Workshops and Affiliated Events

EuroS&P 2017 is the first edition to have a call for affiliated events and the response of the community was amazing: together with EUROCRYPT 2017 we will have 17 affiliated and collocated events. With one single exception (ECOSSIAN), all events will be organized jointly with EUROCRYPT on April 29-30, 2017 at UPMC Campus Jussieu.

The programs of the affiliated and collocated events is now available on the individual event websites as well as on the EUROCRYPT website.

EuroS&P 2017 affiliated & collocated events

• FOQUS – Frontiers Of QUantum Safe cryptography³ (in Room 106) 
  The workshop will be held in Paris, as a satellite event of EUROCRYPT 2017. The objective of the workshop is to promote research at the frontiers of Quantum-safe cryptography, i.e. to design and analyze cryptographic tasks secure against quantum-capable adversaries, using concepts and techniques from modern cryptography and/or quantum information.
  
  The program will be composed of invited talks. Target audience is composed of modern cryptographers interested in the implications of quantum information to cryptography as well as quantum information researchers interested in cryptography. The goal of the workshop will be to strengthen the collaboration between the two communities on some important topics in quantum-safe cryptography and to identify new ones.
  
  Identified frontier research topics in Quantum-Safe Cryptography are

  • Security models for quantum-safe cryptography and their relation to classical models
  • Power of quantum adversaries for lattice and code-based cryptography
  • Design of quantum-safe cryptographic primitives
  • Hardware security, attacks and implementation security certification
  • Practical applications and deployment of quantum-safe cryptographic systems
• S&B – Security on Blockchains² (in Room 105) 
  Although Bitcoin is the the first peer-to-peer electronic cash system, that successfully repurposed the underlying blockchain technology, the decentralized network and public verifiability of Bitcoin come with costs. Most of them originate from the same places as its benefits: the design decisions. Speed of execution and insufficient guarantees of privacy are two of Bitcoin's major issues. Despite a prevailing belief that Bitcoin is anonymous, its privacy properties are insufficient for many commercial use cases. Every transaction is published in a global ledger, which allows small amounts of information (e.g., the identities of the participants in a single transaction) to be amplified if statistical analysis is used to learn much about the users' financial activity. This limits the commercial usefulness of the network and also harms individual privacy, as user behavior frequently reflects the pervasive assumption that Bitcoin is an anonymous system.
  
  Research in the area has been focusing mainly on improving the proof-of-work, the repurposing of mining energy and some denial of service attacks. With the Security on Blockchain Workshop we propose to look at the major issues in adopting Blockchain as a wide, secure and privacy preserving solution to many of today’s problems in various fields: financial, authentication, access control, medical applications, fast data transactions, manufacturing processes etc. We propose to focus on the improvements of security brought by technologies build on top of Blockchain: Sidechain, Confidential Transactions, Dark Pool and Smart Contracts, and their application to security and privacy in the field.
• EuroUSEC – European Workshop on Usable Security¹ (in Room 107) 
  Many aspects of information security combine technical and human factors. If a highly secure system is unusable, users will try to circumvent the system or move entirely to less secure but more usable systems. Problems with usability are a major contributor to many high-profile security failures today.
  
  However, usable security is not well-aligned with traditional usability for three reasons. First, security is rarely the desired goal of the individual. In fact, security is usually orthogonal and often in opposition to the actual goal. Second, security information is about risk and threats. Such communication is most often unwelcome. Increasing unwelcome interaction is not a goal of usable design. Third, since individuals must trust their machines to implement their desired tasks, risk communication itself may undermine the value of the networked interaction. For the individual, discrete technical problems are all understood under the rubric of online security (e.g., privacy from third parties use of personally identifiable information, malware). A broader conception of both security and usability is therefore needed for usable security.
  
  The Workshop on Usable Security invites submissions on all aspects of human factors and usability in the context of security and privacy. EuroUSEC 2017 aims to bring together researchers already engaged in this interdisciplinary effort with other computer science researchers in areas such as visualization, artificial intelligence and theoretical computer science as well as researchers from other domains such as economics and psychology.
  
  We particularly encourage collaborative research from authors in multiple fields. Topics include, but are not limited to:

  • Evaluation of usability issues of existing security and privacy models or technology
  • Design and evaluation of new security and privacy models or technology
  • Impact of organizational policy or procurement decisions
  • Lessons learned from designing, deploying, managing or evaluating security and privacy technologies
  • Foundations of usable security and privacy
  • Methodology for usable security and privacy research
  • Ethical, psychological, sociological and economic aspects of security and privacy technologies

  
  We further encourage submissions that contribute to the research community’s knowledge base:

  • Reports of replicating previously published studies and experiments
  • Reports of failed usable security studies or experiments, with the focus on the lessons learned from such experience.

  
  It is the aim of EuroUSEC to increase the scientific quality of usable security and privacy research. To this end, we encourage the use of replication studies to validate research findings. This important and often very insightful branch of research is sorely underrepresented in usable security and privacy research to date. Papers in these categories should be clearly marked as such and will not be judged against regular submissions on novelty. Rather, they will be judged based on scientific quality and value to the community. The call for papers will solicit full-length papers (8-10 pages) with mature research results, as well as short papers with preliminary results, and short communications. The workshop will solicit submissions through various advertisement channels. Each submission will undergo a single-blind review process. Publication policy: Accepted papers would appear in official proceedings, which would be published through the Internet Society.
• MTP: Models and Tools for Security Analysis and Proofs² (in Room 109) 
  Cryptography underlies much of the existent deployed software and communication infrastructure and, with the advent of IoT, will play an increasingly key role in our everyday life. While the security of cryptographic systems is therefore paramount, rigorous analysis is severely hampered by their inherent complexity.
  
  It is clear by now that machine support will play an increasingly important role in the design and analysis of cryptographic systems, and there has been much recent progress, with varying degree of success.
  
  The goal of this workshop is threefold. It will serve as discussion platform for experts in the area, it will act as dissemination forum to inform the participants of the most recent developments in the area of tool support, and will help identify key directions for medium and long-term research.
  
  The workshop program will be mainly based on invited talks, and will serve as a more general background to the participants with the TLS:DIV workshop.
• IMPS – Innovations in Mobile Privacy and Security¹ (in Room 202) 
  IMPS aims to bring together researchers working on challenges in security and privacy for mobile platforms, broadly considered. We are interested in investigations into existing security platforms, their users, applications and app store ecosystems, and research into novel security or privacy mechanisms, tools and analysis.
  
  Areas of interest include but are not restricted to:

  • Secure application development tools and practices
  • Privacy enhancing techniques for devices and connected services
  • Secure or trusted computing mechanisms
  • Static and dynamic analysis for security
  • Formal methods for mobile security
  • Vulnerability detection and prevention
  • Mobile operating system security features
  • Security and privacy for IoT and other constrained devices
  • Usable security and privacy on small or mobile devices

  
  As a workshop, we particularly encourage new and emerging themes, possibly non-conventional ideas, which address the problem area.
  
  Note: IMPS 2017 will be the second instance of the workshop. IMPS 2016 was a successful meeting held in conjunction with ESSoS 2016, it had approx 25 participants, two invited speakers, and an international PC of 18 members. See http://groups.inf.ed.ac.uk/security/IMPS/ for details.
• CrossFyre – Cryptography, Robustness, and Provably Secure Schemes for Female Young Researchers¹ (in Room 201) 
  CrossFyre was first organized by Cristina Onete in Darmstadt 2011, after the organizer's proposal of this workshop was selected as one of the top three proposals for the Marina van Damme award, offered to female graduates of the T.U. Eindhoven. Its main goal is to encourage young women to pursue a career in cryptography and security, as well as to provide them with a network of contacts during the development of their careers. It is why we encourage the presence of both Bachelor and Master students at our workshop, together with both younger and more experienced researchers in cryptography and security.
  
  During the workshop, we invite two well-known female researchers in cybersecurity to speak about their research, and their personal experience as women in cryptography, thus motivating the participants and allowing them to ask questions. The interaction between the more experienced researchers and the younger ones is further encouraged during a social event on the first day of the workshop – a conference dinner for all the participants. A traditional, and important part of the workshop is also a panel discussion which may cover topics ranging from "How do I best apply for a post-doctoral position" to questions of child care and maternity leave.
  
  The participants are also asked to briefly present their work, or the work of their group. We encourage senior participants looking for Ph.D. or postdoctoral students to advertise these positions at the workshop. Finally, through external funding, we have developed a system of grants, which allow us to cover the hotel and workshop fees of participants with smaller budgets.
  
  The target audience for CrossFyre is predominantly female; however, male researchers are also encouraged to take part at every event and they have done so in all past editions of CrossFyre.
• TPT – Tamarin-Prover Tutorial² (in Room 203) 
  Tamarin-prover is a state-of-the-art automated security protocol verification tool. It uses multiset rewriting rules to specify the protocol to be analyzed and uses a subset of first order logic to specify properties. Tamarin-prover has been used to analyze the new draft version of TLS 1.3, group key agreement protocols, as well as many other protocols (over 30). It supports not only trace properties but also observational equivalence. We have taught classes to master and Ph.D. level students that were then able to complete projects based on analyzing passport authentication (PACE) and key agreement (SIGMA). In this tutorial we will explain the underlying principles, motivate the design choices, and show how to use the tool. The tool is open-source software and further information, including the manual, the source code, and scientific papers are available at http://tamarin-prover.github.io/
• cataCRYPT – catastrophic events related to CRYPTography and security with their possible solutions³ (in Room 206) 
  A workshop about catastrophic events related to cryptography and security. And their prevention, detection, recovery, solutions...
  
  The main point is: many cryptographic protocols are only based on the security of one cryptographic algorithm (e.g. RSA) and we don't know the exact RSA security (including Ron Rivest). What if somebody finds a clever and fast factoring algorithm? Well, it is indeed an hypothesis but we know several instances of possible progress. A new fast algorithm is a possible catastroph if not handled properly. And there are other problems with hash functions, elliptic curves, aso. Think also about the recent Heartbleed bug (April 2014, see http://en.wikipedia.org/wiki/Heartbleed): the discovery was very late and we were close to a catastrophic situation.
  
  So we are thinking about a regular workshop, the name is cataCRYPT, about these possible problems and their solutions. It includes problems with cryptographic algorithms, protocols, PKI, DRM, TLS-SSL, smart cards, RSA dongles, MIFARE, aso. Quantum computing, resilience and agility are also on the program.
  
  The workshop aims at bringing together researchers and practitioners working in cryptography and security, from academia and industry. A large committee including many founders of the main concepts of public-key cryptography is pushing this important topic.
• S4CIP – 2nd Workshop on Safety & Security aSSurance for Critical Infrastructures Protection¹ (in Room 116) 
  Modern society heavily relies on large, heterogeneous, and complex software-intensive systems to support all kinds of daily activities. Services as urban transportation, logistics, health-care, data communication, railway, aerospace, and power distribution, to name a few, are becoming highly dependent on the availability of such infrastructures. Any discontinuity of service may lead to serious problems, from severe financial losses to fatalities or injuries. The causes behind these service disruptions have different nature, from unintended actions caused by human errors or unexpected acts of nature, to intentional attacks like sabotage or terrorism. Safety and security (S&S) assessments in critical infrastructures measure how these disruptions are handled and what is the impact suffered by the critical infrastructure under stress. These assessments are normally performed using analytical or simulation-based techniques, often addressing one single specific aspect at a time rather than studying these infrastructures in a holistic manner.

• FOQUS – Frontiers Of QUantum Safe cryptography³ (in Room 106) 
  The workshop will be held in Paris, as a satellite event of EUROCRYPT 2017. The objective of the workshop is to promote research at the frontiers of Quantum-safe cryptography, i.e. to design and analyze cryptographic tasks secure against quantum-capable adversaries, using concepts and techniques from modern cryptography and/or quantum information.
  
  The program will be composed of invited talks. Target audience is composed of modern cryptographers interested in the implications of quantum information to cryptography as well as quantum information researchers interested in cryptography. The goal of the workshop will be to strengthen the collaboration between the two communities on some important topics in quantum-safe cryptography and to identify new ones.
  
  Identified frontier research topics in Quantum-Safe Cryptography are

  • Security models for quantum-safe cryptography and their relation to classical models
  • Power of quantum adversaries for lattice and code-based cryptography
  • Design of quantum-safe cryptographic primitives
  • Hardware security, attacks and implementation security certification
  • Practical applications and deployment of quantum-safe cryptographic systems
• QsCl – Quantum-safe Crypto for Industry (RISQ)³ (in Room 106) 
  Quantum-Safe Safe cryptography aims at constructing systems that are secure against quantum and conventional computers. The status of quantum-safe cryptography is currently completely changing. It is quickly moving from a purely academic theme to a topic of major industrial interest, driven by the fact that quantum-safe cryptography has recently received much attention from the standardization and policy spectra such as NIST, ETSI, and CSA, The goal of the QscI workshop is to regroup speakers from the industry and the academia to discuss of the construction and development of quantum-safe systems. The event will include a selection of speakers in the area of quantum-safe cryptography, standardization and industrial challenges for quantum-safe cryptography.
• SEMS – Security for Embedded and Mobile Systems² (in Room 109) 
  Embedded and Mobile devices that provide security and crypto functionalities and manage private and confidential data are omnipresent in our daily lives. Examples of such devices range from smart cards and RFID tag (included in packaging, and in most passports), to mobile phones, tablets, and IoT devices. Ensuring the security and privacy of these devices is a challenging problem, as witnessed also by recent breaking of crypto and security systems used in mobile phones, car keys, and RFID-enabled cards. Typical threats to extract the secret keys include side-channel analysis (SCA) and fault analysis (FA). For this purpose the attackers use indirect information, like the power consumption of a card, to derive hidden information.
  
  Additionally, the vulnerabilities of the devices imply also privacy concerns. The operating systems supporting some of those devices, particularly mobile phones and tablets, but also IoT ones, have become very complex. Various sorts of malware present a constant threat for users. Although measures like application sandboxing take place, they also open the court for new attacks by constantly collecting and organizing sensitive information about the user.
  
  The workshop seeks submissions from academia and industry presenting novel research results on the following topics of interest:

  • security architectures for embedded and mobile systems
  • physical attacks
  • side channel attacks
  • sensor spoofing attacks
  • malware
  • machine learning applications to violate user privacy

  
  We especially encourage novel ideas exploiting architecture-specific or novel “out of the box” attacks combining ideas from different communities, e.g., malware detection or privacy violation using side-channels.
• TLS:DIV – TLS 1.3: Design, Implementation, Verification² (in Room 107) 
  Establishing secure channels has been a solved problem in theory for four decades, and a disappointing point of practical failures for the past few years. The upcoming 1.3 revision of the Transport Layer Security (TLS) Internet Standard aims to drastically upgrade the crumbling security of legacy SSL and TLS versions by ditching brittle mac-encode-encrypt schemes in favor of modern authenticated encryption modes, refactoring the handshake to follow a roundtrip-efficient and principled design, and introducing new features such as resumption pre-shared keys, certificate encryption, and post-handshake authentication.
  
  The many and fast-moving changes to TLS are a challenge for both protocol analysts and implementors. The goals of this workshop are threefold:A

  1. to summarize the design and analyses of TLS 1.3 as it enters its final call for standardization after 15 revisions and 2 years of discussion;
  2. to report on early implementations of the protocol; and
  3. to review security properties and their machine-aided verification.

  
  The workshop program will mix invited and selected presentations and will be accesible to attendants without previous expertise on TLS 1.3 or machine-aided verification. We encourage attendants to register to the companion workshop on Trends in Models and Tools for Security Analysis and Proofs, which will serve as a prelude and provide more general background.
• wr0ng: Random Number Generation Done Right³ (in Room 105) 
  Workshop composed of invited presentations about Random Number Generation.
  
  All cryptographic constructions heavily rely on the availability of random bits, for operations such as key generation, randomization of encryption or signatures and or nonces in protocols. Unfortunately, multiple incidents have demonstrated that the quality of the (pseudo-)random number generators leaves much to be desired. Even worse, in September 2013 it was revealed that the US government agency has deliberately undermined the security of cryptographic solutions by inserting a backdoor in the Dual EC random number generator included in ANSI, NIST and ISO standards. This highlights that a secure system can be fatally weakened by the insertion of just one flawed component; if the NSA can predict all randomness used by a system, it knows all secrets used during that time period and might even be able to recover long-term keys.
  
  In spite of their crucial importance, there are very few research papers on the topic and most industrial designs are proprietary. Moreover, existing designs and instances are notoriously difficult to evaluate. The goal of this workshop is to address these issues and to propose new models, new constructions, new implementations, and new evaluation methodologies. It will cover both truly random number generators (where novel constructions such as those based on PUFs will be explored) and pseudo-random number generators. It will also be discussed whether the area is mature enough to identify requirements and plan an open competition.
• CrossFyre – Cryptography, Robustness, and Provably Secure Schemes for Female Young Researchers¹ (in Room 201) 
  CrossFyre was first organized by Cristina Onete in Darmstadt 2011, after the organizer's proposal of this workshop was selected as one of the top three proposals for the Marina van Damme award, offered to female graduates of the T.U. Eindhoven. Its main goal is to encourage young women to pursue a career in cryptography and security, as well as to provide them with a network of contacts during the development of their careers. It is why we encourage the presence of both Bachelor and Master students at our workshop, together with both younger and more experienced researchers in cryptography and security.
  
  During the workshop, we invite two well-known female researchers in cybersecurity to speak about their research, and their personal experience as women in cryptography, thus motivating the participants and allowing them to ask questions. The interaction between the more experienced researchers and the younger ones is further encouraged during a social event on the first day of the workshop – a conference dinner for all the participants. A traditional, and important part of the workshop is also a panel discussion which may cover topics ranging from "How do I best apply for a post-doctoral position" to questions of child care and maternity leave.
  
  The participants are also asked to briefly present their work, or the work of their group. We encourage senior participants looking for Ph.D. or postdoctoral students to advertise these positions at the workshop. Finally, through external funding, we have developed a system of grants, which allow us to cover the hotel and workshop fees of participants with smaller budgets.
  
  The target audience for CrossFyre is predominantly female; however, male researchers are also encouraged to take part at every event and they have done so in all past editions of CrossFyre.
• CFRG – Crypto Forum Research Group³ (in Room 203) 
  https://irtf.org/cfrg describes what CFRG does; meeting at Eurocrypt is a good way to enhance academic involvement. We had about 60 participants in the meeting at Eurocrypt 2016 in Vienna.
• WCS – Second Workshop on Communication Security³ (in Room 202) 
  In the last years we have seen a rising interest and dialogue between two distinct approaches to security: the well-established field of cryptography and the recently explored field of physical-layer (or information-theoretic) security. The two approaches are based on different assumptions and have developed their own performance metrics and methodologies, as well as their own implemented solutions. A seminal work by Bellare, Tessaro and Vardy in 2012 plays the role of a Rosetta Stone by putting side by side metrics and languages of the two fields and establishing a bridge between them.
  
  Furthermore, engineers have been studying how to integrate solutions from both fields in their products rather than relying exclusively on one of the two, confirming the interest in bridging the two approaches.
  
  This workshop aims at getting together experts from both fields to continue this promising joint research path of physical-layer security and cryptography. Contributions are solicited on topics including (but not limited to):

  • Semantic security for the wiretap channel
  • Coding strategies for semantic security
  • Adversarial wiretap channels
  • Joint physical layer-cryptography solutions for secure wireless communications
  • Cross-disciplinary solutions for authentication
  • Secure cross-layer design techniques
  • Physical-layer enhanced cryptography

  
  WCS 2017 will provide a forum to discuss cutting-edge cross-disciplinary security research and to share visions for future joint advances in the fields of physical-layer security and cryptography.
  
  The one-day event will include the presentation of peer-reviewed papers and two keynote talks, one by Prof. Jean-Claude Belfiore and one by Dr. Stefano Tessaro.
• FewMul: Fewer Multiplications in Cryptography - From Theory to Applications³ (in Room 116) 
  Cryptographic primitives realized with few multiplications can significantly improve (or even enable!) applications in areas as diverse as homomorphic encryption, side-channel attack countermeasures, secure multiparty computation, or zero-knowlege proofs.
  
  This one-time workshop aims to provide an overview of results, applications and current research in this area. This covers theory, design and analysis, as well as implementations. Major goals are to bring together researchers from the unusual set of relevant disciplines within cryptography/security and outside (e.g. circuit complexity), and to identify open problems and more applications.
  
  This is a one-day event consisting of invited talks only.

• ECOSSIAN – European Control System Security Incident Analysis Networks¹ (different location, separate registration required) 
  The ECOSSIAN workshop addresses technologies, concepts and legal frameworks aiming at improving the detection and management of highly sophisticated cyber security attacks against critical infrastructures. It incites development of early warning and situational awareness frameworks with command and control facilities.
  
  The workshop is initiated by the partners of the FP7-ECOSSIAN project that aims to establish and enhance a security-state awareness to support operators of CI by implementing an Operator Security Operation Centre (O-SOC). It combines identified and designated Member States’ CI (O-SOC) in a National Security Operation Centre (N-SOC) to support a pan-European early-warning entity, through the connection of Member States N-SOC to a European Security Operation Centre (E-SOC), including the required interoperability standards.
  
  Based on stakeholder’s requirements, ECOSSIAN is developing appropriate operational and technical frameworks. The project ends-up with a European-wide demonstration and ensures contributions for procedure’s standardization.
  
  The ECOSSIAN workshop aims at interactive discussions with a variety of highly motivated experts alongside the overall workshop that will include an introduction to the basic concepts for operational, organizational, legal and technical frameworks addressed by ECOSSIAN as well as invited related speaches.

Dates

All deadlines are Anywhere on Earth (AoE = UTC-12h).