Commentary and Opinion and News
NewsBits: Announcements and correspondence from readers (please contribute!)
Listing of academic positions available by
No new postings since Cipher E135.
Conference and Workshop Announcements
Cipher calendar announcements are on Twitter; follow "ciphernews"
Requests for inclusion in the list should sent per instructions. new calls or announcements added since Cipher E135 (the calls-for-papers and the calendar announcements may differ slightly in content or time of update):
IEEE Security and Privacy magazine, Special Issue on Blockchain Security and Privacy, (Submissions Due 1 February 2017)
Guest Editors: Ghassan Karame (NEC Laboratories Europe, Germany),
and Srdjan Capkun (ETH Zurich, Switzerland)
The blockchain emerged as a novel distributed consensus scheme that allows transactions, and any other data, to be securely stored and verified without a centralized authority. For some time, the notion of blockchain was tightly coupled with Bitcoin, a well-known proof of work hash-based mechanism. Today, there are more than one hundred alternate blockchains. Some are simple variants of Bitcoin, whereas others significantly differ in their design and provide different functional and security guarantees. This shows that the research community is in search of a simple, scalable, and deployable blockchain technology. Various reports further point to an increased interest in the use of blockchains across many applications and a significant investment by different industries in their development. The blockchain will likely induce considerable change to a large number of systems and businesses. Distributed trust, and therefore security and privacy, is at the core of the blockchain technologies and has the potential to either make them a success or cause them to fail. This special issue aims to collect the most relevant ongoing research efforts in blockchain security and privacy. Topics include, but aren't limited to:
IWPE 2017 3rd International Workshop on Privacy Engineering, Co-located with IEEE Symposium on Security and Privacy (SP 2017), San Jose, CA, USA, May 25, 2017. (Submissions Due 3 February 2017)
Ongoing news reports regarding global surveillance programs, massive personal data breaches in corporate databases, and notorious examples of personal tragedies due to privacy violations have intensified societal demands for privacy-friendly systems. In response, current legislative and standardization processes worldwide aim to strengthen individual's privacy by introducing legal, organizational and technical frameworks that personal data collectors and processors must follow. However, in practice, these initiatives alone are not enough to guarantee that organizations and software developers will be able to identify and adopt appropriate privacy engineering techniques in their daily practices. Even if so, it is difficult to systematically evaluate whether the systems they develop using such techniques comply with legal frameworks, provide necessary technical assurances, and fulfill users' privacy requirements. It is evident that research is needed in developing techniques and tools that can aid the translation of legal and normative concepts, as well as user expectations into systems requirements. Furthermore, methods that can support organizations and engineers in developing (socio-)technical systems that address these requirements is of increasing value to respond to the existing societal challenges associated with privacy. In this context, privacy engineering research is emerging as an important topic. Engineers are increasingly expected to build and maintain privacy-preserving and data-protection compliant systems in different ICT domains such as health, energy, transportation, social computing, law enforcement, public services; based on different infrastructures such as cloud, grid, or mobile computing and architectures. While there is a consensus on the benefits of an engineering approach to privacy, concrete proposals for models, methods, techniques and tools that support engineers and organizations in this endeavor are few and in need of immediate attention. To cover this gap, the topics of the International Workshop on Privacy Engineering (IWPE'17) focus on all the aspects surrounding privacy engineering, ranging from its theoretical foundations, engineering approaches, and support infrastructures, to its practical application in projects of different scale. Specifically, we are seeking the following kinds of papers: (1) technical papers that illustrate the engineering or application of a novel formalism, method or other research finding (e.g., a privacy enhancing protocol) with preliminary evaluation; (2) experience and practice papers that describe a case study, challenge or lessons learned from in a specific domain; (3) early evaluations of tools and other infrastructure that support engineering tasks in privacy requirements, design, implementation, testing, etc.; (4) interdisciplinary studies or critical reviews of existing privacy engineering concepts, methods, tools and frameworks; or (5) vision papers that take a clear position informed by evidence based on a thorough literature review. IWPE'17 welcomes papers that focus on novel solutions on the recent developments in the general area of privacy engineering. Topics of interests include, but are not limited to:
ACNS 2017 15th International Conference on Applied Cryptography and Network Security, Kanazawa, Japan, July 10-12, 2017. (Submissions Due 3 February 2017)
ACNS is an annual conference focusing on innovative research and current developments that advance the areas of applied cryptography, cyber security and privacy. Both academic research works with high relevance to real-world problems as well as developments in industrial and technical frontiers fall within the scope of the conference. Submissions may focus on the modelling, design, analysis (including security proofs and attacks), development (e.g. implementations), deployment (e.g. system integration), and maintenance (including performance measurements, usability studies) of algorithms / protocols / standards / implementations / technologies / devices / systems, standing in close relation with applied cryptography, cyber security and privacy, while advancing or bringing new insights to the state of the art.
Elsevier Digital Communications and Networks, Special Issue on Big Data Security and Privacy, (Submissions Due 15 February 2017)
Guest Editors: Shui Yu (Deakin University, Australia),
Peter Muller (IBM Zurich Research Laboratory, Switzerland),
and Albert Zomaya (University of Sydney, Australia).
As human beings are deep into the Information Age, we have been witnessing the rapid development of Big Data. Huge amounts of data from sensors, individual archives, social networks, Internet of Things, enterprise and Internet are collected, shared and analyzed. Security and Privacy is one of the most concerned issues in Big Data. Big Data definitely desires the security and privacy protection all through the collection, transmission and analysis procedures. The features of Big Data such as Veracity, Volume, Variety and dynamicity bring new challenges to security and privacy protection. To protect the confidentiality, integrity and availability, traditional security measures such as cryptography, log/event analysis, intrusion detection/prevention and access control have taken a new dimension. To protect the privacy, new pattern of measures such as privacy-preserved data analysis need to be explored. There is a lot of work to be done in this emerging field. The purpose of this special issue is to make the security and privacy communities realizing the challenges and tasks that we face in Big Data. We focus on exploring the security and privacy aspects of Big Data as supporting and indispensable elements of the emerging Big Data research. The areas of interest include, but are not limited to, the following:
USENIX Security 2017 26th USENIX Security Symposium, Vancouver, Canada, August 16-18, 2017. (Submissions Due 16 February 2017)
The USENIX Security Symposium brings together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security and privacy of computer systems and networks. All researchers are encouraged to submit papers covering novel and scientifically significant practical works in computer security. USENIX Security is interested in all aspects of computing systems security and privacy. Papers without a clear application to security or privacy, however, will be considered out of scope and may be rejected without full review.
CSF 2017 30th IEEE Computer Security Foundations Symposium, Co-located with CRYPTO 2017, Santa Barbara, California, USA, August 22-25, 2017. (Submissions Due 17 February 2017)
The Computer Security Foundations Symposium is an annual conference for researchers in computer security. CSF seeks papers on foundational aspects of computer security, such as formal security models, relationships between security properties and defenses, principled techniques and tools for design and analysis of security mechanisms, as well as their application to practice. While CSF welcomes submissions beyond the topics listed below, the main focus of CSF is foundational security: submissions that lack foundational aspects risk rejection. This year, CSF will use a light form of double-blind reviewing. New results in computer security are welcome. We also encourage challenge/vision papers, which may describe open questions and raise fundamental concerns about security.
WICSPIT 2017 Workshop on Innovative CyberSecurity and Privacy for Internet of Things: Strategies, Technologies, and Implementations, Held in conjunction with the International Conference on Internet of Things, Big Data and Security (IoTBDS 2017), Porto, Portugal, April 24 - 26, 2017. (Submissions Due 20 February 2017)
Cyber-attackers are steadily getting more creative and ambitious in their exploits and causing real-world damage (e.g., the German steel mill hack in 2014, the Ukrainian Power Grid hack in 2015). Proprietary and personally identifiable information are vulnerable to leakage as well (e.g., the Sony hack in 2014, the US Office of Personnel Management in 2014). The Internet of Things (IoT), a platform which allows everything to process information, communicate data, and analyze context opens up new vulnerabilities for both security and privacy. Smart buildings and smart cities, for example, will collect and process data for millions of individuals. Industrial systems, which were never intended to be linked via common protocols, are recognized as suddenly being open to security threats that can limit service availability and possibly cause considerable damage. Autonomous systems allowed to operate with minimal oversight are ripe targets for cyber-attacks. Data stored and processed in confidence in the cloud may be subject to exfiltration, leading to public embarrassment or the exposure of proprietary information. As cyber-events increase in number and severity, security engineers must incorporate innovative cybersecurity strategies and technologies to safeguard their systems and confidential information. A strategy to address a cybersecurity vulnerability, once identified, must understand the nature of the vulnerability and how to mitigate it. The "security tax" or "privacy tax" (system and service degradation) caused by the implementation of the mitigating security technologies may be so great that the end user bypasses the technologies and processes meant to ensure the system's security and privacy. A practical reality of the adoption of IoT is that it will require integration of new technologies with existing systems and infrastructure, which will continue to expose new security and privacy vulnerabilities; re-engineering may be required. The human element of IoT, the user, must be considered, and how the user and the IoT system interact to optimize system security and user privacy must be defined. Cyber-attackers and cyber victims are often in different countries, the transnational nature of many cyber-events necessitate the consideration of public policy and legal concerns as well. This workshop aims to showcase new and emerging strategies and technologies for forecasting, mitigating, countering, and attributing cyber-events that threaten security and privacy within the realm of IoT. The institutional benefits of IoT adoption are clear, however security and privacy concerns are constantly coming to light. As organizations - both public and private, large and small - adopt new IoT technologies, we hope that this workshop can serve as an opening conversation between government, industry, and academia for the purpose of addressing those concerns.
IVSW 2017 2nd International Verification and Security Workshop, Thessaloniki, Greece, July 3-5, 2017. (Submissions Due 26 February 2017)
Issues related to verification and security are increasingly important in modern electronic systems. In particular, the huge complexity of electronic systems has led to growth in quality, reliability and security needs in several application domains as well as pressure for low cost products. There is a corresponding increasing demand for cost-effective verification techniques and security solutions. These needs have increased dramatically with the increased complexity of electronic systems and the fast adoption of these systems in all aspects of our daily lives. The goal of IVSW is to bring industry practitioners and researchers from the fields of verification, validation, test, reliability and security to exchange innovative ideas and to develop new methodologies for solving the difficult challenges facing us today in various SoC design environments. The workshop seeks submissions from academia and industry presenting novel research results on the following topics of interest:
PETS 2017 17th Privacy Enhancing Technologies Symposium, Minneapolis, MN, USA, July 18 - July 21, 2017. (Submissions Due 31 August 31 2016; 30 November 2016; 28 February 28 2017)
The annual Privacy Enhancing Technologies Symposium (PETS) brings together privacy experts from around the world to present and discuss recent advances and new perspectives on research in privacy technologies. Papers undergo a journal-style reviewing process and accepted papers are published in Proceedings on Privacy Enhancing Technologies (PoPETs), a scholarly, open access journal. Submitted papers should present novel practical and/or theoretical research into the design, analysis, experimentation, or fielding of privacy-enhancing technologies. While PETS/PoPETs has traditionally been home to research on anonymity systems and privacy-oriented cryptography, we strongly encourage submissions on a number of both well-established and emerging privacy-related topics, for which examples are provided below. PoPETs also solicits submissions for Systematization of Knowledge (SoK) papers. These are papers that critically review, evaluate, and contextualize work in areas for which a body of prior literature exists, and whose contribution lies in systematizing the existing knowledge in that area.
Journal of Visual Communication and Image Representation, Special Issue on Data-driven Multimedia Forensics and Securit, (Submissions Due 28 February 2017)
Guest Editors: Anderson Rocha (University of Campinas, Brazil),
Shujun Li (Universityof Surrey, UK),
C.-C. Jay Kuo (University of Southern California, US),
Alessandro Piva (University of Florence, Italy),
and Jiwu Huang (Shenzhen University, China)
In the last decade a large number of multimedia forensic and security techniques have been proposed to evaluate integrity of multimedia data. However, most of these solutions adopt very limiting and simplifying working conditions, being more appropriate for laboratorial tests than for real-world deployment. Unfortunately, with big data requirements on the table, the stakes are higher now. Forensics and security experts are no longer required to provide the society with solutions for specific cases. Instead, we need to cope with shear amounts of data and in different operational and acquisition conditions. In addition to the traditional multimedia forensics and security research around integrity and authentication, digital images and videos have also been the core components in other related application domains, e.g. biometrics, image and video based information hiding, image and video collection forensics, automatic child porn detection, digital triage of image and video evidence, attacks on image and video-based CAPTCHAs, etc. A common feature of the above listed multimedia forensics and security problems is that they can all be solved by machine learning techniques driven by training data. In recent years, some new and powerful modeling and machine learning paradigms have been developed that allow us to glean over massive amounts of data and directly extract useful information for proper decision making, thus creating new techniques to solve those multimedia forensics and security problems with improved performance. This Special Issue invites researchers in all related fields (including but not limited to image and video signal processing, machine learning, computer vision and pattern recognition, cyber security, digital forensics) to join us in a quest for pinpointing the next-generation image and video forensics and security solutions of tomorrow, capable of processing image and video data using the recently-developed deep learning paradigm and other new modelling and learning techniques. ALL submissions must highlight their machine-learning based approach and discuss how their solutions deal with large collections of data. The core data used in your work should be visual data (images and videos). Video data may also include RGB, IR, and depth data. The topics of interest of this Special Issue are listed below. The list is not exhaustive and prospective authors should contact the editors in case of any question. Submissions can contemplate original research, serious dataset collection and benchmarking, or critical surveys. Example Topics of Interest:
IEEE Security & Privacy Magazine, Special issue on Digital Forensics, (Submissions Due 1 March 2017)
Guest Editors: Wojciech Mazurczyk (Warsaw University of Technology &
FernUniversität in Hagen, Poland), Steffen Wendzel (Fraunhofer FKIE, Germany),
Luca Caviglione (National Research Council of Italy, Italy),
and Simson L. Garfinkel (National Institute of Standards and
Modern societies are becoming increasingly dependent on open networks where commercial activities, business transactions, and government services are delivered. Despite the benefits, these networks have led to new cyberthreats and cybersecurity issues. Abuse of and mistrust for telecommunications and computer network technologies have significant socioeconomic impacts on global enterprises as well as individuals. Cybercriminal activities such as fraud often require the investigations that span across international borders. In addition, they're often subject to different jurisdictions and legal systems. The increased intricacy of the communication and networking infrastructure complicates investigation of such activities. Clues of illegal digital activities are often buried in large volumes of data that makes crime detection and evidence collection difficult. This poses new challenges for law enforcement and compels computer societies to utilize digital forensics to combat the growing number of cybercrimes. Forensic professionals must be fully prepared to gather effective digital evidence. Forensic techniques must keep pace with new technologies; therefore, digital forensics is becoming more important for law enforcement and information and network security. This multidisciplinary area includes several fields, including law, computer science, finance, networking, data mining, and criminal justice. It faces diverse challenges and issues in terms of the efficiency of digital evidence processing and related forensic procedures. This special issue aims to collect the most relevant ongoing research efforts in digital forensics field. Topics include, but aren't limited to:
SOUPS 2017 13th Symposium on Usable Privacy and Security, Santa Clara, CA, USA, July 12-14, 2017. (Submissions Due 1 March 2017)
The 2017 Symposium on Usable Privacy and Security (SOUPS) will bring together an interdisciplinary group of researchers and practitioners in human computer interaction, security, and privacy. We invite authors to submit previously unpublished papers describing research or experience in all areas of usable privacy and security. We welcome a variety of research methods, including both qualitative and quantitative approaches. Topics include, but are not limited to:
DBSec 2017 31st Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy, Philadelphia, PA, USA, July 17-19, 2017. (Submissions Due 6 March 2017)
DBSec is an annual international conference covering research in data and applications security and privacy. The 31st Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec 2017) will be held in Philadelphia, PA, USA. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of data protection, privacy, and applications security. Topics of interest include, but are not limited to:
WiSec 2017 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Boston, MA, USA, July 18-20, 2017. (Submissions Due 13 March 2017)
ACM WiSec is the leading ACM and SIGSAC conference dedicated to all aspects of security and privacy in wireless and mobile networks and their applications. In addition to the traditional ACM WiSec topics of physical, link, and network layer security, we welcome papers focusing on the security and privacy of mobile software platforms, usable security and privacy, biometrics, cryptography, and the increasingly diverse range of mobile or wireless applications such as Internet of Things, and Cyber-Physical Systems. The conference welcomes both theoretical as well as systems contributions. Topics of interest include, but are not limited to:
RAID 2017 20th International Symposium on Research in Attacks, Intrusions and Defenses, Atlanta, GA, USA, September 18-20, 2017. (Submissions Due 28 March 2017)
Over the last 20 years, the International Symposium on Research in Attacks, Intrusions and Defenses (RAID) has established itself as a venue where leading researchers and practitioners from academia, industry, and the government are given the opportunity to present novel research in a unique venue to an engaged and lively community. The conference is known for the quality and thoroughness of the reviews of the papers submitted, the desire to build a bridge between research carried out in different communities, and the emphasis given on the need for sound experimental methods and measurement to improve the state of the art in cybersecurity. RAID features a traditional poster session with a walking dinner on the first evening to encourage the presentation of work in progress and the active participation of younger members of the community. In this special year, the 20th anniversary of RAID's creation, we are soliciting research papers on topics covering all well-motivated security problems. We care about techniques that identify new real-world threats, techniques to prevent them, to detect them, to mitigate them or to assess their prevalence and their consequences. Measurement papers are encouraged, as well as papers offering public access to new tools or datasets, or experience papers that clearly articulate important lessons. Specific topics of interest to RAID include:
PST 2017 15th Conference on Privacy, Security and Trust, Calgary, Alberta, Canada, August 28-30, 2017. (Submissions Due 15 May 2017)
PST2017 provides a forum for researchers and practitioners to present their latest research results, developments and ideas in areas of privacy, security and trust. PST 2017 topics are inter-disciplinary across privacy, security and trust. Technologies of interest include, but are not limited to:
ACM CCS 2017 24th ACM Conference on Computer and Communication Security, Dallas, TX, USA, October 30 - November 3, 2017. (Submissions Due 19 May 2017)
The ACM Conference on Computer and Communications Security (CCS) is the flagship annual conference of the Special Interest Group on Security, Audit and Control (SIGSAC) of the Association for Computing Machinery (ACM). The conference brings together information security researchers, practitioners, developers, and users from all over the world to explore cutting-edge ideas and results. It provides an environment to conduct intellectual discussions. From its inception, CCS has established itself as a high-standard research conference in its area.
ACSAC 2017 33rd Annual Computer Security Applications Conference, San Juan, Puerto Rico, December 4-8, 2017. (Submissions Due 1 June 2017)
The Annual Computer Security Applications Conference (ACSAC) is an internationally recognized forum where practitioners, researchers, and developers in information and system security meet to learn and to exchange practical ideas and experiences. If you are developing, researching, or implementing practical security solutions, consider sharing your experience and expertise at ACSAC. We are especially interested in submissions that address the application of security technology, the implementation of systems, and lessons learned. Some example topics are:
Staying in touch....
IEEE Computer Society's Technical Committee on Security and Privacy
|TC home page||TC Officers|
|How to join the TCSP (or other TCs)||Open Access Proceedings|
|Cipher past issues archive|