_/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/_/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/_/ _/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/ ============================================================================ Newsletter of the IEEE Computer Society's TC on Security and Privacy Electronic Issue 128 September 22, 2015 Hilarie Orman, Editor Sven Dietrich, Assoc. Editor cipher-editor @ ieee-security.org cipher-assoc-editor @ ieee-security.org Richard Austin Yong Guan Book Review Editor Calendar Editor cipher-bookrev @ ieee-security.org cipher-cfp @ ieee-security.org ============================================================================ The newsletter is also at http://www.ieee-security.org/cipher.html Cipher is published 6 times per year Contents: * Letter from the Editor * Commentary and Opinion and News o Richard Austin's review of "Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts" by Nitesh Dhanjani o News items: Give Us Your Tired, Poor, Humble Data US May Sanction China Over Cyber Meddling Facebook to Students: Don't Tread on Us What If Your Fingerprint Were Stolen? Who's Looking at Your Cards? NSA Believes in Quantum Computers NIST Asks for Comments re Key Management Revisions o Book reviews, Conference Reports and Commentary and News items from past Cipher issues are available at the Cipher website * List of Computer Security Academic Positions, by Cynthia Irvine * Conference and Workshop Announcements o Upcoming calls-for-papers and events * Staying in Touch o Information for subscribers and contributors o Recent address changes * Links for the IEEE Computer Society TC on Security and Privacy o Becoming a member of the TC o TC Officers o TC publications for sale ==================================================================== Letter from the Editor ==================================================================== Dear Readers: When the frost is on the pumpkin, you know that it is time to start preparing to submit a paper to the Security and Privacy Symposium. The deadline is November 13, and if you want a chance to have your work presented at the premier conference for security research, start getting those diagrams and LaTeX macros ready now. Our book report from our veteran reviewer Richard Austin touches on the security risks from the "Internet of Things". As new and glitzy as the tiny and clever devices are, their security problems are "same old same old", and they may turn into the "Internet of Scary Thingz that report on your every action and take over your house and car." Don't ignore this important topic, the little things are proliferating and will be the new norm. Cryptographers are abuzz about an announcement from NSA that has nothing to do with mass surveillance. The agency has revised its recommendations for "Suite B" cryptographic keys, making them much longer. The justification is that they want the cryptography to survive in the "post-quantum" era. There are no quantum computers today, and even if they do become practical, we have no idea what their actual cost and capabilities might be. Some physicists and mathematicians feel that all the theoretical problems have been solved, and quantum computers are on the horizon. If they are, it will usher in a new era for cryptography, but many other difficult computing problems will be solved. How far away is the quantum era? No one knows, but it looks like NSA has placed its money on sooner rather than later. By the clicking of the mouse, Wicked malware storms the house, Skeletons with quantum keys, Undermine security. Hilarie Orman cipher-editor @ ieee-security.org ==================================================================== Commentary and Opinion ==================================================================== Book reviews from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/BookReviews.html, and conference reports are archived at http://www.ieee-security.org/Cipher/ConfReports.html ____________________________________________________________________ Book Review By Richard Austin 9/18/2015 ____________________________________________________________________ Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts by Nitesh Dhanjani O'Reilly, 2015. ISBN 978-1-491-90233-2 We've gotten de-sensitized to software vulnerabilities - they're out there, they get exploited and eventually they get patched. Nitesh asks a very good question: Will we be quite so blase' when software vulnerabilities start to maim and kill people? It got my attention and he follows it with an extensive examination of just how immature the world of Internet of Things (IoT) security currently is. The beauty of this book is that he doesn't treat us to a rehash of media reports but walks through detailed examples based on light bulbs, door locks, baby monitors, "smart" TV's and even automobiles. You'll likely be struck with an extreme case of de'ja` vu as you see many of the perennial favorites (buffer overflows with strcpy, hardcoded credentials, passwords stored in clear-text, poor crypto implementations, etc.) that you may have hoped we were so very much past. A complicating fact is that the "Things" in IoT have limited adapability and may, for example, lack the capability for accepting software (actually firmware) updates so that remediating a vulnerability may require replacing the device itself. Nitesh makes the important and disturbing point that these issues are arising not because of a lack of engineering capability or talent but a basic lack of understanding of what is involved in deploying a product with some hope of surviving in a hostile world. After six unsettling chapters illustrating how bad things are today, he presents an excellent chapter on "Secure Prototyping" using the "littleBits" and "cloudBit" platforms. This would be an excellent technique for engaging with engineers responsible for design and development of IoT products to illustrate security issues. For those involved in academia, it would be a good basis for introducing students to IoT security (even if they have minimal hardware skills). Chapter 8, "Two Scenarios - Intentions and Outcomes", should not be ignored as it presents a clear object lesson for cyber security professionals when talking technology and associated risks with the "business side" of the house. Though our profession is still trying to digest "BYOD", we cannot afford to ignore the potentials and risks of the IoT. We are moving to a world where everything is potentially capable of connecting and communicating with everything else. Very bright people are focused on vision and functionality and it is our challenge to temper that exuberance with consideration of security. And that consideration of security will require innovation on our part - requiring a password to adjust the output of a drug pump in real time seems like security 101, unless adjusting that dosage RIGHT NOW is required to save a life and delaying the adjustment due to the health care professional not knowing the password is unthinkable. Nitesh's book is a wake-up call to both the designers of IoT environments and the security professionals who must work with them to overcome the challenges in this brave new world. Buy the book. Read the book. Bring the same creativity to designing security into the IoT as is going into building it. -------------------------------- It has been said "Be careful, for writing books is endless, and much study wears you out" so Richard Austin fearlessly samples the latest offerings of the publishing houses and opines as to which might most profitably occupy your scarce reading time. He welcomes your thoughts and comments via raustin at ieee dot org ==================================================================== News Briefs ==================================================================== Give Us Your Tired, Poor, Humble Data http://www.nytimes.com/2015/09/08/us/politics/apple-and-other-tech-companies-tangle-with-us-over-access-to-data.html "Apple and Other Tech Companies Tangle With U.S. Over Access to Data" The New York Times By Matt Apuzzo, David E. Sanger and Michael S. Schmidt Sept. 7, 2015 Summary: There are great risks involved in keeping your personal data online, so it seemed to be a win-win situation when several tech companies announced that their users could keep their data encrypted with a key that only they (the individuals users) knew. This relieved the tech companies of having to keep the data secure from malware and cyberespionage, and it gave the users peace of mind about their privacy. But law enforcement in the US has become accustomed to unlocking the data on seized cell phones as part of normal investigations, and they are not happy about the situation. ---------------- US May Sanction China Over Cyber Meddling https://www.washingtonpost.com/world/national-security/administration-developing-sanctions-against-china-over-cyberespionage/2015/08/30/9b2910aa-480b-11e5-8ab4-c73967a143d3_story.html "U.S. developing sanctions against China over cyberthefts" The Washington Post By Ellen Nakashima August 30, 2015 Summary: As reported in previous Cipher issues, the US government believes that China is behind several serious disclosures of personal data kept by US companies and government agencies. A US response may be forthcoming, including some or all of "diplomatic engagement, trade policy tools, law enforcement mechanisms, and imposing sanctions on individuals or entities". ---------------- Facebook to Students: Don't Tread on Us http://www.foxnews.com/tech/2015/08/13/harvard-student-finds-flaw-loses-facebook-internship "Harvard Student Finds Flaw, Loses Facebook Internship" Fox News Brownie Marie Aug 13, 2015 Summary: It has not been a great year for student innovation. A Harvard undergrad developed "a browser app called Marauder's Map that exposed, on a map, the geo-location data" being collected by the Facebook Messenger app. Facebook took offense at the scrutiny and canceled a summer internship for the student. This was followed by the "cool clock" caper this month: http://www.cnn.com/2015/09/16/us/texas-student-ahmed-muslim-clock-bomb/ Is there a mixed message being sent to America's youth about curiousity and innovation? ---------------- What If Your Fingerprint Were Stolen? https://www.washingtonpost.com/news/the-switch/wp/2015/08/11/are-fingerprints-the-new-passwords-security-experts-sure-hope-not/ "Are fingerprints the new passwords? Security experts sure hope not." The Washington Post Andrea Peterson Aug 11, 2015 Summary: Biometrics seem like a security panacea. Nothing to remember, no involved set of interactions, just a simple examination of your fingerpad by an impersonal and secure computer. Bingo, you're in. Simple as it sounds, keeping the fingerprint information secure is as difficult as any other data protection problem. FireEye researcher Yulong Zhang revealed that some mobile devices seem to do an especially bad job of this. Authenticator beware! ---------------- Who's Looking at Your Cards? http://www.foxnews.com/tech/2015/09/17/online-poker-virus-enables-cybercriminals-to-peek-at-victims-cards/ "Online poker virus lets cybercriminals peek at victims' cards" Fox News Sep 17, 2015 Summary: According to ESET, a Slovakian online security company, online poker players need to keep their computers clean if they want to keep their cards hidden from opponents. Some players may have had their machines afflicted with malware designed just for the purpose of revealing those cards to other players. Online gambling cheaters? Is nothing sacred? ---------------- NSA Believes in Quantum Computers https://www.nsa.gov/ia/programs/suiteb_cryptography/ "NSA Cryptography: Suite B Revisions" August 19, 2015 Summary: The US National Security Agency has issued revisions to its recommendations for protecting classified and unclassified National Security Systems (NSS). The original recommendations were issued in 2009, but they have now revised them for transitioning to "quantum resistant algorithms". What this means in practice is that keys should use a lot more bits. For public key algorithms, this translates into substantially more running time. Observers are interested to see that the NSA is taking quantum computation seriously. To date, no quantum computers exist. ---------------- NIST Asks for Comments re Key Management Revisions http://csrc.nist.gov/publications/PubsDrafts.html#800-57pt1r4 "NIST requests comments on a revision of Special Publication (SP) 800-57, Part 1, Recommendation for Key Management, Part 1 (Rev. 4)" NIST requests comments on a revision of Special Publication (SP) 800-57, Part 1, Recommendation for Key Management, Part 1 (Rev. 4). This Recommendation provides general guidance and best practices for the management of cryptographic keying material. A list of changes is provided in Appendix D of the document. Please send comments to keymanagement@nist.gov with subject "Comments on SP 800-57, Part 1" by October 31, 2015. ----------------- News briefs from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/NewsBriefs.html ==================================================================== Listing of academic positions available by Cynthia Irvine ==================================================================== http://cisr.nps.edu/jobscipher.html -------------- This job listing is maintained as a service to the academic community. If you have an academic position in computer security and would like to have in it included on this page, send the following information: Institution, City, State, Position title, date position announcement closes, and URL of position description to: irvine@cs.nps.navy.mil ==================================================================== Conference and Workshop Announcements ==================================================================== ==================================================================== Upcoming Calls-For-Papers and Events ==================================================================== The complete Cipher Calls-for-Papers is located at http://www.ieee-security.org/CFP/Cipher-Call-for-Papers.html The Cipher event Calendar is at http://www.ieee-security.org/Calendar/cipher-hypercalendar.html Cipher calendar entries are announced on Twitter; follow ciphernews ____________________________________________________________________ Cipher Event Calendar ____________________________________________________________________ 9/21/15: CODASPY, 6TH ACM Conference on Data and Application Security and Privacy, New Orleans, LA, USA; http://www.codaspy.org Submissions are due 9/21/15: ICSS, Industrial Control System Security Workshop, Held in conjunction with 31st Annual Computer Security Applications Conference (ACSAC), Los Angeles, California, USA; http://acsac.org/2015/workshops/icss/ Submissions are due 9/21/15- 9/22/15: DPM, 10th International Workshop on Data Privacy Management, Co-located with ESORICS 2015, Vienna, Austria; http://deic.uab.cat/conferences/dpm/dpm2015/ 9/23/15- 9/25/15: ESORICS, 20th European Symposium on Research in Computer Security, Vienna, Austria; http://www.esorics2015.sba-research.org 9/25/15: ESSoS, International Symposium on Engineering Secure Software and Systems, University of London, London, UK; https://distrinet.cs.kuleuven.be/events/essos/2016/calls-papers.html Submissions are due 9/28/15- 9/30/15: CNS, 3rd IEEE Conference on Communications and Network Security, Florence, Italy; http://cns2015.ieee-cns.org/ 9/30/15: Pervasive and Mobile Computing, Special Issue on Mobile Security, Privacy and Forensics; http://www.journals.elsevier.com/pervasive-and-mobile-computing/call-for-papers/special-issue-on-mobile-security-privacy-and-forensics/ Submissions are due 9/30/15: SPC, 1st Workshop on Security and Privacy in the Cloud, Held in conjunction with the IEEE Conference on Communications and Network Security (CNS 2015), Florence, Italy; http://www.zurich.ibm.com/spc2015/ 9/30/15: SPiCy, 1st Workshop on Security and Privacy in Cybermatics, Held in conjuction with IEEE Conference on Communications and Networks Security (IEEE-CNS 2015), Florence, Italy; http://spicy2015.di.unimi.it 10/ 3/15: INTRICATE-SEC, 4th International Workshop on Security Intricacies in Cyber-Physical Systems and Services, Held in conjunction with the 30th International Conference on Advanced Information Networking and Applications (AINA-2016), Crans-Montana, Switzerland; http://infosec.cs.uct.ac.za/INTRICATE-SEC/ Submissions are due 10/ 5/15-10/ 7/15: CRITIS, 10th International Conference on Critical Information Infrastructures Security, Berlin, Germany; http://www.critis2015.org 10/ 7/15: PQCrypto, 7th International Conference on Post-Quantum Cryptography, Fukuoka, Japan; https://pqcrypto2016.jp/ Submissions are due 10/ 7/15-10/10/15: IWDW, 14th International Workshop on Digital Forensics and Watermarking, Tokyo, Japan; http://iwdw2015.tokyo/ 10/12/15: WISCS, 2nd Workshop on Information Sharing and Collaborative Security, Held in conjunction with the 22nd ACM Conference on Computer and Communications Security (ACM CCS 2015), Denver, Colorado, USA; https://sites.google.com/site/wiscs2015/ 10/12/15: WPES, Workshop on Privacy in the Electronic Society, Held in conjunction with the 22nd ACM Conference on Computer and Communications Security (ACM CCS 2015), Denver, Colorado, USA; https://wpes15.cs.umn.edu/ 10/12/15: SafeConfig, 8th Workshop on Automated Decision Making for Active Cyber Defense, Held in conjunction with the 22nd ACM Conference on Computer and Communications Security (ACM CCS 2015), Denver, Colorado, USA; http://ccsw.ics.uci.edu/15/ 10/12/15-10/16/15: ACM-CCS, 22nd ACM Conference on Computer and Communications Security, Denver, Colorado, USA; http://www.sigsac.org/ccs/CCS2015 10/15/15: Elsevier Computer Networks, Special issue on Recent Advances in Physical-Layer Security; http://www.journals.elsevier.com/computer-networks/call-for-papers/special-issue-on-recent-advances-in-physical-layer-security/ Submissions are due 10/16/15: CCSW, ACM Cloud Computing Security Workshop, Held in conjunction with the 22nd ACM Conference on Computer and Communications Security (ACM CCS 2015), Denver, Colorado, USA; http://ccsw.ics.uci.edu/15/ 10/16/15: CPS-SPC, 1st ACM Cyber-Physical Systems Security and PrivaCy Workshop, Held in conjunction with the 22nd ACM Conference on Computer and Communications Security (ACM CCS 2015), Denver, Colorado, USA; https://sites.google.com/site/2015cpsspc/ 10/20/15: Wiley Security and Communication Networks journal, Special Issue on Cyber Crime; http://onlinelibrary.wiley.com/journal/10.1002/%28ISSN%291939-0122; Submissions are due 10/26/15-10/28/15: FPS, 8th International Symposium on Foundations & Practice of Security, Clermont-Ferrand, France; http://confiance-numerique.clermont-universite.fr/fps2015/ 10/26/15-10/28/15: C&TC, 5th International Symposium on Cloud Computing, Trusted Computing and Secure Virtual Infrastructures - Cloud and Trusted Computing, Rhodes, Greece; http://www.onthemove-conferences.org/index.php/cloud-trust-15 11/ 1/15: IEEE Communication Magazine, Feature Topic on Bio-inspired Cyber Security for Communications and Networking; http://www.comsoc.org/commag/cfp/bio-inspired-cyber-security-communications-and-networking; Submissions are due 11/ 1/15: HOST, IEEE International Symposium on Hardware Oriented Security and Trust, Washington DC, USA; http://www.hostsymposium.org; Submissions are due 11/ 3/15-11/ 5/15: NSS, 9th International Conference on Network and System Security, New York City, NY, USA; http://anss.org.au/nss2015/index.htm 11/13/15: SP, 37th IEEE Symposium on Security and Privacy, San Jose, CA, USA; http://www.ieee-security.org/TC/SP2016/ Submissions are due 11/20/15: ASIACCS, 11th ACM Asia Conference on Computer and Communications Security, Xi'an, China; http://meeting.xidian.edu.cn/conference/AsiaCCS2016/home.html; Submissions are due 11/30/15: ACM Transactions on Internet Technology, Special Issue on Internet of Things (IoT): Secure Service Delivery; http://toit.acm.org/CfP/ACM-ToIT-CfP-IoT-Security.pdf; Submissions are due 11/30/15: PETS, 16th Privacy Enhancing Technologies Symposium, Darmstadt, Germany; http://petsymposium.org/ Submissions are due (continuous submission model, see CFP) 12/ 5/15: CPSS, 2nd ACM Cyber-Physical System Security Workshop, Held in conjunction with ACM AsiaCCS 2016 Conference, Xi'an, China; http://icsd.i2r.a-star.edu.sg/cpss16/ Submissions are due 12/ 6/15-12/10/15: Globecom-CISS, IEEE Globecom 2015, Communication & Information System Security Symposium, San Diego, CA, USA; http://globecom2015.ieee-globecom.org/sites/globecom2015.ieee-globecom.org/files/u42/GC15_TPC_CFP_CISS_-_Communication_&_Information_System_Security.pdf 12/ 7/15-12/11/15: ICSS, Industrial Control System Security Workshop, Held in conjunction with 31st Annual Computer Security Applications Conference (ACSAC), Los Angeles, California, USA; http://acsac.org/2015/workshops/icss/ 12/ 8/15-12/12/15: CANS, 14th International Conference on Cryptology and Network Security, Morocco, Marrakesh; http://www.cans2015.org/ 12/16/15-12/20/15: ICISS, 11th International Conference on Information Systems Security, Kolkata, India; http://www.iciss.org.in 12/24/15: IFIP SEC, 31th IFIP TC-11 SEC 2016 International Information Security and Privacy Conference, Ghent, Belgium; http://ifipsec.org/2016/ Submissions are due 1/ 4/16- 1/ 6/16: IFIP119-DF, 12th IFIP WG 11.9 International Conference on Digital Forensics, New Delhi, India; http://www.ifip119.org 1/27/16: ACNS, 14th International Conference on Applied Cryptography and Network Security, London, United Kingdom; http://acns2016.sccs.surrey.ac.uk/ Submissions are due 2/19/16- 2/21/15: ICISSP, 2nd International Conference on Information Systems Security and Privacy, Rome, Italy; http://www.icissp.org/ 2/21/16- 2/24/16: NDSS, Network and Distributed System Security Symposium, San Diego, California, USA; http://www.internetsociety.org/events/ndss-symposium-2016 2/24/16- 2/26/16: PQCrypto, 7th International Conference on Post-Quantum Cryptography, Fukuoka, Japan; https://pqcrypto2016.jp/ 2/29/16: PETS, 16th Privacy Enhancing Technologies Symposium, Darmstadt, Germany; http://petsymposium.org/ Submissions are due (continuous submission model, see CFP) 3/ 9/16- 3/11/16: CODASPY, 6TH ACM Conference on Data and Application Security and Privacy, New Orleans, LA, USA; http://www.codaspy.org 3/21/16- 3/24/16: EuroSP, 1st IEEE European Symposium on Security and Privacy, Congress Center Saar, Saarbrucken, Germany; http://www.ieee-security.org/TC/EuroSP2016/ 3/23/16- 3/25/16: INTRICATE-SEC, 4th International Workshop on Security Intricacies in Cyber-Physical Systems and Services, Held in conjunction with the 30th International Conference on Advanced Information Networking and Applications (AINA-2016), Crans-Montana, Switzerland; http://infosec.cs.uct.ac.za/INTRICATE-SEC/ 4/ 6/16- 4/ 8/16: ESSoS, International Symposium on Engineering Secure Software and Systems, University of London, London, UK; https://distrinet.cs.kuleuven.be/events/essos/2016/calls-papers.html 5/ 5/16- 5/ 7/16: HOST, IEEE International Symposium on Hardware Oriented Security and Trust, Washington DC, USA; http://www.hostsymposium.org 5/23/16- 5/25/16: SP, 37th IEEE Symposium on Security and Privacy, San Jose, CA, USA; http://www.ieee-security.org/TC/SP2016/ 5/26/16: SPW, Security and Privacy Workshops, Held in conjunction with the 37th IEEE Symposium on Security and Privacy (SP 2016), San Jose, CA, USA; http://www.ieee-security.org/TC/SP2016/cfworkshops.html 5/30/16- 6/ 1/16: IFIP SEC, 31th IFIP TC-11 SEC 2016 International Information Security and Privacy Conference, Ghent, Belgium; http://ifipsec.org/2016/ 5/31/16- 6/ 3/16: ASIACCS, 11th ACM Asia Conference on Computer and Communications Security, Xi'an, China; http://meeting.xidian.edu.cn/conference/AsiaCCS2016/home.html 5/31/16: CPSS, 2nd ACM Cyber-Physical System Security Workshop, Held in conjunction with ACM AsiaCCS 2016 Conference, Xi'an, China; http://icsd.i2r.a-star.edu.sg/cpss16/ 6/19/16- 6/22/16: ACNS, 14th International Conference on Applied Cryptography and Network Security, London, United Kingdom; http://acns2016.sccs.surrey.ac.uk/ 7/19/16- 7/22/16: PETS, 16th Privacy Enhancing Technologies Symposium, Darmstadt, Germany; http://petsymposium.org/ ____________________________________________________________________ Journal, Conference and Workshop Calls-for-Papers (new since Cipher E127) ___________________________________________________________________ CODASPY 2016 6TH ACM Conference on Data and Application Security and Privacy, New Orleans, LA, USA, March 9-11, 2016. (Submission Due 21 September 2015) http://www.codaspy.org Data and applications security and privacy has rapidly expanded as a research field with many important challenges to be addressed. The goal of the ACM Conference on Data and Applications Security (CODASPY) is to discuss novel, exciting research topics in data and application security and privacy and to lay out directions for further research and development in this area. The conference seeks submissions from diverse communities, including corporate and academic researchers, open-source projects, standardization bodies, governments, system and security administrators, software engineers and application domain experts. Topics of interest include, but are not limited to: - Application-layer security policies - Access control for applications - Access control for databases - Data-dissemination controls - Data forensics - Enforcement-layer security policies - Privacy-preserving techniques - Private information retrieval - Search on protected/encrypted data - Secure auditing - Secure collaboration - Secure data provenance - Secure electronic commerce - Secure information sharing - Secure knowledge management - Secure multiparty computations - Secure software development - Securing data/apps on untrusted platforms - Securing the semantic web - Security and privacy in GIS/spatial data - Security and privacy in healthcare - Security policies for databases - Social computing security and privacy - Social networking security and privacy - Trust metrics for applications, data, and users - Usable security and privacy - Usage Control - Web application security ------------------------------------------------------------------------- ICSS 2015 Industrial Control System Security Workshop, Held in conjunction with 31st Annual Computer Security Applications Conference (ACSAC), Los Angeles, California, USA, December 7-11, 2015. (Submission Due 21 September 2015) http://acsac.org/2015/workshops/icss/ Supervisory control and data acquisition (SCADA) and industrial control systems monitor and control a wide range of industrial and infrastructure processes such as water treatment, power generation and transmission, oil and gas refining and steal manufacturing. Such systems are usually built using a variety of commodity computer and networking components, and are becoming increasingly interconnected with corporate and other Internet-visible networks. As a result, they face significant threats from internal and external actors. For example, Stuxnet malware was specifically written to attack SCADA systems that alone caused multi-million dollars damages in 2010. The critical requirement for high availability in SCADA and industrial control systems, along with the use of resource constrained computing devices, legacy operating systems and proprietary software applications limits the applicability of traditional information security solutions. The goal of this workshop is to explore new security techniques that are applicable in the control systems context. Papers of interest including (but not limited to) the following subject categories are solicited: - Intrusion detection and prevention - Malware - Vulnerability analysis of control systems protocols - Digital forensics - Virtualization - Application security - Performance impact of security methods and tools in control systems ------------------------------------------------------------------------- ESSoS 2016 International Symposium on Engineering Secure Software and Systems, University of London, London, UK, April 6 - 8, 2016. (Submission Due 25 September 2015) https://distrinet.cs.kuleuven.be/events/essos/2016/calls-papers.html Trustworthy, secure software is a core ingredient of the modern world. So is the Internet. Hostile, networked environments, like the Internet, can allow vulnerabilities in software to be exploited from anywhere. High-quality security building blocks (e.g., cryptographic components) are necessary but insufficient to address these concerns. Indeed, the construction of secure software is challenging because of the complexity of modern applications, the growing sophistication of security requirements, the multitude of available software technologies and the progress of attack vectors. Clearly, a strong need exists for engineering techniques that scale well and that demonstrably improve the software's security properties. The goal of this symposium, which will be the eighth in the series, is to bring together researchers and practitioners to advance the states of the art and practice in secure software engineering. Being one of the few conference-level events dedicated to this topic, it explicitly aims to bridge the software engineering and security engineering communities, and promote cross-fertilization. The symposium will feature two days of technical program including two keynote presentations. In addition to academic papers, the symposium encourages submission of high-quality, informative industrial experience papers about successes and failures in security software engineering and the lessons learned. Furthermore, the symposium also accepts short idea papers that crisply describe a promising direction, approach, or insight. The Symposium seeks submissions on subjects related to its goals. This includes a diversity of topics including (but not limited to): - Cloud security, virtualization for security - Mobile devices security - Automated techniques for vulnerability discovery and analysis - Model checking for security - Binary code analysis, reverse-engineering - Programming paradigms, models, and domain-specific languages for security - Operating system security - Verification techniques for security properties - Malware: detection, analysis, mitigation - Security in critical infrastructures - Security by design - Static and dynamic code analysis for security - Web applications security - Program rewriting techniques for security - Security measurements - Empirical secure software engineering - Security-oriented software reconfiguration and evolution - Computer forensics - Processes for the development of secure software and systems - Security testing - Embedded software security ------------------------------------------------------------------------- Pervasive and Mobile Computing, Special Issue on Mobile Security, Privacy and Forensics. (Submission Due 30 September 2015) http://www.journals.elsevier.com/pervasive-and-mobile-computing /call-for-papers/special-issue-on-mobile-security-privacy-and-forensics/ Editors: Kim-Kwang Raymond Choo (University of South Australia, Australia), Lior Rokach (Ben-Gurion University of the Negev Beer-Sheva, Israel), and Claudio Bettini (University of Milan, Italy) This special issue will focus on cutting edge research from both academia and industry on the topic of mobile security, privacy and forensics, with a particular emphasis on novel techniques to secure user data and/or obtain evidential data from mobile devices in crimes that make use of sophisticated and secure technologies. Topics of interest include: - Advanced mobile security features - Anti-anti mobile forensics - Data visualization in mobile forensics - Economics of mobile user security and privacy - Information security awareness of mobile users - Mobile app security - Mobile cloud security - Mobile device security - Mobile app forensic and anti-forensic techniques - Mobile device forensic and anti-forensic techniques - Mobile evidence preservation and examination - Mobile information leakage detection and prevention - Mobile malware - Mobile network security - Mobile threat identification, detection and prevention - Mobile user anonymity - Privacy in geo-social networks - Privacy in mobile context-aware services - Privacy for mobile smart objects - Trust models for mobile devices and services - Usability of mobile privacy and security technologies ------------------------------------------------------------------------- INTRICATE-SEC 2016 4th International Workshop on Security Intricacies in Cyber-Physical Systems and Services, Held in conjunction with the 30th International Conference on Advanced Information Networking and Applications (AINA-2016), Crans-Montana, Switzerland, March 23-25, 2016. (Submission Due 3 October 2015) http://infosec.cs.uct.ac.za/INTRICATE-SEC/ For INTRICATE-SEC 2016 we are expanding our scope from a focus on security intricacies in designing/modelling service oriented architectures to the broader field of secure cyber physical systems (CPS) and services. Of particular interest are ideas and solutions on provisioning secure CPS and services over resource constrained and low power lossy networks. In addition to invited talks, we welcome papers with novel theoretical and application-centered contributions focused on (but not restricted to) the following topics: - Security and Privacy for CPS, including: Anonymity and Pseudonymity, Authentication and Authorization, Trust & Identity Management, Privacy, and Malware. - Secure Service Platforms for CPS, including: Smart Grids, Demand Management, Scheduling, Energy Management Models, and Mobile Web Services and Middleware. - Secure Architectures for CPS, including: Data Modeling, Home Energy Management, Scalability, Reliability, and Safety, Resource Constrained and Low Power Lossy Networks, and Unconventional/Biologically Inspired Models ------------------------------------------------------------------------- PQCrypto 2016 7th International Conference on Post-Quantum Cryptography, Fukuoka, Japan, February 24-26, 2016. (Submission Due 7 October 2015) https://pqcrypto2016.jp/ The aim of PQCrypto is to serve as a forum for researchers to present results and exchange ideas on the topic of cryptography in an era with large-scale quantum computers. The conference will be preceded by a winter school on February 22-23, 2016. Original research papers on all technical aspects of cryptographic research related to post-quantum cryptography are solicited. The topics include (but are not restricted to): - Cryptosystems that have the potential to be safe against quantum computers such as: hash-based signature schemes, lattice-based cryptosystems, code-based cryptosystems, multivariate cryptosystems and quantum cryptographic schemes; - Classical and quantum attacks including side-channel attacks on post-quantum cryptosystems; - Security models for the post-quantum era. ------------------------------------------------------------------------- Elsevier Computer Networks, Special issue on Recent Advances in Physical-Layer Security. (Submission Due 15 October 2015) http://www.journals.elsevier.com/computer-networks/call-for-papers /special-issue-on-recent-advances-in-physical-layer-security/ Editors: Gerhard Hancke (City University of Hong Kong, Hong Kong), Aikaterini Mitrokotsa (Chalmers University of Technology, Sweden), Reihaneh Safavi-Naini (University of Calgary, Canada), and Damien Sauveron (University of Limoges, France). Physical-layer security is emerging as a promising approach for supporting new and existing security services. Aspects of the physical layer have the potential to provide security services that challenges the capabilities of conventional cryptographic mechanisms, such as relay attacks, ad-hoc key establishment and key-less secure communication. This special issue aims to further scientific research into both theoretical and practical approaches to physical-layer security. It will accept original research papers that report latest results and advances in this area, and will also invite review articles that focus on the state-of-the-art, highlighting trends and challenges. The papers will be peer reviewed and will be selected on the basis of their quality and relevance to the topic of this special issue. We would particularly like to encourage submissions that present strong experimental and/or practical implementation results. Topics include (but are not limited to): - Determining physical proximity of devices (distance-bounding protocols, location limited channels, etc.) - Device fingerprinting based on communication features (frequency/data clock skew/transients, etc.) - Noisy channels ('friendly' jamming) approaches for security - Jamming ('unfriendly') resistance - Secret-key generation and agreement over wireless channels - Cross-layer security mechanisms incorporating cryptography and physical layer aspects for low-resource devices like RFID (efficient schemes, simplified signal processing requirements, etc.) - Experimental results on practical implementations of physical layer security techniques ------------------------------------------------------------------------- WileySecurity and Communication Networks journal, Special Issue on Cyber Crime. (Submission Due 20 October 2015) http://onlinelibrary.wiley.com/journal/10.1002/%28ISSN%291939-0122 Editors: Wojciech Mazurczyk (Warsaw University of Technology, Poland), Krzysztof Szczypiorski (Warsaw University of Technology, Poland), Zoran Duric (George Mason University, USA), and Dengpan Ye (Wuhan University, China). Today's world's societies are becoming more and more dependent on open networks such as the Internet - where commercial activities, business transactions and government services are realized. This has led to the fast development of new cyber threats and numerous information security issues which are exploited by cyber criminals. The inability to provide trusted secure services in contemporary computer network technologies has a tremendous socio-economic impact on global enterprises as well as individuals. Moreover, the frequently occurring international frauds impose the necessity to conduct the investigation of facts spanning across multiple international borders. Such examination is often subject to different jurisdictions and legal systems. A good illustration of the above being the Internet, which has made it easier to perpetrate traditional crimes. It has acted as an alternate avenue for the criminals to conduct their activities, and launch attacks with relative anonymity. The increased complexity of the communications and the networking infrastructure is making investigation of the crimes difficult. Traces of illegal digital activities are often buried in large volumes of data, which are hard to inspect with the aim of detecting offences and collecting evidence. Nowadays, the digital crime scene functions like any other network, with dedicated administrators functioning as the first responders. This poses new challenges for law enforcement policies and forces the computer societies to utilize digital forensics to combat the increasing number of cybercrimes. Forensic professionals must be fully prepared in order to be able to provide court admissible evidence. To make these goals achievable, forensic techniques should keep pace with new technologies. The aim of this special issue is to bring together the research accomplishments provided by the researchers from academia and the industry. The other goal is to show the latest research results in the field of digital forensics and to present the development of tools and techniques which assist the investigation process of potentially illegal cyber activity. We encourage prospective authors to submit related distinguished research papers on the subject of both: theoretical approaches and practical case reviews. This special issue presents some of the most relevant ongoing research in cyber crime. Topics include, but are not limited to the following: - Cyber crimes: evolution, new trends and detection/prevention - Cyber crime related investigations - Network forensics: tools and applications, case studies and best practices - Privacy issues in network forensics - Social networking forensics - Network traffic analysis, traceback and attribution - Network incidents response, investigation and evidence handling - Identification, authentication and collection of digital evidence in networking environment - Anti-forensic techniques and methods - Stealthiness improving techniques: information hiding, steganography /steganalysis and covert/subliminal channels - Watermarking and intellectual property theft - Network anomalies detection ------------------------------------------------------------------------- IEEE Communication Magazine, Feature Topic on Bio-inspired Cyber Security for Communications and Networking. (Submission Due 1 November 2015) http://www.comsoc.org/commag/cfp /bio-inspired-cyber-security-communications-and-networking Editors: Wojciech Mazurczyk (Warsaw University of Technology, Poland), Sean Moore (Centripetal Networks, USA), Errin W. Fulp (Wake Forest University, USA), Hiroshi Wada (Unitrends, Australia), and Kenji Leibnitz (National Institute of Information and Communications Technology, Japan). Nature is Earth's most amazing invention machine for solving problems and adapting to significant environmental changes. Its ability to address complex, large-scale problems with robust, adaptable, and efficient solutions results from many years of selection, genetic drift and mutations. Thus, it is not surprising that inventors and researchers often look to natural systems for inspiration and methods for solving problems in human-created artificial environments. This has resulted in the development of evolutionary algorithms including genetic algorithms and swarm algorithms, and of classifier and pattern-detection algorithms, such as neural networks, for solving hard computational problems. A natural evolutionary driver is to survive long enough to create a next-generation of descendants and ensure their survival. One factor in survival is an organism’s ability to defend against attackers, both predators and parasites, and against rapid changes in environmental conditions. Analogously, networks and communications systems use cyber security to defend their assets against cyber criminals, hostile organizations, hackers, activists, and sudden changes in the network environment (e.g., DDoS attacks). Many of the defense methods used by natural organisms may be mapped to cyber space to implement effective cyber security. Some examples include immune systems, invader detection, friend vs. foe, camouflage, mimicry, evasion, etc. Many cyber security technologies and systems in common use today have their roots in bio-inspired methods, including anti-virus, intrusion detection, threat behavior analysis, attribution, honeypots, counterattack, and the like. As the threats evolve to evade current cyber security technologies, similarly the bio-inspired security and defense technologies evolve to counter the threat. The goal of this feature topic is twofold: (1) to survey the current academic and industry research in bio-inspired cyber security for communications and networking, so that the ComSoc community can understand the current evolutionary state of cyber threats, defenses, and intelligence, and can plan for future transitions of the research into practical implementations; and (2) to survey current academic and industry system projects, prototypes, and deployed products and services (including threat intelligence services) that implement the next generation of bio-inspired methods. Please note that we recognize that in some cases, details may be limited or obscured for security reasons. Topics of interests include, but are not limited to: - Bio-inspired anomaly & intrusion detection - Adaptation algorithms for cyber security & networking - Biometrics related to cyber security & networking - Bio-inspired security and networking algorithms & technologies - Biomimetics related to cyber security & networking - Bio-inspired cyber threat intelligence methods and systems - Moving-target techniques - Network Artificial Immune Systems - Adaptive and Evolvable Systems - Neural networks, evolutionary algorithms, and genetic algorithms for cyber security & networking - Prediction techniques for cyber security & networking - Information hiding solutions (steganography, watermarking) and detection for network traffic - Cooperative defense systems - Bio-inspired algorithms for dependable networks ------------------------------------------------------------------------- HOST 2016 IEEE International Symposium on Hardware Oriented Security and Trust, Washington DC, USA, May 5-7, 2016. (Submission Due 1 November 2015) http://www.hostsymposium.org Rapid proliferation of computing and communication systems with increasing computational power and connectivity into every sphere of modern life has brought security to the forefront of system design, test, and validation processes. The emergence of new application spaces for these systems in the internet-of-things (IoT) regime is creating new attack surfaces as well as new requirements for secure and trusted system operation. Additionally, the design, manufacturing and the distribution of microchip, PCB, as well as other electronic components are becoming more sophisticated and globally distributed with a number of potential security vulnerabilities. Therefore, hardware plays an increasingly important and integral role in system security with many emerging system and application vulnerabilities and defense mechanisms relating to hardware. IEEE International Symposium on Hardware Oriented Security and Trust (HOST) aims to facilitate the rapid growth of hardware-based security research and development. HOST highlights new results in the area of hardware and system security. Relevant research topics include techniques, tools, design/test methods, architectures, circuits, and applications of secure hardware. HOST 2016 invites original contributions related to, but not limited by, the following topics: - Hardware Trojan attacks and detection techniques - Hardware-based security primitives (PUFs, RNGs) - Side-channel attacks and protection - Security, privacy, and trust protocols - Metrics, policies, and standards related to hardware security - Security of biomedical systems, e-health, and medicine - Secure system-on-chip (SoC) architecture - Hardware IP trust (watermarking, metering, trust verification) - Trusted manufacturing including split manufacturing and 3D ICs - Security analysis and protection of Internet of Things (IoT) - Secure and efficient implementation of crypto algorithms - Reverse engineering and hardware obfuscation - Supply chain risks mitigation including counterfeit detection & avoidance - Hardware tampering attacks and protection - Hardware techniques that ensure software and/or system security ------------------------------------------------------------------------- SP 2016 37th IEEE Symposium on Security and Privacy, San Jose, CA, USA, May 23-25, 2016. (Submission Due 13 November 2015) http://www.ieee-security.org/TC/SP2016/ Since 1980 in Oakland, the IEEE Symposium on Security and Privacy has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation and measurement of secure systems. Topics of interest include: - Access control and authorization - Accountability - Anonymity - Application security - Attacks and defenses - Authentication - Censorship resistance - Cloud security - Distributed systems security - Economics of security and privacy - Embedded systems security - Forensics - Hardware security - Intrusion detection - Malware and unwanted software - Mobile and Web security and privacy - Language-based security - Network and systems security - Privacy technologies and mechanisms - Protocol security - Secure information flow - Security and privacy for the Internet of Things - Security and privacy metrics - Security and privacy policies - Security architectures - System security - Usable security and privacy ------------------------------------------------------------------------- ASIACCS 2016 11th ACM Asia Conference on Computer and Communications Security, Xi'an, China, May 31 - June 3, 2016. (Submission Due 20 November 2015) http://meeting.xidian.edu.cn/conference/AsiaCCS2016/home.html Building on the success of ACM Conference on Computer and Communications Security (CCS) and ACM Transactions on Information and System Security (TISSEC), the ACM Special Interest Group on Security, Audit, and Control (SIGSAC) formally established the annual ACM Symposium on InformAtion, Computer and Communications Security (ASIACCS). The inaugural ASIACCS was held in Taipei (2006). Since then ASIACCS has been held in Singapore (2007), Tokyo (2008), Sydney (2009), Beijing (2010), Hong Kong (2011), Seoul (2012), Hangzhou (2013), Kyoto (2014), and Singapore (2015). Considering that this series of meetings has moved beyond a symposium and it is now widely regarded as the Asia version of CCS, the full name of AsiaCCS is officially changed to ACM Asia Conference on Computer and Communications Security starting in June 2015. The 11th ACM Asia Conference on Computer and Communications Security (ASIACCS 2016) will be held in 31 May - 3 June, 2016 in Xi'an, China. We invite submissions from academia, government, and industry presenting novel research on all theoretical and practical aspects of computer and network security. Areas of interest for ASIACCS 2016 include, but are not limited to: - Access control - Accounting and audit - Applied cryptography - Authentication - Cloud computing security - Cyber-physical security - Data and application security - Digital forensics - Embedded systems security - Formal methods for security - Hardware-based security - Intrusion detection - Key management - Malware and botnets - Mobile computing security - Network security - Operating system security - Privacy-enhancing technology - Security architectures - Security metrics - Software security - Smart grid security - Threat modeling - Trusted computing - Usable security and privacy - Web security - Wireless security ------------------------------------------------------------------------- ACM Transactions on Internet Technology, Special Issue on Internet of Things (IoT): Secure Service Delivery. (Submission Due 30 November 2015) http://toit.acm.org/CfP/ACM-ToIT-CfP-IoT-Security.pdf Editors: Elisa Bertino (Purdue University, USA), Kim-Kwang Raymond Choo (University of South Australia, Australia), Dimitrios Georgakopoulos (RMIT University, Australia), and Surya Nepal (CSIRO, Australia). The aim of this special section is to bring together cutting-edge research with particular emphasis on novel and innovative techniques to ensure the security and privacy of IoT services and users. We solicit research contributions and potential solutions for IoT-based secure service delivery anywhere and at any time. This special section emphasizes service-level considerations. Topics of interest include, but are not limited to: - Security of IoT - IoT Service Architectures and Platforms - Real-Time IoT Service Security Analytics and Forensics - Organizational Privacy and Security Policies - Governance for IoT Services - Social Aspects of IoT Security - Security and Privacy Threats to IoT Services and Users - Accountability and Trust Management - Legal Considerations and Regulations - Case Studies and Applications ------------------------------------------------------------------------- PETS 2016 16th Privacy Enhancing Technologies Symposium, Darmstadt, Germany, July 19-22, 2016. (Submission Due 31 August 2015, 30 November 2015, or 29 February 2016) http://petsymposium.org/ The annual Privacy Enhancing Technologies Symposium (PETS) brings together privacy experts from around the world to discuss recent advances and new perspectives on research in privacy technologies. New model as of PETS 2015: Papers undergo a journal-style reviewing process and accepted papers are published in the journal Proceedings on Privacy Enhancing Technologies (PoPETs). PoPETs, a scholarly, open access journal for timely research papers on privacy, has been established as a way to improve reviewing and publication quality while retaining the highly successful PETS community event. Authors can submit papers to PoPETs four times a year, every three months on a predictable schedule. Authors are notified of the decisions about two months after submission. In addition to accept and reject decisions, papers may be provided with 'major revision' decisions, in which case authors are invited to revise and resubmit their article to one of the following two submission deadlines. NEW as of PETS 2016: PETS 2016 also solicits submissions for Systematization of Knowledge (SoK) papers. These are papers that critically review, evaluate, and contextualize work in areas for which a body of prior literature exists, and whose contribution lies in systematizing the existing knowledge in that area. Authors are encouraged to view our FAQ about the submission process. Suggested topics include but are not restricted to: - Behavioural targeting - Building and deploying privacy-enhancing systems - Crowdsourcing for privacy - Cryptographic tools for privacy - Data protection technologies - Differential privacy - Economics of privacy and game-theoretical approaches to privacy - Forensics and privacy - Human factors, usability and user-centered design for PETs - Information leakage, data correlation and generic attacks to privacy - Interdisciplinary research connecting privacy to economics, law, ethnography, psychology, medicine, biotechnology - Location and mobility privacy - Measuring and quantifying privacy - Obfuscation-based privacy - Policy languages and tools for privacy - Privacy and human rights - Privacy in ubiquitous computing and mobile devices - Privacy in cloud and big-data applications - Privacy in social networks and microblogging systems - Privacy-enhanced access control, authentication, and identity management - Profiling and data mining - Reliability, robustness, and abuse prevention in privacy systems - Surveillance - Systems for anonymous communications and censorship resistance - Traffic analysis - Transparency enhancing tools ------------------------------------------------------------------------- CPSS 2016 2nd ACM Cyber-Physical System Security Workshop, Held in conjunction with ACM AsiaCCS 2016 Conference, Xi'an, China, May 31, 2016. (Submission Due 5 December 2015) http://icsd.i2r.a-star.edu.sg/cpss16/ Cyber-Physical Systems (CPS) consist of large-scale interconnected systems of heterogeneous components interacting with their physical environments. There are a multitude of CPS devices and applications being deployed to serve critical functions in our lives. The security of CPS becomes extremely important. This workshop will provide a platform for professionals from academia, government, and industry to discuss how to address the increasing security challenges facing CPS. Besides invited talks, we also seek novel submissions describing theoretical and practical security solutions to CPS. Papers that are pertinent to the security of embedded systems, SCADA, smart grid, and critical infrastructure networks are all welcome, especially in the domains of energy and transportation. Topics of interest include, but are not limited to: - Adaptive attack mitigation for CPS - Authentication and access control for CPS - Availability, recovery and auditing for CPS - Data security and privacy for CPS - Embedded systems security - EV charging system security - Intrusion detection for CPS - IoT security - Key management in CPS - Legacy CPS system protection - Lightweight crypto and security - SCADA security - Security of industrial control systems - Smart grid security - Threat modeling for CPS - Urban transportation system security - Vulnerability analysis for CPS - Wireless sensor network security ------------------------------------------------------------------------- IFIP SEC 2016 31th IFIP TC-11 SEC 2016 International Information Security and Privacy Conference, Ghent, Belgium, May 30 - June 1, 2016. (Submission Due 24 December 2015) http://ifipsec.org/2016/ The IFIP SEC conference is the flagship event of the International Federation for Information Processing (IFIP) Technical Committee 11 on Security and Privacy Protection in Information Processing Systems (TC-11, www.ifiptc11.org). We seek submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of security and privacy protection in ICT Systems. Topics of interest: - Access control and authentication - Applied cryptography - Audit and risk analysis - Big data security and privacy - Cloud security and privacy - Critical infrastructure protection - Cyber-physical systems security - Data and applications security - Digital forensics - Human aspects of security and privacy - Identity management - Information security education - Information security management - Information technology misuse and the law - Managing information security functions - Mobile security - Multilateral security - Network & distributed systems security - Pervasive systems security - Privacy protection and Privacy-by-design - privacy enhancing technologies - Surveillance and counter-surveillance - Trust management ------------------------------------------------------------------------- ACNS 2016 14th International Conference on Applied Cryptography and Network Security, London, United Kingdom, June 19-22, 2016. (Submission Due 27 January 2016) http://acns2016.sccs.surrey.ac.uk/ The conference seeks submissions presenting novel research on all technical aspects of applied cryptography, cyber security (incl. network and computer security) and privacy. This includes submissions from academia/industry on traditional and emerging topics and new paradigms in these areas, with a clear connection to real-world problems, systems or applications. Submissions may focus on the modelling, design, analysis (incl. security proofs and attacks), development (e.g. implementations), deployment (e.g. system integration), and maintenance (e.g. performance measurements, usability studies) of algorithms/protocols/standards/implementations/technologies /devices/systems standing in relation with applied cryptography, cyber security and privacy, while advancing or bringing new insights to the state of the art. Some topics of interest include but not limited to: - Access control - Applied cryptography - Automated security analysis - Biometric security/privacy - Complex systems security - Critical infrastructures - Cryptographic primitives - Cryptographic protocols - Data protection - Database/system security - Digital rights management - Email and web security - Future Internet security - Identity management - IP protection - Internet fraud, cybercrime - Internet-of-Things security - Intrusion detection - Key management - Malware - Mobile/wireless/5G security - Network security protocols - Privacy/anonymity, PETs - Pervasive security - Security in e-commerce - Security in P2P systems - Security in grid systems - Cloud security/privacy - Security/privacy metrics - Trust management - Ubiquitous security/privacy - Human factors in security - Usability in security/privacy ------------------------------------------------------------------------- ==================================================================== Information on the Technical Committee on Security and Privacy ==================================================================== ____________________________________________________________________ Information for Subscribers and Contributors ____________________________________________________________________ SUBSCRIPTIONS: Two options, each with two options: 1. To receive the full ascii CIPHER issues as e-mail, send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe". OR send a note to cipher-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) 2. To receive a short e-mail note announcing when a new issue of CIPHER is available for Web browsing send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe postcard". OR send a note to cipher-postcard-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) To remove yourself from the subscription list, send e-mail to cipher-admin@ieee-security.org with subject line "unsubscribe" or "unsubscribe postcard" or, if you have subscribed directly to the xmission.com mailing list, use your password (sent monthly) to unsubscribe per the instructions at http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher or http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher-postcard Those with access to hypertext browsers may prefer to read Cipher that way. It can be found at URL http://www.ieee-security.org/cipher.html CONTRIBUTIONS: to cipher @ ieee-security.org are invited. Cipher is a NEWSletter, not a bulletin board or forum. It has a fixed set of departments, defined by the Table of Contents. Please indicate in the subject line for which department your contribution is intended. Calendar and Calls-for-Papers entries should be sent to cipher-cfp @ ieee-security.org and they will be automatically included in both departments. To facilitate the semi-automated handling, please send either a text version of the CFP or a URL from which a text version can be easily obtained. For Calendar entries, please include a URL and/or e-mail address for the point-of-contact. For Calls for Papers, please submit a one paragraph summary. See this and past issues for examples. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. All reuses of Cipher material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy, publications using Cipher material should obtain permission from the contributors. ____________________________________________________________________ Recent Address Changes ____________________________________________________________________ Address changes from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/AddressChanges.html _____________________________________________________________________ How to become <> a member of the IEEE Computer Society's TC on Security and Privacy _____________________________________________________________________ You may easily join the TC on Security & Privacy by completing the on-line for at IEEE at https://www.ieee.org/membership-catalog/productdetail/showProductDetailPage.html?product=CMYSP728 ______________________________________________________________________ TC Publications for Sale ______________________________________________________________________ The proceedings of previous conferences are available from the Computer Society's Digital Library. IEEE Security and Privacy Symposium IEEE CS Press ____________________________________________________________________________ TC Officers and SP Steering Committee ____________________________________________________________________________ Chair: Security and Privacy Symposium Chair Emeritus: Patrick McDaniel Sean Peisert Computer Science and Engineering UC Davis and Pennsylvania State University Lawrence Berkeley National Laboratory 360 A IST Building oakland15-chair@ieee-security.org University Park, PA 16802 (814) 863-3599 mcdaniel@cse.psu.edu Vice Chair: Treasurer: Ulf Lindqvist Yong Guan SRI International 3219 Coover Hall Menlo Park, CA Department of Electrical and Computer ulf.lindqvist@sri.com Engineering Iowa State University, Ames, IA 50011 (515) 294-8378 yguan (at) iastate.edu Newsletter Editor and Security and Privacy Symposium, 2016 Chair: TC Awards Chair: Michael Locasto Hilarie Orman University of Calgary Purple Streak, Inc. oakland16-chair@ieee-security.org 500 S. Maple Dr. Woodland Hills, UT 84653 cipher-editor@ieee-security.org ____________________________________________________________________________ BACK ISSUES: Cipher is archived at: http://www.ieee-security.org/cipher.html Cipher is published 6 times per year