_/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/_/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/_/ _/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/ ============================================================================ Newsletter of the IEEE Computer Society's TC on Security and Privacy Electronic Issue 185 May 27, 2025 Hilarie Orman, Editor Sven Dietrich, Assoc. Editor cipher-editor @ ieee-security.org cipher-assoc-editor @ ieee-security.org Sven Dietrich Yong Guan Book Review Editor Calendar Editor cipher-bookrev @ ieee-security.org cipher-cfp @ ieee-security.org ============================================================================ The newsletter is also at http://www.ieee-security.org/cipher.html Cipher is published 6 times per year Contents: * Letter from the Editor * Logo Competition * Commentary and Opinion and News o Sven Dietrich's review of the book, "Differential Privacy" by Simson Garfinkel o News from the media: - Security and Privacy Symposium Test of Time Awards - Inverters With Friends - Vulnerabilities of Yore Forecast Exploits Galore - Domain Today, Dark Tomorrow - Aid For Ukraine Is Watched Remotely - Dark Web Marketplace Goes Dark - Your Cheating Car Will Tell on You - Long Arm, Slow Wheels, High Emissions o Book reviews, Conference Reports and Commentary and News items from past Cipher issues are available at the Cipher website * List of Computer Security Academic Positions, by Cynthia Irvine * Conference and Workshop Announcements o Upcoming calls-for-papers and events * Staying in Touch o Information for subscribers and contributors o Recent address changes * Links for the IEEE Computer Society TC on Security and Privacy o Becoming a member of the TC o TC Officers o TC publications for sale ==================================================================== Letter from the Editor ==================================================================== Dear Readers: It was only a matter of time until Peter G. Neumann would be a recipient of a "Test of Time" award at the Symposium on Security and Privacy, and 2025 was the year for it. He and his co-authors on a 2015 paper regarding their work on a hybrid capability model for a secure processor received the award at the conference in San Francisco. The other winner was also from 2015, and the subject of work was "machine unlearning". The security community has learned a lot from both papers. In other news, I notice a lack of news. My perusal of the media is short on the usual round of reported vulnerabilities and attacks on various industry segments seems oddly thin. There is some news from NIST about a methodology for assessing "likelihood of exploitation", and the Federal law enforcement groups have, in concert with overseas counterparts, shut down some bad operators. It seems, though, that we may be losing situational awareness through news starvation. Fight On, Harvard Fight fiercely, Harvard Fight, fight, fight Take them to the legal floor. Albeit they possess the might Nonetheless we have the law. Fight fiercely, science, Fight, fight, fight Let our methods find the truths Albeit they possess the might Nonetheless we have the proofs. Fight fiercely, crypto, Fight, fight, fight Protect communication privacy, Albeit they'll have quantum comp But we'll be safe with PQC. Fight, fight, fight (And do fight fiercely, seriously). (Apologies to the infinitely witty Tom Lehrer). Hilarie Orman ==================================================================== Logo Competition ==================================================================== Trojan Logo Design Contest IEEE Computer Society's Technical Community on Security and Privacy (TCSP) have used a Trojan logo for multiple decades. While the Trojan served its purpose well, it is time to consider a more modern Trojan logo design. We solicit new Trojan logo submissions from the security and privacy community. Submissions will be accepted through August 15, 2025. Once the submission process closes, a voting to determine the winning design will take place. Voting will be open to TCSP members and active security and privacy research community members. Submit your Trojan design here: https://tally.so/r/31x2NO ==================================================================== Book Review By Sven Dietrich May 27, 2025 ==================================================================== Differential Privacy Simson Garfinkel MIT Press 222 pages + xxii First edition, March 2025 ISBN 9780262551656 (paperback) ISBN 9780262382168 (pdf) ISBN 9780262382175 (epub) Review by Sven Dietrich May 27, 2025 As the unofficial American summer has chimed in, and we start heading to the beach, it is time for some light summer reading. Perhaps this light fare is what you need in contrast to what you may be reading about large-scale database analysis in the press or elsewhere. Sifting through large databases, whether they are government, commercial, or private, may make us think in terms of privacy: what pieces of data can be omitted while still retaining some usefulness as a whole? You may have heard of k-anonymity, but that is not the target here. We are talking about differential privacy, originally conceived by Dwork et al. in the 2000s. Simson Garfinkel brings us the perfect 222+-page "beach book," or perhaps "general audience book" depending on your vacationing preferences, to delve a bit deeper into the concepts of "Differential Privacy." The author takes an experiential approach of describing differential privacy via his time at places of employment where those ideas could be or have been applied. In three chapters (plus the introductory chapter), with many (sometimes humorous) black-and-white illustrations, cartoons, tables, and diagrams, extensive references, he brings the topic to the reader while still referring to the solid mathematical foundations. While the book is available for purchase, you can simply download a properly sanctioned (think: open access) PDF from the MIT Press book website. Ironically, that inserts a download URL into the PDF with the date it was downloaded, plus the MIT Press username. Try it for yourself! In the Preface, the author sets up the motivation for the book, how he met some of the key figures from the field, and how he got more interested into the topic. He also sets expectations, and immediately points the reader to appropriate resources beyond this light reading depending on their background depth (policymakers, mathematicians, computer scientists, statisticians, programmers, etc). In the Introduction, the reader learns about the conceptualization of the differential privacy idea, going through various namings, such as incremental privacy, and the evolution of the various mathematical ideas connected to it. In connection to learning about Dwork's journey on this concept, we also hear about the author's interaction with the privacy field on that subject matter in a semi-autobiographical approach. Moreover, the importance of applying this fundamental idea to the 2020 Census is highlighted by a series of real-world examples that explain how microdata can be used to reconstruct otherwise anonymized statistical database data and more. It also contains Daniel Solove's taxonomy on privacy terminology. In Chapter 1, the focus is on "Concepts and Theories," where the author sprinkles in a bit more math. The basic concept of Differential Privacy is introduced as a "mathematical framework based on a definition of privacy loss that has formal guarantees." Adding noise is a key idea as a trade-off between privacy and accuracy. Here the reader learns about composability as something differential privacy can do, but k-anonymity cannot. The rest of the chapter brings in many real-world examples, including the author's interaction with the Census Bureau to satisfy its privacy needs and its application of differential privacy principles for the 2020 Census. Chapter 2 covers "Differential Privacy Issues," seen as the teething problems of a technology that is only about 20 years young. Issues such as privacy vs. accuracy trade-offs, semantic interpretations, and issues with practical applications such as an ambulance sent to the wrong house due to inaccuracies. Other concerns are expressions of proper privacy policies, and other application domain problems. Lastly, in Chapter 3 the author discusses "Future Directions," extending possible directions from the state of the art of differential privacy. The topics explored here include combining differential privacy with other security and privacy concepts, such as Trusted Execution Environments, Secure Multiparty Computation, and Homomorphic Encryption, among others. This book is aimed at a broader audience, but it does provide technical details for those wishing to explore further. Think of it as Cliff Notes of Differential Privacy to get you bootstrapped. The 13-page long references at the end of the book, plus the 'Further Reading' section, will lead the reader to more technical knowledge, should their interest be piqued. I really enjoyed reading this book. It is light and entertaining reading and provides anecdotal background information for how we can deal with (differential) privacy in a more critical and pragmatic way. Read it for yourself. On the beach, on your commute, or elsewhere. ------------------------------------------------------------------------------- Sven Dietrich reviews technology and security books for IEEE Cipher. He welcomes your thoughts at spock at ieee dot org ==================================================================== News Briefs ==================================================================== News briefs from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/NewsBriefs.html Security and Privacy Symposium Test of Time Awards Summary: Two papers from 2015 have been awarded the IEEE Symposium on Security and Privacy's "Test of Time" award CHERI: A Hybrid Capability-System Architecture for Scalable Software Compartmentalization by Robert N. M. Watson, Jonathan Woodruff, Peter G. Neumann, Simon W. Moore, Jonathan Anderson, David Chisnall, Nirav Dave, Brooks Davis, Khilan Gudka, Ben Laurie, Steven J. Murdoch, Robert Norton, Michael Roe, Stacey Son, Munraj Vadera (https://www.computer.org/csdl/proceedings-article/sp/2015/6949a020/17D45W1Oa3m) Towards Making Systems Forget with Machine Unlearning by Yinzhi Cao, Junfeng Yang (https://www.computer.org/csdl/proceedings-article/sp/2015/6949a463/17D45WXIkH3) The recipients were honored at the Symposium on Security and Privacy in San Francisco this month (https://ieee-security.org/SP/2025). -------------------------------------------------------------------------------- Inverters With Friends Rogue communication devices found in Chinese solar power inverters https://www.reuters.com/sustainability/climate-energy/ghost-machine-rogue-communication-devices-found-chinese-inverters-2025-05-14/ Publisher: Reuters Date: May 14, 2025 By: Sarah Mcfarlane Summary: There are reports of communication devices found on equipment from China, like power inverters and batteries, that were not disclosed to the US purchaser. The US government has declined to comment on the reports, and the Chinese government has defended its achievements in producing infrastructure equipment. There has been no information about the purpose of the communication devices, but US security experts warn that the devices might enable remote operation or disabling of the equipment. The possibililty of Trojan Horse devices in critical infrastructure equipment has long been a worry of the US government. "In February, two U.S. Senators introduced the Decoupling from Foreign Adversarial Battery Dependence Act, banning the Department of Homeland Security from purchasing batteries from some Chinese entities, starting October 2027, due to national security concerns." There is no way to determine if the placement of the unexplained communicaiton devices was a deliberate act of Chinese operatives or a mix-up in shipment by the manufacturer. Perhaps the exact circumstances are less important than the fact that keeping a nation secure requires constant attention to to cyber detail. -------------------------------------------------------------------------------- Vulnerabilities of Yore Forecast Exploits Galore NIST Publication: Likely Exploited Vulnerabilities A Proposed Metric for Vulnerability Exploitation Probability https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.41.pdf Publisher: NIST Date: May 19, 2025 By: Peter Mell and Jonathan Spring Summary: Of the many thousands of hardware and software vulnerabilities discovered each year, only a handful will be exploited. If we could prioritize protecting ourselves from those, it would save time and money. This paper proposes a method for identifying the most likely to be exploited vulnerabilities, but the authors note that the method requires close collaboration with industry. The paper discusses how the existing Exploit Prediction Scoring System can be statistically augmented with Known Exploited Vulnerability lists to produce Likely Exploited Vulnerabilities lists that can have increased accuracy compared to the current state of the art. -------------------------------------------------------------------------------- Domain Today, Dark Tomorrow Justice Department Seizes Domains Behind Major Information-Stealing Malware Operation Coordinated Microsoft Actions and Court-Authorized Domain Seizures Disrupt LummaC2 Malware Infrastructure Used to Target Millions Worldwide https://www.justice.gov/opa/pr/justice-department-seizes-domains-behind-major-information-stealing-malware-operation Publisher: US Department of Justice Date: May 21, 2025 By: Office of Public Affairs Summary: According to the DOJ, the LummaC2 software has been used to exfiltrate personal information from victims "in order to facilitate a host of crimes". In partnership with Microsoft, DOJ disrupted the software usage and control system by taking down two Internet domains. When hackers tried to get around that by opening three new domains, the DOJ immediately seized those. Microsoft was said to be instigating civil action to take down another 2300 affiliated domains. -------------------------------------------------------------------------------- Aid For Ukraine Is Watched Remotely UK exposes Russian cyber campaign targeting support for Ukraine https://www.bbc.com/news/articles/c17rrjdr79po Publisher: The BBC Date: May 21, 2025 By: Imran Rahman-Jones & Chris Vallance Summary: "After a joint investigation with allies including the US, Germany and France, the UK's National Cyber Security Centre (NCSC) said a Russian military unit had been targeting both public and private organisations since 2022." The Russians appeared to have accessed many surveillance cameras used by these organizations in and near Ukraine. The cameras presumably gave the Russians information about aid shipments and their distribution. John Hultquist, chief analyst at Google Threat Intelligence Group, said that anyone moving good into Ukraine should assume that they had been targeted by Russian intelligence groups. ------------------------------------------------------------------------------- Dark Web Marketplace Goes Dark Massive Dark Web Sweep Leads to 270 Arrests Worldwide Operation RapTor dismantles drug, weapons, and counterfeit networks across 10 countries, seizing millions in cash and cryptocurrencies and tons of illicit goods. https://www.occrp.org/en/news/massive-dark-web-sweep-leads-to-270-arrests-worldwide Publisher: Organized Crime and Corruption Project Date: 23 May 2025 By: Zdravko Ljubas Summary: Authorities in the US, Germany, the UK, France, South Korea, Austria, the Netherlands, Brazil, Switzerland, and Spain, arrested people accused of being part of a dark web marketplace that dealt in illegal drugs, guns and knives, and counterfeit products. Europol provided the intelligence that led to the arrests and contraband seizures. ------------------------------------------------------------------------------- Your Cheating Car Will Tell on You Volkswagen Car Hacked - Owner's Personal Data & Service Details Exposed https://cybersecuritynews.com/volkswagen-car-hacked/ Publisher: Cyber Security News Date: May 19. 2025 By: Kaaviya Summary: After purchasing a pre-owned Volkswagen in 2024, cybersecurity researcher Vishal Bhaskar was frustrating in trying to connect the vehicle to the My Volkswagen app on his phone. So, he did some network snooping and some Python scripting to get access to his car's internal data. He was very surprised to find that the previous owner's personal data, including home address and driving license information, were clearly available, along with information that might allow the vehicle to be operated remotely. He reported this to VW last November, and this month they told him that all vulnerabilities had been patched. VW is not the first company to be found negligent in privacy protection. See our news from January about Subaru. https://ieee-security.org/Cipher/Newsbriefs/2025news-012825.html#SPSubaru -------------------------------------------------------------------------------- Long Arm, Slow Wheels, High Emissions German court convicts 4 ex-Volkswagen managers of fraud in emissions scandal https://apnews.com/article/volkswagen-germany-diesel-emissions-court-fraud-3878fcf6c06c9574bf5bff8d31029f90 Publisher: The Associated Press Date: May 26, 2025 Summary: Ten years ago the EPA accused VW of introducing software into their diesel-engine vehicles that allowed them to pass emissions tests even though in normal driving the vehicles exceeded the statuatory limits. Two managers in the US received prison sentences, now four German managers for VW have also been sentenced to prison for their part in the fraud. ==================================================================== Commentary and Opinion ==================================================================== Book reviews from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/BookReviews.html, and conference reports are archived at http://www.ieee-security.org/Cipher/ConfReports.html ==================================================================== Listing of academic positions available by Cynthia Irvine ==================================================================== http://cisr.nps.edu/jobscipher.html -------------- This job listing is maintained as a service to the academic community. If you have an academic position in computer security and would like to have in it included on this page, send the following information: Institution, City, State, Position title, date position announcement closes, and URL of position description to: irvine@cs.nps.navy.mil ==================================================================== Conference and Workshop Announcements ==================================================================== The complete Cipher Calls-for-Papers is located at http://www.ieee-security.org/CFP/Cipher-Call-for-Papers.html The Cipher event Calendar is at http://www.ieee-security.org/Calendar/cipher-hypercalendar.html Requests for inclusion in the list should sent per instructions: http://www.ieee-security.org/Calendar/submitting.html ____________________________________________________________________ Cipher Event Calendar ____________________________________________________________________ IFIP TC-11 SEC 2025 40th IFIP TC-11 International Information Security and Privacy Conference, Maribor, Slovenia, May 21-23, 2025. https://www.ndss-symposium.org/ndss2025/submissions/cfp-wosoc/ WNDSS 2025 International Workshop on Network and Distributed Systems Security, Co-located with the 40th International Information Security and Privacy Conference (IFIP SEC 2025), Maribor, Slovenia, May 23, 2025. https://ifiptc11.org/wg114-events/wg114-workshop/ ICICS 2025 27th International Conference on Information and Communications Security, Nanjing, China, October 29-31, 2025. https://www.icics2025.org/index.html Submission date: 9 March 2025 and 23 May 2025 TX4Nets 2025 2nd International Workshop on Trustworthy and eXplainable Artificial Intelligence for Networks, Co-located with IFIP Networking 2025, Limassol, Cyprus, May 25-29, 2025. ACSAC 2025 41th Annual Computer Security Applications Conference, Honolulu, Hawaii, USA, December 8-12, 2025. https://www.acsac.org/ Submission date: 30 May 2025 SP 2026 47th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, May 18-21, 2026. https://sp2026.ieee-security.org/cfpapers.html Submission dates: 5 June 2025 and 13 November 2025 CVC 2025 8th Crypto Valley Conference on Blockchain Technology, Zug, Switzerland, June 5-6, 2025. https://cryptovalleyconference.com/call-for-papers IWSPA 2025 11th ACM International Workshop on Security and Privacy Analytics, Co-located with ACM CODASPY 2025, Pittsburgh, Pennsylvania, June 6, 2025. https://sites.google.com/view/iwspa-2025 CSF 2025 38th IEEE Computer Security Foundations Symposium, Santa Cruz, CA, USA, June 16-20, 2025. https://csf2025.ieee-security.org/ WEIS 2025 24th Annual Workshop on the Economics of Information Security, Tokyo, Japan, June 23-25, 2025. http://kmlabcw.iis.u-tokyo.ac.jp/weis/2025/index.html WTMC 2025 10th International Workshop on Traffic Measurements for Cybersecurity Co-located with the 10th IEEE European Symposium on Security and Privacy (IEEE EuroS&P 2025), Venice, Italy, June 30, 2025. https://wtmc.info/index.html ACM WiSec 2025 18th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Arlington, Virginia, USA, June 30 - July 3, 2025. https://wisec2025.gmu.edu IEEE EuroS&P 2025 10th IEEE European Symposium on Security and Privacy, Venice, Italy, June 30 - July 4, 2025. https://eurosp2025.ieee-security.org/ SACMAT 2025 30th ACM Symposium on Access Control Models and Technologies, Stony Brook, NY, USA, July 8-10, 2025. https://www.sacmat.org/2025/ ICISS 2025 21st International Conference on Information Systems Security, Indore, India, December 16-20, 2025. https://iciss.isrdc.in/ Submission date: 10 July 2025 PETS 2025 25th Privacy Enhancing Technologies Symposium, Washington, DC and Online, July 14-19, 2025. https://petsymposium.org/cfp25.php APWG eCrime 2025 20th APWG Symposium on Electronic Crime Research, San Diego, CA, USA, November 4-7, 2025. https://apwg.org/events/ecrime2025 Submission date: 15 July 2025 DFRWS-USA 2025 25th Annual Digital Forensics Research Conference, Chicago, Illinois, USA, July 22-25, 2025. https://dfrws.org/conferences/dfrws-usa-2025/ CSR 2025 IEEE International Conference on Cyber Security and Resilience, Chania, Crete, Greece, August 4-6, 2025. https://www.ieee-csr.org/ NDSS 2026 Network and Distributed System Security, San Diego, CA, USA, February 23-27, 2026. https://www.ndss-symposium.org/ndss2026/submissions/call-for-papers/ Submission date: 23 April 2025 and 6 August 2025 ARES 2025 20th International Conference on Availability, Reliability and Security, Ghent, Belgium, August 10-13, 2025. https://2025.ares-conference.eu/ EDId 2025 2nd International Workshop on Emerging Digital Identities, Co-located with the 20th International Conference on Availability, Reliability and Security (ARES 2025), Ghent, Belgium, August 11-14, 2025. https://2025.ares-conference.eu/program/edid/ ENS 2025 8th International Workshop on Emerging Network Security, Co-located with the 20th International Conference on Availability, Reliability and Security (ARES 2025), Ghent, Belgium, August 11-14, 2025. https://2025.ares-conference.eu/program/ens/ CUING 2025 9th International Workshop on Cyber Use of Information Hiding, Co-located with the 20th International Conference on Availability, Reliability and Security (ARES 2025), Ghent, Belgium, August 11-14, 2025. https://2025.ares-conference.eu/program/cuing/ USENIX Security 2025 34th USENIX Security Symposium, Seattle, WA, USA, August 13-15, 2025. https://www.usenix.org/conference/usenixsecurity25 USENIX Security 2026 35th USENIX Security Symposium, Baltimore, MD, USA, August 12-14, 2026. https://www.usenix.org/conference/usenixsecurity26 Submission date: 26 August 2025 and 5 February 2026 PST 2025 22nd Annual International Conference on Privacy, Security & Trust, Fredericton, Canada, August 26-28, 2025. http://pstnet.ca/ ACM Distributed Ledger Technologies: Research and Practice, Special Issue on Distributed Ledger Technologies for Trustworthy Internet of Vehicles. https://dl.acm.org/pb-assets/static_journal_pages/dlt/pdf/ACM-CFP-DLT-Trustworthy-IoV-1712343333363.pdf Submission date: 31 August 2025 Journal of Systems Architecture, Special Issue on Security and Privacy in AIoT-enabled Smart Cities. https://www.sciencedirect.com/special-issue/313735/security-and-privacy-in-aiot-enabled-smart-society Submission date: 31 August 2025 ESORICS 2025 30th European Symposium on Research in Computer Security, Toulouse, France, September 22-26, 2025. https://www.esorics2025.org/ ACM CCS 2025 32nd ACM Conference on Computer and Communications Security, Taipei, Taiwan, October 13-17, 2025. https://www.sigsac.org/ccs/CCS2025/call-for-papers/ MarCaS 2025 3rd LCN Special Track on Maritime Communication and Security, Held in conjunction with the 50th Annual IEEE Conference on Local Computer Networks (IEEE LCN 2025), Sydney, Australia, October 14-16, 2025. https://garykessler.net/lcn_marcas/ ICICS 2025 27th International Conference on Information and Communications Security, Nanjing, China, October 29-31, 2025. https://www.icics2025.org/index.html APWG eCrime 2025 20th APWG Symposium on Electronic Crime Research, San Diego, CA, USA, November 4-7, 2025. https://apwg.org/events/ecrime2025 SP 2026 47th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, May 18-21, 2026. https://sp2026.ieee-security.org/cfpapers.html Submission date: 5 June 2025 and 13 November 2025 CANS 2025 24th International Conference on Cryptology and Network Security, Osaka, Japan, November 17-20, 2025. https://cy2sec.comm.eng.osaka-u.ac.jp/miyaji-lab/event/cans2025/index.html ACSAC 2025 41th Annual Computer Security Applications Conference, Honolulu, Hawaii, USA, December 8-12, 2025. https://www.acsac.org/ ICISS 2025 21st International Conference on Information Systems Security, Indore, India, December 16-20, 2025. https://iciss.isrdc.in/ USENIX Security 2026 35th USENIX Security Symposium, Baltimore, MD, USA, August 12-14, 2026. https://www.usenix.org/conference/usenixsecurity26 Submission date: 26 August 2025 and 5 February 2026 NDSS 2026 Network and Distributed System Security, San Diego, CA, USA, February 23-27, 2026. https://www.ndss-symposium.org/ndss2026/submissions/call-for-papers/ SP 2026 47th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, May 18-21, 2026. https://sp2026.ieee-security.org/cfpapers.html USENIX Security 2026 35th USENIX Security Symposium, Baltimore, MD, USA, August 12-14, 2026. https://www.usenix.org/conference/usenixsecurity26 ==================================================================== Information on the Technical Committee on Security and Privacy ==================================================================== ____________________________________________________________________ Information for Subscribers and Contributors ____________________________________________________________________ SUBSCRIPTIONS: Two options, each with two options: 1. To receive the full ascii CIPHER issues as e-mail, send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe". OR send a note to cipher-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) 2. To receive a short e-mail note announcing when a new issue of CIPHER is available for Web browsing send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe postcard". OR send a note to cipher-postcard-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) To remove yourself from the subscription list, send e-mail to cipher-admin@ieee-security.org with subject line "unsubscribe" or "unsubscribe postcard" or, if you have subscribed directly to the xmission.com mailing list, use your password (sent monthly) to unsubscribe per the instructions at http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher or http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher-postcard Those with access to hypertext browsers may prefer to read Cipher that way. It can be found at URL http://www.ieee-security.org/cipher.html CONTRIBUTIONS: to cipher @ ieee-security.org are invited. Cipher is a NEWSletter, not a bulletin board or forum. It has a fixed set of departments, defined by the Table of Contents. Please indicate in the subject line for which department your contribution is intended. Calendar and Calls-for-Papers entries should be sent to cipher-cfp @ ieee-security.org and they will be automatically included in both departments. To facilitate the semi-automated handling, please send either a text version of the CFP or a URL from which a text version can be easily obtained. For Calendar entries, please include a URL and/or e-mail address for the point-of-contact. For Calls for Papers, please submit a one paragraph summary. See this and past issues for examples. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. All reuses of Cipher material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy, publications using Cipher material should obtain permission from the contributors. ____________________________________________________________________ Recent Address Changes ____________________________________________________________________ Address changes from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/AddressChanges.html _____________________________________________________________________ How to become <> a member of the IEEE Computer Society's TC on Security and Privacy _____________________________________________________________________ You may easily join the TC on Security & Privacy (or other TCs) by completing the on-line form at IEEE at https://www.computer.org/web/tandc/technical-committees ______________________________________________________________________ TC Conference Publications Online ______________________________________________________________________ The proceedings of previous conferences are available from the Computer Society's Digital Library. IEEE Security and Privacy Symposium IEEE Computer Security Foundations IEEE European Security and Privacy Symposium From 2012 onward, these are available without charge from the digital library 12 months after the conference. ____________________________________________________________________________ TC Officers ____________________________________________________________________________ Chair: Security and Privacy Symposium Chair Emeritus: Thorsten Holz Trent Jaeger Faculty Member Associate Professor CISPA Helmholtz Center for Pennsylvania State University Information Security https://www.cse.psu.edu/~trj1 tcchair at ieee-security.org sp24-chair@ieee-security.org Vice Chair: Treasurer: Alvaro Cardenas Yong Guan Professor Professor University of California, Department of Electrical and Computer Santa Cruz Engineering tcchair at ieee-security.org Iowa State University, Ames, IA 50011 treasurer@ieee-security.org Newsletter Editor: Security and Privacy Symposium, 2025 Chair: Hilarie Orman Marina Blanton Purple Streak, Inc. Associate Professor 500 S. Maple Dr. University at Buffalo Woodland Hills, UT 84653 sp25-chair at ieee-security.org cipher-editor@ieee-security.org TC Awards Chair: Tegan Brennan Assistant Professor Stevens Institute of Technology tbrenna5 at stevens.edu ____________________________________________________________________________ BACK ISSUES: Cipher is archived at: http://www.ieee-security.org/cipher.html Cipher is published 6 times per year --=====================_purplestreak_932242421235479791===--