_/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/_/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/_/ _/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/ ============================================================================ Newsletter of the IEEE Computer Society's TC on Security and Privacy Electronic Issue 166 March 21, 2022 Hilarie Orman, Editor Sven Dietrich, Assoc. Editor cipher-editor @ ieee-security.org cipher-assoc-editor @ ieee-security.org Sven Dietrich Yong Guan Book Review Editor Calendar Editor cipher-bookrev @ ieee-security.org cipher-cfp @ ieee-security.org ============================================================================ The newsletter is also at http://www.ieee-security.org/cipher.html Cipher is published 6 times per year Contents: * Letter from the Editor * Commentary and Opinion and News o Sven Dietrich's review of the book "Crypto Dictionary: 500 Tasty Tidbits for the Curious Cryptographer" by Jean-Philippe Aumasson o News headlines - What 2021 paper did most to advance the science of cybersecurity? (and how to vote!) - Two squares walk into a bar, what's the difference? - Cyber Security, It Takes an Advisory Board - Taming the Internet Will Lead to Prosperity and Happiness - Routers and Botnets and Passwords, Oh My! - Toss It Out! - Your Crypto Coin Will Tell on You - Bitcoin: Built to Fail - Where is the Cyber War? - "Traditional War" Trumps "Cyber War?" - "Mercenaries" in Cyber War Score Victories - White House Warning, Russian Cyber Attacks May Start - Insider Perfidy to be Prosecuted o Book reviews, Conference Reports and Commentary and News items from past Cipher issues are available at the Cipher website * Conference and Workshop Announcements o Upcoming calls-for-papers and events * List of Computer Security Academic Positions, by Cynthia Irvine * Staying in Touch o Information for subscribers and contributors o Recent address changes * Links for the IEEE Computer Society TC on Security and Privacy o Becoming a member of the TC o TC Officers o TC publications for sale ==================================================================== Letter from the Editor ==================================================================== Dear Readers: Once a year the security research community has a chance to weigh in what research has been most influential by nominating a paper for NSA's award. Take a moment to look at our news section and read about the award process and how you can vote. The academic security world will be able to meet and greet in person once again when the Security and Privacy conference is held in San Francisco, May 22-26 (COVID permitting). Registration for the event opens imminently, and hotel registration is already available through the conference website at ieee-security.org. The scope of the research as evidenced in the current list of accepted papers is mind-boggling: DoS vulnerabilities, crypto mining detection, rowhammer, phishing, taint analysis, ... there won't be a dull moment in this conference. The Ukraine war was preceded by predictions of intense cyberwarfare, but little has emerged on this front except for some successes claimed by an NGO with respect to hacking Russian websites and perhaps interfering with TV broadcasts. We do not know the extent of cyberops in the military sphere, but given that this is a "modern" war, there must be automated systems and computer communication and real-time intelligence communication. What is the balance of smart to brutal in this conflict? Will lessons learned be the foundation for future hybrid warfare? What woes does this portend? Besides the few articles about war, there are some interesting stories of current relevance for our news rundown, including a white paper from the US government's National Cyber Director about making computers and the Internet "absolutely safe" by developing processes similar to those of the FDA and NTSB. We also note some interesting discussions of how virtual currency loses some of its useful attributes when it comes up against the real world. Pi Day happened recently, and it was a pleasant distraction from other stresses. I cannot see any reasonable tie-in to computer security, but others do (see https://sec-consult.com/blog/detail/happy-pi-day/). Pi Day is such a universal, modern, and inclusive holiday, how about having an entire Pi Week? Starting on Pi Day, (3.14), the Seven Pi Society proposes to extend Pi Day to the fifteenth (3.1415, the Ides), and then Pi+.02 Day (3/16, National Artichoke Day), and then we can encompass St. Pi-Tricks Day on the 17th (though we also favor just naming it after the Irish mathematician W. R. Hamilton). That's 4 days of Pi, so let's just keep going until the full Pi Week is concluded at sundown on 3.20, just before the equinox. We also call this Pie Week for the mathematical gourmands of the world. Happy Non-Algebraic Number Month, Hilarie Orman cipher-editor @ ieee-security.org ==================================================================== Commentary and Opinion ==================================================================== Book reviews from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/BookReviews.html, and conference reports are archived at http://www.ieee-security.org/Cipher/ConfReports.html ____________________________________________________________________ Book Review By Sven Dietrich Mar 19, 2022 Crypto Dictionary: 500 Tasty Tidbits for the Curious Cryptographer by Jean-Philippe Aumasson ____________________________________________________________________ No Starch Press, 2021 ISBN ISBN: 978-1-7185-0140-9 (hardcopy, also ebook/Mobi/PDF), 160 pages In these complicated times, we welcome simple things in our lives. Faced with Orwellian challenges in a war of words and imagery, we find that having a good arsenal of concepts and definitions is indeed welcome, especially in hardcopy form that maintains information integrity and that can't be redefined or rewritten without consent. So, on a lighter note, the aid to quick lookup of terms from A5/0 to ZRTP, convieniently packaged in book form, is a handy tool. Jean-Philippe "JP" Aumasson, the author of "Crypto Dictionary" has also authored the book "Serious Cryptography" with the same publisher. So the author is well versed to come up with a Cliff Notes style version for cryptography in only 160 pages. The format of the book feels like an old-school phonebook: the hardcopy I had for review had the black semi-circle tabs imprinted on the edge of the pages, so that you can quickly find references from A to Z by flipping through the pages and "zooming in" on the ones with that starting letter. In case that isn't sufficient, there is an index of terms at the end of the book (aka "criss-cross directory"). Each term is explained in a paragraph or two, from classical cryptography terms such as "Feedback Shift Register" to more recent terms from blockchain such as "Proof of Burn." Interspersed with the itemized explanations, you will find larger text boxes expanding on the topic (for example, innovations of RSA) that is explained on that open double page. Over the course of 160 pages, the author touches on many (most, perhaps not all, as per the author's own admission) important terms and concepts in classical cryptography, and also in blockchain and post-quantum cryptography (for those worried about the looming cryptoapocalypse). The book feels a bit like reading a more advanced cookbook, where in a particular (and short) recipe the chef will assume you know what a Bavarois is (hint: it's a Bavarian cream) and not delve deeply into how to make one. Similarly here, there are certain assumptions made by the author as to the ability of the reader to understand contextual references. For example, there will be a reference to "Eurocrypt 1990" in the paragraph about a particular concept, but no further detail on what that means (it's the annual European crypto conference sponsored by the International Association for Cryptologic Research (IACR), of course). The author doesn't always take himself too seriously, as there is the occasional poking of fun to be found in here, if only at the international standards organizations such as ISO (just look up "ISO Standard" and you will find a tongue-in-cheek comment). While there is a companion website at the publisher (http://nostarch.com/crypto-dictionary) with the overview of the book and a list of reviews, there isn't much of a bibliography with a list of academic references for the concepts presented, seminal or otherwise. The reader needs some familiarity with the field (or with online search engines) to look further for deeper explanations, when needed. This book will sit on my book shelf, to be taken out on random occasions: you never know what you will find while you are looking for some other term in cryptography, a "Denkanstoss" as we would call it in German. To bring it back to the earlier reference, this book is definitely food for thought. ------------------------------------------ Sven Dietrich reviews technology and security books for IEEE Cipher. He welcomes your thoughts at spock at ieee dot org ==================================================================== News Briefs ==================================================================== News briefs from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/NewsBriefs.html ---------------------------------------------------------------------- What 2021 paper did most to advance the science of cybersecurity? (Contributed by Carl Landwehr) Nominations for NSA's annual Best Science of Cybersecurity paper award are open. Were there any papers published in 2021 that you think were especially good, in the sense that they advanced the foundations of cybersecurity and/or exemplified excellence in scientific study in this multidisciplinary field? Last year's winning paper was "On One-way Functions and Kolmogorov Complexity" (see href=https://arxiv.org/pdf/2009.11514.pdf) by Yanyi Liu from Cornell University and Rafael Pass from Cornell Tech, published in the 2020 IEEE Symposium on Foundations of Computer Science (FOCS) (talk presenting the paper is available at https://youtu.be/jFZvm7rLPew?list=PL3DbynX8gwfImoDqvkpDsR9A0ZBILhNh6). "Retrofitting Fine Grain Isolation in the Firefox Renderer" by Shravan Narayan, Craig Disselhoen, Tal Garfinkel, Nathan Froyd, Sorin Lerner Hovav Shacham and Deian Stefan, published in USENIX Security 2020, received an Honorable Mention award (see https://www.usenix.org/conference/usenixsecurity20/presentation/naraya). To help you remember what's been published in the past year, a table providing links to many of the relevant conferences and journals is available here: https://cps-vo.org/sos/papercompetition/sources-2021 Please take a few moments to honor a paper by nominating it for NSA's Best Science of Cybersecurity paper competition, which is described here: https://cps-vo.org/group/sos/papercompetition. Submit your nomination here: https://cps-vo.org/group/sos/papercompetition/submit>https://cps-vo.org/group/sos/papercompetition/submit. Nominations close 15 April 2022. ---------------------------------------------------------------------- - Cyber Security, It Takes an Advisory Board The Cyber Social Contract How to Rebuild Trust in a Digital World https://www.foreignaffairs.com/articles/united-states/2022-02-21/cyber-social-contract Publisher: Foreign Affairs Date: February 21, 2022 By Chris Inglis and Harry Krejsa Summary: [Ed. This article is behind a paywall, but the magazine will send a one-time free link to an email address. Subsequent "unsubscribe" may be desirable.] Chris Inglis is the National Cyber Director of the Office of National Cyber Defense. His thoughts on digital safety are interesting. This article makes the points that cybersecurity is really important, just like safe food and drugs and transportation, so there should be a way for government and industry to work together to assure that the digital world is safe, and this is the key to a bright future. Sounds like a compelling argument. All that stands in the way are some "important adjustments", the like of which we've seen before (i.e., precedented). Despite this optimistic beginning, the authors go on to talk about solutions that require "unprecedented" achievements in planning and cooperation. The first step along this difficult path seems to be the establishment of an advisory body, the Cyber Safety Review Board (one of the authors, Inglis, is a member of the board). https://www.cisa.gov/cyber-safety-review-board Time will tell if they can even begin to develop a "new social contract for cyberspace-based around investments in resilience, new forms of information sharing, and public-private collaboration ..." remains to be seen. The public's input on what is good seems left out of the authors' vision. Privacy advocates may be surprised to learn that "Individuals' personal data is ... the lifeblood of the digital economy ...". If that is the kind of government-industry sharing that the authors envision in our bright future, then there might be some obstacles raised. However, the authors go on to envision "an absolutely secure digital world" where "a comprehensive privacy regime becomes more practical." Computer security experts might wonder if the US government could lead the country "absolute security." --------------------------------- - Taming the Internet Will Lead to Prosperity and Happiness What Feds, Big Companies Can Do to Change Cyber Landscape In a recent opinion article, National Cyber Director Chris Inglis called for private companies and federal government to assume more responsibility for creating a secure cyber space. https://www.govtech.com/security/what-feds-big-companies-can-do-to-change-cyber-landscape Publisher: Gov Tech Date: February 25, 2022 By: News Staff Summary: This is a good summary of the Foreign Affairs article mentioned above. It particularly delineates the argument that online safety will foster innovation and commerce while protecting the US from foreign cyberattacks. ---------------------------------------------------------------------------- - Routers and Botnets and Passwords, Oh My! https://www.zdnet.com/article/microsoft-heres-how-this-notorious-botnet-used-hacked-routers-for-stealthy-communication/ Microsoft: Here's how this notorious botnet used hacked routers for stealthy communication Change your router's default password and make it a strong one, warns Microsoft. Publisher: Zero Day Date: March 17, 2022 By: Liam Tung, Contributor and ?GOT SSH? - Trickbot is using MikroTik routers to ply its trade. Now we know why Something special makes MikroTik attractive to the Internet's most aggressive botnet. https://arstechnica.com/information-technology/2022/03/trickbot-is-using-mikrotik-routers-to-ply-its-trade-now-we-know-why/ Publisher: ars technica Date: 3/17/2022 By: Dan Goodin Summary: Trickbot is a notorious botnet that has been used for stealing bank credentials and distributing ransomware. It dates back to 2016 and has been stubbornly resistant to take downs of its command and control infrastructure. Its persistence was partly due to its occupation of MikroTik routers. These routers are made in Latvia and use an open source Linux-based OS. Lots of people have routers in their home, but few people have any idea what they do. Usually any problem can be solved by a power reset. But sometimes the router is the place where malware lives, carrying out attacks across the Internet while carrying out the relatively minor task of moving network packets across a boundary between a home or enterprise and the Internet service. Microsoft has been working to remove the servers that direct the botnet activities and has finally unraveled exactly how the routers were subverted and how they hid their traffic. Uncovering Trickbot's use of IoT devices in command-and-control infrastructure, March 16, 2022, Microsoft Defender for IoT Research Team, Microsoft Threat Intelligence Center (MSTIC) https://www.microsoft.com/security/blog/2022/03/16/uncovering-trickbots-use-of-iot-devices-in-command-and-control-infrastructure/ "This continuous evolution has seen Trickbot expand its reach from computers to Internet of Things (IoT) devices such as routers, with the malware updating its C2 infrastructure to utilize MikroTik devices and modules. MikroTik routers are widely used around the world across different industries. By using MikroTik routers as proxy servers for its C2 servers and redirecting the traffic through non-standard ports, Trickbot adds another persistence layer that helps malicious IPs evade detection by standard security systems." -------------------- - Toss It Out! Russian Cyclops Blink botnet launches assault against Asus routers The only option available might be a return to factory settings for infected routers. https://www.zdnet.com/article/cyclops-blink-botnet-launches-assault-against-asus-routers/ Publisher: Zero Day Date: March 17, 2022 By: Charlie Osborne, Contributor Summary: There is a new botnet called "Cyclops Blink" that is attributed to a state-sponsored Russian hacking group. It resides in Asus routers and can achieve persistence over factory resets. "This week, cybersecurity researchers from Trend Micro said that while the malware is "state-sponsored", it does not appear to be inactive use against targets that would have Russia's state interests at heart." This announcement showed that the US is aware of the threat: Cybersecurity and Infrastructure Security Agency CISA, Alert (AA22-054A) New Sandworm Malware Cyclops Blink Replaces VPNFilter https://www.cisa.gov/uscert/ncas/alerts/aa22-054a "The NCSC, CISA, the FBI, and NSA, along with industry partners, have now identified a large-scale modular malware framework (T1129) which is targeting network devices. The new malware is referred to here as Cyclops Blink and has been deployed since at least June 2019, fourteen months after VPNFilter was disrupted. In common with VPNFilter, Cyclops Blink deployment also appears indiscriminate and widespread." Asus said that it was investigating the problem. Meanwhile Trend Micro recommends that suspect devices be taken out of service. ---------------------------------------------------------------------------- - Your Crypto Coin Will Tell on You Inadequate OpSec https://blog.dshr.org/2022/02/inadequate-opsec.html#more Publisher: DSHR's Blog Date: February 17, 2022 By: David Rosenthal Summary: The perfect crime must include some tangible benefit to the perpetrator. Moving ill-gotten gains to The Real World turned out to be the undoing of two crypto thieves. Ilya Lichtenstein and Heather Morgan are charged with the theft of over 100K BTC from the BitFinex exchange in 2016. Some recent news stories have focused on how they were ultimately tripped up by buying a $500 Walmart gift card. This ignores the painstaking investigation that preceded their arrests. This article goes over the FBI report on the facts of their investigation and explains the underlying technology. It's a fascinating story and underscores the sophistication that law enforcement has developed in the digital sphere. --------------------------- Facts of the Investigation from the arrest warrant https://www.justice.gov/opa/press-release/file/1470186/download Publisher: Dept of Justice Date: 2/20/22 Summary: STATEMENT OF FACTS: 1.Your affiant, Christopher Janczewski, is a Special Agent assigned to the Internal Revenue Service, Criminal Investigation (IRS-CI). As a Special Agent, my responsibilities include the investigation of criminal violations of the Internal Revenue Code (Title 26, United States Code), the Money Laundering Control Act (Title 18, United States Code, Sections 1956 and 1957), the Bank Secrecy Act (including relevant parts of Title 31, United States Code), and related offenses. ... ---------------------------------------------------------------------------- - Bitcoin: Built to Fail Can We Mitigate the Externalities of Cryptocurrencies? https://blog.dshr.org/2022/02/talk-for-bace-cybersecurity-institute.html Publisher: DSHR's Blog Date: February 16, 2022 By: David Rosenthal Summary: Rosenthal's observations on crypto currency are incisive. He points out that the entire purpose of a blockchain is to make the cost of a Sybil attack greater than the reward, and this results in a dependence on "externalities" (i.e., real world resources) that is unsustainable. Two quotes illustrate his pithy expression of the clash between the ideals of crypto currencies and their realities: "Cryptocurrencies' roots lie deep in the libertarian culture of Silicon Valley and the cypherpunks. Libertarianism's attraction is based on ignoring externalities, and cryptocurrencies are no exception." "Thus a permissionless blockchain requires a cryptocurrency to function, and this cryptocurrency requires speculation to function." Watch the Stanford Seminar Lecture, Feb. 9, 2022 https://www.youtube.com/watch?v=twrduL8aNGE ---------------------- - Crypto Currencies Defeat Themselves Comprehensive synthesis of the technological, ecological and political critique of blockchainism https://pluralistic.net/2022/02/14/externalities/#dshr Publisher: Pluralistic Date: 13 Feb 2022 By: Cory Doctorow Summary: Doctorow's commentary on Rosenthal adds even more clarity to the discussion of how proof-of-work fails to achieve the goals of libertarianism. ---------------------------------------------------------------------------- - Where is the Cyber War? "Catastrophic" cyberwar between Ukraine and Russia hasn't happened (yet), experts say https://www.theguardian.com/technology/2022/mar/09/catastrophic-cyber-war-ukraine-russia-hasnt-happened-yet-experts-say Experts says both sides may understand that large-scale cyber-attacks will result in "mutually assured destruction of systems" Publisher: The Guardian Date: Wed 9 Mar 2022 By: Kari Paul Summary: Russia has a recent history of successes in cyber attacks, particularly against Ukraine in 2015 and 2017. This led to an expectation that the current assault would begin with similar but more destructive cyber attacks. Yet, it has not happened. Experts seem to differ on the reasons. Perhaps there is better infrastructure protection, perhaps Russia fears massive retaliation, maybe leaving a compromised communicaitons infrastructure in place is better than destruction, or perhaps such attacks are yet to come. ---------------------- - "Traditional War" Trumps "Cyber War?" Inside the Russian cyber war on Ukraine that never was Many experts believed a Russian invasion of Ukraine would start with significant cyber warfare operations. They never materialized. https://taskandpurpose.com/news/russia-cyber-attack-ukraine/ Publisher: Task and Purpose Date: Mar 10, 2022 By Max Hauptman Summary: Some military observers are surprised at Russia's lack of planning for cyber warfare. Although some website harassment against Ukraine occurred, there was no concerted effort to penetrate and disrupt networks. The speculation about this includes the idea that the physical dominance of the Russian military was expected to be sufficient for a quick victory. Kenneth Geers, a senior fellow at the Atlantic Council and the NATO Cyber Centre ambassador with 20 years of experience with the U.S. Army, the National Security Agency and NATO notes "And at this point, anything cyber-related can't approach the horror and the immediate goals of the war the way bombs and rockets can." ---------------------- - "Mercenaries" in Cyber War Score Victories Anonymous has unleashed a successful cyber war to undermine Putin's Ukraine invasion https://fortune.com/2022/03/18/anonymous-cyberwar-on-putins-ukraine-invasion/ Publisher: Fortune Date: March 18, 2022 By: Carmela Chirinos Summary: If nations have avoided waging cyber war, "hacktivist collectives" haven't. The group "Anonymous" has credible claims to have wrecked havoc on a large variety Russian infrastructure that uses the Internet. Of particular note is their ability to put anti-war messages onto various public TV screens in Russia and to interfere with state-controlled information media. ---------------------- - White House Warning, Russian Cyber Attacks May Start White House warns of 'evolving intelligence' suggesting Russia could conduct cyber attacks against the United States https://www.cnn.com/2022/03/21/politics/biden-russia-cyber-activity/index.html Publisher: CNN Date: March 21, 2022 By: Maegan Vazquez, Donald Judd and Sean Lyngaas Summary: Unspecified intelligence has led the White House to warn US businesses to gird themselves for Russian cyberattacks in the near future. The warning from the deputy national security advisor seemed directed at critical infrastructure providers. The article notes that on February 24 satellite communications provided by the US company Viastate were interrupted, resulting in tens of thousands of European customers being cut off from the Internet. ---------------------------------------------------------------------------- - Insider Perfidy to be Prosecuted Colorado clerk and deputy are indicted for election tampering and misconduct https://www.npr.org/2022/03/09/1085452644/colorado-clerk-indicted-on-13-counts-of-election-tampering-and-misconduct The pair is accused of helping an unauthorized person make copies of sensitive voting-machine hard drives and attend an annual software update. Information from the machines and secure passwords were later shared with election conspiracy theorists online. Publisher: Heard on All Things Considered Date: Updated March 9, 2022 By: Bente Birkeland and Megan Verlee Summary: Last year sensitive information about voting machine credentials were somehow leaked (see Cipher News for September 2021, "FBI joins investigation into QAnon-affiliated leak of voting machine logins in yColorado"). What was unclear at the time was whether the leak had been created by outside hacking or insider treachery. Based on the result of the FBI investigation and the recent indictment, the answer seems to be the latter. ==================================================================== Listing of academic positions available by Cynthia Irvine ==================================================================== http://cisr.nps.edu/jobscipher.html -------------- This job listing is maintained as a service to the academic community. If you have an academic position in computer security and would like to have in it included on this page, send the following information: Institution, City, State, Position title, date position announcement closes, and URL of position description to: irvine@cs.nps.navy.mil ==================================================================== Conference and Workshop Announcements ==================================================================== The complete Cipher Calls-for-Papers is located at http://www.ieee-security.org/CFP/Cipher-Call-for-Papers.html The Cipher event Calendar is at http://www.ieee-security.org/Calendar/cipher-hypercalendar.html Cipher calendar entries are announced on Twitter; follow ciphernews Requests for inclusion in the list should sent per instructions: http://www.ieee-security.org/Calendar/submitting.html Cloud S&P 2022 4th Workshop on Cloud Security and Privacy, Rome, Italy, June 20-23, 2022. https://cloudsp2022.encs.concordia.ca/ Submission date: 21 March 2022 DFRWS EU 2022, Online and Physical (Location TBC), March 28-31, 2022. https://dfrws.org/conferences/dfrws-eu-2022/ SP 2023 44th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, May 22-26, 2023. https://www.ieee-security.org/TC/SP2023/cfpapers.html Submission dates: 1 April 2022, 19 August 2022, and 2 December 2022 SERVICES 2022 2022 IEEE World Congress on Services, Barcelona, Spain, July 10-16, 2022. https://conferences.computer.org/services/2022/cfp/ Submission date: 1 April 2022 SecureComm 2022 18th EAI International Conference on Security and Privacy in Communication Networks, Kansas City, USA, October 17-19, 2022. https://securecomm.eai-conferences.org/2022/ Submission date: 3 April 2022 NSA's best paper award https://cps-vo.org/group/sos/papercompetition Deadline for voting: 4/15/22 SSS 2022 24th International Symposium on Stabilization, Safety, and Security of Distributed Systems, Clermont-Ferrand, France, November 15-17, 2022. https://sss2022.limos.fr/ Submission dates: 15 April 2022 and 5 August 2022 CSR 2022 IEEE International Conference on Cyber Security and Resilience, Virtual Conference, July 27-29, 2022. https://www.ieee-csr.org/ Submission date: 22 April 2022 SCN 2022 13th Conference on Security and Cryptography for Networks, Amalfi, Italy, September 12-14, 2022. https://scn.unisa.it/ Submission date: 24 April 2022 CODASPY 2022 12th ACM Conference on Data and Application Security and Privacy, Baltimore-Washington, DC area, USA, April 24-26, 2022. http://www.codaspy.org/2022/ ACM CCS 2022, Los Angeles, U.S.A, November 7-11, 2022. https://sigsac.org/ccs/CCS2022/call-for-papers.html Submission date: 14 January 2022 and 2 May 2022 CUING 2022 International Workshop on Criminal Use of Information Hiding, Held in conjunction with the 17th International Conference on Availability, Reliability and Security (ARES 2022), Vienna, Austria, August 23-26, 2022. https://www.ares-conference.eu/workshops/cuing-2022/ Submission date: 15 May 2022 PAKDD 2022 26th Pacific-Asia Conference on Knowledge Discovery and Data Mining, Chengdu, China, May 16-19, 2022. http://pakdd.net/ ACM WiSec 2022 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks, San Antonio, Texas, USA, May 16-19, 2022. https://wisec2022.cs.utsa.edu/ SP 2022 43rd IEEE Symposium on Security and Privacy, San Francisco, CA, USA, May 22-26, 2022. https://www.ieee-security.org/TC/SP2022/cfpapers.html FHE 2022 1st Annual FHE.org Conference on Fully Homomorphic Encryption, Held in conjunction with EUROCRYPT 2022, Trondheim, Norway, May 29, 2022. https://fhe.org/conference/fhe-org-conference-2022-call-for-presentations ISPEC 2022 International Conference on Information Security Practice and Experience, Taipei, Taiwan, November 23-25, 2022. https://ispec2022.ndhu.edu.tw/ Submission date: 31 May 2022 Euro S&P 2022 7th IEEE European Symposium on Security and Privacy, Genoa, Italy, June 6 - 10, 2022. https://www.ieee-security.org/TC/EuroSP2022/cfp.html Euro S&P Workshops 2022 7th IEEE European Symposium on Security and Privacy, Genoa, Italy, June 6 - 10, 2022. https://www.ieee-security.org/TC/EuroSP2022/cfw.html SERVICES 2022 2022 IEEE World Congress on Services, Barcelona, Spain, July 10-16, 2022. https://conferences.computer.org/services/2022/cfp/ PODC 2022 41st ACM Symposium on Principles of Distributed Computing, Salerno, Italy, July 25-29, 2022. https://www.podc.org CSR 2022 IEEE International Conference on Cyber Security and Resilience, Virtual Conference, July 27-29, 2022. https://www.ieee-csr.org/ USENIX-Security 2022 31st USENIX Security Symposium, Boston, MA, USA, August 10-12, 2022. https://www.usenix.org/conference/usenixsecurity22/call-for-papers SP 2023 44th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, May 22-26, 2023. https://www.ieee-security.org/TC/SP2023/cfpapers.html Submission dates: 19 August 2022, and 2 December 2022 ASIGCOMM 2022, Amsterdam, the Netherlands, August 22-26, 2022. https://conferences.sigcomm.org/sigcomm/2022/ CUING 2022 International Workshop on Criminal Use of Information Hiding, Held in conjunction with the 17th International Conference on Availability, Reliability and Security (ARES 2022), Vienna, Austria, August 23-26, 2022. https://www.ares-conference.eu/workshops/cuing-2022/ SCN 2022 13th Conference on Security and Cryptography for Networks, Amalfi, Italy, September 12-14, 2022. https://scn.unisa.it/ SecureComm 2022 18th EAI International Conference on Security and Privacy in Communication Networks, Kansas City, USA, October 17-19, 2022. https://securecomm.eai-conferences.org/2022/ ACM CCS 2022, Los Angeles, U.S.A, November 7-11, 2022. https://sigsac.org/ccs/CCS2022/call-for-papers.html SSS 2022 24th International Symposium on Stabilization, Safety, and Security of Distributed Systems, Clermont-Ferrand, France, November 15-17, 2022. https://sss2022.limos.fr/ ISPEC 2022 International Conference on Information Security Practice and Experience, Taipei, Taiwan, November 23-25, 2022. https://ispec2022.ndhu.edu.tw/ SP 2023 44th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, May 22-26, 2023. https://www.ieee-security.org/TC/SP2023/cfpapers.html Submission date: 2 December 2022 SP 2023 44th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, May 22-26, 2023. https://www.ieee-security.org/TC/SP2023/cfpapers.html ==================================================================== Information on the Technical Committee on Security and Privacy ==================================================================== ____________________________________________________________________ Information for Subscribers and Contributors ____________________________________________________________________ SUBSCRIPTIONS: Two options, each with two options: 1. To receive the full ascii CIPHER issues as e-mail, send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe". OR send a note to cipher-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) 2. To receive a short e-mail note announcing when a new issue of CIPHER is available for Web browsing send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe postcard". OR send a note to cipher-postcard-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) To remove yourself from the subscription list, send e-mail to cipher-admin@ieee-security.org with subject line "unsubscribe" or "unsubscribe postcard" or, if you have subscribed directly to the xmission.com mailing list, use your password (sent monthly) to unsubscribe per the instructions at http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher or http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher-postcard Those with access to hypertext browsers may prefer to read Cipher that way. It can be found at URL http://www.ieee-security.org/cipher.html CONTRIBUTIONS: to cipher @ ieee-security.org are invited. Cipher is a NEWSletter, not a bulletin board or forum. It has a fixed set of departments, defined by the Table of Contents. Please indicate in the subject line for which department your contribution is intended. Calendar and Calls-for-Papers entries should be sent to cipher-cfp @ ieee-security.org and they will be automatically included in both departments. To facilitate the semi-automated handling, please send either a text version of the CFP or a URL from which a text version can be easily obtained. For Calendar entries, please include a URL and/or e-mail address for the point-of-contact. For Calls for Papers, please submit a one paragraph summary. See this and past issues for examples. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. All reuses of Cipher material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy, publications using Cipher material should obtain permission from the contributors. ____________________________________________________________________ Recent Address Changes ____________________________________________________________________ Address changes from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/AddressChanges.html _____________________________________________________________________ How to become <> a member of the IEEE Computer Society's TC on Security and Privacy _____________________________________________________________________ You may easily join the TC on Security & Privacy (or other TCs) by completing the on-line form at IEEE at https://www.computer.org/web/tandc/technical-committees ______________________________________________________________________ TC Conference Publications Online ______________________________________________________________________ The proceedings of previous conferences are available from the Computer Society's Digital Library. IEEE Security and Privacy Symposium IEEE Computer Security Foundations IEEE European Security and Privacy Symposium From 2012 onward, these are available without charge from the digital library 12 months after the conference. ____________________________________________________________________________ TC Officers ____________________________________________________________________________ Chair: Security and Privacy Symposium Chair Emeritus: Brian Parno Alvaro Cardenas Associate Professor Associate Professor Carnegie Mellon University University of California, Santa Cruz tcchair at ieee-security.org sp21-chair@ieee-security.org Vice Chair: Treasurer: Gabriela Ciocarlie Yong Guan Elpha Secure Professor tcchair at ieee-security.org Department of Electrical and Computer Engineering Iowa State University, Ames, IA 50011 treasurer@ieee-security.org Newsletter Editor: Security and Privacy Symposium, 2022 Chair: Hilarie Orman Rakesh Bobba Purple Streak, Inc. Associate Professor 500 S. Maple Dr. Oregon State University Woodland Hills, UT 84653 https://eecs.oregonstate.edu/ cipher-editor@ieee-security.org people/bobba-rakesh sp22-chair@ieee-security.org TC Awards Chair: Tegan Brennan Assistant Professor Stevens Institute of Technology tbrenna5 at stevens.edu ____________________________________________________________________________ BACK ISSUES: Cipher is archived at: http://www.ieee-security.org/cipher.html Cipher is published 6 times per year