IEEE Cipher: Newsletter of the IEEE Computer Society Technical Committee on Security and Privacy, Issue 61 July 17, 2004

Electronic Issue (EI) #61, July 17, 2004

Hilarie Orman, Editor	Robert Bruen, Book Review Editor
Sven Dietrich, Associate Editor	Editor, Reader's Guide

Letter from the Editor
Commentary and Opinion
- Bob Bruen's review of WI-FOO. The Secrets of Wireless Hacking by Andrew Vladimirov, Konstantin Gavrilenko, Andrei Mikhailovsky
- Bob Bruen's review of HARDENING Windows Systems by Roberta Bragg
- Bob Bruen's review of Know Your Enemy. 2nd ed. Learning About Security Threats by The Honeynet Project
- Special to Cipher: IETF Revises IPsec protocol, by Russ Housley and Karen Seo
- Review of the 17th IEEE Computer Security Foundations Workshop (Asilomar, CA, June 28-30, 2004) by Jon Millen
- NewsBits: Announcements and correspondence from readers (please contribute!)
- Book reviews from past Cipher issues
- Conference Reports and Commentary from past Cipher issues
- News items from past Cipher issues

Journal of Privacy Technology (JOPT), Editor-in-Chief: Michael Shamos. This online-only Journal, started in 2004 and operated by Carnegie Mellon University, is a forum for the publication of original current research in privacy technology. It encourages the submission of any material dealing primarily with the technological aspects of privacy or with the privacy aspects of technology, which may include analysis of the interaction between policy and technology or the technological implications of legal decisions. More information can be found at http://www.jopt.org/.

Conference and Workshop Announcements
- 7/16/04: TSRSW, Trust, Security, and Reputation on the Semantic Web, Hiroshima, Japan; submissions are due
- 7/30/04- 7/31/04: CEAS, Conference on Email and Anti-spam, Mountain View, CA;
- 8/ 2/04: Nordsec, Nordsec, Nordic Workshop on Secure IT Systems, Espoo, Finland; Submissions are due; nordsec2004@tml.hut.fi;
- 8/ 9/04- 8/13/04: USENIX Security, San Diego, California
- 8/15/04- 8/19/04: CRYPTO, Santa Barbara, CA
- 8/23/04- 8/25/04: WISA, Workshop on Information Security Applications, Jeju Island, Korea
- 8/23/04: NDSS, Network and Distributed System Security Symposium, San Diego, California; submissions are due; contact;
- 8/26/04- 8/27/04: FAST, Workshop on Formal Aspects in Security and Trust, Toulouse, France
- 8/30/04- 9/ 3/04: ; SIGCOMM, Portland, Oregon
- 8/30/04- 9/ 3/04: TRUSTBUS, Trust and Privacy in Digital Business, Zaragoza, Spain
- 8/30/04: SecCo, ; Security Issues in Coordination Models, Languages and Systems, London, UK
- 9/ 3/04: SAC-TRUSTCOLLAB, ACM SAC, Track on Trust, Recommendations, Evidence and other Collaboration Know-how, Santa Fe, NM; Submissions are due; information sac.treck.info@trustcomp.org;
- 9/ 6/04- 9/11/04: FOSAD, ; School on Foundations of Security Analysis and Design, Bertinoro, Italy
- 9/10/04: FC, Financial Cryptography, Roseau, The Commonwealth Of Dominica; Submissions are due; stuart@eecs.harvard.edu;
- 9/13/04- 9/15/04: ESORICS, European Symposium on Research in Computer Security, French Riviera, France
- 9/15/04- 9/17/04: RAID, Recent Advances in Intrusion Detection, French Riviera, France
- 9/15/04- 9/17/04: PDSC, International Workshop on Security in Parallel and Distributed Systems, San Francisco, CA
- 9/20/04- 9/23/04: NSPW, New Security Paradigms Workshop, Nova Scotia, Canada
- 9/20/04- 9/22/04: ECC, Elliptic Curve Cryptography, University Bochum, Germany; conf web page
- 9/20/04- 9/25/04: SAPS, Specification and Automated Processing of Security Requirements, Linz, Austria; Conf Web page
- 9/20/04: WSRS, Workshop on Safety, Reliability, and Security of Industrial Computer Systems, University of Ulm, Germany
- 9/23/04- 9/24/04: SKM, Workshop on Secure Knowledge Management, Amherst, NY; information shambhu@acsu.buffalo.edu
- 9/27/04- 9/29/04: ISC, Information Security Conference, Palo Alto, CA
- 10/ 1/04: WiSe, Philadelphia, PA; Workshop on Wireless Security
- 10/25/04-10/29/04: CCS-11, Washington DC, ACM Conference On Computer and Communications Security
- 10/25/04: SASN, Washington, DC; Security of Ad Hoc and Sensor Networks
- 10/27/04-10/29/04: ICICS, Malaga, Spain; International Conference on Information and Communications Security
- 10/28/04: WPES, Washington, DC Workshop on Privacy in the Electronic Society
Cipher calls-for-papers and calendar
new calls or announcements added since Cipher E60 (the calls-for-papers and the calendar announcements may differ slightly in content or time of update):

DRM2004 ACM Workshop on Digital Rights Management, Wyndham City Hotel, Washington, DC, October 25, 2004. (submissions due 1 July 2004)
This workshop seeks submissions from academia and industry presenting novel research on all aspects of security for ad hoc and sensor networks, as well as experimental studies of fielded systems. Submission of papers based on work-in-progress is encouraged. Topics of interest include, but are not limited to, the following as they relate to wireless networks,mobile ad hoc networks, or sensor networks:
- Security under resource constraints, e.g., energy, bandwidth, memory, and computation constraints
- Performance and security tradeoffs
- Secure roaming across administrative domains
- Key management
- Cryptographic protocols
- Authentication and access control
- Trust establishment, negotiation, and management
- Intrusion detection and tolerance
- Secure location services
- Privacy and anonymity
- Secure routing
- Secure MAC protocols
- Denial of service
- Prevention of traffic analysis
For more info, see http://mollie.engr.uconn.edu/DRM2004/

ACM MOBIWAC ACM International Workshop on Mobility Management and Wireless Access (with Mobicom 2004), Philadelphia, PA, USA, October 25, 2004. (Extended: submissions due 4 July 2004)
This workshop solicits papers, both form researchers and practitioners, dealing with mobile computing and wireless access technologies, with an emphasis on mobility and location management, ubiquitous and ad hoc access, awareness, mobile computational ambient agents, natural interaction and seamless access. The workshop will include contributed technical papers, invited papers, panel discussions and tools demonstrations.

Authors are encouraged to submit both theoretical and practical results of significance on all aspects of wireless and mobile access technologies with an emphasis on mobility management and wireless access.

The scope of this workshop includes, but is not limited, to:

Wireless/Mobile Access Protocols
Wireless Web Access
Fault Tolerance in Wireless Access Networks
Application development for embedded electronics and mobile devices (with J2ME Wireless Devices, etc.)
Wireless Multimedia Protocols
Design and architecture of wireless communication and mobile computing
Mobile service and QoS management
Localization and tracking of mobile users
Modeling of wireless devices and networks
Large scale simulation
Channel Allocation
Analysis of correctness and efficiency of protocols
Pervasive Computing
Ubiquitous and mobile access
Security and privacy issues
Awareness-dependent wireless applications
Interactive applications
Awareness-dependent wireless applications
Interactive applications
Context-awareness
Wireless, ad hoc and sensor access devices
Wireless internet access technologies
Mobile commerce technologies

For more info, see http://ru1.cti.gr/mobiwac04/

ISWC2004 3rd Workshop on Trust, Security, and Reputation on the Semantic Web, Hiroshima, Japan, November 7, 2004. (submissions due 16 July 2004)
This workshop will bring together researchers from different communities to examine cutting-edge approaches towards the establishment of these security, trust, and reputation infrastructures. The emphasis will be to advance and integrate security and trust related research from the semantic web, logical reasoning, grid, agent, peer-to-peer, and web services. The workshop will include both presentations of research papers and demonstrations of implemented systems. We envisage a wide variety of contributions both from the area of traditional security and access control research as well as from the area of reputation propagation and social network theory. Workshop topics include, but are not limited to, the following:

rule-based policies, contracts and business rules

natural language and visual interfaces for policy languages

rules and ontologies for security, trust and privacy

digitally signed RDF

security requirements engineering

trust establishment and automated trust negotiation

decentralized trust infrastructures for semantic web and grid environments

trust metrics and models

trust and provenance

trust and reputation management and propagation

friends of a friend networks / FOAF

distributed computation of trust

security and trust for agents, peer-to-peer, grid and web services

case studies on security and trust applications

For more info, see http://trust.mindswap.org/trustWorkshop/

SPC2005 2nd International Conference on Security in Pervasive Computing, Boppard, Germany, April 6-8, 2005. (submissions due 15 October 2004)
The ongoing shrinking of computing facilities to small and mobile devices like handhelds, portables or even wearable computers will enhance an ubiquitous information processing. The basic paradigm of such a pervasive computing is the combination of strongly decentralized and distributed computing with the help of diversified devices allowing for spontaneous connectivity. Computers will become invisible to the users awareness and exchange of information between devices will effectively defy users control. The objective of this conference is to develop new security concepts for complex application scenarios based on systems like handhelds, phones, smartcards, RF-chips and smart labels hand in hand with the emerging technology of ubiquitous and pervasive computing. Particular topics include but are not limited to methods and technologies concerning:

the identification of risks,

the definition of security policies, and

the development of security and privacy measures especially: cryptographic protocols related to the specific aspects of ubiquitous and pervasive computing like mobility, location based services, ad-hoc networking, resource allocation/restriction, invisibility and secure hardware/software platforms.

For more info, please see : http://www.spc-conf.org

Reader's guide to recent security and privacy literature
(last updated March 15, 2002)

Listing of academic positions available by Cynthia Irvine

Staying in touch....

Information for Subscribers and Contributors

Who's where: recent address changes

Changing your email address? Please send updates to cipher@ieee-security.org

Interesting links and reports available via FTP and WWW

IEEE Computer Society's Technical Committee on Security and Privacy

	TC home page	TC Officers
	How to join the TC	TC publications available online
	TC Publications for sale	Cipher past issues archive
	IEEE Computer Society	Cipher Privacy Policy

Contents: