Electronic CIPHER, Issue 162, July 21, 2021 _/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/_/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/_/ _/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/ ============================================================================ Newsletter of the IEEE Computer Society's TC on Security and Privacy Electronic Issue 162 July 21, 2021 Hilarie Orman, Editor Sven Dietrich, Assoc. Editor cipher-editor @ ieee-security.org cipher-assoc-editor @ ieee-security.org Sven Dietrich Yong Guan Book Review Editor Calendar Editor cipher-bookrev @ ieee-security.org cipher-cfp @ ieee-security.org ============================================================================ The newsletter is also at http://www.ieee-security.org/cipher.html Cipher is published 6 times per year Contents: * Letter from the Editor * Commentary and Opinion and News o Sven Dietrich's review of "The Theory of Hash Functions and Random Oracles: An Approach to Modern Cryptography" by Arno Mittelbach and Marc Fischlin o News Items - Evidence is in the Eye of the Expert - No Target is Too Small for Ransomware - Follow the Blockchain, Seize the Bitcoins - Et tu, Print Spooler? - Apres Colonial Pipeline, Le Deluge - USA Suddenly Notices Ransomware - Only You Can Prevent Ransomware o Book reviews, Conference Reports and Commentary and News items from past Cipher issues are available at the Cipher website * List of Computer Security Academic Positions, by Cynthia Irvine * Conference and Workshop Announcements o Upcoming calls-for-papers and events * Staying in Touch o Information for subscribers and contributors o Recent address changes * Links for the IEEE Computer Society TC on Security and Privacy o Becoming a member of the TC o TC Officers o TC publications for sale ==================================================================== Letter from the Editor ==================================================================== Dear Readers: The IEEE Computer Society's Technical Committee on Security and Privacy (TCSP), the sponsor of this newsletter, has leapt ahead on its biennial leadership transition. Bryan Parno has moved from Vice Chair to Chair, and Gabriela Ciocarlie, last year's S&P Symposium's General Chair, moves to Vice Chair. In its 42 year history, the TCSP has managed an expanding portfolio of conferences with publication numbers that were undreamed of in the early, formative years of S&P and Computer Security Foundations. Sadly, we have learned of the death of Clark Weissman, a real pioneer of computer security. He was an influential leader in the field even before more than a handful of people recognized the depth of the problems to be solved. He was also famous as "the grand old man of folk music," for which we refer you to this Folkworks obituary: https://folkworks.org/milestone/rip-clark-weissman/ Ransomware has been the theme of the cybersecurity news in the last several weeks. The US government is taking steps to help businesses and users protect themselves, and there is some "cyber saber rattling" aimed at China and Russian "criminal gangs". The disruption caused by ransomware is immense. Even organizations that have extensive backups may find that the process of restoring everything at once is fraught with difficulties. Has anyone ever produced a fully verified backup and restore system, something that is guaranteed to go from bare machines to a fully functioning network without human intervention? Shakespeare mentioned ransom in a sonnet that ends with this enigmatic couplet: But that your trespass now becomes a fee; Mine ransoms yours, and yours must ransom me. That sounds like quantum entanglement of warring ransomware gangs! Hilarie Orman cipher-editor @ ieee-security.org ==================================================================== Commentary and Opinion ==================================================================== Book reviews from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/BookReviews.html, and conference reports are archived at http://www.ieee-security.org/Cipher/ConfReports.html ____________________________________________________________________ Book Review By Sven Dietrich 07/20/2021 ____________________________________________________________________ The Theory of Hash Functions and Random Oracles: An Approach to Modern Cryptography by Arno Mittelbach and Marc Fischlin First edition, February 2021 ISBN-13: ISBN 978-3-030-63286-1 ISBN 978-3-030-63287-8 (eBook) 798 pages Are you looking for some light summer reading in these interesting times? Why not consider some hash functions and random oracles for a little twist? Cryptocurrencies are all the rage these days, and their Proofs-of-Work and Proofs-of-Stake are built on hash functions and random oracles. In 798 pages, Arno Mittelbach and Marc Fischlin provide a great introduction to these narrow(er) topic areas of hash functions and random oracles, two fascinating areas that underlie modern cryptography and other related domains. While this book is not a self-contained cryptography book, it is an in-depth treatise on these two specific areas, giving a solid background in hash functions and at least one of the possible supporting constructs, random oracles. One should note that the hash function controversy started in 2005 with the breaking of fundamental hash function families (e.g. MD5), and eventually led to the creation of the SHA-3 'Keccak' hash function via a global and public effort, which is in use today. The book covers its titular topics well, splitting them into three major parts: Part I covers Modern Cryptography, Part II discusses Random Oracles, and Part III's grand finale explains Hash Function constructions. There are suggestions for rounding off the rough edges, namely finding textbooks that provide basic knowledge where this book does not, but that only adds to the strength of this book. Each chapter in the three parts contains Chapter Notes and References, Exercises, and a Chapter Bibliography, which allow the reader to go deeper in their discovery. The first part on Modern Cryptography provides for a quick on-ramp for just the basics. It contains six chapters (not counting the introductory one), covering everything from computability theory, one-way functions, hash functions, and pseudorandomness, and closing with non-cryptographic hash functions. The chapter list is 'Computational Security', 'Pseudorandomness and Computational Indistinguishability', 'Collision Resistance', 'Encryption Schemes', 'Signature Schemes', and 'Non-cryptographic Hashing.' The second part discusses 'The Random Oracle Methodology' in five chapters. Here the reader learns about one of the basic tools for hash function construction (and for other applications), 'The Random Oracle Model', an important construct in cryptography. The further chapters are 'The Full Power of Random Oracles' with some examples from the literature and applications to blockchain and Proof-of-Work, 'Random Oracle Schemes in Practice' including OAEP for the practitioners among us, some 'Limitations of Random Oracles' for examples applied to key exchanges, and wrapping up with the 'The Random Oracle Controversy' talking about the Random Oracle Uninstantiability. The third part covers 'Hash Function Constructions' in six chapters. Now equipped with all the necessary theoretical tools (and practical considerations), the reader learns about 'Iterated Hash Functions' including the classical Merkle-Damgard hash function construction, attacks on various hash function schemes, as well as cryptographic sponges, followed by ways of 'Constructing Compression Functions' from various primitives, the catch of 'Iterated Hash Functions in Practice' with the MD5, SHA-1, SHA-2, and SHA-3 hash functions on full display, adding a critical security application with 'Constructions of Keyed Hash Functions' (e.g. improving existing hash functions by keying), the issue of indifferentiability in 'Constructing Random Oracles - Indifferentiability', and wrapping up with Universal Computational Extractors as a way of constructing hash functions in 'Constructing Random Oracles - UCEs.' Arno Mittelbach and Marc Fischlin did a good job at producing this book with a collection of ideas on the Theory of Hash Functions and Random Oracles, focusing in-depth on these two areas enabling the student, the practitioner, and the researcher, to deepen their knowledge. The book is a great add-on for a modern cryptography course or for 'light summer reading' for those interested in learning more about these two topics. ---------------------------------------- Sven Dietrich reviews technology and security books for IEEE Cipher. He welcomes your thoughts at spock at ieee dot org ==================================================================== News Briefs ==================================================================== News briefs from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/NewsBriefs.html Evidence is in the Eye of the Expert Digital forensics experts prone to bias, study shows. Participants found more or less evidence on hard drive depending on what contextual information they had The study gave 53 digital forensics examiners from eight countries the same computer hard drive to analyse. https://www.theguardian.com/science/2021/may/31/digital-forensics-experts-prone-to-bias-study-shows Publisher: The Guardian Date: 31 May 2021 By: Linda Geddes, Science correspondent Summary: Digital forensic experts are seen frequently in TV crime dramas, and they are often laughable, dredging up detailed crime evidence from a suspect's computer in a matter of seconds. Some newspaper articles about criminal activity cause me to wonder what the standards of evidence actually are. If I once searched for an article about cyber terrorism, could the cached data be used to incriminate me months later? This article should send chills down the spine of any computer user. It states that the field of digital forensics' "rapid growth means that has not been subjected to the same scientific scrutiny as other forensic techniques." The article mentions known bias in fingerprint analysis, but similar things have been long known for almost all forms of evidence. Digital forensics may have been given a pass for far too long. --------------------------------------------------------------------------- No Target is Too Small for Ransomware Martha's Vineyard ferry disrupted by ransomware attack https://www.cnn.com/2021/06/02/business/steamship-authority-ransomware-attack/index.html Updated 1:41 PM ET, Wed Publisher: CNN Date: June 2, 2021 By: Jordan Valinsky and When Ransomware Hackers Tried to Ruin Summer on Martha's Vineyard https://nymag.com/intelligencer/2021/06/when-hackers-tried-to-ruin-summer-on-marthas-vineyard.html Publisher: New York Magazine Date: June 26, 2021 By: Jen Wieczner Summary: It's a seven mile trip to Martha's Vineyard and costs about $10 on the ferry. That business doesn't seem like a lucrative target for hackers, but nonetheless, there was an cyberextortion attempt against the Steamship Authority. The company took it in stride, after all, it wasn't as bad as a pandemic. They reverted to paper, lines were long, some people may have been late to weddings, but no ferry trips were canceled and no bitcoin moved to Eastern Europe. ---------------------------------------------------------------------------- Follow the Blockchain, Seize the Bitcoins U.S. seizes $2.3 mln in Bitcoin paid to Colonial Pipeline hackers https://www.reuters.com/business/energy/us-announce-recovery-millions-colonial-pipeline-ransomware-attack-2021-06-07/ Publisher: Reuters Date: June 7, 2021 By: Sarah N. Lynch Summary: Anonymous cash is a fickle friend, as some of the ransomware extorters who got some millions of dollars from Colonial Pipeline discovered. The US Department of Justice located the Bitcoin wallet that had $2.3M USD of the ransom, and they got a warrant to seize it. The FBI had been following the transfers of the currency since it was initially paid, and they believe that their seizure was from a member of a gang named DarkSide. ---------------------------------------------------------------------------- Et tu, Print Spooler? Microsoft issues urgent security warning: Update your PC immediately https://www.cnn.com/2021/07/07/tech/microsoft-security-update/index.html Publisher: CNN Date: July 8, 2021 By: Jordan Valinsky, CNN Business /n Summary: The 1.3 billion devices running Windows 10 should be immediately updated, says the software vendor. Even the beta testers for Windows 11 need to protect their machines with an update. Even Windows 7, for which there were to be no more updates, should get this update. Why? Because an race condition in the print spooler can be exploited to gain unlimited access to the machine. This information was accidentally released by a cybersecurity company, Sangfor, so there's no secret about the problem. Microsoft will release patches for Windows* (everything). One small step for software, one giant sinkhole for hackers. ---------------------------------------------------------------------------- Apres Colonial Pipeline, Le Deluge A New Kind of Ransomware Tsunami Hits Hundreds of Companies. An apparent supply chain attack exploited Kaseya's IT management software to encrypt a "monumental" number of victims all at once. https://www.wired.com/story/kaseya-supply-chain-ransomware-attack-msps/ Publisher: Wired Date: 07.02.2021 By: Brian Barrett Summary: There are so many reasons that outsourcing IT makes good sense, but becoming a victim of a vulnerable infrastructure isn't one of them. Many Managed Service Providers use the Kaseya VSA product ("the Coca-Cola of remote management"), and the REvil hacker group found a way to use Kaseya to launch ransomware attacks on hundreds of businesses. The attack has some resemblance to SolarWinds, details are in this analysis (as well as others: https://www.zscaler.com/blogs/security-research/kaseya-supply-chain-ransomware-attack-technical-analysis-revil-payload . ---------------------------------------------------------------------------- USA Suddenly Notices Ransomware FBI Statement on Kaseya Ransomware Attack https://www.fbi.gov/news/pressrel/press-releases/fbi-statement-on-kaseya-ransomware-attack Publisher: FBI Date: July 3, 2021 Summary: "If you feel your systems have been compromised as a result of the Kaseya ransomware incident, we encourage you to employ all recommended mitigations, follow guidance from Kaseya and the Cybersecurity and Infrastructure Security Agency (CISA) to shut down your VSA servers immediately, and report your compromise to the FBI at ic3.gov. Please include as much information as possible to assist the FBI and CISA in determining prioritization for victim outreach. Due to the potential scale of this incident, the FBI and CISA may be unable to respond to each victim individually, but all information we receive will be useful in countering this threat." ---------------------------------------------------------------------------- Only You Can Prevent Ransomware United States Government Launches First One-Stop Ransomware Resource at StopRansomware.gov https://www.dhs.gov/news/2021/07/14/united-states-government-launches-first-one-stop-ransomware-resource Publisher: US Dept of Homeland Security Release Date: July 14, 2021 Summary: "StopRansomware.gov is the first central hub consolidating ransomware resources from all federal government agencies." "DHS, DOJ, the White House, and our federal partners encourage all individuals and organizations to take the first step in protecting their cybersecurity by visiting StopRansomware.gov." That website refers to a Ransomware Guide that was released in September of 2020("https://www.cisa.gov/stopransomware/ransomware-guide"). It includes Best Practices and a Response Checklist. ---------------------------------------------------------------------------- ==================================================================== Listing of academic positions available by Cynthia Irvine ==================================================================== http://cisr.nps.edu/jobscipher.html No new listings since Cipher E161. -------------- This job listing is maintained as a service to the academic community. If you have an academic position in computer security and would like to have in it included on this page, send the following information: Institution, City, State, Position title, date position announcement closes, and URL of position description to: irvine@cs.nps.navy.mil ==================================================================== Conference and Workshop Announcements ==================================================================== ==================================================================== Upcoming Calls-For-Papers and Events ==================================================================== The complete Cipher Calls-for-Papers is located at http://www.ieee-security.org/CFP/Cipher-Call-for-Papers.html The Cipher event Calendar is at http://www.ieee-security.org/Calendar/cipher-hypercalendar.html Cipher calendar entries are announced on Twitter; follow ciphernews Requests for inclusion in the list should sent per instructions: http://www.ieee-security.org/Calendar/submitting.html ____________________________________________________________________ Cipher Event Calendar ____________________________________________________________________ DBSec 2021, 35th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy, Virtual, July 19 – 20, 2021. https://dbsec2021.ucalgary.ca IoTSPT-ML 2021, 11th International Workshop on Security, Privacy, Trust, and Machine Learning for Internet of Things, Held in conjunction with the 30th International Conference on Computer Communications and Networks (ICCCN 2021), Athens, Greece, July 22, 2021. https://sites.google.com/uw.edu/iotspt-ml2021 NDSS 2022, 31st USENIX Security Symposium, Boston, MA, USA, August 10–12, 2022. https://www.ndss-symposium.org/ndss2022/call-for-papers/ Submission dates: 21 May 2021 and 23 July 2021 ASHES 2021, 5th Workshop on Attacks and Solutions in Hardware Security, Co-located with ACM CCS 2021, Seoul, South Korea, November 19, 2021. http://ashesworkshop.org/ Submission date: 23 July 2021 CCSW 2021, ACM Cloud Computing Security Workshop, Co-located with ACM CCS 2021, Seoul, South Korea, November 14, 2021. https://ccsw.io Submission date: 26 July 2021 AsianHOST 2021, Asian Hardware Oriented Security and Trust Symposium, Pudong, Shanghai, China, December 16-18, 2021. http://asianhost.org/2021/ Submission date: 26 July 2021 CSR 2021, IEEE International Conference on Cyber Security and Resilience, Rhodes, Greece, July 26-28, 2021. https://www.ieee-csr.org/ WPES 2021, 20th Workshop on Privacy in the Electronic Society, Co-located with ACM CCS 2021, Seoul, South Korea, November 15, 2021. http://wpes2021.di.unimi.it Submission date: 27 July 2021 CSET 2021, 14th Cyber Security Experimentation and Test Workshop, Virtual, August 9, 2021. https://cset21.isi.edu/ USENIX Security 2021, 30th USENIX Security Symposium, Vancouver, B.C., Canada, August 11–13, 2021. https://www.usenix.org/conference/usenixsecurity21/call-for-papers Digital Communications and Networks, Special Issue on Privacy Preserved Learning in Distributed Communication Systems. http://www.keaipublishing.com/en/journals/digital-communications-and-networks /call-for-papers/si-on-privacy-preserved-learning-in-distributed/ Submission date: 15 August 2021 Elsevier Computers & Security, Special Issue on Managing Multi-Party, Interdependent Privacy Risks. https://www.journals.elsevier.com/computers-and-security/call-for-papers/managing-multi-party Submission date: 15 August 2021 ENS 2021, 4th International Workshop on Emerging Network Security, Held in conjunction with the 16th International Conference on Availability, Reliability and Security (ARES 2021), Vienna, Austria, August 17 – 20, 2021. http://www.ares-conference.eu CUING 2021, 5th International Workshop on Criminal Use of Information Hiding, Held in conjunction with the 16th International Conference on Availability, Reliability and Security (ARES 2021), Vienna, Austria, August 17 – 20, 2021. http://www.ares-conference.eu BASS 2021, 4th International Workshop on Behavioral Authentication for System Security, Held in conjunction with the 16th International Conference on Availability, Reliability and Security (ARES 2021), Vienna, Austria, August 17 – 20, 2021. https://www.ares-conference.eu/workshops/bass-2021/ IWCC 2021, 10th International Workshop on Cyber Crime, Held in conjunction with the 16th International Conference on Availability, Reliability and Security (ARES 2021), Vienna, Austria, August 17 – 20, 2021. https://www.ares-conference.eu/workshops/iwcc-2021/ S&P 2022 43nd IEEE Symposium on Security and Privacy, San Francisco, CA, USA, May 22-26, 2022. https://www.ieee-security.org/TC/SP2022/cfpapers.html Submission dates: 15 April 2021, 19 August 2021, and 2 December 2021 Elsevier Online Social Networks and Media, Special Issue on Information and Opinion Diffusion in Online Social Networks and Media. https://www.journals.elsevier.com/online-social-networks-and-media/call-for-papers/online-social-networks-and-media Submission date: 31 August 2021 Secure Smart World, Special Issue on Concurrency and Computation: Practice and Experience. https://onlinelibrary.wiley.com/pb-assets/assets/15320634/Secure%20Smart%20World%20SI%202.0%20-1620390879547.pdf Submission date: 1 September 2021 DependSys 2021, 7th IEEE International Conference on Dependability in Sensor, Cloud, and Big Data Systems and Applications, Haikou, China, December 17-19, 2021. http://www.ieee-cybermatics.org/2021/dependsys/ Submission date: 1 September 2021 SecureComm 2021, 17th EAI International Conference on Security and Privacy in Communication Networks, Canterbury, Great Britain, September 6 - 9, 2021. https://securecomm.eai-conferences.org/2021/ EuroSP Workshops 2021, 6th IEEE EuroS&P Symposium, Vienna, Austria, September 7-11, 2021. https://www.ieee-security.org/TC/EuroSP2021/cfw.html SEED 2021, IEEE International Symposium on Secure and Private Execution Environment Design, Virtual, September 20-21, 2021. https://seed-symposium.org/ Euro S&P 2022, 7th IEEE European Symposium on Security and Privacy, Genoa, Italy, June 6 - 10, 2022. https://www.ieee-security.org/TC/EuroSP2022/cfp.html Submission date: 22 September 2021 TrustData 2021, 12th International Workshop on Trust, Security and Privacy for Big Data, New York, NY, USA, October 1-3, 2021. http://www.spaccs.org/trustdata/trustdata2021/ ESORICS 2021, 26th European Symposium on Research in Computer Security, Darmstadt, Germany, October 4-8, 2021. https://esorics2021.athene-center.de/call-for-papers.php USENIX-Security 2022 31st USENIX Security Symposium, Boston, MA, USA, August 10–12, 2022. https://www.usenix.org/conference/usenixsecurity22/call-for-papers Submission dates: 8 June 2021, 12 October 2021, and 1 February 2022 EUROUSEC 2021, European Symposium on Usable Security, Virtual, October 11-12, 2021. https://eurousec2021.secuso.org/ WiMob 2021, 17th International Conference on Wireless and Mobile Computing, Networking and Communications, Bologna, Italy, October 11-13, 2021. http://wimob.org/wimob2021/ IFIP 11.9 Digital Forensics 2022, 18th Annual IFIP WG 11.9 International Conference on Digital Forensics, New Delhi, India, January 3-5, 2022. http://www.ifip119.org/Conferences/WG11-9-CFP-2022.pdf Submission date: 15 October 2021 CyberSciTech 2021, 6th IEEE Cyber Science and Technology Congress, Calgary, Canada, October 25-28, 2021. http://cyber-science.org/2021/ VizSec 2021, 18th IEEE Symposium on Visualization for Cyber Security, Virtual, October 27, 2021. https://vizsec.org/vizsec2021/ International Journal of Ad Hoc and Ubiquitous Computing, Special Issue on Recent Advances in Wearable Devices for Emerging Expert Systems. https://www.researchgate.net/publication/350387566_CFP_International_Journal_of_Ad_Hoc_and_Ubiquitous_Computing_Special_Issue_on_Recent_Advances_in _Wearable_Devices_for_Emerging_Expert_Systems Submission date: 30 October 2021 ACM-CCS 2021, 28th ACM Conference on Computer and Communications Security, Seoul, South Korea, November 14-19, 2021. https://www.sigsac.org/ccs/CCS2021/ ASHES 2021, 5th Workshop on Attacks and Solutions in Hardware Security, Co-located with ACM CCS 2021 Seoul, South Korea, November 19, 2021. http://wpes2021.di.unimi.it S&P 2022, 43nd IEEE Symposium on Security and Privacy, San Francisco, CA, USA, May 22-26, 2022. https://www.ieee-security.org/TC/SP2022/cfpapers.html Submission dates: 15 April 2021, 19 August 2021, and 2 December 2021 HOST 2021, IEEE International Symposium on Hardware Oriented Security and Trust, Washington DC, USA, December 5-8, 2021. http://www.hostsymposium.org/host2021/ USENIX-Security 2022, 31st USENIX Security Symposium, Boston, MA, USA, August 10–12, 2022. https://www.usenix.org/conference/usenixsecurity22/call-for-papers Submission dates: 8 June 2021, 12 October 2021, and 1 February 2022 ==================================================================== Information on the Technical Committee on Security and Privacy ==================================================================== ____________________________________________________________________ Information for Subscribers and Contributors ____________________________________________________________________ SUBSCRIPTIONS: Two options, each with two options: 1. To receive the full ascii CIPHER issues as e-mail, send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe". OR send a note to cipher-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) 2. To receive a short e-mail note announcing when a new issue of CIPHER is available for Web browsing send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe postcard". OR send a note to cipher-postcard-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) To remove yourself from the subscription list, send e-mail to cipher-admin@ieee-security.org with subject line "unsubscribe" or "unsubscribe postcard" or, if you have subscribed directly to the xmission.com mailing list, use your password (sent monthly) to unsubscribe per the instructions at http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher or http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher-postcard Those with access to hypertext browsers may prefer to read Cipher that way. It can be found at URL http://www.ieee-security.org/cipher.html CONTRIBUTIONS: to cipher @ ieee-security.org are invited. Cipher is a NEWSletter, not a bulletin board or forum. It has a fixed set of departments, defined by the Table of Contents. Please indicate in the subject line for which department your contribution is intended. Calendar and Calls-for-Papers entries should be sent to cipher-cfp @ ieee-security.org and they will be automatically included in both departments. To facilitate the semi-automated handling, please send either a text version of the CFP or a URL from which a text version can be easily obtained. For Calendar entries, please include a URL and/or e-mail address for the point-of-contact. For Calls for Papers, please submit a one paragraph summary. See this and past issues for examples. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. All reuses of Cipher material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy, publications using Cipher material should obtain permission from the contributors. ____________________________________________________________________ Recent Address Changes ____________________________________________________________________ Address changes from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/AddressChanges.html _____________________________________________________________________ How to become <> a member of the IEEE Computer Society's TC on Security and Privacy _____________________________________________________________________ You may easily join the TC on Security & Privacy (or other TCs) by completing the on-line form at IEEE at https://www.computer.org/web/tandc/technical-committees ______________________________________________________________________ TC Conference Publications Online ______________________________________________________________________ The proceedings of previous conferences are available from the Computer Society's Digital Library. IEEE Security and Privacy Symposium IEEE Computer Security Foundations IEEE Europenan Security and Privacy Symposium From 2012 onward, these are available without charge from the digital library 12 months after the conference. ____________________________________________________________________________ TC Officers ____________________________________________________________________________ Chair: Security and Privacy Symposium Chair Emeritus: Brian Parno Alvaro Cardenas Associate Professor Associate Professor Carnegie Mellon University University of California, Santa Cruz tcchair at ieee-security.org sp21-chair@ieee-security.org Vice Chair: Treasurer: Gabriela Ciocarlie Yong Guan Elpha Secure Professor tcchair at ieee-security.org Department of Electrical and Computer Engineering Iowa State University, Ames, IA 50011 treasurer@ieee-security.org Newsletter Editor Security and Privacy Symposium, 2022 Chair: Hilarie Orman Rakesh Bobba Purple Streak, Inc. Associate Professor 500 S. Maple Dr. Oregon State University Woodland Hills, UT 84653 https://eecs.oregonstate.edu/ cipher-editor@ieee-security.org people/bobba-rakesh TC Awards Chair Tegan Brennan Assistant Professor Stevens Institute of Technology tbrenna5 at stevens.edu ____________________________________________________________________________ BACK ISSUES: Cipher is archived at: http://www.ieee-security.org/cipher.html Cipher is published 6 times per year