Conference is an internationally recognized conference that provides a forum for experts in information system security to exchange practical ideas about solving real problems. Papers and proposals that address the application of technology, the implementation of systems, and lessons learned will be given special consideration. The ACSAC Program Committee is looking for papers, panels, forums, case studies presentations, tutorials, workshops, and works in progress that address practical solutions to problems related to protecting commercial enterprises or government information infrastructures. A list of topics of interest along with other conference information can be found at www.acsac.org. The Workshop on Rapid Malcode (in association with 10th ACM Conference on Computer and Communications Security), Washington, D.C., October 27, 2003. (submissions due July 1, 2003) In the last several years, Internet-wide infectious epidemics have emerged as one of the leading threats to information security and service availability. The vehicle for these outbreaks, malicious codes called "worms", leverage the combination of software monocultures and the uncontrolled Internet communication model to quickly compromise large numbers of hosts. Current operational practices have not been able to manage these threats effectively and the research community is only now beginning to address this area. The goal of this workshop is to bring together ideas, understanding and experience bearing on the worm problem from a wide range of communities including academia, industry and the government. We are soliciting papers from researchers and practitioners on subjects including, but not limited to: - Modeling and analysis of propagation dynamics - Automatic detection, characterization, and prediction - Analysis of worm construction, current & future - Propagation strategies (fast & obvious vs slow and stealthy) - Reactive countermeasures - Proactive defenses - Threat assessment - Forensic methods of attribution - Significant operational experiences More information can be found at http://pisa.ucsd.edu/worm03/. TCC'2004 The First Theory of Cryptography Conference, Cambridge MA, USA, February 18-20, 2004. (submissions due August 27, 2003) Papers presenting original research on theoretical and foundational aspects of cryptography are sought. The Theory of Cryptography deals with the paradigms, approaches and techniques used to conceptualize, define and provide solutions to natural cryptographic problems. Consequently, research in this area includes: - The study of known paradigms (resp. approaches and techniques), directed towards a better understanding and utilization of the latter. - Discovery of new paradigms (resp. approaches and techniques) that overcome inherent or seemingly inherent limitations of the existing paradigms. - Formulation of new cryptographic problems and treating them using known or new paradigms (resp. approaches and techniques). The importance of the Theory of Cryptography is widely recognized by now. This area has contributed much to the practice of cryptography and secure systems as well as to the theory of computation at large. The Theory of Cryptography Conference is a new venue dedicated to the dissemination of results in the area. The conference will provide a meeting place for researchers and be instrumental in shaping the identity of the Theory of Cryptography. More information can be found at www-cse.ucsd.edu/users/mihir/tcc/. PKC'04 2004 International Workshop on Practice and Theory in Public Key Cryptography, Singapore, March 1-4, 2004. (submissions due September 20, 2003) For the last few years the International Workshop on Practice and Theory in Public Key Cryptography PKC is the main annual workshop focusing on research on all aspects of public key cryptography. The first workshop was organized in 1998 in Japan. Other PKCs have taken place in Australia, France, Japan, South Korea and USA. PKC has attracted papers from famous international authors in the area. Submissions in all areas related to applications and theory in public key cryptography are welcome, including but not limited to the following areas: - Theory of public key cryptography - Design of new public key cryptosystems - Analysis of public key cryptosystems - Efficient implementation of public key cryptographic algorithms - Applications of public key cryptography and PKI More information can be found on the conference web page at www.i2r.a-star.edu.sg/pkc2004/. ==================================================================== Conferences and Workshops (the call for papers deadline has passed) ==================================================================== www.ieee-tfia.org/iwia2003/ The First International Workshop on Information Assurance, Darmstadt, Germany, March 24, 2003. Workshop on Privacy Enhancing Technologies 2003, Dresden, Germany, March 26-28, 2003. www.petworkshop.org/. SPI 2003 www.vabo.cz/spi/defaulten.htm Security and Protection of Information, Brno, Czech Republic, March 28-30, 2003. WITS'03 www.dsi.unive.it/ifipwg1_7/wits2003.html Workshop on Issues in the Theory of Security, Warsaw, Poland, April 5-6, 2003. CHI2003 www.iit.nrc.ca/~patricka/chi2003/hcisec/ ACM Workshop on Human-Computer Interaction and Security Systems, Fort Lauderdale, Florida, USA, April 5-6, 2003. IPCCC'2003 www.ipccc.org. The International Performance, Computing, and Communications Conference, Phoenix, Arizona, USA, April 9-11, 2003 CT-RSA 2003 reg2.lke.com/rs3/rsa2003/crypto.html. Cryptographers' Track RSA Conference 2003, San Francisco, CA, USA, April 13-17, 2003. IWWST'03 http://iwwst.org.uk First International Workshop in Wireless Security Technologies, London, UK, April 15-16, 2003 BITE2003 www.iceis.org/workshops/bite/bite2003-cfp.html The First International Workshop on Business Information Technology Ethics, Angers, France, April 22, 2003 ICEIS'2003 www.iceis.org. 5th International Conference on Enterprise Information System, Angers, France, April 23-26, 2003 ITCC 2003 www.cs.clemson.edu/~srimani/itcc2003/cfp.html International Conference on Information Technology: Coding and Computing, Las Vegas, Nevada, April 28-30, 2003 Second Annual PKI Research Workshop, NIST, Gaithersburg MD, USA, April 28-29, 2003. middleware.internet2.edu/pki03/ Workshop on Data Mining for Counter Terrorism and Security, (held in conjunction with the Third SIAM International Conference on Data Mining), San Francisco, CA, USA, May 3, 2003 http://ic.arc.nasa.gov/~ashok S&P2003 www.research.att.com/~smb/oakland03-cfp.html The 2003 IEEE Symposium on Security and Privacy, Oakland, California, USA, May 11-14, 2003 IRMA 2003 www.irma-international.org. Information Resources Management Association International Conference, Philadelphia, Pennsylvania, USA, May 18-21, 2003 WWW2003 www.www2003.org/. The Twelfth International World Wide Web Conference, Security & Privacy Track, Budapest, Hungary, May 20-24, 2003 WEIS2003 mloeb@rhsmith.umd.edu Workshop on Economics and Information Security, College Park, MD, USA, May 29-30, 2003 CISSE 2003 www.ncisse.org 7th Colloquium for Information Systems Security Education, Washington, DC, USA, June 1-5, 2003 SACMAT'03 www.acm.org/sigsac/sacmat/ 18th ACM Symposium on Access Control Models and Technologies, Como, Italy, June 2-3, 2003 IEEE Electro/Information Technology Conference www.cis-ieee.org/eit2003 Indianapolis, IN, USA, June 5-6, 2003 4th Annual IEEE Information Assurance Workshop, United States Military Academy, West Point, NY, USA, June 18-20, www.itoc.usma.edu/workshop/2003 FCS'2003 www.cs.stanford.edu/~iliano/fcs03 LICS Satellite Workshop on Foundations of Computer Security, Ottawa, Canada, June 26-27, 2003 PODSY2003 http://lpdwww.epfl.ch/fgaertner/podsy2003 Workshop on Principles of Dependable Systems, San Francisco, CA, USA, June 22, 2003 WISP 2003 http://www.iit.cnr.it/staff/fabio.martinelli/wisp-cfp.html Workshop on Issues in Security and Petri Nets, Eindhoven, NL, June 23, 2003 Special Session on Web Services, First International Conference on Web Services, Las Vegas, NV, USA, June 23-26, 2003 http://tab.computer.org/tfec/icws03 WISE 3/ WECS 5 http://cisr.nps.navy.mil/wise3/ Third World Conference on Information Security Education, and Workshop on Education in Computer Security, Naval Postgraduate School, Monterey California, USA, June 26-28, 2003. CSFW16 www.csl.sri.com/csfw/csfw16 16th IEEE Computer Security Foundations Workshop, Asilomar, Pacific Grove, CA, USA, June 30-July 2, 2003. ACISP 2003 www.itacs.uow.edu.au/research/nslabs/acisp03 The Eighth Australasian Conference on Information Security and Privacy, Wollongong, Australia, July 9-11, 2003 Security in Distributed Computing (special track of the 22nd Annual ACM SIGACT-SIGOPS Symposium on Principles of Distributed Systems), Boston, Massachusetts, USA, July 13-16, 2003 www.podc.org/podc2003/ USENIX Security 2003 12th USENIX Security Symposium Washington, DC, USA August 4-8, 2003 www.usenix.org IFIP WG11.3 2003 7th Annual IFIP WG 11.3 Workshop Conference on Data and Applications Security, Estes Park, Colorado, USA, August 4-6, 2003 www.cs.colsostate.edu/~ifip03 ECC 2003 www.cacr.math.uwaterloo.ca The 7th Workshop on Elliptic Curve Cryptography, University of Waterloo, Waterloo Canada, August 11-13, 2003 TrustBus'03 www.uni-regensburg.de/fakultaeten/wiwi/pernul/dexa03ws/ Trust and Privacy in Digital Business, Prague, Czech Republic, September 1-5, 2003 7th International Conference on Knowledge-Based Intelligent Information & Engineering Systems (special session on Artificial Intelligence Applications to Information Security), St Anne's College, University of Oxford, U.K., September 3-5, 2003. scalab.uc3m.es/~docweb/AIIS_KES03.html CHES 2003 www.chesworkshop.org Workshop on Cryptographic Hardware and Embedded Systems, Cologne, Germany, September 8-10, 2003 CMS 2003 http://security.polito.it/cms2003/cfp.pdf The 7th IFIP Communications and Multimedia Security Conference, Turin, Italy, October 2-3, 2003 Communications Security Symposium (part of the IEEE GLOBECOM 2003 workshop), San Francisco, CA, USA, December 1-5, 2003. www.globecom2003.com/CFP1.html ____________________________________________________________________ PRELIMINARY PROGRAM 2003 IEEE Symposium on Security and Privacy May 11-14, 2003 The Claremont Resort Oakland, California, USA sponsored by IEEE Computer Society Technical Committee on Security and Privacy in cooperation with The International Association for Cryptologic Research (IACR) Sunday, May 11, 2003 4:00-7:00 Registration and Reception Monday, May 12, 2003 8:45-9:00 Opening Remarks 9:00-10:30 Session: Anonymity "Mixminion: Design of a Type III Anonymous Remailer Protocol" George Danezis (Cambridge Univ.), Roger Dingledine, Nick Mathewson (Free Haven Project) "Probabilistic Treatment of MIXes to Hamper Traffic Analysis" Dakshi Agrawal (IBM Watson), Dogan Kesdogan, Stefan Penz (Aachen Univ. Tech.) "Defending Anonymous Communication Against Passive Logging Attacks" Matt Wright, Micah Adler, Brian Neil Levine, Clay Shields (U. Mass.) 10:30-11:00 Break 11:00-12:00 Session: IDS "Active Mapping: Resisting NIDS Evasion Without Altering Traffic" Umesh Shankar (UC Berkeley), Vern Paxson (ICSI) "Anomaly Detection Using Call Stack Information" Henry Hanping Feng (U. Mass.), Oleg M. Kolesnikov, Prahlad Fogla, Wenke Lee (Georgia Tech.), Weibo Gong (U. Mass.) 12:00-1:30 Lunch 1:30-2:30 Invited talk 2:30-3:00 Break 3:00-4:00 Session: OS "Defending Against Denial-of-Service Attacks with Puzzle Auctions" XiaoFeng Wang, Mike Reiter (CMU) "Pi: A Path Identification Mechanism to Defend against DDoS Attacks" Abraham Yaar, Adrian Perrig, Dawn Song (CMU) 4:00-6:00 5-minute talks Tuesday, May 13, 2003 9:00-10:30 Session: Formal Methods "A Unified Scheme for Resource Protection in Automated Trust Negotiation" Ting Yu, Marianne Winslett (U. Illinois, Urbana-Champaign) "Beyond Proof-of-compliance: Safety and Availability Analysis in Trust Management" Ninghui Li (Stanford), William H. Winsborough (NAI Labs), John C. Mitchell (Stanford) "Intransitive Non-Interference for Cryptographic Purposes" Michael Backes, Birgit Pfitzmann (IBM Zurich) 10:30-11:00 Break 11:00-12:00 Session: Hardware "Specifying and Verifying Hardware for Tamper-Resistant Software" David Lie, John Mitchell (Stanford), Chandramohan Thekkath (Microsoft Research), Mark Horowitz (Stanford) "Using Memory Errors to Attack a Virtual Machine" Sudhakar Govindavajhala, Andrew W. Appel, (Princeton) 12:00-1:30 Lunch 1:30-2:30 Invited talk 2:30-3:00 Break 3:00-4:00 Session: Hardware & Crypto "Secret Handshakes from Pairing-Based Key Agreements" D. Balfanz, G. Durfee (PARC), N. Shankar (U. Maryland), D.K. Smetters, J. Staddon, H.C. Wong (PARC) "Random Key Predistribution Schemes for Sensor Networks" Haowen Chan, Adrian Perrig, Dawn Song (CMU) Wednesday, May 14, 2003 9:00-10:30 Session: Distributed Systems "Hardening Functions for Large Scale Distributed Computations" Douglas Szajda, Barry Lawson, Jason Owen (U. Richmond) "A Practical Revocation Scheme for Broadcast Encryption Using Smart Cards" Noam Kogan, Yuval Shavitt, Avishai Wool (Tel Aviv Univ.) "Using Replication and Partitioning to Build Secure Distributed Systems" Lantian Zheng, Stephen Chong, Andrew C. Myers (Cornell), Steve Zdancewic (U. Pennsylvania) 10:30-11:00 Break 11:00-12:00 "Vulnerabilities in Synchronous IPC Designs" Jonathan S. Shapiro (Johns Hopkins) "Garbage Collector Memory Accounting in Language-Based Systems" David W. Price, Algis Rudys, Dan S. Wallach (Rice) ==================================================================== Commentary and Opinion ==================================================================== ____________________________________________________________________ News Briefs ____________________________________________________________________ Mary Ellen Zurjo's News Briefs from past issues of Cipher are archived at www.ieee-security.org/Cipher/NewsBriefs.html ____________________________________________________________________ Book Reviews ____________________________________________________________________ Book reviews from past issues of Cipher are archived at www.ieee-security.org/Cipher/BookReviews.html, and conference reports are archived at www.ieee-security.org/Cipher/ConfReports.html. ____________________________________________________________________ Book Review By Robert Bruen March 14, 2003 ____________________________________________________________________ Firewalls and Internet Security, Second Edition. by William Cheswick, Steven Bellovin, and Aviel Rubin Addison-Wesley 2003. ISBN 020163466X LoC TK5105.875.I57C44 2003. 433 pages. $49.99. Index, Bibliography, two Appendices, list of Acronyms. The first edition of this book was a very worthwhile book, the second edition is even more so. It has been about ten years between the two editions and a lot has happened during that time. The principles put forth in the first edition are still valid. As an example, in the description of NFS, the authors asserted that while NFS had security problems, it was "not going away anytime soon." Well, the same statement in the second edition is just as correct now as it was then. There are two main differences between the first and second edition. The approach is a little different and second, more material has been added to reflect the developments of the intervening years. Some of the more humorous parts have been removed, such as the pretend proofs, and the cartoon on the cover has been updated. The Recommendations to Vendors appendix in the first edition is also missing. A quick look finds recommendations for routers to include logging and to distinguish between incoming and outgoing TCP traffic. Since these were good ones, perhaps a list that tells us which recommendations were followed and which were not would be of interest. This is just another example of how good the book was to begin with. Some of the changes are additional chapters on networking and intrusion detection. Firewalls are clearly related to intrusion detection, but the ID field has also moved forward over the years, so the relationship needed to be fleshed out a bit. Besides the Evening with Berferd, there is also the Taking of Clark, which analyzes the cracking of a system. And the addition of Aviel Rubin to the book cannot go without mention. In early days most firewalls were built by hand with only a few kits available. Now that there are a fair number of commercial and free kits, the book now emphasizes how to use them. There is still a mention of building your own firewall using ipchains for those who might like to roll their own. The technical explanations are improved and more illustrations have been added. Looking at the bibliography, there are twelve additional pages in spite of the deletion of some of the items on the first list. Naturally the other pointers to resources have been updated as well. The addition of more protocols, tools and applications have made the book even more useful. Things like VPNs, snort, RealPlayer and ssh were simply not around in the early 90s and the web was just beginning. To their credit, the authors did write about the web in the first edition, but it got much more attention in the second edition, its own chapter. I kept my original copy from 1994 and I think I will hang on to it. It will be on my shelf next to the new edition. This second edition of Firewalls is a must have book, but there is something to be said about an original. Besides, I would like to spend a some more time with that recommendation list ____________________________________________________________________ Review of The Australian Industry Group "Threats to Australia's Security" Melbourne, February 19, 2003 by Vernon Stagg ____________________________________________________________________ In February 2003 the Australian Industry Group ran a conference on the "Threats to Australia's Security" across three states. (This review, and associated web links are available from my website www.infowar.com.au) Ivan James, Chairman of the AiGroup provided the introduction and chaired the conference. He discussed the changing environment that businesses face, and warned not to become desensitised to the risks they face. Speakers Daryl Williams, the Australian Attorney General was unfortunately unable to attend but provided a pre-recorded address to delegates. He discussed the heightened level of alert in Australia since September 11, and the fact we can't ignore terrorism or hope it will just go away. He outlined the Australian Government's commitment to strengthen security along with the public campaign to raise awareness. The support, advice, expertise and resources of businesses and the private sector was recognised, as well as the difficulties involved in cooperation between these various entities with government. Efforts in protection of national economic infrastructure, and the model of critical infrastructure assurance developed from the Business Government Task Force recommendations, and the forthcoming critical infrastructure protection summit in April were detailed. In describing the physical security and response measures provided by State and Territory services, he reinforced the need to be cautious and prepared. In recognition of the threats to IT infrastructure he cited the recent DDOS attack on the Internet root servers. The need to secure data, and provide esecurity will be strengthened with the recent AGD/AusCERT scheme to report on attacks. He closed with a description of the recent Cybercrime act and enhanced electronic investigative powers provided to law enforcement, claiming "protection of national security and critical infrastructure is now important than ever. Protect the future". Dennis Richardson, Director General of the Australian Security Intelligence Organisation, began with a background on ASIO covering its role and powers. Highlighting the changes that terrorism has caused, he pointed out that pre-Sept 11 there was little public knowledge of Usama Bin Laden or Al Qaeda. He went on to discuss a number of terrorist incidents from the mid-90's to 2001 showing that terrorism is not a new issue. He discussed how post-Sept 11 Australia has become a legitimate terrorist target and that the threat levels to various elements of critical infrastructure and chemical, biological, and nuclear facilities have been raised. In discussing the need to apply appropriate security to each sector he indicated the need to determine whether you are part of the national or critical infrastructure, are your products of a security related concern (e.g. fertiliser), does your company have an overseas presence, and do your business continuity plans consider collateral damage. Clive Williams, Director of Terrorism Studies at the Australian National University outlined various threats to Australia's security environment. Beginning with internal threats he examined: * ethical activity by board members * tax evasion * misuse of organisational resources * insider information * personal use of company resources * sabotage and malicious tampering * fraud * extortion from insider activities * assault and intimidation * abuse of drugs * skimming credit cards next he looked at external threats, including: * misrepresentation of an organisation by a competitor * sabotage of website (e.g. etoys) * vandalism * intimidation * theft * sabotage * electronic attack/cybercrime * identity related crime * false invoicing * electronic fraud * manipulation of share prices * mail tampering * misuse of company switchboards * malevolent hacking * malicious disruption * attacks on staff * occupational violence He then followed with industrial espionage and the various tools and techniques used, including the threats from temporary staff, cleaning staff (uninhibited access), and the increasing use of electronic communications. Finally he looked at terrorism and politically motivated violence and the high number of businesses affected by terrorism. He pointed out businesses need to be aware of their associations and determine whether they are targets. He also indicated that the perceived threat can be quite different to the actual threat, and that litigation poses a large risk to corporate assets. Bruce Esplin, Chairman of the Victorian State Emergency Management Committee began by outlining the relationship between the States, Territory's, and the Commonwealth, and how State/Territory services would be first responders to an incident. There is a need to recognise the environmental and economic health of the States, and that each State is different and it will be difficult to develop a National strategy. Looking at the developments in counter-terrorism, he noted the improved cooperation and sharing between States, as well as the need to manage both the crisis and the consequences. Crisis will be primarily addressed by police and military, whilst consequences deal with emergency management arrangements, public health systems, national anti-terrorist plans, and an enhanced counter-terrorism capacity. He stressed that while public safety is a core responsibility of government, emergency management is a political activity, noting that communities hold government responsible and that communications with the community are critical in the judgement of success or failure. Following a list of emergency management issues, he listed the balances that need to be maintained, being: * Cost of doing versus Cost of not doing * Response versus Prevention/Mitigation * Intelligence gathering versus Intelligence sharing * Right to know versus Media as a weapon * Civil liberties versus Security He looked at the Victorian efforts in protection of critical infrastructure and how the Victorian Police play a role and are assisting in audit and valuation, that a register of critical infrastructure is being developed (over 600 items), and how the Emergency Committee are working with operators and regulating departments in risk assessment. Victoria has a well developed emergency management arrangement, a whole of government approach, well coordinated, multi-agency response and recovery capabilities. [A question raised after this presentation highlighted the benefits of Standards Australia and the risk management (4360) and information security (17799) documents they provide, and forthcoming documents on business continuity planning. Diane Sisely, CEO of Equal Opportunity Commission considered how workplace discrimination had risen since Sept-11, especially in racial and religious reports/incidents. Citing a number of statistics on these rises, she indicated that Arab people were facing a number of verbal and physical assaults and vilification. The notion of Islamophobia was raised, following from a Macquarie University report on widespread antagonism towards Muslims. Considering the risks to business from such discrimination, she highlighted the following issues: * Legislative requirements exist to deal with discrimination in the workplace * The victims are susceptible to various problems * Businesses need to grow their markets * Employ from diverse cultures * Less immigration = less business opportunities * If a business is labelled racist, it can have serious consequences Considering overseas trading and international partners, she expressed the need for clear, insightful leadership on these issues, the ability to deal with systemic issues (be proactive), and complying with regulations and laws. Ken Thompson, Project Director of the Critical Infrastructure Review Group (NSW) like many of the other speakers highlighted the change in the environment. He discussed the development of the National Principles Security Notification Model for Critical Infrastructure that is being adopted nationally. Examining the various levels, he outlined the practical measures required for medium to long term plans, including: * not to just plan ad hoc * consider Australia is not highly populated and has limited financial resources * utilise the AS/NZS 4360 Risk Management Standard Discussing the NSW initiative to develop the model, he outlined the need to establish context, develop risk criteria then identify, analyse, assess, and treat the risks. The model is aimed at providing the minimum security considerations and a risk analysis based on the 4360 Standard. Geoffrey Ross, Managing Director of Securenet Limited said businesses need to recognise the new risks that have emerged, especially in an online environment. He stated how the number, frequency and targeting of attacks is increasing and how the Internet has changed security needs. With risks being cumulative, systems that are connected to the Internet are at risk. Pointing out that whilst security is expensive, businesses should see security as an enabler and aim at achieving a security return-on-investment. He finished by stating make security a serious issue in your business. Bruce Gordon, Director of Marsh Pty Ltd provided an insurance perspective on the risks faced. He examined a breakdown of costs from the World Trade Centre collapse, and how Sept-11 has changed perspective on insurance. He explained the need to redefine credible/possible hazards, how the definition of "credible" has changed, and how exposure is no longer capable of specific measurement. Policies now have certain terrorism exclusions on liabilities, and various changes have occurred to the Australian reinsurance pool corporate structure. In regards to certain terrorism exclusions, he identified: * overseas assets * lack of consistency across insurers * provisions untested at law * protection of personnel Julia Selby, Executive General Manager of Austrade and Slater Smith, General Manager of the Export Finance and Insurance Corporation gave a shared presentation on implications for companies in developing and maintaining offshore markets. Examining offshore and overseas markets it was pointed out that business is still occurring overseas, and there are many opportunities available. Company's can maintain contact with overseas clients and customers through physical interaction, representatives, email, and video conferencing. It is important to maintain these relationships during good and bad times, and also to remain aware of a country's status. People were reminded that economic problems existed pre Sept-11, that they can't just blame terrorists or terrorist incidents for world risks, and that terrorism and war threats are only marginally holding back projects and the world economy. The need to look for risks was detailed through a number of examples such as how the Asian financial crisis affected the Italian clothing manufacturers which in turn affected Australian wool growers. Robert McNaught, Director of Control Risks Group finished the conference off with a look at how to protect employees overseas. In considering the heightened risks of political and popular violence, organisations should have effective: * crisis management * awareness training * evacuation planning Some of the implications if unprepared can include injury or loss of life, business interruption, damaged reputation, or financial loss. He indicated that businesses have an obligation under law ("duty of care") to their employees and should: * adequately prepare staff * informed assessment of risks * safety net if something happens * employee to acknowledge these preparations * develop a company travel policy * develop a risk analysis of overseas locations ____________________________________________________________________ Review of the Seventh International Financial Cryptography Conference Gosier, Guadeloupe, FWI January 27-30, 2003 by Jean Camp ____________________________________________________________________ Monday 1/27/2003 Keynote talk: Digital Cash - ahead of its time or just a bad idea? Tim Jones (Mondex) Session Chair: Rebecca Wright. Mondax was an attempt to bring crypto to the masses. Why did it fail? Did it have any successes? What was learned? Tim Jones, who choose to introduce himself as Co-inventor of Mondex and therefore the person whose fault it all is. This is a business presentation on why bringing crypto to the masses failed even with the support of major corporations. "Of all the things we did wrong one was an absolute corker." So he begins with a history of Mondex. Initially the banks choose to create EFTPOS-UK 1986. The banks conceptualized as an electronic check and that led to 250£ into a architecture based on an flawed intellectual premise. There were huge debates he classifies as jihads on DES v. RSA. "EFTPOS-UK was a turkey so it didn't matter but we learned." The UK banks felt debit cards happened _to_ _them_ instead of there being control. The banks wanted to control the next big thing - the charge card, the credit card, and then the debit card using the same architecture. You have high->medium->low transactions so it appears that the next will be ecash. So there was a particular specific search, and then there was a choice for an 'accounted'* model. (An accounted model means that the ecash is debited and then loaded on the card. After it is spent it is ends up at the bank again.) At the close down meeting the right questions were asked: Why don't we have a business case? Because it is too expensive? Why? Because we have all these accounting steps? why? because we don't know if the data coming in as money is truly money. so let's get rid of all the steps by implementing RSA, ensuring data, and locating liability appropriately March 2, 1990 Mondex insight: every purse in a peer-to-peer network is a secured node that removed the need for accounting steps What we did right: * buckets of market research in multiple countries with quant and qual research * sound specification and solid built * excellent security model, intellectually clean, independent of components that could be de-listed without breaking the entire system * "minimal novelty" approach - do not do anything else new unless you absolutely have to -- too many innovations creates too many unexpected interactions. Money is absolutely the ideal product and improving money is extremely difficult. * secrecy to surprise the market to prevent competition a filibuster. What we did wrong: * we built too sophisticated a product. we were too serious about the whole thing. we should have raced to market with a simple one. * too close to regulators and they say "hmm it is very serious and therefore must be extremely complicated" this lead to * "Mature scheme controls" in terms of systems and controls Mondex is a mature as VISA and if you think of the relative risks and market size this is a function of having come from a large mature and highly regulated industry * poor marketing strategy. This is the ugly true fact: You Cannot Tolerate a Weak Link in an Innovation Team * we did not notice the net *because Mondex was a bank, because we had a card, we were not taken seriously. There was quite a lot of "we have pony tails and open toe'd shoes and do real crypto and you are a nasty English banker." So we could not get the attention of the right people. (In my opinion this is a condemnation of the choice to be closed. Not that I am arguing against the existence of the ill-mannered cool-than-thou dot snob thing happening. Yet I was deeply in net commerce early on and Mondex was boring because it was closed. There was nothing interesting about having someone show you a black box and say - trust me this works.) The corker: We Picked the Wrong Kind of Everywhere Town trials are the worst way to do diffusion, because there is an immediate boundary created because it does not work outside. Even in the town it is impossible to get _every_ single merchant to take it. (Naff off? is that some English rude word?) So customers are not sure where it works. When you go and do a town trail because the worst merchants will embrace the system because they are the ones with the worst cash controls and most severe need for Mondex. The least relevant shops with established facilities took it, like upscale locales. Yet the worse places won't take it (like coin-operated laundries). This was also visible in the Upper West Side trial. Town trials are wrong, and the brand becomes associated with failure. You are also trying to talk to every demographic segment. redefine everywhere by brand association. (I believe that is what the EFTPOS cards did because they connected with VISA.) By bonding with a known brand then you create a comprehensible customer promise that fits with the way humans extent trust. It also creates a demographic target. It means that instead of getting every single technical challenge right, and making it work in every environment there is a single technical challenge. You can make it work perfectly in a rather narrow rather than work at all everywhere. Who is closest to getting this right? Mass transit systems. You can buy the cards in petrol stops (that's a gas station for us). Where is Mondex. Well, you can bet on the net. (ha ha ha). The Dutch were going to use interactive television which is awful. The only product that interactive tv consistently delivers is a screen that says "please wait". Since there are small winnings you can download money from the ban, make the lottery bet, and get your (almost certainly very small winnings) back on the card where you can spend it again. The merchants used UK debit because it was better for them for a check, Koreans are adding it to debit cards. So after two years Mondex will be everywhere. No one anticipated pervasive networks. These make server ecash possible. In a networked world where the cost of communications is decreasing even faster than processing power (see the work of Andrew Odzkylo for this). M-commerce looks promising. Ring tones and logos are deliverable to Nokia phones. So m-commerce has already go beyond the fantasy no-revenue model of the Internet. There is a picture of my hotel taken this morning. It is just pants. ("Pants" is the English kid rude word. Americans can translate that as "Stink"). The phone is a Vodephone leading edge. (He also has an orange SPV. That is Microsoft's first cell phone. It is a bit like a Handspring Trio. ) 5 million could subscribe to pay a couple of euros for the next hot new single delivered in MP3 the moment it is released. Server-based ecash is pants/stink for privacy. IC cards balances the states' right to regulate with the users right to privacy. So Mondex might come later, because society has not been harmed by privacy loss. Only the elites have experience true privacy problems. So every card has a Mondex pin. But the card does not need to be linked with an account a person of anything else. The pins are token identifiers. Inside each smart card there is a transaction history file. Any user can set it to a record size. It was initially set to a company standard of 10, and users can wipe this by doing a series of cheap transactions. (I do not buy that argument. I think the user should control records distribution and storage. That's not so hard and allows for ease of dispute resolution. ) Contactless has got to happen. People like that flexibility. Contactless makes the product cool. Bankers never think about cool. He proposed a throbbing pellet. If you are into leather who knows what your token might look like. (I propose that a throbbing token is a completely boy idea. Of course I like boys.) Security assessment. Public scrutiny is not a sensible way to protect a payment system. On your side of the debate you say that strength requires widespread analysis. Tim advocates controlled access to assessment. Paul Kosher (sp?) got inside the product with a brilliant attack with a differential attack. He dismisses the claims of Texas (Sandia National Labs) of having broken Mondex. Basically he says if someone with a facilities of the US government can break it -- that is not the threat model. He believes publishing security holes is not a good idea. Stuart Schechter: Maybe it is not broken because it is not being used. TJ: As long as you keep looking and maintain your humility and be honest and humble. (That honesty issue with respect to power and secrets is a chronic problem.) Concludes by saying the net has delayed ubiquitous computing but it will come, and we will have to agree to disagree on security mgt. A truly charming talk. An insight on the meaning of ubiquitous. But IMHO he was so totally wrong on the security by obscurity thing. See Matt Blaze's response to his critics on publishing the master key attack. Mike Smith: Well you refuse to believe Sandia. Tim Jones: That Sandia National Labs can break it means that we have a reasonable work factor. What concerns me is the silicon fabs in Eastern China. So my worry is how fast is it that the fabs in China get access to the information. There is a club of good guys working together. Nicko: Do you put controls in Mondex that structurally prevent switching value and speed of transaction amounts? Tim: There are value, origination, merchant, bank. Bank ones hold large money pots. Origination are bank withdrawal. Merchants are up to tens of thousands. There is a velocity of money control. Adam: there are many systems since ecash, yet these have found no traction. Why? Tim: Ecash has to be available everywhere. The hurdle to get people to adopt something extra is high. Vodephone and Orange have tried to get people sign up for a stored value account. This is because of the electronic money controls on ecash. Vodeophone and Orange cannot get people to open another account. Nicko: Can't you solve that by filling up the everything pot and then having the consumers pay for the telecom. Tim: No because a combination of accounting regulation and the fact that telephone companies are the most desperate and cash-strapped companies. Go in today and offer a telecom company the ability to have their cash be credited weeks later than the monies are credited today. It will be a very short conversation. One way to fix this is to allow the operators to credit the telephony portion to balance sheets at a high frequency. Richard: You are putting much weight on the prediction that people need privacy. Criminals will be the most attracted. Governments oppose it. Aren't you putting much weight on that guess? Tim: Proximity cash with a contactless card is more useful for something which is not always on the net. I do think the privacy argument will play through. The server cash will be there. But you can use the same brand and use both cards and tokens. There will be an increasing number of people interested in privacy. Ray: You mentioned the cards as anonymous but there is a purse id. Can you link serial transactions? Tim: The purse id follows the token one step. So some effort can create a layer of indirection by using a clean card. Q (from someone identifying himself as from Sandia); We have not seen any Mondex cards since the first ones out of curiosity. You said that we were the only people who loaded money onto it. But is that because we were smart enough or because we were interested and curious? Tim: We picked the best people we could find and tried to get them to break it. Many people tried to break it. There was a lot of noise, and there was interest. Ross Anderson claimed to break it but he never gave us a loaded card or a card id. Q (same person): But maybe it is just not yet worth breaking. Tim: Mondex does research on the dimensions of attack. Paul: So much of your panning about how this might fly invokes the privacy issue, yet your model seems to assume that there is no privacy in the network. If that happens your assumptions go away. But you seem sanguine about this. Tim: You are right. I am very sanguine because I am not part of it any more. Agoric Inc has some interesting ideas about peer economics. I think we need something that respects the fact that millions of copies can be sold. I argued at lunch that part of the reason Mondex was not cool was that it was closed, and a cool product would have gotten traction. He disagreed. I think it should be included as part of the cost -- that being closed by definition closes things off to you. I also argued that bankers have a risk-averse culture of integrity which is woefully absent in commercial computer programming and that an open system allows people to watch your suppliers. He maintains that they can watch their suppliers very well thank you, and closed does not imply trust in suppliers. Micropayments and E-cash Session Chair: Jacques Stern Using Trust Management to Support Transferable Hash-Based Micropayments Simon Foley A quick recap. A payer signs a contract promising to reimburse thru a hash chain. There is a hash chain of length n, issued to a principal payee. The first decision must be made by the payee is "is the payer trustworthy?" There is a series a payments. Then the payee seeks payment and the trustor asks if the request for payment is legitimate? Using these questions the has based micropayment scheme can be based on some trust calculus. Therefore Blaze & Jane's Keynote system can be applied in a valuable and consistent manner. The rest of the presentation is details of the application. We should think of a contract as a certificate that is being issued b the payor that authenticates the payee of having the right to assert demands for payment. Examples given are, trust a payee for up to some threshold. Or for a payor trust any request for payment based on verification of the contract. Payee compliance check can check is the payor is authorized to make the first payment. After that the KeyNote verification requires only checking the consistency of the hash chain. Richard: Is there a requirement for a pre-existence trust relationship? Why is there a policy question there? Simon: Because the trust question is based on the trust of the key. Richard F.: So when say trust the party you mean trust the key. In delegating hash chain contracts both the validity of the payment and the transfer of the payments must be trusted. How does the party that is receiving the delegated payment confirm that the delegator will not try to both delegate and obtain payment? Keynote can clarify and solve this problem by confirming that the first hash payment is valid and by verifying the contract of the delegator. Thus if the delegator cashed in there would be nonrepudiation when the final payee can prove rights to the payment. He applies KeyNote to show how the use of trust calculus and contracts can enable complex subcontract and subcontractors with limits by clarifying the trust dependencies understandable. One cool thing is that the credential in a subcontract then the subcontractor can break the has chain in a different manner (e.g. payee gets p^n, p^8n and can delegate p^4n for a second payment.) The need for and details of the contract are clarified by the use of KeyNote. A Micro-Payment Scheme Encouraging Collaboration in Multi-Hop Cellular Networks Markus Jakobsson, Jean-Pierre Hubaux, and Levente Buttyan You have a set of base stations and a set of mobile system moving around. In traditional systems the mobile station would reach the base station in a single hop. In multiple hop networks the base station can be reaching by using routing and sharing in the other mobile stations. Currently there are no created networks yet there are many research proposals in such a scheme. The major advantage is power. There is an advantage to transmit in multiple hoops, there are lower power requirements. Another advantage is cost as base stations are expensive, or extended capacities for the base station with no increased cost. We assume upstream is multihop but downstream is singlehop so this means that the power advantage stays but the cost advantages are decreased. Why should mobile nodes forward? Selfish behavior is optimal behavior. Therefore this paper proposes a micro-payment scheme. Marti et al proposed a watchdog and path rater which does not discuss misbehavior Buchegger looks are reputation-base collaboration which seems to be subject to pseudo-spoofing Rivest looked at aggregation requiring probabilistic payments (using lottery tickets as payments) but this has nor previously been applied to routing Micali and Rivest talked about probabilistic payments with deterministic debts. Again very useful but not previously used for routing. The general schemes is that the source sends a payment token with the packets. Each node interprets the token as a lottery ticket. If it is a winning ticket you submit the reward claim. In any case you forward the token and the packet. Assume the mobile devices are selfish and the base is honest. Attacks: taking only winning tickets sniff packets for other winning tickets crediting a friend (e.g., here send this msg, you'll win with this one) ticket pooling tampering with claims tampering with reward levels, particularly useful with near-source collusion Protocol requires a shared symmetric key for each mobile station and a base station. Each mobile device keeps track of immediate neighbors and the distance to the base station in hops. Packet dropping a higher receiving neighbor frequency than sending neighbor. Auditing technique in the spirit of fraud for existing telephony networks. No formal model or proofs given. These actions are for future research. Adam: What about the digital silk road paper? How does that relate? A: The main difference is that silk road is pure p2p and here we have an operator and take advantage of this. Roger: How can we detect someone who is cheating if there is a model for cheating. What about people framing others for cheating? A: We consider only selfish nodes but not malicious nodes. We consider strictly rational self-optimizing nodes. Paul: It could be beneficial is you could knock out competitors. A; Not in the general case On the Anonymity of Fair Off-line e-Cash Systems Matthieu Gaud and Jacques TraorŽ Franel, Tsiounis, Yung improved the security of Solages and Traore 98. Yet in neither case was either anonymity or security propertly proven. In this presentation those works are reviewed . Yet after examination it turns out that both are provable anonymous. Yet neither of these are provably secure because both depend on Chaum's blind signature problem. delayed: Retrofitting Fairness on the Original RSA-Based E-Cash Shouhuai Xu and Moti Yung moved up: How Much Security is Enough to Stop a Thief? Stuart Schechter and Michael Smith Instead of wondering how hard is it in technical terms to break a system think like an economist. Think about, "what it costs to find a vulnerability" and then think about, " What is the value for the adversary to break into a system?" In order to make the investigation of this model manageable we parse the paper by modeling the attacker as a thief. If the attacker is motivated by nationalism or ego it is much less feasible to evaluate the willingness to pay. By modeling a thief we can assume the thief only wants attacks that are valued more than they are worth. So a core of this model is the formalization of the outside threat using tools of economics. There has been some study about converting access to loot: steal data, sell it access data, encrypt it - resell a person their own data sell access - break into a machine and sell access So we can assume thieves are interested in a very high rate of return since they are, by definition, not legitimate business people. So consider the types of thieves. There are serial theft, parallel theft and one-time thieves. Well, the economics of stealing are not so different from the economics of honesty. So the greatest concern is the parallel and automated threat. Notice the concern is outside theft or social engineering because social engineering or insider theft do into scale. So the approach is to create the expected value for one thief (the one-time thief). Then expand it in time to the serial attack. Now when you add the second attack you have to consider the possibility that you attack no longer functions. So the probability of detection increases over time and the probability of failure increases over time. while a simple first sketch would show target independence, targets are not independent. Not only is there patching and increased observation but also the attacker learns some marginal amount during each attack. (This is shown in formal notation.) Note that doubling the probability of detection decreases the value of the vulnerability by half. Therefore this illustrates the value of both intrusion detection and the value of patching to decrease the value of a vulnerability. Using this model it is possible to make a business case for security. It is also the case that anonymity decreases risks to the thief. Increased anonymity decreases risks and non-revocable anonymity significantly reduces the expected cost or risk of being detected for the thief. Paul: what does this imply about sharing information? It seems that this model suggest that sharing information does not help the sharer. According to your model there is no risk in sharing. Scott: Currently people do not share because of stock market responses. Citibank did just this and their stock price took a hit but they increased overall customer trust. Rebecca: It is clearly an oversimplification to suggest that there is no increase in risk. Right now the common oversimplification is that sharing information creates only risk. What you hear now is a debate about responsible disclosure. There is a community of attackers who share information. Scott: When you find a vulnerability do you share it with everyone. But what if you have partial information? Most of the value is in victims' combining information to understand complete attacks more quickly. This is an area for further work to make this formal and prove it. Drew: What about stock manipulation attacks? Scott: Does the market act rationally adjusting stock based on vulnerability information? Large market fluctuations are based on lack of understanding. Understanding should be increased. Adam: Criminals like anonymity. They like that but they do it through identity theft and breaking into chains of machines. They avoid formal privacy systems which may be monitored. Does anonymity really help Scott: Breaking into a system requires a risk. A chain of servers creates a set of transactional risks. What I am saying is not that anonymity should not be built in but rather than anonymity should be revocable. Q: What about liability? Scott: I will talk about that tomorrow. Rachel G: You talk about sharing partial information, what good is partial information? Scott: How much do you want to use this attack against someone who has some clues and can know to watch you? Q: What's the use of this model? Scott: This model begins when crypto stops. There will always be implementations with millions of lines of code. There will always be integration. This is even being used to price brute force attacks. Panel: Does anyone really need MicroPayments? Moderator: Nicko van Someren (nCipher) Participants: Tim Jones (Ex Mondex) Andrew Odlyzko (University of Minnesota.) and Ron Rivest (MIT, PepperCoin), Duncan May (journalist at large) Andrew: Four Fundamental Reasons MicroPayments Will Never Happen 1. a gold dollar Americans go to Europe and say why don't we have a dollar. the Susan B Anthony failed and so the mint came up with a gold dollar. Three Americans have gold dollars. These have disappeared without a trace. Why? New payment schemes take a long time. Coins worked in Europe because the paper money was taken off the market. Credit cards took decades. Internet time is a myth when you are talking about changing the habits of millions of people who already have a good substitute. 2. enabling small transaction Sellers do not want small transactions. Sellers want large transactions. Bundling is common in software, subscription servers, bundling brings in more revenues because of the law of large numbers given the heterogeneity of preferences across the elements of a bundle. 3. Flat rate vs metering Flat rate prices are far preferable If you a producer of zero marginal cost goods you want people to use them and get value. Flat rate gets more customers and more use. 4, price discrimination Going back to the nineteenth century there is a large literature about the value of price discrimination. Price discrimination requires data about use. Greater gains can be achieved by matching user and price -- and anonymous systems prevent price discrimination. He has a paper on each one of these points on his web page. www.dtc.umn.edu/~odlyzko/ read 'em and weep. Ron Rivest Micropayments are for things when the cost of the transaction is so small and Micropayments exist as attention span (banner ads) and giving up data for small things. There was 300M $ of paid content on the net. Half of that was annual subscriptions. 14% were single purchase. 6% were some other subscription form. so 14-30% of sales would be single use. Some subscription services have failed. *69 failed as a subscription service, but it works well as 75¢ per use. We don't have a choice between subscriptions and pay per use. They work well together. Pay per use may bring in a subscriber. When diffusion is small subscription is not optimal. The killer ap for micropayments is music downloads. The music industry is in trouble. Their prices are too high. Their business model is weak. "Music users prefer pay-per-download to subscription." 60% of American have downloaded music, about 1% have paid. Many who did not pay would be prefer to pay rather than search. There are two parties. The sellers and the buyers. The buyers might prefer pay for download. The mobile ring-tone market is also pay for single use. in the NY Times they are trying to sell music on the web "Echo". Universal sells singles at 99¢ a song. Pay per use will always be available. To support this there is a need to keep transactions processing costs small. A founder of music sites found that credit card companies were charging 35¢ for each 99¢ transaction, By keeping the bank out of the loop it is possible to get substantial processing savings. You can do a RSA verification faster than a disk access. Since we don't have Hettinga to talk about bearer-based systems. I have concerns about these systems so I believe in a database and it is easier to have a per-user database. Tim Jones The range of transactions that are currently mediated is large. It is not self evident of why the share of physical money should collapse in favor of non-transactional subscription transactions. Why should the move to the electronic world fundamentally alter the payment choice that has been constant for hundreds of years? Those of us in the GSM world are very certain about "SMS was an afterthought in the GSM standard and children took it and created a new language and maybe a new culture." There are some new things that will come along and maybe anticipate. For example my daughter was passed on the M25 and some boys held up their cell phone number. They did SMS and ended up going clubbing that night. There are a number of people who are contributing to an open source computing environment which is growing in strength and scale. They are not being paid in an economically sound way. The range of payment options to reflect the value that people in this business world are creating is not adequate. This seems like a case where there are peers who appreciate value, and could assign it. In this case a large value can be created through a very small set of transactions. Think of beta wear where there is a free version and a pay version. If the option is to send 50¢ then there is no need to send a free one. That doesn't hurt you but if you think of the millions of desktops then it is incredibly valuable. We are not exploring properly the price elasticity of demand. In the word of real life cash there are many small transactions that occur every day. It would be a poorer world if we could not replicate the school bake sale where the purchaser is 7 and merchant 9. Duncan The reason I am here is I have followed the track of 28 systems. Some set of them have gone right into the ground. Nicko All the schemes seek the James Bond profile - they wanted to rule the world. So they failed the test of the playground and the cardboard box. I disagree with Andrew with his concept of flat rate. If you have a flat rate you could pay 10¢ a minute or $100 a month. If I can take an extreme example. The British domestic gas market is de-regulated. Customers used to have an account with British Gas. British Gas sends out 128M bills a year and the customers pay quarterly in arrears. New entrants are coming to the market. The only way they can compete with each other is to compete on the price of transactions. The largest cost is managing the customer account. If one could have networked meter where customers could pay as they go then you could cut out the cost. It could be a compelling economic case. So we don't have to think of the Internet as streaming video and download of video. The problem with beans is that the economic model is broken. You have to get the economics right. Richard: what can the 10 yr old sell on line for 10¢. Tim: The nine year old was a physical transaction. Mondex could have received 10¢ for each angel cake. (Is that a cupcake in the UK?) Richard: What about intangible goods? TIm: I see it in open source. What if you could charge 10¢ instead of open source being free? Right now we have two price points: free and widely high. Richard: Were you in the car with your daughter? Tim: I was driving a car. A week later I was at a Banker's cruise and I was the keynote and I told the story. And then one of the blokes in the car came up and was the driver? Drew: So when I was at security foundations Paul played hookie and we were at Italy and we needed to pay 1000 lira at a tollbooth. They took credit cards. I don't think the Italian government was paying a 25¢ overhead for that. Ron: Part of the transactions processing cost is fraud. As technology gets better the space for specialized transactions mechanisms decreases. Nicko: Credit card providers charge flat rate plus a percentage because they can. There is a fraud cost for the credit cards. There is a lower cost for the debit cards. Drew: It is highly amusing that CA has a $4 fee for any credit transaction because they don't want to figure out the fee. Paul: For the eight year old maybe she could sell her song for 10¢. That is a post-music model. The other thing is to reinforce this that they can live together for cell phones. I have paid per minute every single minute I have used on my cell phone and it works out for me. Nicko: In Europe the pay as you talk has passed the value of the subscription base. Andrew: Cell phone pricing had flat monthly rate and repaid plans. If you look at usage every day subscriber use is decreasing. We are looking at number of subscribers. So they are going for the marginal person. Users have overwhelmingly shifted to flat rate plan. This has caused a tripling when everyone else in the world is decreasing. The US is the world champion is wireless use per subscriber. per phone revenues are going. Tim: But per customer revenue will go down. But that does not mean that the average revenue for customer in the that set if going down. And there is a second major break on usage. And that is price point for pay as you talk is incredibly high compared with any steady state based on cost. This is in part based on transactions processing. Jean: Human management. Attention span. Andrew: There is evidence in it from the INDEX experiment (search terms: INDEX bandwidth Berkeley). I argue strongly for this in my paper. Another set of experiment that AT&T did was in the seventies on metered local rates. We did it on a state wide basis. Turned out that 70-80 who would have saved money for the metered rate hated it, because 1) insurance concept to know it is available to use if needed at no more cost 2) overestimate of usage. people overestimate their resources systematically 3) the hassle factor, they just did not want to worry about it for example just understanding it was hard for people. For example, people were played flat rate per call. There are too many choices and too much complexity. That is why flat rate is so good. Ron: If micropayments are going to pay it the ease of use has to be handled very well. Work by Dan Ariely at the Media Lab on micropayments talks about handling this. Tim: Jean has hit on a general issue on acceptance. Getting people to load some pot of money is terribly difficult. The prize strategically for those who could get people to do it is enormous. If you could do it you are suddenly in an extraordinary position like PayPal. PayPal got a certain amount of traction. Then EBay and Citibank all had a go and they all fell by the wayside because there was already an incumbent. So EBay ended up having to buy PayPal. The first set of corporations that can solve will find themselves starting with a small window. Duncan: People will not sign up for multiple payment systems. Only Paypal this morning pulled out. I would expect to see a large number of competing players so there must be very efficient settlement mechanisms so you there must be a very effective market for clearing. Richard: Can I make the case that 3% is competitive. Not that they are not making wads of money. It is easiest to ignore is that you have so many players and each of them absorbs some liability for what it does. If you don't have any players you don't have to worry about risk. Then there is the lenders' risk. The deal of the century is the global arbitration fee. Without that assurance neither you nor the merchant will give up your half. If a microcredit system is developed so that a million people lose their quarters, then that would be terrible. Duncan: There is a 90 day loss period where the arbitrate is huge. Adam: Micropayments can come in and be more effective Drew: If you have to download some software you lose 90% of your market. But micropayments have that problem. Adam: Paypal. Tim: Paypal is an extension of VISA to non-traditional merchants. PayPal is a B2B and C2B for non-traditional merchants. But the mobile phone companies have a very effective authorization mechanism. Ron: The future of micropayments is in M-space. Nicko: What about the great unbanked, people who cannot get credit. Ron: I think that is orthogonal. It depends upon how the system is built. Tim: Picking up Richard's point that the credit card world is a risk acceptance market. That is an interesting model that has done great things. But if you have a net connected world you can chain the transactions together and have settlement happen as the chain happens. I just offer it to spark thoughts in other folks. Current appliance delivery creates factory to distribution hub, management of hub, inter-hub transport, and hub to consumer. There is nothing in theory to prevent that from being a market that clears step by step instead of competing for the entire chain. Andrew: It will come on the back of mass transportation or cell phones. You already have something because it alone has value. It has to be added to one for those. Duncan: You have ot pay 250,000£ to talk to Mondex. We need a system that will start small, Ron: I have started a small company. PayPal shows that new mechanisms can work. We will grow the old-fashioned way based on demand. Paul: I agree with Andrew's conclusion but not with is inference. I say this as someone who buys rolls of gold dollars at the bank. The point I want to raise that this was supposed to be an illustration of the transitional threshold but that is not the case. But I talk to people in Europe in Canada. They are nostalgic for the era of bills. Bills have a superior interface - it is easier to carry 7 bills than 7 Nicko; The coin pound was accepted not only because ergonomics but because it was called a sovereign. That leveraged nostalgia. It was called a thatcher - it was thick, brassy and thought it was a sovereign.) Tim: Kuhnian paradigm shifts take decades. There are problems that ecash can solve like the queues in bars and it is impossible to purchase. He proposes a bar with vending machines where everything is on tap so there is no bar with a single point of failure. I strongly advocate dynamic vending machines so people pay for congestion. Using a smart card you can do a loyalty program and encourage ecash adoption. Yet that is in another mental space. Ron: Why is price discrimination impossible with micro payments? Andrew: Basically price discrimination is not incompatible with micropayments but it is harder. Most productive price discrimination is based on identity. That is a little harder for micropayments. Nicko closes an excellent panel. Security, Anonymity, and Privacy Session Chair: Gene Tsudik On the Economics of Anonymity Alessandro Acquisti, Roger Dingledine, and Paul Syverson Economics is about efficiency. Yet inefficiency is an inherent part of anonymity. Anonymity is a complex problem because of traffic issues users who use anonymous systems also provide anonymity to other users. That is users hide amongst each other thus by getting anonymity you provide anonymity. One solution to address this problem is for a large organization (corporation or government) to provide anonymity and require all its users. However, should this be used then any communication that is anonymous nonetheless comes from that organization. There are not yet decentralized trust algorithms, In economics consumers pay. Yet by its nature users of anonymity both use and provide anonymity. The hordes in coach are better off, privacy wise than the guys in first class. So the guys in first class have ot pay a premium for anonymity. Inefficiency costs that propagate back to the user chase users away. Usability is a critical usability suggestion. Under what conditions will a system with many players not implode? Public good with free riding. Yet in this case free riding is not strictly possible because inherent in the use of the system is providing anonymity to others. Thus those with great interest in anonymity could provide nodes and services. This is promising in that there is broad market support for low overhead services but inadequate support (at this time) for high cost anonymity. There is also the potential for altruistic agents. Public service entities Reputation and social capital may provide adequate awards (SETI @ home and remailer statistics). There can be an optimal level of free riding. An open problem is exit node liability. q: You were talking about free rides in that anonymous systems were providing free ride. IN p2p networks the sharing of files we can provide anonymous systems. Something like Kazaa could be used to optimize. Paul: Once you add the anonymity on top of it. You would have to add it for free. You get it because you are at GA Tech and you just want to do it. So there is free riding for users since it is bootstrapped in. Jean: Is the tendency of systems to implode a function of whether Metcalfe's Law applies (each free rider adds increasing value, the nth user adds n+1 value) or if it has decreasing returns so that as n gets large the value of the next ride is ever lower. Paul: We currently have existence results. That question could only be answered with analytic simulation. You would have to take a specific system and see how that plays out. Julian: Would there be a high correlation between value of anonymity and crime and this is a core problem? Are there legitimate users with high value? Don't you think the value if for the bad guy is a problem? Paul: But the bad guys can provide the resources for all the good guys. Stuart S: What about the value of concentrated trust in a case like ZKS where transparency allows for trust? Paul: You could do the same analysis for several nodes that you can do for one. Squealing Euros: Privacy Protection in RFID-Enabled Banknotes Ari Juels and Ravikanth Pappu Squealing is both a noise made by distressed animals and slang for exposure of private information. RFID radio frequency identification. Shows a picture like: : www.aurigintech.com/ smart-ID.gif at www.aurigintech.com/ Smart-ID-Auto.htm RFID tags are passive devices that identify themselves usually by simply shouting their identity. They have no battery but obtain temp power from the EMF produced by the reader. RFID tags will be the ubiquitous replacement for the bar code. Gillette has ordered half a billion. (This is because in retail drug stores razors are the most frequently stolen item.) Inventory control and failure rates of scans drive this interest. PRADA use described. Here is a PRADA description : www.aurigintech.com/ smart-ID.gif and he discusses the cases from the autoID http://www.autoidcenter.org/main.asp Pets from MA shelters now have RFIDs to locate lost kitties (thru a cat scan ha ha). (Ron Rivest's cat, Jack, has one so they call it the Lojack chip.) European Central Bank plans to put RFIDs in euro notes. Let me repeat that in case all the implications of suddenly non-anonymous cash are not clear: European Central Bank plans to put RFIDs in euro notes. Here are some bonus uses: -more efficient mugger (we offer detailed information about our purses) -viruses or attacks based on product choice ECB is prototyping advanced systems without public discussions. Then there is security by obscurity. Yet reverse engineering a RFID is fairly trivial. If you encrypt the serial number of the banknote then the encrypted ID becomes the serial number. What about LE access key? Then the tag broadcasts its jurisdiction information. This also requires extremely secure key. RFID have little or no processing power so crypto is not an option. What they have is the ability to control read and write access on the basis of static keys. Use and El Gamal system with group G of order q. Published generator g. Key generation public key is y, private x. Each note has a signed ciphertext number that can be re-encrypted upon bank use, some number is C=Ey[ID,r] One innovative idea in this is to restrict access by requiring physical optical access. So each note would have a printed number that provides access that allows reading. Shops currently have these. Thus illegitimate reprogrammers would have to have visual access. There can still be rogue readers. But using connectivity the supervision can be of the readers, so that each reader confirms that the previous reader has done its job correctly. Cloning attacks are still possible but it is more easily detected. Re-encrypted readers can be authenticated and makes tracking easier. Solution is not ideal but there is work in progress at RSA labs and in the EU. Nicko: A re-writable id is dangerous from from a forgery point of view. Could you now do something that does not require it given that you have hundreds of bits. You could generate many random bits in write-only and have a sequence number in the r/w system. Ari: That is a solution we are discussing. Adam: This might just be a investment wrt counterfeiting. delayed by travel: Retrofitting Fairness on the Original RSA-Based E-Cash Shouhuai Xu and Moti Yung If we have no anonymous cash maybe it's not a problem (that's a joke). review of Fairness in this framework means revocable anonymity when the user re-spends a coin. Fairness has been implemented in discrete log systems using both on-line and off-line trusted third parties. So the question of interest here is it possible to implement fairness using an off-line party and preserving the fundamental RSA scheme. Some systems have used (Chaum Fiat Naro Crypto '88) on which we can build. Review CFN 88 and simplify. 1: security parameter H, H1: hash functions 3, N: 3 is public exponent and N is bank secret Coins: x = H1(...), y = H(..) coin = {H (x1, y1) x .. x H(x.5I, y.5I)}^.33333333 mod N at least one (x,y) tuples valid You can view each pair as one-time Lomberg signatures. reveal signatures by showing x,y Use El Gamal with two generators to embed user key. TTP obtains user key. Provide that key to a trusted third party. During withdrawal the key of the trusted third party is made available to the bank. Coins can be traced to withdrawal sessions or all coins provided by one user. Bank is trusted only not to use customer's money but is not trusted not to abuse customer anonymity. TTP is trusted to revoke customer anonymity but is not trusted with customer's money. open research problems include unforgeability because hardness one-more-RSA inversion is not known and RSA-based revocation. 11:00 - 12:30 Attacks Session Chair: Andrew Odlyzko Cryptanalysis of the OTM signature scheme from FC'02 Jacques Stern and Julien Stern Authentication is proof by a user that he knows a secret. A proof may be transferable or not. Asymmetric systems require that no secret be exposed for authentication. Symmetric requires secret exposure or sharing for authorization but it is very fast. There is no such thing as symmetric signatures because the secrets must be shared. Symmetric authentication is in some ways superior to asymmetric authentication while asymmetric signatures are better (by definition) than the (nonexistent) symmetric signatures. First example: Access Control Some devices only need to grant access to authorized persons: example a car park reader. Symmetric: device contains all secretes Asymmetric: device need recognize access request secret 2nd: Access on Payment (toll booth) Symmetric: impossible because non-reputation is required Asymmetric: device contains only a public key and users perform costly operations What is needed is a pre-processing step where costly message-independent data are generated combined with a low-cost on-the-fly final step. on-line/off-line signatures Previous work: Schnorr 88: one modular multiplication 92, 96, 99 Girault et al: one regular multiplication 02 Okamoto et al: one modular reduction of a small number 90: Even et al.: one multiplication 01: Shamir: the core operation is one modular reduction of a very small number, extremely efficient and a small signature block produced Overview of the GPC protocol. The OTM scheme is a small change in terms of processing power from GPS. The number of messages is very low, except instead of r+e*s send r+e mod s. But the problem is that the reply step will not hold because there are limits on the size of the reply in the GPS protocol. So guess the part of e so that it is sufficiently small. So use the least significant bits of e. Pick a random r. Then compute x= g (truncated e) mod n We receive the challenge and check our guess. Repeat as necessary. OTM is not inherently flawed. But the parameters were too small to prevent effective attack. If the parameters size of the key, the number of digits in e, and challenge size are increased then the system becomes secure against guessing attacks. So how does this change the parameters? With correct parameters OTM authentication still is 100 bits smaller than GPS However: OTM requires a modular reduction of 320 bits by 160 bits GPS requires a regular multiplication This means GPS is twice as fast as OTM. dovetailing (r,e) wrt x Add r to a small multiple of s so the least bits or r are equal to e If the core operation in OTM is replaced by dovetailing this requires another verification check then this requires three verification operation. Implementation is a simple loop. Using dovetailing with increased OTM parameters the implementation can be as efficient as GPS. "Man in the Middle" Attacks on Bluetooth Dennis KŸgler Attacks: unit keys are used for eavesdropping and impersonation (aka cloning) PIN guessing: used for recovering link key Cipher is weak. Privacy: device tracking is possible. Add to these the man in the middle attack. These are based on page hopping and channel hopping sequence. This is based on a slave ID and clock setting. So this is a periodic sequence of 32 frequencies. Channel hoping is used for communication. Page requests consists of master repeatedly sending slave ID. Slave scans for own id. SLave sends an ID packet in response. Master sends FHS. Slave resends ID. So all the attacker has to do is respond more quickly than the slave, and then reconnect the slave using the same master id but a different offset so the slave and master do not detect each other. If slave and attacker respond at the same time the communications is jammed. Then only the attacker repeats, because only the attacker understands what happened. Another attack: Since the initiation is a 3 way handshake, the attacker can use the half-open connection to generate a timeout so the slave ceases scanning. (Attacker initiates with slave ID). Another think is master clock is sued for both frequency hopping and cipher initiation. It is possible to inject a Man in the middle during an encrypted communication due to cipher weaknesses and the information in the packet header. Since the same information is used for encryption and decryption it is possible to insert altered packets. Compare this with other attacks. Jakobsson-Wetzel establish a connection to both devices and pretend to be the other device this attack fails if encryption is turned on or one device is non-connectable (because the attacker becomes master and both victims must be slaves). This attack can be expanded using the techniques here to implement an attack when one attack is the master. Proposed solutions are end-to-end security => integrating mac in every packet. Or wired equivalent security which requires point-to-point security. Even with this the cipher is based on the clock. Inherent in frequency hopping is the ability to create mis-synchronization. Encryption is needed, with full synchronization including frequency synchronization. Unencrypted packet headers with important ACK information are a problem. Nicko: Your conclusion should be if you want to use Bluetooth for finance the encryption should be in the application layer A; You should use SSL equivalent. Nicko: My sell phone has a decent amount of computing power. You should not reply on transport for financial cryptography. A; Both are required. And the power limits of the mobile devices must be acknowledged. Fault based cryptanalysis of the Advanced Encryption Standard (AES) Johannes Blšmer and Jean-Pierre Seifert This includes fault attacks and errors, physical fault generation. For the AES specifically the time operation is vulnerable. An investigation of an unskilled textbook implementation vulnerable to attack by fault generation. Fatal attacks on DEX include breaking a sealed tamper-proof device and putting in wrong ciphertext. To begin an description of what a fair smart card attacker might do to alter and disturb the calculation by altering only the external contacts. An attacker can vary the voltage input and, if it does not cause a card reset. However, the power supply is assumed to suffer from natural spikes. For each card there is a range of parameters that would cause a faulty output that would be, for example, generating an extended pulse that does not spike quickly but rather increases the input some voltage about the specified tolerance but not so high as to reset, say 118% expected voltage. Similarly with the clock can be finely tuned the execution can be altered by causing the CPU to omit instructions. Concentrated optical attacks (for example a focused camera flash) on the right places on a controller it is possible to alter any bit of an EPROM by altering the CMOS path (remember c means complementary) to creating a lower resistance channel on the preferred path. This requires removing the surrounding casing but not physical contact. Another attack uses a inductor to read the events occurring inside the smart card. By charging the inductor (also known as an active coil) the reverse can be true -- you can use the coil to cause events inside the chip. He offers a nice table for attacks on smart cards. This is all of interest because AES is most commonly implemented on bank smartcards using 8 bit CPUs. The speaker illustrates how the general smart card attacks can be used on the most common implementation of AES. For example, using timing attacks critical steps in AES in particular critical XOR operations is that the ciphertext is quite weak. The concern is that counteracting fault attack is usually done by some naive countermeasures. Hardware manufacturers should be aware and use: carefully developed logic families, sensors for light and temperature, etc. Only such hardware countermeasures can counteract the source of the attack because once the attack has been made trying to defend against it by calculations is not feasible. 14:00 - 15:30 Panel: Economics of Security Moderator: L. Jean Camp Participants: Drew Dean (SRI), Andrew Odlyzko (University of Minnesota) and Stuart Schechter (Harvard) Do we spend enough on electronic security? How can we judge when we are spending too much? Is there any way to evaluate expenditure? Is the value of cryptography subject to economic measurement? Economics of Security Panel Notes 1/28/03 Jean Camp, moderator Notes by Rebecca Wright Panelists: Drew Dean Andrew Odlyzko Stuart Schechter Initial presentations Brief intro from Jean: what is security market? Andrew Odlyzko We are techies, used to formal models. Most people are not as sophisticated, and need simpler explanations and descriptions. Example: Honor System Virus This virus works on the honor system. Please forward this message to everyone you know and then delete all the files on your hard disk. Thank you for your cooperation. This is a joke to us, but close to something that happens in reality. Also, necessary to recognize needs of organizations and people in organizational contexts. Example: a major problem with secure systems is that secretaries could not forge their bosses' signatures. When systems that require this are implemented, bosses share their passwords with their signatures. Similarly, adoption of provably secure time-stamping systems does not work well with intuitive flexible ideas that back-dating is appropriate in some cases. Delegation: ask neighbor - please let the plumber in to fix the leaky faucet. Expectations: let the plumber in. If related business occurs, like electrician shows up, can probably let the electrician in. But if electrician and plumber start taking out your furniture, your neighbor would probably call you or the police. A certain amount of human judgment is expected. (This is why you don't ask your neighbor's 6 year old.) Intentional ambiguity: proposed SEC rule alternate wordings. The desire for human and ambiguousness can limit the adoption of security technologies. Example of successful adoption of security technologies: HP9000 After market Rampup (graph). Printer manufacturers make the money on the toner cartridges more than the printers themselves. Competitors can also make compatible toner cartridges. Printer manufacturers have started to put security measures in to prevent/slow other manufacturers. Very quantifiable example. He thinks we'll see more examples like this: manufacturers using very specific solutions to improve answer to specific question. Speed bumps on the information superhighway. Cp - criminals will always find a way to make money. Security can be a speed bump to slow them down. (Rather than provably or certifiably secure systems.) Also cp - use of vaccinations, where a small percentage of vaccinations in the population can make a dramatic difference in lowering the spread of a disease. Stuart Schechter Measuring Security: are we spending enough on security? What we don't know: How secure is a system? What we're getting for our money What we would get if we spent more What we mean by security, anyway? As a result, we spend too much on some systems and too little on others. Why measure? Determine which systems/components incur the most risk. Build/purchase systems that are more secure. Measure risk (essential to getting better insurance rates) The security process: figure. Scope of this talk: measure security What is security? Process of inhibiting those who would attack your valuables (i.e. make it harder, like the speed bumps Andrew discussed). Measuring difficulty: social sciences may be helpful here. Prices can be useful as a measure of difficulty as a cost. How hard is it for a society to make certain things happen? The Market Assumption A market for vulnerabilities will emerge when one individual finds it easier to find one, the other has more to gain from doing so. If you pay a fixed price to find a flaw, the adversary could do it too. The security or robustness of a system against a mode of failure can eb measured economically, in units of dollars. Ie, the market price to find a flaw. Security fails in different ways or failure modes - how system failure can be induced, what is lost. Different sites have different requirements as different 'valuables' are there with different implications of different kinds of failure. Must measure two products against same mode of failure in order to compare which is better (figure). Bounding security Placing an upper bound (e.g. on competitors system): offer to sell a vulnerability. Offering price is upper bound until vulnerability fixed. Placing a lower bound (e.g. on your own system): offer to buy all vulnerabilities offered at a given price. Opportunity cost bounds security. BUT this can be very expensive if the system isn't secure. Security experts are regularly asked: which product is more secure? If we can agree on a measure of security, companies may invest in using it. Need to establish trust between buyers and sellers - must actually deliver money in above scenarios. Drew Dean On the economics of computer security Thesis: High assurance, secure systems are luxury goods. Look at how they are built: Lovingly crafted by hand by Math/CS PhD:s Fewer features than mass market systems Slower to market Extremely expensive Only appeal to a small niche These are features of luxury goods, not mass market goods. Market-wise, you get trapped in a feedback cycle: Assurance isn't a checkbox feature Hard to tell if you have it Difficult to explain to customers Result: little demand, small market, high unit prices Options w/formal methods (graph) cost x assurance for different formal methods We're now in the lower left hand corner (low cost methods, low assurance results). We don't need to get all the way to the upper right hand corner (high cost methods, high assurance results). B