Subject: Electronic CIPHER, Issue 23, August 15, 1997
_/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/_/_/_/ _/_/_/_/
_/ _/ _/ _/ _/ _/ _/ _/ _/
_/ _/ _/_/_/_/ _/_/_/_/ _/_/ _/_/_/_/
_/ _/ _/ _/ _/ _/ _/ _/
_/_/_/_/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/
====================================================================
Newsletter of the IEEE Computer Society's TC on Security and Privacy
Electronic Issue 23 August 15, 1997 Carl Landwehr, Editor
Bob Bruen, Book Review Editor Hilarie Orman, Assoc. Editor
====================================================================
Contents: [1150 lines total]
o Letter from the Past TC Chair
o Letter from the TC Chair
o Letter from the Editor
Security and Privacy News Briefs:
o LISTWATCH: Items from security-related lists, by Mary Ellen Zurko
o Recent Windows NT and Windows 95
o PGP 5.0 Source Code Exported -- Legally?
Commentary and Opinion:
[none this issue]
Conference Reports:
[none this issue]
New reports available via FTP and WWW: lots of new items here
Interesting Links:
Who's Where: recent address changes: Eggers, Cudney
Calls for Papers: ICDCS, ICTSMA, SIGMOD/PODS, SICON, ACM CCS
Reader's guide to recent security and privacy literature
o Conference Papers: ICICS, DIMACS Workshop on Crypto Protocols
o Journal and Newsletter articles: CACM, JCS, Crosstalk, Annals, etc.
o Books: Two books on web security
Calendar
Data Security Letter subscription offer
Publications for sale -- CSFW proceedings available
TC officers
Information for Subscribers and Contributors
____________________________________________________________________
Letter from the Immediate Past TC Chair
____________________________________________________________________
Dear TC Members:
Please join me in welcoming our new TCSP senior officers. Chuck
Pfleeger, previous TCSP Vice-Chair, is our new TCSP Chair. Working with
Chuck these past two years, I have witnessed his commitment to the best
interests of our TCSP. Our newly elected TCSP Vice-Chair and incumbent
Chair is Tom Berson. Tom has been a wellspring of innovative and
adroit solutions for the challenges faced by the TCSP and Oakland
conference organizers for over two decades. The TCSP will certainly
benefit from the leadership of Chuck Pfleeger and Tom Berson.
I would like to thank the members of the TCSP Executive Committee:
Senior Advisor, Terry Benzel; Academic Affairs Chair, Karl Levitt;
Standards Chair, Greg Bergren; Conference Chair, Steve Kent; and Cipher
Editor, Carl Landwehr. Carl and his Cipher volunteers continue to
produce a technical newsletter of unparalleled quality. Steve Kent,
Mike Reiter, George Dinolt, Paul Karger and Charles Payne are to be
commended for a highly successful 1997 Symposium on Security and
Privacy. Greg Bergren was our lifeline to a multitude of security
standards activities, and kept us always informed. Our first Academic
Affairs chair, Karl Levitt, had the formidable task of organizing an
agenda and establishing liaisons with academia, and we appreciate his
efforts. As immediate past TCSP chair, I succeed Terry Benzel as senior
advisor. Terry has made my job easier,and we have all benefited from
her shared insights and contributions.
As a volunteer member, I will continue to focus on ways for the
Computer Society to improve its member services and working
relationships with the TCSP and other technical committees.
Surprisingly enough, I am a nominee for the Computer Society Board of
Governors. I view this as an opportunity to take our TCSP experiences
strategies up one level in the Computer Society.
The TCSP continues to be one of the most successful and dynamic
Technical Committees of the IEEE Computer Society, due to the
contributions of its members. I extend my sincere gratitude to all our
TCSP members and dedicated volunteers for the achievements of the past
two years. I look forward to a great future for our TCSP under the
leadership of Chuck and Tom and our new Executive Committee officers.
Thanks again to all of you for your support!
Deborah M. Cooper
Immediate Past Chair, Technical Committee on Security and Privacy
____________________________________________________________________
Letter from the TC Chair
____________________________________________________________________
Dear TC Members:
I am very pleased to be addressing you in this first message as chair
of the IEEE Computer Society Technical Committee on Security and
Privacy. The importance of our profession is evident from the fact that
we get front page coverage in the popular press, something few if any
other technical committees do.
I want to introduce the other officers and board members who will also
support this technical committee. Tom Berson has agreed to be the vice
chair for the next two years, which means he will then succeed me as
chair for 1999-2001 (I leave him the year 2000 problem). Tom is quite
well known in our profession, most recently as a cryptanalyst, but also
as someone who has the breadth of knowledge to appreciate a formal
proof or to understand a TCB design. More than once we have called on
him to help determine the outstanding paper at the annual Symposium on
Security and Privacy (the Oakland conference), again demonstrating our
respect for his technical skills. What fewer people know, however, is
that Tom has also played a crucial role on negotiations that have kept
the Oakland conference at the Claremont hotel in Oakland. In fact, he
is involved in shuttle diplomacy again this year. I think Tom will be
an excellent chair after my term of office.
Carl Landwehr is continuing as Cipher editor, thank goodness. The time
and energy that Carl puts into producing this newsletter is something
that few of you realize. Over the last two years I have found out how
well Carl keeps Cipher going because it looks effortless even from the
inside: somehow all the pieces come together. Carl, of course, has a
regular corps of people who help out on different parts of Cipher, and
Carl regularly announces who they are and thanks them publicly. And
anybody else who would like to adopt an area to cover or write an
article on a recent event in our field would be most welcome. Carl,
like Tom, has filled most of the organizing roles of our technical
committee, and Carl can always be counted on for his wise advice.
As chair of the education committee, I asked Cynthia Irvine, and she
has accepted. Cynthia is at the US Naval Postgraduate School and, like
the Tom and Carl, she has experience in several parts of security,
including operating systems and evaluation issues. Cynthia recently
organized a workshop on curricula for university information security
tracks (for more details, see her piece to appear in the September
issue of IEEE Software). The reason I am most pleased to have Cynthia
chair our education committee is that she holds a similar post with
ACM. It would be easy to say that IEEE Computer Society and ACM are
competitors, but I think that is exactly why Cynthia is the best person
for this role. There is no point in fragmenting our field; quite the
opposite, we can do better by the synergy from working cooperatively,
with each society providing the kind of backup it can do best.
The chair of the committee on conferences is the general chair of the
Syposium on Security and Privacy, who next year will be Mike Reiter.
Mike is another well-known researcher in the community, working
primarily in design and analysis of protocols for accomplishing tasks
ranging from authentication to auctions. As is the pattern with our
officers, Mike served as registration chair (and general
chair-in-waiting) for the conference, so that he is fully prepared to
bring us another smoothly lfowing conference next year.
My standards committee chair is currently unfilled; after many years of
good service, Greg Bergren will be unavailable because he is entering a
career training program where he works.
The one final appointment, of sorts, is my "senior advisor," who will
be Deborah Cooper, my immediate predecessor as technical committee
chair. Deb and I have worked together these past two years on the
issues that come up in this committee, and I have grown to respect her
good sense, judgement, and leadership. She is a very tough act to
follow, but I am pleased that as senior advisor she will be available
for me to call on for advice and moral support.
Those then are the names of people who will work with me on the
leadership of this technical committee. But we require the assistance
of many others who help with conference organizing, writing and
reviewing papers and reports, and doing all the other things that help
advance our technical committee and profession. Thanks to you all, and
if you haven't yet helped with some of the unseen infrastructure work,
we would be pleased to have volunteers.
I want to continue a tradition Deborah started last year of holding a
brief status meeting in conjunction with the National Information
Systems Security Conference held in Baltimore in the autumn. I plan to
hold another such meeting this year to pass along new information about
our technical committee. The time and place will be posted with the
rest of the announcements of that meeting.
I am always open to suggestions of what we should be doing more of or
differently to enhance the usefulness of our committee to you, our
members. If you have thoughts you would like to share, please feel
free to drop me a note at pfleeger@arca.com or by phone at +1 (703)
734-5611.
Charles P. Pfleeger
TCSP Chair
____________________________________________________________________
Letter from the Editor
____________________________________________________________________
Dear Readers,
Since we have letters from both the past and current TC chairs this
issue, mine will be short. Thanks once again to Mary Ellen Zurko
for an enjoyable LISTWATCH column in this issue.
I've culled the best items from my queues of interesting URLs and news
items, and I hope you will find some of them of interest.
Many of you will have attended a security-related conference
or workshop over the summer; if there was something interesting in
it, please consider writing a short report for Cipher (and if there
wasn't something worth reporting, why did you go?).
Enjoy the rest of the summer; Cipher will return in late September,
contributors willing!
Carl Landwehr
Editor, Cipher
Landwehr@itd.nrl.navy.mil
____________________________________________________________________
SECURITY AND PRIVACY NEWS BRIEFS
___________________________________________________________________
LISTWATCH
Security-Related News Items from Security-Related Mailing Lists
by Mary Ellen Zurko, The Open Group Research Institute (8/8/97)
(m.zurko@opengroup.org)
____________________________________________________________________
This edition's listwatch items come from the email lists e$pam,
cryptography, cypherpunks, fight-censorship, oxdeadbeef, tbtf, and
dcsb.
There was some speculation and rumors on the cryptography list that DoD
interest in Fortezza is waning. This included stories of a contract
that was killed and the evolution of Fortezza being stalled in the
context of the Defense Messaging System, as well as lack of requests
for Fortezza from federal contractors.
Intel's BIOS Update technology enables bug fixes to its microprocessors
to be downloaded to the chips. A story discussing the security of this
feature include claims that the microcode patch is encrypted, and after
its header is examined "there are two levels of encryption in the
processor that must occur before it will successfully load the update"
(integrity and authentication? or just doubly-encrypted for
confidentiality?). My favorite security measure for this protocol is
that "There is no documentation. ... It's actually in the heads of
less than 10 people in the whole of Intel."
Mitsubishi has developed a software program which evaluates
symmetric-key encryption algorithms, displaying the amount of computing
power required to deduce the key, based on Shamir's differential
decryption method and Mitsubishi's proprietary linear decryption
method. The program uses "simple approximations of the encryption
algorithm" to determine "the minimal volume of computations needed to
crack the code."
AOL has announced a telemarketing plan that would include selling
memebers' telephone numbers. They have decided not to do that, based on
the reaction from customers and other intersted parties. See
http://www.yahoo.com/headlines/970724/news/stories/aol_1.html for the
story.
There was a lot of discussion of government access to keys on
cypherpunks. A policy brief from the Brookings Institution takes the
line that "there are reasonable compromises" in the debate about
government access to keys. The contents of most of the brief are
familiar to those following the debate. The author believes that
recent government trends towards listening to critics and evolving a
more flexible policy based on that feedback may lead to a workable
compromise. The author acknowledges that one of the problems with the
approach is its potential for abuse, and recommends a permanent,
verifiable audit trail of any government interception of electronic
communications. Other key escrow discussion on cypherpunks suggested
that keys should be split and held by the following parties, so that
all of them had to agree for a valid key to be returned:
1. ACLU
2. NRA
3. Republican Nat'l Committee
4. Democratic Nat'l Committee
5. N Y Times
6. Washington Post
7. Christian Coalition
8. Libertarian Party
9. FBI
10. NSA
11. Speaker of the House of Representatives
12. U S Supreme Court
Another suggestion was that the government go through a judge and/or
the key holders to get the content as well as the key. Another
subscriber suggested that the FBI and most other secret security
agencies should also be forced to use key escrow. It was pointed out
that the McCain-Kerrey bill does not require a court order to get keys,
even though reports on the bill have implied that it does.
A variety of mailing lists and individuals associated with an
imprisoned member of cypherpunks got an email message that looks like
it came from the IRS reporting on how that member pled guilty. There
was speculation on just how the IRS got that list of email addresses to
send to, including a question on whether it would violate the
Electronic Communications Privacy Act if the email records had been
obtained from a seized computer.
An entertaining, unattributed story appeared on 0xdeadbeef:
At a recent Sacramento PC User's Group meeting, a company was
demonstrating its latest speech-recognition software. A
representative from the company was just about ready to start the
demonstration and asked everyone in the room to quiet down. Just
then someone in the back of the room yelled, "Format C: Return."
Unfortunately, the software worked.
Dorothy Denning and William Baugh have completed a study called
"Encryption and Evolving Technologies as Tools of Organized Crime and
Terrorism," which is to be published by the National Strategy
Information Center. See
http://guru.cosc.georgetown.edu/~denning/crypto/oc-abs.html for an
excerpt. The study was unable to find any incident where cryptography
significantly harmed an investigation.
At DefCon 5, the hacker's convention in Las Vegas, Bruce Schneier is
quoted as saying of cryptosystems, "The math is perfect. The computers
are bad. The networks hideous. The people worse."
The last piece of the puzzle of how general purpose web browsers and
servers would be allowed to export 128-bit cryptography that could only
be used by approved institutions (financial or US corporation) fell
into place with the announcement that Verisign had gotten government
approval to be the sole exportor of the "magic certificates".
Discussion on cypherpunks included what would happen if the government
decided those certificates should be revoked, or not renewed after
their one year expiration date. The good news (as it were) is that most
browsers can't deal with Certificate Revocation Lists yet.
A Canadian-based firm, Entrust, is offering an encryption tool for
personal use for free, over the Web (see
http://www.entrust.com/solo.htm). It seems to include 128-bit symmetric
key encryption, which is not generally available for export from the
US. On a related note, an AP story states that a senior official of the
NSA was overheard at a White House press conference saying "It would
not take any twelve times the age of the universe to decrypt a 128-bit
message. Thirty-three minutes is more like it."
A quote from the July '97 "Computer Design" describing a
Pentium-compatible microprocessor redefines the phrase "proof of
correctness" by stating "IDT claims to have tested the C6 with most
modern PC operating systems, including WIndows 95, Windows 3.1,
NetWare, and Solaris for Intel. The complexity and pervasiveness of the
Windows operating system generally are considered to make up an
exacting proof of correctness...".
________________________________________________________________________
Recently reported Windows NT / Windows 95 problems and bug fixes
________________________________________________________________________
[Following reprinted with permission from SANS Network Security Digest,
Vol. 1, No. 6., August 10, 1997. For subscription information, send
e-mail to: sans@clark.net ]
NT/WIN95 SECURITY PROBLEMS AND BUG FIXES
The Microsoft Security page is located at:
Additional NT Security Related web pages may be found at:
A) Denial of Service Attack in Microsoft IIS for NT 4.0 - (6/30)
By sending a request with a URL of a certain length (typically
between 4 and 8K) you can cause an access server violation which
requires a reboot to fix. Unsaved data may be lost. Microsoft
has provided a patch for this problem. Exploits for this problem
have been published on the Internet.
This problem effects Versions 2.0 and 3.0 on NT systems running 4.0.
For more information see the CIAC bulletin at:
----------------------
B) Denial of Service Attack on Windows/NT using ICMP - (7/2)
This problem is similar to the Ping of Death attacks discussed earlier
this year. By sending a corrupt ICMP packet you can cause a
Windows/NT system to freeze and require a reboot.
Patches are available at
For more information see the CIAC bulletin at:
------------------------
C) Bug fixes released for NT3.51 (7/26)
Patches fix two known security problems [Q143474 - Anonymous
login user (Red Button) and Q161372 - SMB signing to prevent
"Man in the middle" attacks.] Fixes are available at:
-------------------------
D) Kernel Routine Error in NT 4.0 Service Pack 3.0 - (7/4)
A program called getadmin.exe, which has been distributed on the
Internet, grants administrative privileges to normal users. The
program takes advantage of a bug in a low-level kernel routine.
Microsoft has published a fix for this problem:
Later discussions on bugtraq revealed this patch did not fix the
problem entirely. Additional information on the vulnerability can be
found at:
-------------------------
E) Yet Another Netscape Communicator Bug (7/25)
The latest version of Communicator (4.0.1a) was supposed to correct
a security bug discovered in June. However, there is a flaw in the
way LiveConnect has been implemented in 4.0.1a. The end result is
similar to the situation with the previous bug: a malicious user can
monitor all of your web activity. For more information, see the
article at:
-------------------------
F) A New Fragmentation Attack (Win NT)
When reassembling a fragmented IP packet, the Microsoft implementation
does not require the first fragment to have an offset value of zero.
It merely checks whether the sum of the lengths of the collected
fragments equals the total length of the original unfragmented IP
packet. If enough fragments have been received so that this condition
holds, the NT stack will happily reassemble what it has accumulated so
far. This problem has been fixed with Service Pack 3. For more
information see:
________________________________________________________________________
PGP Version 5.0 Source Code Exported -- Legally?
________________________________________________________________________
According to an August 13, 1997 story by Robert Lemos in PC Week,
currently readable at:
http://www8.zdnet.com/pcweek/news/0811/13acryp.html
source code was for PGP 5.0 was "legally" posted at a University of
Oslo web site. The source code was published in a book, the book was
scanned into a machine by hackers, who proofread the code and posted
it. According to the article, the source code had previously been
posted on a Dutch site, but there had been no assertion that the export
was legal. It is not clear from the article whether the U.S. courts
have actually decided that the form of export reportedly used to
generate the Oslo version is exempt from the ITAR regulations;
see Cipher EI#14, "Federal District Court Rules Source Code is Protected
Speech."
________________________________________________________________________
New Reports available via FTP and WWW
________________________________________________________________________
o www.radium.ncsc.mil/tpep/process/review.html
NSA TPEP site includes a variety of documents available for download
and review, including a protection profile for firewalls
o http://www.redbooks.ibm.com/sg244949/4949fm.htm
IBM Redbook (draft) Security on the Web Using DCE Technology
o http://www.cert.org/research/JHThesis/index.html
An Analysis of Security Incidents on the Internet 1989-1995
by Dr. John D. Howard, Ph.D. dissertaion based on CERT incident data.
o http://www.cert.org/research/isw97_hypertext/isw97.html
Proceedings of Information Survivability Workshop Feb., 1997,
San Diego, organized by CMU-SEI.
Medical security/privacy items:
o http://aspe.os.dhhs.gov/admnsimp/pvcy0731.htm
Protecting the privacy of health information
HHS Secretary Donna Shalala's 7/31/97 speech to the National Press Club.
o http://www.acm.org/usacm/privacy/simons_medical.html
Congressional testimony by Barbara Simons, representing U.S. Public
Policy Committee of ACM on privacy and security of medical databases.
Anonymity-related items:
o http://www.itd.nrl.navy.mil/ITD/5540/projects/onion-routing/
"Onion-routing" approach to anonymous Internet connections, by
Goldschlag, Syverson, & Reed, NRL. Now seeking beta testers.
o http://www.research.att.com/projects/crowds
"Crowds" approach to private web transactions by Reiter & Rubin, AT&T,
seeking testers.
o http://www.dcs.ex.ac.uk/~aba/eternity/
An approach to anonymous publication, by Adam Beck, seeking beta testers
Cryptography policy items
o http://site108240.primehost.com/hir-hear.htm
Declassified transcript of U.S. House of Representatives Committee on
International Relations closed hearings on encryption policy, held
June 26, 1997
o http://jya.com/fbi-encrypt2.htm
FBI Director Louis Freeh's testimony on encryption policy before
Senate Judiciary Committee, July 6, 1997.
o http://www.crypto.com/key_study
The Risks of Key Recovery, Key Escrow and Trusted Third-Party Encryption
by Hal Abelson, Ross Anderson, Steve Bellovin, Josh Benaloh, Matt Blaze,
Whit Diffie, John Gilmore, Peter Neumann, Ron Rivest, Jeff Schiller, and
Bruce Schneier
US Govt. Internet policy items
o http://www.iitf.nist.gov/eleccomm/ecomm.htm
A Framework For Global Electronic Commerce, by President William J.
Clinton and Vice President Albert Gore, Jr.
o http://www.ccic.gov
Next Generation Internet implementation plan. Send comments to:
ngi@ccic.gov
________________________________________________________________________
Interesting Links [new entries only]
________________________________________________________________________
o http://www.jya.com/crypto.htm
John Young's "cryptome": extensive and current archive of a broad range
of news items, legislation, reports, etc., on cryptography policy,
technology, and related items (also free of appalling and wasteful
graphics).
o http://www.opengroup.org/RI/www/jkrb
Java - Kerberos web site
________________________________________________________________________
Who's Where: recent address changes
________________________________________________________________________
Entered 9 August 1997
Kenneth W. Eggers
CygnaCom Solutions, Inc.
Suite 100 West
7927 Jones Branch Drive
McLean, VA 22102-3305
phone: (703) 848-0883
email: eggers@cygnacom.com
Paul F. Cudney
Lockheed Martin Technical Operations
2401 E. El Segundo Boulevard
El Segundo, CA 90245-4636
Tel: (310) 727-1001
Fax: (310) 725-5902
e-mail: cudneypf@nic.techops.lmco.com
_______________________________________________________________________
Calls for Papers (new listings since last issue only -- full list on Web)
________________________________________________________________________
CONFERENCES
Listed earliest deadline first. See also Cipher Calendar.
Abbreviated listings this issue; web will be updated as soon as possible.
18th International Conf. on Distributed Computing Systems, CWI, Amsterdam.
Submissions due 1 October 1997. Conference held May 26-29, 1998.
Conference and paper submission information available at:
http://icdcs.fernuni-hagen.de/ or e-mail to bernd.kraemer@fernuni-hagen.de
5th International Conf. on Telecommunications Systems Modelling and Analysis,
Nashville. Submissions due 1 October 1997, Conference held March 20-23, 1998.
No web page listed, information from: gavishb@ctrvax.vanderbilt.edu
ACM SIGMOD/PODS '98 Joint conference, Seattle, Washington.
SIGMOD submissions due 3 November, 1997 (abstracts due Oct. 27 by e-mail).
PODS submissions due 17 November, 1997. Conference held June 1-4, 1998.
Submissions and conference information said to be available at:
http://www.boeing.com/sigmod98/
6th IEEE Singapore Int'l Conf. on Networks, Singapore.
Submissions due 12/19/97, conference held July 1-4, 1998.
Submissions and conference information available at
http://www.iscs.nus.edu.sg/~sicon or by e-mail from sicon@iscs.nus.edu.sg
5th ACM Conf. on Computer and Communications Security, San Francisco.
Submissions due April 3, 1998, conference held November 2-5, 1998.
Submission and conference information available at:
http://www.research.att.com/~reiter/ccs5/ or by e-mail from
reiter@research.att.com
JOURNALS
Special Issues of Journals and Handbooks: listed earliest deadline first.
[No new entries this issue]
________________________________________________________________________
Reader's Guide to Current Technical Literature in Security and Privacy
Part 1: Conference Papers
________________________________________________________________________
o International Conference on Information and Communications Security,
November 11-13, Beijing, P.R. China.
Regular Papers:
- Electronic Commerce with Secure Intelligent Trade Agents;
Jaco van der Merwe, S.H.von Solms (South Africa)
- Construction of Correlation Immune Boolean Fuctions;
Ed Dawson, Cuan-Kun Wu. (Australia)
- Related-Key Cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X, NewDES,
RC2, and TEA;
John Kelsey, Bruce Schneier, and David Wagner (USA)
- Efficient Scalable Fair Cash with Off-line Extortion Prevention;
Holger Petersen, Guillaume Poupard (France)
- Enforcing Traceability in Software;
Colin Boyd (Australia)
- Digital Signature and Public Key Cryptosystem in a Prime Order Subgroup
of Zn*;
Colin Boyd (Australia)
- Making Unfair a "Fair" Blind Signature Scheme;
Jacques Traore (France)
- On the Decomposition Constructions for Perfect Secret Sharing Schemes;
Hung-Min Sun and Bor-Liang Chen (Taiwan)
- Proxy Signatures, Revisite;
Seungjoo Kim, Sangjoon Park and Dongho Won (Korea)
- A^{2}-code = Affine resolvable + BIBD;
Satoshi Obana, Kaoru Kurosawa (Japan)
- Hiding the Hidden: A Software System for Concealing Ciphertext as
Innocuous Text;
Mark Chapman, George Davida (USA)
- A Multiplication-Addition Structure Against Differential Attack;
Feng Zhu, Bao-An Guo (China)
- Stateless Connections;
Tuomas Aura, Pekka Nikander (Finland)
- A New and optimal chosen-message attack on RSA-type cryptosystems;
Daniel Bleichenbacher, Marc Joye and Jean-Jacques Quisquater (USA and
Belgium)
- Traceable Visual Cryptography;
Ingrid Biehl, Susanne Wetzel (Germany)
- On Weak RSA-Keys Produced from Pretty Good Privacy;
Yasuyuki Sakai, Kouichi Sakurai and Hirokazu Ishizuka (Japan)
- Efficient Construction of Secure Hyperelliptic Discrete Logarithm
Problems;
Jinhui Chao, Nori Matsuda and Shigeo Tsujii (Japan)
- On Strict Estimation Method of Provable Security Against Differential
and Linear Cryptanalysis;
Yasuyoshi Kaneko, Shiho Moriai and Kazuo Ohta (Japan)
- A Trust Policy Framework;
Audun Josang (Norway)
- Trapdoor one-way permutations and multivariate polynomials;
Louis Goubin and Jacques Patarin (France)
- Asymmetric Cryptography with S-Boxes;
Louis Goubin and Jacques Patarin (France)
- Computational Learning Theoretic Cryptanalysis of Language Theoretic
Cryptosystems;
Takeshi Koshiba (Japan)
- Multisender Authentication Systems with Unconditional Security;
R. Safavi-Naini and K. M. Martin (Australia and Belgium)
- Protocols for Issuing Public-Key Certificates over the Internet;
James W. Gray, III and Kin Fai Epsilon IP (Hong Kong)
- Minimizing the Use of Random Oracles in Authenticated Encryption;
Schemes Phillip Rogaway and Mihir Bellare (USA)
- An Effective Genetic Algorithm for Finding Highly Nonlinear Boolean
Functions;
William Millan Andrew Clark Ed Dawson (Australia)
- Security Comments on the Hwang-Chen Algebraic-code Cryptosystem;
Mohssen Alabbadi (Saudi Arabia)
- Design of a Security Platform for CORBA based Application;
Rakman Choi, Jungchan Na, Kwonli Lee, Eunmi Kim and Wooyong Han (Korea)
- Self-synchronized message randomization methods for subliminal
channels;
Kazukuni Kobara and Hideki Imai (Japan)
- An Improved Key Stream Generator Based on the Programmable Cellular
Automata;
Miodrag J. Mihaljevic (Yugoslavia)
- A Language for Specifying Sequences of Authorization Transformations
and its Application;
Vijay Varadharajan and Yun Bai (Australia)
- A Secure Code for Recipient Watermarking agaist Conspiracy Attacks by
All Users;
Hajime Watanabe and Tadao Kasami (Japan)
- Proving decision power in round-optimal perfect zero-knowledge;
Giovanni Di Crescenzo, Kouichi Sakurai and Moti Yung (USA and Japan)
- Duality of Boolean Functions and Its Cryptographic Significance;
Yuliang Zheng, Xiao-Mo Zhang Hideki Imai (Australia and Japan)
- Critical Analysis of Security in Voice Hiding Techniques;
Li-Wu Chang and Ira S. Moskowitz (USA)
- Remarks on the Multiple Assignment Secret Sharing Scheme;
Josef Pieprzyk, Hossein Ghodosi and Rei Safavi-Naini, (Australia)
- Secure document management and distribution in an open network
environment;
Antonio Lioy, Fabio Maino and Marco Mezzalama (Italy)
Short Papers:
- On the Powerline System;
Paul Camion and Herve Chabanne (France)
- An Implementable Scheme for Secure Delegation of Computing and Data;
Josep Domingo-Ferrer And Ricardo X. Sanchez (Spain)
- Sharing Secret Information in Hierarchical Groups;
Josef Pieprzyk, Chris Charnes Keith Martin Rei Safavi-Naini (Australia)
- An Anonymous and Undeniable Payment Scheme;
Liqun Chen and Chris Mitchell (U.K.)
- Fast software elliptic curve cryptosystems;
Atsuko Miyaji and Takatoshi Ono (Japan), Henri Cohen (France)
- Improved Fast Software Implementation of Block Ciphers;
Takeshi Shimoyama and Seiichi Amada and Shiho Moriai (Japan)
- Distributed Cryptographic Function Application Protocols;
Audre Postma, Thijs Krol and Egbert Molenkamp (the Netherlands)
- Two Efficient RSA Multisignature Schemes;
Sangjoon Park (Korea)
- Publicly Verifiable Partial Key Escrow;
Wenbo Mao (U.K.)
- Proposal for User Identification Scheme Using Mouse;
Eiji Okamoto, Kenichi Hayashi and Masahiro Mambo (Japan)
- Fault Tolerant Anonymous Channel;
Wakaha Ogata, Kaoru Kurosawa, Kazue Sako and Kazunori Takatani (Japan)
o DIMACS Workshop on Design and Formal Verification of Crypto Protocols New
Rutgers Univ., New Jersey, Sept. 3-5, 1997.
- CSP, PVS, and a Recursive Authentication Protocol;
Jeremy Bryans and Steve Schneider, Royal Holloway and Bedford New
College
- Modeling and Automated Verification of Authentication Protocols;
Parosh Abdulla, Bengt Jonsson, and Aletta Nylen Department of Computer
Systems
- Cryptolog: A Theorem Prover for Cryptographic Protocols;
Bart De Decker and Frank Piessens, K. U. Leuven
- A Weakest Precondition Calculus for Analysis of Cryptographic
Protocols;
J. Alves-foss and T. Soule, U. of Idaho
- Model Checking for Security Protocols;
Will Marrero, Edmund Clarke, and Somesh Jha, Carnegie Mellon
- Using the ASTRAL Model Checker for Cryptographic Protocol Analysis;
Zhe Dang and Richard A. Kemmerer, UC Santa Barbara
- Digital Signatures With Encryption: Fact and Fiction;
Tomasz Kozlowski and Scott A. Smolka SUNY at Stonybrook
- A New Algorithm for the Automatic Verification of Authentication;
Protocols: From Specifications to Flaws and Attack Scenarios M. Debbabi
& M. Mejri & N. Tawbi & I. Yahmadi, Laval University
- The Perfect ``Spy'' for Model-Checking Cryptoprotocols;
A.W. Roscoe and M.H. Goldsmith Oxford University Computing Laboratory
and Formal Systems (Europe) Ltd
- Extensional Goals in Authentication Protocols;
Colin Boyd, Queensland University of Technology
- Using Non Interference for the Analysis of Security Protocols;
Riccardo Focardi and Roberto Gorrieri Universita' Ca' Foscari di
Venezia and Universita' di Bologna
- An Application of the WDL Theory of System Composition to the Analysis
of Cryptographic Protocols;
Alfred Maneki, NSA
- Design of an Application-Level Security Infrastructure;
Carl A. Gunter and Trevor Jim, U Penn
- A Semantics for BAN Logic;
Annette Bleeker and Lambert Meerkens, CWI
- Using a Multimodal Logic to Express Conflicting Interests in Security
Protocols;
Antti Huima and Tuomas Aura
- SPEAR: Security Protocol Engineering and Analysis Resources;
J.P. Beckmann, P. de Goede, and A. Hutchison U. of Cape Town
- Closing the Idealization Gap with Theory Generation;
Darrell Kindred and Jeannette Wing, Carnegie Mellon
- Automatic Formal Analysis of Two Large Commercial Protocols;
Stephen Brackin, Arca Systems
- Formal Analysis of IP Layer Security;
Sarah Mocas and Tom Schubert, Portland State U.
- Finite-State Analysis of SSL 3.0 and related Protocols;
John Mitchell, Vitaly Shmatikov, and Ulrich Stern, Stanford U.
- Model-based Design and Verification of Security Protocols using LOTOS;
Francois Germeau and Guy Leduc, Universite de Liege
- Using Isabelle to Prove Properties of the Kerberos Authentication
System;
G. Bella and L. C. Paulson, Cambridge U.
- Cautionary Note for Protocol Designers: Security Proof is not Enough;
A. Gillet, M. Joye and J.-J. Quisquater, U. C. Louvain
- On Known and Chosen Cipher Pairs;
Stuart Stubblebine and Catherine Meadows AT&T and NRL
- Cryptographic Module Flaws and Analysis Techniques;
Tom Markham, Secure Computing
- Two Weak Leaks in the Formal Methods Chain;
Carl Gunter, Insup Lee, and Andre Scedrov, U. Penn
_______________________________________________________________________
Reader's Guide to Current Technical Literature in Security and Privacy
Part 2: Journal and Newsletter Articles, Book Chapters
_______________________________________________________________________
o IEEE Annals of the History of Computing, Vol. 19, No. 3 (July-Sept 1997).
Donald Mackenzie and Garrel Pottinger. Mathematics, technology, and
trust: formal verification, computer security, and the U. S. military.
pp. 41-59.
o Communications of the ACM, Vol. 40, No. 8 (August 1997):
- Thomas C. Rindfleisch. Privacy, information technology, and health
care. pp. 92-101.
- Brock N. Meeks. Privacy lost, anytime, anywhere. pp. 11-13.
o Journal of Computer Security, Vol. 4, No. 4 [received about 7/97]:
- M. K. Reiter, M.K. Franklin, J. B. Lacy, and R. N. Wright. The Omega
key management service. pp.267-288.
- S.-C. Chuang. Security ATM networks. pp. 289-330.
- M. Bishop. Conspiracy and information flow in the Take-Grant
protection model. pp. 331-360.
o Crosstalk, The Journal of Defense Software Engineering, Vol. 10, No. 8
(August, 1997). Karen Ferraiolo and Victoria Thompson. Let's just be
mature about security: using a CMM for security engineering. pp.
15-20.
o Computers & Security Volume 16, Number 2 (1997). (Elsevier)
Features:
- Fred Cohen. Information system defences: a priliminary classification
scheme. pp. 94-114.
- Stephane Bouniol. The puzzle theorem -- the less I know, the less
I can disclose. pp. 115-126.
Refereed Papers:
- Dennis Volpano and Cynthia Irvine. Secure flow typing. pp. 137-144.
- O. Tettero, D.J. Out, H.M. Franken, and J. Schot. Information
security embedded in the design of telematics systems. pp. 145-164.
o ACM Software Engeneering Notes, Vol. 22, No. 4 (July 1997). Don Reifer.
Report on 4th ACM Conf. on Computer and Communications Security.
pp.32-33.
_______________________________________________________________________
Reader's Guide to Current Technical Literature in Security and Privacy
Part 3: Books
________________________________________________________________________
o Rubin, Aviel D., Daniel Geer, and Marcus J. Ranum, Web Security
Sourcebook: A Complete Guide to Web Security Threats and Solutions
John Wiley & Sons, ISBN: 0-471-18148-X, paperback. Book info and
review available from http://www.clark.net/pub/mjr/websec/
o Garfinkel, S. and G. Spafford. Web Security & Commerce. O'Reilly, June,
1997, ISBN 1-56592-269-7, 506 pages, $32.95. Review available at
http://www.web-vantage.com/wv/970808v4.cfm. (but you may have to
register at http://www.web-vantage.com/ first in order to read it).
Publisher info at http://www.ora.com/catalog/websec/index.html.
________________________________________________________________________
Calendar
________________________________________________________________________
====================================================================
See Calls for Papers section for details on many of these listings.
====================================================================
"Conf Web Page" indicates there is a hyperlink on the Cipher Web
pages to conference information. (In many cases there is such a link
even though mention is not made of it here, to save space.)
Dates Event, Location Point of Contact/ more information
----- --------------- ----------------------------------
8/17/97- 8/21/97: Crypto '97, Santa Barbara, California
8/25/97- 8/27/97: IDEAS '97. Montreal, Canada Conf Web page
9/ 3/97- 9/ 5/97: DIMACS Security Ver, Piscataway, NJ DIMACS Web page
9/ 8/97- 9/10/97: SAFECOMP97. University of York, UK Conf Web page
9/ 9/97: USENIX Sec Symp. San Antonio, Texas Conf Web page. Submissions
to securitypapers@usenix.org;
9/22/97- 9/24/97: INTRA-FORA. Linz, Austria Conf Web page
9/22/97- 9/25/97: IC3N '97, Las Vegas, NV Conf Web page
9/23/97- 9/26/97: NSPW '97, Great Langdale, Cumbria, UK
9/26/97- 9/30/97: MOBICOM '97, Budapest, Hungary Conf Web page
10/ 1/97: ICDCS '98, Amsterdam, submissions due
10/ 1/97: ICTSMA '98, Nashville, Tennessee, Submissions due
10/ 1/97: WOBIS '97, Budapest, Hungary; Conf Web page
10/ 5/97-10/ 8/97: SOSP '97, Malo, France; Conf Web page
10/ 6/97-10/10/97: NISS '97, Baltimore, MD, Conf web page
10/ 6/97: ETAPS '98, Lisbon, Portugal, Conf Web page; Submissions to
Nivat@litp.ibp.fr;
10/24/97-10/26/97: EDOC '97; Gold Coast, Australia. Conf Web page
10/25/97: IEEE Net Mag Special Issue; submissions to
liny@csie.nctu.edu.tw
10/27/97: SIGMOD/PODS '98, Seattle, Washington, SIGMOD abstracts due
10/28/97-10/31/97: ICNP '97, Atlanta, Georgia; Conf Web page
10/31/97-11/ 5/97: WebNet97. Toronto, Canada; Conf Web page
11/ 1/97: IEEE Personal Communications Special Issue on Mobile
Computing Systems and the Web, submissions due
11/03/97: SIGMOD/PODS '98, Seattle, Washington, SIGMOD submissions due
11/ 6/97-11/ 7/97: RBAC97. McLean, Virginia Conf Web page
11/10/97: IEEE Network Magazine Special Issue on Active and
Programmable Networks; Conf Web page; submissions due to
tchen@gte.com
11/11/97-11/13/97: ICICS '97, Beijing, P.R. China
11/12/97-11/14/97: Chilean CompSci Soc, Valparaiso, Chile;
11/17/97: SIGMOD/PODS '98, Seattle, Washington, PODS submissions due
11/19/97-11/21/97: ICCC '97. Cannes, France Conf Web page
12/ 4/97-12/ 5/97: IFIP-IICIS. Zurich, Switzerland Conf Web page
12/ 8/97-12/12/97: ACSAC '97, San Diego, CA
12/19/97: SICON '98, Singapore, submissions due
12/17/97-12/19/97: ISCOM '97. Hsinchu, Taiwan Conf Web page
1/ 6/98- 1/ 9/98: ENCXCS. Hawaii, HI Conf Web page
1/16/98: IFIP/SEC '98, Vienna and Budapest, Austria and Hungary;
Conf Web page Submissions due to rposch@iaik.tu;
1/26/98- 1/29/98: USENIX Sec Symp. San Antonio, Texas Conf Web page
2/ 2/98- 2/ 3/98: ADC '98. The Levels, South Australia
2/23/98- 2/27/98: ICDE '98. Orlando, Florida Conf Web page
3/10/98: IFIP WG11.3 Chalkidiki, Greece; Conf Web page Submissions due
to jajodia@gmu.edu;
3/11/98- 3/13/98: SNDSS '98, San Diego, California Conf Web page
3/20/98- 3/23/98: ICTSMA '98, Nashville, Tennessee
3/30/98- 4/ 3/98: ETAPS '98. Lisbon, Portugal, Conf Web page
4/ 3/98: CCS '98, San Francisco, CA, submissions due
5/ 3/98- 5/ 6/98: IEEE S&P 98; Oakland no e-mail address available
5/12/98- 5/15/98: 10th CITSS, Ottawa; no e-mail address available
5/26/98- 5/29/98: ICDCS '98, Amsterdam
6/ 1/98- 6/ 4/98: SIGMODS/PODS '98, Seattle, Washington
7/ 1/98- 7/ 4/98: SICON '98, Singapore
7/15/98- 7/17/98: IFIP WG11.3, Chalkidiki, Greece Conf Web page
8/31/98- 9/ 4/98: IFIP/SEC '98, Vienna and Budapest, Austria and
Hungary; Conf Web page
11/ 2/98-11/ 5/98: CCS '98, San Francisco, CA
5/ 2/99- 5/ 5/99: IEEE S&P 99; Oakland no e-mail address available
5/11/99- 5/14/99: 11th CITSS, Ottawa; no e-mail address available
4/30/00- 5/ 3/00: IEEE S&P 00; Oakland no e-mail address available
5/16/00- 5/19/00: 12th CITSS, Ottawa; no e-mail address available
Key:
* ACISP = Australasian Conference on Information Security and Privacy,
* ACSAC = Annual Computer Security Applications Conference 13th Annual
* ADC = Australasian Database Conference, ADC '98
* CCS = ACM Conference on Computer and Communications Security
* CITSS = Canadian Information Technology Security Symposium
* COMPASS = Conference on Computer Assurance COMPASS '97
* CORBA SW = Workshop on Building and Using CORBASEC ORBS CORBA SW
* CRYPTO = IACR Annual CRYPTO Conference CRYPTO97
* CSFW = Computer Security Foundations Workshop CSFW10 , Wrkshp Page
* DASFAA = Database Systems For Advanced Applications DASFAA '97
* DIMACS Security Ver = DIMACS Workshop on Formal Verification of
Security Protocols '97 workshop
* EDOC = Enterprise Distributed Object Computing Workshop EDOC '97
* Electronic Commerce for Content II = Forum on Technology-Based
Intellectual Property Management URL
* ENCXCS = Engineering Complex Computer Systems Minitrack of HICSS ENCXCS
* ENM = Enterprise Networking ENM '97
* ENTRSEC = International Workshop on Enterprise Security ENTRSEC '97
* ETAPS = European Joint Conferences on Theory and Practice of Software
* FMP = Formal Methods Pacific FMP '97
* GBN = Gigabit Networking Workshop GBN'97
* HASE = High-Assurance Systems Engineering Workshop HASE '97
* HICSS = Hawaii International Conference on Systems Sciences
* HPTS = Workshop on High Performance Transaction Systems
* ICAST = Conference on Advanced Science and Technology, 13th ICAST
* ICCC = International Conference for Computer Communications ICCC '97
* IC3N = Int'l Conf. on Computer Communications aand Networks
* ICDCS = Int'l Conf. in Distributed Computing Systems
* ICDE = Int. Conf. on Data Engineering ICDE '98
* ICI = International Cryptography Institute
* ICICS = International Conference on Information and Communications
Security ICICS '97
* ICNP = IEEE International Conf. on Network Protocols
* ICTSMA = Int'l Conf on Telecomm. Sys. Modelling and Analysis
* IDEAS = Int'l Database Engineering and Applications Symposium IDEAS '97
* IEEE S&P = IEEE Symposium on Security and Privacy - IEEE S&P '97
* IESS = Int'al Symposium on Software Engineering Standards IESS '97
* IFIP/SEC = International Conference on Information Security (IFIP TC11)
* IFIP WG11.3 = IFIP WG11.3 11th Working Conference on Database Security
* IFIP-IICIS = First Working Conference on Integrity and Internal Control
in Information Systems
* INET = Internet Society Annual Conference
* INETCOMP = IEEE Internet Computing (magazine)
* INTRA-FORA = International Conference on INTRANET: Foundation,
Research, and Applications INTRA-FORA
* IRISH = Irish Workshop on Formal Methods IRISH97
* ISADS = Symposium on Autonomous Decentralized Systems ISADS '97
* ISCOM - International Symp. on Communications
* JCS = Journal of Computer Security WWW issue
* JTS = Journal of Telecommunications Systems, special multimedia issue
* MOBICOM = Mobile Computing and Networking MOBICOM '97
* NGITS = World Conference of the WWW, Internet, and Intranet NGITS '97
* NISS = National Information Systems Security Conference NISS
* NSPW = New Security Paradigms Workshop NSPW '96
* OSDI = Operating Systems Design and Implementation OSDI '96
* PKS = Public Key Solutions PKS '97
* PTP = Workshop on Proof Transformation and Presentation PTP '97
* RBAC = ACM Workshop on Role-Based Access Control RBAC '97
* RIDE = High Performance Database Management for Large Scale
Applications RIDE97
* SAFECOMP = Computer Safety, Reliability and Security SAFECOMP '97
* SICON = IEEE Singapore International Conference on Networks
* SIGMOD/PODS = ACM SIGMOD Confs on Mgmt of Data / Prin. of DB Systems
* SNDSS = Symposium on Network and Distributed System Security (ISOC)
* SOSP = 16th ACM Symposium on Operating Systems Principles SOSP '97
* TAPOS = Theory and Applications of Object Systems, special issue
Objects, Databases, and the WWW TAPOS
* USENIX Sec Symp = USENIX UNIX Security Symposium, 8th Annual
* WebNet = World Conference of the Web Society, WebNet 97
* WOBIS = Workshop on Satellite-based Information Services
________________________________________________________________________
Data Security Letter Subscription Offer
________________________________________________________________________
A special subscription rate of $25/year for the Data Security Letter
is now available to IEEE TC members. The DSL is an external, nonpartisan
newsletter published by Trusted Information Systems, Inc. Eleven issues
(usually 16 pages each) per year are published. The DSL welcomes reader
suggestions and contributions and accepts short research abstracts
(about 130 words) for publication on an ongoing basis. On occasion, the
DSL will be republishing Cipher articles (with authors' approval), but
such articles will constitute a small portion of DSL content (thus there
will be very little duplication of Cipher material).
IEEE TC members wishing to take advantage of the special subscription rate
should send the following to sharon@tis.com. The information can also be
faxed to 301-854-5363 (attention: DSL) phoned to 301-854-5338, or mailed
to Trusted Information Systems, Inc., 3060 Washington Rd., Glenwood,
MD 21738 USA.
NAME:
POSTAL ADDRESS:
(Please indicate company name, if a business address)
PHONE:
(Please indicate if home or business)
FAX:
E-MAIL:
IEEE Membership No. (if applicable):
NOTE: If you are already a paying subscriber to the DSL, for the $25 you
will receive a 2-year renewal; refunds, rebates, etc., on your current
subscription are not available.
If you have any questions about the offer or anything else pertaining
to the DSL, you may contact the editor, Sharon Osuna, via E-Mail to
sharon@tis.com or call her at 301-854-5338.
________________________________________________________________________
How to become <> a member of the
IEEE Computer Society's TC on Security and Privacy
________________________________________________________________________
You do NOT have to join either IEEE or the IEEE Computer Society to
join the TC, and there is no cost to join the TC. All you need to do
is fill out an application form and mail or fax it to the IEEE Computer
Society. A copy of the form is included below (to simplify things,
only the TC on Security and Privacy is included, and is marked for you)
The full and complete form is available on the IEEE Computer Society's
Web Server at URL:
http://www.computer.org:80/tab/tcapplic.htm (print & mail form) or
http://www.computer.org:80/tab/Tcappli1.htm (HTML form for form-enabled
browsers)
IF YOU USE THE FORM BELOW, PLEASE NOTE THAT THE IT IS TO BE RETURNED
(BY MAIL OR FAX) TO THE IEEE COMPUTER SOCIETY, >>NOT<< TO CIPHER.
---------
IEEE Computer Society
Technical Committee Membership Application
-----------------------------------------------------------
Please print clearly or type.
-----------------------------------------------------------
Last Name First Name Middle Initial
___________________________________________________________
Company/Organization
___________________________________________________________
Office Street Address (Please use street addresses over P.O.)
___________________________________________________________
City State
___________________________________________________________
Country Postal Code
___________________________________________________________
Office Phone Fax
___________________________________________________________
Email Address (Internet accessible)
___________________________________________________________
Home Address (optional)
___________________________________________________________
Home Phone
___________________________________________________________
[ ] I am a member of the Computer Society
IMPORTANT: IEEE Member/Affiliate/Computer Society Number:
____________________
[ ] I am not a member of the Computer Society*
Please Note: In some TCs only current Computer Society members are
eligible to receive Technical Committee newsletters.
Please select up to four Technical Committees/Technical Councils of
interest.
TECHNICAL COMMITTEES
[ X ] T27 Security and Privacy
Please Return Form To:
IEEE Computer Society
1730 Massachusetts Ave, NW
Washington, DC 20036-1992
Phone: (202) 371-0101
FAX: (202) 728-9614
________________________________________________________________________
TC Publications for Sale (NOT!)
________________________________________________________________________
Proceedings of the IEEE CS Symposium on Security and Privacy
Sorry! Strong response has reduced our stocks of old proceedings, and
we have closed this year's conference books, so we will not be
accepting any more orders until spring 1998. You may still order
current (1997) and some back issues from IEEE CS Press at
http://www.computer.org/cspress/catalog/proc9.htm.
But, if you are interested in a copy of the current or past
proceedings of the Computer Security Foundations Workshop, send a
note to Josh Guttman at guttman@mitre.org.
Pricing is $25 for this year's proceedings, $10 for those from prior
years.
Charles N. Payne
Treasurer, IEEE TC on Security and Privacy
Secure Computing Corp.
2675 Long Lake Rd.
Roseville, MN 55113
U S A
e-mail: cpayne@securecomputing.com
________________________________________________________________________
TC Officer Roster
________________________________________________________________________
Chair: Past Chair:
Charles P. Pfleeger Deborah Cooper
Arca Systems, Inc. P.O. Box 17753
6889 Boone Blvd Suite 750 Arlington, VA 22216
Vienna VA 22182-2623 (703) 908-9312 (voice and fax)
(703) 734-5611 (voice) d.cooper@computer.org
(703) 790-0385 (fax)
c.pfleeger@computer.org
Vice-Chair: Newsletter Editor:
Thomas A. Berson Carl Landwehr
Anagram Laboratories Code 5542
P.O. Box 791 Naval Research Laboratory
Palo Alto, CA 94301 Washington, DC 20375-5337
berson@anagram.com (202) 767-3381
(650)324-0100 landwehr@itd.nrl.navy.mil
Chair, Academic Affairs Subcommittee: Chair, Security Conferences Subcommittee:
Prof. Cynthia Irvine Michael Reiter
U.S. Naval Postgraduate School AT&T Labs
Computer Science Department Room A269
Code CS/IC 180 Park Ave
Monterey CA 93943-5118 Florham Park NJ 07932-0971
(408) 656-2461 (voice) (973) 360-8349 (voice)
irvine@cs.nps.navy.mil (973) 360-8809 (fax)
reiter@research.att.com
Chair, Standards Subcommittee:
* watch this space *
________________________________________________________________________
Information for Subscribers and Contributors
________________________________________________________________________
SUBSCRIPTIONS: Two options:
1. To receive the full ascii CIPHER issues as e-mail, send e-mail to
(which is NOT automated) with subject line "subscribe".
2. To receive a short e-mail note announcing when a new issue of CIPHER
is available for Web browsing or downloading from our ftp server
send e-mail to
(which is NOT automated) with subject line "subscribe postcard".
To remove yourself from the subscription list, send e-mail to
cipher-request@itd.nrl.navy.mil with subject line "unsubscribe".
Those with access to hypertext browsers may prefer to read Cipher that
way. It can be found at URL
http://www.itd.nrl.navy.mil/ITD/5540/ieee/cipher
CONTRIBUTIONS: to are invited. Cipher is a
NEWSletter, not a bulletin board or forum. It has a fixed set of
departments, defined by the Table of Contents. Please indicate in the
subject line for which department your contribution is intended. For
Calendar entries, please include an e-mail address for the
point-of-contact. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS;
USUAL DISCLAIMERS APPLY. All reuses of Cipher material should respect
stated copyright notices, and should cite the sources explicitly; as a
courtesy, publications using Cipher material should obtain permission
from the contributors.
BACK ISSUES:
There is an archive that includes each copy distributed so far, in ascii,
in files you can download at URL
http://www.itd.nrl.navy.mil/ITD/5540/ieee/cipher/cipher-archive.html
There is also an anonymous FTP server that contains the same files.
To access the archive via anonymous FTP:
1. ftp www.itd.nrl.navy.mil
2. At prompt for ID, enter "anonymous"
3. At prompt for password, enter your actual, full e-mail address
4. Once you are logged in, change to the Cipher Directory:
cd pub/cipher
5. Now you can request any of the files containing Cipher issues in ascii.
Issues are named in the form: EI#N.9708 where N is the number of the
issue desired and 9703 captures the year and month it appeared.
========end of Electronic Cipher Issue #23, 15 August 1997=============