Cipher Electronic Newsletter of the Technical Committe on    Security & Privacy A Technical Committee of the Computer Society of the IEEE  Electronic Issue (EI) 74,  September 18, 2006 Hilarie Orman,  Editor Robert Bruen, Book Review Editor Sven Dietrich, Associate Editor Yong Guan, Calendar Editor

Contents:

• Letter from the Editor 

• Commentary and Opinion

  • Bob Bruen's review of Hacking the Cable Modem by DerEngel

  • Review of USENIX Security (Vancouver, BC, Canada, 7/31 - 8/4/06) by Jeremy Epstein

  • Review of the Detection of Intrusions and Malware & Vulnerability Assessment Conference 2006 (Berlin, Germany, July 13-16, 2006) by Sven Dietrich

  • Richard Austin's review of Securing Storage: A Practical Guide to SAN and NAS Security by Himanshu Dwivedi

  • NewsBits:  Announcements and correspondence from readers (please contribute!)

    • Forging some RSA signatures with pencil and paper
    • NIST's 2nd Cryptographic Hash Workshop
    • AOL's Privacy Offense
    • Spam and Internet Route Spoofing

  • Book reviews from past Cipher issues

  • Conference Reports and Commentary from past Cipher issues

  • News items from past Cipher issues

 

• Conference and Workshop Announcements

  • Cipher calls-for-papers and calendar
      new calls or announcements added since Cipher E73 (the calls-for-papers and the calendar announcements may differ slightly in content or time of update): 

  • Cipher Calendar Entries
    • 9/18/06- 9/20/06: ESORICS, 11th European Symposium On Research In Computer Security, Hamburg, Germany
    • 9/18/06- 9/19/06: ACEIS, 1st Annual Conference on Education in Information Security, Ames, IA, USA
    • 9/18/06- 9/21/06: NSPW, New Security Paradigms Workshop, Schloss Dagstuhl, Germany
    • 9/20/06: STM, 2nd International Workshop on Security and Trust Management, Held in conjunction with ESORICS 2006, Hamburg, Germany
    • 9/20/06- 9/21/06: ESAS, 3rd European Workshop on Security and Privacy in Ad hoc and Sensor Networks, Held in conjunction with the European Symposium on Research in Computer Security (ESORICS 2006), Hamburg, Germany
    • 9/23/06: SAC-CF, 22nd Annual ACM Symposium on Applied Computing, Computer Forensics Track, Seoul, Korea; Submissions are due
    • 9/24/06- 9/28/06: SETA, 4th International Conference on Sequences and Their Applications, Beijing, China
    • 9/25/06- 9/28/06: VietCrypt, 1st International Conference on Cryptology in Vietnam, Hanoi, Vietnam
    • 9/28/06- 9/29/06: SKM, 2nd Secure Knowledge Management Workshop, Brooklyn, NY, USA
    • 9/29/06: WiSe, ACM Workshop on Wireless Security, Held in conjunction with ACM MobiCom 2006, Los Angeles, California, USA
    • 9/29/06- 9/30/06: ICS, Workshop on Information and Computer Security, Held in conjunction with the 8th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC 2006), Timisoara, Romania
    • 9/29/06: IAMCOM, 1st Workshop on Information Assurance Middleware for COMmunications, Bangalore, India; Submissions are due
    • 10/ 1/06: IFIP-DF, 3rd Annual IFIP WG 11.9 International Conference on Digital Forensics, Orlando, FL, USA; Submissions are due
    • 10/ 1/06: ASIACCS, ACM Symposium on InformAtion, Computer and Communications Security, Singapore; Submissions are due
    • 10/ 9/06: FC, 11th International Conference on Financial Cryptography and Data Security, Scarborough, Trinidad and Tobago; Submissions are due
    • 10/ 9/06-10/12/06: WSNS, 2nd International Workshop on Wireless and Sensor Networks Security, Held in conjunction with the 3rd IEEE International Conference on Mobile Ad-hoc and Sensor Systems (MASS 2006), Vancouver, Canada
    • 10/18/06-10/19/06: IMF, International Conference on IT-Incident Management & IT-Forensics, Stuttgart, Germany
    • 10/19/06-10/20/06: NordSec, 11th Nordic Workshop on Secure IT-systems, Linkoping, Sweden
    • 10/19/06-10/21/06: CMS, 10th Joint IFIP TC6 and TC11 Open Conference on Communications and Multimedia Security, Heraklion, Greece
    • 10/20/06: WWW-SPRE, 16th International World Wide Web Conference, Security, Privacy, Reliability and Ethics (SPRE) Track, Banff, Alberta, Canada; Submissions are due
    • 10/22/06: PKI R&D, 6th Annual PKI R&D Workshop, Gaithersburg, MD, USA; Submissions are due
    • 10/23/06-10/24/06: IWSEC, 1st International Workshop on Security, Kyoto, Japan /
    • 10/23/06-10/24/06: WESII, Workshop on the Economics of Securing the Information Infrastructure, Arlington, VA, USA
    • 10/30/06-11/ 3/06: CCS, 13th ACM Conference on Computer and Communications Security, Alexandria, VA, USA
    • 10/30/06: QOP, 2nd Workshop on Quality of Protection, Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS 2006), Alexandria, VA, USA
    • 10/30/06: WPES, 5th Workshop on Privacy in the Electronic Society, Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS 2006), Alexandria, VA, USA
    • 10/30/06: DRM, 6th Workshop on Digital Rights Management, Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS 2006), Alexandria, VA, USA
    • 10/30/06: SASN, 4th ACM Workshop on Security of Ad Hoc and Sensor Networks, Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS 2006), Alexandria, VA, USA
    • 10/30/06: StorageSS, 2nd Workshop on Storage Security and Survivability, Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS 2006), Alexandria, VA, USA
    • 11/ 1/06: IFIP-SEC, 22nd IFIP TC-11 International Information Security Conference, Theme: New approaches for Security, Privacy and Trust in Complex Environments, Sandton Convention Centre Sandton, South Africa; Submissions are due
    • 11/ 3/06: DIMACS-ISE, DIMACS Workshop on Information Security Economics, Rutgers University, Piscataway, NJ, USA; Submissions are due
    • 11/ 3/06: WORM, 4th Workshop on Recurring Malcode, Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS-13), Fairfax, VA, USA
    • 11/ 3/06: FMSE, 4th Workshop on Formal Methods in Security Engineering: From Specifications to Code, Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS-13), Fairfax, VA, USA
    • 11/ 3/06: STC, 1st Workshop on Scalable Trusted Computing, Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS 2006), FairFax, VA, USA
    • 11/ 3/06: VizSEC, 3rd Workshop on Visualization for Computer Security, Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS 2006), FairFax, VA, USA
    • 11/ 3/06: DIM, 2nd Workshop on Digital Identity Management, Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS 2006), FairFax, VA, USA;
    • 11/ 3/06: SWS, 1st Workshop on Secure Web Services, Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS 2006), FairFax, VA, USA
    • 11/ 5/06: USEC, Workshop on Usable Security, Held in conjunction with the 11th Conference on Financial Cryptography and Data Security (FC 2007), Lowlands, Scarborough, Trinidad/Tobago; Submissions are due
    • 11/10/06: Oakland, The 2007 IEEE Symposium on Security and Privacy, The Claremont Resort, Berkeley/Oakland, CA, USA; Submissions are due
    • 11/15/06: IFIP-CIP, 1st Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, Hanover, NH, USA; Submissions are due
    • 11/15/06: FIRST, 19th FIRST Global Computer Security Network conference, Seville, Spain; Submissions are due
    • 11/17/06-11/20/06: TrustCol, Workshop on Trusted Collaboration, Atlanta, GA, USA;
    • 11/30/06: StorageSS, 2nd Workshop on Storage Security and Survivability, Held in conjunction with the 13th ACM Conference on Computer and Communications Security (CCS 2006), Alexandria, VA, USA
    • 11/30/06-12/ 1/06: WATC, 2nd Workshop on Advances in Trusted Computing, Tokyo, Japan
    • 12/ 4/06-12/ 7/06: ICICS, 8th International Conference on Information and Communications Security, Raleigh, NC, USA
    • 12/ 8/06-12/10/06: CANS, 5th International Conference on Cryptology and Network Security, Suzhou, China
    • 12/14/06: ACNS, 5th International Conference on Applied Cryptography and Network Security, Zhuhai, China; Submissions are due
    • 12/15/06: Elsevier Computer Communications Journal, Special Issue on Security on Wireless Ad Hoc and Sensor Networks; Submissions are due
    • 12/17/06-12/21/06: ICISS, 2nd International Conference on Information Systems Security, Kolkata, India
    • 1/ 3/07- 1/ 6/07: HICSS-HTC, 40th Annual Hawaii International Conference on System Sciences, Highly Trustworthy computing (HTC) mini-track, Waikoloa, Hawaii, USA
    • 1/ 3/07- 1/ 6/07: HICSS-SSADIA, 40th Annual Hawaii International Conference on System Sciences, Secure Software Architecture, Design, Implementation and Assurance(SSADIA) Minitrack, Waikoloa, Hawaii, USA
    • 1/ 3/07- 1/ 6/07: HICSS-CTER, 40th Annual Hawaii International Conference on System Sciences, Cyber-Threats and Emerging Risks Minitrack, Waikoloa, Hawaii, USA
    • 1/12/07: IAMCOM, 1st Workshop on Information Assurance Middleware for COMmunications, Bangalore, India
    • 1/15/07: ASC, 6th Annual Security Conference, Las Vegas, Nevada, USA; Submissions are due
    • 1/18/07-1/19/07: DIMACS-ISE, DIMACS Workshop on Information Security Economics, Rutgers University, Piscataway, NJ, USA
    • 1/29/07-1/31/07: IFIP-DF, 3rd Annual IFIP WG 11.9 International Conference on Digital Forensics, Orlando, FL, USA
    • 2/ 9/07: DIMVA, 4th GI International Conference on Detection of Intrusions & Malware, and Vulnerability Assessment, Lucerne, Switzerland; Submissions are due
    • 2/11/07-2/15/07: FC, 11th International Conference on Financial Cryptography and Data Security, Scarborough, Trinidad and Tobago
    • 2/15/07: PAIRING, 1st International Conference on Pairing-based Cryptography, Tokyo, Japan; Submissions are due
    • 2/15/07-2/16/07: SEC, Workshop on Usable Security, Held in conjunction with the 11th Conference on Financial Cryptography and Data Security (FC 2007), Scarborough, Trinidad and Tobago
    • 2/28/07-3/ 2/07: NDSS, 14th Annual Network and Distributed System Security Symposium, San Diego, CA, USA
    • 3/11/07-3/15/07: SAC-TRECK, 22nd Annual ACM Symposium on Applied Computing, Trust, Recommendations, Evidence and other Collaboration Know-how (TRECK) Track, Seoul, Korea
    • 3/11/07-3/15/07: SAC-CLAT, 22nd Annual ACM Symposium on Applied Computing, Computer-aided Law and Advanced Technologies Track, Seoul, Korea
    • 3/11/07-3/15/07: SAC-CF, 22nd Annual ACM Symposium on Applied Computing, Computer Forensics Track, Seoul, Korea
    • 3/19/07-3/21/07: IFIP-CIP, 1st Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, Seoul, Korea
    • 3/20/07-3/22/07: ASIACCS, ACM Symposium on InformAtion, Computer and Communications Security, Singapore
    • 4/11/07- 4/12/07: ASC, 6th Annual Security Conference, Las Vegas, Nevada, USA
    • 4/17/07- 4/19/07: PKI R&D, 6th Annual PKI R& Workshop, Gaithersburg, MD, USA
    • 5/ 1/07: Security Journal of Universal Computer Science (JUCS), Special Issue on Cryptography in Computer System; Submissions are due
    • 5/ 8/07- 5/12/07: WWW-SPRE, 16th International World Wide Web Conference, Security, Privacy, Reliability and Ethics (SPRE) Track, Banff, Alberta, Canada
    • 5/14/07- 5/16/07: IFIP-SEC, 22nd IFIP TC-11 International Information Security Conference, Theme: New approaches for Security, Privacy and Trust in Complex Environments, Sandton Convention Centre Sandton, South Africa
    • 5/20/07- 5/23/07: Oakland, The 2007 IEEE Symposium on Security and Privacy, The Claremont Resort, Berkeley/Oakland, CA, USA
    • 6/ 5/07- 6/ 8/07: ACNS, 5th International Conference on Applied Cryptography and Network Security, Zhuhai, China
    • 6/17/07- 6/22/07: FIRST, 19th FIRST Global Computer Security Network Conference, Seville, Spain
    • 6/25/07- 6/29/07: ICDCS, 27th International Conference on Distributed Computing Systems, Toronto, Canada
    • 7/ 2/07- 7/ 4/07: PAIRING, 1st International Conference on Pairing-based Cryptography, Tokyo, Japan
    • 7/12/07- 7/13/07: DIMVA, 4th GI International Conference on Detection of Intrusions & Malware, and Vulnerability Assessment, Lucerne, Switzerland
  • 
    Cipher Calls-for-Papers, new calls or announcements added since Cipher E73

  • SAC-CF 2007 22nd Annual ACM Symposium on Applied Computing, Computer Forensics Track, Seoul, Korea, March 11 - 15, 2007. (Submissions due 23 September 2006)

    With the exponential growth of computer users, the number of criminal activities that involves computers has increased tremendously. The field of Computer Forensics has gained considerable attention in the past few years. It is clear that in addition to law enforcement agencies and legal personnel, the involvement of computer savvy professionals is vital for any digital incident investigation. Unfortunately, there are not many well-qualified computer crime investigators available to meet this demand. An approach to solve this problem is to develop state-of-the-art research and development tools for practitioners in addition to creating awareness among computer users. The primary goal of this track will be to provide a forum for researchers, practitioners, and educators interested in Computer Forensics in order to advance research and educational methods in this increasingly challenging field. We expect that people from academia, industry, government, and law enforcement will share their previously unpublished ideas on research, education, and practice through this track. We solicit original, previously unpublished papers in the following general (non-exhaustive) list of topics:
    

    • Incident Response and Live Data Analysis
    • Operating System and Application Analysis
    • File System Analysis
    • Network Evidence Collection
    • Forensic Profiles
    • Network Forensics
    • Data Hiding and Recovery
    • Event Reconstruction and Tracking
    • Legal, Ethical and Privacy Issues

  • IAMCOM 2007 1st Workshop on Information Assurance Middleware for COMmunications, Bangalore, India, January 12, 2007. (Submissions due 29 September 2006)

    The goal of IAMCOM workshop is to offer a focused forum to discuss the on-going research in the area of middleware for dependable communications. Middleware for dependable communications addresses the issues of providing sustainable guarantees on session-level QoS, performance, integrity, availability and security through a repertoire of generic software/hardware tools and models. Papers are solicited on middleware topics pertaining to the communication layers of a distributed network system. Topics of interest include, but not limited to:
    

    • QoS assurance architectures
    • Network state fusion, monitoring
    • Tools for detecting DOS attacks
    • Utility-based QoS adaptation
    • Communication security: authentication, confidentiality
    • Adaptive encryption techniques
    • Capacity provisioning
    • Network survivability
    • Dynamic bandwidth allocations
    • Traffic engineering
    • Distributed consensus/voting
    • Self-healing networks
    • Topology management
    • Failure detectors
    • Diversity management and control

  • IFIP-DF 2007 3rd Annual IFIP WG 11.9 International Conference on Digital Forensics, Orlando, Florida, USA, January 29-31, 2007. (Submissions due 1 October 2006)

    The IFIP Working Group 11.9 on Digital Forensics is an active international community of scientists, engineers and practitioners dedicated to advancing the state of the art of research and practice in the emerging field of digital forensics. Technical papers are solicited in all areas related to the theory and practice of digital forensics. Areas of special interest include, but are not limited to:
    

    • Theories, techniques and tools for extracting, analyzing and preserving digital evidence
    • Operating system and file system forensics
    • Network forensics
    • Portable electronic device forensics
    • Digital forensic processes and workflow models
    • Digital forensic case studies
    • Legal, ethical and policy issues related to digital forensics

  • ASIACCS 2007 ACM Symposium on InformAtion, Computer and Communications Security, Singapore, March 20-22, 2007. (Submissions due 1 October 2006)

    To build on the success of ACM Conference on Computer and Communications Security (CCS) and ACM Transactions on Information and System Security (TISSEC), the ACM Special Interest Group on Security, Audit, and Control (SIGSAC) formally established the annual ACM Symposium on InformAtion, Computer and Communications Security (ASIACCS) in 2005. Papers representing original research in both the theory and practice concerning information, computer and communications security are solicited. Topics of interest include, but are not limited to:

    • Access control and authorization
    • Applied cryptography
    • Authentication, biometrics, smartcards
    • Data integrity and audit
    • Database security
    • Digital Rights Management
    • Distributed systems security
    • E-commerce and mobile e-commerce
    • Electronic privacy, anonymity
    • Formal verification and testing
    • Hardware design
    • High speed networks
    • Information flow
    • Intrusion detection and survivability
    • Mobile code and mobile agent security
    • P2P & ad hoc networks
    • RFID applications
    • Security protocols
    • Viruses and other malicious codes
    • Watermarking and data hiding
    • Wireless communications
    • Wireless sensor networks

  • FC 2007 11th International Conference on Financial Cryptography and Data Security, Scarborough, Trinidad and Tobago, February 11 - 15, 2007. (Submissions due 9 October 2006)

    At its 11th year edition, Financial Cryptography and Data Security (FC'07) is a well established and major international forum for research, advanced development, education, exploration, and debate regarding security in the context of finance and commerce. Original papers, surveys and presentations on all aspects of financial and commerce security are invited. Submissions must have a strong and visible bearing on financial and commerce security issues, but can be interdisciplinary in nature and need not be exclusively concerned with cryptography or security. Possible topics for submission to the various sessions include, but are not limited to:
    

    • Anonymity and Privacy
    • Auctions
    • Audit and Auditability
    • Authentication and Identification, including Biometrics
    • Certification and Authorization
    • Commercial Cryptographic Applications
    • Commercial Transactions and Contracts
    • Digital Cash and Payment Systems
    • Digital Incentive and Loyalty Systems
    • Digital Rights Management
    • Financial Regulation and Reporting
    • Fraud Detection
    • Game Theoretic Approaches to Security
    • Identity Theft, Physhing and Social Engineering
    • Infrastructure Design
    • Legal and Regulatory Issues
    • Microfinance and Micropayments
    • Monitoring, Management and Operations
    • Reputation Systems
    • RFID-Based and Contactless Payment Systems
    • Risk Assessment and Management
    • Secure Banking and Financial Web Services
    • Securing Emerging Computational Paradigms
    • Security and Risk Perceptions and Judgments
    • Security Economics
    • Smart Cards and Secure Tokens
    • Trust Management
    • Trustability and Trustworthiness
    • Underground-Market Economics
    • Voting system security

  • WWW-SPRE 2007 16th International World Wide Web Conference, Security, Privacy, Reliability and Ethics (SPRE) Track, Banff, Alberta, Canada, May 8-12, 2007. (Submissions due 20 October 2006)

    The flexibility and richness of the Web architecture have come at the price of increasing complexity and lack of a sound overall security architecture. The movement toward Web-based services, and the increasing dependency on the Web, have also made reliability a first-rate security concern. From malware and spyware, drive-by downloads, typo squatting, denial of service attacks, to phishing and identity theft, a variety of threats make the Web an increasingly hostile and dangerous environment. By undermining user trust, these problems are hampering e-commerce and the growth of online communities. This track promotes the view that security, privacy, reliability, and sound guiding ethics must be part of the texture of a successful World Wide Web. In addition to devising practical tools and techniques, it is the duty of the research community to promote and guide business adoption of security technology for the Web and to help inform related legislation. We seek novel research (both theoretical and practical) in security, privacy, reliability, and ethics as they relate to the Web, including but not limited to the following areas:
    

    • Authentication, authorization, and auditing on the web
    • Availability and reliability of web servers and services
    • Intrusion detection and honeypots
    • The Insider threat
    • Privacy-enhancing technologies, including anonymity, pseudonymity and identity management, specifically for the web
    • Phishing and pharming, and countermeasures
    • User interfaces and usability as they relate to use of cryptography and online scams such as phishing and pharming
    • Applications of cryptography to the web, including PKI and supporting concepts like digital signatures, certification, etc.
    • Electronic commerce, particularly security mechanisms for e-cash, auctions, payment, and fraud detection
    • Electronic fraud and attack vectors
    • Economic / business analysis of Web security and privacy
    • Legal and legislative approaches to issues of Web security and privacy
    • Secure and robust management of server farms
    • Dealing with client-side risks
    • Security for new web services (blogs, RSS, wikis, etc.)
    • Wireless web security (including RFID, sensors, and mobile phones)
    • Content protection and abuse on the web (DRM, web/blog spam, etc.)

  • PKI R&D 2007 6th Annual PKI R&D Workshop, Gaithersburg, Maryland, USA, April 17-19, 2007. (Submissions due 22 October 2006)

    This workshop considers the full range of public key technology used for security decisions and supporting functionalities, including authentication, authorization, identity management, federation, and trust. This year's focus is striking the proper balance to permit users to easily complete tasks requiring security while exposing the appropriate security details through all layers of software. We solicit papers, case studies, panel proposals, and participation from researchers, systems architects, vendor engineers, and users. Suggested topics include but are not limited to:
    

    • Reports of real-world experience with the use and deployment of applications that leverage PKI, how best to integrate such usage into legacy systems, and future research directions
    • Federated versus Non-Federated trust models
    • Standards related to PKI and security decision systems, such as X.509, SPKI/SDSI, PGP, XKMS, XACML, XRML, XML signatures, and SAML
    • Identity management (Shibboleth, Liberty, Higgins, InfoCard, etc.)
    • Cryptographic and alternative methods for supporting security decisions, including the characterization and encoding of data
    • Intersection of policy-based systems and PKI
    • Human-Computer Interaction (HCI) advances that improve usability of PKI for users and administrators
    • Privacy protection and implications
    • Use of PKI in emerging technologies (e.g., sensor networks)
    • Scalability and performance of PKI systems
    • Security of the components of PKI systems
    • Security infrastructures for constrained environments
    • Improved human factor designs for security-related interfaces, including authorization and policy management, naming, signatures, encryption, use of multiple private keys, and selective disclosure
    • New paradigms in PKI architectures

  • IFIP-SEC 2007 22nd IFIP TC-11 International Information Security Conference, Theme: New approaches for Security, Privacy and Trust in Complex Environments, Sandton Convention Centre Sandton, South Africa, May 14-16, 2007. (Submissions due 1 November 2006)

    Information is now the most important commodity in a global market. Individuals, businesses and governments are dependable on information embedded in secure, privacy aware and trustworthy IT infrastructures. Classical information security services such as authentication and authorisation urgently demand a re-design and improved implementation to ensure security, privacy and trust features in today's integrated and complex information rich environments. Papers offering research contributions focusing on security, privacy and trust are solicited for submission to the 22nd IFIP TC-11 International Information Security Conference. Papers may present theory, applications or practical experiences including, but not limited to:
    

    • Applications of cryptography, key management and PKI
    • Architectures for Information Security, Privacy and Trust
    • New approaches to Fraud Management Systems in Advanced Network Infrastructures
    • New approaches to classical Information Security Services such as Identification, Authentication, Authorization, Integrity and Non-repudiation
    • Information Security culture including ethics and social issues
    • Change Management Systems for implementing Security, Privacy and Trust in organizational environments
    • Information security as part of Corporate Governance
    • Digital Forensics and Forensic Auditing
    • Security, Privacy and Trust for advanced application infrastructures
    • Incorporating Security, Privacy and Trust in educational activities
    • New approaches for enhancing security, privacy and trust in E-mail environments
    • Firewalls for the next generation networks
    • Future visions for Information Security Management
    • Designing / re-designing Human Computer Interaction for Security, Privacy and Trust
    • Identity theft and management
    • New applications for steganography
    • Information warfare and critical infrastructure protection
    • Security, Privacy and Trust in RFID and Sensor networks
    • New approaches for Intrusion detection
    • Security, Privacy and Trust for Wireless environments
    • New requirements for international Information Security Standards
    • Privacy Enhancing Technologies (PETs)
    • Risk analysis and risk management for complex environments
    • Standards, Certification, Accreditation and Evaluation of Information Security in companies
    • Incorporating Security, Privacy and Trust in System development methodologies
    • Trust Models and Management
    • Information Security Metrics
    • Vulnerability Assessments for integrated environments

  • DIMACS-ISE 2007 DIMACS Workshop on Information Security Economics, Rutgers University, Piscataway, New Jersey, USA, January 18 - 19, 2007. (Submissions due 3 November 2006)

    The DIMACS Workshop on Information Security Economics aims at enlarging the interest in this area by bringing together researchers already engaged in the field with other scientists and investigators in disciplines such as economics, business, statistics, and computer science. We encourage researchers and industry experts to submit manuscripts with original work to the workshop; we especially encourage collaborative and interdisciplinary research from authors in multiple fields. Topics of interest include (but are not limited to) empirical and theoretical works on the economics of:
    

    • vulnerabilities and malicious code
    • spam, phishing, and identity theft
    • privacy, reputation, and trust
    • DRM and trusted computing
    • cyber-insurance, returns on security investments, and security risk management
    • security risk perception at the firm and individual levels

  • USEC 2007 Workshop on Usable Security, Held in conjunction with the 11th Conference on Financial Cryptography and Data Security (FC 2007), Lowlands, Scarborough, Trinidad/Tobago, February 15-16, 2007. (Submissions due 5 November 2006)

    Some of the most challenging problems in designing and maintaining secure systems involve human factors. A great deal remains to be understood about users' capabilities and motivations to perform security tasks. Usability problems have been at the root of many widely reported security failures in high-stakes financial, commercial and voting applications. USEC'07 seeks submissions of novel research from academia and industry on all theoretical and practical aspects of usable security in the context of finance and commerce.

  • Oakland 2007 The 2007 IEEE Symposium on Security and Privacy, The Claremont Resort, Berkeley/Oakland, California, USA, May 20-23, 2007. (Submissions due 10 November 2006)

    Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. Previously unpublished papers offering novel research contributions in any aspect of computer security or electronic privacy are solicited for submission to the 2007 symposium. Papers may represent advances in the theory, design, implementation, analysis, or empirical evaluation of secure systems, either for general use or for specific application domains. The 2007 Symposium is open to submissions not only of full-length papers but also short papers (extended abstracts) describing less mature work. It is also open to the submission of co-located half-day or one-day workshops. See below for these and other program elements. Topics of interest include, but are not limited to, the following:
    

    • Access control and audit
    • Anonymity and pseudonymity
    • Application-level security
    • Biometrics
    • Cryptographic protocols
    • Database security
    • Denial of service
    • Distributed systems security
    • Formal methods for security
    • Information flow
    • Intrusion detection and prevention
    • Language-based security
    • Malicious code prevention
    • Network security
    • Operating system security
    • Peer-to-peer security
    • Privacy
    • Risk analysis
    • Secure hardware and smartcards
    • Security engineering
    • Security policy
    • User authentication

  • IFIP-CIP 2007 1st Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, Hanover, New Hampshire, USA, March 19-21, 2007. (Submissions due 15 November 2006)

    The IFIP Working Group 11.10 on Critical Infrastructure Protection is an active international community of researchers, infrastructure operators and policy-makers dedicated to applying scientific principles, engineering techniques and public policy to address current and future problems in information infrastructure protection. Papers are solicited in all areas of critical infrastructure protection. Areas of special interest include, but are not limited to:
    

    • Infrastructure vulnerabilities, threats and risks
    • Security challenges, solutions and implementation issues
    • Infrastructure sector interdependencies and security implications
    • Infrastructure protection case studies
    • Legal, ethical, economic and policy issues related to critical infrastructure protection
    • Distributed control systems/SCADA security
    • Telecommunications network security

  • ICDCS 2007 27th International Conference on Distributed Computing Systems, Toronto, Canada, June 25-29, 2007. (Submissions due 20 November 2006)

    The conference provides a forum for engineers and scientists in academia, industry and government to present their latest research findings in any aspects of distributed and parallel computing. Topics of particular interest include, but are not limited to:
    

    • Algorithms and Theory
    • Autonomic Computing
    • Data Management
    • Fault-Tolerance and Dependability
    • Internet Computing and Applications
    • Network Protocols
    • Operating Systems and Middleware
    • Parallel, cluster and GRID Computing
    • Peer to Peer
    • Security
    • Sensor Networks and Ubiquous Computing
    • Wireless and Mobile Computing

  • ACNS 2007 5th International Conference on Applied Cryptography and Network Security, Zhuhai, China, June 5-8, 2007. (Submissions due 14 December 2006)

    ACNS'07, the 5th International Conference on Applied Cryptography and Network Security, brings together industry and academic researchers interested in the technical aspects of cryptology and the latest advances in the application of crypto systems. Original papers on all aspects of applied cryptography and network security are solicited for submission to ACNS '07. Topics of relevance include but are not limited to:
    

    • Applied cryptography and provably-secure cryptographic protocols
    • Design and analysis of efficient cryptographic primitives: public-key and symmetric-key cryptosystems, block ciphers, and hash functions
    • Network security protocols
    • Techniques for anonymity; trade-offs between anonymity and utility
    • Integrating security into the next-generation Internet: DNS security, routing, naming, denial-of-service attacks, TCP/IP, secure multicast
    • Economic fraud on the Internet: phishing, pharming, spam, and click fraud
    • Email and web security
    • Public key infrastructure, key management, certification, and revocation
    • Security and privacy for emerging technologies: sensor networks, mobile (ad hoc) networks, peer-to-peer networks, bluetooth, 802.11, RFID
    • Trust metrics and robust trust inference in distributed systems
    • Security and usability
    • Intellectual property protection: metering, watermarking, and digital rights management
    • Modeling and protocol design for rational and malicious adversaries
    • Automated analysis of protocols

  • Elsevier Computer Communications Journal, Special Issue on Security on Wireless Ad Hoc and Sensor Networks 3rd Quarter of 2007. (Submission Due 15 December 2006)

    Guest editors: Sghaier Guizani (University of Moncton, Canada), Hsiao-Hwa Chen (National Sun Yat-Sen University, Taiwan), Peter Mueller (IBM Zurich Research Laboratory, Switzerland)
    
    The increase of wireless and mobile devices and the recent advancement in wireless and mobile ad hoc and sensor networks technologies/applications in a large variety of environments, such as homes, business places, emergency situations, disaster recoveries and people on the move is unprecedented. These activities over different network systems have brought security concerns on an unprecedented scale. Security is an important issue for wireless and mobile ad hoc and sensor networks (MANETs) especially for the security-sensitive applications such as in military, homeland security, financial institutions and many other areas. Such security threats take advantage of protocol weaknesses as well as operating systems' vulnerabilities to attack Internet applications. Theses attacks involve, for example, distributed denials of services, buffer overflows, viruses, and worms, where they cause an increasingly greater technical and economic damage.
    
    With regard to such cyber security aspects, there is an increasing demand for measures to guarantee and fully attain the authentication, confidentiality, data integrity, privacy, access control, non repudiation, and availability of system services. This Special Issue will serve as a venue for both academia and industry individuals and groups working in this fast-growing research area to share their experiences and state-of-the-art work with the readers. The topics of interest include, but are not limited to:
    

    • Novel and emerging secure architecture
    • Study of attack strategies, attack modeling
    • Security analysis methodologies
    • Wireless and mobile security
    • Key management
    • Commercial and industrial security
    • Broadcast authentication
    • Secure routing protocols
    • Secure location discovery
    • Secure clock synchronization
    • Novel and emerging secure architectures
    • Cryptographic algorithms and applications
    • Study of attack strategies, attack modeling
    • Study of tradeoffs between security and system performance
    • Security management, emergency contingency planning, identify theft
    • Access control, wireless access control, broadband access control
    • Protection, risk, vulnerabilities, attacks, authorization/authentication
    • Security and trust in web-services-based applications
    • Denial of service attacks and prevention
    • Secure group communication/multicast
    • Implementations and performance analysis
    • Distributed security schemes

  • ASC 2007 6th Annual Security Conference, Las Vegas, Nevada, USA, April 11-12, 2007. (Submissions due 15 January 2007)

    With the development of more complex networking systems and the rapid transition to the e-world, information security has become a real concern for many individuals and organizations. Advanced safeguards are required to protect the information assets of not only large but also small and distributed enterprises. New approaches to information security management, such as policies and certifications, are now being required. The security of strategic corporate information has become the foremost concern of many organizations, and in order to assure this security, methods and techniques must be conceptualized for small enterprises both from a functional and technical viewpoint. Recommended topics (but not limited to) include:

    • E-Commerce security
    • Biometrics
    • Smart Cards
    • Secure small distribution applications
    • Security of intelligent tokens
    • Methodologies for security of small to medium size enterprises
    • Methodologies and techniques for certification and accreditation
    • Evaluation of Information Security in companies
    • Information security surveys and case studies
    • International standards for Information Security Management

  • DIMVA 2007 4th GI International Conference on Detection of Intrusions & Malware, and Vulnerability Assessment, Lucerne, Switzerland, July 12-13, 2007. (Submissions due 9 February 2007)

    The annual DIMVA conference serves as a premier forum for advancing the state of the art in intrusion detection, malware detection, and vulnerability assessment. DIMVA particularly encourages papers that discuss the integration of intrusion, malware, and vulnerability detection in large-scale operational communication networks. DIMVA's scope includes, but is not restricted to the following areas:
    Intrusion Detection
    

    • Approaches
    • Implementations
    • Prevention and response
    • Result correlation
    • Evaluation
    • Potentials and limitations
    • Operational experiences
    • Evasion and other attacks
    • Legal and social aspects
    Malware
    
    • Techniques
    • Detection
    • Prevention
    • Evaluation
    • Trends and upcoming risks
    • Forensics and recovery
    Vulnerability Assessment
    
    • Vulnerabilities
    • Vulnerability detection
    • Vulnerability prevention

  • PAIRING 2007 1st International Conference on Pairing-based Cryptography, Tokyo, Japan, July 2-4, 2007. (Submissions due 15 February 2007)

    Since the introduction of pairings in constructive cryptographic applications, an ever increasing number of protocols have appeared in the literature: identity-based encryption, short signature, and efficient broadcast encryption to mention but a few. An appropriate mix of theoretical foundations and practical considerations is essential to fully exploit the possibilities offered by pairings: number theory, cryptographic protocols, software and hardware implementations, new security applications, etc. Authors are invited to submit papers describing original research on all aspects of pairing-based cryptography, including, but not limited to the following topics:
    Novel cryptographic protocols
    

    • ID-based cryptosystem
    • broadcast encryption
    • short signatures
    • ring or group signatures
    • aggregate or multi signatures
    • undeniable signatures
    • key agreement protocol
    • authenticated encryption
    Mathematical foundation
    
    • Weil, Tate, Eta, and Ate pairings
    • security consideration of pairing
    • generation of pairing friendly curves
    • (hyper-) elliptic curve cryptosystem
    • number theoretic algorithms
    SW/HW implementation
    
    • secure operating system
    • efficient software implementation
    • FPGA or ASIC implementation
    • smartcard implementation
    • side channel attack
    • fault attack
    Applied security
    
    • novel security applications
    • secure ubiquitous computing
    • security management
    • grid computing
    • PKI model
    • application to network security

  • Security Journal of Universal Computer Science (JUCS), Special Issue on Cryptography in Computer System February 2008. (Submission Due 1 May 2007)

    Guest editors: Liqun Chen (Hewlett-Packard Labs, UK), Ed Dawson (Queensland University of Technology, Australia), Xuejie Lai (Shanghai Jiao Tong University, China), Masahiro Mambo (Tsukuba University, Japan), Atsuko Miyaji (JAIST, Japan), Yi Mu (University of Wollongong, Australia), David Pointcheval (Ecole Normale Sup?ieure, France), Bart Preneel (Katholieke Universiteit Leuven, Belgium), Nigel Smart (Bristol University, UK), Willy Susilo (University of Wollongong, Australia), Huaxiong Wang (Macquarie University, Australia), and Duncan Wong (City University of Hong Kong, China)
    
    Cryptography has been playing an important role to ensure the security and reliability of modern computer systems. Since high speed and broad bandwidth have been becoming the keywords for modern computer systems, new cryptographic methods and tools must follow up in order to adapt to these new and emerging technologies. This Special Issue aims to provide a platform for security researchers to present their newly developed cryptographic technologies in computer systems. Areas of interest for this special journal issue include, but are not limited to, the following topics:
    

    • Authentication
    • Cryptographic algorithms and their applications
    • Cryptanalysis
    • Email security
    • Electronic commerce
    • Data integrity
    • Fast cryptographic algorithms and their applications
    • Identity-based cryptography
    • IP security
    • Key management
    • Multicast security
    • Computer network security
    • Privacy protection
    • Security in Peer-to-Peer networks
    • Security in sensor networks
    • Smartcards

 

• Listing of academic positions available  by Cynthia Irvine
  

 

• Staying in touch....

  • Information for Subscribers and Contributors

  • Who's where: recent address changes

  • Changing your email address?  Please send updates to cipher@ieee-security.org