_/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/_/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/_/ _/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/ ============================================================================ Newsletter of the IEEE Computer Society's TC on Security and Privacy Electronic Issue 129 November 23, 2015 Hilarie Orman, Editor Sven Dietrich, Assoc. Editor cipher-editor @ ieee-security.org cipher-assoc-editor @ ieee-security.org Richard Austin Yong Guan Book Review Editor Calendar Editor cipher-bookrev @ ieee-security.org cipher-cfp @ ieee-security.org ============================================================================ The newsletter is also at http://www.ieee-security.org/cipher.html Cipher is published 6 times per year Contents: * Letter from the Editor * Commentary and Opinion and News o Richard Austin's review of "Cyber-Physical Attacks: A Growing Invisible Threat", by George Loukas o News - The newest inductees in the National Computer Security Hall of Fame - Data, data, who's got your data? - Cyberinsecurity opens door to terrorism - Complexity Secures the US Energy Grid? - Pandas, Stop Hacking Us! - Soured Apple Apps - The Cybersecurity Bill that May Never Be - Roses are Red, Violets are Blue, My Favorite Password is Dreaming of You - Technology FAQs for Terrorists o Book reviews, Conference Reports and Commentary and News items from past Cipher issues are available at the Cipher website * List of Computer Security Academic Positions, by Cynthia Irvine * Conference and Workshop Announcements o Upcoming calls-for-papers and events * Staying in Touch o Information for subscribers and contributors o Recent address changes * Links for the IEEE Computer Society TC on Security and Privacy o Becoming a member of the TC o TC Officers o TC publications for sale ==================================================================== Letter from the Editor ==================================================================== Dear Readers: At the end of this year, Ulf Lindqvist of SRI becomes the chair of the IEEE Computer Society's Technical Committee on Security and Privacy (TCSP), the sponsoring organization of this newsletter. He takes the reins from Patrick McDonald, who has overseen the amazing growth of the flagship conference and its workshops. The incoming vice chair is Sean Peisert. The new inductees into the US Computer Security Hall of Fame include long-time TCSP contributor Cynthia Irvine of the Naval Postgraduate School. Our news section has a link to the website where you can read a summary of her contributions to the field, and those of the other notable inductees for 2015. Cipher offers its congratulations to these pioneers. A book about cyberphysical attacks is the subject of this issue's book review by Richard Austin, and it is the subject of one of our news links about attacks on the US energy grid. It is increasingly difficult to separate cyber from physical these days, and our notions of "security" in any form must adapt to include the computer components --- they are always there. Recent terroristic events around the world may take us into a very different kind of computer security future. Our debates about privacy, about the purpose of security technology, and about the two-edged sword of world-wide communication all have the spectre of violence backlighting the discussions. Our challenge is to develop technology that keeps the adversarial advantage with the good side. The fault is not in our software nor our networks, But in ourselves, that we cannot stop using them. Hilarie Orman cipher-editor @ ieee-security.org ==================================================================== Commentary and Opinion ==================================================================== Book reviews from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/BookReviews.html, and conference reports are archived at http://www.ieee-security.org/Cipher/ConfReports.html ____________________________________________________________________ Book Review By Richard Austin 11/17/2015 ____________________________________________________________________ Cyber-Physical Attacks: A Growing Invisible Threat by George Loukas Butterworth-Heinemann 2015. ISBN ISBN 978-0-12-801290-1 The media is ahype (a new word that you saw here first) with the wondrous benefits and opportunities that will come from connecting everything to everything else via the Internet. Self-parking cars, refrigerators that automatically restock, new medical appliances, etc. However, there is a darker side which reflects the focus on convenience, features and safety to the neglect of security. While I've reviewed other books dealing with embedded systems and IoT security, Loukas generalizes the subject to cyber-physical attacks which he defines as breaches in cyberspace that adversely affect physical space (p.12). This is an interesting change in viewpoint as it shifts the target from information or services to effects in physical space. Just to get this out of the way, Loukas's book is a textbook and is written for students and non-experts (p. 16) not seasoned security professionals, so there is a lot of introductory text and tutorial material. However, most security professionals have little familiarity with embedded systems, SCADA systems, etc., so the tutorial material on these subjects is more than welcome. My advice is to ignore what you already know and focus on the material that is new to you. Loukas opens his presentation with a good introduction to the "Cyber-Physical" world (chapter 1) that introduces the concepts and terminology used in later sections of the book. A gem is the security-relevant definition of embedded systems as "computers masquerading as non-computers" (p. 7). He also provides a useful distinction between the "IoT" and "cyber-physical systems" by noting that the IoT focusses on "machine to machine communication" while cyber-physical systems focus on "interaction with the environment" (p. 9). Chapter 2 ("A History of Cyber-Physical Incidents") provides grim reminders that this is not merely an academic discussion as there have already been incidents in the wild. I was disappointed to see him mention the infamous "Siberian pipeline explosion" as an example (p. 23) but he does note that it may or may not have occurred. Of special note is the timeline of cyber-physical security incidents on p. 55. The next two chapters delve deeply into the workings of cyber-physical attacks on implants and vehicles (Chapter 3) and industrial control systems (Chapter 4). These chapters introduce the essential technologies used in the different classes of devices and how they can be tampered with to produce real-world effects. Equally important is that the reader starts to get a feel for the background behind the sometimes poor security-relevant decisions. For example, a weak encryption solution was deployed because the capacity overhead for a better one was thought prohibitive (p.99). Understanding these decision factors is critical for our profession if we are ever going to provide credible guidance to the teams designing these systems. Chapter 5 (Cyber-Physical Attack Steps) provides a good overview of how an attack is mounted. Some of the steps (e.g., reconnaissance) will be familiar but there is much more exotic material (e.g., the concept of sleep deprivation applied to battery powered devices that use a sleep mode for recharging, p. 175). Of particular note are the many tables of entry points for attacks on various cyber-physical systems ranging from insulin pumps to smart homes. After a solid grounding in how bad the situation currently is, Chapter 6 (Protection Mechanisms and Secure Design Principles) provides guidance on how to make things better. Though some concepts such as authentication may be familiar, Loukas provides solid coverage of the "complications" involved in using them in the cyber-physical world. For example, we usually don't think in terms of being constrained by available battery power in designing our security measures but resource constraints are a fact of life in cyber physical systems. Loukas notes (p. 211) that if a security measure consumes a lot of battery power in its operation, we've actually expanded the attack surface if an adversary can arbitrarily trigger the security measure. Chapter 7 (Physical-Cyber Attacks) turns the subject around by examining what types of things can be done in the physical realm that achieve cyber effects. An obvious example would be physical destruction of some piece of cyber infrastructure. However, Loukas describes less obvious attack vectors such as power analysis and other methods for exploiting the emanations from an operating device. In general, there's pretty broad consensus that there is a train-wreck coming in the area of cyber-physical systems because of the little attention being paid to security in this area. It's even pretty common for security professionals to joke around the coffee pot about the "stupidity" of engineers who deploy network-connected systems without even rudimentary defenses. However, if we're going to prevent the coming train-wreck, we're going to have to learn how to talk to the people designing these systems and they speak a different language than us. Loukas' book goes a long way toward equipping the security professional to enter this mysterious world and begin to effectively interact with its denizens. Definitely a recommended read. As this is the last review of 2015, I wish you and yours a joyous holiday season followed by a healthy, happy and prosperous 2016! ---------------------- It has been said "Be careful, for writing books is endless, and much study wears you out" so Richard Austin fearlessly samples the latest offerings of the publishing houses and opines as to which might most profitably occupy your scarce reading time. He welcomes your thoughts and comments via raustin at ieee dot org ==================================================================== News Briefs ==================================================================== News briefs from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/NewsBriefs.html --------------- Cybersecurity Hall of Fame Inductees http://www.cybersecurityhalloffame.com/ Congratulations to Cynthia Irvine, Jerome Saltzer, Ron Ross, Steve Lipner, and Susan Landau on being honored by the National Cybersecurity Hall of Fame for their numerous contributions to computer security research, policy, and practice. --------------- Data, data, who's got your data? Data Transfer Pact Between U.S. and Europe Is Ruled Invalid http://www.nytimes.com/2015/10/07/technology/european-union-us-data-collection.html The New York Times By Mark Scott Oct. 6, 2015 Summary: The US and Europe have several data-sharing agreements in place. Recently, a European court ruled that one of them gives US authorities nearly unfettered access to the private data of Europeans using online services, such as Facebook. This violates European privacy laws. The decision cannot be appealed. The response by European data providers and Internet companies is being weighed. --------------- Cyberinsecurity opens door to terrorism https://www.washingtonpost.com/world/national-security/in-a-first-us-charges-a-suspect-with-terrorism-and-hacking/2015/10/15/463447a8-738b-11e5-8248-98e0f5a2e830_story.html U.S. accuses hacker of stealing military members' data and giving it to ISIS The Washington Post By Ellen Nakashima Oct 16, 2015 Summary: A Kosovo citizen is accused of using hacking techniques to compile a database of personal information regarding over 1000 members of the US military and other government segments. The information may have been share with an Islamic State member for the purpose of attacking these people. The information was obtained from an online retail service. --------------- Complexity Secures the US Energy Grid? http://money.cnn.com/2015/10/15/technology/isis-energy-grid/index.html ISIS is attacking the U.S. energy grid (and failing) CNN Money By Jose Pagliery Oct 16, 2015 Summary: GridSecCon, held by the North American Electric Reliability Corporation, featured a talk by a Homeland Security official. The overall message was that the US power grid, while short on security, is high on obscurity, making it difficult to use generic methods to attack it. The bad news is that it is constantly under attack. --------------- Pandas, Stop Hacking Us! http://www.nytimes.com/2015/10/20/technology/cybersecurity-firm-says-chinese-hackers-keep-attacking-us-companies.html Cybersecurity Firm Says Chinese Hackers Keep Attacking U.S. Companies The New York Times By Paul Mozur Oct 19, 2015 Summary: In October the US and China announced a agreement to stop hacking commercial sites in order to steal intellectual property. The US compandy Crowdstrike says that hacks against pharmaceutical companies have continued unabated. They call the perpetrator group "Deep Panda". Perhaps the ballyhooed agreement has no teeth. [We note that pandas are vegetarian]. --------------- Soured Apple Apps http://money.cnn.com/2015/10/19/technology/apple-app-store/index.html Apple bans hundreds of iPhone apps that secretly gathered personal info CNN Money Oct. 19, 2015 By David Goldman Summary: Apple has been dealing with a spate of privacy encroaching apps, and in some cases, the app developers were unaware of the behavior. As a result, Apple has banned a large number of apps. An SDK that was widely used surreptiously stole user info and uploaded it to a server. In another case, encrypted communication was revealed without authorization. --------------- The Cybersecurity Bill that May Never Be https://www.washingtonpost.com/news/powerpost/wp/2015/10/22/cybersecurity-bill-advances-in-senate-but-hurdles-remain/ Cybersecurity bill advances in Senate, but hurdles remain The Washington Post Oct 22, 2015 Karoun Demirjian Summary: The US Senate has approved its version of a controversial cybersecurity bill. The bill is meant to make it easier for US companies to share attack information with the US government, and vice versa. The details of that sharing have raised questions, as has the overall premise that it will improve cybersecurity. --------------- Roses are Red, Violets are Blue, My Favorite Password is Dreaming of You http://www.washingtonpost.com/news/wonkblog/wp/2015/10/22/these-researchers-have-discovered-the-perfect-password-thats-also-easy-to-remember/ These researchers have discovered the perfect password that's also easy to remember The Washington Post By Ana Swanson Oct 22, 2015 Summary: Researchers Marjan Ghazvininejad and Kevin Knight of the University of Southern California have come up with a combination of art and psychology that might lead to a revolution in memorable passwords. It is difficult to create a password that sticks in a person's mind because memory, at least without extensive training, is limited and unreliable. A good password has to be fairly long to have enough entropy to survive random guessing by an opponent. Rhymes, though, have long been recognized as aids to memorization. The recently published paper by the researchers shows that doggerel can be used as a secret password. --------------- Technology FAQs for Terrorists http://money.cnn.com/2015/11/18/technology/isis-jihad-help-desk/index.html Top questions asked on the ISIS 'Help Desk' CNNMoney By Erica Fink and Laurie Segall Nov 21, 2015 Summary: A group of IT specialists is available to help ISIS followers who need help with staying under the radar of law enforcement. Some of the most frequently fielded questions seem related to the sort of privacy preserving practices that any Internet user might want. Most are about security communication using encrypted services. ==================================================================== Listing of academic positions available by Cynthia Irvine ==================================================================== New since Cipher E128: Posted Nov 2015 Rochester Institute of Technology Rochester, New York Multiple full-time tenure-track/tenured positions in Cybersecurity The review of applications begins November 15, 2015 and will continue until positions are filled. https://www.rit.edu/gccis/computingsecurity/open-positions Posted Nov 2015 Department of Computer Science, Naval Postgraduate School Monterey, California, USA Tenure Track Assistant Professor Open until filled http://www.nps.edu/About/Jobs/Docs/Cyber%20Security_Announcement_2015%20HERC%20(updated).pdf Posted Oct 2015 Lancaster University, UK (Security Research Centre) Lancaster, UK Two Post-Doctoral Positions in Security of Cyber-Physical Systems Deadline for applications: 04 Nov, 2015 https://hr-jobs.lancs.ac.uk/Vacancy.aspx?ref=A1371 https://hr-jobs.lancs.ac.uk/Vacancy.aspx?ref=A1368 Posted Sep 2015 Lancaster University, UK (Security Research Centre) Lancaster, UK PhD Studentship - Human Factors in Security of Cyber-Physical Systems under Attack Deadline for applications: 15 Nov, 2015 http://www.jobs.ac.uk/job/AMA717/phd-studentship-human-factors-in-security-of-cyber-physical-systems-under-attack/ -------------- http://cisr.nps.edu/jobscipher.html This job listing is maintained as a service to the academic community. If you have an academic position in computer security and would like to have in it included on this page, send the following information: Institution, City, State, Position title, date position announcement closes, and URL of position description to: irvine@cs.nps.navy.mil -------------- From L Jean Camp https://indiana.peopleadmin.com/postings/1695 We are hiring a tenured or tenure track faculty in Security Informatics at Indiana!!! Security informatics is interdisciplinary computer security. Research which connects with other Informatics groups is highly desirable (e.g., HCI, data science, social informatics, complex systems, or health informatics). We are a college town with a great security group. Bloomington punches above its weight, with an opera season, a ballet season, an off-Broadway season, four symphonic orchestras, four university stand-alone museums, and an annual world-class music festival. ****** Official Announcement ********** The School of Informatics and Computing (SoIC) at Indiana University Bloomington invites applications for a faculty position in Security Informatics. The position is open at all levels (assistant, associate, or full professor). Duties include teaching, research, and service. Applications are welcome from information and computer scientists in a wide range of areas including but not limited to usable security, human-centered design, identity, social informatics of security, and design for privacy. Applicants should have an established record (for senior level) or demonstrable potential for excellence (for junior level) in research and teaching, and a PhD in a relevant area or (for junior level) expected before 8/2016. The SoIC is the first of its kind and among the largest in the country, with unsurpassed breadth. Its mission is to excel and lead in education, research, and outreach spanning and integrating the full breadth of computing and information technology. It includes Computer Science, Informatics, and Information and Library Science, with over 100 faculty, 900 graduate students, and 1500 undergraduate majors on the Bloomington Campus. It offers PhDs in Computer Science, Informatics, and Information Science. Bloomington is a culturally thriving college town with a moderate cost of living and the amenities for an active lifestyle. Indiana University is renowned for its top-ranked music school, high-performance computing and networking facilities, and performing and fine arts. ==================================================================== Conference and Workshop Announcements ==================================================================== ==================================================================== Upcoming Calls-For-Papers and Events ==================================================================== The complete Cipher Calls-for-Papers is located at http://www.ieee-security.org/CFP/Cipher-Call-for-Papers.html The Cipher event Calendar is at http://www.ieee-security.org/Calendar/cipher-hypercalendar.html Cipher calendar entries are announced on Twitter; follow ciphernews ____________________________________________________________________ Cipher Event Calendar ____________________________________________________________________ 11/27/15: ASIACCS, 11th ACM Asia Conference on Computer and Communications Security, Xi'an, China; http://meeting.xidian.edu.cn/conference/AsiaCCS2016/home.html Submissions are due 11/27/15: SPT-IOT, 1st IEEE PERCOM Workshop on Security, Privacy and Trust in the Internet of Things, Held in conjunction with IEEE PERCOM 2016, Sydney, Australia https://sites.google.com/site/sptiot2016/home Submissions are due 11/30/15: ACM Transactions on Internet Technology, Special Issue on Internet of Things (IoT): Secure Service Delivery http://toit.acm.org/CfP/ACM-ToIT-CfP-IoT-Security.pdf Submissions are due 11/30/15: PETS, 16th Privacy Enhancing Technologies Symposium, Darmstadt, Germany; http://petsymposium.org/ Submissions are due 12/ 1/15: IWSPA, International Workshop on Security And Privacy Analytics, Co-located with ACM CODASPY 2016, New Orleans, LA, USA; http://capex.cs.uh.edu/?q=content/international-workshop-security-and-privacy-analytics-2016 Submissions are due 12/ 1/15: SDN-NFV Security, ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, Co-located with ACM CODASPY 2016, New Orleans, LA, USA; http://honeynet.asu.edu/sdnnfvsec2016/; Submissions are due 12/ 5/15: CPSS, 2nd ACM Cyber-Physical System Security Workshop, Held in conjunction with ACM AsiaCCS 2016 Conference, Xi'an, China; http://icsd.i2r.a-star.edu.sg/cpss16/ Submissions are due 12/ 6/15-12/10/15: Globecom-CISS, IEEE Globecom 2015, Communication & Information System Security Symposium San Diego, CA, USA; http://globecom2015.ieee-globecom.org/sites/globecom2015.ieee-globecom.org/files/u42/GC15_TPC_CFP_CISS_-_Communication_&_Information_System_Security.pdf 12/ 7/15-12/11/15: ICSS, Industrial Control System Security Workshop, Held in conjunction with 31st Annual Computer Security Applications Conference (ACSAC), Los Angeles, California, USA; http://acsac.org/2015/workshops/icss/ 12/ 8/15-12/12/15: CANS, 14th International Conference on Cryptology and Network Security, Morocco, Marrakesh; http://www.cans2015.org/ 12/15/15: Cybersecurity, Cybersecurity Symposium, Coeur d'Alene, Idaho, U.S.A; http://www.cybersecuritysymposium.com; Submissions are due 12/16/15-12/20/15: ICISS, 11th International Conference on Information Systems Security Kolkata, India; http://www.iciss.org.in 12/24/15: IFIP SEC, 31th IFIP TC-11 SEC 2016 International Information Security and Privacy Conference, Ghent, Belgium; http://ifipsec.org/2016/ Submissions are due 1/ 4/16- 1/ 6/16: IFIP119-DF, 12th IFIP WG 11.9 International Conference on Digital Forensics, New Delhi, India; http://www.ifip119.org 1/15/16: BioSTAR, International Workshop on Bio-inspired Security, Trust, Assurance and Resilience, Co-located with 37th IEEE Symposium on Security and Privacy (IEEE S&P 2016), San Jose, CA, USA; http://biostar.cybersecurity.bio/ Submissions are due 1/15/16: MOST, Workshop on Mobile Security Technologies, Co-located with 37th IEEE Symposium on Security and Privacy (IEEE S&P 2016), San Jose, CA, USA; http://ieee-security.org/TC/SPW2016/MoST/cfp.html Submissions are due 1/27/16: ACNS, 14th International Conference on Applied Cryptography and Network Security, London, United Kingdom; http://acns2016.sccs.surrey.ac.uk/ Submissions are due 1/29/16: LASER, 4th Workshop on Learning from Authoritative Security Experiment Results, Co-located with 37th IEEE Symposium on Security and Privacy (IEEE S&P 2016), San Jose, CA, USA; http://2016.laser-workshop.org/ Submissions are due 2/ 1/16: WTMC, International Workshop on Traffic Measurements for Cybersecurity, Co-located with 11th ACM Asia Conference on Computer and Communications Security (AsiaCCS 2016) Xi'an, China; http://wtmc.info; Submissions are due 2/12/16: IoTPTS, 2nd ACM International Workshop on IoT Privacy, Trust, and Security, Co-located with 11th ACM Asia Conference on Computer and Communications Security (AsiaCCS 2016) Xi'an, China; https://sites.google.com/site/iotpts2016/; Submissions are due 2/19/16- 2/21/15: ICISSP, 2nd International Conference on Information Systems Security and Privacy Rome, Italy; http://www.icissp.org/ 2/21/16- 2/24/16: NDSS, Network and Distributed System Security Symposium, San Diego, California, USA; http://www.internetsociety.org/events/ndss-symposium-2016 2/24/16- 2/26/16: PQCrypto, 7th International Conference on Post-Quantum Cryptography Fukuoka, Japan; https://pqcrypto2016.jp/ 2/29/16: PETS, 16th Privacy Enhancing Technologies Symposium, Darmstadt, Germany; http://petsymposium.org/ Submissions are due 3/ 1/16: SECRYPT, 13th International Conference on Security and Cryptography, Lisbon, Portugal; http://www.secrypt.icete.org Submissions are due 3/ 9/16- 3/11/16: CODASPY, 6TH ACM Conference on Data and Application Security and Privacy New Orleans, LA, USA; http://www.codaspy.org 3/11/16: IWSPA, International Workshop on Security And Privacy Analytics, Co-located with ACM CODASPY 2016, New Orleans, LA, USA; http://capex.cs.uh.edu/?q=content/international-workshop-security-and-privacy-analytics-2016 3/11/16: SDN-NFV Security, ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, Co-located with ACM CODASPY 2016, New Orleans, LA, USA; http://honeynet.asu.edu/sdnnfvsec2016/ 3/14/16- 3/18/16: SPT-IOT, 1st IEEE PERCOM Workshop on Security, Privacy and Trust in the Internet of Things, Held in conjunction with IEEE PERCOM 2016, Sydney, Australia; https://sites.google.com/site/sptiot2016/home 3/21/16- 3/24/16: EuroSP, 1st IEEE European Symposium on Security and Privacy, Congress Center Saar Saarbrucken, Germany; http://www.ieee-security.org/TC/EuroSP2016/ 3/23/16- 3/25/16: INTRICATE-SEC, 4th International Workshop on Security Intricacies in Cyber-Physical Systems and Services, Held in conjunction with the 30th International Conference on Advanced Information Networking and Applications (AINA-2016), Crans-Montana, Switzerland; http://infosec.cs.uct.ac.za/INTRICATE-SEC/ 3/31/16: IWSEC, 11th International Workshop on Security, Tokyo, Japan; http://www.iwsec.org/2016/; Submissions are due 4/ 6/16- 4/ 8/16: ESSoS, International Symposium on Engineering Secure Software and System University of London, London, UK; https://distrinet.cs.kuleuven.be/events/essos/2016/calls-papers.html 4/19/16- 4/20/16: Cybersecurity, Cybersecurity Symposium, Coeur d'Alene, Idaho, U.S.A; http://www.cybersecuritysymposium.com 5/ 5/16- 5/ 7/16: HOST, IEEE International Symposium on Hardware Oriented Security and Trust Washington DC, USA; http://www.hostsymposium.org 5/23/16- 5/25/16: SP, 37th IEEE Symposium on Security and Privacy, San Jose, CA, USA; http://www.ieee-security.org/TC/SP2016/ 5/26/16: SPW, Security and Privacy Workshops, Held in conjunction with the 37th IEEE Symposium on Security and Privacy (SP 2016), San Jose, CA, USA; http://www.ieee-security.org/TC/SP2016/cfworkshops.html 5/26/16: BioSTAR, International Workshop on Bio-inspired Security, Trust, Assurance and Resilience, Co-located with 37th IEEE Symposium on Security and Privacy (IEEE S&P 2016), San Jose, CA, USA; http://biostar.cybersecurity.bio/ 5/26/16: MOST, Workshop on Mobile Security Technologies, Co-located with 37th IEEE Symposium on Security and Privacy (IEEE S&P 2016) San Jose, CA, USA; http://ieee-security.org/TC/SPW2016/MoST/cfp.html 5/26/16: LASER, 4th Workshop on Learning from Authoritative Security Experiment Results, Co-located with 37th IEEE Symposium on Security and Privacy (IEEE S&P 2016) San Jose, CA, USA; http://2016.laser-workshop.org/ 5/30/16: WTMC, International Workshop on Traffic Measurements for Cybersecurity, Co-located with 11th ACM Asia Conference on Computer and Communications Security (AsiaCCS 2016), Xi'an, China; http://wtmc.info 5/30/16: IoTPTS, 2nd ACM International Workshop on IoT Privacy, Trust, and Security, Co-located with 11th ACM Asia Conference on Computer and Communications Security (AsiaCCS 2016) Xi'an, China; https://sites.google.com/site/iotpts2016/ 5/30/16- 6/ 1/16: IFIP SEC, 31th IFIP TC-11 SEC 2016 International Information Security and Privacy Conference Ghent, Belgium; http://ifipsec.org/2016/ 5/31/16- 6/ 3/16: ASIACCS, 11th ACM Asia Conference on Computer and Communications Security, Xi'an, China; http://meeting.xidian.edu.cn/conference/AsiaCCS2016/home.html 5/31/16: CPSS, 2nd ACM Cyber-Physical System Security Workshop, Held in conjunction with ACM AsiaCCS 2016 Conference, Xi'an, China; http://icsd.i2r.a-star.edu.sg/cpss16/ 6/19/16- 6/22/16: ACNS, 14th International Conference on Applied Cryptography and Network Security, London, United Kingdom; http://acns2016.sccs.surrey.ac.uk/ 7/19/16- 7/22/16: PETS, 16th Privacy Enhancing Technologies Symposium, Darmstadt, Germany; http://petsymposium.org/ 7/26/16- 7/28/16: SECRYPT, 13th International Conference on Security and Cryptography, Lisbon, Portugal; http://www.secrypt.icete.org 9/12/16- 9/14/16: IWSEC, 11th International Workshop on Security, Tokyo, Japan; http://www.iwsec.org/2016/ ____________________________________________________________________ Journal, Conference and Workshop Calls-for-Papers (new since Cipher E128) ___________________________________________________________________ ASIACCS 2016 11th ACM Asia Conference on Computer and Communications Security, Xi'an, China, May 31 - June 3, 2016. (Submissions Due 27 November 2015) http://meeting.xidian.edu.cn/conference/AsiaCCS2016/home.html Building on the success of ACM Conference on Computer and Communications Security (CCS) and ACM Transactions on Information and System Security (TISSEC), the ACM Special Interest Group on Security, Audit, and Control (SIGSAC) formally established the annual ACM Symposium on InformAtion, Computer and Communications Security (ASIACCS). The inaugural ASIACCS was held in Taipei (2006). Since then ASIACCS has been held in Singapore (2007), Tokyo (2008), Sydney (2009), Beijing (2010), Hong Kong (2011), Seoul (2012), Hangzhou (2013), Kyoto (2014), and Singapore (2015). Considering that this series of meetings has moved beyond a symposium and it is now widely regarded as the Asia version of CCS, the full name of AsiaCCS is officially changed to ACM Asia Conference on Computer and Communications Security starting in June 2015. The 11th ACM Asia Conference on Computer and Communications Security (ASIACCS 2016) will be held in 31 May - 3 June, 2016 in Xi'an, China. We invite submissions from academia, government, and industry presenting novel research on all theoretical and practical aspects of computer and network security. Areas of interest for ASIACCS 2016 include, but are not limited to: - Access control - Accounting and audit - Applied cryptography - Authentication - Cloud computing security - Cyber-physical security - Data and application security - Digital forensics - Embedded systems security - Formal methods for security - Hardware-based security - Intrusion detection - Key management - Malware and botnets - Mobile computing security - Network security - Operating system security - Privacy-enhancing technology - Security architectures - Security metrics - Software security - Smart grid security - Threat modeling - Trusted computing - Usable security and privacy - Web security - Wireless security ------------------------------------------------------------------------- SPT-IOT 2016 1st IEEE PERCOM Workshop on Security, Privacy and Trust in the Internet of Things, Held in conjunction with IEEE PERCOM 2016, Sydney, Australia, March 14-18, 2016. (Submissions Due 27 November 2015) https://sites.google.com/site/sptiot2016/home The Internet of Things (IoT) is a novel design paradigm, envisioned as a network of billions or trillions of machines communicating with one another and rapidly gaining global attention from academia, industry, and government. Pervasive computing is at the heart of IoT and forms a fundamental building block necessary to realize the IoT. Equipped with pervasive technologies such as RFID and smart dust in addition to sensors, actuators and machine-to-machine (M2M) devices, IoT has the potential to offer innovative solutions to global challenges faced by ageing populations, climate change, growing cost of healthcare as well as how we manage our environment and natural resources.. The heterogeneous nature of the IoT as well as the computational constraints of many of the building blocks of the IoT make security, privacy and trust a challenging problem to solve on the one hand, while security, privacy and trust play a critical role for most if not all applications of IoT in domains such as surveillance, healthcare, security, transport, food safety, manufacturing, logistics and supply chain management. Without effective solutions for security, privacy and trust reliable data fusion and mining, qualified services with context-aware intelligence and enhanced user acceptance and experience cannot be achieved. The proposed IEEE Percom workshop on Security, Privacy and Trust for IoT aims to provide a forum that brings together researchers from academia as well as practitioners from industry, standardization bodies, and government to meet and exchange ideas on recent research and future directions for the IoT with a specific focus on IoT security, privacy and trust. The technical discussion will be focused on the communications and network security aspects of IoT and the key enabling technologies for IoT, especially M2M communications and networking, RFID technology and Near Field Communications (NFC), the challenges to security, privacy and trust presented and novel approaches to solving these challenges. The technical topics of interest to the workshop include, but are not limited to: - IoT secure access network technologies and capillary networks - secure channel and traffic models - secure spectrum management for M2M/IoT radio communications - security of RFID, sensors, actuator technologies - IoT secure network infrastructure - IoT security protocols - privacy in applications of the IoT - IoT networking and communication security - circuit and system design for secure smart objects in the IoT - security, trust, and privacy issues for devices and services - naming, address management and end-to-end addressability - methods for secure by design IoT - methods for IoT security analysis and audit - privacy and anonymization techniques in IoT - secure cloud of things - trust management architectures - lightweight security solutions - authentication and access control in IoT - identification and biometrics in IoT - liability and policy enforcement in IoT - security of Big data in IoT - cyber physical systems security - cyber attacks detection and prevention - embedded platforms for cryptography (implementations for performance-optimized, resource constrained, energy-efficient platforms) - hardware security primitives - secure pervasive/Ubiquitous Computing Software and Systems - new Privacy and Security Techniques for Embedded Software and Systems - ethics and legal considerations in IoT ------------------------------------------------------------------------- ACM Transactions on Internet Technology, Special Issue on Internet of Things (IoT): Secure Service Delivery. (Submissions Due 30 November 2015) http://toit.acm.org/CfP/ACM-ToIT-CfP-IoT-Security.pdf Editors: Elisa Bertino (Purdue University, USA), Kim-Kwang Raymond Choo (University of South Australia, Australia), Dimitrios Georgakopoulos (RMIT University, Australia), and Surya Nepal (CSIRO, Australia). The aim of this special section is to bring together cutting-edge research with particular emphasis on novel and innovative techniques to ensure the security and privacy of IoT services and users. We solicit research contributions and potential solutions for IoT-based secure service delivery anywhere and at any time. This special section emphasizes service-level considerations. Topics of interest include, but are not limited to: - Security of IoT - IoT Service Architectures and Platforms - Real-Time IoT Service Security Analytics and Forensics - Organizational Privacy and Security Policies - Governance for IoT Services - Social Aspects of IoT Security - Security and Privacy Threats to IoT Services and Users - Accountability and Trust Management - Legal Considerations and Regulations - Case Studies and Applications ------------------------------------------------------------------------- PETS 2016 16th Privacy Enhancing Technologies Symposium, Darmstadt, Germany, July 19-22, 2016. (Submissions Due 31 August 2015, 30 November 2015, or 29 February 2016) http://petsymposium.org/ The annual Privacy Enhancing Technologies Symposium (PETS) brings together privacy experts from around the world to discuss recent advances and new perspectives on research in privacy technologies. New model as of PETS 2015: Papers undergo a journal-style reviewing process and accepted papers are published in the journal Proceedings on Privacy Enhancing Technologies (PoPETs). PoPETs, a scholarly, open access journal for timely research papers on privacy, has been established as a way to improve reviewing and publication quality while retaining the highly successful PETS community event. Authors can submit papers to PoPETs four times a year, every three months on a predictable schedule. Authors are notified of the decisions about two months after submission. In addition to accept and reject decisions, papers may be provided with 'major revision' decisions, in which case authors are invited to revise and resubmit their article to one of the following two submission deadlines. NEW as of PETS 2016: PETS 2016 also solicits submissions for Systematization of Knowledge (SoK) papers. These are papers that critically review, evaluate, and contextualize work in areas for which a body of prior literature exists, and whose contribution lies in systematizing the existing knowledge in that area. Authors are encouraged to view our FAQ about the submission process. Suggested topics include but are not restricted to: - Behavioural targeting - Building and deploying privacy-enhancing systems - Crowdsourcing for privacy - Cryptographic tools for privacy - Data protection technologies - Differential privacy - Economics of privacy and game-theoretical approaches to privacy - Forensics and privacy - Human factors, usability and user-centered design for PETs - Information leakage, data correlation and generic attacks to privacy - Interdisciplinary research connecting privacy to economics, law, ethnography, psychology, medicine, biotechnology - Location and mobility privacy - Measuring and quantifying privacy - Obfuscation-based privacy - Policy languages and tools for privacy - Privacy and human rights - Privacy in ubiquitous computing and mobile devices - Privacy in cloud and big-data applications - Privacy in social networks and microblogging systems - Privacy-enhanced access control, authentication, and identity management - Profiling and data mining - Reliability, robustness, and abuse prevention in privacy systems - Surveillance - Systems for anonymous communications and censorship resistance - Traffic analysis - Transparency enhancing tools ------------------------------------------------------------------------- IWSPA 2016 International Workshop on Security And Privacy Analytics, Co-located with ACM CODASPY 2016, New Orleans, LA, USA, March 11, 2016. (Submissions Due 1 December 2015) http://capex.cs.uh.edu/?q=content/international-workshop-security -and-privacy-analytics-2016 Increasingly, sophisticated techniques from machine learning, data mining, statistics and natural language processing are being applied to challenges in security and privacy fields. However, experts from these areas have no medium where they can meet and exchange ideas so that strong collaborations can emerge, and cross-fertilization of these areas can occur. Moreover, current courses and curricula in security do not sufficiently emphasize background in these areas and students in security and privacy are not emerging with deep knowledge of these topics. Hence, we propose a workshop that will address the research and development efforts in which analytical techniques from machine learning, data mining, natural language processing and statistics are applied to solve security and privacy challenges ('security analytics'). Submissions of papers related to methodology, design, techniques and new directions for security and privacy that make significant use of machine learning, data mining, statistics or natural language processing are welcome. Furthermore, submissions on educational topics and systems in the field of security analytics are also highly encouraged. ------------------------------------------------------------------------- SDN-NFV Security 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, Co-located with ACM CODASPY 2016, New Orleans, LA, USA, March 11, 2016. (Submissions Due 1 December 2015) http://honeynet.asu.edu/sdnnfvsec2016/ Software-Defined Networking (SDN) and Network Function Virtualization (NFV) are two emerging networking paradigms, which introduce significant granularity, visibility, flexibility and elasticity to networking, but at the same time bring forth new security challenges. The ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization (SDN-NFV Security 2016) will take place in New Orleans, LA, USA, on March 11, 2016. The target audience will be university researchers, scientists, and industry professionals who need to become acquainted with new theories and technologies related to security challenges in SDN and NFV. We solicit unpublished research papers, both regular (6 pages max) and short (4 pages max) papers, that address the latest practices, experiences, and lessons learned on SDN and NFV security. Topics of interest include, but are not limited to: - SDN/NFV-enabled security architecture - SDN/NFV-based automated network security - SDN/NFV-based mitigation for attacks - Authentication/confidentiality in SDN/NFV-based networks - Proofs of security in SDN/NFV-based networks - Logic flaws in SDN/NFV implementations - Attacks/defense to SDN controllers, protocols, and APIs - SDN-oriented security policy enforcement - Trust management of SDN applications and controllers - Development and deployment of NFV-based security functions (virtual firewalls, virtual IDSs, virtual DDoS mitigation, etc.) - Safe state migration in NFV - Network Security as a Service ------------------------------------------------------------------------- CPSS 2016 2nd ACM Cyber-Physical System Security Workshop, Held in conjunction with ACM AsiaCCS 2016 Conference, Xi'an, China, May 31, 2016. (Submissions Due 5 December 2015) http://icsd.i2r.a-star.edu.sg/cpss16/ Cyber-Physical Systems (CPS) consist of large-scale interconnected systems of heterogeneous components interacting with their physical environments. There are a multitude of CPS devices and applications being deployed to serve critical functions in our lives. The security of CPS becomes extremely important. This workshop will provide a platform for professionals from academia, government, and industry to discuss how to address the increasing security challenges facing CPS. Besides invited talks, we also seek novel submissions describing theoretical and practical security solutions to CPS. Papers that are pertinent to the security of embedded systems, SCADA, smart grid, and critical infrastructure networks are all welcome, especially in the domains of energy and transportation. Topics of interest include, but are not limited to: - Adaptive attack mitigation for CPS - Authentication and access control for CPS - Availability, recovery and auditing for CPS - Data security and privacy for CPS - Embedded systems security - EV charging system security - Intrusion detection for CPS - IoT security - Key management in CPS - Legacy CPS system protection - Lightweight crypto and security - SCADA security - Security of industrial control systems - Smart grid security - Threat modeling for CPS - Urban transportation system security - Vulnerability analysis for CPS - Wireless sensor network security ------------------------------------------------------------------------- Cybersecurity 2016 Cybersecurity Symposium, Coeur d'Alene, Idaho, U.S.A, April 19-20, 2016. (Abstract Submissions Due 15 December 2015) http://www.cybersecuritysymposium.com The 2016 Cybersecurity Symposium is an opportunity for academic researchers from all disciplines, and stakeholders from industry and government to meet and discuss state-of-the-art techniques and processes, with the purpose of improving the cybersecurity of today's critical systems. This symposium seeks submissions from academia, industry, and government describing innovative research, case studies, and best practices on all practical and theoretical aspects of cybersecurity. We are interested in extended abstracts on topics including, but not limited to: - Network Security - Secure Coding Practices - Software Analysis - Security Policies - Economic Impacts of Security - Privacy - Socialogical and Behavioral Aspects of Security and Privacy - Critical Infrastructure Security - Transportation System Security - Power grid/Smart Grid Security - System Security Case Studies ------------------------------------------------------------------------- IFIP SEC 2016 31th IFIP TC-11 SEC 2016 International Information Security and Privacy Conference, Ghent, Belgium, May 30 - June 1, 2016. (Submissions Due 24 December 2015) http://ifipsec.org/2016/ The IFIP SEC conference is the flagship event of the International Federation for Information Processing (IFIP) Technical Committee 11 on Security and Privacy Protection in Information Processing Systems (TC-11, www.ifiptc11.org). We seek submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of security and privacy protection in ICT Systems. Topics of interest: - Access control and authentication - Applied cryptography - Audit and risk analysis - Big data security and privacy - Cloud security and privacy - Critical infrastructure protection - Cyber-physical systems security - Data and applications security - Digital forensics - Human aspects of security and privacy - Identity management - Information security education - Information security management - Information technology misuse and the law - Managing information security functions - Mobile security - Multilateral security - Network & distributed systems security - Pervasive systems security - Privacy protection and Privacy-by-design - privacy enhancing technologies - Surveillance and counter-surveillance - Trust management ------------------------------------------------------------------------- BioSTAR 2016 International Workshop on Bio-inspired Security, Trust, Assurance and Resilience, Co-located with 37th IEEE Symposium on Security and Privacy (IEEE S&P 2016), San Jose, CA, USA, May 26, 2016. (Submissions Due 15 January 2016) http://biostar.cybersecurity.bio/ As computing and communication systems continue to expand and offer new services, these advancements require more dynamic, diverse, and interconnected computing infrastructures. Unfortunately, defending and maintaining resilient and trustworthy operation of these complex systems are increasingly difficult challenges. Conventional approaches to Security, Trust, Assurance and Resilience (STAR for short) are often too narrowly focused and cannot easily scale to manage large, coordinated and persistent attacks in these environments. Designs found in nature are increasingly used as a source of inspiration for STAR and related networking and intelligence solutions for complex computing and communication environments. Nature's footprint is present in the world of Information Technology, where there are an astounding number of computational bio-inspired techniques. These well-regarded approaches include genetic algorithms, neural networks, ant algorithms, immune systems just to name a few. For example several networking management and security technologies have successfully adopted some of nature's approaches, such as swarm intelligence, artificial immune systems, sensor networks, moving target defense, diversity-based software design, etc. Nature has also developed an outstanding ability to recognize individuals or foreign objects and adapt/evolve to protect a group or a single organism. Solutions that incorporate these nature-inspired characteristics often have improved performance and/or provided new capabilities beyond more traditional methods. The aim of this workshop is to bring together the research accomplishments provided by the researchers from academia and the industry. The other goal is to show the latest research results in the field of nature-inspired STAR aspects in computing and communications. Topics of interests include, but are not limited to: - Nature-inspired anomaly and intrusion detection - Adaptation algorithms - Biometrics - Nature-inspired algorithms and technologies for STAR - Biomimetics - Artificial Immune Systems - Adaptive and Evolvable Systems - Machine Learning, neural networks, genetic algorithms for STAR - Nature-inspired analytics and prediction - Cognitive systems - Sensor and actuator networks and systems - Information hiding solutions (steganography, watermarking) for network traffic - Cooperative defense systems - Cloud-supported matire-inspired STAR - Theoretical development in heuristics - Management of decentralized networks - Nature-inspired algorithms for dependable networks - Platforms for STAR services - Diversity in computing and communications - Survivable and sustainable systems - STAR management systems - Autonomic cyber defenses ------------------------------------------------------------------------- MOST 2016 Workshop on Mobile Security Technologies, Co-located with 37th IEEE Symposium on Security and Privacy (IEEE S&P 2016), San Jose, CA, USA, May 26, 2016. (Submissions Due 15 January 2016) http://ieee-security.org/TC/SPW2016/MoST/cfp.html Mobile Security Technologies (MoST) brings together researchers, practitioners, policy makers, and hardware and software developers of mobile systems to explore the latest understanding and advances in the security and privacy for mobile devices, applications, and systems. With the development of new mobile platforms, such as Android and iOS, mobile computing has shown exponential growth in popularity in recent years. To benefit from the availability of constantly-growing consumer base, new services and applications are being built from the composition of existing ones at breakneck speed. This rapid growth has also been coupled with new security and privacy concerns and challenges. For instance, more and more sensitive content is being collected and shared by third-party applications that, if misused, can have serious security and privacy repercussions. Consequently, there is a growing need to study and address these new challenges. We are seeking both short position papers (2-4 pages) and longer papers (a maximum of 10 pages). The topics of interest include, but are not limited to: - Identity and access control for mobile platforms - Mobile app security - Mobile cloud security - Mobile hardware security - Mobile middleware and OS security - Mobile web and advertisement security - Protecting security-critical applications of mobile platforms - Secure application development tools and practices - Security study of mobile ecosystems - Unmanned aerial vehicles (UAVs) security - Wearable and IoT security ------------------------------------------------------------------------- ACNS 2016 14th International Conference on Applied Cryptography and Network Security, London, United Kingdom, June 19-22, 2016. (Submissions Due 27 January 2016) http://acns2016.sccs.surrey.ac.uk/ The conference seeks submissions presenting novel research on all technical aspects of applied cryptography, cyber security (incl. network and computer security) and privacy. This includes submissions from academia/industry on traditional and emerging topics and new paradigms in these areas, with a clear connection to real-world problems, systems or applications. Submissions may focus on the modelling, design, analysis (incl. security proofs and attacks), development (e.g. implementations), deployment (e.g. system integration), and maintenance (e.g. performance measurements, usability studies) of algorithms/protocols/standards/implementations/technologies /devices/systems standing in relation with applied cryptography, cyber security and privacy, while advancing or bringing new insights to the state of the art. Some topics of interest include but not limited to: - Access control - Applied cryptography - Automated security analysis - Biometric security/privacy - Complex systems security - Critical infrastructures - Cryptographic primitives - Cryptographic protocols - Data protection - Database/system security - Digital rights management - Email and web security - Future Internet security - Identity management - IP protection - Internet fraud, cybercrime - Internet-of-Things security - Intrusion detection - Key management - Malware - Mobile/wireless/5G security - Network security protocols - Privacy/anonymity, PETs - Pervasive security - Security in e-commerce - Security in P2P systems - Security in grid systems - Cloud security/privacy - Security/privacy metrics - Trust management - Ubiquitous security/privacy - Human factors in security - Usability in security/privacy ------------------------------------------------------------------------- LASER 2016 4th Workshop on Learning from Authoritative Security Experiment Results, Co-located with 37th IEEE Symposium on Security and Privacy (IEEE S&P 2016), San Jose, CA, USA, May 26, 2016. (Submissions Due 29 January 2016) http://2016.laser-workshop.org/ The Learning from Authoritative Security Experiment Results (LASER) workshop series focuses on learning from and improving cyber security experimental results. LASER explores both positive and negative results, the latter of which are not often published. LASER's overarching goal is to foster a dramatic change in the paradigm of cyber security research and experimentation, improving the overall quality of practiced science. This year, LASER will focus on cyber security experimentation methods and results that demonstrate approaches to increasing the repeatability and archiving of experiments, methods, results, and data. Participants will find LASER to be a constructive and highly interactive venue featuring informal paper presentations and extended discussions. To promote a high level of interaction, attendance will be limited, with first preference given to participating authors. Additional seats will be available on a first-come first-served basis. LASER also seeks to foster good science in the next generation of cyber security researchers. As such, LASER offers a limited number of student scholarships for participation. ------------------------------------------------------------------------- WTMC 2016 International Workshop on Traffic Measurements for Cybersecurity, Co-located with 11th ACM Asia Conference on Computer and Communications Security (AsiaCCS 2016), Xi'an, China, May 30, 2016 . (Submissions Due 1 February 2016) http://wtmc.info Today's world's societies are becoming more and more dependent on open networks such as the Internet - where commercial activities, business transactions and government services are realized. This has led to the fast development of new cyber threats and numerous information security issues which are exploited by cyber criminals. The inability to provide trusted secure services in contemporary computer network technologies has a tremendous socio-economic impact on global enterprises as well as individuals. Current communication networks are increasingly becoming pervasive, complex, and ever-evolving due to factors like enormous growth in the number of network users, continuous appearance of network applications, increasing amount of data transferred, and diversity of user behaviors. Understanding and measuring traffic in such networks is a difficult yet vital task for network management but recently also for cybersecurity purposes. Network traffic measuring and monitoring can, for example, enable the analysis of the spreading of malicious software and its capabilities or can help to understand the nature of various network threats including those that exploit users' behavior and other user's sensitive information. On the other hand network traffic investigation can also help to assess the effectiveness of the existing countermeasures or contribute to building new, better ones. Recently, traffic measurements have been utilized in the area of economics of cybersecurity e.g. to assess ISP "badness" or to estimate the revenue of cyber criminals. Topics of interest include, but are not limited to: - Measurements for network incidents response, investigation and evidence handling - Measurements for network anomalies detection - Measurements for economics of cybersecurity - Network traffic analysis to discover the nature and evolution of the cybersecurity threats - Measurements for assessing the effectiveness of the threats detection/prevention methods and countermeasures - Novel passive, active and hybrid measurements techniques for cybersecurity purposes - Traffic classification and topology discovery tools for monitoring the evolving status of the network from the cybersecurity perspective - Correlation of measurements across multiple layers, protocols or networks for cybersecurity purposes - Novel visualization approaches to detect network attacks and other threats - Analysis of network traffic to provide new insights about network structure and behavior from the security perspective - Measurements of network protocol and applications behavior and its impact on cybersecurity and users' privacy - Measurements related to network security and privacy ------------------------------------------------------------------------- IoTPTS 2016 2nd ACM International Workshop on IoT Privacy, Trust, and Security, Held in conjunction with the 11th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2016), Xian, China, May 30, 2016. (Submissions Due 12 February 2016) https://sites.google.com/site/iotpts2016/ The Internet of Things (IoT) is the next great technology frontier. At a basic level, IoT refers simply to networked devices, but the IoT vision is a complex ecosystem that ranges from cloud backend services and big-data analytics to home, public, industrial, and wearable sensor devices and appliances. Architectures for these systems are in the formative stages, and now is the time to ensure privacy, trust, and security are designed into these systems from the beginning. We encourage submissions on all aspects of IoT privacy, trust, and security. Topics of interest include (but are not limited) to the following areas: - Privacy and IoT data - Privacy attacks for IoT - Trust management and device discoverability for IoT - Usability of privacy and security systems in IoT - User risk perceptions and modeling for IoT - Policy Management and enforcement for IoT - Authentication and access control for users for IoT - Cryptography for IoT - Attack detection and remediation for IoT - Security architectures for IoT systems and applications ------------------------------------------------------------------------- SECRYPT 2016 13th International Conference on Security and Cryptography, Lisbon, Portugal, July 26 - 28, 2016. (Submissions Due 1 March 2016) http://www.secrypt.icete.org SECRYPT is an annual international conference covering research in information and communication security. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of data protection, privacy, security, and cryptography. Papers describing the application of security technology, the implementation of systems, and lessons learned are also encouraged. Papers describing new methods or technologies, advanced prototypes, systems, tools and techniques and vision papers indicating future directions are also encouraged. Conference topics: - Access Control - Applied Cryptography - Biometrics Security and Privacy - Critical Infrastructure Protection - Data Integrity - Data Protection - Database Security and Privacy - Digital Forensics - Digital Rights Management - Ethical and Legal Implications of Security and Privacy - Formal Methods for Security - Human Factors and Human Behavior Recognition Techniques - Identification, Authentication and Non-repudiation - Identity Management - Information Hiding - Information Systems Auditing - Insider Threats and Countermeasures - Intellectual Property Protection - Intrusion Detection & Prevention - Management of Computing Security - Network Security - Organizational Security Policies - Peer-to-Peer Security - Personal Data Protection for Information Systems - Privacy - Privacy Enhancing Technologies - Reliability and Dependability - Risk Assessment - Secure Software Development Methodologies - Security and Privacy for Big Data - Security and privacy in Complex Systems - Security and Privacy in Crowdsourcing - Security and Privacy in IT Outsourcing - Security and Privacy in Location-based Services - Security and Privacy in Mobile Systems - Security and Privacy in Pervasive/Ubiquitous Computing - Security and Privacy in Smart Grids - Security and Privacy in Social Networks - Security and Privacy in the Cloud - Security and Privacy in Web Services - Security and Privacy Policies - Security Area Control - Security Deployment - Security Engineering - Security in Distributed Systems - Security Information Systems Architecture - Security Management - Security Metrics and Measurement - Security Protocols - Security requirements - Security Verification and Validation - Sensor and Mobile Ad Hoc Network Security - Service and Systems Design and QoS Network Security - Software Security - Trust management and Reputation Systems - Ubiquitous Computing Security - Wireless Network Security ------------------------------------------------------------------------- IWSEC 2016 11th International Workshop on Security, Tokyo, Japan, September 12-14, 2016. (Submissions Due 31 March 2016) http://www.iwsec.org/2016/ Original papers on the research and development of various security topics, as well as case studies and implementation experiences, are solicited for submission to IWSEC 2016. Topics of interest for IWSEC 2016 include all theory and practice of cryptography, information security, and network security, as in previous IWSEC workshops. In particular, we encourage the following topics in this year: - Big Data Analysis for Security - Critical Infrastructure Security - Cryptanalysis - Cryptographic Protocols - Cybersecurity Economics - Digital Forensics - Enriched Cryptography - Formal Methods - IoT security - Machine Learning for Security - Malware Countermeasures - Measurements for Cybersecurity - Multiparty Computation - Post Quantum Cryptography - Privacy Preserving - Real World Cryptography - Visualization for Security ==================================================================== Information on the Technical Committee on Security and Privacy ==================================================================== ____________________________________________________________________ Information for Subscribers and Contributors ____________________________________________________________________ SUBSCRIPTIONS: Two options, each with two options: 1. To receive the full ascii CIPHER issues as e-mail, send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe". OR send a note to cipher-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) 2. To receive a short e-mail note announcing when a new issue of CIPHER is available for Web browsing send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe postcard". OR send a note to cipher-postcard-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) To remove yourself from the subscription list, send e-mail to cipher-admin@ieee-security.org with subject line "unsubscribe" or "unsubscribe postcard" or, if you have subscribed directly to the xmission.com mailing list, use your password (sent monthly) to unsubscribe per the instructions at http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher or http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher-postcard Those with access to hypertext browsers may prefer to read Cipher that way. It can be found at URL http://www.ieee-security.org/cipher.html CONTRIBUTIONS: to cipher @ ieee-security.org are invited. Cipher is a NEWSletter, not a bulletin board or forum. It has a fixed set of departments, defined by the Table of Contents. Please indicate in the subject line for which department your contribution is intended. Calendar and Calls-for-Papers entries should be sent to cipher-cfp @ ieee-security.org and they will be automatically included in both departments. To facilitate the semi-automated handling, please send either a text version of the CFP or a URL from which a text version can be easily obtained. For Calendar entries, please include a URL and/or e-mail address for the point-of-contact. For Calls for Papers, please submit a one paragraph summary. See this and past issues for examples. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. All reuses of Cipher material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy, publications using Cipher material should obtain permission from the contributors. ____________________________________________________________________ Recent Address Changes ____________________________________________________________________ Address changes from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/AddressChanges.html _____________________________________________________________________ How to become <> a member of the IEEE Computer Society's TC on Security and Privacy _____________________________________________________________________ You may easily join the TC on Security & Privacy by completing the on-line for at IEEE at https://www.ieee.org/membership-catalog/productdetail/showProductDetailPage.html?product=CMYSP728 ______________________________________________________________________ TC Publications for Sale ______________________________________________________________________ The proceedings of previous conferences are available from the Computer Society's Digital Library. IEEE Security and Privacy Symposium IEEE CS Press ____________________________________________________________________________ TC Officers and SP Steering Committee ____________________________________________________________________________ Chair: Security and Privacy Symposium Chair Emeritus: Patrick McDaniel Sean Peisert Computer Science and Engineering UC Davis and Pennsylvania State University Lawrence Berkeley National Laboratory 360 A IST Building oakland15-chair@ieee-security.org University Park, PA 16802 (814) 863-3599 mcdaniel@cse.psu.edu Vice Chair: Treasurer: Ulf Lindqvist Yong Guan SRI International 3219 Coover Hall Menlo Park, CA Department of Electrical and Computer ulf.lindqvist@sri.com Engineering Iowa State University, Ames, IA 50011 (515) 294-8378 yguan (at) iastate.edu Newsletter Editor and Security and Privacy Symposium, 2016 Chair: TC Awards Chair: Michael Locasto Hilarie Orman University of Calgary Purple Streak, Inc. oakland16-chair@ieee-security.org 500 S. Maple Dr. Woodland Hills, UT 84653 cipher-editor@ieee-security.org ____________________________________________________________________________ BACK ISSUES: Cipher is archived at: http://www.ieee-security.org/cipher.html Cipher is published 6 times per year