_/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/_/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/_/ _/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/ ============================================================================ Newsletter of the IEEE Computer Society's TC on Security and Privacy Electronic Issue 136 January 24, 2017 Hilarie Orman, Editor Sven Dietrich, Assoc. Editor cipher-editor @ ieee-security.org cipher-assoc-editor @ ieee-security.org Yong Guan Calendar Editor cipher-cfp @ ieee-security.org ============================================================================ The newsletter is also at http://www.ieee-security.org/cipher.html Cipher is published 6 times per year Contents: * Letter from the Editor * Commentary and Opinion and News o News Items o What Did the Russians Do to the US Presidential Election? o One-Two Punch, Yahoo Account Hacks Move from .5 Million to 1 Billion o Fake Ad Views Divert Revenue to Hackers o NIST Releases New Hash Modes Document o For Confirming Stuxnet, a General Will Be Sentenced o Two Saved by the Obama Bell o Could We Survive Without GPS? o Cardiac Rootkits: The Hackable Heart o Whats That MITM? o Film Frolic Phutzed o Book reviews, Conference Reports and Commentary and News items from past Cipher issues are available at the Cipher website * List of Computer Security Academic Positions, by Cynthia Irvine * Conference and Workshop Announcements o o Upcoming calls-for-papers and events * Staying in Touch o Information for subscribers and contributors o Recent address changes * Links for the IEEE Computer Society TC on Security and Privacy o Becoming a member of the TC o TC Officers o TC publications for sale ==================================================================== Letter from the Editor ==================================================================== Dear Readers: The program for the TCSP's flagship conference, Security and Privacy, will be released in the coming weeks, and registration for the symposium will open at about the same time. Watch for announcements at the website, http://www.ieee-security.org/TC/SP2017/. It will be a great spring season for TCSP events. The European S&P Symposium will be held in Paris in late April, and the early registration deadline for that event is March 1. The security, privacy, and integrity of information on the Internet has been thrust into the forefront by last year's US election. The reverberations from that do not seem likely to abate for some time to come. Cybersecurity, long the bane of the fast-paced tech industry, may come to be seen as the missing piece of protection for our human institutions. Hacki, abstuli, revelavi (with apologies to Julius Caesar and any Latin scholar) Hilarie Orman cipher-editor @ ieee-security.org ==================================================================== News Briefs ==================================================================== News briefs from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/NewsBriefs.html What Did the Russians Do to the US Presidential Election? Obama orders review of Russian election-related hacking http://www.cnn.com//2016/12/09/politics/obama-orders-review-into-russian-hacking-of-2016-election/index.html CNNPolitics.com By Tal Kopan, Kevin Liptak and Jim Sciutto Fri December 9, 2016 Summary: Questions about the effect of cyberhacking by the Russians during the US presidential campaign have dogged the aftermath of Donald Trump's electoral college victory. In December, President Obama ordered a review of what the intelligence community knew about the activity. This has resulted in a great deal of discussion about motivations and results. ----------------- One-Two Punch, Yahoo Account Hacks Move from .5 Million to 1 Billion Yahoo Says 1 Billion User Accounts Were Hacked http://www.nytimes.com/2016/12/14/technology/yahoo-hack.html The New York Times By Vindu Goel and Nicole Perlrothdec December 14, 2016 Summary: As if the disclosure of a half million accounts hacked in 2012 were not sufficiently disturbing, Yahoo up the numbers considerably when it revealed that in 2013 one billion accounts were throroughly hacked. The result was disclosure of all information associated with the accounts: name, telephone number, password, etc. According to their chief information officer, the hackers stole source code that enabled them to forge web cookies. With that, they were able to get unfettered access to the accounts. ----------------- Fake Ad Views Divert Revenue to Hackers Russian Cyberforgers Steal Millions a Day With Fake Sites http://www.nytimes.com/2016/12/20/technology/forgers-use-fake-web-users-to-steal-real-ad-revenue.html The New York Times Dec. 20, 2016 by Vindu Goeldec Summary: When you view an online video ad, money changes hands. The owner of website that delivered the content to you will be paid for attracting the click that leads to the delivery. The advertiser will be billed for that service. A Russian cyberforgery ring has managed to infiltrate and automate that market, and the result is that advertisers are paying up to $5M per day for views that are inititated not by humans but by software impersonations. ----------------- NIST Releases New Hash Modes Document ----------------- NIST SP 800-185: "SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash and ParallelHash". The document is available at https://doi.org/10.6028/NIST.SP.800-185 Received public comments will be posted at http://csrc.nist.gov/publications/PubsSPs.html ----------------- For Confirming Stuxnet, a General Will Be Sentenced US Seeks 2-year Prison Term for Former Vice Chair of Joint Chiefs of Staff in Leak Case https://www.washingtonpost.com/local/public-safety/us-seeks-2-year-prison-term-for-former-vice-chair-of-joint-chiefs-of-staff-in-leak-case/2017/01/10/20c980de-d6bb-11e6-9f9f-5cdb4b7f8dd7_story.html The Washington Post Jan 10, 2017 By Spencer S. Hsu Summary: General James Cartwright pled guilty to lying to investigators about his role in confirming US involvement in the Stuxnet malware that crippled Iran's nuclear enrichment program. Related story: Two Saved by the Obama Bell https://www.washingtonpost.com/worldnational-security/obama-largely-commutes-sentence-of-chelsea-manning-us-soldier-convicted-for-leaking-classified-information/2017/01/17/f3205a1a-dcf8-11e6-ad42-f3375f271c9c_story.html Obama commutes sentence of Chelsea Manning, U.S. soldier convicted for leaking classified information The Washington Post Jan 17, 2017 By Ellen Nakashima and Sari Horwitz Summary: General James Cartwright and Chelsea Manning had their sentences commuted by outgoing US President Obama. Manning had leaked a trove of classified information to Wikileaks and served 7 years of a 35-year sentence. ----------------- Could We Survive Without GPS? Op-Ed: GPS, The looming national security threat everyone keeps ignoring https://www.washingtonpost.com/opinions/the-looming-national-security-threat-everyone-keeps-ignoring/2017/01/12/1c69df44-c79c-11e6-85b5-76616a33048d_story.html The Washington Post By Dana Goward President of the Resilient Navigation and Timing Foundation Jan 12, 2017 Summary: The Global Positioning System has been deemed a "single point of failure for critical infrastructure" by the Department of Homeland Security. The location service depends on satellite signals that can be easily jammed, either deliberately or by physical obstructions, solar storms, and innocent but faulty TV antennae. Since 2004 there have been recommendations to defuse the single-point failure vulnerability with a backup system of some kind, but this has never been a priority for the US administration. ----------------- Cardiac Rootkits: The Hackable Heart FDA confirms that St. Jude's cardiac devices can be hacked http://money.cnn.com/2017/01/09/technology/fda-st-jude-cardiac-hack/index.html?iid=ob_homepage_tech_pool CNN Tech Jan. 9, 2017 by Selena Larson Summary: The FDA stepped into an argument that had been brewing since last August. The agency confirmed that an implantable cardiac device could be accessed by hackers. The potential damage includes shocks, incorrect heart pacing, and battery depletion. The developer of the device promised to "continue to actively address cybersecurity risks." The device is designed to allow remote monitoring, but apparently hackers could use the transmitter access to get control of the device. The implants have a "universal code" that allows access. ----------------- Whats That MITM? WhatsApp 'backdoor' turns out to be known design feature https://nakedsecurity.sophos.com/2017/01/16/whatsapp-backdoor-turns-out-to-be-known-design-feature/ Naked Security by John E Dunn Jan 19, 2017 Summary: The WhatsApp messaging system is based on a widely respected encryption protocol, Signal. However, as in all things security, it is the totality of the application that determines its security. WhatsApp simplified the Signal system when dealing with users who need to move their account to a new device. At issue is whether or not the servers could be tricked into going through the key change protocol without the user's knowledge. If so, a man-in-the-middle attack might be feasible. However, neither WhatsApp nor Signal developers think that the trick is possible; other layers of security prevent it. ----------------- Film Frolic Phutzed Cyberattack causes outages at Sundance Film Festival The Salt Lake Tribune http://www.sltrib.com/entertainment/4846924-155/cyberattack-causes-outages-at-sundance-film By Mariah Noble First Published Jan 21 2017, Updated Jan 22 2017 Summary: Proving that nothing beneath the attention of cyberattackers, hackers apparently targeted the online box office site for the Sundance Film Festival, a major event for independent films held annually in Utah. No screenings were affected and a team went to work to alleviate the damage from the attack. ==================================================================== Listing of academic positions available by Cynthia Irvine ==================================================================== (nothing new since Cipher E135) http://cisr.nps.edu/jobscipher.html -------------- This job listing is maintained as a service to the academic community. If you have an academic position in computer security and would like to have in it included on this page, send the following information: Institution, City, State, Position title, date position announcement closes, and URL of position description to: irvine@cs.nps.navy.mil ==================================================================== Conference and Workshop Announcements ==================================================================== The complete Cipher Calls-for-Papers is located at http://www.ieee-security.org/CFP/Cipher-Call-for-Papers.html The Cipher event Calendar is at http://www.ieee-security.org/Calendar/cipher-hypercalendar.html Cipher calendar entries are announced on Twitter; follow ciphernews Requests for inclusion in the list should sent per instructions: http://www.ieee-security.org/Calendar/submitting.html ____________________________________________________________________ Cipher Event Calendar ____________________________________________________________________ 1/30/17- 2/ 1/17: IFIP 119 DF, 13th Annual IFIP WG 11.9 International Conference on Digital Forensics, Orlando, Florida, USA; http://www.ifip119.org/ 2/ 1/17: IEEE Security and Privacy magazine, special issue re Blockchain Security and Privacy https://www.computer.org/security-and-privacy/2016/11/21/blockchain-security-and-privacy-call-for-papers/ Submissions are due 2/ 3/17: IWPE, 3rd International Workshop on Privacy Engineering, Co-located with IEEE Symposium on Security and Privacy (SP 2017), San Jose, CA, USA; http://ieee-security.org/TC/SPW2017/IWPE/; Submissions are due 2/ 3/17: ACNS, 15th International Conference on Applied Cryptography and Network Security, Kanazawa, Japan; https://cy2sec.comm.eng.osaka-u.ac.jp/acns2017/ Submissions are due 2/15/17: Elsevier Digital Communications and Networks, Special Issue on Big Data Security and Privacy; https://www.journals.elsevier.com/digital-communications-and-networks/call-for-papers/big-data-security-and-privacy Submissions are due 2/16/17: USENIX Security, 26th USENIX Security Symposium, Vancouver, Canada; https://www.usenix.org/conference/usenixsecurity17/call-for-papers Submissions are due 2/17/17: CSF, 30th IEEE Computer Security Foundations Symposium, Co-located with CRYPTO 2017, Santa Barbara, California, USA; http://csf2017.tecnico.ulisboa.pt/ Submissions are due 2/26/17: IVSW, 2nd International Verification and Security Workshop, Thessaloniki, Greece; http://tima.imag.fr/conferences/ivsw/ivsw17/; Submissions are due 2/21/17- 2/22/17: SG-CRC, 2nd Singapore Cyber Security R&D Conference Singapore http://www.comp.nus.edu.sg/~tsunami/sg-crc17/ 2/26/17: WICSPIT, Workshop on Innovative CyberSecurity and Privacy for Internet of Things: Strategies, Technologies, and Implementations, Held in conjunction with the International Conference on Internet of Things, Big Data and Security (IoTBDS 2017), Porto, Portugal; http://tima.imag.fr/conferences/ivsw/ivsw17/ Submissions are due 2/26/17: USEC, Usable Security Mini Conference, Co-located with NDSS 2017, San Diego, California, USA; http://www.dcs.gla.ac.uk/~karen/usec/ 2/26/17- 3/ 1/17: NDSS, Network and Distributed System Security Symposium, San Diego, California, USA; https://www.internetsociety.org/events/ndss-symposium/ndss-symposium-2017/ndss-2017-call-papers; 2/28/17: Journal of Visual Communication and Image Representation, Special Issue on Data-driven Multimedia Forensics and Security; http://www.journals.elsevier.com/journal-of-visual-communication-and-image-representation; Submissions are due 2/28/17: PETS, 17th Privacy Enhancing Technologies Symposium, Minneapolis, MN, USA; https://petsymposium.org/; Submissions are due 3/ 1/17: IEEE Security & Privacy Magazine, Special issue on Digital Forensics; https://www.computer.org/web/computingnow/spcfp6; Submissions are due 3/ 1/17: SOUPS, 13th Symposium on Usable Privacy and Security, Santa Clara, CA, USA; https://www.usenix.org/conference/soups2017/call-for-papers Submissions are due 3/ 6/17: DBSec, 31st Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy Philadelphia, PA, USA; https://dbsec2017.ittc.ku.edu/ Submissions are due 3/13/17: WiSec, 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks Boston, MA, USA; http://wisec2017.ccs.neu.edu/; Submissions are due 3/21/17- 3/23/17: DFRWS-EU, DFRWS digital forensics EU conference, Lake Constance, Germany http://www.dfrws.org/conferences/dfrws-eu-2017 3/24/17: IWSPA, 3rd ACM International Workshop on Security and Privacy Analytics, Co-located with ACM CODASPY 2017, Scottsdale, Arizona, USA; http://capex.cs.uh.edu/?q=content/international-workshop-security-and-privacy-analytics-2017 3/27/17- 3/29/17: INTRICATE-SEC, 5th International Workshop on Security Intricacies in Cyber-Physical Systems and Services, Taipei, Taiwan; https://goo.gl/562zhD 3/28/17: RAID, 20th International Symposium on Research in Attacks, Intrusions and Defenses Atlanta, GA, USA; https://www.raid2017.org/; Submissions are due 4/ 2/17- 4/ 6/17: ASIACCS, ACM Symposium on Information, Computer and Communications Security, Abu Dhabi, United Arab Emirates; http://asiaccs2017.com/ 4/ 2/17: CPSS, 3rd ACM Cyber-Physical System Security Workshop, Abu Dhabi, UAE; http://icsd.i2r.a-star.edu.sg/cpss17/ 4/ 2/17: IoTPTS, 3rd International Workshop on IoT Privacy, Trust, and Security Held in conjunction with the 12th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2017); https://sites.google.com/site/iotpts2017/ 4/ 3/17- 4/ 7/17: WWW, WWW Security and Privacy Track, Perth, Australia; http://www.www2017.com.au/call-for-papers/security-and-privacy.php 4/ 4/17- 4/ 7/17: WoC, 3rd IEEE International Workshop on Container Technologies and Container Clouds, Held in conjunction with IEEE International Conference on Cloud Engineering (IC2E 2017), Vancouver, Canada; http://researcher.watson.ibm.com/researcher/view_group.php?id=7476 4/24/17- 4/26/17: WICSPIT, Workshop on Innovative CyberSecurity and Privacy for Internet of Things: Strategies, Technologies, and Implementations, Held in conjunction with the International Conference on Internet of Things, Big Data and Security (IoTBDS 2017), Porto, Portugal; http://iotbds.org/WICSPIT.aspx 4/26/17- 4/28/17: IEEE EuroSP, 2nd IEEE European Symposium on Security and Privacy, Paris, France; http://www.ieee-security.org/TC/EuroSP2017/cfp.php 5/ 1/17- 5/ 5/17: HOST, IEEE International Symposium on Hardware Oriented Security and Trust, McLean, VA, USA; http://www.hostsymposium.org 5/14/17- 5/17/17: WACC, International Workshop on Assured Cloud Computing and QoS aware Big Data, Held in conjunction with 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGRID 2017), Madrid, Spain; http://www.eubra-bigsea.eu/WACC_2017 5/15/17: PST, 15th Conference on Privacy, Security and Trust, Calgary, Alberta, Canada; http://www.ucalgary.ca/pst2017/; Submissions are due 5/19/17: ACM CCS, 24th ACM Conference on Computer and Communication Security Dallas, TX, USA; https://www.sigsac.org/ccs/CCS2017; Submissions are due 5/22/17- 5/24/17: S&P, 38th IEEE Symposium on Security and Privacy, San Jose, CA, USA; http://www.ieee-security.org/TC/SP2017/ 5/25/17: BioSTAR, International Workshop on Bio-inspired Security, Trust, Assurance and Resilience, Co-located with the 38th IEEE Symposium on Security and Privacy (IEEE S&P 2017), San Jose, CA, USA; http://biostar.cybersecurity.bio/ 5/25/17: WTMC, 2nd International Workshop on Traffic Measurements for Cybersecurity, Co-located with the 38th IEEE Symposium on Security and Privacy (IEEE S&P 2017), San Jose, CA, USA; http://wtmc.info 5/25/17: IWPE, 3rd International Workshop on Privacy Engineering, Co-located to IEEE Symposium on Security and Privacy (SP 2017), San Jose, CA, USA; http://ieee-security.org/TC/SPW2017/IWPE/ 5/29/17- 5/31/17: IFIPSEC, 32nd IFIP TC-11 SEC 2017 International Information Security and Privacy Conference, Rome, Italy; http://ifipsec.org/2017/ 6/ 1/17: ACSAC 2017 33rd Annual Computer Security Applications Conference, San Juan, Puerto Rico; http://www.acsac.org; Submissions are due 7/ 3/17- 7/ 5/17: IVSW, 2nd International Verification and Security Workshop, Thessaloniki, Greece; http://tima.imag.fr/conferences/ivsw/ivsw17/ 7/10/17- 7/12/17: ACNS, 15th International Conference on Applied Cryptography and Network Security, Kanazawa, Japan; https://cy2sec.comm.eng.osaka-u.ac.jp/acns2017/ 7/12/17- 7/14/17: SOUPS, 13th Symposium on Usable Privacy and Security, Santa Clara, CA, USA; https://www.usenix.org/conference/soups2017/call-for-papers 7/17/17- 7/19/17: DBSec, 31st Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy, Philadelphia, PA, USA; https://dbsec2017.ittc.ku.edu/ 7/18/17- 7/20/17: WiSec, 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Boston, MA, USA; http://wisec2017.ccs.neu.edu/ 7/18/17- 7/21/17: PETS, 17th Privacy Enhancing Technologies Symposium, Minneapolis, MN, USA; https://petsymposium.org/ 8/ 7/17- 8/10/17: DSC, IEEE Conference on Dependable and Secure Computing, Taipei, Taiwan; http://dsc17.cs.nctu.edu.tw/ 8/16/17- 8/10/17: USENIX Security, 26th USENIX Security Symposium, Vancouver, Canada; https://www.usenix.org/conference/usenixsecurity17/call-for-papers 8/22/17- 8/25/17: CSF, 30th IEEE Computer Security Foundations Symposium, Co-located with CRYPTO 2017, Santa Barbara, California, USA; http://csf2017.tecnico.ulisboa.pt/ 8/28/17- 8/30/17: PST, 15th Conference on Privacy, Security and Trust, Calgary, Alberta, Canada; http://www.ucalgary.ca/pst2017/ 9/18/17- 9/20/17: RAID, 20th International Symposium on Research in Attacks, Intrusions and Defenses, Atlanta, GA, USA; https://www.raid2017.org/ 10/30/17-11/ 3/17: ACM CCS, 24th ACM Conference on Computer and Communication Security, Dallas, TX, USA; https://www.sigsac.org/ccs/CCS2017 12/ 4/17-12/ 8/17: ACSAC 2017 33rd Annual Computer Security Applications Conference, San Juan, Puerto Rico; http://www.acsac.org ____________________________________________________________________ Journal, Conference and Workshop Calls-for-Papers (new since Cipher E135) ___________________________________________________________________ IEEE Security and Privacy magazine, Special Issue on Blockchain Security and Privacy, (Submissions Due 1 February 2017) https://www.computer.org/security-and-privacy/2016/11/21 /blockchain-security-and-privacy-call-for-papers Guest Editors: Ghassan Karame (NEC Laboratories Europe, Germany), and Srdjan Capkun (ETH Zurich, Switzerland) The blockchain emerged as a novel distributed consensus scheme that allows transactions, and any other data, to be securely stored and verified without a centralized authority. For some time, the notion of blockchain was tightly coupled with Bitcoin, a well-known proof of work hash-based mechanism. Today, there are more than one hundred alternate blockchains. Some are simple variants of Bitcoin, whereas others significantly differ in their design and provide different functional and security guarantees. This shows that the research community is in search of a simple, scalable, and deployable blockchain technology. Various reports further point to an increased interest in the use of blockchains across many applications and a significant investment by different industries in their development. The blockchain will likely induce considerable change to a large number of systems and businesses. Distributed trust, and therefore security and privacy, is at the core of the blockchain technologies and has the potential to either make them a success or cause them to fail. This special issue aims to collect the most relevant ongoing research efforts in blockchain security and privacy. Topics include, but aren't limited to: - Platforms for decentralized consensus (Bitcoin, Ethereum, Stellar, Ripple, Open Blockchain, etc.) - New threat models and attacks on existing blockchain technologies - Defenses and countermeasures - Simple payment verification modes and lightweight blockchain clients - Anonymity and privacy issues and measures to enhance anonymity and privacy - Proof-of-work, -stake, -burn, and other consensus alternatives - Scalability issues and solutions - Incentive mechanisms for blockchains - Economic, monetary, legal, ethical, and societal aspects - Applicability of the technology in financial markets - Regulation and law enforcement - Fraud detection and financial crime prevention - Case studies (for instance, of adoption, attacks, forks, and scams) - New applications ------------------------------------------------------------------------- IWPE 2017 3rd International Workshop on Privacy Engineering, Co-located with IEEE Symposium on Security and Privacy (SP 2017), San Jose, CA, USA, May 25, 2017. (Submissions Due 3 February 2017) http://ieee-security.org/TC/SPW2017/IWPE/ Ongoing news reports regarding global surveillance programs, massive personal data breaches in corporate databases, and notorious examples of personal tragedies due to privacy violations have intensified societal demands for privacy-friendly systems. In response, current legislative and standardization processes worldwide aim to strengthen individual's privacy by introducing legal, organizational and technical frameworks that personal data collectors and processors must follow. However, in practice, these initiatives alone are not enough to guarantee that organizations and software developers will be able to identify and adopt appropriate privacy engineering techniques in their daily practices. Even if so, it is difficult to systematically evaluate whether the systems they develop using such techniques comply with legal frameworks, provide necessary technical assurances, and fulfill users' privacy requirements. It is evident that research is needed in developing techniques and tools that can aid the translation of legal and normative concepts, as well as user expectations into systems requirements. Furthermore, methods that can support organizations and engineers in developing (socio-)technical systems that address these requirements is of increasing value to respond to the existing societal challenges associated with privacy. In this context, privacy engineering research is emerging as an important topic. Engineers are increasingly expected to build and maintain privacy-preserving and data-protection compliant systems in different ICT domains such as health, energy, transportation, social computing, law enforcement, public services; based on different infrastructures such as cloud, grid, or mobile computing and architectures. While there is a consensus on the benefits of an engineering approach to privacy, concrete proposals for models, methods, techniques and tools that support engineers and organizations in this endeavor are few and in need of immediate attention. To cover this gap, the topics of the International Workshop on Privacy Engineering (IWPE'17) focus on all the aspects surrounding privacy engineering, ranging from its theoretical foundations, engineering approaches, and support infrastructures, to its practical application in projects of different scale. Specifically, we are seeking the following kinds of papers: (1) technical papers that illustrate the engineering or application of a novel formalism, method or other research finding (e.g., a privacy enhancing protocol) with preliminary evaluation; (2) experience and practice papers that describe a case study, challenge or lessons learned from in a specific domain; (3) early evaluations of tools and other infrastructure that support engineering tasks in privacy requirements, design, implementation, testing, etc.; (4) interdisciplinary studies or critical reviews of existing privacy engineering concepts, methods, tools and frameworks; or (5) vision papers that take a clear position informed by evidence based on a thorough literature review. IWPE'17 welcomes papers that focus on novel solutions on the recent developments in the general area of privacy engineering. Topics of interests include, but are not limited to: - Integrating law and policy compliance into the development process - Privacy impact assessment during software development - Privacy risk management models - Privacy breach recovery Methods - Technical standards, heuristics and best practices for privacy engineering - Privacy engineering in technical standards - Privacy requirements elicitation and analysis methods - User privacy and data protection requirements - Management of privacy requirements with other system requirements - Privacy requirements elicitation and analysis techniques - Privacy engineering strategies and design patterns - Privacy-preserving architectures - Privacy engineering and databases, services, and the cloud - Privacy engineering in networks - Engineering techniques for fairness, transparency, and privacy in databases - Privacy engineering in the context of interaction design and usability - Privacy testing and evaluation methods - Validation and verification of privacy requirements - Privacy Engineering and design - Engineering Privacy Enhancing Technologies (PETs) - Integration of PETs into systems - Models and approaches for the verification of privacy properties - Tools and formal languages supporting privacy engineering - Teaching and training privacy engineering - Adaptations of privacy engineering into specific software development processes - Pilots and real-world applications - Evaluation of privacy engineering methods, technologies and tools - Privacy engineering and accountability - Privacy engineering and business processes - Privacy engineering and manageability of data in (large) enterprises - Organizational, legal, political and economic aspects of privacy engineering ------------------------------------------------------------------------- ACNS 2017 15th International Conference on Applied Cryptography and Network Security, Kanazawa, Japan, July 10-12, 2017. (Submissions Due 3 February 2017) https://cy2sec.comm.eng.osaka-u.ac.jp/acns2017/ ACNS is an annual conference focusing on innovative research and current developments that advance the areas of applied cryptography, cyber security and privacy. Both academic research works with high relevance to real-world problems as well as developments in industrial and technical frontiers fall within the scope of the conference. Submissions may focus on the modelling, design, analysis (including security proofs and attacks), development (e.g. implementations), deployment (e.g. system integration), and maintenance (including performance measurements, usability studies) of algorithms / protocols / standards / implementations / technologies / devices / systems, standing in close relation with applied cryptography, cyber security and privacy, while advancing or bringing new insights to the state of the art. ------------------------------------------------------------------------- Elsevier Digital Communications and Networks, Special Issue on Big Data Security and Privacy, (Submissions Due 15 February 2017) https://www.journals.elsevier.com/digital-communications-and-networks /call-for-papers/big-data-security-and-privacy Guest Editors: Shui Yu (Deakin University, Australia), Peter Muller (IBM Zurich Research Laboratory, Switzerland), and Albert Zomaya (University of Sydney, Australia). As human beings are deep into the Information Age, we have been witnessing the rapid development of Big Data. Huge amounts of data from sensors, individual archives, social networks, Internet of Things, enterprise and Internet are collected, shared and analyzed. Security and Privacy is one of the most concerned issues in Big Data. Big Data definitely desires the security and privacy protection all through the collection, transmission and analysis procedures. The features of Big Data such as Veracity, Volume, Variety and dynamicity bring new challenges to security and privacy protection. To protect the confidentiality, integrity and availability, traditional security measures such as cryptography, log/event analysis, intrusion detection/prevention and access control have taken a new dimension. To protect the privacy, new pattern of measures such as privacy-preserved data analysis need to be explored. There is a lot of work to be done in this emerging field. The purpose of this special issue is to make the security and privacy communities realizing the challenges and tasks that we face in Big Data. We focus on exploring the security and privacy aspects of Big Data as supporting and indispensable elements of the emerging Big Data research. The areas of interest include, but are not limited to, the following: - Security technologies for collecting of Big Data - Cryptography and Big Data - Intrusion detection and transmission surveillance of Big Data - Storage and system security for Big Data - Big Data forensics - Integrity protection and authentication of Big Data - Access control of Big Data - Privacy aware analysis and retrieval of Big Data - Privacy aware data fusion of Big Data ------------------------------------------------------------------------- USENIX Security 2017 26th USENIX Security Symposium, Vancouver, Canada, August 16-18, 2017. (Submissions Due 16 February 2017) https://www.usenix.org/conference/usenixsecurity17/call-for-papers The USENIX Security Symposium brings together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security and privacy of computer systems and networks. All researchers are encouraged to submit papers covering novel and scientifically significant practical works in computer security. USENIX Security is interested in all aspects of computing systems security and privacy. Papers without a clear application to security or privacy, however, will be considered out of scope and may be rejected without full review. ------------------------------------------------------------------------- CSF 2017 30th IEEE Computer Security Foundations Symposium, Co-located with CRYPTO 2017, Santa Barbara, California, USA, August 22-25, 2017. (Submissions Due 17 February 2017) http://csf2017.tecnico.ulisboa.pt/ The Computer Security Foundations Symposium is an annual conference for researchers in computer security. CSF seeks papers on foundational aspects of computer security, such as formal security models, relationships between security properties and defenses, principled techniques and tools for design and analysis of security mechanisms, as well as their application to practice. While CSF welcomes submissions beyond the topics listed below, the main focus of CSF is foundational security: submissions that lack foundational aspects risk rejection. This year, CSF will use a light form of double-blind reviewing. New results in computer security are welcome. We also encourage challenge/vision papers, which may describe open questions and raise fundamental concerns about security. ------------------------------------------------------------------------- WICSPIT 2017 Workshop on Innovative CyberSecurity and Privacy for Internet of Things: Strategies, Technologies, and Implementations, Held in conjunction with the International Conference on Internet of Things, Big Data and Security (IoTBDS 2017), Porto, Portugal, April 24 - 26, 2017. (Submissions Due 20 February 2017) http://iotbds.org/WICSPIT.aspx Cyber-attackers are steadily getting more creative and ambitious in their exploits and causing real-world damage (e.g., the German steel mill hack in 2014, the Ukrainian Power Grid hack in 2015). Proprietary and personally identifiable information are vulnerable to leakage as well (e.g., the Sony hack in 2014, the US Office of Personnel Management in 2014). The Internet of Things (IoT), a platform which allows everything to process information, communicate data, and analyze context opens up new vulnerabilities for both security and privacy. Smart buildings and smart cities, for example, will collect and process data for millions of individuals. Industrial systems, which were never intended to be linked via common protocols, are recognized as suddenly being open to security threats that can limit service availability and possibly cause considerable damage. Autonomous systems allowed to operate with minimal oversight are ripe targets for cyber-attacks. Data stored and processed in confidence in the cloud may be subject to exfiltration, leading to public embarrassment or the exposure of proprietary information. As cyber-events increase in number and severity, security engineers must incorporate innovative cybersecurity strategies and technologies to safeguard their systems and confidential information. A strategy to address a cybersecurity vulnerability, once identified, must understand the nature of the vulnerability and how to mitigate it. The "security tax" or "privacy tax" (system and service degradation) caused by the implementation of the mitigating security technologies may be so great that the end user bypasses the technologies and processes meant to ensure the system's security and privacy. A practical reality of the adoption of IoT is that it will require integration of new technologies with existing systems and infrastructure, which will continue to expose new security and privacy vulnerabilities; re-engineering may be required. The human element of IoT, the user, must be considered, and how the user and the IoT system interact to optimize system security and user privacy must be defined. Cyber-attackers and cyber victims are often in different countries, the transnational nature of many cyber-events necessitate the consideration of public policy and legal concerns as well. This workshop aims to showcase new and emerging strategies and technologies for forecasting, mitigating, countering, and attributing cyber-events that threaten security and privacy within the realm of IoT. The institutional benefits of IoT adoption are clear, however security and privacy concerns are constantly coming to light. As organizations - both public and private, large and small - adopt new IoT technologies, we hope that this workshop can serve as an opening conversation between government, industry, and academia for the purpose of addressing those concerns. ------------------------------------------------------------------------- IVSW 2017 2nd International Verification and Security Workshop, Thessaloniki, Greece, July 3-5, 2017. (Submissions Due 26 February 2017) http://tima.imag.fr/conferences/ivsw/ivsw17/ Issues related to verification and security are increasingly important in modern electronic systems. In particular, the huge complexity of electronic systems has led to growth in quality, reliability and security needs in several application domains as well as pressure for low cost products. There is a corresponding increasing demand for cost-effective verification techniques and security solutions. These needs have increased dramatically with the increased complexity of electronic systems and the fast adoption of these systems in all aspects of our daily lives. The goal of IVSW is to bring industry practitioners and researchers from the fields of verification, validation, test, reliability and security to exchange innovative ideas and to develop new methodologies for solving the difficult challenges facing us today in various SoC design environments. The workshop seeks submissions from academia and industry presenting novel research results on the following topics of interest: - Verification challenges of IoT - High-level test generation for functional verification - Emulation techniques and FPGA prototyping - Triage and debug methodologies - Silicon debugging - Low-power verification - Formal techniques and their applications - Verification coverage - Performance validation and characterization - Design for Verifiability (DFV) - Memory and coherency verification - ESL design and Virtual Platforms - Security verification - Design for security - Hardware Security IP - Secure circuit design - Fault-based attacks and counter measures - Security solutions for analog/mixed signal circuits - Security Applications in automotive, railway, avionics and space - Internet of Things (IoT) security considerations - Data analytics in verification and security - Security EDA tools - Hardware/software security and verification ------------------------------------------------------------------------- PETS 2017 17th Privacy Enhancing Technologies Symposium, Minneapolis, MN, USA, July 18 - July 21, 2017. (Submissions Due 31 August 2016; 30 November 2016; 28 February 2017) https://petsymposium.org/ The annual Privacy Enhancing Technologies Symposium (PETS) brings together privacy experts from around the world to present and discuss recent advances and new perspectives on research in privacy technologies. Papers undergo a journal-style reviewing process and accepted papers are published in Proceedings on Privacy Enhancing Technologies (PoPETs), a scholarly, open access journal. Submitted papers should present novel practical and/or theoretical research into the design, analysis, experimentation, or fielding of privacy-enhancing technologies. While PETS/PoPETs has traditionally been home to research on anonymity systems and privacy-oriented cryptography, we strongly encourage submissions on a number of both well-established and emerging privacy-related topics, for which examples are provided below. PoPETs also solicits submissions for Systematization of Knowledge (SoK) papers. These are papers that critically review, evaluate, and contextualize work in areas for which a body of prior literature exists, and whose contribution lies in systematizing the existing knowledge in that area. ------------------------------------------------------------------------- Journal of Visual Communication and Image Representation, Special Issue on Data-driven Multimedia Forensics and Security, (Submissions Due 28 February 2017) http://www.journals.elsevier.com/journal-of-visual-communication-and-image-representation Guest Editors: Anderson Rocha (University of Campinas, Brazil), Shujun Li (Universityof Surrey, UK), C.-C. Jay Kuo (University of Southern California, US), Alessandro Piva (University of Florence, Italy), and Jiwu Huang (Shenzhen University, China) In the last decade a large number of multimedia forensic and security techniques have been proposed to evaluate integrity of multimedia data. However, most of these solutions adopt very limiting and simplifying working conditions, being more appropriate for laboratorial tests than for real-world deployment. Unfortunately, with big data requirements on the table, the stakes are higher now. Forensics and security experts are no longer required to provide the society with solutions for specific cases. Instead, we need to cope with shear amounts of data and in different operational and acquisition conditions. In addition to the traditional multimedia forensics and security research around integrity and authentication, digital images and videos have also been the core components in other related application domains, e.g. biometrics, image and video based information hiding, image and video collection forensics, automatic child porn detection, digital triage of image and video evidence, attacks on image and video-based CAPTCHAs, etc. A common feature of the above listed multimedia forensics and security problems is that they can all be solved by machine learning techniques driven by training data. In recent years, some new and powerful modeling and machine learning paradigms have been developed that allow us to glean over massive amounts of data and directly extract useful information for proper decision making, thus creating new techniques to solve those multimedia forensics and security problems with improved performance. This Special Issue invites researchers in all related fields (including but not limited to image and video signal processing, machine learning, computer vision and pattern recognition, cyber security, digital forensics) to join us in a quest for pinpointing the next-generation image and video forensics and security solutions of tomorrow, capable of processing image and video data using the recently-developed deep learning paradigm and other new modelling and learning techniques. ALL submissions must highlight their machine-learning based approach and discuss how their solutions deal with large collections of data. The core data used in your work should be visual data (images and videos). Video data may also include RGB, IR, and depth data. The topics of interest of this Special Issue are listed below. The list is not exhaustive and prospective authors should contact the editors in case of any question. Submissions can contemplate original research, serious dataset collection and benchmarking, or critical surveys. Example Topics of Interest: - Attacks on visual CAPTCHAs - Biometrics and counter-spoofing - Content-protection and counter-protection - Counter forensics - Cyber threat analysis for image and video data - Forensic data fusion (if at least one source contains images and videos) - Image and video collection forensics - Incident response related to image and video data - Multimedia evidence recovery and validation - Multimedia forensics (forgery detection, attribution, CGI classification) - Multimedia provenance (phylogeny, digital triage of multimedia evidence) - Sensitive content detection (porn and child porn detection, violence detection) - Surveillance for forensics and security applications - Visual analytics for forensics and security applications - Visual information hiding: designs and attacks ------------------------------------------------------------------------- IEEE Security & Privacy Magazine, Special issue on Digital Forensics, (Submissions Due 1 March 2017) https://www.computer.org/web/computingnow/spcfp6 Guest Editors: Wojciech Mazurczyk (Warsaw University of Technology & FernUniversität in Hagen, Poland), Steffen Wendzel (Fraunhofer FKIE, Germany), Luca Caviglione (National Research Council of Italy, Italy), and Simson L. Garfinkel (National Institute of Standards and Technology, USA) Modern societies are becoming increasingly dependent on open networks where commercial activities, business transactions, and government services are delivered. Despite the benefits, these networks have led to new cyberthreats and cybersecurity issues. Abuse of and mistrust for telecommunications and computer network technologies have significant socioeconomic impacts on global enterprises as well as individuals. Cybercriminal activities such as fraud often require the investigations that span across international borders. In addition, they're often subject to different jurisdictions and legal systems. The increased intricacy of the communication and networking infrastructure complicates investigation of such activities. Clues of illegal digital activities are often buried in large volumes of data that makes crime detection and evidence collection difficult. This poses new challenges for law enforcement and compels computer societies to utilize digital forensics to combat the growing number of cybercrimes. Forensic professionals must be fully prepared to gather effective digital evidence. Forensic techniques must keep pace with new technologies; therefore, digital forensics is becoming more important for law enforcement and information and network security. This multidisciplinary area includes several fields, including law, computer science, finance, networking, data mining, and criminal justice. It faces diverse challenges and issues in terms of the efficiency of digital evidence processing and related forensic procedures. This special issue aims to collect the most relevant ongoing research efforts in digital forensics field. Topics include, but aren't limited to: - real-world case studies, best practices, and readiness; - challenges and emerging trends; - digital forensic triage; - antiforensics and anti-antiforensics approaches; - networking incident response, investigation, and evidence handling; - network forensics and traffic analysis; - detecting illegal sites and traffic (for instance, child abuse/exploitation); - malware and targeted attacks including analysis and attribution; - information-hiding techniques (network stenography, covert channels, and so on); - stealth communication through online games and its detection; - use and implications of machine learning in digital forensics; - big data and digital forensics; - network traffic fingerprinting and attacks; - cybercrimes design, detection, and investigation; - cybercrime issues and solutions from a digital forensics perspective; - nontraditional forensic scenarios and approaches (for instance, vehicles, SCADA, automation and control); - social networking forensics; - cloud forensics; - law enforcement and digital forensics; and - digital forensics for incident response, research, policy compliance enforcement, and so on. ------------------------------------------------------------------------- SOUPS 2017 13th Symposium on Usable Privacy and Security, Santa Clara, CA, USA, July 12-14, 2017. (Submissions Due 1 March 2017) https://www.usenix.org/conference/soups2017/call-for-papers The 2017 Symposium on Usable Privacy and Security (SOUPS) will bring together an interdisciplinary group of researchers and practitioners in human computer interaction, security, and privacy. We invite authors to submit previously unpublished papers describing research or experience in all areas of usable privacy and security. We welcome a variety of research methods, including both qualitative and quantitative approaches. Topics include, but are not limited to: - Innovative security or privacy functionality and design - Field studies of security or privacy technology - Usability evaluations of new or existing security or privacy features - Security testing of new or existing usability features - Longitudinal studies of deployed security or privacy features - Studies of administrators or developers and support for security and privacy - The impact of organizational policy or procurement decisions - Lessons learned from the deployment and use of usable privacy and security features ------------------------------------------------------------------------- DBSec 2017 31st Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy, Philadelphia, PA, USA, July 17-19, 2017. (Submissions Due 6 March 2017) https://dbsec2017.ittc.ku.edu/ DBSec is an annual international conference covering research in data and applications security and privacy. The 31st Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec 2017) will be held in Philadelphia, PA, USA. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of data protection, privacy, and applications security. Topics of interest include, but are not limited to: - access control - anonymity - applied cryptography in data security - authentication - big data security - data and system integrity - data protection - database security - digital rights management - identity management - intrusion detection - knowledge discovery and privacy - methodologies for data and application security - network security - organizational security - privacy - secure cloud computing - secure distributed systems - secure information integration - secure Web services - security and privacy in crowdsourcing - security and privacy in IT outsourcing - security and privacy in the Internet of Things - security and privacy in location-based services - security and privacy in P2P scenarios and social networks - security and privacy in pervasive/ubiquitous computing - security and privacy policies - security management - security metrics - threats, vulnerabilities, and risk management - trust and reputation systems - trust management - wireless and mobile security ------------------------------------------------------------------------- WiSec 2017 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Boston, MA, USA, July 18-20, 2017. (Submissions Due 13 March 2017) http://wisec2017.ccs.neu.edu/ ACM WiSec is the leading ACM and SIGSAC conference dedicated to all aspects of security and privacy in wireless and mobile networks and their applications. In addition to the traditional ACM WiSec topics of physical, link, and network layer security, we welcome papers focusing on the security and privacy of mobile software platforms, usable security and privacy, biometrics, cryptography, and the increasingly diverse range of mobile or wireless applications such as Internet of Things, and Cyber-Physical Systems. The conference welcomes both theoretical as well as systems contributions. Topics of interest include, but are not limited to: - Security & privacy for smart devices (e.g., smartphones) - Wireless and mobile privacy and anonymity - Secure localization and location privacy - Cellular network fraud and security - Jamming attacks and defenses - Key management (agreement or distribution) for wireless or mobile systems - Information-theoretic security schemes for wireless systems - Theoretical and formal approaches for wireless and mobile security - Cryptographic primitives for wireless and mobile security - NFC and smart payment applications - Security and privacy for mobile sensing systems - Wireless or mobile security for emerging applications (e.g, privacy in health, automotive, avionics, smart grid, or IoT applications) - Physical tracking security and privacy - Usable mobile security and privacy - Economics of mobile security and privacy - Bring Your Own Device (BYOD) security - Mobile malware and platform security - Security for cognitive radio and dynamic spectrum access systems - Security protocols for wireless networking ------------------------------------------------------------------------- RAID 2017 20th International Symposium on Research in Attacks, Intrusions and Defenses, Atlanta, GA, USA, September 18-20, 2017. (Submissions Due 28 March 2017) https://www.raid2017.org/ Over the last 20 years, the International Symposium on Research in Attacks, Intrusions and Defenses (RAID) has established itself as a venue where leading researchers and practitioners from academia, industry, and the government are given the opportunity to present novel research in a unique venue to an engaged and lively community. The conference is known for the quality and thoroughness of the reviews of the papers submitted, the desire to build a bridge between research carried out in different communities, and the emphasis given on the need for sound experimental methods and measurement to improve the state of the art in cybersecurity. RAID features a traditional poster session with a walking dinner on the first evening to encourage the presentation of work in progress and the active participation of younger members of the community. In this special year, the 20th anniversary of RAID's creation, we are soliciting research papers on topics covering all well-motivated security problems. We care about techniques that identify new real-world threats, techniques to prevent them, to detect them, to mitigate them or to assess their prevalence and their consequences. Measurement papers are encouraged, as well as papers offering public access to new tools or datasets, or experience papers that clearly articulate important lessons. Specific topics of interest to RAID include: - Computer, network and cloud computing security - SDN for/against security - Malware and unwanted software - Program analysis and reverse engineering - Mobile and Web security and privacy - Vulnerability analysis techniques - Usable security and privacy - Intrusion detection and prevention - Cyber intelligence techniques and (privacy preserving) threats intel sharing - Threats against critical infrastructures and mitigation thereof - Hardware security, Cyber physical systems, IoT security - Statistical and adversarial learning for computer security - Cyber crime and underground economies - The ecosystem behind Denial-of-Service attacks - Security measurement studies - Digital forensics - Computer security visualization techniques ------------------------------------------------------------------------- PST 2017 15th Conference on Privacy, Security and Trust, Calgary, Alberta, Canada, August 28-30, 2017. (Submissions Due 15 May 2017) http://www.ucalgary.ca/pst2017/ PST2017 provides a forum for researchers and practitioners to present their latest research results, developments and ideas in areas of privacy, security and trust. PST 2017 topics are inter-disciplinary across privacy, security and trust. Technologies of interest include, but are not limited to: - Access Control - Adversarial Machine Learning - Anonymity, Accountability and Audit - Attacks on Security and Privacy - Authentication - Biometrics - Blockchain and Related Technologies - Computer and Network Forensics - Cryptographic Protocols - Distributed Trust and Consensus - Formal Methods for Security and Privacy - Identity Management - Intrusion Detection - Key Management - Metrics for Security and Privacy - Privacy Preserving/Enhancing Technologies - Program Analysis for Security and Privacy - Quantum-resistant Cryptography - Reputation Systems - Threat modeling and risk analysis ------------------------------------------------------------------------- ACM CCS 2017 24th ACM Conference on Computer and Communication Security, Dallas, TX, USA, October 30 - November 3, 2017. (Submissions Due 19 May 2017) https://www.sigsac.org/ccs/CCS2017 The ACM Conference on Computer and Communications Security (CCS) is the flagship annual conference of the Special Interest Group on Security, Audit and Control (SIGSAC) of the Association for Computing Machinery (ACM). The conference brings together information security researchers, practitioners, developers, and users from all over the world to explore cutting-edge ideas and results. It provides an environment to conduct intellectual discussions. From its inception, CCS has established itself as a high-standard research conference in its area. ------------------------------------------------------------------------- ACSAC 2017 33rd Annual Computer Security Applications Conference, San Juan, Puerto Rico, December 4-8, 2017. (Submissions Due 1 June 2017) http://www.acsac.org The Annual Computer Security Applications Conference (ACSAC) is an internationally recognized forum where practitioners, researchers, and developers in information and system security meet to learn and to exchange practical ideas and experiences. If you are developing, researching, or implementing practical security solutions, consider sharing your experience and expertise at ACSAC. We are especially interested in submissions that address the application of security technology, the implementation of systems, and lessons learned. Some example topics are: - Access Control - Anonymity - Applied Cryptography - Assurance - Audit - Biometrics - Security case studies - Cloud Security - Cyber-Physical Systems - Denial of Service Protection - Distributed Systems Security - Embedded Systems Security - Enterprise Security Management - Evaluation and Compliance - Digital Forensics - Identity Management - Incident Response - Insider Threat Protection - Integrity - Intrusion Detection - Intellectual Property - Malware - Mobile/Wireless Security - Multimedia Security - Network Security - OS Security - P2P Security - Privacy & Data Protection - Privilege Management - Resilience - Security and Privacy of the Internet of Things - Security Engineering - Software Security - Supply Chain Security - Trust Management - Trustworthy Computing - Usability and Human-centric Aspects of Security - Virtualization Security - Web Security ==================================================================== Information on the Technical Committee on Security and Privacy ==================================================================== ____________________________________________________________________ Information for Subscribers and Contributors ____________________________________________________________________ SUBSCRIPTIONS: Two options, each with two options: 1. To receive the full ascii CIPHER issues as e-mail, send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe". OR send a note to cipher-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) 2. To receive a short e-mail note announcing when a new issue of CIPHER is available for Web browsing send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe postcard". OR send a note to cipher-postcard-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) To remove yourself from the subscription list, send e-mail to cipher-admin@ieee-security.org with subject line "unsubscribe" or "unsubscribe postcard" or, if you have subscribed directly to the xmission.com mailing list, use your password (sent monthly) to unsubscribe per the instructions at http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher or http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher-postcard Those with access to hypertext browsers may prefer to read Cipher that way. It can be found at URL http://www.ieee-security.org/cipher.html CONTRIBUTIONS: to cipher @ ieee-security.org are invited. Cipher is a NEWSletter, not a bulletin board or forum. It has a fixed set of departments, defined by the Table of Contents. Please indicate in the subject line for which department your contribution is intended. Calendar and Calls-for-Papers entries should be sent to cipher-cfp @ ieee-security.org and they will be automatically included in both departments. To facilitate the semi-automated handling, please send either a text version of the CFP or a URL from which a text version can be easily obtained. For Calendar entries, please include a URL and/or e-mail address for the point-of-contact. For Calls for Papers, please submit a one paragraph summary. See this and past issues for examples. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. All reuses of Cipher material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy, publications using Cipher material should obtain permission from the contributors. ____________________________________________________________________ Recent Address Changes ____________________________________________________________________ Address changes from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/AddressChanges.html _____________________________________________________________________ How to become <> a member of the IEEE Computer Society's TC on Security and Privacy _____________________________________________________________________ You may easily join the TC on Security & Privacy (or other TCs) by completing the on-line form at IEEE at https://www.computer.org/web/tandc/technical-committees ______________________________________________________________________ TC Conference Publications Online ______________________________________________________________________ The proceedings of previous conferences are available from the Computer Society's Digital Library. IEEE Security and Privacy Symposium IEEE Computer Security Foundations IEEE Europenan Security and Privacy Symposium From 2012 onward, these are available without charge from the digital library 12 months after the conference. ____________________________________________________________________________ TC Officers and SP Steering Committee ____________________________________________________________________________ Chair: Security and Privacy Symposium Chair Emeritus: Ulf Lindqvist Michael Locasto SRI International SRI International Menlo Park, CA oakland16-chair@ieee-security.org ulf.lindqvist@sri.com Vice Chair: Treasurer: Sean Peisert Yong Guan UC Davis and 3219 Coover Hall Lawrence Berkeley Department of Electrical and Computer National Laboratory Engineering speisert@ucdavis.edu Iowa State University, Ames, IA 50011 (515) 294-8378 yguan (at) iastate.edu Newsletter Editor and Security and Privacy Symposium, 2017 Chair: TC Awards Chair: Kevin Butler Hilarie Orman Department of Computer and Purple Streak, Inc. Information Science and Engineering 500 S. Maple Dr. University of Florida Woodland Hills, UT 84653 butler at ufl.edu cipher-editor@ieee-security.org ____________________________________________________________________________ BACK ISSUES: Cipher is archived at: http://www.ieee-security.org/cipher.html Cipher is published 6 times per year