_/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/_/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/_/ _/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/ ============================================================================ Newsletter of the IEEE Computer Society's TC on Security and Privacy Electronic Issue 145 July 27, 2018 Hilarie Orman, Editor Sven Dietrich, Assoc. Editor cipher-editor @ ieee-security.org cipher-assoc-editor @ ieee-security.org Sven Dietrich Yong Guan Book Review Editor Calendar Editor cipher-bookrev @ ieee-security.org cipher-cfp @ ieee-security.org ============================================================================ The newsletter is also at http://www.ieee-security.org/cipher.html Cipher is published 6 times per year Contents: * Letter from the Editor * Commentary and Opinion and News o News - The Apple of Privacy - Apple's one-hour restriction on the USB port - Defining Cyberwar - The Spectre of Spectre - Yet Another Processor Side Channel o Book reviews, Conference Reports and Commentary and News items from past Cipher issues are available at the Cipher website * List of Computer Security Academic Positions, by Cynthia Irvine * Conference and Workshop Announcements o Upcoming calls-for-papers and events * Staying in Touch o Information for subscribers and contributors o Recent address changes * Links for the IEEE Computer Society TC on Security and Privacy o Becoming a member of the TC o TC Officers o TC publications for sale ==================================================================== Letter from the Editor ==================================================================== Dear Readers: The summer doldrums are upon us, and there seems to be little in the way of security news other than a seemingly unending stream of side channel attacks on predictive branching (although researchers seem far ahead of exploiters this time). Sometimes this editor has suspected that most news is proferred by those seeking to profit from it in the form of government grants or increased customer interest. In the heat of summer, hacks and privacy violations take a back seat to vacations and news of floods and fires. Such cynicism aside, we see that Facebook's dalliance with Cambridge Analytica has cost them dearly in stock value, and perhaps the tide is turning in favor of the individual in the privacy wars. If you want to submit a paper for possible inclusion in the program for the 2019 Security and Privacy Symposium, you should do so by September 1. The continuous submission system runs continuously, but papers submitted later than that date cannot be considered for the 2019 symposium unless no revisions are required. If you are sure that your paper will go through review without revisions, the deadline is December 1. Seeking Its Own Level They built the dam high, and they built the dam wide, It held back the river and stopped the flood's ride. When the water all vanished, speculation arose, A faulty controller had caused losses and woes. But they finally acquitted the electrical panel, Because all the water went down the side channel. Hilarie Orman cipher-editor @ ieee-security.org ==================================================================== News Briefs ==================================================================== The Apple of Privacy Apple Ups Privacy Controls in Growing Spat With Facebook https://www.bloomberg.com/news/articles/2018-06-04/apple-ups-privacy-controls-in-growing-cold-war-against-facebook Bloomberg By Mark Gurman June 4, 2018 Summary: Apple took steps to distance itself from the scandal involving third-party data sharing by announcing changes to the Safari browser to limit social media sharing. The user will have to approve, via a pop-up window, attempts of websites to load "share" buttons. The Safari browser will also limit the metadata that it sends to websites in order to thwart efforts by websites to create unique user profiles that can be used to track individuals as they browse the Internet. ------------------------------------------------ Apple's One Hour Restriction on the USB port Apple confirms iOS 12's 'USB Restricted Mode' will thwart police, criminal access https://appleinsider.com/articles/18/06/13/apple-confirms-ios-12s-usb-restricted-mode-designed-to-thwart-spies-criminals-police-seizures Apple Insider Jun 14, 2018 By Roger Fingas June 13, 2018 Summary: The USB port on iOS devices is believed to be the port of entry for hackers and law enforcement agencies when gaining access to stolen or seized iPhones. With iOS 12, this access method will be shut off an hour after the phone is locked. Presumably Apple considers the one hour window to be a compromise of some sort with law enforcement. ------------------------------------------------ Defining Cyberwar The age of cyberwar is here. We can't keep citizens out of the debate https://www.theguardian.com/commentisfree/2018/jul/28/cyberwar-age-citizens-need-to-have-a-say The Guardian By David E. Sanger Jul 28, 2018 Summary: This opinion piece, by the national security correspondent for the New York Times, discusses the difficulty of defining and limiting cyberwarfare. It goes on constantly, termed "network exploitation" when we do it, and "cyberattack" when conducted against us, but there is no agreement on what nations cannot do to one another, and thus no negotiations. Sanger also has written a new book on cyber mayhem, and his insights into the history and problems are interesting. ------------------------------------------------ The Spectre of Spectre Intel Discloses New Spectre Flaws, Pays Researchers $100K http://www.eweek.com/security/intel-discloses-new-spectre-flaws-pays-researchers-100k eWeek By Sean Michael Kerner July 11, 2018 Summary: There is a bonanza of side-channel attacks being uncovered based on processor architectures for speculative execution. Intel is making a bid to stay ahead of the game by offering bounties for discoveries of new ones. An exploit described by MIT researchers using speculative buffer overflow has been rewarded with a payment of $100,000. (Ed. The full paper is available at https://people.csail.mit.edu/vlk/spectre11.pdf) ----- Yet Another Processor Side Channel New Spectre attack enables secrets to be leaked over a network https://arstechnica.com/gadgets/2018/07/new-spectre-attack-enables-secrets-to-be-leaked-over-a-network Ars Technica By Peter Bright July 26, 2018 Summary: Intel expanded their Haswell vector instruction set to handle 128 bit numbers. These instructions use quite a lot of power, so the circuitry for them is not powered up if they are not used. This leads to a clever side channel attack that can be run against a web server without the necessity of getting it to run malicious code. The channel is very slow, however, because normal network latency jitter interferes with measurements. Nonetheless, it might be exploited to obtain high-value short bitstrings, such as cryptographic keys. ------------------------------------------------ News briefs from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/NewsBriefs.html ==================================================================== Commentary and Opinion ==================================================================== Book reviews from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/BookReviews.html, and conference reports are archived at http://www.ieee-security.org/Cipher/ConfReports.html ==================================================================== Listing of academic positions available by Cynthia Irvine ==================================================================== Nothing new since Cipher E144. http://cisr.nps.edu/jobscipher.html -------------- This job listing is maintained as a service to the academic community. If you have an academic position in computer security and would like to have in it included on this page, send the following information: Institution, City, State, Position title, date position announcement closes, and URL of position description to: irvine@cs.nps.navy.mil ==================================================================== Upcoming Calls-For-Papers and Events ==================================================================== The complete Cipher Calls-for-Papers is located at http://www.ieee-security.org/CFP/Cipher-Call-for-Papers.html The Cipher event Calendar is at http://www.ieee-security.org/Calendar/cipher-hypercalendar.html Cipher calendar entries are announced on Twitter; follow ciphernews Requests for inclusion in the list should sent per instructions: http://www.ieee-security.org/Calendar/submitting.html ____________________________________________________________________ Cipher Event Calendar ____________________________________________________________________ 7/30/18: BigTrust, 2nd International Workshop on Trust, Security and Privacy for Big Data, Chengdu, China; http://res.hnu.edu.cn/hbs/Bigtrust2018/ Submissions are due 8/ 1/18: SP, 40th IEEE Symposium on Security and Privacy, San Francisco, CA, USA; https://www.ieee-security.org/TC/SP2019/ Submissions are due (rolling deadline) 8/ 7/18: NDSS, 26th Annual Network and Distributed System Security Symposium, San Diego, California, USA; https://www.ndss-symposium.org/ndss2019/ndss-2019-call-for-papers/ Submissions are due 8/10/18: NordSec, 23rd Nordic Conference on Secure IT Systems, Oslo, Norway https://securitylab.no/nordsec18/ Submissions are due 8/12/18-8/14/18: SOUPS, 14th Symposium on Usable Privacy and Security, Baltimore, MD, USA; https://www.usenix.org/conference/soups2018 8/12/18-8/14/18: SciSec, 1st International Conference on Science of Cyber Security, Beijing, China; http://www.sci-cs.net/ 8/12/18-8/15/18: DASC, 16th IEEE International Conference on Dependable, Autonomic and Secure Computing Athens, Greece; http://cyber-science.org/2018/dasc/ 8/15/18-8/17/18: USENIX Security, 27th USENIX Security Symposium, Baltimore, MD, USA; https://www.ieee-security.org/TC/SP2018/cfpapers.html 8/19/18-8/23/18: Crypto, 38th International Cryptology Conference, Santa Barbara, CA, USA; https://crypto.iacr.org/2018/ 8/27/18-8/30/18: ARES, 13th International Conference on Availability, Reliability and Security Hamburg, Germany; http://www.ares-conference.eu 8/27/18-8/30/18: FARES, 13th International Workshop on Frontiers in Availability, Reliability and Security, Hamburg, Germany; https://www.ares-conference.eu/workshops/fares-2018/ 8/27/18-8/30/18: WCTI, International Workshop on Cyber Threat Intelligence, Held in conjunction with the 13th International Conference on Availability, Reliability and Security (ARES 2018), Hamburg, Germany; https://www.ares-conference.eu/workshops/wcti-2018/ 8/31/18: NSPW, New Security Paradigms Workshop, Cumberland Lodge, Windsor, UK; http://nspw.org/2018/cfp 9/ 1/18: SP, 40th IEEE Symposium on Security and Privacy, San Francisco, CA, USA; https://www.ieee-security.org/TC/SP2019/ Submissions are due (rolling deadline) 9/ 3/18: CODASPY, 9th ACM Conference on Data and Application Security and Privacy, Dallas, TX, USA; http://www.codaspy.org Submissions are due 9/ 3/18: FPS, 11th International Symposium on Foundations & Practice of Security Montreal, Canada; http://fps2018.encs.concordia.ca/call-for-papers/ Submissions are due 9/ 3/18- 9/ 5/18: WSEC, 13th International Workshop on Security, Sendai, Japan; http://www.iwsec.org/2018/ 9/ 6/18- 9/ 7/18: STM, 14th International Workshop on Security and Trust Management, Co-located with the 23rd European Symposium On Research in Computer Security (ESORICS 2018), Barcelona, Spain; https://www.nics.uma.es/pub/stm18 9/10/18- 9/12/18: ICDF2C, 10th EAI International Conference on Digital Forensics & Cyber Crime, New Orleans, LA, USA; http://d-forensics.org/ 9/17/18: IFIP 11.9 DF, 15th Annual IFIP WG 11.9 International Conference on Digital Forensics, Orlando, Florida, USA; http://www.ifip119.org Submissions are due 9/17/18- 9/19/18: PLLS, 2nd Workshop on the Protection of Long-Lived Systems, Parnu, Estonia; http://plls2018.ttu.ee 9/18/18: STRIVE, 1st Workshop on Safety, securiTy, and pRivacy In automotiVe systEms, Co-located with SAFECOMP 2018, Vasteras, Sweden; http://www.iit.cnr.it/strive2018 9/18/18- 9/20/18: NISK, 11th Norwegian Information Security Conference, Longyearbyen, Svalbard, Norway; https://easychair.org/cfp/NISK2018 9/30/18-10/ 2/18: SecDev, IEEE Security Development Conference, Cambridge, MA, USA; https://secdev.ieee.org/2018/papers/ 9/30/18-10/ 3/18: CANS, 17th International Conference on Cryptology and Network Security, Naples, Italy; http://cans2018.na.icar.cnr.it/ 10/ 1/18: Springer International Journal of Information Security, Special Issue on IoT Security and Privacy; https://link.springer.com/journal/10207 Submissions are due 10/ 1/18: IEEE Internet of Things Journal, Special Issue on Secure Embedded IoT Devices for Resilient Critical Infrastructures; http://ieee-iotj.org/wp-content/uploads/2018/07/CFP-SI-Secure-Embedded-IoT-Devices-for-Resilient-CIs.pdf Submissions are due 10/ 1/18: SP, 40th IEEE Symposium on Security and Privacy, San Francisco, CA, USA; https://www.ieee-security.org/TC/SP2019/ Submissions are due (rolling deadline) 10/ 9/18-10/12/18: BigTrust, 2nd International Workshop on Trust, Security and Privacy for Big Data Chengdu, China; http://res.hnu.edu.cn/hbs/Bigtrust2018/ 10/15/18-10/19/18: ACM-CCS, 25th ACM Conference on Computer and Communications Security, Toronto, Canada; https://www.sigsac.org/ccs/CCS2018/papers.html 10/16/18-10/18/18: CRiSIS, 13th International Conference on Risks and Security of Internet and Systems Arcachon, France; http://crisis2018.labri.fr 10/29/18-10/31/18: ICICS, 20th International Conference on Information and Communications Security Lille, France; http://conference.imt-lille-douai.fr/icics2018/ 10/30/18: Human-centric Computing and Information Sciences, Thematic Issue on Security, Trust and Privacy for Human-centric Internet of Things; https://hcis-journal.springeropen.com/securityhciot Submissions are due 11/ 1/18: SP, 40th IEEE Symposium on Security and Privacy, San Francisco, CA, USA; https://www.ieee-security.org/TC/SP2019/ Submissions are due (rolling deadline) 11/13/18: EuroSP, 4th IEEE European Symposium on Security and Privacy, Stockholm, Sweden, https://www.ieee-security.org/TC/EuroSP2019/cfp.php Submissions are due 11/13/18-11/15/18: FPS, 11th International Symposium on Foundations & Practice of Security, Montreal, Canada; http://fps2018.encs.concordia.ca/call-for-papers/ 11/26/18-11/27/18: SSR, 4th Conference on Security Standards Research Darmstadt, Germany; https://ssr2018.net/ 11/28/18-11/30/18: ISDDC, International Conference on Intelligent, Secure and Dependable Systems in Distributed and Cloud Environments, Vancouver, BC, Canada; http://www.isddc.org/2018/ 11/28/18-11/30/18: NordSec, 23rd Nordic Conference on Secure IT Systems, Oslo, Norway, https://securitylab.no/nordsec18/ 12/ 1/18: SP, 40th IEEE Symposium on Security and Privacy, San Francisco, CA, USA; https://www.ieee-security.org/TC/SP2019/ Submissions are due (rolling deadline) 12/ 3/18-12/7/18: ACSAC, 2018 Annual Computer Security Applications Conference, San Juan, Puerto Rico, USA; https://www.acsac.org 12/ 4/18: IEEE Internet Computing Magazine, Special Issue on the Meaning of Identity on the Internet https://publications.computer.org/internet-computing/2018/05/31/meaning-identity-internet-call-papers/ Submissions are due 1/28/19- 1/30/19: IFIP 11.9 DF, 15th Annual IFIP WG 11.9 International Conference on Digital Forensics, Orlando, Florida, USA; http://www.ifip119.org 2/24/19- 2/27/19: NDSS, 26th Annual Network and Distributed System Security Symposium, San Diego, California, USA; https://www.ndss-symposium.org/ndss2019/ndss-2019-call-for-papers/ 3/25/19- 3/27/19: CODASPY, 9th ACM Conference on Data and Application Security and Privacy, Dallas, TX, USA; http://www.codaspy.org 5/20/19- 5/22/19: SP, 40th IEEE Symposium on Security and Privacy, San Francisco, CA, USA; https://www.ieee-security.org/TC/SP2019/ 6/17/19- 6/19/19: EuroSP, 4th IEEE European Symposium on Security and Privacy, Stockholm, Sweden; https://www.ieee-security.org/TC/EuroSP2019/cfp.php ____________________________________________________________________ Journal, Conference and Workshop Calls-for-Papers (new since Cipher E144) ___________________________________________________________________ SP 2019 40th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, May 20-22, 2019. (Submissions due first day of each month) https://www.ieee-security.org/TC/SP2019/ Since 1980 in Oakland, the IEEE Symposium on Security and Privacy has been he premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation and measurement of secure systems. Topics of interest include: - Access control and authorization - Accountability - Anonymity - Application security - Attacks and defenses - Authentication - Censorship resistance - Cloud security - Distributed systems security - Economics of security and privacy - Embedded systems security - Forensics - Hardware security - Intrusion detection and prevention - Malware and unwanted software - Mobile and Web security and privacy - Language-based security - Network and systems security - Privacy technologies and mechanisms - Protocol security - Secure information flow - Security and privacy for the Internet of Things - Security and privacy metrics - Security and privacy policies - Security architectures - Usable security and privacy This topic list is not meant to be exhaustive; S&P is interested in all aspects of computer security and privacy. Papers without a clear application to security or privacy, however, will be considered out of scope and may be rejected without full review. Systematization of Knowledge Papers As in past years, we solicit systematization of knowledge (SoK) papers that evaluate, systematize, and contextualize existing knowledge, as such papers can provide a high value to our community. Suitable papers are those that provide an important new viewpoint on an established, major research area, support or challenge long-held beliefs in such an area with compelling evidence, or present a convincing, comprehensive new taxonomy of such an area. Survey papers without such insights are not appropriate. Submissions will be distinguished by the prefix ÒSoK:Ó in the title and a checkbox on the submission form. They will be reviewed by the full PC and held to the same standards as traditional research papers, but they will be accepted based on their treatment of existing work and value to the community, and not based on any new research results they may contain. Accepted papers will be presented at the symposium and included in the proceedings. Workshops The Symposium is also soliciting submissions for co-located workshops. Further details on submissions can be found at https://www.ieee-security.org/TC/SP2019/workshops.html. Ongoing Submissions To enhance the quality and timeliness of the scientific results presented as part of the Symposium, and to improve the quality of our reviewing process, IEEE S&P now accepts paper submissions 12 times a year, on the first of each month. The detailed process can be found at the conference call-for-papers page. ------------------------------------------------------------------------- BigTrust 2018 2nd International Workshop on Trust, Security and Privacy for Big Data, Chengdu, China, October 9-12, 2018. (Submissions due 30 July 2018) [posted here 6/18/18] http://res.hnu.edu.cn/hbs/Bigtrust2018/ Big Data has the potential for enabling new insights to change science, engineering, medicine, healthcare, finance, business, and ultimately society itself. Current work on Big Data focuses on information processing such as data mining and analysis. However, trust, security and privacy of Big Data are vital concerns that have received less research focus. Regarding the above context, this workshop proposal is aimed at bringing together people from both academia and industry to present their most recent work related to trust, security and privacy issues in Big Data, and exchange ideas and thoughts in order to identify emerging research topics and define the future of Big Data. BigTrust 2018 is a part of MASS 2018, the 15th IEEE International Conference on Mobile Ad-hoc and Sensor Systems. ------------------------------------------------------------------------- NDSS 2019 26th Annual Network and Distributed System Security Symposium, San Diego, California, USA, February 24-27, 2019. (Submissions due 7 August 2018) [posted here 07/02/18] https://www.ndss-symposium.org/ndss2019/ndss-2019-call-for-papers/ The Network and Distributed System Security Symposium is a top venue that fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies. Technical papers and panel proposals are solicited. All submissions will be reviewed by the Program Committee and accepted submissions will be published by the Internet Society in the Proceedings of NDSS 2019. The Proceedings will be made freely accessible from the Internet Society webpages. Furthermore, permission to freely reproduce all or parts of papers for noncommercial purposes is granted provided that copies bear the Internet Society notice included in the first page of the paper. The authors are therefore free to post the camera-ready versions of their papers on their personal pages and within their institutional repositories. Reproduction for commercial purposes is strictly prohibited and requires prior consent. Submissions are solicited in, but not limited to, the following areas: - Anti-malware techniques: detection, analysis, and prevention - Cyber-crime defense and forensics (e.g., anti-phishing, anti-blackmailing, anti-fraud techniques) - Security for future Internet architectures and designs (e.g., Software-Defined Networking) - Implementation, deployment and management of network security policies - Integrating security in network protocols (e.g., routing, naming, and management) - Cyber attack (e.g., APTs, botnets, DDoS) prevention, detection, investigation, and response - Software/firmware analysis, customization, and transformation for systems security - Privacy and anonymity in networks and distributed systems - Security and privacy for blockchains and cryptocurrencies - Public key infrastructures, key management, certification, and revocation - Security for cloud/edge computing - Security and privacy of mobile/smartphone platforms - Security for cyber-physical systems (e.g., autonomous vehicles, industrial control systems) - Security for emerging networks (e.g., home networks, IoT, body-area networks, VANETs) - Security for large-scale, critical infrastructures (e.g., electronic voting, smart grid) - Security and privacy of systems based on machine learning and AI - Security of Web-based applications and services (e.g., social networking, crowd-sourcing) - Special problems and case studies: e.g., tradeoffs between security and efficiency, usability, cost, and ethics - Usable security and privacy - Trustworthy Computing software and hardware to secure networks and distributed systems ------------------------------------------------------------------------- NordSec 2018 23rd Nordic Conference on Secure IT Systems, Oslo, Norway, November 28-30, 2018. (Submissions due 10 August 2018) https://securitylab.no/nordsec18/ NordSec addresses a broad range of topics within IT security with the aim of bringing together computer security researchers and encouraging interaction between academia and industry. In addition to regular research paper submissions, we invite participants to present their ideas in poster sessions during lunches and coffee breaks. NordSec 2018 welcomes contributions within, but not limited to, the following areas: - Access control and security models - Applied cryptography - Blockchains - Cloud security - Commercial security policies and enforcement - Cryptanalysis - Cryptographic protocols - Cyber crime, warfare, and forensics - Economic, legal, and social aspects of security - Enterprise security - Hardware and smart card security - Mobile and embedded security - Internet of Things and M2M security - Internet, communication, and network security - Intrusion detection - Language-based techniques for security - New ideas and paradigms in security - Operating system security - Privacy and anonymity - Public-key cryptography - Security and machine learning - Security education and training - Security evaluation and measurement - Security management and audit - Security protocols - Security usability - Social engineering and phishing - Software security and malware - Symmetric cryptography - Trust and identity management - Trusted computing - Vulnerability testing - Web application security ------------------------------------------------------------------------- CODASPY 2019 9th ACM Conference on Data and Application Security and Privacy, Dallas, TX, USA, March 25-27, 2019. (Submissions due 3 September 2018) [posted here 7/2/18] http://www.codaspy.org CODASPY has had eight successful years and the goal of the conference is to discuss novel, exciting research topics in data and application security and privacy, and to lay out directions for further research and development in this area. The conference seeks submissions from diverse communities, including corporate and academic researchers, open-source projects, standardization bodies, governments, system and security administrators, software engineers and application domain experts. Topics of interest include, but are not limited to: - Application-layer security policies - Access control for applications - Access control for databases - Data-dissemination controls - Data forensics - Data leak detection and prevention - Enforcement-layer security policies - Privacy-preserving techniques - Private information retrieval - Search on protected/encrypted data - Secure auditing - Secure collaboration - Secure data provenance - Secure electronic commerce - Secure information sharing - Secure knowledge management - Secure multiparty computation - Secure software development - Securing data/apps on untrusted platforms - Securing the semantic web - Security and privacy in GIS/spatial data - Security and privacy in healthcare - Security and privacy in the Internet of Things - Security policies for databases - Social computing security and privacy - Social networking security and privacy - Trust metrics for applications, data, and users - Usable security and privacy - Web application security ------------------------------------------------------------------------- FPS 2018 11th International Symposium on Foundations & Practice of Security, Montreal, Canada, November 13-15, 2018. (Submissions due 3 September 2018) [posted here 7/30/18] http://fps2018.encs.concordia.ca/call-for-papers/ We invite researchers and practitioners from all countries working in security, privacy, trustworthy data systems and related areas to participate in the event. Protecting the communication and data infrastructure of an increasingly inter-connected world has become vital to the normal functioning of all aspects of our world. Security has emerged as an important scientific discipline whose many multifaceted complexities deserve the attention and synergy of the mathematical, computer science and engineering communities. The aim of FPS is to discuss and exchange theoretical and practical ideas that address security issues in inter-connected systems. It aims to provide scientific presentations as well as to establish links, promote scientific collaboration, joint research programs, and student exchanges between institutions involved in this important and fast moving research field. We also invite papers from researchers and practitioners working in security, privacy, trustworthy data systems and related areas to submit their original papers. ------------------------------------------------------------------------- IFIP 11.9 DF 2019 15th Annual IFIP WG 11.9 International Conference on Digital Forensics, Orlando, Florida, USA, January 28-30, 2019. (Submissions due 17 September 2018) http://www.ifip119.org The IFIP Working Group 11.9 on Digital Forensics (www.ifip119.org) is an active international community of scientists, engineers and practitioners dedicated to advancing the state of the art of research and practice in digital forensics. The Fifteenth Annual IFIP WG 11.9 International Conference on Digital Forensics will provide a forum for presenting original, unpublished research results and innovative ideas related to the extraction, analysis and preservation of all forms of electronic evidence. Papers and panel proposals are solicited. All submissions will be refereed by a program committee comprising members of the Working Group. Papers and panel submissions will be selected based on their technical merit and relevance to IFIP WG 11.9. The conference will be limited to approximately sixty participants to facilitate interactions between researchers and intense discussions of critical research issues. Keynote presentations, revised papers and details of panel discussions will be published as an edited volume - the fifteenth volume in the well-known Research Advances in Digital Forensics book series (Springer, Heidelberg, Germany) during the summer of 2019. Technical papers are solicited in all areas related to the theory and practice of digital forensics. Areas of special interest include, but are not limited to: - Theories, techniques and tools for extracting, analyzing and preserving digital evidence - Enterprise and cloud forensics - Embedded device forensics - Internet of Things forensics - Digital forensic processes and workflow models - Digital forensic case studies - Legal, ethical and policy issues related to digital forensics ------------------------------------------------------------------------- Springer International Journal of Information Security, Special Issue on IoT Security and Privacy, (Submissions due 1 October 2018) https://link.springer.com/journal/10207 Guest Editors: akeshi Takahashi (National Institute of Information and Communications Technology, Japan), Rodrigo Roman Castro (Universidad de Malaga, Spain), Ryan Ko (University of Waikato, New Zealand), Bilhanan Silverajan (Tampere University of Technology, Finland), and Said Tabet (Dell EMC, USA). The Internet is gradually transforming from a communication platform for conventional IT appliances into the Internet of Things (IoT), increasingly interconnecting many assorted devices and sensors. These devices are generally referred as IoT devices, and many of them are inexpensive and can be constrained in terms of energy, bandwidth and memory. The establishment of IoT ecosystems in various domains is bringing multiple benefits to human users and companies alike. Example of such domains include Smart Homes, Smart Cities, the Industrial Internet and even Intelligent Transportation Systems. However, the IoT as a whole - including related paradigms such as Machine-to-Machine (M2M) and Cyber-Physical Systems (CPS) - is susceptible to a multitude of threats. In fact, many IoT devices currently are insecure and have many security vulnerabilities. For example, many vulnerable IoT devices which have been infected with malware have subsequently become comprised into large botnets, resulting in devastating DDOS attacks. Consequently, ensuring the security of such IoT ecosystems - before, during, and after an attack takes place - is a crucial issue for our society at this moment. This special issue aims to collect contributions by leading-edge researchers from academia and industry, show the latest research results in the field of IoT security and privacy, and provide valuable information to researchers as well as practitioners, standards developers and policymakers. Its aim is to focus on the research challenges and issues in IoT security. Manuscripts regarding novel algorithms, architectures, implementations, and experiences are welcome. Topics include but are not limited to: - Secure protocols for IoT devices - Privacy solutions and privacy helpers for IoT environments - Trust frameworks and secure/private collaboration mechanisms for IoT environments - Secure management and self-healing for IoT environments - Operative systems security for IoT devices - Security diagnosis tools for IoT devices - Threat and vulnerability detection in IoT environments - Anomaly detection and prevention mechanisms in IoT networks - Case studies of malware analysis in IoT environments - IoT forensics and digital evidence - Testbeds and experimental facilities for IoT security analysis and research - Standardization activities for IoT security - Security and privacy solutions tailored to specific IoT domains and ecosystems ------------------------------------------------------------------------- IEEE Internet of Things Journal, Special Issue on Secure Embedded IoT Devices for Resilient Critical Infrastructures, (Submissions due 1 October 2018) [posted here 7/23/18] http://ieee-iotj.org/wp-content/uploads/2018/07/CFP-SI-Secure-Embedded-IoT-Devices-for-Resilient-CIs.pdf Guest Editors: Cristina Alcaraz (University of Malaga, Spain), Mike Burmester (Florida State University, USA), Jorge Cuellar (Siemens, Germany), Xinyi Huang (Fujian Normal University, China), Panayiotis Kotzanikolaou (University of Piraeus, Greece), and Mihalis Psarakis (University of Piraeus, Greece). The Internet of Things (IoT) opens the door to new technological opportunities for a wide range of applications that cover e-health, smart homes and automation, e-commerce, location-based services, smart vehicles, fleet management and remote system monitoring. However, at the same time as these technological opportunities grow so does the threat surface for potential adversaries targeting at various, interconnected ICT systems and consequently at ICT-dependent critical systems, such as SCADA (Supervisory Control and Data Acquisition Systems) systems. At this point, attackers could take advantage from the incorporation of the paradigm to exploit new security gaps, probably caused by unforeseen interoperability and adaptability problems. Indeed, the deployment of Internet-enabled embedded devices that are distributed over major critical domains, may create indirect and non-obvious inter-connections with the underlying Critical Infrastructures (CIs). Examples of such inter-connected systems may include traffic monitoring and control systems communicating with smart vehicles, energy related systems communicating with smart homes and smart meters, monitoring systems connected with autonomous sensors in nuclear plants, power grids and body area networks. There is a need to further explore the security issues related to IoT technologies to assure the resilience of CIs against advanced IoT-based attacks. The goal of this special issue is therefore to address the diverse security challenges and related to IoT-enabled CIs (IoT-CIs) and their resilience to advanced threats. Suggested topics include, but are not limited to, the following: - Security analysis and requirements in the coupling of IoT-CIs - Vulnerabilities, threat models and risk management in IoT-CIs - Reference architectures for the secure coupling of IoT in CI scenarios - Embedded security for mobile devices and BYOD - Network-layer attacks and defense mechanisms between IoT devices and CIs - Key management and access control in IoT-CIs - Resilience models for advanced threats in IoT-CIs - Advanced and lightweight awareness models for large IoT-CIs - Privacy and location privacy for IoT-CIs ------------------------------------------------------------------------- Human-centric Computing and Information Sciences, Thematic Issue on Security, Trust and Privacy for Human-centric Internet of Things, (Submissions due 30 October 2018) [posted here 7/30/18] https://hcis-journal.springeropen.com/securityhciot Guest Editors: Kyung-Soo Lim (Electronics and Telecommunication Research Institute, Korea), Isaac Woungang (Ryerson University, Canada), Javier Lopez (University of Malaga, Spain), Sherali Zeadally (University of Kentucky, USA), and Damien Sauveron (XLIM (UMR CNRS 7252 / Universite de Limoges), France). The aim of this thematic series is to publish articles that cover the various developments in theory and practice related to the latest methods, solutions, and case studies in security, trust, and privacy for human-centric internet of things (IoT). Submitted articles should present research contributions that help solve the challenges that arise in developing a secure and privacy-aware human-centric IoT. This can be achieved by proposing security policies, algorithms, protocols, frameworks, and solutions for human-centric IoT ecosystems. We also welcome high-quality review articles, which focus on the analysis and integration of diverse kinds of approaches such as artificial intelligence cognitive computing, blockchain, big data mining, or soft computing in the area of human-centric IoT security. Topics of interest include but are not limited to: - Security and privacy issues in human-centric IoT - Trust management for human-centric IoT - Intrusion detection technique for human-centric IoT - Artificial intelligence for secure human-centric IoT - Cognitive computing for secure human-centric IoT - Social considerations, legal, and ethics in human-centric IoT security - Blockchain for human-centric IoT security - Cyber-attack detection and prevention systems for human-centric IoT - Biometric security in human-centric IoT - Reverse engineering for human-centric IoT - Human-centric IoT security using digital forensics investigation - Big data mining for privacy-aware human-centric IoT - Innovative deep learning approach for human-centric IoT security - Fuzzy fusion of Information, data and sensors - Advance persistent threats in human-centric IoT ------------------------------------------------------------------------- EuroSP 2019 4th IEEE European Symposium on Security and Privacy, Stockholm, Sweden, June 17-19, 2019. (Submissions due 13 November 2018) [posted here 7/9/18] https://www.ieee-security.org/TC/EuroSP2019/cfp.php The IEEE European Symposium on Security and Privacy (EuroS&P) is the European sister conference of the established IEEE S&P symposium. It is a premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in security or privacy. The emphasis is on building or attacking real systems, even better if actually deployed, rather than presenting purely theoretical results. Papers may present advances in the design, implementation, analysis, verification, or empirical evaluation and measurement of secure systems. Papers that shed new light on past results by means of sound theory or thorough experimentation are also welcome. Topics of interest include: - Access control - Accountability - Anonymity - Application security - Attacks and defenses - Authentication - Blockchain - Censorship and censorship-resistance - Cloud security - Cryptography with applied relevance to security and privacy - Distributed systems security - Embedded systems security - Forensics - Formal methods for security - Hardware security - Human aspects of security and privacy - Intrusion detection - IoT security and privacy - Language-based security - Malware - Metrics - Mobile security and privacy - Network security - Privacy-preserving systems - Protocol security - Secure information flow - Security and privacy policies - Security architectures - Security usability - System security - Web security and privacy ==================================================================== Information on the Technical Committee on Security and Privacy ==================================================================== ____________________________________________________________________ Information for Subscribers and Contributors ____________________________________________________________________ SUBSCRIPTIONS: Two options, each with two options: 1. To receive the full ascii CIPHER issues as e-mail, send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe". OR send a note to cipher-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) 2. To receive a short e-mail note announcing when a new issue of CIPHER is available for Web browsing send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe postcard". OR send a note to cipher-postcard-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) To remove yourself from the subscription list, send e-mail to cipher-admin@ieee-security.org with subject line "unsubscribe" or "unsubscribe postcard" or, if you have subscribed directly to the xmission.com mailing list, use your password (sent monthly) to unsubscribe per the instructions at http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher or http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher-postcard Those with access to hypertext browsers may prefer to read Cipher that way. It can be found at URL http://www.ieee-security.org/cipher.html CONTRIBUTIONS: to cipher @ ieee-security.org are invited. Cipher is a NEWSletter, not a bulletin board or forum. It has a fixed set of departments, defined by the Table of Contents. Please indicate in the subject line for which department your contribution is intended. Calendar and Calls-for-Papers entries should be sent to cipher-cfp @ ieee-security.org and they will be automatically included in both departments. To facilitate the semi-automated handling, please send either a text version of the CFP or a URL from which a text version can be easily obtained. For Calendar entries, please include a URL and/or e-mail address for the point-of-contact. For Calls for Papers, please submit a one paragraph summary. See this and past issues for examples. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. All reuses of Cipher material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy, publications using Cipher material should obtain permission from the contributors. ____________________________________________________________________ Recent Address Changes ____________________________________________________________________ Address changes from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/AddressChanges.html _____________________________________________________________________ How to become <> a member of the IEEE Computer Society's TC on Security and Privacy _____________________________________________________________________ You may easily join the TC on Security & Privacy (or other TCs) by completing the on-line form at IEEE at https://www.computer.org/web/tandc/technical-committees ______________________________________________________________________ TC Conference Publications Online ______________________________________________________________________ The proceedings of previous conferences are available from the Computer Society's Digital Library. IEEE Security and Privacy Symposium IEEE Computer Security Foundations IEEE Europenan Security and Privacy Symposium From 2012 onward, these are available without charge from the digital library 12 months after the conference. ____________________________________________________________________________ TC Officers and SP Steering Committee ____________________________________________________________________________ Chair: Security and Privacy Symposium Chair Emeritus: Sean Peisert Jason Li UC Davis and Intelligent Automation Lawrence Berkeley oakland18-chair@ieee-security.org National Laboratory speisert@ucdavis.edu Vice Chair: Treasurer: Ulfar Erlingsson Yong Guan Manager, Security Research 3219 Coover Hall Google Department of Electrical and Computer tcchair at ieee-security.org Engineering Iowa State University, Ames, IA 50011 (515) 294-8378 yguan (at) iastate.edu Newsletter Editor and Security and Privacy Symposium, 2019 Chair: TC Awards Chair: Gabriela Ciocarlie Hilarie Orman SRI International Purple Streak, Inc. oakland19-chair@ieee-security.org 500 S. Maple Dr. Woodland Hills, UT 84653 cipher-editor@ieee-security.org ____________________________________________________________________________ BACK ISSUES: Cipher is archived at: http://www.ieee-security.org/cipher.html Cipher is published 6 times per year