Cipher Electronic Newsletter of the Technical Committe on    Security & Privacy A Technical Committee of the Computer Society of the IEEE  Electronic Issue (EI) 118,  January 21, 2014 Hilarie Orman,  Editor Richard Austin, Book Review Editor Sven Dietrich, Associate Editor Yong Guan, Calendar Editor

Contents:

• Letter from the Editor 
   

• Conference and Workshop Announcements

  • Commentary and Opinion

    • Bill Blunden, The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System (2ed),  Review by Richard Austin

    • NewsBits:  From the media: security related news (please contribute!)

      • Press Release: NSA Security Science award nominations due on March 31 for the best paper of 2013
      • NSA morale down after Edward Snowden revelations, former U.S. officials say
      • Major tech companies unite to call for new limits on surveillance
      • NSA head says metadata program key tool against terrorism
      • Obama Panel Said to Urge N.S.A. Curbs
      • By cracking cellphone code, NSA has ability to decode private conversations
      • Judge: NSA phone surveillance program unconstitutional
      • Research shows how MacBook Webcams can spy on their users without warning
      • Snowden still holding 'keys to the kingdom'
      • RSA's secret contract with NSA
      • US spy court: NSA to keep collecting phone records
      • Malware attack hits thousands of Yahoo users
      • N.S.A. Devises Radio Pathway Into Computers
      • Amazon is a hornet's nest of malware
      • Point-of-sale malware infecting Target found hiding in plain sight
      • Some Obama spy changes hampered by complications

    • Book reviews from past Cipher issues

    • Conference Reports and Commentary from past Cipher issues

    • News items from past Cipher issues

   

  • Listing of academic positions available  by Cynthia Irvine
    (nothing new since Cipher E117)

   

  • Cipher calls-for-papers and calendar
      Cipher calendar announcements are on Twitter; follow "ciphernews"
      new calls or announcements added since Cipher E117 (the calls-for-papers and the calendar announcements may differ slightly in content or time of update): 

  • 1/20/14: IFIP-SEC, 29th IFIP TC-11 SEC 2014 International Conference ICT Systems Security and Privacy Protection, Marrakech, Morocco; Submissions are due
  • 1/25/14: Elsevier Information Science, Special Issue on Security, Privacy and trust in network-based Big Data; Submissions are due
  • 2/ 3/14: CSF, 27th IEEE Computer Security Foundations Symposium, Vienna University of Technology, Vienna, Austria; Submissions are due
  • 2/ 8/14: DIMVA, 11th International Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Royal Holloway London, Egham, UK; Submissions are due
  • 2/10/14: PETS, 14th Privacy Enhancing Technologies Symposium, Amsterdam, Netherlands; Submissions are due
  • 2/10/14: IWCC, International Workshop on Cyber Crime, Held in conjunction with the IEEE CS Security & Privacy Workshops (SPW 2014), Fairmont Hotel, San Jose, CA, USA; Submissions are due
  • 2/10/14: DASec, 1st International Workshop on Big Data Analytics for Security, Held in conjunction with ICDCS 2014, Madrid, Spain; Submissions are due
  • 2/13/14: SACMAT, 19th ACM Symposium on Access Control Models and Technologies, London, Ontario, Canada; Submissions are due
  • 2/15/14: IEEE Internet of Things Journal, Special Issue on Security for IoT: the State of the Art; Submissions are due
  • 2/23/14- 2/26/14: NDSS, 21st Annual Network and Distributed System Security Symposium, San Diego, California, USA
  • 2/26/14- 2/28/14: ESSOS, 6th International Symposium on Engineering Secure Software and Systems, Munich, Germany
  • 2/28/14: WEIS, 13th Annual Workshop on the Economics of Information Security, Pennsylvania State University, PA, USA; Submissions are due
  • 2/28/14: SOUPS, Symposium On Usable Privacy and Security, In-cooperation with USENIX, Menlo Park, CA, USA; Submissions are due
  • 3/ 1/14: Journal of Cyber Security and Mobility, Special issue on Next generation mobility network security; Submissions are due
  • 3/ 1/14: IEEE Pervasive Computing, Special issue on Pervasive Privacy and Security; Submissions are due
  • 3/ 1/14: RFIDSec 2014 10th Workshop on RFID Security, Co-located with ACM WiSec 2014, Oxford, United Kingdom; Submissions are due
  • 3/ 3/14: WiSec, 7th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Oxford, United Kingdom; Submissions are due
  • 3/ 3/14: MOST, Mobile Security Technologies Workshop, An event of the IEEE Computer Society's Security and Privacy Workshops (SPW 2014), Co-located with the 34th IEEE Symposium on Security and Privacy (IEEE S&P 2014), San Jose, CA, USA; Submissions are due
  • 3/ 7/14: CNS, 2nd IEEE Conference on Communications and Network Security, San Francisco, CA, USA; Submissions are due
  • 3/ 7/14: WISTP, 8th Workshop in Information Security Theory and Practice, Heraklion, Greece; Submissions are due
  • 3/15/14: IEEE Security & Privacy, Special issue on Key Trends in Cryptography; Abstract Submissions are due
  • 3/24/14: SESOC, 6th International Workshop on Security and Social Networking, Held in conjunction with PerCom 2014, Budapest, Hungary
  • 3/24/14- 3/28/14: IFIP119-DF, 10th Annual IFIP WG 11.9 International Conference on Digital Forensics, Vienna University of Technology, Vienna, Austria
  • 4/ 7/14- 4/11/14: POST, 3rd Conference on Principles of Security and Trust, Grenoble, France
  • 4/ 8/14- 4/ 9/14: HotSoS, Symposium and Bootcamp on the Science of Security, Raleigh, North Carolina, USA
  • 4/14/14- 4/15/14: COSADE, 5th International Workshop on Constructive Side-Channel Analysis and Secure Design, Paris, France
  • 5/ 1/14: IEEE Security & Privacy, Special issue on Key Trends in Cryptography; Submissions are due
  • 5/ 2/14: TGC, 9th Symposium on Trustworthy Global Computing, Co-located with Concur 2014, Rome, Italy; Submissions are due
  • 5/17/14: MOST, Mobile Security Technologies Workshop, An event of the IEEE Computer Society's Security and Privacy Workshops (SPW 2014), Co-located with the 34th IEEE Symposium on Security and Privacy (IEEE S&P 2014), San Jose, CA, USA
  • 5/17/14- 5/18/14: IWCC, International Workshop on Cyber Crime, Held in conjunction with the IEEE CS Security & Privacy Workshops (SPW 2014), Fairmont Hotel, San Jose, CA, USA
  • 5/18/14- 5/21/14: SP, 35th IEEE Symposium on Security and Privacy, San Jose, CA, USA
  • 6/ 2/14- 6/ 4/14: IFIP-SEC, 29th IFIP TC-11 SEC 2014 International Conference ICT Systems Security and Privacy Protection, Marrakech, Morocco
  • 6/23/14- 6/24/14: WEIS, 13th Annual Workshop on the Economics of Information Security, Pennsylvania State University, PA, USA
  • 6/23/14- 6/25/14: WISTP, 8th Workshop in Information Security Theory and Practice, Heraklion, Greece
  • 6/25/14- 6/27/14: SACMAT, 19th ACM Symposium on Access Control Models and Technologies, London, Ontario, Canada
  • 6/30/14- 7/ 3/14: DASec, 1st International Workshop on Big Data Analytics for Security, Held in conjunction with ICDCS 2014, Madrid, Spain
  • 7/ 9/14- 7/11/14: SOUPS, Symposium On Usable Privacy and Security, In-cooperation with USENIX, Menlo Park, CA, USA
  • 7/10/14- 7/11/14: DIMVA, 11th International Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Royal Holloway London, Egham, UK
  • 7/16/14- 7/18/14: PETS, 14th Privacy Enhancing Technologies Symposium, Amsterdam, Netherlands
  • 7/19/14- 7/22/14: CSF, 27th IEEE Computer Security Foundations Symposium, Vienna University of Technology, Vienna, Austria
  • 7/21/14- 7/23/14: RFIDSec, 10th Workshop on RFID Security, Co-located with ACM WiSec 2014, Oxford, United Kingdom
  • 7/21/14- 7/25/14: WiSec, 7th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Oxford, United Kingdom
  • 9/ 5/14- 9/ 6/14: TGC, 9th Symposium on Trustworthy Global Computing, Co-located with Concur 2014, Rome, Italy
  • 10/29/14-10/31/14: CNS, 2nd IEEE Conference on Communications and Network Security, San Francisco, CA, USA
   
  
  
  • new calls or announcements added since Cipher E117

  • IFIP-SEC 2014 29th IFIP TC-11 SEC 2014 International Conference ICT Systems Security and Privacy Protection, Marrakech, Morocco, June 2-4, 2014. (Submission Due 20 January 2014)

    This conference is the flagship event of the International Federation for Information Processing (IFIP) Technical Committee 11 on Security and Privacy Protection in Information Processing Systems (TC-11, www.ifiptc11.org). We seek submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of security and privacy protection in ICT Systems. Topics of interest include, but are not limited to:

    • Access control and authentication
    • Applied cryptography
    • Cloud and big data security
    • Critical Infrastructure Protection
    • Data and Applications Security
    • Digital Forensics
    • Human Aspects of Information Security and Assurance
    • Identity Management
    • Information Security Education
    • Information Security Management
    • Information Technology Mis-Use and the Law
    • Managing information security functions
    • Mobile security
    • Multilateral Security
    • Network & Distributed Systems Security
    • Pervasive Systems Security
    • Privacy protection
    • Trust Management
    • Audit and risk analysis

  • Elsevier Information Science, Special Issue on Security, Privacy and trust in network-based Big Data, December 2014, (Submission Due 25 January 2014)

    Editor: Xiaohong Jiang (Future University Hakodate, Japan), Hua Wang (University of Southern Queensland, Australia), and Georgios Kambourakis (University of the Aegean, Greece)
    
    The aim of the special issue is to present leading edge work concerning privacy protection issues and security challenges in the rapidly emerging field of network-based Big Data. Research that addresses organisational and enterprise solutions for privacy protection and information security in Big Data environments will also be presented. Both papers dealing with fundamental theory, techniques, applications, and practical experiences concerning secure Big Data will be considered. The scope of the special issue includes (but is not limited to):

    • Security modeling and threat in Big Data
    • Auditing in network-based Big Data
    • Access control mechanisms for Big Data systems
    • Secure Big Data resource virtualisation mechanisms
    • Secure Big Data management outsourcing (e.g., database as a service)
    • Practical privacy and integrity mechanisms for outsourcing
    • Foundations of cloud-centric threat models for Big Data
    • Trust and policy management
    • Secure identity management mechanisms
    • New Big Data web service security paradigms and mechanisms
    • Business and security risk models and clouds
    • Cost and usability models and their interaction with security in Big Data systems
    • Remote data integrity protection
    • Data-centric security and data classification
    • Secure Big Data in wireless environment
    • Risk analysis and risk management

  • CSF 2014 27th IEEE Computer Security Foundations Symposium, Vienna University of Technology, Vienna, Austria, July 19 - 22, 2014. (Submission Due 3 February 2014)

    The Computer Security Foundations Symposium is an annual conference for researchers in computer security. CSF seeks papers on foundational aspects of computer security, e.g., formal security models, relationships between security properties and defenses, principled techniques and tools for design and analysis of security mechanisms, as well as their application to practice. While CSF welcomes submissions beyond the topics listed below, the main focus of CSF is foundational security: submissions that lack foundational aspects risk rejection. New results in computer security are welcome. Possible topics include, but are not limited to: access control, accountability, anonymity, authentication, critical infrastructure security, cryptography, data and system integrity, database security, decidability and complexity, distributed systems, electronic voting, executable content, formal methods and verification, game theory and decision theory, hardware-based security, humans and computer security, information flow, intrusion detection, language-based security, network security, novel insights on attacks, privacy, provenance, resource usage control, security for mobile computing, security models, security protocols, software security, socio-technical security, trust management, usable security, web security.

  • DIMVA 2014 11th International Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Royal Holloway London, Egham, UK, July 10-11, 2014. (Submission Due 8 February 2014)

    The annual DIMVA conference serves as a premier forum for advancing the state of the art in intrusion detection, malware detection, and vulnerability assessment. Each year, DIMVA brings together international experts from academia, industry, and government to present and discuss novel research in these areas. DIMVA is organized by the special interest group "Security - Intrusion Detection and Response" (SIDAR) of the German Informatics Society (GI). The conference proceedings will appear as a volume in the Springer Lecture Notes in Computer Science (LNCS) series (approval pending). DIMVA encourages submissions from the following broad areas:
    Intrusion Detection
    

    • Novel approaches and domains
    • Insider detection
    • Prevention and response
    • Data leakage and exfiltration
    • Result correlation and cooperation
    • Evasion and other attacks
    • Potentials and limitations
    • Operational experiences
    Malware Detection
    
    • Automated analyses
    • Behavioral models
    • Prevention and containment
    • Infiltration
    • Acquisition and monitoring
    • Forensics and recovery
    • Underground economy
    Vulnerability Assessment
    
    • Vulnerability detection
    • Vulnerability prevention
    • Fuzzing techniques
    • Classification and evaluation
    • Situational awareness

  • PETS 2014 14th Privacy Enhancing Technologies Symposium, Amsterdam, Netherlands, July 16-18, 2014. (Submission Due 10 February 2014)

    The Privacy Enhancing Technologies Symposium (PETS) aims to advance the state of the art and foster a world-wide community of researchers and practitioners to discuss innovation and new perspectives. Suggested topics include but are not restricted to:

    • Behavioral targeting
    • Building and deploying privacy-enhancing systems
    • Crowdsourcing for privacy
    • Cryptographic tools for privacy
    • Data protection technologies
    • Differential privacy
    • Economics of privacy and game-theoretical approaches to privacy
    • Forensics and privacy
    • Information leakage, data correlation and generic attacks to privacy
    • Interdisciplinary research connecting privacy to economics, law, ethnography, psychology, medicine, biotechnology
    • Location and mobility privacy
    • Measuring and quantifying privacy
    • Obfuscation-based privacy
    • Policy languages and tools for privacy
    • Privacy and human rights
    • Privacy in ubiquitous computing and mobile devices
    • Privacy in cloud and big-data applications
    • Privacy in social networks and micro-blogging systems
    • Privacy-enhanced access control, authentication, and identity management
    • Profiling and data mining
    • Reliability, robustness, and abuse prevention in privacy systems
    • Surveillance
    • Systems for anonymous communications and censorship resistance
    • Traffic analysis
    • Transparency enhancing tools
    • Usability and user-centered design for PETs

  • IWCC 2014 International Workshop on Cyber Crime, Held in conjunction with the IEEE CS Security & Privacy Workshops (SPW 2014), Fairmont Hotel, San Jose, CA, USA, May 17-18, 2014. (Submission Due 10 February 2014)

    Today's world's societies are becoming more and more dependent on open networks such as the Internet - where commercial activities, business transactions and government services are realized. This has led to the fast development of new cyber threats and numerous information security issues which are exploited by cyber criminals. The inability to provide trusted secure services in contemporary computer network technologies has a tremendous socio-economic impact on global enterprises as well as individuals. Moreover, the frequently occurring international frauds impose the necessity to conduct the investigation of facts spanning across multiple international borders. Such examination is often subject to different jurisdictions and legal systems. A good illustration of the above being the Internet, which has made it easier to perpetrate traditional crimes. It has acted as an alternate avenue for the criminals to conduct their activities, and launch attacks with relative anonymity. The increased complexity of the communications and the networking infrastructure is making investigation of the crimes difficult. Traces of illegal digital activities are often buried in large volumes of data, which are hard to inspect with the aim of detecting offences and collecting evidence. Nowadays, the digital crime scene functions like any other network, with dedicated administrators functioning as the first responders. This poses new challenges for law enforcement policies and forces the computer societies to utilize digital forensics to combat the increasing number of cybercrimes. Forensic professionals must be fully prepared in order to be able to provide court admissible evidence. To make these goals achievable, forensic techniques should keep pace with new technologies. The aim of this workshop is to bring together the research accomplishments provided by the researchers from academia and the industry. The other goal is to show the latest research results in the field of digital forensics and to present the development of tools and techniques which assist the investigation process of potentially illegal cyber activity. We encourage prospective authors to submit related distinguished research papers on the subject of both: theoretical approaches and practical case reviews. The workshop will be accessible to both non-experts interested in learning about this area and experts interesting in hearing about new research and approaches. Topics of interest include, but are not limited to:

    • Cyber crimes: evolution, new trends and detection
    • Cyber crime related investigations
    • Computer and network forensics
    • Digital forensics tools and applications
    • Digital forensics case studies and best practices
    • Privacy issues in digital forensics
    • Network traffic analysis, traceback and attribution
    • Incident response, investigation and evidence handling
    • Integrity of digital evidence and live investigations
    • Identification, authentication and collection of digital evidence
    • Anti-forensic techniques and methods
    • Watermarking and intellectual property theft
    • Social networking forensics
    • Steganography/steganalysis and covert/subliminal channels
    • Network anomalies detection
    • Novel applications of information hiding in networks
    • Political and business issues related to digital forensics and anti-forensic techniques

  • DASec 2014 1st International Workshop on Big Data Analytics for Security, Held in conjunction with ICDCS 2014, Madrid, Spain, June 30 - July 3, 2014. (Submission Due 10 February 2014)

    In the last 10 years we have witnessed a strong integration of several human activities with computers and digital networks. This has led to an interconnected economy, where interactions occur through the mediation of networked devices. The openness of this scenario was instrumental in creating new business opportunities. However, it has also paved the way to new forms of criminal activities that, while happening in the cyber domain, have strong implications in the real world. The current trend towards an Internet of Things will possibly worsen this scenario. In this context, private companies and public bodies struggle to defend their businesses against a deluge of attacks spanning from complex online frauds to malicious scanning activities of their IT infrastructures. As attacks continue to grow in complexity, classic "border-control" approaches to system security quickly prove to be ineffective, calling for an investigation into new methodologies and solutions. At the same time, ongoing research efforts on "Big Data" systems are devising new and innovative methodologies to manage and analyze large amounts of data with the aim of recognizing specific patterns and behaviors. The First International Workshop on Big Data Analytics for Security aims to bring together people from both academia and industry to present their most recent work related to trust, security and privacy issues in big data analytics, together with application of big data technologies in the field of security. The purpose is to establish if and how large-scale data analytics technologies can help in creating new security solutions for today's complex IT infrastructures.

  • SACMAT 2014 19th ACM Symposium on Access Control Models and Technologies, London, Ontario, Canada, June 25-27, 2014. (Submission Due 13 February 2014)

    Papers offering novel research contributions in all aspects of access control are solicited for submission to the 19th ACM Symposium on Access Control Models and Technologies (SACMAT 2014). We have expanded the scope to include several new topics that have relevance to access control. These include cyber-physical systems, applications, systems, hardware, cloud computing, and usability. The Program Committee for this year reflects this expanded scope.

    • Administration
    • Applications
    • Attribute-based systems
    • Authentication
    • Biometrics
    • Cryptographic approaches
    • Cyber-physical systems
    • Design methodology
    • Distributed, cloud, and mobile systems
    • Economic models and game theory
    • Enforcement
    • Hardware enhanced
    • Identity management
    • Mechanisms, systems, and tools
    • Models and extensions
    • Obligations
    • Policy engineering and analysis
    • Requirements
    • Risk
    • Safety analysis
    • Standards
    • Theoretical foundations
    • Trust management
    • Usability

  • IEEE Internet of Things Journal, Special Issue on Security for IoT: the State of the Art, October 2014, (Submission Due 15 February 2014)

    Editor: Kui Ren (University at Buffalo, USA), Pierangela Samarati (University of Milan, Italy), Peng Ning (NCSU, Raleigh & Samsung Mobile, USA), Marco Gruteser (Rutgers University, USA), and Yunhao Liu (Tsinghua University, China)
    
    The Internet is becoming more and more ubiquitous. One central element of this trend is the existence of a massive network of interconnected wired/wireless physical objects/things/sensors/devices, which can interact in a rich set of manners through a worldwide communication and information infrastructure and provide value added services. The vision of such an Internet of Things (IoT) system, supported by industrial companies and governments globally, has the potential to mark an evolution that will surely have a great impact on our environments and our lives. Yet, the realization of a ubiquitous IoT also poses a number of challenges where security is among the top concerns. The globally interconnected physical objects inevitably result in a potentially enormous attack surface that can be easily exploited if without adequate protection. To enable strong security foundations for the ubiquitous IoT, plenty of factors need to be taken into account. Examples are data security, privacy, access control, information assurance, trust management, secure services interoperability, seamless integration, system heterogeneity, scalability, and mobility. This special issue solicits high-quality original research results about IoT that pertain to state-of-the-art security and privacy issues in various pervasive and ubiquitous scenarios. We encourage submissions on theoretical, practical, as well as experimental studies, from both academia and industry, related to all aspects of security for IoT. Topics of interests include (but are not limited to) the following categories:

    • Secure IoT architecture
    • IoT access control and key management
    • Identification and privacy for IoT
    • Smart phone enabled secure smart systems
    • New cryptographic primitives for IoT
    • Manage trust for IoT service interoperability
    • Security on heterogeneous ecosystems
    • Context-aware security design
    • Data security and privacy in the IoT
    • Intrusion detection and defense for IoT
    • Joint security&privacy aware protocol design
    • Failure detection, prediction, and recovery
    • Secure data management within IoT
    • Trusted computing technology and IoT
    • Availability, recovery and auditing
    • IoT related web services security
    • Secure cyber-physical system
    • Biometrics for the IoT

  • WEIS 2014 13th Annual Workshop on the Economics of Information Security, Pennsylvania State University, PA, USA, June 23-24, 2014. (Submission Due 28 February 2014)

    The Workshop on the Economics of Information Security (WEIS) is the leading forum for interdisciplinary scholarship on information security and privacy, combining expertise from the fields of economics, social science, business, law, policy, and computer science. Prior workshops have explored the role of incentives between attackers and defenders of information systems, identified market failures surrounding Internet security, quantified risks of personal data disclosure, and assessed investments in cyber-defense. The 2014 workshop will build on past efforts using empirical and analytic tools not only to understand threats, but also to strengthen security and privacy through novel evaluations of available solutions. We encourage economists, computer scientists, legal scholars, business school researchers, security and privacy specialists, as well as industry experts to submit their research and participate by attending the workshop. Suggested topics include (but are not limited to) empirical and theoretical studies of:

    • Optimal investment in information security
    • Models and analysis of online crime (including botnets, phishing, and spam)
    • Risk management and cyber-insurance
    • Security standards and regulation
    • Cyber-security and privacy policy
    • Security and privacy models and metrics
    • Economics of privacy and anonymity
    • Behavioral security and privacy
    • Vulnerability discovery, disclosure, and patching
    • Cyber-defense strategy and game theory
    • Incentives for information sharing and cooperation

  • SOUPS 2014 Symposium On Usable Privacy and Security, In-cooperation with USENIX, Menlo Park, CA, USA, July 9-11, 2014. (Submission Due 28 February 2014)

    The 2014 Symposium on Usable Privacy and Security (SOUPS) will bring together an interdisciplinary group of researchers and practitioners in human computer interaction, security, and privacy. The program will feature technical papers, a poster session, panels and invited talks, lightning talks and demos, and workshops and tutorials. This year SOUPS will be held at Facebook in Menlo Park, CA. We invite authors to submit original papers describing research or experience in all areas of usable privacy and security. Topics include, but are not limited to:

    • innovative security or privacy functionality and design,
    • new applications of existing models or technology,
    • field studies of security or privacy technology,
    • usability evaluations of new or existing security or privacy features,
    • security testing of new or existing usability features,
    • longitudinal studies of deployed security or privacy features,
    • the impact of organizational policy or procurement decisions, and
    • lessons learned from the deployment and use of usable privacy and security features,
    • reports of replicating previously published studies and experiments,
    • reports of failed usable security studies or experiments, with the focus on the lessons learned from such experience.

  • Journal of Cyber Security and Mobility, Special issue on Next generation mobility network security, July 2014, (Submission Due 1 March 2014)

    Editor: Roger Piqueras Jover (AT&T Security Research Center)
    
    The Long Term Evolution (LTE) is the newly adopted standard technology to offer enhanced capacity and coverage for mobility networks, providing advanced multimedia services beyond traditional voice and short messaging traffic for billions of users. This new cellular communication system introduces a substantial redesign of the network architecture resulting in the new eUTRAN (Enhanced Universal Terrestrial Radio Access Network) and the EPC (Enhanced Packet Core). In this context, the LTE Radio Access Network (RAN) is built upon a redesigned physical layer and based on an Orthogonal Frequency Division Multiple Access (OFDMA) modulation, features robust performance in challenging multipath environments and substantially improves capacity. Moreover, a new all-IP core architecture is designed to be more flexible and flatter. In parallel, the cyber-security landscape has changed drastically over the last few years. It is now characterized by large scale security threats such as massive Distributed Denial of Service Attacks (DDoS), the advent of the Advanced Persistent Threat (APT) and the surge of mobile malware and fraud. These new threats illustrate the importance of strengthening the resiliency of mobility networks against security attacks, ensuring this way full mobility network availability. In this context, however, the scale of the threat is not the key element anymore and traditionally overlooked low range threats, such as radio jamming, should also be included in security studies. This special issue of the Journal of Cyber Security and Mobility addresses research advances in mobility threats and new security applications/architectures for next generation mobility networks. The main topics of interest of this issue include, but are not limited to, the following:

    • LTE RAN security
    • OFDM/OFDMA radio jamming
    • Secure wireless communications under malicious interference/jamming
    • Mobility security threats based on interoperability with legacy networks
    • LTE EPC security
    • Mobile malware/botnet impact on RAN/EPC
    • Femtocell security threats
    • Detection of attacks against mobility networks
    • Self Organizing Network (SON) security applications
    • WiFi-cellular interoperability threats and security
    • Mobile device baseband security

  • IEEE Pervasive Computing, Special issue on Pervasive Privacy and Security, January-March 2015, (Submission Due 1 March 2014)

    Editor: Sunny Consolvo (Google, USA), Jason Hong (Carnegie Mellon University, USA), and Marc Langheinrich (University of Lugano, Switzerland)
    
    Society is increasingly relying on pervasive computing technologies in all domains. However, with the growing adoption of these technologies, we are also seeing more and more issues related to privacy and security. The aim of this special issue is to explore technologies related to all aspects of privacy and security in pervasive computing. Relevant topics for this special issue include, but are not limited to, the following:

    • Privacy and security for pervasive computing domains, such as smart homes, smart cars, healthcare, urban computing, and more
    • Privacy and security for pervasive computing technologies, such as smartphones, wireless sensors, wearable computers, RFIDs, cameras, and more
    • New methods, techniques, or architectures for collecting, processing, managing, and sharing sensed data in a way that balances privacy, security, and utility
    • New approaches for managing privacy and security in pervasive computing domains, both for end-users and for organizations offering services
    • User interfaces for conveying to users what data is being sensed and gathered
    • User studies probing people's attitudes and behaviors towards privacy and security in pervasive computing domains and/or involving pervasive computing technologies
    • Tools, platforms, and user models to help developers improve privacy and security in ubicomp systems
    • Experiences with privacy and security for deployed ubicomp systems
    • More streamlined ways of authenticating to pervasive computing environments, or using pervasive computing technologies to improve authentication in general
    • Security on low-power computing devices
    • Establishing trust in pervasive hardware
    • Combining privacy with accuracy in location sensing
    • Coping with physical threats to pervasive hardware
    • Pervasive surveillance and privacy
    • technology and policy issues
    • New business processes and models involving ubicomp privacy and security
    • Incorporating privacy and security into the design and development process of pervasive applications (aka "privacy-by-design")

  • RFIDSec 2014 10th Workshop on RFID Security, Co-located with ACM WiSec 2014, Oxford, United Kingdom, July 21-23, 2014. (Submission Due 1 March 2013)

    RFIDsec is the premier workshop devoted to security and privacy in Radio Frequency Identification (RFID) with participants throughout the world. RFIDsec brings together researchers from academia and industry for topics of importance to improving the security and privacy of RFID, NFC, contactless technologies, and the Internet of Things. RFIDsec bridges the gap between cryptographic researchers and RFID developers through invited talks and contributed presentations. Topics of interest include:

    • New applications for secure RFID, NFC and other constrained systems
    • Resource-efficient implementations of cryptography
    • Attacks on RFID systems (e.g. side-channel attacks, fault attacks, hardware tampering)
    • Data protection and privacy-enhancing techniques
    • Cryptographic protocols (e.g. authentication, key distribution, scalability issues)
    • Integration of secure RFID systems (e.g. infrastructures, middleware and security)
    • Data mining and other systemic approaches to RFID security
    • RFID hardware security (e.g. Physical Unclonable Functions (PUFs), RFID Trojans)
    • Case studies

  • WiSec 2014 7th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Oxford, United Kingdom, July 21-25, 2014. (Submission Due 3 March 2013)

    ACM WiSec has been broadening its scope and seeks to present high quality research papers exploring security and privacy aspects of wireless communications, mobile networks, and their applications. In addition to the traditional ACM WiSec topics of physical, link, and network layer security, we welcome papers focusing on the security and privacy of mobile software platforms, usable security and privacy, biometrics and the increasingly diverse range of mobile or wireless applications. The conference welcomes both theoretical as well as systems contributions. Topics of interest include, but are not limited to:

    • Mobile malware and platform security
    • Security & Privacy for Smart Devices (e.g., Smartphones)
    • Wireless and mobile privacy and anonymity
    • Secure localization and location privacy
    • Cellular network fraud and security
    • Jamming attacks and defenses
    • Key extraction, agreement, or distribution
    • Theoretical foundations, cryptographic primitives, and formal methods
    • NFC and smart payment applications
    • Security and privacy for mobile sensing systems
    • Wireless or mobile security and privacy in health, automotive, avionics, or smart grid applications
    • Self-tracking/Quantified Self Security and Privacy
    • Physical Tracking Security and Privacy
    • Usable Mobile Security and Privacy
    • Economics of Mobile Security and Privacy
    • Bring Your Own Device (BYOD) Security

  • MOST 2014 Mobile Security Technologies Workshop, An event of the IEEE Computer Society's Security and Privacy Workshops (SPW 2014), Co-located with the 34th IEEE Symposium on Security and Privacy (IEEE S&P 2014), San Jose, CA, USA, May 17, 2014. (Submission Due 3 March 2014)

    Mobile Security Technologies (MoST) brings together researchers, practitioners, policy makers, and hardware and software developers of mobile systems to explore the latest understanding and advances in the security and privacy for mobile devices, applications, and systems. We are seeking both short position papers (2-4 pages) and longer papers (a maximum of 10 pages). The scope of MoST 2014 includes, but is not limited to, security and privacy specifically for mobile devices and services related to:

    • Device hardware
    • Operating systems
    • Middleware
    • Mobile web
    • Secure and efficient communication
    • Secure application development tools and practices
    • Privacy
    • Vulnerabilities and remediation techniques
    • Usable security
    • Identity and access control
    • Risks in putting trust in the device vs. in the network/cloud
    • Special applications, such as medical monitoring and records
    • Mobile advertisement
    • Secure applications and application markets
    • Economic impact of security and privacy technologies

  • CNS 2014 2nd IEEE Conference on Communications and Network Security, San Francisco, CA, USA, October 29-31, 2014. (Submission Due 7 March 2014)

    IEEE Conference on Communications and Network Security (CNS) is a new conference series in IEEE Communications Society (ComSoc) core conference portfolio and the only ComSoc conference focusing solely on cyber security. IEEE CNS is a spin-off of IEEE INFOCOM, the premier ComSoc conference on networking. The goal of CNS is to provide an outstanding forum for cyber security researchers, practitioners, policy makers, and users to exchange ideas, techniques and tools, raise awareness, and share experience related to all practical and theoretical aspects of communications and network security. Building on the success of last year's inaugural conference, IEEE CNS 2014 seeks original high-quality technical papers from academia, government, and industry. Topics of interest encompass all practical and theoretical aspects of communications and network security, all the way from the physical layer to the various network layers to the variety of applications reliant on a secure communication substrate. Submissions with main contribution in other areas, such as information security, software security, system security, or applied cryptography, will also be considered if a clear connection to secure communications/networking is demonstrated.

  • WISTP 2014 8th Workshop in Information Security Theory and Practice, Heraklion, Greece, June 23-25, 2014. (Submission Due 7 March 2014)

    Future ICT technologies, such as the concepts of Ambient Intelligence, Cyber-physical Systems and Internet of Things provide a vision of the Information Society in which: a) people and physical systems are surrounded with intelligent interactive interfaces and objects, and b) environments are capable of recognising and reacting to the presence of different individuals or events in a seamless, unobtrusive and invisible manner. The success of future ICT technologies will depend on how secure these systems may be, to what extent they will protect the privacy of individuals and how individuals will come to trust them. WISTP 2014 aims to address security and privacy issues of smart devices, networks, architectures, protocols, policies, systems, and applications related to Internet of Things, along with evaluating their impact on business, individuals, and the society. The workshop seeks original submissions from academia and industry presenting novel research on all theoretical and practical aspects of security and privacy of Internet of Things, as well as experimental studies of fielded systems, the application of security technology, the implementation of systems, and lessons learned. We encourage submissions from other communities such as law, business, and policy that present these communities' perspectives on technological issues. Topics of interest include, but are not limited to:
    Security and Privacy in Smart Devices
    

    • Biometrics, National ID cards
    • Embedded Systems Security and TPMs
    • Interplay of TPMs and Smart Cards
    • Mobile Codes Security
    • Mobile Devices Security
    • Mobile Malware
    • Mobile OSes Security Analysis
    • New Applications for Secure RFID Systems
    • RFID Systems
    • Smart Card
    • Smart Devices Applications
    • Wireless Sensor Node
    Security and Privacy in Networks
    
    • Ad Hoc Networks
    • Delay-Tolerant Network
    • Domestic Network
    • GSM/GPRS/UMTS Systems
    • Peer-to-Peer Networks
    • Security Issues in Mobile and Ubiquitous Networks
    • Sensor Networks: Campus Area, Body Area, Sensor and Metropolitan Area Networks
    • Vehicular Network
    • Wireless Communication: Bluetooth, NFC, WiFi, WiMAX, others
    Security and Privacy in Architectures, Protocols, Policies, Systems and Applications
    
    • BYOD Contexts
    • Cloud-enhanced Mobile Security
    • Critical Infrastructure (e.g. for Medical or Military Applications)
    • Cyber-Physical Systems
    • Digital Rights Management (DRM)
    • Distributed Systems and Grid Computing
    • Information Assurance and Trust Management
    • Intrusion Detection and Information Filtering
    • Lightweight cryptography
    • Localization Systems (Tracking of People and Goods)
    • M2M (Machine to Machine), H2M (Human to Machine) and M2H (Machine to Human)
    • Mobile Commerce
    • Multimedia Applications
    • Public Administration and Governmental Services
    • Pervasive Systems
    • Privacy Enhancing Technologies
    • Secure self-organization and self-configuration
    • Security Models, Architecture and Protocol: for Identification and Authentication, Access Control, Data Protection
    • Security Policies (Human-Computer Interaction and Human Behavior Impact)
    • Security Measurements
    • Smart Cities
    • Systems Controlling Industrial Processes

  • IEEE Security & Privacy, Special issue on Key Trends in Cryptography, January/February 2015, (Abstract Due 15 March 2014, and Final Submission Due 1 May 2014)

    Editor: Hilarie Orman (purplestreak.com, USA) and Charles Pfleeger (pfleeger.com, USA)
    
    Cryptography has advanced from an arcane craft to a mathematical discipline with established principles, widely-accepted standards, and daily use in Internet and many other computer applications. Yet its actual utility and future are clouded topics that hit at two widely separated poles: the limits of computation and the role of government. Articles for this special issue of IEEE Security & Privacy magazine will cover recent research trends in cryptology and their implications for emerging computing techniques (such as cloud computing), collaboration between researchers and governments in defining cryptographic standards, how physics and mathematics shape and limit cryptology, and how cryptology implements privacy and security in an interconnected world. Potential articles for this issue might address:

    • Is cryptology an ongoing research area? What are the remaining challenges that have not been solved by public key systems and the AES cipher?
    • What new cryptographic methods are on the horizon? How could techniques such as homomorphic encryption affect computers and applications? What synergies do new methods have with emerging technologies such as cloud , digital commerce, tablets and cellphones, personal health and safety systems, etc.?
    • What are the known or potential failures of cryptology? Are mathematical advances eroding the fundamental "hard problems" such as discrete logarithms or factoring? How can one be sure that a system employing cryptographic techniques is implemented securely? Is it better to use specialized hardware instead of software? Should cryptographic software be open source? How will advances in computing hardware, such as graphics processors, affect the use of cryptography?
    • Is quantum key distribution a realistic method for day-to-day applications? Is quantum computing a serious threat to the strength of cryptography? Do quantum principles have wider application to cryptology? When are these technologies likely to move from research to proof-of-concept to widespread use?
    • As more and more small devices contain general purpose computers and wireless communication, should they also employ cryptography? What physical constraints such as size, power demand, ruggedness or heat dissipation affect the ability to integrate cryptography in all devices? If device-based cryptography is readily available, will it be used? Will it be used appropriately?
    • Is there such a thing as "user-friendly cryptography"? How much of the arcane side of cryptography can be shielded from the user without weakening its impact? Do users care whether they employ cryptography or at what strength? Do users worry about traffic interception by criminals, businesses, or governments?
    • How and why does the U.S. government develop standards for cryptography? What standards are being developed now? How have the Snowden disclosures affected that process? Are there non-governmental approaches to developing these standards?
    • What are the scientific and political limits to actual secrecy and privacy? Malware, man-the-middle attacks, hardware Trojans, collusion by businesses and governments - in this environment, what protection is available to end users?

  • TGC 2014 9th Symposium on Trustworthy Global Computing, Co-located with Concur 2014, Rome, Italy, September 5-6, 2014. (Submission Due 2 May 2014)

    The Symposium on Trustworthy Global Computing is an international annual venue dedicated to secure and reliable computation in the so-called global computers, i.e., those computational abstractions emerging in large-scale infrastructures such as service-oriented architectures, autonomic systems, and cloud computing. The TGC series focuses on providing frameworks, tools, algorithms, and protocols for rigorously designing, verifying, and implementing open-ended, large-scaled applications. The related models of computation incorporate code and data mobility over distributed networks that connect heterogeneous devices and have dynamically changing topologies. We solicit papers in all areas of global computing, including (but not limited to):

    • languages, semantic models, and abstractions
    • security, trust, and reliability
    • privacy and information flow policies
    • algorithms and protocols
    • resource management
    • model checking, theorem proving, and static analysis
    • tool support

 

• The Technical Committee on Security and Privacy

 

• Staying in touch....

  • Information for Subscribers and Contributors

  • Who's where: recent address changes

  • Changing your email address?  Please send updates to cipher@ieee-security.org