Subject: Electronic CIPHER, Issue 55, August 1, 2003 _/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/_/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/_/ _/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/ ========================================================================== Newsletter of the IEEE Computer Society's TC on Security and Privacy Electronic Issue 55 August 1, 2003 Hilarie Orman, Editor Sven Dietrich, Assoc. Editor cipher-editor @ ieee-security.org cipher-assoc-editor @ ieee-security.org Bob Bruen, Book Review Editor, cipher-bookrev @ ieee-security.org ========================================================================== The newsletter is also at http://www.ieee-security.org/cipher.html Contents: * Letter from the Editor * Conference and Workshop Announcements o CRA Grand Challenges in Information Security and Assurance o NSF's Inaugural Cyber Trust Principal Investigators meeting o Upcoming calls-for-papers and events * Commentary and Opinion o News item about DARPA Director Anthony Tether's comments to Congress o Computer Security Foundations Workshop review by Jon Millen o "Modelling and Analysis of Security Protocols" by Peter Ryan and Steven Schneider, reviewed by Robert Bruen o "Data Privacy and Security" by David Salomon, reviewed by Robert Bruen o "Secrets of Computer Espionage: Tactics and Countermeasures" by Joel McNamara, reviewed by Robert Bruen o Book reviews from past Cipher issues o Conference Reports and Commentary from past Cipher issues o News items from past Cipher issues * Reader's guide to recent security and privacy literature, (editor needed, please apply!) * List of Computer Security Academic Positions, by Cynthia Irvine * Staying in Touch o Information for subscribers and contributors o Recent address changes * Interesting Links and New reports available via FTP and WWW (please contribute) * Links for the IEEE Computer Society TC on Security and Privacy o Becoming a member of the TC o TC Officers o TC publications for sale ==================================================================== Letter from the Editor ==================================================================== Dear Readers: This summer issue of Cipher comes in the midst of the summer doldrums, a time of few conference announcements and few conference reports, but with several good conferences coming up. We have two especially interesting announcements, one for a CRA conference on Grand Challenges in Information Security and Assurance, and one for an NSF Cyber Trust research conference. Those of you who are conference organizers, please remember, as you plan your next events, to send a note to cipher-cfp @ ieee-security.org with either a text version of the announcement, or a pointer to a text version. The US federal agencies have been in the news lately, with DARPA taking hits on several counts. Refreshingly, Carl Landwehr has news of the initiatives underway at NSF, which continues to fund top-quality security research, even though others along Fairfax Avenue are retreating into classified projects. Robert Bruen has three book reviews, underscoring the continued growth of the security area and interest in it. If you would like to contribute a review please contact him at cipher-bookrev @ ieee-security.org Jon Millen has a review of the recent Computer Security Foundations Workshop, the second of two yearly conferences sponsored by the IEEE Technical Committee on Security and Privacy. This small event continues to turn out excellent work, out of proportion to its size. News snippets, readers guide material, and conference reports are welcome at all times. Please send material to cipher @ ieee-security.org Cipher is not interested at this time in accepting advertising, nor in increasing its hit count or body part sizes. Hilarie Orman cipher-editor @ ieee-security.org ==================================================================== Conference and Workshop Announcements ==================================================================== Visionaries Needed CRA Conference on "Grand Research Challenges in Information Security and Assurance" Airlie House, Warrenton, Virginia November 16-19, 2003 Computing and IT technologies have become pervasive. This same infrastructure is growing more complex as the underlying computational and communication resources grow in speed and capacity. Every vision of future technology includes predictions of ubiquitous computing and networking, including embedded, portable, and distributed systems in every aspect of our infrastructure. Computing will continue to change the way we do business, interact with government, entertain ourselves, communicate, keep records, control our infrastructures and services, execute law enforcement and national defense, and conduct research and education. Coupled with these changes, we face threats of massive disruption and denial, loss of privacy, alteration of critical information, and new forms of undesirable IT-based activity. Threats from criminals, anarchists and extremists, random hackers, and cyberterrorists (among others) continue to grow even as we put more reliance on our computing infrastructure. Yet most of the money, attention, and energy in information security and information assurance has been focused on incremental patches and updates to existing systems rather than on seeking fundamental advances. In 2002, the Computing Research Association sponsored its first "Grand Research Challenges in Computer Science and Engineering." This was the first in a series of highly non-traditional conferences where the goal is to define important questions rather than expose current research. Grand Challenges meetings seek "out-of-the-box" thinking to expose some of the exciting, deep challenges yet to be met in computing research. Because of the clear importance and pressing needs in information security and assurance, the Computing Research Association's second "Grand Research Challenges Conference" will be devoted to defining technical and social challenges in information security and assurance. We are seeking scientists, educators, business people, futurists, and others who have some vision and understanding of the big challenges (and accompanying advances) that should shape the research agenda in this field over the next few decades. These meetings are not structured as traditional conferences with scheduled presentations, but rather as highly participatory meetings exposing important themes and ideas. As such, this is not a conference for security specialists alone: We seek to convene a diverse group from a variety of fields and at all career stages; we seek insight and vision wherever it may reside. Attendance is limited to 50 people and is by invitation only. If you are interested in attending, please submit a two-page (or less) statement of two or three examples of a "grand research challenge" problem in the IS/IA area to by September 17, 2003. The organizing committee will invite prospective attendees based on these submissions. Note that individuals invited must commit to attending for the entire three-day conference (beginning Sunday at 6 pm, ending after lunch on Wednesday.) Please submit your paper as an attachment in plain text (no PDF or Word documents!) Include a brief biographical statement sketching your background at the end (maximum one page). At the top of the first page, please provide the following information: Name Affiliation Street Address Room No. City, State, Zip Code E-mail Telephone No. The conference will be held in the executive retreat environment of Airlie House in Warrenton, Virginia (30 miles from Washington-Dulles airport). In addition to the formal sessions, two afternoons will be set aside for free time so that participants may continue discussion in small, informal groups. CRA has applied to the National Science Foundation for travel and lodging support to cover expenses of some participants, where necessary. When you submit your paper, please indicate whether you need to be considered for travel and/or lodging support. We have explicitly budgeted for some participants from outside the United States, and we encourage submissions from around the world. More information on the CRA Grand Challenges Conferences may be found on the WWW at http://www.cra.org/grand.challenges/ Organizing Committee: Eugene H. Spafford, Purdue University and Computing Research Association (Organizing Committee Chair) Richard A. DeMillo, Georgia Institute of Technology (Organizing Committee Co-Chair) David Aucsmith, Microsoft Corporation Andrew Bernat, Computing Research Association Steve Crocker, Shinkuro, Inc. David Farber, Carnegie Mellon University Virgil Gligor, University of Maryland Sy Goodman, Georgia Institute of Technology Anita Jones, University of Virginia Susan Landau, Sun Laboratories Peter Neumann, SRI David Patterson, University of California, Berkeley Fred Schneider, Cornell University Douglas Tygar, University of California, Berkeley William Wulf, National Academy of Engineering and University of Virginia ____________________________________________________________________ NSF Cyber Trust Principal Investigators' Meeting NSF is convening the inaugural Cyber Trust Principal Investigators meeting at the JHU Information Security Institute in Baltimore, August 14, and you are welcome to register as General Attendee at: http://www.jhuisi.jhu.edu/institute/cybertrust.html This will be different from a DARPA-style PI meeting at which researchers report their progress to each other. We intend to build community among NSF's diverse group of PIs now active in Trusted Computing, Network Security, and Data and Applications Security. The meeting will also help develop an agenda for future research in Cyber Trust. To allow the widest participation, we are opening the meeting (within the limits of the facilities) to researchers not currently in these programs and to the general public. Bill Wulf, President of the National Academy of Engineering, Dan Mehan, CIO of the FAA, and Farnam Jahanian of Arbor Networks and the U of Michigan will provide keynote addresses Thursday morning. In the afternoon, there will be panel discussions on "Trust and Usability" chaired by Mike Reiter of CMU, on "Privacy Policies and Mechanisms," chaired by Giuseppe Ateniese of JHU, on "Pervasive Security" chaired by Srini Devadas of MIT, and on "Trust and Economics" chaired by Joan Feigenbaum of Yale. The Cyber Security Research and Development Act passed last fall directed NSF to "take a leading role in fostering and supporting research and education activities to improve the security of networked information systems." This is one of our actions in response. --Carl Landwehr NSF Cyber Trust Coordinator ==================================================================== Upcoming Calls-For-Papers and Events ==================================================================== The complete Cipher Calls-for-Papers is located at http://vulcan.ee.iastate.edu/~cipher/cfp.html The Cipher event Calendar is at http://www.cs.utah.edu/flux/cipher/cipher-hypercalendar.html Send CFP's for events related to security research to cipher-cfp @ ieee-security.org ____________________________________________________________________ Cipher Event Calendar ____________________________________________________________________ Calendar of Security and Privacy Related Events maintained by Hilarie Orman Date (Month/Day/Year), Event, Locations, web page for more info. -------------- August * 8/ 4/03- 8/ 6/03: IFIP WG11.3, Estes Park, Colorado http://www.cs.colostate.edu/~ifip03 * 8/ 4/03- 8/ 8/03: USENIX Security, Washington, DC http://www.usenix.org/events/sec03/ * 8/ 8/03: UBICOMP '03 (Ubicomp communities: privacy as boundary negotiation), Seattle, Washington; Submissions are due http://guir.berkeley.edu/privacyworkshop2003/ * 8/11/03- 8/13/03: 7th Elliptic Curve Cryptography, Waterloo, Ontario, Canada, http://www.cacr.math.uwaterloo.ca * 8/11/03: Security in Storage Workshop, Washington, DC, papers are due http://www.stortek.com/hughes/sisw2003. * 8/14/03- 8/15/03: Selected Areas in Cryptography, Ottawa, Canada http://www.scs.carleton.ca/~sac2003/cyberchair.html * 8/17/03- 8/21/03: CRYPTO '03, Santa Barbara, CA http://www.iacr.org/conferences/crypto2003/cfp.html * 8/18/03- 8/21/03: New Security Paradigms Workshop, Ascona, Switzerland http://www.nspw.org * 8/25/03- 8/29/03: SIGCOMM 2003, Karlsruhe, Germany http://www.acm.org/sigcomm/sigcomm2003 * 8/29/03: Privacy Preserving Data Mining, Melbourne, FL; submission are due, http://www.cis.syr.edu/~wedu/ppdm2003/ * 8/25/03- 8/26/03: International Conference on Emerging Technologies, Minneapolis, Minnesota, http://www.rfbinternational.com/ICET03.htm * 8/25/03- 8/27/03: Workshop on Information Security Applications, Jeju Island, Korea, http://icns.ewha.ac.kr/wisa2003 * 8/27/03: Theory of Cryptography 2004, Cambridge, MA; submissions are due http://www-cse.ucsd.edu/users/mihir/tcc/tcc04/cfp.html * 8/31/03: Network and Distributed System Security Symposium '04, San Diego, California; submissions are due http://www.isoc.org/isoc/conferences/ndss/04/cfp.shtml -------------- September * 9/ 1/03- 9/ 5/03: Trust And Privacy In Digital Business, Prague, Czech Republic, http://www.uni-regensburg.de/Fakultaeten/WiWi/pernul/dexa03ws/ * 9/ 1/03: Financial Cryptography '04, Key West, FL; Submissions are due http://ifca.ai/fc04/CFP.htm * 9/ 8/03- 9/10/03: Recent Advances in Intrusion Detection, Pittsburgh, PA http://www.raid-symposium.org/raid2003 * 9/ 8/03: Formal Aspects in Security and Trust, Pisa, Italy http://www.iit.cnr.it/FAST2003 * 9/16/03- 9/19/03: Emerging Technologies and Factory Automation, Lisbon, Portugal, http://www.uninova.pt/etfa2003 * 9/17/03: Grand Challenges, Warrenton, Virginia; position papers are due http://www.cra.org/grand.challenges/ * 9/19/03: Workshop on Information Security Education, San Diego, CA; Conf Web page, in conjunction with Mobicom http://www.ece.cmu.edu/~adrian/wise2003 * 9/20/03: Public Key Cryptography '04, Singapore; submissions are due http://www.i2r.a-star.edu.sg/pkc2004/ * 9/20/03- 9/24/03:Mathematical Methods, Models, and Architectures for Computer Network Security , St. Petersburg, Russia http://space.iias.spb.su/mmm-acns03/ * 9/28/03-10/ 1/03: IEEE Conference on Networks, Sydney, Australia; http://www.ee.unsw.edu.au/~icon/ * 9/30/03: International Conference on Advanced Information Networking and Applications, Fukuoka, Japan, submissions are due, http://www.takilab.k.dendai.ac.jp/conf/aina/2004/ ____________________________________________________________________ Journal, Conference and Workshop Calls-for-Papers ____________________________________________________________________ Workshop at ACM Ubicomp'03: Ubicomp communities - privacy as boundary negotiation, Seattle, Washington, USA, October 12, 2003. (submissions due August 8, 2003) Ubiquitous computing conjures visions of big and little brother, and ever-diminishing privacy. But it also opens up new forms of communication, collaboration and social relations. This workshop takes a balancing perspective: it treats community participation as a goal, and balances the need for disclosure against the need for privacy. Privacy is not an abstract consideration, but a practical process of negotiating and managing boundaries. The workshop will explore both social perspectives and technical approaches to this issue, and aims to provide a forum for ubicomp system developers and researchers, security researchers, and social scientists to collaboratively explore the future of trust-sensitive and community tools in ubicomp. More information can be found at http://guir.berkeley.edu/privacyworkshop2003/. ----------------------------------------------------------------------- SISW 2003 The Second IEEE International Security in Storage Workshop, Washington, DC, USA, October 31, 2003. (submissions due August 11, 2003) The ability to create large shared storage systems in a secure manner is an area that has received little formal research or results. A comprehensive, systems approach to storage security is required if storage consolidation is to succeed. This workshop serves as an open forum to discuss storage threats, technologies, methodologies and deployment. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of designing, building and managing secure storage systems; possible topics include, but are not limited to the following: - Cryptographic Algorithms for Storage - Key Management for Storage - Key Management for File Systems - Attacks on Storage Area Networks and Storage - Security for Mobile Storage - Defining and Defending Trust Boundaries in Storage - Relating Storage Security to Network Security - Cryptanalysis of Systems and Protocols - Novel Implementations - Unintended Data Recovery - Insider Attack Countermeasures - Deployment of Secure Storage Mechanisms - Security in Federated Systems - Security for Internet Storage Service Providers More information about the conference can be found at http://ieeeia.org/sisw2003/ ----------------------------------------------------------------------- NDSS'04 The 11th Annual Network and Distributed System Security Symposium, San Diego, California, USA, February 4-6, 2004. (submissions due August 31, 2003) The symposium fosters information exchange among research scientists and practitioners of network and distributed system security services. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation (rather than theory). A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technology. Topics of interest along with submission instructions can be found at http://www.isoc.org/isoc/conferences/ndss/04/cfp.shtml . ----------------------------------------------------------------------- PRDC'2004 10th IEEE Pacific Rim International Symposium on Dependable Computing, March 3-5, 2004, Papeete, Tahiti, French Polynesia. (submissions due September 5, 2003) Topics of interest include, but are not limited to: - Architectures for Dependable Computer Systems - Architectures and Protocols for Computer Security - Dependability of High-Speed Networks - Dependability Measurement, Modeling and Evaluation - Dependability in VLSI - E-commerce and Web services Dependability - Fault Tolerance in Distributed & Real-Time Systems - Fault Tolerance in Mobile Systems - Fault Tolerance in Multimedia Systems - Fault Tolerance in Transaction Processing - Hardware and Software Testing, Verification and Validation - Information Assurance, Survivability, and Intrusion Tolerance - Internet Dependability and Quality of Service - Safety-Critical Systems - Software Reliability Engineering More information can be found at the conference web site at http://www.laas.fr/PRDC10 ----------------------------------------------------------------------- AINA 2004 The 18th International Conference on Advanced Information Networking and Applications (special session on electronic commerce and security), March 29-31, 2004, Fukuoka Institute of Technology (FIT), Fukuoka, Japan. (submissions due September 30, 2003) This special session will focus on, but not limited to, the following topics: - Agent technology for e-commerce - Authentication and authorization models and mechanisms - B2B, B2C, B2G, G2G e-commerce models and applications - Collaborative commerce - Cryptographic algorithms for e-commerce - Digital signatures in e-commerce applications - Mobile commerce - Payment technologies, systems, or solutions - e-Commerce scenario/case studies - Secure architecture/model/component of e-commerce (or mobile commerce) systems - Secure mobile electronic transactions - Wireless/mobile security More information can be found at http://www.takilab.k.dendai.ac.jp/conf/aina/2004/ , or contact the session chair Dr. Weidong Kou, at Tel: (86) 29-8201009 or Email: weidong_kou@mail.com or wdkou@mail.xidian.edu.cn . ----------------------------------------------------------------------- ICETE 2004 International Conference on E-business and Telecommunication Networks, Setubal, Portugal, August 25-28, 2004. (submissions due February 15, 2004) Topics of interest include: Global Communication Information Systems and Services; Security and Reliability in Information Systems and Networks; Wireless Communication systems and Networks; and Multimedia Signal Processing. More information can be found at http://www.icete.org, or contact the ICETE secretariat at secretariat@icete.org . ==================================================================== Conferences and Workshops (the call for papers deadline has passed) ==================================================================== USENIX Security 2003 12th USENIX Security Symposium, Washington, DC, USA August 4-8, 2003 More information can be found at http://www.usenix.org/events/sec03/ ----------------------------------------------------------------------- IFIP WG11.2 2003 7th Annual IFIP WG 11.3 Working Conference on Data and Applications Security Estes Park, Colorado, U.S.A., August 4-6, 2003 More information about the conference can be found at http://www.cs.colostate.edu/~ifip03 . ----------------------------------------------------------------------- ECC 2003 The 7th Workshop on Elliptic Curve Cryptography, University of Waterloo, Waterloo, Ontario, Canada, August 11-13, 2003 More information can be found at http://www.cacr.math.uwaterloo.ca . ----------------------------------------------------------------------- NSPW 2003 New Security Paradigms Workshop, Centro Stefano Francini, Ascona, Switzerland, August 18-21, 2003. More information can be found on the conference web page at http://www.nspw.org . ----------------------------------------------------------------------- ICET'03 The 2003 International Conference on Emerging Technologies, Minneapolis, Minnesota, USA, August 25-26, 2003. More information is available at http://www.rfbinternational.com . ----------------------------------------------------------------------- WISA 2003 The 4th International Workshop on Information Security Applications, Jeju Island, Korea, August 25-27, 2003. Additional information can be found on the conference web page at http://icns.ewha.ac.kr/wisa2003 . ----------------------------------------------------------------------- First International Mobile IPR Workshop: Rights Management of Information Products on the Mobile Internet, Helsinki, Finland, August 27-28, 2003. More information can be found at http://www.hiit.fi/de/mobileipr/workshop/ ----------------------------------------------------------------------- TrustBus'03 Trust and Privacy in Digital Business (in conjunction with DEXA 2003), Prague, Czech Republic, September 1-5, 2003. More information can be found on the conference web page at http://www.uni-regensburg.de/Fakultaeten/WiWi/pernul/dexa03ws/ . ----------------------------------------------------------------------- 7th International Conference on Knowledge-Based Intelligent Information & Engineering Systems (special session on Artificial Intelligence Applications to Information Security), St Anne's College, University of Oxford, U.K., September 3-5, 2003. Please visit the conference web site at http://scalab.uc3m.es/~docweb/AIIS_KES03.html for more detail on the topics of interest as well as general conference information. ----------------------------------------------------------------------- RAID'2003 Sixth International Symposium on Recent Advances in Intrusion Detection, Pittsburgh, PA, USA, September 8-10, 2003 More information can be found on the conference web page at http://www.raid-symposium.org/raid2003. ----------------------------------------------------------------------- CHES 2003 Workshop on Cryptographic Hardware and Embedded Systems, Cologne, Germany, September 8-10, 2003. Additional information can be found on the conference web page at http://www.chesworkshop.org ----------------------------------------------------------------------- ETFA'2003 The 9th IEEE International Conference on Emerging Technologies and Factory Automation (Special session on IT Security for Automation Systems), September 16-19, 2003, Lisbon, Portugal. More information can be found at http://www.uninova.pt/etfa2003 ----------------------------------------------------------------------- WiSe 2003 Workshop on Wireless Security (in conjunction with MobiCom 2003), San Diego, CA, USA, September 19, 2003. More information can be found on the conference web site at http://www.ece.cmu.edu/~adrian/wise2003 . ----------------------------------------------------------------------- SEFM'2003 International Conference on Software Engineering and Formal Methods, Brisbane, Australia, September 22-27, 2003. More information can be found on the conference web page at http://www.svrc.uq.edu.au/Events/SEFM03/cfp.html . ==================================================================== News Briefs ==================================================================== Recent Congressional testimony about cybersecurity research, as quoted in EWeek.com: "We're not lacking for funds," Anthony Tether, director of the Pentagon's DARPA (Defense Advanced Research Projects Agency), told the committee. "I funded every idea that's come forth in this area this year. We're more idea-limited right now than we are funding-limited." ... "We're not concerning ourselves [with] the commercial networks," Tether said, adding that DARPA is focused on solving problems that the private sector currently does not confront. The military faces threats from "attackers whose life depends on taking the network down," he said, and projects are under way to make those networks increasingly wireless and peer-to-peer. "We're really far ahead of the commercial world in this regard," he said, adding that a prototype military network with 400 nodes to use for simulated attacks is in the works. http://www.eweek.com/article2/0,3959,1090008,00.asp ---------------------------------------------------------------------- News briefs from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/NewsBriefs.html ==================================================================== Commentary and Opinion ==================================================================== Book reviews from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/BookReviews.html, and conference reports are archived at http://www.ieee-security.org/Cipher/ConfReports.html ____________________________________________________________________ Conference Report by Jon Millen Computer Security Foundations Workshop ____________________________________________________________________ The 16th Computer Security Foundations Workshop was held at Asilomar on 30 June - 2 July. The General Chair was Dennis Volpano and the Program Chair was Riccardo Focardi. Asilomar has a reputation for being chilly and wet, but the weather was sunny and comfortable. Several deer were easily visible in the protected dune area between the conference grounds and the beach. Social activities included a planned trip to the Monterey Aquarium, with a special lecture, and the traditional croquet tournament (won by Riccardo). Next year's workshop will also be at Asilomar, June 28-30. The General Chair will be George Dinolt and the Program Chair Riccardo Focardi. Presentations The agenda is posted at http://www.csl.sri.com/csfw/csfw16 "Probabilistic noninterference through weak probabilistic bisimulation," Geoff Smith. He uses security typing and a Markov chain model to analyze information flow between threads in a simplified language, assuming uniform random scheduling, where the objective is to protect the distribution of execution times of "low" threads. The weakened bisimulation (called "lumpability" in older texts) ignores stuttering within a thread. "Secure contexts for confidential data," Bossi et al. In the tradition of Focardi/Gorrieri SPA (Security Process Algebra), with the P_BNDC definition of noninterference (persistent bisimulation nondeducibility on compositions). A secure context is an environment that hides its high-level interactions from low-level processes. "Observational determinism for concurrent program security," Zdancewic and Myers. Secure concurrent language \lambda^PAR_SEC with message passing. Synchronization uses join patterns as in the join calculus. Given a race-free condition, correct typing prevents scheduler-based timing channels. "Symbolic protocol analysis with products and Diffie-Hellman exponentiation," Millen and Shmatikov. Reduction of reachability, in principle, to solving a system of quadratic Diophantine equations. "A procedure for verifying security against type confusion attacks," Meadows. A type function tree is essentially a structural signature of a symbolic message, and "type confusion games" are a way of detecting type coercions an attacker might succeed at. Probabilities and partial fields are modeled. Application to GDOI. "Anonymity and information hiding in multiagent systems," Halpern and O'Neill. Example: Chaum's Dining Cryptographers problem (did one of us pay the bill?). Epistemic logic, emphasis on semantics, related to earlier work on noninterference. "Understanding SPKI/SDSI using first order logic," Li and Mitchell. Argues that the SPKI extension to SDSI, introducing name strings, is problematic and it is better to use an extension of the RT (Role-based Trust management) language, which has FOL semantics. Panel: "Free term algebras for protocol analysis: what are they missing?" Millen, Meadows and Scedrov sampled some of the unusual contexts and purposes of security protocols that are not ordinarily addressed by Dolev-Yao-style formal models, such as oblivious transfer, parties with limited trust, and alternative idealizations of operators. "A derivation system for security protocols and its logical formalization," Datta, Derek, Mitchell, Pavlovic. Hoare-axiom-like system for combining protocol segments with properties like Diffie-Hellman key agreement and challenge-response. Illustrated by derivation of ISO-9798-3 protocol. Specifications are in "cord calculus" with temporal logic annotations. "Automatic validation of protocol narration," Bodei et al. A narration is a message list annotated with some action instructions. Semantics in a new process language LYSA, Spi calculus without channels. The automatic analysis is a kind of approximate static analysis for authentication. "On distributed security transactions that use secure transport protocols," Broadfoot and Lowe. Assumes a two-layer system, where the lower SSL-like transport layer provides two-way authentication. CSP analysis. "Using access control for secure information flow in a Java-like language," Banerjee and Naumann. Static permissions on classes, stack inspection. Typing rules guarantee an invariant that "low" fields and variables never hold "high" locations. "Type-based distributed access control," Chotia, Duggan, Vitek. Key-based decentralized label model, two-layer type-kind framework. Uses propagating discretionary labels where owner Pi specifies which principals Pj1, ..., Pjn may read or write an object. Supports delegation and relaxation ("declassification") of constraints. "Using first-order logic to reason about policies," Halpern and Weissman. Permission policies may be stated in a decidable subset of FOL that permits negation, if they are free of "bipolars" that introduce troublesome potentially contradictory ambiguity. XrML (for digital rights) unfortunately allows them. "On generalized authorization problems," Jha, Reps, Schwoon, Stubblebine. Representation of SPKI/SDSI certificates as pushdown-machine stack operation rules, where extended names go on the stack. Certificates can be weighted so that an authorization problem (chain discovery) can be given an efficient algorithm that prefers less "sensitive" solutions. "Identity-based key agreement protocols from pairings," Chen and Kudla. Weil and Tate pairings are bilinear operations on elliptic curve groups with Diffie-Hellman-like properties, used previously by Boneh for identity-based encryption (but not key agreement). The title says it all. "The Diffie-Hellman key-agreement scheme in the strand space model," Herzog. Proves that if a Diffie-Hellman abstraction DH(x,y) is added to the strand space message algebra, legal strands do not imply any computation that would be intractable given the usual Diffie-Hellman assumptions. "A computational analysis of the Needham-Schroeder-Lowe protocol," Warinschi. Shows that the NSL protocol, while formally secure, is not secure if encryption is implemented with a form of ElGamal. Generally, to ensure soundness of abstract "Dolev-Yao" verification of this protocol, the encryption can be IND-CCA (indistinguishability under chosen-ciphertext attack) secure, but IND-CPA (...chosen-plaintext...) is insufficient. Panel: "A tribute to Professor Roger Needham." Syverson, Gollman, and Meadows reminisced with quotes and management philosophy from Roger Needham. (His definition of serendipity: looking for a needle in a haystack and finding the farmer's daughter.) ____________________________________________________________________ Book Reviews By Robert Bruen August 1, 2003 ____________________________________________________________________ ================================================================== Salomon, David. Data Privacy and Security. Springer 2003. ISBN 0-387-00311-8. LoC QA76.9.A25S65. 465 pages. $59.95. Index, bibliography, glossary, Cryptography Timeline, Answers to Exercises and 4 appendices. ================================================================== There are lots of cryptography books available these days. There were many before Bruce Schneier wrote "Applied Cryptography" and there will be more to come. Excluding something brand new, the list of topics covered is a fairly well defined list, so any new contribution will have to be distinguished by the quality of the explanations, the depth of coverage, the understanding demonstrated by the author and how comprehensive the book is. In any discipline with many participants, just how good you are matters. Given these standards, Salomon's excellent treatment of cryptography is at the top, however it is a serious work not for the faint of heart. It is not a mathematical textbook, but there is enough math to satisfy anyone. He has included a tutorial appendix on Galois Fields because finite fields are used in the Rijndael algorithm (Advanced Encryption Standard) and in stream ciphers. If you are interested in crypto but lack the advanced math skills, this book will be very helpful. There are full discussions of the history of encryption going back to Ancient Egypt and Ancient Greece through the early modern science period to modern days. The historical perspective is important because we need to learn the same techniques to progress to the more mathematical techniques of today.No matter how much fun the substitution ciphers in the newspapers may be, sooner or later, we have to face the issues of algorithms using finite fields. The progress is very clear, once you understand how each type of crypto works and leads into the next type. Fortunately, Salomon gives us clear examples of how each stage works with great examples. There are exercises throughout the book interspersed in the chapters, although it would have been helpful if they were gathered at the end of each chapter. The exercises are challenging and useful. The text covers the easy and the difficult from the simple to the advanced in a pedagogical manner. If you take the time to work on the exercises as you go along, your learning experience will be considerably enhanced. Some of the examples even include Mathematica code. This is the book I would use if I were teaching a course is Cryptography. The topics are explained very well with and without the math. The author covers steganography, elliptic curve cryptography, wavelets, digital audio and a host of other topics. He gives us a history of both encryption (and decryption) within a social context (Thomas Jefferson, Enigma) and within a mathematical context that developed over the centuries into ideas such as quantum cryptography. This is a highly recommended book for learning from and teaching from. It is one of the better presentations of cryptography because of the scholarship that went into producing it. ================================================================== McNamara, Joel. Secrets of Computer Espionage: Tactics and Countermeasures. Wiley 2003. ISBN 0-7645-3710-5. 362 pages. $35.00. Index. ======================================================================== Forensics, privacy, vulnerabilities and black bag jobs all meet in this practical and comprehensive spy oriented security book. The spies we are used to seeing in movies from years past had a tendency to meet in dark alleys and exotic places. They met to exchange secrets. Today's spies can sit at a computer almost anywhere there is net access to do their work, just like the rest of us. The difference is that the spies want something. They are not hackers and crackers per se, but they will use whatever they need to use to get what they want. Hackers may want to use your system as a team member in a DDoS attack, but the spy really wants to get from you is information. Spies come from a wide range of motivations, some from governments, both friendly and unfriendly, some come from businesses trying to discover trade secrets and other useful business information and some are just nosy neighbors. While we have all read about the people who are trying to pry into our private affairs and how to protect ourselves, we now can read how to go about doing the spying. There is a lot a familiar material in Secrets, such as recovering erased files, protecting your laptop on while on the road, packet sniffers and keyloggers, there is new material as well. The wi-fi world is covered, including topics like the Pringle can antenna, MAC spoofing and WEP attacks. The chapter on electronic spy devices runs the gamut from fax machines and digital cameras, with a few good stories like the cameras inside of Xerox photocopy machines which kept copies of what was copied. It seems that most of the spy gear is now in the consumer electronic marketplace. The homing devices stuck on your car by the some spy agency can be purchased by anyone. Moreover, a do-it-yourself jamming device to defeat is available on the net. The last chapter covers advanced espionage, for example, Echelon, Carnivore and Magic Lantern on the Fed side and the latest worms used for intelligence gathering on the spy side. Given the latest bank robberies techniques used in South Africa and Nebraska, this use of worms is particularly insightful. This book is full of interesting and useful digital spy techniques. It provides some extra points for security and forensics professionals, as well. It is comprehensive, well written and up-to-date. It is easily worth the price to extend your knowledge in a practical way. Recommended. ==================================================================== Ryan, Peter and Steven Schneider. Modelling and Analysis of Security Protocols. Addison-Wesley 2001. ISBN 0-201-67471-8. 300 pages. Index. Bibliography. Three appendices. ======================================================================== As any field matures, theory and mathematics appear. Security is no exception. Areas such as cryptology have been mathematical for a long time, in fact, it is quite near impossible to any serious work in cryptology without good math knowledge. Other areas in security are in various stages of catch up mode. Protocols are still a bit to low level for many security professionals, but they are the basic building blocks of security. The folks who work with protocols every day understand them in a way that the rest of us do not. The demand for protocol improvements has been increasing for a while, however, there are not a lot of books explaining protocols and even fewer that try to model them. Ryan and Schneider have helped to fill that gap with this book. The authors use CSP, Communicating Sequential Processes, "...a mathematical framework for the description and analysis of systems consisting of components (processes) interacting via the exchange of as interprocess messages." It is process algebra which operating systems folks will recognize as interprocess communications or task-to-task communication, not a new concept[1, 2]], but a somewhat different use. The principle of correct message delivery is at the heart of it. They also use use a commercial model checker FDR from Formal Systems and a compiler called Casper, written by the authors. All three of these tools are available on the Web. Their process is to describe a protocol in a script written in an abstract notation for Casper. Casper translates the script into code that CSP can read and then can be checked by FDR. The Casper script has several sections that model the protocol, such its description, the variables, the processes, specifications, functions systems and the intruder. Each section is written in a formal manner with a specific syntax. Naturally, you must have thought it through beforehand. Throughout the book, the Yahalom protocol is used as the object of analysis. Using the same protocol helps to provide a little more clarity, unlike using a different protocol for different examples. Yahalom is well known enough to make it a good choice to tie everything together. There is a good chapter on writing the Casper code with enough detail to allow the reader to learn it such that it can be useful. A completed scripted is contained in an appendix, along with the output. The authors cover fundamental principles of security, like authentication, non-repudiation, integrity, and so forth with bridges to the modeling aspects. The explanations are understandable, which is not always the case with mathematical works. The book adds to the security field by making the deeper levels of protocol modeling and analysis more accessible. ------------------------------------------------------------------------- [1]Communicating Sequential Processes, C.A.R. Hoare. Communications of the ACM 21(8):666-677, August 1978. [2]Communicating Sequential Processes, C.A.R. Hoare. Prentice Hall International Series in Computer Science, 1985. ==================================================================== Reader's Guide to Current Technical Literature in Security and Privacy, (editor needed, please contact cipher-editor @ ieee-security.org) ==================================================================== The Reader's Guide from Past issues of Cipher is archived at http://www.ieee-security.org/Cipher/ReadersGuide.html ==================================================================== Listing of academic positions available by Cynthia Irvine ==================================================================== See http://cisr.nps.navy.mil/jobscipher.html for the full list Gjovik University College Norway Professor/Associate Professor in Information Security Two permanent positions (professor/associate professor) http://nislab.hig.no/People/Jobs/ Mississippi State Univ Department of Computer Science and Engineering Starkville, MS Tenure Track (Assistant/Associate Professor) Open until filled http://www.cse.msstate.edu Florida International University Miami, Florida Assistant/Associate Professor of Computer Science Evaluation begins January 9, 2003 and continues until the positions are filled. http://www.cs.fiu.edu/cgi-bin/portal/index.pl?iid=9668&isa=Bulletin&op=show The George Washington University Computer Science Dept. Washington DC 20052 202 994-4955 fax 202 994-4875 Two full-time security assistant professor faculty positions Fall 2003 - Open until filled Contact Prof. Lance J. Hoffman lhoffma1@gwu.edu http://www.cs.gwu.edu/prospective/faculty2/ GWU is recognized by the National Security Agency as a Center of Academic Excellence in Information Assurance Education -------------- This job listing is maintained as a service to the academic community. If you have an academic position in computer security and would like to have in it included on this page, send the following information: Institution, City, State, Position title, date position announcement closes, and URL of position description to: irvine@cs.nps.navy.mil ==================================================================== Interesting Links and Reports Available via FTP and WWW ==================================================================== "Reports Available" links from previous issues of Cipher are archived at http://www.ieee-security.org/Cipher/NewReports.html and http://www.ieee-security.org/Cipher/InterestingLinks.html ==================================================================== Information on the Technical Committee on Security and Privacy ==================================================================== ____________________________________________________________________ Information for Subscribers and Contributors ____________________________________________________________________ SUBSCRIPTIONS: Two options: 1. To receive the full ascii CIPHER issues as e-mail, send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe". 2. To receive a short e-mail note announcing when a new issue of CIPHER is available for Web browsing send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe postcard". To remove yourself from the subscription list, send e-mail to cipher-admin @ ieee-security.org with subject line "unsubscribe". Those with access to hypertext browsers may prefer to read Cipher that way. It can be found at URL http://www.ieee-security.org/cipher.html CONTRIBUTIONS: to cipher @ ieee-security.org are invited. Cipher is a NEWSletter, not a bulletin board or forum. It has a fixed set of departments, defined by the Table of Contents. Please indicate in the subject line for which department your contribution is intended. For Calendar entries, please include a URL and/or e-mail address for the point-of-contact. For Calls for Papers, please submit a one paragraph summary. See this and past issues for examples. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. All reuses of Cipher material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy, publications using Cipher material should obtain permission from the contributors. ____________________________________________________________________ Recent Address Changes ____________________________________________________________________ Address changes from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/AddressChanges.html ______________________________________________________________________ How to become <> a member of the IEEE Computer Society's TC on Security and Privacy You may easily join the TC on Security & Privacy by completing the on-line for at IEEE at http://www.computer.org/TCsignup/index.htm _____________________________________________________________ TC Publications for Sale _____________________________________________________________ Proceedings of the IEEE CS Symposium on Security and Privacy The Technical Committee on Security and Privacy has copies of its publications available for sale directly to you. IEEE CS Press You may also order some back issues from IEEE CS Press at http://www.computer.org/cspress/catalog/proc9.htm The most recent Computer Security Foundation Workshop (CSFW16) took place June 2003. Topics included formal specification of security protocols, protocol engineering, distributed systems, information flow, and security policies. See http://www.ieee-security.org/TC/TCPubs4Sale.html for more information on ordering. ________________________________________________________________________ TC Officer Roster ________________________________________________________________________ Chair: Past Chair: Mike Reiter Thomas A. Berson Carnegie Mellon University Anagram Laboratories ECE Department P.O. Box 791 Hamerschlag Hall, Room D208 Palo Alto, CA 94301 Pittsburgh, PA 15213 USA (650) 324-0100 (voice) (412) 268-1318 (voice) berson@anagram.com reiter@cmu.edu Vice Chair: Chair,Subcommittee on Academic Affairs: Heather Hinton Cynthia Irvine IBM Software Group - Tivoli U.S. Naval Postgraduate School 11400 Burnett Road Computer Science Department Austin, TX 78758 Code CS/IC (512)436 1538 (voice) Monterey CA 93943-5118 hhinton@us.ibm.com (408) 656-2461 (voice) irvine@cs.nps.navy.mil Chair, Subcommittee on Standards: Chair,Subcomm.on Security Conferences: David Aucsmith Jonathan Millen Intel Corporation SRI International EL233 JF2-74 Computer Science Laboratory 2111 N.E. 25th Ave 333 Ravenswood Ave. Hillsboro OR 97124 Menlo Park, CA 94025 (503) 264-5562 (voice) (650) 859-2358 (voice) (503) 264-6225 (fax) (650) 859-2844 (fax) awk@ibeam.intel.com millen@csl.sri.com Newsletter Editor: Hilarie Orman Purple Streak, Inc. 500 S. Maple Dr. Salem, UT 84653 (801) 423-1052 (voice) cipher-editor @ ieee-security.org --------------------------------------------------------------------------- BACK ISSUES: Cipher is archived at: http://www.ieee-security.org/cipher.html