Applicants must submit proposals to the host institutions by February 7, 2007. Host Institutions must submit completed application packets to the I3P by February 21, 2007. For more information about application requirements see: http://www.thei3p.org/fellowships/2007callforproposals.html

I3P Research Areas of Interest:

• - Enterprise Security Management
• - Trust Among Distributed Autonomous Parties
• - Discovery and Analysis of Security Properties and Vulnerabilities
• - Secure systems and Network Responses and Recovery
• - Traceback, Identification and Forensics
• - Wireless Security
• - Metrics and Models
• - Law, Policy and Economic Issues

The Institute for Information Infrastructure Protection (The I3P) is a Consortium that includes academic institutions, federally-funded labs and non-profit organizations. The I3P funded by the Department of Homeland Security and the National Institute of Standards and Technology. The I3P is managed by Dartmouth College.

Network Security Group at Institute for Infocomm Research - a national research institute fully funded by Singapore government, is looking for a network security researcher. This is a full-time position in our core headcount. A 2-3 year contract will be offered and is renewable subject to the candidate's performance.

Our group is active in the security community, and has established extensive collaborations with local and overseas universities and research institutes. We are also involved in an EU-funded project. More information is available at http://icsd.i2r.a-star.edu.sg/staff/nsl/

The candidate should have a PhD degree with strong background on network security, especially on wireless sensor network security. (MSc with independent R&D capability may also be considered.) The candidate is expected to do research on network security, create valuable intellectual properties, publish papers at leading conferences and journals, and produce project deliverables in time. If you are interested in this job, please send your CV to Jianying Zhou . Short-listed candidates will be contacted for interview.

All events take place at the Hilton Tobago Resort unless otherwise noted.

Sunday, February 11, 2007

5:00pm-7:00pm
Registration reception
poolside Hilton Tobago Resort
Monday, February 12, 2007

7:30am-8:30am
Breakfast and Registration

8:30am-8:45am
Welcome, Minister of Finance (tentative)

8:45am-9:00am
Conference opening, Conference Chairs

9:00am-10:00am
Keynote Address

Mike Bond
Title: Leaving Room for the Bad Guys
When designing a crypto protocol, or building a large security architecture, no competent designer ignores considering the bad guy, and anticipating his plans. But often we designers find ourselves striving to build totally secure systems and protocols -- in effect writing the bad guys entirely out of the equation. In a large system, when you exclude the bad guys, they soon muscle their way in elsewhere, and maybe in a new and worse way over which you may have much less control. A crypto protocol with no known weaknesses may be a strong tool, but when it does break, it will break in an unpredictable way.

This talk explores the hypothesis that it is safer and better for designers to give the bad guys their cut, but to keep it small, and keep in control. It may not just be our systems but also our protocol building blocks that should be designed to make room for the bad guy to take his cut. The talk is illustrated with examples of very successful systems with known weaknesses, drawn primarily from the European EMV payment system, and banking security in general. We also discuss a few "too secure" systems that end up failing in worse ways as a result.

10:00am-10:30am
Break

10:30am-12:00pm
Technical Paper Session

Payment Systems

Vulnerabilities in First-Generation RFID-enabled Credit Cards,
Thomas S. Heydt-Benjamin (University of Massachusetts Amherst, USA), Daniel V. Bailey (RSA Laboratories, USA), Kevin Fu (University of Massachusetts Amherst, USA), Ari Juels (RSA Laboratories, USA), and Tom O'Hare (Innealta, Inc.)

Conditional E-Cash,
Larry Shi and Bogdan Carbunar (Motorola Labs) and Radu Sion (Stony Brook University, USA)

A Privacy-Protecting Multi-Coupon Scheme with Stronger Protection against Splitting,
Liqun Chen (HP Laboratories), Alberto Escalante, Hans Loehr, Mark Manulis, and Ahmad-Reza Sadeghi (Horst Goertz Institute Bochum, Germany)

A Model of Onion Routing with Provable Anonymity,
Joan Feigenbaum (Yale University), Aaron Johnson (Yale University, USA), and Paul Syverson (Naval Research Laboratory, USA)

K-Anonymous Multi-party Secret Handshakes,
Shouhuai Xu (UTSA) and Moti Yung (RSA Laboratories and Columbia University, USA)

Using a Personal Device to Strengthen Password Authentication from an Untrusted Computer,
Mohammad Mannan and Paul C. van Oorschot (Carleton University, Canada)

Scalable Authenticated Tree Based Group Key Exchange for Ad-Hoc Groups,
Yvo Desmedt (University College London, UK), Tanja Lange (Eindhoven University of Technology, Netherlands) and Mike Burmester (Florida State University, USA)

On Authentication with HMAC and Non-Random Properties,
Christian Rechberger and Vincent Rijmen (Graz University of Technology, Austria)

11:00am-12:00pm
Technical Paper Session
Anonymity and Privacy

Hidden Identity-Based Signatures,
Aggelos Kiayias and Hong-Sheng Zhou (University of Connecticut, USA)

Space-Efficient Private Search,
George Danezis and Claudia Diaz (K.U. Leuven, Belgium)

Cryptographic Securities Exchanges,
Christopher Thorpe and David C. Parkes (Harvard University, USA)

Improved multi-party contract signing,
Aybek Mukhamedov and Mark Ryan (University of Birmingham, UK)

Informant: Detecting Sybils Using Incentives,
N. Boris Margolin and Brian Neil Levine (University of Massachusetts Amherst, USA)

Dynamic Virtual Credit Card Numbers,
Ian Molloy (Purdue University, USA), Jiangtao Li (Intel Corporation) and Ninghui Li (Purdue University, USA)

The unbearable lightness of PIN cracking,
Omer Berkman (The Academic College of Tel Aviv Yaffo, Israel) and Odelia Moshe Ostrovsky (Algorithmic Research Ltd. and Tel Aviv University, Israel)

12:00pm-1:00pm
Lunch

Title: Usable SPACE: Security, Privacy, and Context for the Mobile User


Users breach the security of data within many financial applications daily as human and/or business expediency to access and use information wins over corporate security policy guidelines. Recognizing that changing user context often requires different security mechanisms, we discuss end-to-end solutions combining several security and context mechanisms for relevant security control and information presentation in various mobile user situations. We illustrate key concepts using Dimitri Kanevsky's (IBM Research) early 2000s patented inventions for voice security and classification.

Personal Digital Rights Management for Mobile Cellular Devices,
Siddharth Bhatt (Stony Brook University, USA), Carbunar Bogdan (Motorola Labs), Radu Sion (Stony Brook University, USA), and Venu Vasudevan (Motorola Labs)

Certificate Revocation using Fine Grained Certificate Space Partitioning,
Vipul Goyal (UCLA, USA)

An Efficient Aggregate Shuffle Argument Scheme,
Jun Furukawa (NEC Corporation, Japan) and Hideki Imai (National Institute of Advanced Industrial Science and Technology, Japan)

12:00pm-1:00pm
Conference closing/Lunch, Conference Chairs