Commentary and Opinion and News
Sven Dietrich's review of The Hardware Hacker - Adventures in making & breaking hardware by Andrew "bunnie" Huang
NewsBits: Announcements and correspondence from readers (please contribute!)
Listing of academic positions available by
Nothing new since Cipher E137
Conference and Workshop Announcements
Cipher calendar announcements are on Twitter; follow "ciphernews"
Requests for inclusion in the list should sent per instructions.
new calls or announcements added since Cipher E137 (the calls-for-papers and the calendar announcements may differ slightly in content or time of update):
ACSAC 2017 33rd Annual Computer Security Applications Conference, San Juan, Puerto Rico, December 4-8, 2017. (Submission Due 8 June 2017)
The Annual Computer Security Applications Conference (ACSAC) is an internationally recognized forum where practitioners, researchers, and developers in information and system security meet to learn and to exchange practical ideas and experiences. If you are developing, researching, or implementing practical security solutions, consider sharing your experience and expertise at ACSAC. We are especially interested in submissions that address the application of security technology, the implementation of systems, and lessons learned. Some example topics are:
FDTC 2017 14th Workshop on Fault Diagnosis and Tolerance in Cryptography, Taipei, Taiwan, September 25, 2017. (Submission Due 9 June 2017)
Fault injection is one of the most exploited means for extracting confidential information from embedded devices and for compromising their intended operation. Therefore, research on developing methodologies, techniques, architectures and design tools for robust cryptographic systems (both hardware and software), and on protecting them against both accidental faults and intentional attacks is essential. Of particular interest are models and metrics for quantifying the protection of systems and protocols against malicious injection of faults and to estimate the leaked confidential information. FDTC is the reference event in the field of fault analysis, attacks and countermeasures. Topics of interest include but are not limited to:
ISDDC 2017 International Conference on Intelligent, Secure and Dependable Systems in Distributed and Cloud Environments, Vancouver, BC, Canada, October 25-27, 2017. (Submission Due 10 June 2017)
The integration of network computing and mobile systems offers new challenges with respect to the dependability of integrated applications. At the same time, new threat vectors have emerged that leverage and magnify traditional hacking methods, enabling large scale and intelligence-driven attacks against a variety of platforms, including mobile, cloud, Internet-of-things (IoT), as well as conventional networks. The consequence of such fast evolving environment is the pressing need for effective and efficient paradigms, approaches, and tools for building, maintaining, and managing secure and dependable systems. This conference solicits papers addressing issues related to the design, analysis, and implementation, of dependable and secure infrastructures, systems, architectures, algorithms, and protocols that deal with network computing, mobile/ubiquitous systems, cloud systems, and IoT systems. The goal of the ISDDC 2017 conference is to provide a forum for researchers, students, scientists and engineers working in academia and industry to share their experiences, new ideas and research results in the above-mentioned areas.
AsianHOST 2017 IEEE Asian Hardware-Oriented Security and Trust Symposium, Beijing, China, October 19-20, 2017. (Submission Due 10 June 2017)
IEEE Asian Hardware Oriented Security and Trust Symposium (AsianHOST) aims to facilitate the rapid growth of hardware security research and development in Asia and South Pacific areas. AsianHOST highlights new results in the area of hardware and system security. Relevant research topics include techniques, tools, design/test methods, architectures, circuits, and applications of secure hardware. AsianHOST 2017 invites original contributions related to, but not limited by, the following topics:
WISTP 2017 11th International Conference on Information Security Theory and Practice, Crete, Greece, September 28-29, 2017. (Submission Due 15 June 2017)
The 11th WISTP International Conference on Information Security Theory and Practice WISTP'2017) seeks original submissions from academia and industry presenting novel research on all theoretical and practical aspects of security and privacy, as well as experimental studies of fielded systems, the application of security technology, the implementation of systems, and lessons learned. We encourage interdisciplinary contributions bringing law, business, and policy perspectives on security issues. Submissions with regards to the security of future ICT technologies, such as cyber-physical systems, cloud services, data science and the Internet of Things are particularly welcome.
STM 2017 13th International Workshop on Security and Trust Management, Co-located with with ESORICS 2017, Oslo, Norway, September 14-15, 2017. ( (Submission Due 17 June 2017)
STM (Security and Trust Management) is a working group of ERCIM (European Research Consortium in Informatics and Mathematics). The workshop seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of security and trust in ICT. Topics of interest include, but are not limited to:
CECC 2017 Central European Cybersecurity Conference, Ljubljana, Slovenia, November 16-17, 2017. (Submission Due 19 June 2017)
The Central European Cybersecurity Conference - CECC 2017 aims at establishing a venue for the exchange of information on cybersecurity and its many aspects in central Europe. CECC 2017 encourages the dialogue between researchers of technical and social aspects of cybersecurity, both crucial in attaining adequate levels of cybersecurity. Complementary contributions dealing with its economic aspects as well as any legal, investigation or other issues related to cybersecurity are welcome, too. All accepted and presented research papers will be available in Open Access conference proceedings published by the University of Maribor Press and submitted for indexing by DBLP, Elsevier SCOPUS and Thomson Reuters Web of Science Core Collection.
DPM 2017 12th Workshop on Data Privacy Management, Co-located with ESORICS 2017, Oslo, Norway, September 14-15, 2017. (Submission Due 25 June 2017)
Organizations are increasingly concerned about the privacy of information that they manage (several people have filed lawsuits against organizations violating the privacy of customer's data). Thus, the management of privacy-sensitive information is very critical and important for every organization. This poses several challenging problems, such as how to translate the high-level business goals into system-level privacy policies, administration of privacy-sensitive data, privacy data integration and engineering, privacy access control mechanisms, information-oriented security, and query execution on privacy-sensitive data for partial answers. The aim of this workshop is to discuss and exchange the ideas related to privacy data management. We invite papers from researchers and practitioners working in privacy, security, trustworthy data systems and related areas to submit their original papers in this workshop. The main topics, but not limited to, include:
GameSec 2017 8th Conference on Decision and Game Theory for Security, Vienna, Austria, October 23-25, 2017. (Submission Due 29 June 2017)
The goal of GameSec is to bring together academic and industrial researchers in an effort to identify and discuss the major technical challenges and recent results that highlight the connection between game theory, control, distributed optimization, economic incentives and real world security, reputation, trust and privacy problems in a variety of technological systems. Submissions should solely be original research papers that have neither been published nor submitted for publication elsewhere.
IET Networks, Special Issues on Security architecture and technologies for 5G, (Submission Due 30 June 2017)
Guest Editors: Hongke Zhang (Beijing Jiaotong University, China),
Chi-Yuan Chen (National Ilan University, Taiwan),
Shui Yu (Deakin University, Australia),
and Wei Quan (Beijing Jiaotong University, China).
5G security challenges come from many aspects. Firstly, secure network architectures are required as the basis for 5G to support a huge number of connected devices. Secondly, 5G will migrate or bring in many promising network technologies, such as Software Defined Networking (SDN), Network Functions Virtualization (NFV), Information Centric Network (ICN), Device to Device (D2D), Network Slicing, Cloud Computing/Fog Computing and so on. These technologies should also provide security guarantee for 5G architecture. Thirdly, more and more user data and network traffic will be carried in the 5G network. Big Data Security should be considered to protect these data, including the data privacy, data sources, data analytics and so on. Fourthly, 5G will promote many interesting applications, which also require secure supports, such as Vehicular Network, Internet of Energy (IoE) and VR/AR. We call for survey and research papers in the 5G security scope. We aim to provide a platform for researchers to further explore the security issues, technologies, architecture for 5G networks.
SPIFEC 2017 1st European Workshop on Security and Privacy in Fog and Edge Computing, Held In conjunction with ESORICS 2017, Oslo, Norway, September 14-15, 2017. (Submission Due 30 June 2017)
The main goal of Fog Computing and other related Edge paradigms, such as Multi-Access Edge Computing, is to decentralize the Cloud and bring some of its services closer to the edge of the network, where data are generated and decisions are made. Cloud-enabled edge platforms will be able to cooperate not only with each other but with the cloud, effectively creating a collaborative and federated environment. This paradigm shift will fulfill the needs of novel services, such as augmented reality, that have particularly stringent requirements like extremely low latency. It will also help improve the vision of the Internet of Things by improving its scalability and overall functionality, among other benefits. To enable this vision, a number of platforms and technologies need to securely coexist, including sensors and actuators, edge-deployed systems, software-defined networks, hardware virtualization, data mining mechanisms, etc. However, this paradigm shift calls for new security challenges and opportunities to leverage services for new scenarios and applications. The field of edge computing security is almost unexplored, and demands further attention from the research community and industry in order to unleash the full potential of this paradigm.
CTC 2017 7th International Symposium on Secure Virtual Infrastructures - Cloud and Trusted Computing, Rhodes, Greece, October 23-24, 2017. (Submission Due 5 July 2017)
Current and future service-based software needs to remain focused towards the development and deployment of large and complex intelligent and networked information systems, required for internet-based and intranet-based systems in organizations, as well to move to IoT integration and big data analytics. Today, service-based software covers a very wide range of application domains as well as technologies and research issues. This has found realization through Cloud Computing, Big Data, and IoT. Vital element in such networked, virtualized, and sensor-based information systems are the notions of trust, security, privacy and risk management. The conference solicits submissions from both academia and industry presenting novel research in the context of Cloud Computing, Big Data, and IoT, presenting theoretical and practical approaches to cloud, big data, and IoT trust, security, privacy and risk management. The conference will provide a special focus on the intersection between cloud paradigm, big data analytics, and IoT integration, bringing together experts from the three communities to discuss on the vital issues of trust, security, privacy and risk management in Cloud Computing, shedding the light on novel issues and requirements in big data and IoT domains. Potential contributions could cover new approaches, methodologies, protocols, tools, or verification and validation techniques. We also welcome review papers that analyze critically the current status of trust, security, privacy and risk management in the cloud, big data, and IoT. Papers from practitioners who encounter trust, security, privacy, and risk management problems, and seek understanding are finally welcome. For 2017, a special emphasis will be put on "Secure and Trustworthy Big Data Analytics and IoT Integration: From the Periphery to the Cloud".
SSS 2017 19th Annual International Symposium on Stabilization, Safety, and Security of Distributed Systems, Boston, Massachusetts, USA, November 5-8, 2017. (Submission Due 7 July 2017)
SSS is an international forum for researchers and practitioners in the design and development of distributed systems with a focus on systems that are able to provide guarantees on their structure, performance, and/or security in the face of an adverse operational environment. Research in distributed systems is now at a crucial point in its evolution, marked by the importance and variety of dynamic distributed systems such as peer-to-peer networks, large-scale sensor networks, mobile ad-hoc networks, and cloud computing. Moreover, new applications such as grid and web services, distributed command and control, and a vast array of decentralized computations in a variety of disciplines has driven the need to ensure that distributed computations are self-stabilizing, performant, safe and secure. The symposium takes a broad view of the self-managed distributed systems area and encourages the submission of original contributions spanning fundamental research and practical applications within its scope, covered by the three symposium tracks: (i) Stabilizing Systems: Theory and Practice, (ii) Distributed Computing and Communication Networks, as well as (iii) Computer Security and Information Privacy.
FPS 2017 10th International Symposium on Foundations & Practice of Security, Nancy, France, October 23-25, 2017. (Submission Due 9 July 2017)
Protecting the communication and data infrastructure of an increasingly inter-connected world has become vital to the normal functioning of all aspects of our world. Security has emerged as an important scientific discipline whose many multifaceted complexities deserve the attention and synergy of the mathematical, computer science and engineering communities. The aim of FPS is to discuss and exchange theoretical and practical ideas that address security issues in inter-connected systems. It aims to provide scientific presentations as well as to establish links, promote scientific collaboration, joint research programs, and student exchanges between institutions involved in this important and fast moving research field. We also invite papers from researchers and practitioners working in security, privacy, trustworthy data systems and related areas to submit their original papers.
Guest Editors: Luca Caviglione (National Research Council of Italy,Italy),
Wojciech Mazurczyk (Warsaw University of Technology & FernUniversität in Hagen,
Poland), Steffen Wendzel (Fraunhofer FKIE, Germany),
and Sebastian Zander (Murdoch University, Australia).
In the last years, advancements of the information and communication technologies have spawned a variety of innovative paradigms, such as cloud and fog computing, the Internet of Things (IoT), or complex vehicle-to-vehicle frameworks. As a consequence, the cybersecurity panorama is now getting populated with complex, emerging, and unconventional attacks, which require deep investigation and proper understanding. For example, the diffusion of online social networks brought social engineering to the next level, while IoT led to a completely new set of hazards also endangering the user at a physical level. Modern threats also exploit a variety of advanced methods to increase their stealthiness in order to remain unnoticed for long periods, as well as reduce the effectiveness of many digital forensics techniques and detection tools. Therefore, new and emerging technologies changed the modern cybersecurity landscape, which nowadays is populated by novel attacks and also requires innovative detection and prevention methods. In this perspective, the special issue aims at investigating the most advanced and innovative forms of attacks and scenarios, for instance, considering automotive or building automation settings. To complete the picture, a relevant attention will be given to works dealing with innovative forms of detection and forensics analysis, which are mandatory to counteract sophisticated malware able to hide or take advantage of unconventional and complex scenarios. This issue accepts high quality papers containing novel original research results and review articles of exceptional merit covering the most cutting-edge cybersecurity threats and countermeasures. Potential topics include but are not limited to the following:
MIST 2017 9th ACM CCS International Workshop on Managing Insider Security Threats, Dallas, USA, October 30 - November 3, 2017. (Submission Due 4 August 2017)
During the past two decades, information security technology developments have been mainly concerned with intrusion detection to prevent unauthorized attacks from outside the network. This includes hacking, virus propagation, spyware and more. However, according to a recent Gartner Research Report, information leaks have drastically increased from insiders who are legally authorized to access corporate information. The unauthorized leak of critical or proprietary information can cause significant damage to corporate image and reputation, perhaps even weakening its competitiveness in the marketplace. On a larger scale, government and public sectors may suffer competitive loss to other nations due to an internal intelligence breach. While the leaking of critical information by insiders has a lower public profile than that of viruses and hacker attacks, the financial impact and loss can be just as devastating. The objective of this workshop is to showcase the most recent challenges and advances in security and cryptography technologies and management systems for preventing information breaches by insiders. The workshop promotes state-of-the-art research, surveys and case analyses of practical significance. Physical, managerial, and technical countermeasures will be covered in the context of an integrated security management system that protects critical cyber-infrastructure against unauthorized internal attack. We expect that this workshop will be a trigger for further research and technology improvements related to this important subject.
WPES 2017 Workshop on Privacy in the Electronic Society, Dallas, Texas, USA, October 30, 2017. (Submission Due 4 August 2017)
The need for privacy-aware policies, regulations, and techniques has been widely recognized. This workshop discusses the problems of privacy in the global interconnected societies and possible solutions. The 2017 Workshop, held in conjunction with the ACM CCS conference, is the sixteenth in a yearly forum for papers on all the different aspects of privacy in today's electronic society. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of electronic privacy, as well as experimental studies of fielded systems. We encourage submissions from other communities such as law and business that present these communities' perspectives on technological issues. Topics of interest include, but are not limited to, anonymization and trasparency, crowdsourcing for privacy and security, data correlation and leakage attacks, data security and privacy, data and computations integrity in emerging scenarios, electronic communication privacy, economics of privacy, information dissemination control, models, languages, and techniques for big data protection, personally identifiable information, privacy-aware access control, privacy and anonymity on the web, privacy in biometric systems, privacy in cloud and grid systems, privacy and confidentiality management, privacy and data mining, privacy in the Internet of Things, privacy in the digital business, privacy in the electronic records, privacy enhancing technologies, privacy and human rights, privacy in health care and public administration, privacy metrics, privacy in mobile systems, privacy in outsourced scenarios, privacy policies, privacy vs. security, privacy of provenance data, privacy in social networks, privacy threats, privacy and virtual identity, user profiling, and wireless privacy.
Ad Hoc Networks, Special Issue on Security of IoT-enabled Infrastructures in Smart Cities, (Submission Due 1 September 2017)
Guest Editors: Steven Furnell (Plymouth University, United Kingdom),
Abbas M. Hassan (Al Azhar University, Qena, Egypt),
and Theo Tryfonas (University of Bristol, United Kingdom).
Internet of Things (IoT) is a paradigm that involves a network of physical objects containing embedded technologies to collect, communicate, sense, and interact with their internal states or the external environment through wireless or wired connections. IoT uses unique addressing schemes and network infrastructures to create new application or services. Smart cities are developed urban environments where any citizen can use any service anywhere and anytime. IoT has become a generator of smart cities aiming at overcoming the problems inherent in traditional urban developments. The nature of IoT information exchange among the connected objects 'Things' and remote locations for data storage and data processing gives the ability to collect numerous amounts of data about individuals, and other things in the smart city. Hence, these data can be passed to malicious or have vulnerabilities such as man-in-the-middle attack or denial-of-service (DoS) attacks. Therefore, collected and transferred bands of data via IoT infrastructure would affect the national security and privacy. Driven by the concept that IoT is the major builder in the coming smart cities, security and privacy have become inevitable requirements not only for personal safety, but also for assuring the sustainability of the ubiquitous city. Although, there are available researches that address the security challenges in IoT data, this special issue aims to address the security and privacy challenges emerging from deploying IoT in smart cities with a special emphasize on the IoT device, infrastructures, networking, and protocols. In addition, the special issue provides an up-to-date statement of the current research progresses in IoT security, privacy challenges, and mitigation approaches for protecting the individuals' safety and the sustainability of the smart city. The topics of interest include but are not limited to:
Guest Editors: Ding Wang (Peking University, Beijing, China),
Shujun Li (University of Surrey, Guildford, UK),
and Qi Jiang (University of Waterloo, Ontario, Canada and
Xidian University, Xi'an, China).
We are venturing into the new era of Internet of Everything (IoE) where smaller and smarter computing devices have begun to be integrated into the cyber-physical-social environments in which we are living our lives. Despite its great potential, IoE also exposes devices and their users to new security and privacy threats, such as attacks emanating from the Internet that can impact human users' health and safety. User authentication, as a first line of defense, has been widely deployed to prevent unauthorized access and, in many cases, is also the primary line of defense. However, conventional user authentication mechanisms are not capable of addressing these new challenges. Firstly, it is not possible to directly utilize many Internet-centric security solutions because of the inherent characteristics of IoE devices (e.g., their limited computational capabilities and power supply). Secondly, IoE devices may lack conventional user interfaces, such as keyboards, mice, and touch screens, so that many traditional solutions simply cannot be applied. In summary, the subjects of user authentication in IoE are compelling, yet largely underexplored, and new technologies are needed by both the industry and academia. This special issue aims to provide a venue for researchers to disseminate their recent research ideas and results about user authentication in IoE. Potential topics include but are not limited to the following:
IFIP119-DF 2018 14th Annual IFIP WG 11.9 International Conference on Digital Forensics, New Delhi, India, January 3-5, 2018. (Submission Due 1 September 2017)
The IFIP Working Group 11.9 on Digital Forensics (www.ifip119.org) is an active international community of scientists, engineers and practitioners dedicated to advancing the state of the art of research and practice in digital forensics. The Fourteenth Annual IFIP WG 11.9 International Conference on Digital Forensics will provide a forum for presenting original, unpublished research results and innovative ideas related to the extraction, analysis and preservation of all forms of electronic evidence. Papers and panel proposals are solicited. All submissions will be refereed by a program committee comprising members of the Working Group. Papers and panel submissions will be selected based on their technical merit and relevance to IFIP WG 11.9. The conference will be limited to approximately a hundred participants to facilitate interactions between researchers and intense discussions of critical research issues. Keynote presentations, revised papers and details of panel discussions will be published as an edited volume - the fourteenth volume in the well-known Advances in Digital Forensics book series (Springer, Heidelberg, Germany) during the summer of 2018. Technical papers and posters are solicited in all areas related to the theory and practice of digital forensics. Areas of special interest include, but are not limited to:
Information & Communications Technology Express, Special Issue on Critical Infrastructure (CI) & Smart Grid Cyber Security, (Submission Due 1 December 2017)
Guest Editors: Leandros A. Maglaras (De Montfort University, UK),
Ki-Hyung Kim (Ajou University, Korea), Helge Janicke (De Montfort
University, UK), Mohamed Amine Ferrag, Guelma University, Algeria),
Artemios G. Voyiatzis (SBA Research, Austria), Pavlina Fragkou (T.E.I of Athens, Greece),
Athanasios Maglaras (T.E.I. of Thessaly, Greece),
and Tiago J. Cruz (University of Coimbra, Portugal).
Cyber-physical systems are becoming vital to modernizing the national critical infrastructure (CI) systems. A smart grid is an energy transmission and distribution network enhanced through digital control, monitoring, and telecommunications capabilities. It provides a real-time, two-way flow of energy and information to all stakeholders in the electricity chain, from the generation plant to the commercial, industrial, and residential end user. Each smart grid subsystem and its associated assets require specific security functions and solutions. For example, the solution to secure a substation is not the same as the solution to secure demand response and home energy management systems. Usual cyber security technologies and best practices - such as antivirus, firewalls, intrusion prevention systems, network security design, defense in depth, and system hardening - are necessary to protect the smart grid. However, history showed they are only part of the solution. Owing to the rapid increase of sophisticated cyber threats with exponentially destructive effects advanced cyber security technologies must be developed. The title of this special issue of ICT Express is therefore coined concisely as "Special Issue on CI & Smart Grid Cyber Security". This special issue focuses on innovative methods and techniques in order to address unique security issues relating to CI and smart grids. Original submissions reflecting latest research observation and achievement in the following areas are invited:
Staying in touch....
IEEE Computer Society's Technical Committee on Security and Privacy
|TC home page||TC Officers|
|How to join the TCSP (or other TCs)||Open Access Proceedings|
|Cipher past issues archive|