_/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/_/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/_/ _/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/ ============================================================================ Newsletter of the IEEE Computer Society's TC on Security and Privacy Electronic Issue 107 March 20, 2012 Hilarie Orman, Editor Sven Dietrich, Assoc. Editor cipher-editor @ ieee-security.org cipher-assoc-editor @ ieee-security.org Richard Austin Yong Guan Book Review Editor Calendar Editor cipher-bookrev @ ieee-security.org cipher-cfp @ ieee-security.org ============================================================================ The newsletter is also at http://www.ieee-security.org/cipher.html Cipher is published 6 times per year Contents: * Letter from the Editor * Recent News Items o The Secret is in the Finger o NSA in the Rockies o When Keys Go Bad o Admistration Pushes for Greater Authority Over Cybersecurity in Private Firms o Linked In To ... Insecurity? o Afraid to Flash? o Stux Redux * Commentary and Opinion o Review of the Financial Cryptography and Data Security (Bonaire, Dutch Antilles, Feb 26-Mar 3, 2012) by Benjamin Mood o Book reviews, Conference Reports and Commentary and News items from past Cipher issues are available at the Cipher website * List of Computer Security Academic Positions, by Cynthia Irvine * Conference and Workshop Announcements o Calendar of Events o Upcoming calls-for-papers * Staying in Touch o Information for subscribers and contributors o Recent address changes * Links for the IEEE Computer Society TC on Security and Privacy o Becoming a member of the TC o TC Officers o TC publications for sale ==================================================================== Letter from the Editor ==================================================================== Dear Readers: Those of you looking forward to Richard Austin's book review this month will be temporarily disappointed. He is tending to his health and will return for the next Cipher issue in May. We wish him a speedy recovery. We have an extensive review of the annual sunny Financial Cryptography conference. The Carribbean setting seems to attract variety and quality, and Cipher's Associate Editor Sven Dietrich reports that it was its usual technical and social success. We have several news articles for this issue, three concerning an expanding role that the US government is seeking in cybersecurity. Allegedly having overrun the power grid on the eastern seaboard, NSA is locating a major data center in Utah; the Federal administration is seeking legislation to give it authority over cybersecurity for some private firms; offensive cyberware is getting increased focus. The annual IEEE Security and Privacy Symposium has announced its program for the May 20-23 meeting in San Francisco, and participants can make hotel arrangements and pay for conference registration now. But wait, that's not all! This year there will be 5 workshops following the conference. The Security and Privacy Workshops event will be on May 24-25, at the same location, and has these great venues for papers and panels: W2SP: Web 2.0 Security and Privacy MoST: Mobile Security Technologies WRIT: Workshop on Research for Insider Threat WSCS: Workshop on Semantic Computing and Security TrustED: Workshop on Special Aspects of Cyber Physical Systems: Trustworthy Embedded Systems Register now and take advantage of early savings. See http://ieee-security.org for all the information. Cheap memory, free WiFi, and YouTube: the new opium of the people, Hilarie Orman cipher-editor @ ieee-security.org ==================================================================== News Briefs ==================================================================== The Secret is in the Finger http://www.nytimes.com/2012/03/18/business/seeking-ways-to-make-computer-passwords-unnecessary.html Bypassing the Password New York Times Digital Domain By RANDALL STROSS Published: March 17, 2012 DARPA funded research at CMU, led by Roy Maxion, looks at the detailed biometrics of keystrokes as an identification method. ------------------- NSA in the Rockies http://www.connect2utah.com/news/features/local/stories/vid_473.shtml New NSA Data Center Concerning Utahns Connect2Utah.com A huge NSA data center in Utah is causing local notice. ------------------- When Keys Go Bad http://eprint.iacr.org/2012/064.pdf Ron was wrong, Whit is right Maxime Augier, Arjen K. Lenstra, James P. Hughes, Joppe W. Bos, Thorsten Kleinjung, and Christophe Wachter IACR preprint archive A clever mathematical analysis of a large number of RSA keys advertised on the Internet shows that a surprisingly large number are insecure. ------------------- Admistration Pushes for Greater Authority Over Cybersecurity in Private Firms http://www.nytimes.com/2012/03/14/us/new-interest-in-hacking-as-threat-to-us-security.html New Interest in Hacking as Threat to Security New York Times By MICHAEL S. SCHMIDT Published: March 13, 2012 "The legislation the administration is pressing Congress to pass would give the federal government greater authority to regulate the security used by companies that run the nation's infrastructure. It would give the Homeland Security Department the authority to enforce minimum standards on companies whose service or product would lead to mass casualties, evacuations or major economic damage if crippled by hackers." --------------------- Linked In To ... Insecurity? http://money.cnn.com/2012/03/12/technology/linkedin-hackers/index.htm LinkedIn is a hacker's dream tool By Stacy Cowley @CNNMoneyTech March 12, 2012: 5:24 AM ET LinkedIn and little bit of social engineering turned a security investigator into a trusted employee of a company that had never heard of him. ----------------------- Afraid to Flash? http://www.pcworld.com/article/250106/adobe_confirms_new_zeroday_flash_bug.html Flash Vulnerabilities Adobe Confirms New Zero-day Flash Bug By Gregg Keizer, Computerworld Feb 16, 2012 5:27 am Active attacks using cross-scripting bedevil Internet Explorer, leading Adobe to update Flash Player 11 and Flash Player 10. No information was given about How Long Has This Been Going On? ---------------------- Stux Redux http://www.washingtonpost.com/world/national-security/us-accelerating-cyberweapon-research/2012/03/13/gIQAMRGVLS_story.html U.S. accelerating cyberweapon research Washington Post By Ellen Nakashima, Published: March 18 "The Pentagon is accelerating efforts to develop a new generation of cyberweapons capable of disrupting enemy military networks even when those networks are not connected to the Internet, according to current and former U.S. officials." Kaigham J. Gabriel, DARPA deputy director, recently said that DARPA will focus a greater portion of its cybersecurity research on offensive weapons. Other DoD officials have expressed willingness to spend more money if they could find effective outlets. ---------------------------------- News briefs from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/NewsBriefs.html ==================================================================== Commentary and Opinion ==================================================================== ____________________________________________________________________ Review of Financial Cryptography and Data Security Bonaire, Dutch Antilles, Feb 26-Mar 3, 2012 by Benjamin Mood ____________________________________________________________________ Conference report for Financial Cryptography and Data Security 2012 Divi Flamingo Beach Resort, Bonaire, Dutch Antilles, Feb 26-Mar 3 2012 http://fc12.ifca.ai/ by Benjamin Mood, University of Oregon Introduction by Sven Dietrich The annual IFCA Financial Cryptography and Data Security conference took place in Bonaire, the easternmost island of the ABC Islands just north of Venezuela, in its 16th instance in late February 2012. In attendance were about 90 participants from academia, government, and industry. The program chair was Angelos Keromytis, who put together an excellent program, as you will see below, and the local organization was by the general chair Ray Hirschfeld. The program included meeting with local government representatives at the welcome session in the morning ("You're the first group of scientists I meet that hasn't studied reefs!") and the welcome reception at the Flamingo's Nest. The latter is a small terrace at the resort facing west, making it ideal to observe the green flash. Among the many social activities (besides scuba diving, an obvious choice in Bonaire that many took advantage of), there was the island excursion up north which let us observe some flamingos (some pink dots in the distance), wild pigs, iguanas, wild donkeys, and also the sailing trips over to snorkeling spots and Klein Bonaire. The obvious meeting spots were the open-air lobby (good wireless coverage) or the small pier by the beach bar, where conference participants, hotel guests, and locals would congregate at the end of the day. The nearby town of Kralendijk offered the opportunity to go off in small dinner groups on the days when we didn't have dinners planned. A beach BBQ on Wednesday night was a wrap-up for those who left on Thursday and didn't stay for the co-located workshops. The main FC sessions took place in the Peter Hughes Meeting Room, at the northern end of the resort. There were two workshops: one on usability (USEC, http://infosecon.net/usec12/) and and one on ethics in computer security research (WECSR, http://www.cs.stevens.edu/~spock/wecsr2012/). The workshops shared the keynote speaker Ross Anderson, who spoke on ethics committees and IRBs (after the original joint guest speaker Jody Westby experienced travel problems getting to Bonaire), and a panel discussion led by Lenore Zuck on the ethics in data sharing. The morning break was spontaneously supplied with fresh coconuts, leaving participants to return (with their individual coconuts) to their respective conference rooms, the Peter Hughes meeting room above the dive shop and the Capture Shop next to the Activities office. The IFCA Annual General Meeting took place on Tuesday night before the rum(p) session. It was announced there that the next location for FC (in 2013) will be in Okinawa, Japan, with Ahmad-Reza Sadeghi as the program chair and Kazue Sako as the general chair. See you in Okinawa! Sven Dietrich NB: As for what else happened at FC, I'll refer you to Jean Camp's comment: "What happens at FC is a multi-party shared secret!" Keynote speaker: Scott M Zoldi, Ph.D. Vice President Analytic Science FICO Title: Analytic Techniques for Combating Financial Fraud The first session was given by Scott Zoldi, of FICO, who talked about fraud detection methods used in the real world by customers such as banks and credit card companies. Scott provided a good overview of the methods, including using neural network approaches, for detecting fraud in ATM usage, profiling credit card usage in different scenarios. Without further ado, Benjamin Mood's notes on the FC sessions... Scribe notes by Benjamin Mood ----------------------------------------------------------------------------- Session: Authentication Session Chair: Angelos Keromytis Social Authentication - Harder than it looks Hyoungshick Kim, John Tang and Ross Anderson - Ross Anderson, presenter Why privacy? We only have a few hundred friends, unlike celebrities.. but we can still find ourselves in embarrassing situations that we don't want our friends or significant others to know about. Impersonation is possible if people have small sets of friends and those sets have a high clustering coefficient. With disparate groups of friends, social authentication becomes more effective. Best performing face-recognition algorithms give about 65% accuracy. Recognition can be bad with certain images (e.g., a beefeater). Facebook knew this would be weak against your jilted former lover etc., and you can easily log in from a friend's machine as a policy matter. Their argument is police and courts are the proper place to deal with "insider" threats. It can also be used for targeted attacks (spear phishing), but the haven't seen much of this. What their system does is kill industrial scale phishing. Social CAPTCHAs are implemented by Facebook, which may have provided security for us, but in reality, it doesn't help us, but helps Facebook deal with their problems. "It's really security theatre". Rachel Greenstadt: Their goals seemed straightforward - they do care about phishing. It does protect your friends. Ross: Makes it more difficult to do social phishing from a remote location, but not from your machine if it's compromised. Q: Does it help against spam on FB page? A: yes, it should - FB really wants to cut down on spam Q: but this is a user benefit A: this is a fair comment - one of the reasons why people want FB but not MySpace Q: why is this surprising? Preventing fraud is good for companies as keynote said A: when set out to investigation, thought these mechanisms would help user privacy, so it was of interest to see the benefits are aligned in a slightly different direction. Automated mechanisms were a lot weaker than expected, but have significant value to the company, if not the user Jean Smart: If investigating someone and wanted to find out who they were talking with and who over time, could I log in multiple times and get pictures of people you're speaking to more frequently? Wouldn't that be an easier way to trace targets through social network? A: good point - these might be leaking and could be a covert channel Moti Yung: how to define topics and what is good for company vs user? If something is good for the user with less spam, that's better for user and means ads will be more valuable A: Remember Facebook Connect is part of their business model, they want everyone to log in through FB - so it's financial too - if banks want to user other authentication forms, there are others like amazon doing 1-click and hashing, if they line up with FB then we're depending on their protections. Governments might eventually say you can use FB to claim welfare or pension benefits. UK is going entirely online next year, so this isn't inconceivable. 160 billion pounds a year, 8% fraud. Imagine the problems if FB is part of this. Q: Paper develops intuition, this might also trigger violations of US law - criminal statutes. Even fairly lousy mechanisms like this could trigger these legal protections. A: yes, other works we've done that show more money should be spent on policing speak to this. Yet another evidential straw against them. The MVP Web-based Authentication Framework (short paper) Sonia Chiasson, Chris Deschamps, Elizabeth Stobert, Max Hlywa, Bruna Freitas Machado, Alain Forget, Nicholas Wright, Gerry Chan and Robert Biddle presenter: Sonia Chiasson Lots of "new and improved" authentication schemes, but it's hard to compare them. No consistent evaluation from security or usability standpoint. The MVP framework is meant to address this by facilitating user studies. Can do longer-term studies and users can use their own systems. Modified several open source systems, eg Wordpress blogs. Logging in brings up the correct authentication scheme. The process stays the same since the authentication string is sent back to the website, just they way that the user sees the authentication scheme differs. Many characteristics are common, such as web-based and allowing for interchangeable schemes (about 20 implemented so far). These are all instrumented for analysis including user interaction and details of the user environment. Password reset emails can be sent or delayed to encourage trying to log on. Can be used for crowdsourcing activities as well. Some folks reset at each login which might model realistic behavior. Unexpected findings: as non-US researcher, can't use Mechanical Turk directly (must be a US citizen!) Can use Crowdflower instead. Posting tasks at different times will give you different types of users because it depends on who is awake in that part of the earth. Moving on larger and longer term studies with ore comparisons and mobile device support. Stuart Schecter: how do users know they're supposed to be practicing their password? Do they know study is about password? A: They're not told but some people do figure it out Angelos Keromytis: is this currently available? Sonia: yes Stuart Schecter: big reveal at the end saying this is what we're actually doing? A: do debrief at the end but haven't filtered based on whether people figured it out Q: Several mechanical turk communities where tasks are discussed, has this been looked at? A: no but run in a block at the same time - even if debriefing, most of the study gone before hand Q: Still have to do own authentication? A: Yes - modified Wordpress but not saying conclusively use one or another A birthday present every eleven wallets? The security of customer-chosen banking PINs Joseph Bonneau, Sören Preibusch and Ross Anderson presenter: Joseph Bonneau What's a stolen wallet worth? Do PINs make pickpocketing less of a problem? There hasn't been a big PIN leak like with passwords. There was a leak from RockYou of passwords which had 4-digit sequences in them, can these correlate with PINs? Most of these were text and four digits that weren't related. Last June, an iPhone developer had a PIN lock password and he shared the dataset. 200,000 users - sadly just below what you'd really like and not every combination picked. 9954 possibilities covered. Correlating data sets, need 10,000 users to get to everyone. Worse than random. Trends in PIN selection an be represented by color intensity graphs. Can reverse-engineer from the diagram how the Gregorian calendar works! Built a linear model of PIN probability based on factors like probability that user chooses date or sequence vs random value. Models showed that dates and patterns are very popular. 25% choose people who look random by looking against RockYou dataset and iPhone datasets with regression model. Survey of banking customers showed that over half of people share their PINs (almost exclusively with family) and about one third re-use for things like online banking and SIM cards. Using survey data to model banking distribution data, users answered questions about their PINs. More people choose random data for their PINs. Lots of people use the default banking PIN, some didn't know they can change it. Many use the same they've ever had form their first account. Some use their number based on student ID or old phone number. So real PINs are better than what the model might suggest. What if banks used a blacklist? Maybe not a great idea but it does make the passwords look more random. However, 8% of people use their own birthday, and 99% of users in the US have DOB in their purse or wallet. Implications: if attackers have 6 tries (e.g., 3 at ATM, 3 in chip and pin reader) and guess just dates or sequence, if you know the birthday you can get up to 8% success. If you can steal 4 cards you can bring this up to 10.9% with known DOB. Users had a lot to say about PINs. Q: how to track second order effects of people gaming the survey? A: took precautions: didn't have to answer and could drop out (some people did), said who they are, didn't ask for demographic data (people didn't like this in pilot studies), out of 1000 people only 2-3 very negative comments, perhaps 50 saying this is really good and worth studying, people thought a lot about the answers and made them think about this data. Q: Survey was about banking but did you ask about how many unique accounts etc do they have? A: asked what they reuse PINs for (e.g., smartphone, gate code), asked if same PIN used for multiple cards (about 2/3rds said yes) Jean Smart: is this biased against less paranoid? Also if you call yourself engineer, they are statistically most trusted group. A: might be biased against less paranoid given demographics of who takes MTurk survey. Q: moving toward larger PINs, customers would often choose 4-digit PINs and add "11" or "12" if they need 6-digit PIN. A: Switching to more digits doesn't work - CMU looked at this in password. Switching to random PINs even if short (3 digit) would be better than longer PINs. History of banking is moving towards 4-digit PINs chosen by user. ----------------------------------------------------------------------------- Session: Securing the Stock Markets Session Chair: Sonia Chiasson The Postmodern Ponzi Scheme: Empirical Analysis of High Yield Investment Programs Tyler Moore, Jie Han and Richard Clayton presenter: Jie Han High yield investments promise multiple percentage interest _per day_. Also known as Ponzi or pyramid schemes. Advertised as legitimate investments even when they aren't and a sophisticated ecosystem set up surrounding them. One example is Macrotrade, which claims to be certified by Comodo (a CA). Similar to Paypal but you probably haven't heard of them... These are dominated by two payment mediators (based in Costa Rica and Panama). Observed 1500 HYIP programs and over 140K events. Found they were reporting on same set of data but not always agreeing - shows collusion probably not happening. They agree about 80% of the time. HYIPs tend to collapse within a few weeks - 50% last 50 days or less, but some last over a year. Collapse due to unsustainable return rates among other factors. Users are less likely than aggregators to give a bad rating and more likely to give good. Don't trust previous investors, but maybe the aggregators. Impacted based on model is estimated at $6 million/month. Thousands of these are online, some persisting for years. The reputation ecosystem produces mostly reliable assessments, but don't trust users. Future goals include an interactive web-based visualization and a way for linking scams together. Q: How to know when collapse is happening? A: Left to aggregators when they delisted the programs. Different measures - for some, the ROI is published and would flatline/stop being reported, these are both metrics that tended to be similar. Q: anyone making money? A: no real data. But proxies possible based on ratings, but nothing great and unbiased. HYIPs take in an estimated $6,000,000 per month. Q: what is aggregator's incentive in reporting accurate info? how does this impact the study? A: allows users to trust them more since money made from Google ads and referrals. This can cut both ways, but aggregators can be tracked and have been around for many years. To stop HYIPs: (1) undermine aggregators, (2) target successful HYIP. Would be helpful to link scams together, interactive data set. Q: which users are shills versus the rubes, and who are sophisticated? A: no good data yet but found that ratings more positive than they should be so lots of shills. No real clustering data yet. (as a joke) Q: So do we invest or not invest? Ross Anderson: looking at HYIP, some claims on British legitimacy but these are false. Seems to be proceeds in crime. Why couldn't they be taken to jail right now? A: Main policy recommendation - these only operate when you have a reputation system in space, the aggregators give you fake trust. Moti Yung: how large is legal department? A: probably non-existent Deploying secure multi-party computation for financial data analysis (short paper) Dan Bogdanov, Riivo Talviste and Jan Willemson presenter: Riivo Talviste Consider a trade consortium where members may want to collaborate but they don't trust each other with each other's financial data. This can be solved with secure multiparty computation, where multiple users use secret sharing and distribute these pieces amongst the other parties. Sharemind framework is used to perform this (based on paper in ESORICS'08), improved with currently-unpublished protocols. The SecreC programming language is used for implementing data analysis algorithms. Input form is web-based and secret sharing is done in the web browsers, with the parties receiving shares over secret channels. SecreC looks similar to C. Several MPC primitives are used and implemented in Sharemind, which can also be used for anonymization. User study shows that there is a positive reaction to the framework. This is the first practical secure MPC application with geographically separated computation nodes. Looking for collaborators for new prototypes or applications for academia and research. Q: Any interest in using this for browser security? e.g., malware A: Not looking specifically at browsers, just general such as proper Javascript and HTTPS Q: What kinds of questions are you asking? A: currently 7 indicators with computed averages of average profit, time series, etc. Cryptographic Rule-Based Matching (short paper) Christopher Thorpe and Steven Willis presenter: Chris Thorpe Stock market orders aren't expressive. Ordering must be managed outside exchanges and managing is expensive (fast network and perfect computing). Exchanges aren't always fair either - simply trusting the firm in question isn't necessarily in your best interest. Limit orders can create put options since if the value of a stock drops below the limit order, so that order gives someone a free put option. What about pushing trading logic into the exchange itself? This can make individuals safer by allowing for dynamic orders, e.g., buy shares at a given price only if trading volume is less than a certain threshold per hour so that you're not caught up in panic selling. People don't want to reveal rules because they can be taken advantage of. Adding crypto can help by creating a zero-knowledge style trustworthy audit trail. The exchange not proves it is operating correctly. Downside is crypto adds complexity and time in fast markets. Rules use vectors of encrypted integers while interval proofs allow to prove when a trigger is hit without revealing their securities or trigger values. Pitfalls include flash crashes due to unimaginative rules,but these happen anyway since people are already doing algorithmic trading. Q: What's in this for the stock market? A: Becomes expensive to pay the commissions. Not Goldman Sachs that will benefit from arms race, it's the networking and hosting companies building the infrastructures and selling them. If you convince the big companies to use this it can lower the economic costs. Tyler Moore: Who has incentive to create this exchange, given that even fraud data isn't shared since the big cares can spend the money and smaller players can't giving relative advantage. A: Market fragmentation of alternative exchanges are low margin and if they can get lots of market share, so one of them could run with this. Q: what is covered in black box? Can run in parallel environment to learn algorithms A: Haven't done a completely rigorous analysis. Cannot control inputs. How do you get decryption key for parallel environment. Q: Can this be composed with exchange system? A: Yes, have to be able to co-exist. ----------------------------------------------------------------------------- Session: Networks Session Chair: Sven Dietrich Efficient Private Proximity Testing with GSM Location Sketches Zi Lin, Denis Foo Kune and Nicholas Hopper presenter: Zi Lin In their talk, they talked about private proximity testing. Their goals were constant time and liar-free. Proximity tests allow for users to determine whether two users are in proximity. There are popular non-privacy preserving solutions but they care about the privacy of the information. They use secure multi-party computation to compute distance between users and answer whether or not the users are close by. There is a WiFi location tag proximity previously published paper. However, the tag system takes O(N) time instead of the desired O(1) time. A location tag consist of a location and time. For GSM networks: These tags are unpredictable and reproducible. Used a custom Android kernel for the devices. Cell phones are given a unique identifier which includes a location area code (LAC) for where the phone currently exists. They used a method called K-shingling, which breaks a document into K pieces. Each shingle has a numeric number. The minimum values of these shingles are compared. If two shingles are the same then the two documents are alike. They use shingling to separate the location data and then compare it. Shingling prevents dishonesty from working. They tested three different distances: < 10 meters (is in proximity), < 1 mile (is in proximity), > 10 miles (not in proximity). In the same room: 85% success rate. On the same university campus: high 70%, large distance: does not compute to same place. each test was then repeated 5 times which prevented any false results. Q: What happens on the borders of LAC? A: Reasonable that it is not a problem. Q: How far apart towers are affect results? A: Have not tested this yet. Q: Any plans to do CDMA? A: Chose GSM due to currently possessed equipment. Should work on CDMA. Q: Is the modifications of the phones available/ can we use it? A: I can point you to who did the modifications of the phones Metrics for Measuring ISP Badness: The Case of Spam (Short Paper) Benjamin Johnson, John Chuang, Jens Grossklags and Nicolas Christin presenter: Benjamin Johnson This talk describes the problem of spam and focuses on the bad ISPs and whether they can be taken down to prevent the spam. They revealed a couple interesting statistics including that spam comprises 90% of all email and costs businesses $100B a year. It is difficult to manage by only the recipient. They propose that filtering the spam would be better. However, this is made more difficult by bad ISPs. The ISPs can do something about the outbound spam. The majority of spam is from a few IP addresses controlled by a few ISPs. A question raised during this research is what is the legal issues regarding removing a ISP. To determine whether an ISP can be removed they used a few metrics. The exclusive customer cone is the set of customers which will be cut off if the ISP is removed. Exclusive customer prefix size, how many larger customers are included in that cut off. They also keep track of how many bad users there are and what the ratio of good to bad users is. For their tests they did not include forged headers since 80% of spam does not have forged headers. They used spam email headers to deal determine IPs (for un-forged headers). They used the spam database which Georgia Tech gathered from july 2008 to january 2010. They used databases to determine the metrics listed above. Their results show some ISPs which spam comes from are needed but at least one could be removed; judged by the amount of spam vs legitimate data. Q: ? A: Some mechanism to put pressures on the ISP and shut it down Congestion-aware Path Selection for Tor Tao Wang, Kevin Bauer, Clara Forero and Ian Goldberg presenter: Tao Wang This talk was on finding the least congested routes in Tor. Tor is an online routing system for preserving the clients privacy. They presented two algorithms for finding these routes. The first algorithm, circuit choosing, works as follows: the clients pre-build and maintain a number of circuits. Use circuit which has the least amount of congestion. Reduces the duration time by about 1/2. Some overhead was needed for gathering the information needed for this algorithm. The second algorithm was called "circuit dropping": If the route has too much congestion then pick a new route. This reduces the time by about 1/2 as well. There is no overhead. They also have a long term path suggestion algorithm. Since some relays (i.e. users) may always be congested, they find and remove them from use. However probing these may have a large amount of overhead. They use the route overhead to determine a relay's overhead. If the relay keeps a history of congestion then they remove it. They were able to reduce long term path by 10%. General attacks are not affected by their approach. There are specific attacks against the long term path selection since an attacker can flood nodes which causes those nodes to be slower, however this does not dramatically decrease the run time. Ross Anderson: 25 years ago people use to do "sticky routing" use route until congested, can this be applied? A. this fits into route dropping. Q: What if a large number of users use this process? Won't this prevent it from working? A: Guess the benefit will not be as great but still use the routes more evenly. Q: reverse of smear attack, make a relay look better than everyone else? A: best way to avoid this is to drop that particular circuit. ----------------------------------------------------------------------------- Session: Auditing Session Chair: Nicolas Christin Attacking the Washington DC Voting System Scott Wolchok, Eric Wustrow, Dawn Isabel and J. Alex Halderman presenter: Eric Wustrow Internet voting systems are hard to get right. Verifiability and auditability are particularly properties to obtain, as is ballot secrecy - these are potentially at odds with each other. Washington, DC deployed Internet voting for overseas absentee voters in the 2010 general election and invited the academic security to "hack" a mock election using the system with three days notice and two weeks before it was to be deployed for a general election. The system consists of a web server in a DMZ between two firewalls, with application server and DB server behind the web server firewall. IDS is in front of the web server. Name, zip code, voter ID is entered, as is a hex-based PIN mailed in advance to voters. Ballot is an interactive PDF, saved to computer after being filled in and then uploaded to system. System is built with Ruby on Rails, open source, available on GitHub. Team was able to download the code in advance. Ballot is encrypted with GPG. By using double rather than single quotes in the GPG operation, the code is susceptible to a shell injection attack. Other problems include unencrypted ballots persisting in /tmp and the deployed session secret wasn't changed from what's in the public GitHub repository. Created an exploit ballot with a small Python shell. Allowed making a fake ballot. All database credentials were effectively stolen, replaced votes with their choices, replaced and new votes, installed a back door to reveal new votes, and cleared the audit logs. Ballot return page played "Hail to the Victors" to make it abundantly clear it was compromised. Based on network diagram, were able to determined who was coming in and out of server room webcams. Even got access to real voter roll that would allow voting in the real election. All was made possible from using double rather than single quotes. Q: didn't change code so just had hash of PIN - how would you have voted? A: if you have the PIN, yu can just log in. If same session secret and attacker knows, can craft a ballot with cookies, need ID number from DB but that is sequential Q: that's if a real person voted? A: that's without modifying the server at all Q: DC government can't fix much of anything, is this just bad implementation of fundamentally hard? A: People hired for this were pretty good - open source, good work done in the past, this was much better than many closed source systems in the past. Wasn't a problem with them, these are issues that everyone has. Q: After all this, some discussion probably. Any insight into QA process? A: Not too familiar with their QA. Probably not much of one. Even doing it in advance isn't the right approach. Enough vulnerabilities. Illustrates real pressures election officials are under. Changes required due to election timeline pressure. Elections are administered by municipalities and not everyone has resources to get this right. Security Audits Revisited Rainer Boehme presenter: Rainer Boehme In the past, there were many entities that worked independently of each other. Nowadays, more specialization which means more networking of independent actors to form things such as supply chains. This raises the question of who is in charge of security in these organizational networks, and the answer is that everyone is usually in charge - but there are some selfish actors. To get around this, audits are proposed. Using game theory can show productivity, interdependence, and thoroughness of these audits. Model interdependence in terms of probabilities of loss and attack. Security investment generate positive externalities in this model, which helps all actors. Is there a benefit to investing though if others won't? Consider that the total cost is that of loss plus that of adding security. There is also a social cost of two firms together. There is a local minimum called the social optimization. The curve changes depending on interdependence and more is required as interdependence increases. Security audits can be deployed in this environment but is hampered given security of an organization isn't directly observable. The thoroughness of the audit is thus important, and the audit result can be attested to third parties. Symmetric Nash Equilibria shows the optimal security level given a security investment of two parties. ??A certain security level can be reached without audits. Though audits are useful, baseline audits are useless since both players have incentive to sufficiently invest to the Nash equilibrium. Thus, only thorough audits will be useful. The implications are that audit procedures must be tailored to adjust thoroughness, that systems should be built to be auditable easily, and that systems should be decoupled whenever possible. Audit requirements should similarly be tailored and criteria defined for thoroughness. Limitations include uncertainty about an attacker's action. The takeaway is that security audits are no panacea. Q: How can this be applied or introduced, particularly interconnectedness A: Customer diversity, length of supply chain - this is theoretical - look at ISP system as interconnected system who themselves use graph-related approaches. Finding best indicators is important. Q: What is timing? A: Simultaneous and symmetric Q: Set of compatible or similar with audits A: As long as originating - stability of equilibria determines whether audits required symmetrically or whether asymmetric audits are OK. Reputation effects can also be introduced. Efficient, Compromise Resilient and Append-Only Crypto Schemes for Secure Audit Logging Attila A. Yavuz, Peng Ning and Mike Reiter presenter: Barry Peddycord Audit logs should be designed to be unforgeable. When a log entry is signed and the signature is generated, the key should be deleted to prevent logs from being tampered. Forward security is guaranteed but no guarantee against log erasure. Another scheme would include aggregating signatures together. Evolving the key and keeping a signature of the entire stream prevents compromise but is expensive particularly for the verifier. Previous schemes are not necessarily verifiable publicly or have dependency on an online trusted third party. More recent schemes using public keys are scalable and secure but if they fail, it's hard to determine what parts are valid and invalid. Public key schemes must have signatures computed in order to verify the signature of the entire scheme. Each private key is associated with an individual public key, raising the question of whether it's possible to verify the entire scheme once and directly. LogFAS system created with constant number of expensive operations regardless of input size, as well as a public key independent from the number of signers or log entries, and fine-grained verification is possible. It is also provably secure. Single public key verifies signatures across all private keys using Schnorr scheme. Tag values are verified rather than individual log entries. Bind the signature and tag using a token that evolves with private key and log entry. Private keys are deleted as used, and loggers support a given number of entries before new keys are necessary. Tokens are aggregated and comprise tags. Based on tags, signature can be calculated and exponentiation (expensive) only needs to be done twice. Corrupt log entries can be identified with a binary search like strategy on O (lg n) expensive operations. The external counter signature protects against truncation. Security is proven in a supplemental paper. Evaluation shows this scheme is much faster in terms of verification time with little overhead in signing. Future work involves building truncation protection implicit into the log. Q: Isn't there an issue if a machine is broken into multiple times, if the private key is stolen? A: Assume if you break into the system this causes a log entry. If you can break in and target the key without incurring a reporting event, you've subverted the logging mechanism, not the security primitives. Q: How to handle randomization? In Schnorr, knowing the one-time random gives you the private key. Deterministic of pseudorandom? A: Truly random selection. Don't rely on pseudorandom. Q: hash tree logging mechanism in the past? A: Sounds familiar ----------------------------------------------------------------------------- Session: Primitives Session Chair: Moti Yung On Secure Two-party Integer Division Morten Dahl, Chao Ning and Tomas Toft presenter: Morten Dahl A method for secure integer division. They use a threshold homomorphic encryption system (Paillier) to accomplish the secure computation and is specific to two party computation. They mention it could be extended. For their homomorphic system, the public key is known to everyone and private key is shared such that no party can decrypt his own encryption and decryption must be done in collaboration. The scheme they use has addition and multiplication. Division. Divides h/d and returns the quotient to both parties. This can be used for private statistics. This can be useful for data analysis like (n_a + n_b)/(d_a + d_b). They use a taylor series to compute do the division. They fix the approximation of the taylor series by comparison. For division protocol, they needed truncation (using encryption and homomorphic addition) and a way to determine the bit length of a number (using a binary search like technique or a regression protocol) Q: You are doing this on integer mod N, correct? A: Yes, using Pallier, and using a thousand bits to be secure Q: Have you implanted this? A: No, we have not yet. We wanted to create a general framework before implementing this. Privacy Enhanced Access Control for Outsourced Data Sharing Mariana Raykova, Hang Zhao and Steven Bellovin presenter: Mariana Raykova Accessing the data in the cloud. The goal of their system is confidentiality of the data. Previous methods include encryption and ORAM. Their approach is a two level access control model which uses coarse gain and fine grain levels. The coarse grained level is enforced by the cloud which maps users file requests to access blocks. This will let the cloud to match the requests to oblivious blocks. This uses predicate encryption with the modification which re-randomizes a cipher text. Fine-grained level is enforced at the user's site once a block has been given from the cloud. The fine grain is encryption based. Each user can only decrypt the files which he is allowed to read and uses a tree based derivation method for distributing keys and tokens. Users can also let other users read and write the data which they own. For access write control at the coarse gained level oblivious mapping still works. For fine grain, encryption does not work - it may allow for unauthorized writes or not let the cloud know which file was written. Their solution is to use oblivious update tags, which contains information about which file was updated and lets the cloud know which files are being written too. Each spot in the resources tree has a key pair. Each file in encrypted with symmetric keys. The cloud observes requests at block level and will not see patterns. It was noted that cache optimizations are possible to increase the performance of the system. Q: This is like ID based apples, like a capability where the users has a token which can allow a users to access, this is capability, right? A: Yes Q: What about solutions like PIR with access control? A: We wanted something in-between cloud side completely and user completely. Q: Estimate in performance? Important for what is the price of privacy. A: Question becomes what you want to store in blocks (i.e. how large of data)? Not implemented for these measurements. Privacy-Preserving Stream Aggregation with Fault Tolerance T-H. Hubert Chan, Elaine Shi and Dawn Song presenter: Xavier Boyen Their main topic was how can a user preform data analysis on data while preserving the privacy of the data. The previous work allows the aggregator to learn the noisy sum only. They added support for fault tolerance and support for dynamic join and leave operations. They use differential privacy which allow for adversaries to not notice large changes. In the basic scheme a one-time key distribution is used. This is enabled by homomorphic encryption. To achieve fault tolerance, they use a binary tree like construction. This contraction also allows for dynamic joins and leaves. Whenever the number of users reaches the next power of two, a new tree must be created. Differential cryptography allows for dealing with untrusted aggregator. Q: Could you combine secret sharing with differential privacy? A: Differential cryptography allows for a smaller noise value. We use some secret sharing. Q: I think you can turn this model into secret sharing? A: Yes, but then you may lose some privacy. (follow up) Q: You would have to treat K as N? A: Yes. ----------------------------------------------------------------------------- Session: Access control Session Chair: Lenore Zuck Dynamic Accumulator based DAC for Outsourced Storage with Unlinkable Access (short paper) Daniel Slamanig presenter: Daniel Slamanig Discretionary access control is popular but there are issues with this model in conjunction with outsourced storage. The storage provider (e.g., a cloud provider) could be "honest but curious", where it runs the protocol correctly but might be interest in properties such as access patterns. Storage provider ay learn who owns the data objects but shouldn't be able identify the users accessing these objects. A desired property is unlinkability, where the provider can't link accesses to the users. Pseudonyms hide identities but don't provide unlinkability of access patterns. Instead, have an ACL per permission and have the user prove to the trusted reference monitor that one valid pseudonym is possessed without specifying which one. Cryptographic accumulators are used to provide this, and the second of two schemes presented uses a dynamic accumulator, which allows efficient updating of the accumulator. Representing the ACl, the size of values and the proof complexity are constant-time. Q: Does this model consider a particular document you're not going to need right away, if there are a number of people on an ACL and there are accesses per person - are there ways to link this? A: Perhaps through side channel. But can't tell the users themselves apart. If two accesses are of different or the same users. Q: Can you see if the same user accesses different data? A: No Q: You can see what is being accessed though? A: Yes, but not by who Q: Accumulator looks like group signature sometimes, is a trusted authority needed? A: No, not for this A Non-Interactive Range Proof with Constant Communication Rafik Chaabouni, Helger Lipmaa and Bingsheng Zhang presenter: Dan Bogdanov (not an author, due to injury of the author present at FC) Two parties want a commitment without revealing specific values such as age (e.g., prove over 18 but not give the specific age). This can be done with a non-interactive zero knowledge proof. This has applications to e-voting, auctions, age-verification sites. Historically Lagrange proofs can be used and are short but finding the values taks time, and don't know how to do factoring-based NIZK. Binary representations have shortcomings as well, namely non-constant communication and non-interactivity only through random oracles. The range proof in this paper is pairing-based using knowledge assumptions and common reference strings rather than random oracles, providing low computational complexity for the prover. Communication can be tuned through parameterization. Trade-offs can be made between either constant communication/verification or small CRS length or prover's complexity, or any trade-off between them. No questions. Designing Privacy-preserving Smart Meters with Low-cost Microcontrollers Andres Molina-Markham, George Danezis, Kevin Fu, Prashant Shenoy and David Irwin presenter: Andres Molina-Markham About 76 million smart meters are deployed worldwide, 10 million in the US alone. They enable consumers to help distribute and reduce loads and gather consumption information. There are privacy issues with collecting this data. Thought has been given to privacy-preserving solutions, but not the feasibility of using these techniques on low cost microcontrollers. This work shows privacy preserving computations are possible in limited environments. Privacy can be given with zero-knowledge proofs. However, microcontrollers have pretty low MIPS rates and small code space. This work shows it's possible to implement zero-knowledge billing on these platforms. Using different cryptographic primitives affects feasibility. Even low-end cheap microcontrollers can provide cryptographic committments in a matter of seconds. Certified readings can be done with 10 seconds with a $3 microcontroller while the ones in current smart meters can produce readings every 28 seconds. ECC primitives maximize the capabilities. Q: What about power issues? Also, how can software upgrades be done given the high amount of energy required for writing flash? You could do privacy and attach meter. These should be policy issues. A: Agreed on some points. Q: What do utilities have to say about this? What is their incentive to support this? A: Could prevent lawsuits from fraud/stealing, also potentially future legislation. ----------------------------------------------------------------------------- Session: Secure Processing Session Chair: Angelos Keromytis Memory-Efficient Garbled Circuits Benjamin Mood, Lara Letaw and Kevin Butler presenter: Benjamin Mood Many financial transactions demand confidentiality, and these are increasingly done on mobile devices. Privacy-preserving computation through secure function evaluation is feasible on desktops but is slow and requires large amounts of memory, too much for mobile devices. Clouds aren't everywhere and can track usage patterns. Better would be to do all of the computation on the mobile devices themselves. This work uses circuit templating, taking small pre-optimized pieces of garbled circuits and can create vastly larger circuits for SFE than were previously possible on phones. The Fairplay compiler generally used for SFE was modified with a new intermediate language that allows easy generation of these templates. This language, called PAL, is transparent to the user, who can write in Fairplay-standard SFDL and output SHDL, also standard. Evaluation shows that a large number of programs can be compiled on mobile devices that were previously infeasible, with reductions in required memory of over 95%. The circuit generation techniques are modular and can be used with other efficient techniques for garbled circuit execution. Q: Tried to compare size of circuits? Are they similar? A: Some are smaller, some the same size, a couple are larger Q: Why is this difference? A: Sometimes compilers can increase resulting circuit size Q: Is the system available? A: Yes - online soon and available on request Oblivious Branching Program Evaluation Payman Mohassel and Salman Niksefat presenter: Payam Mohassel Binary decision trees are provide a means for determining program execution for a branching program. Ordered binary decision diagrams (OBDD) are directed acyclic graphs where variables are processed in order, used for applications such as formal verification and circuit design. Multivariate branching programs can be represented with these diagrams. Secure two-party computation aims to keep these programs and their input private, for example for diagnostics. Private database queries can represent server data as a branching program such as private information retrieval and keyword search. Using OBDD can allow for these. Protocol uses oblivious transfer. Server sends encrypted decision tree to client, client can decrypt with key received from oblivious transfer. Randomly permute answers to hide structure. This requires a stronger oblivious transfer where queries and answers can't be correlated. This can be generalized to decision trees. Client computation is constant time rather than log time in the Yao model, while server computations decrease from linear to log. Future work is trying to achieve efficiency with communication and computation. No questions UC-Secure Searchable Symmetric Encryption Kaoru Kurosawa and Yasuhiro Ohtaki presenter: Kaoru Kurosawa The security of searchable symmetric encryption against passive attacks has been considered by many, but security against active attackers has not been similarly considered. Universal composable security is considered in this work. Naive approaches to securing searches is to add a MAC to provide integrity, but a malicious server can replace search pairs, so a stronger model is needed, namely the use of tags computed over keyword aggregates. UC security can be proved using a simulation proof. In an ideal world, the adversary only lears the size of the documents, size of keywords, and indices of the keyword. Reliability is also proven in this scheme. No questions ----------------------------------------------------------------------------- Session: Bitcoin Session Chair: Angelos Keromytis CommitCoin: Carbon Dating Commitments with Bitcoin (Short Paper) Jeremy Clark and Aleksander Essex Presenter: Jeremy Clark They propose a new way to verify when a vulnerability was found. They called it "carbon dating", which is a way to verify a time stamp. Traditional method is time stamping. Carbon dating involves the creation and solution of a puzzles. Given a puzzle and a solution any user should be able to verify. However solving a puzzle should be hard. Carbon dating, as they described, creates a puzzle which takes N time to solve, so if the puzzle was solved then it must have been created N time ago. The past puzzle types were repeated squaring or hashed based. Repeated squaring does not allow for easy verification. Hashed based is verifiable put easily parallelizable. The drawbacks of this method is it ties up a computer for N time, there is no idea proof to work protocol, nothing prevents a user from carbon dating multiple outputs, and very fuzzie (meaning each computer takes a different amount of time to solve a puzzle). Their next idea was to use Bitcoin to carbon-date. They also created a method to avoid deflating the value of bitCoin. Their applications include time-release encryption & commitments and digital cash schemes. Q: do you see this being integrated anywhere? A: Could be useful in some applications [did not say which applications] Q: what are some anonymity concerns? A: Account you create is a fresh account, have to send money from one account to another account, one account must have a name from somewhere. Its possible but you would have to take extra steps. Bitter to Better - How to Make Bitcoin a Better Currency Simon Barber, Xavier Boyen, Elaine Shi and Ersin Uzun Presenter: Xavier Boyen How to make Bitcoin better. Bitcoin is an online currency which was decentralized, transparent, flexible, and is an alternative to other currencies. They compared e-cash and Bitcoin. Bitcoin is trustworthy, meaning no "unfair" manipulation of the currency, no double spending, and transactions are irreversible. They note the real "kicker" of the system is a scripting language. Transactions can be divided and reconstructed in Bitcoin. Also uses hashes for verification. Transactions are public which allow for checks against double-spending. A group of transactions are put together into a "block". Legitimate transactions in blocks which were discard can be recollected. They observed a few issues in Bitcoin: deflation, deflation allows adversaries to enter into the currency later but still gain most of the money. Theft, loose money forever. Their possible solutions are "checkpointing the past" - save hashes of a set of money. Backup the money, static master secret, postdated backup transactions, spending rate limits. They also suggest a new method for anonymity. Their solution is a two party mixer for transactions. Their conclusion is that Bitcoin is good idea and their paper shows couple of ideas to fix the problems. Q: if have computation power for history revision attack, why not just take all the money? A: negative feedback loop in history revision attack Q: is language Turing complete? A: no Q: if we can save ssl certificates can we revoke sketchy things automatically? A: leaving humans to make decisions creates many problems. Q: can it be fixed? A: yes, problem is the parameters, but needs to be restarted from scratch. Q: what is purpose of slowing down coin mint rate? A: Want to have the shape of minting, put deflation at specific points. Panel Moderator: Jason Cronk Panelists: Peter Swire, Stuart Shapiro, Travis Breaux Jason: FC is a virtual tax haven, laws sometimes respect privacy and sometimes do not respect privacy. Stewart: broadly categorize different PETS and which lead to different problems with the law. Category 1: first party PETS: used by actually data subjects, tools which reduce visibility. TOR is the main example. SOPA has anti circumvention techniques. This might make distributing TOR illegal. It will inflict lots of collateral damage. Category 2: Enterprise pets, tools used by enterprises, help more responsibly manage person information. Laws are there to prevent information being take to make distinctions about personal. Like hiring laws. When Secure Multi Party Computation PETSs become commercially available will make things interesting since this will prevent information from being revealed. [i.e. no information left to reveal]. The bottom line is there are problems if you don't use PETS and problems if you do use PETS. Category 3: infrastructural PETS: federated identity management type "stuff". Selective credential revealing. Travis: Software requirements which comply with security laws. There are two types of laws: Rules (like type of encryption) and standards (very general which do not specify what is reasonable). Reasonable standards identify foreseeable internal and external risks. Companies must disclose data breaches which allows the FTC to know what people should use. The regulars must know what can happen to know what they should require. Rules can conflict with each other (Examples given of laws in various states). Peter: (see Peter's paper at) http://ssrn.com/abstract=1960602 Some counties have limits on cryptography. India: max key length is 40 bits. China: requires chinese created standards. Internet is rather insecure. Lots of nodes, encryption, many intercepts. Crypto was munitions until 1999 and can distribute it unless you are sending to North korea or the like. In india: security agencies want to wiretap in real time, commercial people want to encrypt, government stuck in the middle. Keys are only held by individuals and corporations. Is good idea to ban SSL? In China: there is internet surveillance. there are limits on effective crypto. To sell in china, make it in china. They insist on non-standard crypto systems. A 1999 law prohibits commercial use of crypto unless you have a license. There is a soft law which said no license is needed unless the core function is encryption. VPN is not OK in China. There is a great uncertainty about what "core functionality" means. Public release of 3 chinese algorithms recently. Not interoperability with global standards. The bottom line is that Major nations are ramping of legal regulation of crypto. Q to Travis: laws which dictate which technologies, effort for flexible legislation? A: regulators reach out to communities to find out what the standards should be. Experts say not a set amount, People who are most informed typically have other problems they are interested. Q to Peter: what happened about RIM? A by someone else: enterprise architecture: can get keys from corporations, personal architecture: everything is routed through servers Q to Peter: encrypt before transmission? A: laws against it, companies don't like to typically break laws. Possibility is prevent enforcement somehow. International pressure is the only way. Observation: need to write laws which do not mess crypto up. Q to Peter:couple of issues, vast amount of crypto, made in china and the shipped to india, if crypto is outlaws then only outlaws will have crypto. However most amount of privacy problems occur from inside adversaries and people with warrants. Crypto helps protect meta-data. A (by someone else): Live in a world where both things are true, protecting things on wires and protect things online too. still have to disclose passphrase. Q: if you believe what was released at OBL death, is pushback through social issues or a ruse or? A Stewart: very good point, common knowledge that most of powers in patriot act have been lobbied for for a long period of time. Authorities are opportunistic. However there are still legitimate threat. These powers may not address the specific threats Q: Have you guys thought about patriot act section 215? A: section 215 is part that says for national security purposes government can get any information it wants. continuing flight on the EU. Q: learn for secret interpretation of section 215? (suggested that all communications are fair game) third party has the information, so there is no 4th amendment right. A: would be outrage if true, but it kind of died down. Observation: at least one supreme court justice said using third parties is messed up. Observation: Judges do not believe metadata is content and can be taken without a warrant. Observation: in UK, restricted which metadata can be taken by police. With Facebook going https the only real way to take information is to have a high bandwidth interface into Facebook. Observation: in EU, since data is private, there should be some sort of audit trail for data so the government must confess to what it does. Interfacing with the Physical Session Chair: Burt Rosenberg The PACE|AA Protocol for Machine Readable Travel Documents, and its Security Jens Bender, Ozgur Dagdelen, Marc Fischlin and Dennis Kugler Presenter: Ozgur Dagdelen A new way for passports to be validated. The past protocol used for passports (PACE) did not have an active authentication method for the passports. There is a passive authentication but it does not affect cloning. They noted this means the passports have a public/private key pair. However then there is no deniability. They addressed the active authentication protocol with deniability. The protocol uses a differ hellman type protocol. They called there protocol, PACE|AA, and is faster, deniable, and still secure. They use Schnorr signatures for active authentication. To accomplish deniability they use a MAC result for the challenge response. They reuse randomness, saved one computation, one less round of communication, and almost have deniability (they noted they have a fully deniable version of Schnorr). To prove the protocol secure they use reductions. Their security proof is works in the strong model. They assume random oracles and ideal cipher. This protocol also prevents impersonation since more secrets are stored on the chip in the passport. They prove the key used is good in the paper. For deniability they use different variables to get a Schnorr signature. (no questions) Oblivious Printing of Secret Messages in a Multi-party Setting Aleksander Essex and Urs Hengartner Presenter: Aleksander Essex They developed oblivious printing. Oblivious printing allows a set of printers to print a secret message and not know what the secret message is. Given secure multi party computation it might be helpful to print pieces of a computation physically. They use invisible ink overprinting: Message printing in invisible ink and a pen which can activate the message to be seen. Each message takes multiple printers to be completely printed. In this protocol each printer receives an encrypted cipher text. There is a translation table which translates the cipher text to the plain text. This translation table is mixed and encrypted. They use a plaintext equality test to find which row should be printed. The printer then shares which portion it prints using a secret sharing technique. The printers use an operation like a visual XOR. They use a cut-and-choose protocol to prove the printers are honest. The last printer in the sequence uses black ink of the XOR of the previous pixels so each printer can verify the result. The applications they mentioned were for trustworthy voting, generation of a ElGamal key pair (which could be used for a digital cash like system). They limitations of this process are the printing process itself, document authentication, contrast, and custody requirement. Their takeaway was that uses are now able to print a secret, human or machine readable, and its a paper document. This system can fit into a wider protocol. Q: Did you develop this complete even the pens? A: we developed the pens and tested single layer but we haven't tested the multi-layer idea. Q: modify any printers? A: we replace ink cartridges with our own ink. The original ink would only last for about 100 prints until the printers had to be replaced. Reverse Fuzzy Extractors: Enabling Lightweight Mutual Authentication for PUF-enabled RFIDs Anthony Van Herrewege, Stefan Katzenbeisser, Roel Maes, Roel Peeters, Ahmad-Reza Sadeghi, Ingrid Verbauwhede and Christian Wachsmann Presenter: Christian Wachsmann The presentation was on a lightweight authentication scheme for RFIDS. They use physical unclonable functions (PUF) to achieve this security. These are like a hardware fingerprint. They are inherently unclonable, infeasible to predict, and tamper evident. Two previous applications of PUFs were authentication and key based storage. Both of these applications had problems. Their contribution was a lightweight PUF scheme which has a small footprint on the tag. They added cryptographic hardware and error correction to the tags to complete the PUF scheme. To reduce the hardware footprint they used reverse secure sketches. They also added a mutual authentication scheme to the tag. To prove their security they used secure sketch. Their conclusion was that their system allows for mutual authentication, small footprint, scalable, and applications to other devices and scenarios. Q:What do you mean by lightweight hash? A:hash with a low implementation hash, still cryptographic Q: how many bits is the communication complexity A: communication protocol is not optimal, need about 220 bytes. take a 64 bit challenge, generate 1785 bits in total based on challenge. then send that result back. Q: is this actually built? A: just proof of concept Systems Cryptography CTL: A Platform-Independent Crypto Tools Library Based on Dataflow Programming Paradigm Junaid Jameel Ahmad, Shujun Li, Ahmad-Reza Sadeghi and Thomas Schneider Presenter: by Junaid Jameel Ahmad A new platform independent cryptography library called Crypto Tools Library (or CTL). Since there are many types if devices which need a variety of cryptography, a platform independent library could be used. The previous libraries are primary programming language deponent to a few languages. One example of where this could be used is for video encoding. There is already of reconfigurable video coding (RVC) system. RVC can be written in a verity of languages. CTL has a number of crypto systems and cryptographic primitives. A small subset of what their system includes is block ciphers, different modes of operation, and stream ciphers. They tested their library on single and multicore machines. They achieve a performance increase of 300% to 400% using multicore machines. For the future work, they wish to include a privacy preserving garbled circuit system in their system as well as multimedia applications. They also want to add more cryptographic algorithms to the CTL. Q: How is the performance different with different paradigms between VHDL and C A: We have not studied this difference yet. A Cache Timing Attack on AES in Virtualization Environments Michael Weiss, Benedikt Heinz and Frederic Stumpf Presenter: Michael Weiss A cache timing attack on AES in a virtualization environment using side channels. Many users use virtualization to improve security. For their attack they exploit the ache of modern CPU's since the lookup table cannot be completely put into the cache which enables this attack. Their attack is based on the Bernstien attack. This attack requires the weakest attack model. Need to observe a whole AES encryption for the attack. Their attack assumes known plain texts. They attack the trusted executing environment (TEE), which is a virtualization based security architecture. There are both trusted and untrusted pieces to the TEE architecture. Specifically, AES can be used for mutual authentication. When the challenge starts, the adversary starts timing, when the response occurs he stops the clock. He can then decrypt the text. For their implementation they used a beagle board with a Cortex A8 32 bit processor and fiasco.OC L4 microkernel and L4Linux for the environment. They used precise timestamps from the kernel. For AES they used five different implementation include openSSL, Barreto, Barnstein, Gladman, and Niyaz. Depending upon on the implementation, the keys can be recovered easier in some cases than others. Showed feasibility of attack on TEE, provided measurements which show all AES implementations are vulnerable, Simple attacks need lots of samples which cannot be gain from a few possible plaintext observations. Their conclusion is that cache timing leakage is a real threat. Q: why did you choose test bed which was close to mobile, why not android? A: choose it since it has debugging possibilities, mobile phones are more complicated to do this on. Hardware it is the same. Softer Smartcards: Usable Cryptographic Tokens with Secure Execution Franz Ferdinand Brasser, Sven Bugiel, Atanas Filyanov, Ahmad-Reza Sadeghi and Steffen Schulz Presenter: Steffen Schulz A usable cryptographic token (or smart cards) with secure execution. Smartcards allow for two factor authentication. For their implementation they used TXT to implement smartcards. The main portion they needed to create was a driver for PKCS#11 middleware. Once this driver was created, a smartcard implementation of TXT (Trusted Execution Technology) would be possible. To deploy the system it would be like token deployment. Their system can also allow a trusted channel to be used if needed. Currently this implements RSA signatures. They used opencryptoki for the middleware and also have user interface. The trusted code base is about 3000 lines of code and the untrusted code is about 2000 lines of code. One application this can be used for is encrypted or signatures of emails and he demonstrated the user interface for the email application. Their system is a two factor authentication scheme: a user must possess the platform and know the PIN. They mention this is less secure than actual smartcards since this has little repentance against tampering and since it is possible to try many PIN entries to find the correct PIN. For future work they might look at web authentication, transaction confirmation for HBCI, maintain synchronization with multiple platforms, and a formal analysis of separating the public/private token state. Q: What happens if someone SSHs into the machine A: The dialogue will ask for the PIN. Also the machine would have already been compromised. Q: Only works for single user environment? A: Yes a single user thing. Q: Lots of system services which are interrupted? (including the wifi) A: Yes this is a problem. Suspends all PCI devices. Q: how much insurance is there that the message you want to sign is signed? A: same problem as smartcards. Perhaps use a PKCS interface to include message. For now its RSA signed. Q: public key operations happen outside, where is the assurance? (or how can tell if verification has succeeded) A: we don't focus on that but it is possible. FC adjourned at noon on Thursday, Mar 1, 2012. In papiamiento we will add: "Macha danki! Ayoo!" -SD ------------------------------------------------------------------------------ Book reviews from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/BookReviews.html, and conference reports are archived at http://www.ieee-security.org/Cipher/ConfReports.html ==================================================================== Listing of academic positions available by Cynthia Irvine ==================================================================== http://cisr.nps.edu/jobscipher.html -------------- This job listing is maintained as a service to the academic community. If you have an academic position in computer security and would like to have in it included on this page, send the following information: Institution, City, State, Position title, date position announcement closes, and URL of position description to: irvine@cs.nps.navy.mil ==================================================================== Conference and Workshop Announcements ==================================================================== ==================================================================== Upcoming Calls-For-Papers and Events ==================================================================== ==================================================================== Conference and Workshop Announcements Upcoming Calls-For-Papers and Events ==================================================================== The complete Cipher Calls-for-Papers is located at http://www.ieee-security.org/CFP/Cipher-Call-for-Papers.html The Cipher event Calendar is at http://www.ieee-security.org/Calendar/cipher-hypercalendar.html ____________________________________________________________________ Cipher Event Calendar ____________________________________________________________________ Calendar of Security and Privacy Related Events maintained by Hilarie Orman Date (Month/Day/Year), Event, Locations, web page for more info. 3/19/12: SECRYPT, 9th International Conference on Security and Cryptography, Rome, Italy; http://secrypt.icete.org; Submissions are due 3/19/12- 3/21/12: IFIP-CIP, 6th Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, National Defense University, Fort McNair, Washington, DC, USA; http://www.ifip1110.org 3/21/12: eGSSN, International Workshop on Trust, Security and Privacy in e-Government, e-Systems & Social Networking, Held in conjunction with the 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2012), Liverpool, UK; http://webs.um.es/jmalcaraz/eGSSN12 Submissions are due 3/24/12- 4/ 1/12: POST, 1st Conference on Principles of Security and Trust, Tallinn, Estonia; http://web.cs.wpi.edu/~guttman/post12/ 3/26/12: LASER, Workshop on Learning from Authoritative Security Experiment Results, Arlington, VA, USA; http://www.cert.org/laser-workshop/; Submissions are due 3/26/12: SRDS, 31st International Symposium on Reliable Distributed Systems, Irvine, California, USA; http://web.mst.edu/~cswebdb/srds2012/; Submissions are due 3/30/12: SecSE, 6th International Workshop on Secure Software Engineering, Held in conjunction with ARES 2012, Prague, Czech Republic; http://www.sintef.org/secse; Submissions are due 3/30/12: WSDF, 5th International Workshop on Digital Forensics, Held in conjunction with ARES 2012, Prague, Czech Republic; http://www.ares-conference.eu/conf/index.php?option=com_content& view=article&id=49&Itemid=95; Submissions are due 3/30/12: SAPSE, 4th IEEE International Workshop on Security Aspects of Process and Services Engineering, Held in conjunction with the IEEE Signature Conference on Computers, Software, and Applications (COMPSAC 2012), Izmir, Turkey; http://compsac.cs.iastate.edu/workshop_details.php?id=48&y; Submissions are due 3/31/12: MoCrySEn, 1st International Workshop on Modern Cryptography and Security Engineering, Held in conjunction with ARES 2012, Prague, Czech Republic; http://www.ares-conference.eu/conf/index.php?option=com_content&view=article&id=65&Itemid=120; Submissions are due 4/ 2/12: Mobisec, 4th International Conference on Security and Privacy in Mobile Information and Communication Systems, Frankfurt, Germany; http://mobisec.org/2012; Submissions are due 4/ 6/12: TrustBus, 9th International Conference on Trust, Privacy, and Security in Digital Business, Held in conjunction with DEXA 2012, Vienna University of Technology, Austria; http://www.ds.unipi.gr/trustbus12/; Submissions are due 4/ 6/12: NSPW, New Security Paradigms Workshop, Bertinoro, Italy; http://www.nspw.org; Submissions are due 4/10/12: HealthSec, 3rd USENIX Workshop on Health Security and Privacy, Bellevue, WA, USA; http://www.usenix.org/events/healthsec12/; Submissions are due 4/15/12: CloudSec, 4th International Workshop on Security in Cloud Computing, Held in conjunction with the 41st ICPP, Pittsburgh, PA, USA; http://bingweb.binghamton.edu/~ychen/CloudSec2012.htm; Submissions are due 4/15/12: STAST, 2nd International Workshop on Socio-Technical Aspects of Security and Trust, Co-located with Computer Security Foundation Symposium (CSF 2012), Harvard University, Cambridge, MA, USA; http://www.stast2012.uni.lu; Submissions are due 4/15/12: IEEE Signal Processing Magazine, Special Issue on Signal Processing in the Encrypted Domain: when Cryptography Meets Signal Processing; http://www.signalprocessingsociety.org/uploads/Publications/SPM/cryptography.pdf; Submissions are due 4/16/12: SSS, 14th International Symposium on Stabilization, Safety, and Security of Distributed Systems, Toronto, Canada; http://www.cs.uwaterloo.ca/sss2012/; Submissions are due 4/16/12- 4/18/12: WiSec, ACM Conference on Wireless Network Security, Tucson, Arizona, USA; http://www.sigsac.org/wisec/WiSec2012/ 4/16/12- 4/20/12: PSOSM, Workshop on Privacy and Security in Online Social Media, Held in conjunction with the 21st International World Wide Web Conference (WWW 2012), Lyon, France; http://precog.iiitd.edu.in/psosm_www2012/ 4/19/12: CSET, 5th Workshop on Cyber Security Experimentation and Test, Bellevue, WA, USA; http://www.usenix.org/events/cset12/; Submissions are due 4/20/12: ProvSec, 6th International Conference on Provable Security, Chengdu, China; http://www.ccse.uestc.edu.cn/provsec/callforpapers.html; Submissions are due 4/24/12: LEET, 5th USENIX Workshop on Large-Scale Exploits and Emergent Threats, Co-located with NSDI 2012, San Jose, CA, USA; http://www.usenix.org/leet12/cfpa 5/ 1/12- 5/ 3/12: ASIACCS, 7th ACM Symposium on Information, Computer and Communications Security, Seoul, Republic of Korea; http://elec.sch.ac.kr/asiaccs/ 5/ 3/12- 5/ 4/12: COSADE, 3rd International Workshop on Constructive Side-Channel Analysis and Secure Design, Darmstadt, Germany; http://cosade2011.cased.de 5/ 4/12: ACM-CCS, 19th ACM Conference on Computer and Communications Security, Raleigh, North Carolina, USA; http://www.sigsac.org/ccs/CCS2012/; Submissions are due 5/12/12: LCN-SICK, Workshop on Security in Communications Networks, Held in Conjunction with IEEE LCN 2012, Clearwater, FL, USA; http://www.sick-workshop.org/; Submissions are due 5/15/12: CRITIS, 7th International Workshop on Critical Information Infrastructures Security, Radisson Blu Lillehammer Hotel, Turisthotellveien 6, 2609 Lillehammer, Norway; http://critis12.hig.no; Submissions are due 5/17/12: LISA, 26th Large Installation System Administration Conference, San Diego, CA, USA; http://www.usenix.org/lisa12/; Submissions are due 5/20/12- 5/23/12: SP, 33rd IEEE Symposium on Security and Privacy, San Francisco Bay Area, California, USA; http://www.ieee-security.org/TC/SP2012/cfp.html 5/24/12: WSCS, Workshop on Semantic Computing and Security, Co-located with the IEEE Security and Privacy Symposium 2012, The Westin Hotel, San Francisco, CA, USA; http://ieee-security.org/TC/SPW2012/wscs-website/wscs.php 5/24/12: MoST, Mobile Security Technologies Workshop, Co-located with IEEE Symposium on Security and Privacy 2012, The Westin St. Francis Hotel, San Francisco, CA, USA; http://www.mostconf.com 5/24/12: W2SP, Web 2.0 Security & Privacy Workshop, Co-located with IEEE Symposium on Security and Privacy 2012, The Westin St. Francis Hotel, San Francisco, CA, USA; http://www.w2spconf.com/2012/ 5/31/12: IEEE Transactions on Information Forensics and Security, Special Issue on Privacy and Trust Management in Cloud and Distributed Systems; http://www.signalprocessingsociety.org/uploads/special_issues_deadlines/privacy_policy.pdf; Submissions are due 6/ 1/12: IEEE Network Magazine, Special Issue on Cyber Security of Networked Critical Infrastructures; http://dl.comsoc.org/livepubs/ni/info/cfp/cfpnetwork0113.htm; Submissions are due 6/ 4/12: Nordsec, 17th Nordic Conference in Secure IT Systems, Karlskrona, Sweden; http://www.bth.se/com/nordsec2012.nsf/pages/nordsec2012; Submissions are due 6/ 4/12- 6/ 6/12: SEC, 27th IFIP International Information Security and Privacy Conference, Creta Maris Hotel, Heraklion, Crete, Greece; http://www.sec2012.org 6/ 6/12- 6/ 8/12: HAISA, 6th International Symposium on Human Aspects of Information Security and Assurance, Hersonissos, Crete, Greece; http://haisa.org/ 6/ 6/12- 6/ 8/12: WDFIA, 7th International Workshop on Digital Forensics and Incident Analysis, Hersonissos, Crete, Greece; http://www.wdfia.org/ 6/10/12- 6/15/12: SFCS, 1st IEEE International Workshop on Security and Forensics in Communication Systems, Held in conjunction with IEEE ICC 2012, Ottawa, Canada; http://sites.google.com/site/sfcs2012/ 6/15/12: NSS, 6th International Conference on Network and System Security, Wu Yi Shan, Fujian, China; http://anss.org.au/nss2012/index.html; Submissions are due 6/18/12- 6/21/12: ICDCS-NFSP, 1st International Workshop on Network Forensics, Security and Privacy, Held in conjunction with ICDCS 2012, Macau, China; http://www.deakin.edu.au/~syu/nfsp/ 6/18/12- 6/21/12: ICDCS-SPCC, 3rd International Workshop on Security and Privacy in Cloud Computing, Held in conjunction with ICDCS 2012, Macau, China; http://www.ece.iit.edu/~ubisec/workshop.htm 6/19/12- 6/22/12: WISTP, 6th Workshop on Information Security Theory and Practice, London, UK; http://www.wistp.org/ 6/20/12- 6/22/12: SACMAT, 17th ACM Symposium on Access Control Models and Technologies, Newark, NJ, USA; http://www.sacmat.org 6/25/12: DSPAN, 3rd IEEE Workshop on Data Security and PrivAcy in wireless Networks, Held in conjunction with The Thirteenth International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM 2012), San Francisco, CA, USA; http://www.ee.washington.edu/research/nsl/DSPAN_2012/ 6/25/12- 6/27/12: Mobisec, 4th International Conference on Security and Privacy in Mobile Information and Communication Systems, Frankfurt, Germany; http://mobisec.org/2012 6/25/12- 6/27/12: eGSSN, International Workshop on Trust, Security and Privacy in e-Government, e-Systems & Social Networking, Held in conjunction with the 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2012), Liverpool, UK; http://webs.um.es/jmalcaraz/eGSSN12 6/26/12- 6/28/12: DFIS, 6th International Symposium on Digital Forensics and Information Security, Vancouver, Canada; http://web.ftrai.org/dfis2012 6/26/12- 6/29/12: ACNS, 10th International Conference on Applied Cryptography and Network Security, Singapore; http://icsd.i2r.a-star.edu.sg/acns2012 6/29/12: STAST, 2nd International Workshop on Socio-Technical Aspects of Security and Trust, Co-located with Computer Security Foundation Symposium (CSF 2012), Harvard University, Cambridge, MA, USA; http://www.stast2012.uni.lu 7/11/12- 7/13/12: PETS, 12th Privacy Enhancing Technologies Symposium, Vigo, Spain; http://petsymposium.org/2012/ 7/15/11- 7/15/12: IEEE Internet Computing, Track Articles on Computer Crime; http://www.computer.org/portal/web/computingnow/cfptrack; Submissions are due 7/16/12- 7/20/12: SAPSE, 4th IEEE International Workshop on Security Aspects of Process and Services Engineering, Held in conjunction with the IEEE Signature Conference on Computers, Software, and Applications (COMPSAC 2012), Izmir, Turkey; http://compsac.cs.iastate.edu/workshop_details.php?id=48&y 7/18/12- 7/19/12: LASER, Workshop on Learning from Authoritative Security Experiment Results, Arlington, VA, USA; http://www.cert.org/laser-workshop/ 7/24/12- 7/27/12: SECRYPT, 9th International Conference on Security and Cryptography, Rome, Italy; http://secrypt.icete.org 7/30/12- 8/ 2/12: SecIoT, Workshop on the Security of the Internet of Things, Munich, Germany; http://www.nics.uma.es/seciot12/ 8/ 6/12: CSET, 5th Workshop on Cyber Security Experimentation and Test, Bellevue, WA, USA; http://www.usenix.org/events/cset12/ 8/ 6/12- 8/ 7/12: HealthSec, 3rd USENIX Workshop on Health Security and Privacy, Bellevue, WA, USA; http://www.usenix.org/events/healthsec12/ 8/ 8/12- 8/10/12: USENIX-Security, 21st USENIX Security Symposium, Bellevue, WA, USA; http://www.usenix.org/events/sec12/ 8/20/12- 8/24/12: SecSE, 6th International Workshop on Secure Software Engineering, Held in conjunction with ARES 2012, Prague, Czech Republic; http://www.sintef.org/secse 8/20/12- 8/24/12: WSDF, 5th International Workshop on Digital Forensics, Held in conjunction with ARES 2012, Prague, Czech Republic; http://www.ares-conference.eu/conf/index.php?option=com_content&view=article&id=49&Itemid=95 8/20/12- 8/24/12: MoCrySEn, 1st International Workshop on Modern Cryptography and Security Engineering, Held in conjunction with ARES 2012, Prague, Czech Republic; http://www.ares-conference.eu/conf/index.php?option=com_content& view=article&id=65&Itemid=120 9/ 3/12- 9/ 7/12: TrustBus, 9th International Conference on Trust, Privacy, and Security in Digital Business, Held in conjunction with DEXA 2012, Vienna University of Technology, Austria; http://www.ds.unipi.gr/trustbus12/ 9/ 9/12- 9/12/12: CHES, IACR Workshop on Cryptographic Hardware and Embedded Systems, Leuven, Belgium; http://www.iacr.org/workshops/ches/ches2012/start.php 9/12/12: CloudSec, 4th International Workshop on Security in Cloud Computing, Held in conjunction with the 41st ICPP, Pittsburgh, PA, USA; http://bingweb.binghamton.edu/~ychen/CloudSec2012.htm 9/17/12- 9/18/12: CRITIS, 7th International Workshop on Critical Information Infrastructures Security, Radisson Blu Lillehammer Hotel, Turisthotellveien 6, 2609 Lillehammer, Norway; http://critis12.hig.no 9/19/12- 9/21/12: NSPW, New Security Paradigms Workshop, Bertinoro, Italy; http://www.nspw.org 9/26/12- 9/28/12: ProvSec, 6th International Conference on Provable Security, Chengdu, China; http://www.ccse.uestc.edu.cn/provsec/callforpapers.html 10/ 1/12-10/ 4/12: SSS, 14th International Symposium on Stabilization, Safety, and Security of Distributed Systems, Toronto, Canada; http://www.cs.uwaterloo.ca/sss2012/ 10/ 8/12-10/11/12: SRDS, 31st International Symposium on Reliable Distributed Systems, Irvine, California, USA; http://web.mst.edu/~cswebdb/srds2012/ 10/16/12-10/18/12: ACM-CCS, 19th ACM Conference on Computer and Communications Security, Raleigh, North Carolina, USA; http://www.sigsac.org/ccs/CCS2012/ 10/20/12-10/25/12: LCN-SICK, Workshop on Security in Communications Networks, Held in Conjunction with IEEE LCN 2012, Clearwater, FL, USA; http://www.sick-workshop.org/ 10/31/12-11/ 2/12: Nordsec, 17th Nordic Conference in Secure IT Systems, Karlskrona, Sweden; http://www.bth.se/com/nordsec2012.nsf/pages/nordsec2012 11/21/12-11/23/12: NSS, 6th International Conference on Network and System Security, Wu Yi Shan, Fujian, China; http://anss.org.au/nss2012/index.html 12/ 9/12-12/14/12: LISA, 26th Large Installation System Administration Conference, San Diego, CA, USA; http://www.usenix.org/lisa12/ ____________________________________________________________________ Journal, Conference and Workshop Calls-for-Papers (new since Cipher E106) ___________________________________________________________________ SECRYPT 2012 9th International Conference on Security and Cryptography, Rome, Italy, July 24-27, 2012. (Submissions due 19 March 2012) http://secrypt.icete.org SECRYPT is an annual international conference covering research in information and communication security. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of data protection, privacy, security, and cryptography. Papers describing the application of security technology, the implementation of systems, and lessons learned are also encouraged. ------------------------------------------------------------------------- eGSSN 2012 International Workshop on Trust, Security and Privacy in e-Government, e-Systems & Social Networking, Held in conjunction with the 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2012), Liverpool, UK, June 25-27, 2012. (Submissions due 21 March 2012) http://webs.um.es/jmalcaraz/eGSSN12 Electronic systems (e-systems) have increased tremendously in recent years. Clear examples of e-systems include e-commerce, e-payment systems, e-government systems and social networks. The incredibly amount of people using these systems make them more vulnerable to receive a great diversity of attacks such as denial of service, hijacking, spoofing, man in the middle, etc. Moreover, the information sensible usually managed in e-systems is another reason for receiving attacks intensively. This workshop aims to identify and explore different issues and challenges related to security aspects in e-systems in general and specially in e-government and social networking. Questions like "how to preserve privacy and anonymity in social network? How to provide a secure authentication for e-government? What is a suitable trust model for e-systems? How to federate social networks? How e-government may manage risk?" are those waiting for answers. This workshop provides an ideal vehicle for bringing together researchers, scientists, engineers, academics and students all around the world to share the latest updates on new security technologies that would shape the next generation of mobile and wireless systems and technology platforms. We are interested in the following topics, but are not limited to: - Trust Management in e-Government, e-Systems or Social Networks - Reputation Management in e-Government, e-Systems or Social Networks - Authentication schemes in e-Government, e-Systems or Social Networks - Authorization Models in e-Government, e-Systems or Social Networks - Privacy of e-Government, e-Systems or Social Networks - Risk Management in e-Government, e-Systems or Social Networks - Policy-based Management for e-Government, e-Systems or Social Networks - Security Models for e-Government, e-Systems or Social Networks - Service Level Agreements about Security in e-Government, e-Systems or Social Networks - Identity Management in e-Government, e-Systems or Social Networks - Federation Management in e-Government, e-Systems or Social Networks - Anonymity in e-Government, e-Systems or Social Networks - Accounting in e-Government, e-Systems or Social Networks ------------------------------------------------------------------------- LASER 2012 Workshop on Learning from Authoritative Security Experiment Results, Arlington, VA, USA, July 18-19, 2012. (Submissions due 26 March 2012) http://www.cert.org/laser-workshop/ The goal of this workshop is to provide an outlet for publication of unexpected research results in security -- to encourage people to share not only what works, but also what doesn't. This doesn't mean bad research -- it means research that had a valid hypothesis and methods, but the result was negative. Given the increased importance of computer security, the security community needs to quickly identify and learn from both success and failure. Journal papers and conferences typically contain papers that report successful experiments that extend our knowledge of the science of security, or assess whether an engineering project has performed as anticipated. Some of these results have high impact; others do not. Unfortunately, papers reporting on experiments with unanticipated results that the experimenters cannot explain, or experiments that are not statistically significant, or engineering efforts that fail to produce the expected results, are frequently not considered publishable, because they do not appear to extend our knowledge. Yet, some of these "failures" may actually provide clues to even more significant results than the original experimenter had intended. The research is useful, even though the results are unexpected. Useful research includes a well-reasoned hypothesis, a well-defined method for testing that hypothesis, and results that either disprove or fail to prove the hypothesis. It also includes a methodology documented sufficiently so that others can follow the same path. When framed in this way, "unsuccessful" research furthers our knowledge of a hypothesis and testing method. Others can reproduce the experiment itself, vary the methods, and change the hypothesis; the original result provides a place to begin. As an example, consider an experiment assessing a protocol utilizing biometric authentication as part of the process to provide access to a computer system. The null hypothesis might be that the biometric technology does not distinguish between two different people; in other words, that the biometric element of the protocol makes the approach vulnerable to a masquerade attack. Suppose the null hypothesis is verified. It would still be worth publishing this result. First, it might prevent others from trying the same biometric method. Second, it might lead them to further develop the technology - to determine whether a different style of biometrics would improve matters, or if the environment in which authentication is being attempted makes a difference. For example, a retinal scan may be a failure in recognizing people in a crowd, but successful where the users present themselves one at a time to an admission device with controlled lighting, or when multiple "tries" are included. Third, it might lead to modifying the encompassing protocol so as to make masquerading more difficult for some other reason. Equally important is research designed to reproduce the results of earlier work. Reproducibility is key to science, to validate or uncover errors or problems in earlier work. Failure to reproduce the results leads to a deeper understanding of the phenomena that the earlier work uncovers. The workshop focuses on research that has a valid hypothesis and reproducible experimental methodology, but where the results were unexpected or did not validate the hypotheses, where the methodology addressed difficult and/or unexpected issues, or that identified previously unsuspected confounding issues. We solicit research and position papers addressing these issues, especially (but not exclusively) on the following topics: - Unexpected research results in experimental security - Methods, statistical analyses, and designs for security experiments - Experimental confounds, mistakes, mitigations - Successes and failures in reproducing the experimental techniques and/or results of earlier work ------------------------------------------------------------------------- SRDS 2012 31st International Symposium on Reliable Distributed Systems, Irvine, California, USA, October 8-11, 2012. (Submissions due 26 March 2012) http://web.mst.edu/~cswebdb/srds2012/ The Symposium on Reliable Distributed Systems is a forum for researchers and practitioners interested in distributed systems design, development and evaluation, with emphasis on reliability, availability, safety, security, trust and real time. We welcome original research papers as well as practical experience reports that deal with design, development and experimental results of operational systems. The major areas of interest include, but are not limited to, the following topics: - Cloud computing and virtualization - Autonomic, pervasive, and ubiquitous computing - Secure and trusted storage systems - Secure and dependable web services - High-confidence and Safety-critical systems - Parallel and distributed operating systems - Distributed objects and middleware systems - Fault-tolerant and secure sensor networks - Event-based processing and peer-to-peer infrastructures - Distributed databases and transaction processing - Distributed measurement, monitoring, and predictions - Wireless ad hoc networks - Electronic commerce and enabling technologies - Formal methods and foundations for dependable distributed computing - Analytical or experimental evaluations of dependable distributed systems - Internet-based systems and applications - Scalable systems design - QoS control and assessment - Trust and scalable system design in social networks - Social media and privacy issues ------------------------------------------------------------------------- SecSE 2012 6th International Workshop on Secure Software Engineering, Held in conjunction with ARES 2012, Prague, Czech Republic, August 20-24, 2012. (Submissions due 30 March 2012) http://www.sintef.org/secse Software security is about protecting information and ensuring that systems continue to function correctly even when under malicious attack. The traditional approach of securing a system has been to create defensive walls such as intrusion detection systems and firewalls around it, but there are always cracks in these walls, and thus such measures are no longer sufficient by themselves. We need to be able to build better, more robust and more "inherently secure" systems, and we should strive to achieve these qualities in all software systems, not just in the ones that "obviously" need special protection. This workshop will focus on techniques, experiences and lessons learned for building secure and dependable software. Suggested topics include, but are not limited to: - Secure architecture and design - Security in agile software development - Aspect-oriented software development for secure software - Security requirements - Risk management in software projects - Secure implementation - Secure deployment - Testing for security - Quantitative measurement of security properties - Static/dynamic analysis for security - Verification and assurance techniques for security properties - Security and usability - Design and deployment of secure services - Secure composition and adaptation of services - Teaching secure software development - Experience reports on successfully attuning developers to secure software engineering - Lessons learned ------------------------------------------------------------------------- WSDF 2012 5th International Workshop on Digital Forensics, Held in conjunction with ARES 2012, Prague, Czech Republic, August 20-24, 2012. (Submissions due 30 March 2012) http://www.ares-conference.eu/conf/index.php?option=com_content& view=article&id=49&Itemid=95 Digital forensics is a rapidly evolving field primarily focused on the extraction, preservation and analysis of digital evidence obtained from electronic devices in a manner that is legally acceptable. Research into new methodologies tools and techniques within this domain is necessitated by an ever-increasing dependency on tightly interconnected, complex and pervasive computer systems and networks. The ubiquitous nature of our digital lifestyle presents many avenues for the potential misuse of electronic devices in crimes that directly involve, or are facilitated by, these technologies. The aim of digital forensics is to produce outputs that can help investigators ascertain the overall state of a system. This includes any events that have occurred within the system and entities that have interacted with that system. Due care has to be taken in the identification, collection, archiving, maintenance, handling and analysis of digital evidence in order to prevent damage to data integrity. Such issues combined with the constant evolution of technology provide a large scope of digital forensic research. WSDF aims to bring together experts from academia, industry, government and law enforcement who are interested in advancing the state of the art in digital forensics by exchanging their knowledge, results, ideas and experiences. The aim of the workshop is to provide a relaxed atmosphere that promotes discussion and free exchange of ideas while providing a sound academic backing. The focus of this workshop is not only restricted to digital forensics in the investigation of crime. It also addresses security applications such as automated log analysis, forensic aspects of fraud prevention and investigation, policy and governance. ------------------------------------------------------------------------- SAPSE 2012 4th IEEE International Workshop on Security Aspects of Process and Services Engineering, Held in conjunction with the IEEE Signature Conference on Computers, Software, and Applications (COMPSAC 2012), Izmir, Turkey, July 16-20, 2012. (Submissions due 30 March 2012) http://compsac.cs.iastate.edu/workshop_details.php?id=48&y The workshop aims to foster cooperation among software practitioners and researchers in order to exchange the latest industrial experience and research ideas on services and processes engineering. Complex software systems are at the core of most business transactions, making the area of processes and services engineering a very attractive field for innovative research and for facing new challenges. Research is devoted to the software engineering of service-oriented applications with the goal of providing effective solutions to the development, deployment and management of the resulting applications. In this scenario, security pla+ys a fundamental role, since the resulting software system is expected to function correctly and resist also to malicious attacks under different changing threat scenarios. New techniques and methodologies are needed to be able to build better, more robust and more trusted systems, where security is taken into account and integrated in the whole design process since the very first stages. ------------------------------------------------------------------------- MoCrySEn 2012 1st International Workshop on Modern Cryptography and Security Engineering, Held in conjunction with ARES 2012, Prague, Czech Republic, August 20-24, 2012. (Submissions due 31 March 2012) http://www.ares-conference.eu/conf/index.php?option=com_content& view=article&id=65&Itemid=120 MoCrySEn aims to bring together researchers working in theoretical aspects of modern cryptography (including but not restricted to design and analysis of symmetric-key primitives and cryptosystems, block and stream ciphers, hash functions and MAC algorithms, efficient implementations and analysis of code-based cryptosystems, threshold schemes) with professionals working on applied aspects of security engineering, particularly people involved in standardization and in industrial deployment of cryptography (encryption schemes for databases and related security, cryptography in wireless applications, hardware for cryptanalysis, FPGA and smart cards security). The main goal of the workshop is to strengthen the dialogue between these two groups, which is currently perceived to be weak. Ultimately, we aim to make a start on bridging the gap between what academic cryptographers believe should be the goals of cryptographic design and what is actually implemented in the real world. MoCrySEn intends to provide a better understanding of real-world cryptographic issues to the theoretical community, helping to inform their research and set new research challenges for the theoretical community and enable practitioners to develop a clearer view of the current state-of-the-art in cryptographic research and what it offers to practitioners. ------------------------------------------------------------------------- Mobisec 2012 4th International Conference on Security and Privacy in Mobile Information and Communication Systems, Frankfurt, Germany, June 25-27, 2012. (Submissions due 2 April 2012) http://mobisec.org/2012 MobiSec's focus is the convergence of information and communication technology in mobile scenarios. This convergence is realised in intelligent mobile devices, accompanied by the advent of next-generation communication networks. Privacy and security aspects need to be covered at all layers of mobile networks, from mobile devices, to privacy respecting credentials and mobile identity management, up to machine-to-machine communications. In particular, mobile devices such as Smartphones and Internet Tablets have been very successful in commercialization. However, their security mechanisms are not always able to deal with the growing trend of information-stealing attacks. As mobile communication and information processing becomes a commodity, economy and society require protection of this precious resource. Mobility and trust in networking go hand in hand for future generations of users, who need privacy and security at all layers of technology. In addition, the introduction of new data collection practices and data-flows (e.g. sensing data) from the mobile device makes it more difficult to understand the new security and privacy threats introduced. MobiSec strives to bring together the leading-edge of academia and industry in mobile systems security, as well as practitioners, standards developers and policymakers. Contributions may range from architecture designs and implementations to cryptographic solutions for mobile and resource-constrained devices. ------------------------------------------------------------------------- TrustBus 2012 9th International Conference on Trust, Privacy, and Security in Digital Business, Held in conjunction with DEXA 2012, Vienna University of Technology, Austria, September 3-7, 2012. (Submissions due 6 April 2012) http://www.ds.unipi.gr/trustbus12/ The advances in the Information and Communication Technologies (ICT) have raised new opportunities for the implementation of novel applications and the provision of high quality services over global networks. The aim is to utilize this information society era?for improving the quality of life for all citizens, disseminating knowledge, strengthening social cohesion, generating earnings and finally ensuring that organizations and public bodies remain competitive in the global electronic marketplace. Unfortunately, such a rapid technological evolution cannot be problem-free. Concerns are raised regarding the lack of trust?in electronic procedures and the extent to which information security?and user privacy?can be ensured. In answer to these concerns, the 9th International Conference on Trust, Privacy and Security in Digital Business (TrustBus?2) will provide an international forum for researchers and practitioners to exchange information regarding advancements in the state of the art and practice of trust and privacy in digital business. TrustBus?2 will bring together researchers from different disciplines, developers, and users all interested in the critical success factors of digital business systems. We are interested in papers, work-in-progress reports, and industrial experiences describing advances in all areas of digital business applications related to trust and privacy, including, but not limited to: - Anonymity and pseudonymity in business transactions - Business architectures and underlying infrastructures - Common practice, legal and regulatory issues - Cryptographic protocols - Delivery technologies and scheduling protocols - Design of business models with security requirements - Economics of Information Systems Security - Electronic cash, wallets and pay-per-view systems - Enterprise management and consumer protection - Identity and Trust Management - Intellectual property and digital rights management - Intrusion detection and information filtering - Languages for description of services and contracts - Management of privacy & confidentiality - Models for access control and authentication - Multimedia web services - New cryptographic building-blocks for e-business applications - Online transaction processing - PKI & PMI - Public administration, governmental services - P2P transactions and scenarios - Real-time Internet E-Services - Reliability and security of content and data - Reliable auction, e-procurement and negotiation technology - Reputation in services provision - Secure process integration and management - Security and Privacy models for Pervasive Information Systems - Security Policies - Shopping, trading, and contract management tools - Smartcard technology - Transactional Models - Trust and privacy issues in mobile commerce environments - Usability of security technologies and services - Trust and privacy issues in the cloud ------------------------------------------------------------------------- NSPW 2012 New Security Paradigms Workshop, Bertinoro, Italy, September 19-21, 2012. (Submissions due 6 April 2012) http://www.nspw.org The New Security Paradigms Workshop (NSPW) invites papers that address the current limitations of information security. Today's security risks are diverse and plentiful - botnets, database breaches, phishing attacks, targeted cyber attacks - and yet present tools for combating them are insufficient. To address these limitations, NSPW welcomes unconventional, promising approaches to important security problems and innovative critiques of current security theory and practice. We are particularly interested in perspectives from outside computer security, both from other areas of computer science (such as operating systems, human-computer interaction, databases, programming lan- guages, algorithms) and other sciences that study adversarial relationships such as biology and economics. We discourage papers that offer incremental improvements to security and mature work that is appropriate for standard information security venues. To facilitate research interactions, NSPW features informal paper presentations, extended discussions, shared activities, and group meals, all in the spectacular setting of Bertinoro, Italy. By encouraging researchers to think "outside the box" and giving them an opportunity to communicate with open-minded peers, NSPW seeks to foster paradigm shifts in the field of information security. ------------------------------------------------------------------------- HealthSec 2012 3rd USENIX Workshop on Health Security and Privacy, Bellevue, WA, USA, August 6-7, 2012. (Submissions due 10 April 2012) http://www.usenix.org/events/healthsec12/ The focus of HealthSec '12 will be on the development of new techniques and policies to ensure the privacy and security of next-generation healthcare systems and devices. HealthSec is intended as a forum for lively discussion of aggressively innovative and potentially disruptive ideas on all aspects of medical and health security and privacy. We strongly encourage cross-disciplinary interactions between fields, including, but not limited to, technology, medicine, and policy. ------------------------------------------------------------------------- CloudSec 2012 4th International Workshop on Security in Cloud Computing, Held in conjunction with the 41st ICPP, Pittsburgh, PA, USA, September 12, 2012. (Submissions due 15 April 2012) http://bingweb.binghamton.edu/~ychen/CloudSec2012.htm Cloud Computing has generated interest from both industry and academia since 2007. As an extension of Grid Computing and Distributed Computing, Cloud Computing aims to provide users with flexible services in a transparent manner. Services are allocated in a cloud, which is a collection of devices and resources connected through the Internet. Before this paradigm can be widely accepted, the security, privacy and reliability provided by the services in the cloud must be well established. CloudSec 2012 will bring researchers and experts together to present and discuss the latest developments and technical solutions concerning various aspects of security issues in Cloud Computing. CloudSec 2012 seeks original unpublished papers focusing on theoretical analysis, emerging applications, novel system architecture construction and design, experimental studies, and social impacts of Cloud Computing. Both review/survey papers and technical papers are encouraged. CloudSec 2012 also welcomes short papers related to Security in Cloud Computing, which summarize speculative breakthroughs, work-in-progress, industry featured projects, open problems, new application challenges, visionary ideas, and preliminary studies. The topics include but are not limited to: - Emerging threats to Cloud-based services - Security model for new services - Security in Cloud-aware web service - Information hiding/encryption in Cloud Computing - Copyright protection in the Cloud - Securing distributed data storage in cloud - Privacy and security in Cloud Computing - Forensics in Cloud environments - Robust network architecture - Cloud Infrastructure Security - Intrusion detection/prevention - Denial-of-Service (DoS) attacks and defense - Robust job scheduling - Secure resource allocation and indexing - Secure payment for Cloud-aware services - User authentication in Cloud-aware services - Non-Repudiation solutions in the Cloud - Security for emerging Cloud programming models - Performance evaluation for security solutions - Testbed/Simulators for Cloud security research - Security hardware, i.e. hardware for encryption, etc. - Detection and prevention of hardware Trojans ------------------------------------------------------------------------- STAST 2012 2nd International Workshop on Socio-Technical Aspects of Security and Trust, Co-located with Computer Security Foundation Symposium (CSF 2012), Harvard University, Cambridge, MA, USA, June 29, 2012. (Submissions due 15 April 2012) http://www.stast2012.uni.lu The workshop intends to foster an interdisciplinary discussion on how to model and analyse the socio-technical aspects of modern security systems and on how to protect such systems from socio-technical threats and attacks. We welcome experts in computer science, in social and behavioural sciences, philosophy and psychology. Relevant topics include but are not limited to: - Usability Analysis - System-User Interfaces - Psychology of Deception - Socio-Technical Attacks and Defences - User Perception of Security and Trust - Design of Socio-Technical Secure Systems - Cognitive Aspect in Human Computer Interaction - Human Practice - Behavioural Models - Social Engineering - Modelling and Analysis of Security - Ceremonies and Workflows - Game Theoretical Approaches to Security - Cyber Crime Science - Security Properties Specification and Verification - Threat and Adversary Models - Social Informatics and Networks - Effects of Technology on Trust Building Behaviour - Experiences and Test Cases ------------------------------------------------------------------------- IEEE Signal Processing Magazine, Special Issue on Signal Processing in the Encrypted Domain: when Cryptography Meets Signal Processing, March, 2013, (Submission Due 15 April 2012) http://www.signalprocessingsociety.org/uploads/Publications/SPM/cryptography.pdf Editors: M. Barni (University of Siena, Italy), T. Kalker (Huawei, USA), and S. Katzenbeisser (Techn. Universitat Darmstadt, Germany) Computing with signals that are encrypted or otherwise hidden (often referred to as S.P.E.D. for signal processing in the encrypted domain) is a fascinating challenge that has caught the attention of a large number of researchers. In the last 5 years theoretical and practical advances in this field have been impressive, thus contributing to bring S.P.E.D. technology closer to real life requirements. As a matter of fact, the usage of S.P.E.D. techniques in real-world applications starts being viable, at least in cases where a suitable trade-off between efficiency and security is possible. The goal of this special issue is to introduce the readers of the Signal Processing Magazine to this new exciting and challenging discipline, providing them with the basic primitives S.P.E.D. relies on, and presenting the latest developments in the field, with particular attention to the role that the signal processing community may play in this field. Tutorial and survey papers, as well as papers illustrating the applications of S.P.E.D. techniques in in selected scenarios are solicited. ------------------------------------------------------------------------- SSS 2012 14th International Symposium on Stabilization, Safety, and Security of Distributed Systems, Toronto, Canada, October 1-4, 2012. (Submissions due 16 April 2012) http://www.cs.uwaterloo.ca/sss2012/ The SSS symposium is a prestigious international forum for researchers and practitioners in the design and development of fault-tolerant distributed systems with self-* properties, such as self-stabilizing, self-configuring, self-organizing, self-managing, self-repairing, self-healing, self-optimizing, self-adaptive, and self-protecting systems. Research in distributed systems is now at a crucial point in its evolution, marked by the importance of dynamic systems such as cloud networks, social networks, peer-to-peer networks, large-scale wireless sensor networks, mobile ad hoc networks, etc., and many new applications such as grid and web services, banking and e-commerce, e-health and robotics, aerospace and avionics, automotive, industrial process control, etc. have joined the traditional applications of distributed systems. ------------------------------------------------------------------------- CSET 2012 5th Workshop on Cyber Security Experimentation and Test, Bellevue, WA, USA, August 6, 2012. (Submissions due 19 April 2012) http://www.usenix.org/events/cset12/ The science of cyber security is challenging for a number of reasons. Meeting these challenges requires transformational advances, including understanding of the relationship between scientific method and cyber security evaluation, advancing capabilities of underlying experimental infrastructure, and improving data usability. CSET invites submissions on the science of cyber security evaluation, as well as experimentation, measurement, metrics, data, and simulations as those subjects relate to computer and network security. ------------------------------------------------------------------------- ProvSec 2012 6th International Conference on Provable Security, Chengdu, China, September 26-28, 2012. (Submissions due 20 April 2012) http://www.ccse.uestc.edu.cn/provsec/callforpapers.html Provable security is an important research area in modern cryptography. Cryptographic primitives or protocols without a rigorous proof cannot be regarded as secure even in practice. In fact, there are many schemes that were originally thought as secure but eventually broken, which clearly indicates the need of formal security assurance. With provable security, we are confident in using cryptographic schemes and protocols in various real-world applications. Meanwhile, schemes with provable security sometimes give only theoretical feasibility rather than a practical construction, and correctness of the proofs may be difficult to verify. ProvSec conference thus provides a platform for researchers, scholars and practitioners to exchange new ideas for solving these problems in the provable security area. Topics include all aspects of provable security for cryptographic primitives or protocols, and include but are not limited to the following areas: - Cryptographic primitives - Digital signatures - Formal security model - Lattice-based security reductions - Pairing-based provably secure cryptography - Privacy and anonymity technologies - Provable secure block ciphers and hash functions - Secure cryptographic protocols and applications - Security notions, approaches, and paradigms - Steganography and steganalysis ------------------------------------------------------------------------- ACM-CCS 2012 19th ACM Conference on Computer and Communications Security, Raleigh, North Carolina, USA, October 16-18, 2012. (Submissions due 4 May 2012) http://www.sigsac.org/ccs/CCS2012/ The annual ACM Computer and Communications Security Conference is a leading international forum for information security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange techniques, tools, and experiences. The conference seeks submissions from academia, government, and industry presenting novel research on all practical and theoretical aspects of computer and communications security. Papers should have relevance to the construction, evaluation, application, or operation of secure systems. Theoretical papers must make a convincing argument for the practical significance of the results. All topic areas related to computer and communications security are of interest and in scope. Accepted papers will be published by ACM Press in the conference proceedings. Outstanding papers will be invited for possible publication in a special issue of the ACM Transactions on Information and System Security. ------------------------------------------------------------------------- LCN-SICK 2012 Workshop on Security in Communications Networks, Held in Conjunction with IEEE LCN 2012, Clearwater, FL, USA, October 22-25, 2012. (Submissions due 12 May 2012) http://www.sick-workshop.org/ Recent years have seen growth in the number of services and applications that enable groups of people and/or devices to communicate and collaborate in real-time. Often times, these groups are spontaneously formed based on a common interest or objective, have a limited life span and use one or more network technologies to connect group members with available resources and each other. Examples range from multi-player online games and video conferencing to the coordination of first responders at a crime scene or troops in a battlefield. Secure group communication is a difficult problem that needs to be addressed to guarantee the confidentiality, integrity, and availability of these applications. Challenges include user mobility, device heterogeneity, lack of infrastructure, cross domain interactions, as well as dynamic memberships without pre-configuration. The main purpose of this workshop is to promote further research interests and activities on Secure Group Communication. This workshop aims to increase the synergy between academic and industrial researchers working in this area. We are interested in experimental, systems-related, and work-in-progress papers in all aspects of Secure Group Communications. ------------------------------------------------------------------------- CRITIS 2012 7th International Workshop on Critical Information Infrastructures Security, Radisson Blu Lillehammer Hotel, Turisthotellveien 6, 2609 Lillehammer, Norway, September 17-18, 2012. (Submissions due 15 May 2012) http://critis12.hig.no Critical key sectors of modern economies depend highly on Information and Communication Technologies (ICT). Disruption, disturbance or loss of information flowing through and processed by ICT infrastructures can, as well as incidents in the sector infrastructure itself, lead to various damages such as high economical, material, or ecological impact, loss of vital societal functions and social well-being of people, and in the most unfortunate cases loss of human lives. As a consequence the security, reliability and resilience of these infrastructures are critical for the society. The topic of Critical (Information) Infrastructure Protection (C(I)IP) is therefore a major objective for governments, companies and the research community of the major industrial countries worldwide. The CRITIS'12 conference is the well-established continuation of the series and aims to explore the new challenges posed by C(I)IP bringing together researchers and professionals from academia, industry and governmental agencies interested in all different aspects of C(I)IP. Especially promoted by CRITIS'12 are multi-disciplinary approaches within the scientific communities at national, European and global level. Authors are solicited to contribute to the conference by submitting research papers, work-in-progress reports, R&D project results, surveying works and industrial experiences describing significant advances in C(I)IP. ------------------------------------------------------------------------- LISA 2012 26th Large Installation System Administration Conference, San Diego, CA, USA, December 9-14, 2012. (Submissions due 17 May 2012) http://www.usenix.org/lisa12/ The annual LISA conference is the meeting place of choice for system and network administrators and engineers; it is the crossroads of Web operations, DevOps, enterprise computing, educational computing, and research computing. The conference serves as a venue for a lively, diverse, and rich mix of technologists of all specialties and levels of expertise. LISA is the place to teach and learn new skills, debate current issues, and meet industry gurus, colleagues, and friends. ------------------------------------------------------------------------- IEEE Transactions on Information Forensics and Security, Special Issue on Privacy and Trust Management in Cloud and Distributed Systems, June 1, 2013, (Submission Due 31 May 2012) http://www.signalprocessingsociety.org/uploads/special_issues_deadlines /privacy_policy.pdf Editors: Karl Aberer (Ecole Polytechnique Federale de Lausanne, Switzerland), Sen-ching Samson Cheung (University of Kentucky, USA), Jayant Haritsa (Indian Institute of Science, India), Bill Horne (Hewlett-Packard Laboratories, USA), Kai Hwang (University of Southern California, USA), and Yan (Lindsay) Sun (University of Rhode Island, USA) With the increasing drive towards availability of data and services anytime anywhere, privacy risks have significantly increased. Unauthorized disclosure, modification, usage, or uncontrolled access to privacy-sensitive data may result in high human and financial costs. In the distributed computing environments, trust plays a crucial role in mitigating the privacy risk by guaranteeing meaningful interactions, data sharing, and communications. Trust management is a key enabling technology for security and privacy enhancement. While privacy preservation and trust management are already challenging problems, it is imperative to explore how privacy-oriented and trust-oriented approaches can integrate to bring new solutions in safeguarding information sharing and protecting critical cyber-infrastructure. Furthermore, there are questions about whether existing trust models and privacy preserving schemes are robust against attacks. This Call for Papers invites researchers to contribute original articles that cover a broad range of topics related to privacy preservation and trust management in cloud and distributed systems, with a focus on emerging networking contexts such as social media, cloud computing, and power grid systems. Example topics include but are not limited to: - Privacy Enhanced Technology: privacy preserving data mining, publishing, and disclosure; access control, anonymity, audit, and authentication; applied cryptography, cryptanalysis, and digital signatures in PET; abuse cases and threat modeling; theoretical models and formal methods; application of physical security for privacy enhancement. - Trust and Reputation Management: trust management architectures and trust models; quantitative metrics and computation; security of trust management protocols/systems; evaluation and test bed; trust related privacy enhancement solutions. - Privacy and Trust in Emerging Complex Systems including: social networking; cloud computing; power grid systems; sensor networks; Internet of Things; multimedia surveillance networks. - Other Related Topics such as trust and privacy policies; human factors and usability; censorship; economics of trust and privacy; behavior modeling. ------------------------------------------------------------------------- IEEE Network Magazine, Special Issue on Cyber Security of Networked Critical Infrastructures, January 2013, (Submission Due 1 June 2012) http://dl.comsoc.org/livepubs/ni/info/cfp/cfpnetwork0113.htm Editors: Saeed Abu-Nimeh (Damballa Inc., USA), Ernest Foo (Queensland University of Technology Australia, Australia), Igor Nai Fovino (Global Cyber Security Center, Italy), Manimaran Govindarasu (Iowa State University, USA), and Tommy Morris (Mississippi State University, USA) The daily lives of millions of people depend on processing information and material through a network of critical infrastructures. Critical infrastructures include agriculture and food, water, public health, emergency services, government, the defense industrial base, information and telecommunications, energy, transportation and shipping, banking and finance, chemical industry and hazardous materials, post, national monuments and icons, and critical manufacturing. Disruption or disturbance of critical infrastructures can lead to economical and human losses. Additionally, the control network of most critical installations is integrated with broader information and communication systems, including the company business network. Most maintenance services on process control equipment are performed remotely. Further, the cyber security of critical infrastructure systems has come into focus recently as more of these systems are exposed to the Internet. Therefore, Critical Infrastructure Protection (CIP) has become a topic of interest for academics, industries, governments, and researchers in the recent years. A common theme among critical infrastructure is the dependence upon secure cyber systems for command and control. This special issue will focus on network aspects that impact the cyber security of Critical Infrastructure Protection and Resilience. Tutorial based manuscripts which cover recent advances in one or more of the topic areas below are requested. Topics may include (but are not limited to): - Security of supervisory control and data acquisition (SCADA) systems - Security of the smart grid - Cyber security of industrial control systems - Security of complex and distributed critical infrastructures - DNS and Internet Security (as critical infrastructures) - Security metrics, benchmarks, and data sets - Attack modeling, prevention, mitigation, and defense - Early warning and intrusion detection systems - Self-healing and self-protection systems - Advanced forensic methodologies - Cyber-physical systems security approaches and algorithms - Critical infrastructure security policies, standards and regulations - Vulnerability and risk assessment methodologies for distributed critical infrastructures - Simulation and testbeds for the security evaluation of critical infrastructures ------------------------------------------------------------------------- Nordsec 2012 17th Nordic Conference in Secure IT Systems, Karlskrona, Sweden, October 31 - November 2, 2012. (Submissions due 4 June 2012) http://www.bth.se/com/nordsec2012.nsf/pages/nordsec2012 Since 1996, the NordSec conferences have brought together computer security researchers and practitioners from around the world, particular from the Nordic countries and Northern Europe. The conference focuses on applied IT security and is intended to encourage interaction between academic and industrial research. Contributions should reflect original research, developments, studies and practical experience within all areas of IT security. NordSec 2012 welcomes contributions over a broad range of topics in IT security, including, but not limited to, the following areas: - Applied Cryptography - Information Warfare & Cyber Security - Communication & Network Security - Wireless and Mobile Security - Computer Crime and Forensics - Hardware Security - Virtual Platform Security - Web and Cloud Security - Identity Management - Authentication and Biometrics - Firewalls and Intrusion Detection - New Ideas and Paradigms in Security - Operating System Security - PKI Systems and Key Escrow - Privacy & Anonymity - Security Education and Training - Security Evaluations and Assurance - Security Management and Audit - Social-Engineering and Phishing - Software and Application Security - Trust and Reputation Management ------------------------------------------------------------------------- NSS 2012 6th International Conference on Network and System Security, Wu Yi Shan, Fujian, China, November 21-23, 2012. (Submissions due 15 June 2012) http://anss.org.au/nss2012/index.html NSS is an annual international conference covering research in network and system security. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of network security, privacy, applications security, and system security. Papers describing case studies, implementation experiences, and lessons learned are also encouraged. Topics of interest include but are not limited to: - Active Defense Systems - Hardware Security - Security in P2P systems - Adaptive Defense SystemsAnalysis - Benchmark of Security Systems - Identity Management - Intelligent Defense Systems - Security in Cloud and Grid Systems - Security in E-Commerce - Applied Cryptography - Authentication - Insider Threats - Intellectual Property Rights Protection - Security in Pervasive/Ubiquitous Computing - Security and Privacy in Smart Grid - Biometric Security - Complex Systems Security - Internet and Network Forensics - Intrusion Detection and Prevention - Secure Mobile Agents and Mobile Code - Security and Privacy in Wireless Networks - Database and System Security - Data Protection Key Distribution and Management - Large-scale Attacks and Defense Security Policy - Security Protocols - Data/System Integrity - Distributed Access Control - Malware - Network Resiliency - Security Simulation and Tools - Security Theory and Tools - Distributed Attack Systems - Network Security - Standards and Assurance Methods - Denial-of-Service - RFID Security and Privacy - Trusted Computing - High Performance - Network Virtualization - Security Architectures - Trust Management - High Performance Security Systems - Security for Critical Infrastructures - World Wide Web Security ------------------------------------------------------------------------- IEEE Internet Computing, Track Articles on Computer Crime, 2012, (Submission will be accepted for this track from 15 July 2011 to 15 July 2012) http://www.computer.org/portal/web/computingnow/cfptrack Editors: Nasir Memon (New York University, USA) and Oliver Spatscheck (AT&T, USA) As the Internet has grown and extended its reach into every part of people's lives, it shouldn't be surprising that criminals have seized the opportunity to expand their activities into this new realm. This has been fostered in particular by the fact that the Internet was designed as an open and trusting environment. Unfortunately many of these architectural choices are fundamental to the Internet's success and current architecture and are therefore hard to overcome. Computer crime ranges from rather simple crimes such as theft of intellectual property or computer and network resources to complex cooperate espionage or even cyber terrorism. This special track for Internet Computing seeks original articles that cover computer crime as it relates to the Internet. Appropriate topics include: - trends and classification of criminal activities on the Internet; - computer crime prevention, including approaches implemented in user interfaces, end user systems, networks, or server infrastructure; - case studies of criminal activities; - computer forensics; - impact assessments of criminal activities on the Internet; and - new architectures to prevent Internet crime Track articles run one per issue for a single calendar year. Articles will be run in the order in which they are accepted for publication. ==================================================================== Information on the Technical Committee on Security and Privacy ==================================================================== ____________________________________________________________________ Information for Subscribers and Contributors ____________________________________________________________________ SUBSCRIPTIONS: Two options, each with two options: 1. To receive the full ascii CIPHER issues as e-mail, send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe". OR send a note to cipher-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) 2. To receive a short e-mail note announcing when a new issue of CIPHER is available for Web browsing send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe postcard". OR send a note to cipher-postcard-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) To remove yourself from the subscription list, send e-mail to cipher-admin@ieee-security.org with subject line "unsubscribe" or "unsubscribe postcard" or, if you have subscribed directly to the xmission.com mailing list, use your password (sent monthly) to unsubscribe per the instructions at http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher or http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher-postcard Those with access to hypertext browsers may prefer to read Cipher that way. It can be found at URL http://www.ieee-security.org/cipher.html CONTRIBUTIONS: to cipher @ ieee-security.org are invited. Cipher is a NEWSletter, not a bulletin board or forum. It has a fixed set of departments, defined by the Table of Contents. Please indicate in the subject line for which department your contribution is intended. Calendar and Calls-for-Papers entries should be sent to cipher-cfp @ ieee-security.org and they will be automatically included in both departments. To facilitate the semi-automated handling, please send either a text version of the CFP or a URL from which a text version can be easily obtained. For Calendar entries, please include a URL and/or e-mail address for the point-of-contact. For Calls for Papers, please submit a one paragraph summary. See this and past issues for examples. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. All reuses of Cipher material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy, publications using Cipher material should obtain permission from the contributors. ____________________________________________________________________ Recent Address Changes ____________________________________________________________________ Address changes from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/AddressChanges.html _____________________________________________________________________ How to become <> a member of the IEEE Computer Society's TC on Security and Privacy _____________________________________________________________________ You may easily join the TC on Security & Privacy by completing the on-line for at IEEE at http://www.computer.org/TCsignup/index.htm ______________________________________________________________________ TC Publications for Sale ______________________________________________________________________ IEEE Security and Privacy Symposium The 2011 proceedings are sold out. The 2010 hardcopy proceedings are available at $25 each. The DVD with all technical papers from all years of the SP Symposium and the CSF Symposium (through 2009) is $10, plus shipping and handling. The 2009 hardcopy proceedings are not available. The DVD with all technical papers from all years of the SP Symposium and the CSF Symposium is $5, plus shipping and handling. The 2008 hardcopy proceedings are $10 plus shipping and handling; the 29 year CD is $5.00, plus shipping and handling. The 2007 proceedings are available in hardcopy for $10.00, the 28 year CD is $5.00, plus shipping and handling. The 2006 Symposium proceedings and 11-year CD are sold out. The 2005, 2004, and 2003 Symposium proceedings are available for $10 plus shipping and handling. Shipping is $5.00/volume within the US, overseas surface mail is $8/volume, and overseas airmail is $14/volume, based on an order of 3 volumes or less. The shipping charge for a CD is $3 per CD (no charge if included with a hard copy order). Send a check made out to the IEEE Symposium on Security and Privacy to the 2011 treasurer (below) with the order description, including shipping method and shipping address. Greg Shannon Treasurer, Security and Privacy 2012 oakland12-treasurer@ieee-security.org IEEE CS Press You may order some back issues from IEEE CS Press at http://www.computer.org/cspress/catalog/proc9.htm Computer Security Foundations Symposium Copies of the proceedings of the Computer Security Foundations Workshop (now Symposium) are available for $10 each. Copies of proceedings are available starting with year 10 (1997). Photocopy versions of year 1 are also $10. Contact Jonathan Herzog if interested in purchase. Jonathan Herzog jherzog@alum.mit.edu ____________________________________________________________________________ TC Officers and SP Steering Committee ____________________________________________________________________________ Chair: Security and Privacy Symposium Chair Emeritus: Sven Dietrich Deborah Frincke Department of Computer Science debfrincke@gmail.com Stevens Institute of Technology +1 201 216 8078 spock AT cs.stevens.edu Vice Chair: Treasurer: Patrick McDaniel Terry Benzel Computer Science and Engineering USC Information Sciences Intnl Pennsylvania State University 4676 Admiralty Way, Suite 1001 360 A IST Building Los Angeles, CA 90292 University Park, PA 16802 (310) 822-1511 (voice) (814) 863-3599 tbenzel @isi.edu mcdaniel@cse.psu.edu Newsletter Editor: Security and Privacy Symposium, 2012 Chair: Hilarie Orman Robert Cunningham Purple Streak, Inc. MIT Lincoln Laboratories 500 S. Maple Dr. http://www.ll.mit.edu/mission Woodland Hills, UT 84653 /communications/ist/biographies cipher-editor@ieee-security.org /cunningham-bio.html ________________________________________________________________________ BACK ISSUES: Cipher is archived at: http://www.ieee-security.org/cipher.html Cipher is published 6 times per year