Cipher Electronic Newsletter of the Technical Committe on    Security & Privacy A Technical Committee of the Computer Society of the IEEE  Electronic Issue (EI) 125,  March 17, 2015 Hilarie Orman,  Editor Richard Austin, Book Review Editor Sven Dietrich, Associate Editor Yong Guan, Calendar Editor

Contents:

• Letter from the Editor 
   

• Commentary and Opinion

  • Richard Austin's review of Data and Goliath: The hidden battles to capture your data and control your world by Bruce Schneier

  • NewsBits:  Announcements and correspondence (please contribute!)

    • Hacks Against Health Insurers
    • Yet Another Federal Cybersecurity Agency?
    • Microsoft's Downgrade Attack, JASBUG
    • Stealthy Bank Malware Empties Coffers
    • The Best Ever Hackers
    • Lenovo Removes SuperFish
    • The FBI's Fake Cell Phone Towers
    • Blast From the Past: Key Escrow Returns?
    • Cell Phone SIM Card Secrets Stolen?
    • The Website "Lock" Might Be a Weak Link
    • Apple Wallet Undermined by Lazy Banks
    • A Secure Tablet for Governments

  • Book reviews from past Cipher issues

  • Conference Reports and Commentary from past Cipher issues

  • News items from past Cipher issues

 

• Listing of academic positions available  by Cynthia Irvine
  Nothing new since last Cipher.

 

• Conference and Workshop Announcements

  • Cipher calls-for-papers and calendar
      Cipher calendar announcements are on Twitter; follow "ciphernews"
      new calls or announcements added since Cipher E124 (the calls-for-papers and the calendar announcements may differ slightly in content or time of update): 

  • 3/17/15: SECRYPT, 12th International Conference on Security and Cryptography, Colmar, Alsace, France; Submissions are due
  • 3/20/15: MSPN, International Conference on Mobile, Secure and Programmable Networking, Paris, France; Submissions are due
  • 3/22/15: PTDCS, Workshop on Privacy by Transparency in Data-Centric Services, Held in conjunction with the 18th International Conference on Business Information Systems (BIS 2015), Poznan, Poland; Submissions are due
  • 3/22/15: TrustBus, 12th International Conference on Trust, Privacy, and Security in Digital Business, Valencia, Spain; Submissions are due
  • 3/31/15: HAISA, International Symposium on Human Aspects of Information Security & Assurance, Lesvos, Greece; Submissions are due
  • 3/31/15: ECTCM, 3rd International Workshop on Emerging Cyberthreats and Countermeasures, Held in conjunction with the 10th International Conference on Availability, Reliability and Security (ARES 2015), Toulouse, France; Submissions are due
  • 3/31/15: IEEE Transactions on Cloud Computing, Special Issue on Cloud Security Engineering; Submissions are due
  • 4/ 1/15: Globecom-CISS, IEEE Globecom 2015, Communication & Information System Security Symposium, San Diego, CA, USA; Submissions are due
  • 4/ 1/15: RT2ND, International Workshop on Risk and Trust in New Network Developments, Held in conjunction with the 10th International Conference on Availability, Reliability and Security (ARES 2015), Toulouse, France; Submissions are due
  • 4/ 1/15: WSDF, 8th International Workshop on Digital Forensics, Held in conjunction with the 10th International Conference on Availability, Reliability and Security (ARES 2015), Toulouse, France; Submissions are due
  • 4/ 1/15: PST, International Conference on Privacy, Security and Trust, Izmir, Turkey; Submissions are due
  • 4/ 1/15: 10th IFIP Summer School on Privacy and Identity Management - Time for a Revolution?, Edinburgh, Scotland; Submissions are due
  • 4/ 1/15: SPE, IEEE 5th International Workshop on Security and Privacy Engineering, Co-located with 11th IEEE World Congress on Services (SERVICES 2015), New York, NY, USA; Submissions are due
  • 4/ 4/15: ESORICS, 20th European Symposium on Research in Computer Security, Vienna, Austria; Submissions are due
  • 4/10/15: WISTP, 9th WISTP International Conference on Information Security Theory and Practice, Crete, Greece; Submissions are due
  • 4/10/15: FCS, Workshop on Foundations of Computer Security, Held in conjunction with IEEE CSF 2015, Verona, Italy; Submissions are due
  • 4/14/15- 4/16/15: HST, 14th annual IEEE Symposium on Technologies for Homeland Security, Boston, Massachusetts, USA
  • 4/14/15: IoTPTS, Workshop on IoT Privacy, Trust, and Security, Held in conjunction with ASIACCS 2015, Singapore
  • 4/14/15- 4/17/15: ASIACCS, 10th ACM Symposium on Information, Computer and Communications Security, Singapore
  • 4/14/15: CPSS, 1st Cyber-Physical System Security Workshop, Held in conjunction with ACM AsiaCCS 2015, Singapore
  • 4/15/15: NSS, 9th International Conference on Network and System Security, New York City, NY, USA; Submissions are due
  • 4/24/15: CNS, 3rd IEEE Conference on Communications and Network Security, Florence, Italy; Submissions are due
  • 5/ 1/15: Elsevier Future Generation Computer Systems, Special Issue on Cloud Cryptography: State of the Art and Recent Advances; Submissions are due
  • 5/ 5/15- 5/ 7/15: HOST, IEEE International Symposium on Hardware Oriented Security and Trust, Washington DC Metro Area, USA
  • 5/ 5/15- 5/ 8/15: ISPEC, 11th International Conference on Information Security Practice and Experience, Beijing, China
  • 5/10/15: CRITIS, 10th International Conference on Critical Information Infrastructures Security, Berlin, Germany; Submissions are due
  • 5/13/15- 5/15/15: EDFC, National Conference on Ethics and Digital Forensics, Arlington, VA, USA
  • 5/15/15: ACM-CCS, 22nd ACM Conference on Computer and Communications Security, Denver, Colorado, USA; Submissions are due
  • 5/18/15: TELERISE, 1st International Workshop on TEchnical and LEgal aspects of data pRIvacy and SEcurity, Co-located with ICSE 2015, Florence, Italy
  • 5/18/15- 5/20/15: SP, 36th IEEE Symposium on Security and Privacy, San Jose, CA, USA
  • 5/21/15: W2SP, Web 2.0 Security and Privacy Workshop, Held in conjunction with IEEE Symposium on Security and Privacy (SP 2015), San Jose, CA, USA
  • 5/21/15: GenoPri, 2nd International Workshop on Genome Privacy and Security, Held in conjunction with IEEE Symposium on Security and Privacy (SP 2015), San Jose, CA, USA
  • 5/21/15: IWPE, 1st International Workshop on Privacy Engineering, Held in conjunction with IEEE Symposium on Security and Privacy (SP 2015), San Jose, CA, USA
  • 5/21/15: LangSec, 2nd Workshop on Language-Theoretic Security, Held in conjunction with IEEE Symposium on Security and Privacy (SP 2015), San Jose, CA, USA
  • 5/21/15: MoST, Mobile Security Technologies Workshop, an event of the IEEE Computer Society's Security and Privacy Workshops (SPW 2015), Held in conjunction with the 34th IEEE Symposium on Security and Privacy (IEEE SP 2015), The Fairmont Hotel, San Jose, CA, USA
  • 5/22/15: IEICE Transactions on Information and Systems, Special Issue on Information and Communication System Security; Submissions are due
  • 5/31/15: IEEE Transactions on Services Computing, Special Issue on Security and Dependability of Cloud Systems and Services; Submissions are due
  • 6/ 1/15- 6/ 3/15: SACMAT, 20th ACM Symposium on Access Control Models and Technologies, Vienna, Austria
  • 6/ 2/15- 6/ 5/15: ACNS, 13th International Conference on Applied Cryptography and Network Security, New York, NY, USA
  • 6/ 7/15- 6/11/15: DAC-Security Track, Design Automation Conference, San Francisco, CA, USA
  • 6/15/15- 6/17/15: MSPN, International Conference on Mobile, Secure and Programmable Networking, Paris, France
  • 6/22/15- 6/23/15: RFIDSec, 11th Workshop on RFID Security, Co-located with ACM WiSec 2015, New York City, NY, USA
  • 6/22/15- 6/23/15: WEIS, 14th Annual Workshop on the Economic of Information Security, Delft University of Technology, The Netherlands
  • 6/22/15- 6/26/15: WiSec, 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, New York City, NY, USA
  • 6/24/15- 6/26/15: PTDCS, Workshop on Privacy by Transparency in Data-Centric Services, Held in conjunction with the 18th International Conference on Business Information Systems (BIS 2015), Poznan, Poland
  • 6/27/15- 7/ 2/15: SPE, IEEE 5th International Workshop on Security and Privacy Engineering, Co-located with 11th IEEE World Congress on Services (SERVICES 2015), New York, NY, USA
  • 6/30/15- 7/ 2/15: PETS, 15th Privacy Enhancing Technologies Symposium, Philadelphia, PA, USA
  • 7/ 1/15- 7/ 3/15: HAISA, International Symposium on Human Aspects of Information Security & Assurance, Lesvos, Greece
  • 7/ 9/15- 7/10/15: DIMVA 2015 12th International Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Milano, Italy
  • 7/13/15: FCS, Workshop on Foundations of Computer Security, Held in conjunction with IEEE CSF 2015, Verona, Italy
  • 7/18/15- 7/24/15: CAV, 27th International Conference on Computer Aided Verification, San Francisco, California, USA
  • 7/20/15- 7/22/15: SECRYPT, 12th International Conference on Security and Cryptography, Colmar, Alsace, France
  • 7/21/15- 7/23/15: PST, International Conference on Privacy, Security and Trust, Izmir, Turkey
  • 7/22/15- 7/24/15: SOUPS, Symposium On Usable Privacy and Security, Ottawa, Canada
  • 7/29/15: ICISS, 11th International Conference on Information Systems Security, Kolkata, India; Submissions are due
  • 8/12/15- 8/14/15: USENIX-Security, 24th USENIX Security Symposium, Washington, D.C., USA
  • 8/16/15- 8/21/15: 10th IFIP Summer School on Privacy and Identity Management - Time for a Revolution?, Edinburgh, Scotland
  • 8/24/15- 8/25/15: WISTP, 9th WISTP International Conference on Information Security Theory and Practice, Crete, Greece
  • 8/24/15- 8/28/15: ECTCM, 3rd International Workshop on Emerging Cyberthreats and Countermeasures, Held in conjunction with the 10th International Conference on Availability, Reliability and Security (ARES 2015), Toulouse, France
  • 8/24/15- 8/28/15: RT2ND, International Workshop on Risk and Trust in New Network Developments, Held in conjunction with the 10th International Conference on Availability, Reliability and Security (ARES 2015), Toulouse, France
  • 8/24/15- 8/28/15: WSDF, 8th International Workshop on Digital Forensics, Held in conjunction with the 10th International Conference on Availability, Reliability and Security (ARES 2015), Toulouse, France
  • 8/31/15: Journal of Computer and System Sciences, Special Issue on Cyber Security in the Critical Infrastructure: Advances and Future Directions; Submissions are due
  • 8/31/15- 9/ 4/15: EUSIPCO, 23rd European Signal Processing Conference, Information Forensics and Security Track, Nice, Cote d' Azur, France
  • 9/ 1/15- 9/ 2/15: TrustBus, 12th International Conference on Trust, Privacy, and Security in Digital Business, Valencia, Spain
  • 9/23/15- 9/25/15: ESORICS, 20th European Symposium on Research in Computer Security, Vienna, Austria
  • 9/28/15- 9/30/15: CNS, 3rd IEEE Conference on Communications and Network Security, Florence, Italy
  • 10/ 5/15-10/ 7/15: CRITIS, 10th International Conference on Critical Information Infrastructures Security, Berlin, Germany
  • 10/12/15-10/16/15: ACM-CCS, 22nd ACM Conference on Computer and Communications Security, Denver, Colorado, USA
  • 11/ 3/15-11/ 5/15: NSS, 9th International Conference on Network and System Security, New York City, NY, USA
  • 12/ 6/15-12/10/15: Globecom-CISS, IEEE Globecom 2015, Communication & Information System Security Symposium, San Diego, CA, USA
  • 12/16/15-12/20/15: ICISS, 11th International Conference on Information Systems Security, Kolkata, India
  • new calls or announcements added since Cipher E124

  • SECRYPT 2015 12th International Conference on Security and Cryptography, Colmar, Alsace, France, July 20 - 22, 2015. (Submission Due 17 March 2015)

    SECRYPT is an annual international conference covering research in information and communication security. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of data protection, privacy, security, and cryptography. Papers describing the application of security technology, the implementation of systems, and lessons learned are also encouraged. Papers describing new methods or technologies, advanced prototypes, systems, tools and techniques and general survey papers indicating future directions are also encouraged. Topics of interest include:

    • Access Control
    • Applied Cryptography
    • Biometrics Security and Privacy
    • Critical Infrastructure Protection
    • Data Integrity
    • Data Protection
    • Database Security and Privacy
    • Digital Forensics
    • Digital Rights Management
    • Ethical and Legal Implications of Security and Privacy
    • Formal Methods for Security
    • Human Factors and Human Behavior Recognition Techniques
    • Identification, Authentication and Non-repudiation
    • Identity Management
    • Information Hiding
    • Information Systems Auditing
    • Insider Threats and Countermeasures
    • Intellectual Property Protection
    • Intrusion Detection & Prevention
    • Management of Computing Security
    • Network Security
    • Organizational Security Policies
    • Peer-to-Peer Security
    • Personal Data Protection for Information Systems
    • Privacy
    • Privacy Enhancing Technologies
    • Reliability and Dependability
    • Risk Assessment
    • Secure Software Development Methodologies
    • Security and Privacy for Big Data
    • Security and privacy in Complex Systems
    • Security and Privacy in Crowdsourcing
    • Security and Privacy in IT Outsourcing
    • Security and Privacy in Location-based Services
    • Security and Privacy in Mobile Systems
    • Security and Privacy in Pervasive/Ubiquitous Computing
    • Security and Privacy in Smart Grids
    • Security and Privacy in Social Networks
    • Security and Privacy in the Cloud
    • Security and Privacy in Web Services
    • Security and Privacy Policies
    • Security Area Control
    • Security Deployment
    • Security Engineering
    • Security in Distributed Systems
    • Security Information Systems Architecture
    • Security Management
    • Security Metrics and Measurement
    • Security Protocols
    • Security requirements
    • Security Verification and Validation
    • Sensor and Mobile Ad Hoc Network Security
    • Service and Systems Design and QoS Network Security
    • Software Security
    • Trust management and Reputation Systems
    • Ubiquitous Computing Security
    • Wireless Network Security

  • MSPN 2015 International Conference on Mobile, Secure and Programmable Networking, Paris, France, June 15-17, 2015. (Submission Due 20 March 2015)

    The rapid deployment of new infrastructures based on network virtualization and Cloud computing triggers new applications and services that in turn generate new constraints such as security and/or mobility. The International Conference on Mobile, Secure and Programmable Networking aims at providing a top forum for researchers and practitioners to present and discuss new trends in networking infrastructures, security, services and applications while focusing on virtualization and Cloud computing for networks, network programming, Software Defined Networks (SDN) and their security. Position papers are also welcome and should be clearly marked as such. Authors are invited to submit complete unpublished papers, which are not under review in any other conference or journal, including, but not limited to, the following topic areas:

    • Software Defined Networks (tools, software, concepts)
    • Virtualization and Cloud computing
    • Networks and Cloud computing
    • Mobile computing and Mobile Cloud computing
    • Security, Privacy and Trust in Networks, Services and Applications
    • Green computing and networking
    • Ubiquitous Computing and Sensor Networks
    • System design and testbeds
    • Cross-Layer Design and Optimization
    • Quality of service
    • Modeling and performance evaluation
    • 4G and 5G networks
    • Social networks
    • Cooperative networking and Self-Organizing networks
    • Distributed sensing, actuation, and control in cyber-physical systems
    • Internet of Things
    • Vehicular networks and Connected Car
    • Crowdsourcing
    • Datacenter networking
    • Location-based Services
    • Web-services and SOA

  • PTDCS 2015 Workshop on Privacy by Transparency in Data-Centric Services, Held in conjunction with the 18th International Conference on Business Information Systems (BIS 2015), Poznan, Poland, June 24-26, 2015. (Submission Due 22 March 2015)

    Big Data has developed into a key factor of the economy that benefits users and providers of data-centric services. However, the analysis of growing volumes of users data in data-centric services also presents significant privacy challenges. The objective of this workshop is to bring researchers and practitioners together to explore transparency-based mechanisms, such as dashboards, economic explanations of the use of privacy and value of data, as well as user behavior. In particular, the goal of this workshop is to set thematic milestones for the technical development of transparency mechanisms on the one hand, and on the other, trace ways in which technical progress, users and industry could profit from transparency. A major focus will be set on Transparency-Enhancing Technologies (TET) and, in particular, Privacy Dashboards. Topics of interest include, but are not limited to:

    • Accountability in Data-Centric Services
    • Economics of TET
    • Privacy Dashboards
    • Privacy Economics
    • Privacy Policy Specification and Negotiation
    • Privacy in Socio-Technical Systems
    • Privacy-Enabled Business Models
    • Requirements for TET
    • Transparent Behavioral Targeting
    • Transparent Usage Control

  • TrustBus 2015 12th International Conference on Trust, Privacy, and Security in Digital Business, Valencia, Spain, September 1-2, 2015. (Submission Due 22 March 2015)

    TrustBus'2015 will bring together researchers from different disciplines, developers, and users all interested in the critical success factors of digital business systems. We are interested in papers, work-in-progress reports, and industrial experiences describing advances in all areas of digital business applications related to trust and privacy, including, but not limited to:

    • Anonymity and pseudonymity in business transactions
    • Business architectures and underlying infrastructures
    • Common practice, legal and regulatory issues
    • Cryptographic protocols
    • Delivery technologies and scheduling protocols
    • Design of businesses models with security requirements
    • Economics of Information Systems Security
    • Electronic cash, wallets and pay-per-view systems
    • Enterprise management and consumer protection
    • Identity and Trust Management
    • Intellectual property and digital rights management
    • Intrusion detection and information filtering
    • Languages for description of services and contracts
    • Management of privacy & confidentiality
    • Models for access control and authentication
    • Multimedia web services
    • New cryptographic building-blocks for e-business applications
    • Online transaction processing
    • PKI & PMI
    • Public administration, governmental services
    • P2P transactions and scenarios
    • Real-time Internet E-Services
    • Reliability and security of content and data
    • Reliable auction, e-procurement and negotiation technology
    • Reputation in services provision
    • Secure process integration and management
    • Security and Privacy models for Pervasive Information Systems
    • Security Policies
    • Shopping, trading, and contract management tools
    • Smartcard technology
    • Transactional Models
    • Trust and privacy issues in mobile commerce environments
    • Usability of security technologies and services

  • HAISA 2015 International Symposium on Human Aspects of Information Security & Assurance, Lesvos, Greece, July 1-3, 2015. (Submission Due 31 March 2015)

    It is commonly acknowledged that security requirements cannot be addressed by technical means alone, and that a significant aspect of protection comes down to the attitudes, awareness, behaviour and capabilities of the people involved. Indeed, people can potentially represent a key asset in achieving security, but at present, factors such as lack of awareness and understanding, combined with unreasonable demands from security technologies, can dramatically impede their ability to do so. Ensuring appropriate attention and support for the needs of users should therefore be seen as a vital element of a successful security strategy. People at all levels (i.e. from organisations to domestic environments; from system administrators to end-users) need to understand security concepts, how the issues may apply to them, and how to use the available technology to protect their systems. In addition, the technology itself can make a contribution by reducing the demands upon users, simplifying protection measures, and automating a variety of safeguards. With the above in mind, this symposium specifically addresses information security issues that relate to people. It concerns the methods that inform and guide users' understanding of security, and the technologies that can benefit and support them in achieving protection. The symposium welcomes papers addressing research and case studies in relation to any aspect of information security that pertains to the attitudes, perceptions and behaviour of people, and how human characteristics or technologies may be positively modified to improve the level of protection. Indicative themes include:

    • Information security culture
    • Awareness and education methods
    • Enhancing risk perception
    • Public understanding of security
    • Usable security
    • Psychological models of security software usage
    • User acceptance of security policies and technologies
    • User-friendly authentication methods
    • Biometric technologies and impacts
    • Automating security functionality
    • Non-intrusive security
    • Assisting security administration
    • Impacts of standards, policies, compliance requirements
    • Organizational governance for information assurance
    • Simplifying risk and threat assessment
    • Understanding motivations for misuse
    • Social engineering and other human-related risks
    • Privacy attitudes and practices
    • Computer ethics and security

  • ECTCM 2015 3rd International Workshop on Emerging Cyberthreats and Countermeasures, Held in conjunction with the 10th International Conference on Availability, Reliability and Security (ARES 2015), Toulouse, France, August 24-28, 2015. (Submission Due 31 March 2015)

    The 3rd International Workshop on Emerging Cyberthreats and Countermeasures aims at bringing together researchers and practitioners working in different areas related to cybersecurity. In the elapsed year 2014 bleeding hearts, shocked shells, poodles and several more shocking vulnerabilities in essential parts of our IT (security) infrastructure emerged. We want to contribute to all technical, organizational and social facets of this problem. Contributions demonstrating current vulnerabilities and threats as well as new countermeasures are warmly welcome.

  • IEEE Transactions on Cloud Computing, Special Issue on Cloud Security Engineering. (Submission Due 31 March 2015)

    Editors: Kim-Kwang Raymond Choo (University of South Australia, Australia), Omer Rana (Cardiff University, UK), and Muttukrishnan Rajarajan (City University London, UK).
    
    As the use of cloud computing grows throughout society in general, it is essential that cloud service providers and cloud service users ensure that security and privacy safeguards are in place. There is, however, no perfect security and when a cybersecurity incident occurs, digital investigation will require the identification, preservation and analysis of evidential data. This special issue is dedicated to the identification of techniques that enable security mechanisms to be engineered and implemented in Cloud-based systems. A key focus will be on the integration of theoretical foundations with practical deployment of security strategies that make Cloud systems more secure for both end users and providers - enabling end users to increase the level of trust they have in Cloud providers - and conversely for Cloud service providers to provide greater guarantees to end users about the security of their services and data. Significant effort has been invested in performance engineering of Cloud-based systems, with a variety of research-based and commercial tools that enable autoscaling of Cloud systems, mechanisms for supporting Service Level Agreement-based provisioning and adaptation and more recently for supporting energy management of large scale data centres. This special issue will be devoted to understanding whether a similar engineering philosophy can be extended to support security mechanisms, and more importantly, whether experience from the performance engineering community (who often need to carry out analysis on large log files) can be carried over into the security domain. We encourage authors to be exploratory in their papers - reporting on novel use of performance engineering tools that could be repurposed for supporting security management and vice versa. Topics of interest include:

    • Advanced security features
    • Anonymity
    • Cloud forensic and anti-forensic techniques and implementations
    • Cloud privacy
    • Cloud-based honeypots
    • Cloud-based intrusion detection and prevention systems
    • Distributed authentication and authentication
    • Implementation of cryptographic and key management strategies in clouds (e.g. homomorphic encryption for cloud computing)
    • Multi-Cloud security provisioning
    • Real time analysis of security (log) data for alert generation
    • Remote collection of evidence (e.g. from cloud servers)
    • Security-focused Service Level Agreements

  • Globecom-CISS 2015 IEEE Globecom 2015, Communication & Information System Security Symposium, San Diego, CA, USA, December 6-10, 2015. (Submission Due 1 April 2015)

    As communication and information systems become more indispensable to the society, their security has also become extremely critical. This symposium welcomes manuscripts on all aspects of the modeling, design, implementation, deployment, and management of security algorithms, protocols, architectures, and systems. Furthermore, contributions devoted to the evaluation, optimization, or enhancement of security and privacy mechanisms for current technologies, as well as devising efficient security and privacy solutions for emerging areas, from physical-layer technology up to cyber security, are solicited. The Communication & Information Systems Security Symposium seeks original contributions in the following topical areas, plus others that are not explicitly listed but are closely related:

    • Anonymous communication, metrics and performance
    • Attack, detection and prevention
    • Authentication protocols and key management
    • Availability and survivability of secure services and systems
    • Biometric security: technologies, risks, vulnerabilities, bio-cryptography, mobile template protection
    • Cloud, data center and distributed systems security
    • Computer and network forensics
    • Cryptography for network security
    • Cyber security
    • Digital rights management
    • Firewall technologies
    • Formal trust models, security modeling, and design of secure protocols
    • Information systems security and security management
    • Internet security and privacy
    • Malware detection and damage recovery
    • Network security metrics and performance
    • Operating systems and application security
    • Physical security and hardware/software security
    • Post-quantum network security
    • Privacy and privacy-enhancing technologies
    • Security and privacy for mobile and wireless networks
    • Security for cloud computing and networking
    • Security for mobile and wireless networks
    • Security for next-generation networks
    • Security in virtual machine environments
    • Security tools for communication and information systems
    • Trustworthy computing
    • Wired systems and optical network security

  • RT2ND 2015 International Workshop on Risk and Trust in New Network Developments, Held in conjunction with the 10th International Conference on Availability, Reliability and Security (ARES 2015), Toulouse, France, August 24-28, 2015. (Submission Due 1 April 2015)

    The drive of being connected anywhere and anytime, the convenience of smart services, and advances in embedded computing have recently pushed new network developments. Several factors have contributed to this development, e.g., hardware advances (devices are smaller, more powerful, and batteries last longer), the heterogeneity of end-points (a range of devices and "intelligent things"), different architectures (networks of networks, self-configuring, opportunistic and ad-hoc networks), enhancements in technology (mobile, wireless, Bluetooth, RFID, NFC) and the ever more networked society (devices are increasingly affordable and ubiquitous). Such developments have created new network paradigms such as Vehicular Networks, Body Area Networks, Personal Area Networks, Smart Camera Networks, Virtualized Networks, Service-oriented Networks, Home Area Networks, and Named Data Networks. Novelties in network architectures, technologies and applications raise numerous challenges in terms of risk and trust, and in the trade-off between them. This workshop aims to bring together researchers and practitioners, and foment discussion on risk and trust in emerging networks and how to best defend against their misuse. We encourage different types of contributions - surveys, technical and empirical contributions.

  • WSDF 2015 8th International Workshop on Digital Forensics, Held in conjunction with the 10th International Conference on Availability, Reliability and Security (ARES 2015), Toulouse, France, August 24-28, 2015. (Submission Due 1 April 2015)

    Digital forensics is a rapidly evolving field primarily focused on the extraction, preservation and analysis of digital evidence obtained from electronic devices in a manner that is legally acceptable. Research into new methodologies tools and techniques within this domain is necessitated by an ever-increasing dependency on tightly interconnected, complex and pervasive computer systems and networks. The ubiquitous nature of our digital lifestyle presents many avenues for the potential misuse of electronic devices in crimes that directly involve, or are facilitated by, these technologies. The aim of digital forensics is to produce outputs that can help investigators ascertain the overall state of a system. This includes any events that have occurred within the system and entities that have interacted with that system. Due care has to be taken in the identification, collection, archiving, maintenance, handling and analysis of digital evidence in order to prevent damage to data integrity. Such issues combined with the constant evolution of technology provide a large scope of digital forensic research. WSDF aims to bring together experts from academia, industry, government and law enforcement who are interested in advancing the state of the art in digital forensics by exchanging their knowledge, results, ideas and experiences. The aim of the workshop is to provide a relaxed atmosphere that promotes discussion and free exchange of ideas while providing a sound academic backing. The focus of this workshop is not only restricted to digital forensics in the investigation of crime. It also addresses security applications such as automated log analysis, forensic aspects of fraud prevention and investigation, policy and governance.

  • PST 2015 International Conference on Privacy, Security and Trust, Izmir, Turkey, July 21-23, 2015. (Submission Due 1 April 2015)

    This conference, the thirteenth in an annual series, provides a forum for researchers world-wide to unveil their latest work in privacy, security and trust and to show how this research can be used to enable innovation. High-quality papers in all PST related areas that, at the time of submission, are not under review and have not already been published or accepted for publications elsewhere are solicited. PST2015 topics include, but are NOT limited to, the following:

    • Privacy Preserving / Enhancing Technologies
    • Critical Infrastructure Protection
    • Network and Wireless Security
    • Operating Systems Security
    • Intrusion Detection Technologies
    • Secure Software Development and Architecture
    • PST Challenges in e-Services, e.g. e-Health, e-Government, e-Commerce
    • Network Enabled Operations
    • Digital forensics
    • Information Filtering, Data Mining and Knowledge from Data
    • National Security and Public Safety
    • Cryptographic Techniques for Privacy Preservation
    • Security Metrics
    • Recommendation, Reputation and Delivery Technologies
    • Privacy, Traceability, and Anonymity
    • Trust and Reputation in Self-Organizing Environments
    • Anonymity and Privacy vs. Accountability
    • Access Control and Capability Delegation

  • 10th IFIP Summer School on Privacy and Identity Management - Time for a Revolution?, Edinburgh, Scotland, August 16-21, 2015. (Submission Due 1 April 2015)

    The Summer School takes a holistic approach to society and technology and supports interdisciplinary exchange through keynote and plenary lectures, tutorials, workshops, and research paper presentations. In particular, participants' contributions that combine technical, legal, regulatory, socio-economic, social or societal, political, ethical, anthropological, philosophical, or psychological perspectives are welcome. The school seeks contributions in the form of research papers, tutorials, and workshop proposals from all disciplines (e.g., computer science, informatics, economics, ethics, law, psychology, sociology, political and other social sciences, surveillance studies, business and public management), and is especially inviting contributions from students who are at the stage of preparing either a master's or a PhD thesis. Topics of interest include, but are not limited to:

    • big data analysis, biometrics, cloud computing, virtuality, data and visual analytics
    • concepts of anonymity, pseudonymity, identity in different disciplines or cultures
    • cybercrime and cybersecurity
    • data breaches, data retention and law enforcement
    • digital rights and net neutrality
    • digital participation, participatory design, ethically-informed design, co-creation and co-ollaboration, ecosystems, and social actors' engagement in design
    • health informatics, informed consent, and data-sharing
    • impact of legislative or regulatory initiatives on privacy
    • impact of technology on social exclusion/digital divide/social and cultural aspects
    • privacy and identity management (services, technologies, infrastructures, usability aspects, legal and socio-economic aspects)
    • privacy-by-design, privacy-by-default, and privacy impact assessment
    • privacy-enhancing technologies (PETs), privacy standardisation, and privacy issues relating to eIDs
    • profiling and tracking technologies
    • public attitudes to (national) security and privacy
    • roadmap towards increased privacy protection, use of PETs and privacy by design as a standard procedure
    • semantics, web security, and privacy
    • social accountability, social, legal and ethical aspects of technology and the Internet specifically
    • social care, community care, integrated care and opportunities for as well as threats to individual and community privacy
    • social networks, social computing, crowdsourcing and social movements
    • surveillance, video surveillance, sensor networks, and the Internet of Things
    • transparency-enhancing technologies (TETs)
    • trust management and reputation systems
    • ubiquitous and usable privacy and identity management

  • SPE 2015 IEEE 5th International Workshop on Security and Privacy Engineering, Co-located with 11th IEEE World Congress on Services (SERVICES 2015), New York, NY, USA, June 27 - July 2, 2015. (Submission Due 1 April 2015)

    Built upon the success of spectrum of conferences within the IEEE World Congress on Services and the Security and Privacy Engineering workshop, IEEE Security and Privacy Engineering (SPE 2015) theme is a unique place to exchange ideas of engineering secure systems in the context of service computing, cloud computing, and big data analytics. The emphasis on engineering in security and privacy of services differentiates the theme from other traditional prestigious security and privacy workshops, symposiums, and conferences. The practicality and value realization are examined by practitioners from leading industries as well as scientists from academia. In line with the engineering spirit, we solicit original papers presenting real solutions and visions on building secure service systems that can be applied to government procurement, digital medical records, cloud environments, social networking for business purposes, multimedia application, mobile commerce, education, and the like. Potential contributions could cover, but are not limited to, methodologies, protocols, tools, or verification and validation techniques. We also welcome review papers that analyze critically the status of current Security and Privacy (S&P) in a specific area. Papers from practitioners who encounter security and privacy problems and seek understanding are also welcome. Topics of interests of SPE 2015 include, but are not limited to:

    • S&P Engineering of Service-Based Applications
    • Security Engineering of Service Compositions
    • Practical Approaches to Security Engineering of Services
    • Privacy-Aware Service Engineering
    • Industrial and Real Use Cases in S&P Engineering of (Cloud) Services
    • S&P Engineering of Cloud Services
    • Auditing and Assessment
    • Assurance and Certification
    • Cloud Transparency
    • Security Management and Governance
    • Privacy Enforcement in Clouds and Services
    • Cybersecurity Issues of Clouds and Services
    • Validation and Verification of S&P in Clouds and Services
    • Applied Cryptography for S&P in Clouds and Services
    • S&P Testing in Clouds and Services
    • Security and Privacy Modeling
    • Socio-Economics and Compliance
    • Education and Awareness
    • Big Data S&P Engineering
    • Mobile Cloud S&P Engineering
    • S&P Engineering into futuristic blue skies

  • ESORICS 2015 20th European Symposium on Research in Computer Security, Vienna, Austria, September 23-25, 2015. (Submission Due 4 April 2015)

    ESORICS is the annual European research event in Computer Security. The Symposium started in 1990 and has been held in several European countries, attracting a wide international audience from both the academic and industrial communities. Papers offering novel research contributions in computer security are solicited for submission to the Symposium. The primary focus is on original, high quality, unpublished research and implementation experiences. We encourage submissions of papers discussing industrial research and development. Topics of interest include, but are not limited to:

    • access control
    • accountability
    • ad hoc networks
    • anonymity
    • applied cryptography
    • authentication
    • biometrics
    • database security
    • data protection
    • digital content protection
    • digital forensic
    • distributed systems security
    • electronic payments
    • embedded systems security
    • inference control
    • information hiding
    • identity management
    • information flow control
    • integrity
    • intrusion detection
    • formal security methods
    • language-based security
    • network security
    • phishing and spam prevention
    • privacy
    • risk analysis and management
    • secure electronic voting
    • security architectures
    • security economics
    • security metrics
    • security models
    • security and privacy in cloud scenarios
    • security and privacy in complex systems
    • security and privacy in location services
    • security and privacy for mobile code
    • security and privacy in pervasive/ubiquitous computing
    • security and privacy policies
    • security and privacy in social networks
    • security and privacy in web services
    • security verification
    • software security
    • steganography
    • systems security
    • trust models and management
    • trustworthy user devices
    • web security
    • wireless security

  • WISTP 2015 9th WISTP International Conference on Information Security Theory and Practice, Crete, Greece, August 24-25, 2015. (Submission Due 10 April 2015)

    Future ICT technologies, such as the concepts of Ambient Intelligence, Cyber-physical Systems, and Internet of Things provide a vision of the Information Society in which: a) people and physical systems are surrounded with intelligent interactive interfaces and objects, and b) environments are capable of recognising and reacting to the presence of different individuals or events in a seamless, unobtrusive, and invisible manner. The success of future ICT technologies will depend on how secure these systems are and to what extent they protect the privacy of individuals and individuals trust them. In 2007, Workshop in Information Security Theory and Practice (WISTP) was created as a forum for bringing together researchers and practitioners in related areas and to encourage interchange and cooperation between the research community and the industrial/consumer community. Based on the growing interest of the participants, 2015 edition is becoming a conference - The 9th WISTP International Conference on Information Security Theory and Practice (WISTP'2015). WISTP 2015 seeks original submissions from academia and industry presenting novel research on all theoretical and practical aspects of security and privacy, as well as experimental studies of fielded systems, the application of security technology, the implementation of systems, and lessons learned. We encourage submissions from other communities such as law, business, and policy that present these communities' perspectives on technological issues. Topics of interest include, but are not limited to:

    • Security and Privacy in Smart Devices
    • Security and Privacy in Networks
    • Security and Privacy in Architectures, Protocols, Policies, Systems and Applications

  • FCS 2015 Workshop on Foundations of Computer Security, Held in conjunction with IEEE CSF 2015, Verona, Italy, July 13, 2015. (Submission Due 10 April 2015)

    Computer security is an established field of both theoretical and practical significance. In recent years, there has been sustained interest in the formal foundations of methods used in computer security. The aim of the FCS 2015 workshop is to provide a forum for continued activity in this area. The scope of FCS 2015 includes, but is not limited to, the formal specification, analysis, and design of cryptographic protocols and their applications; the formal definition of various aspects of security such as access control mechanisms, mobile code security and denial-of-service attacks; the modelling of information flow and its application to confidentiality policies, system composition, and covert channel analysis. We are interested both in new theoretical results in computer security and also in more exploratory presentations that examine open questions and raise fundamental concerns about existing theories, as well as in new results on developing and applying automated reasoning techniques and tools for the formal specification and analysis of security protocols. We thus solicit submission of papers both on mature work and on work in progress. Please note that FCS has no published proceedings. Presenting a paper at the workshop should not preclude submission to or publication in other venues. Papers presented at the workshop will be made publicly available, but this will not constitute an official proceedings.

  • NSS 2015 9th International Conference on Network and System Security, New York City, NY, USA, November 3-5, 2015. (Submission Due 15 April 2015)

    NSS is an annual international conference covering research in network and system security. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of network security, privacy, applications security, and system security. Papers describing case studies, implementation experiences, and lessons learned are also encouraged. Topics of interest include but are not limited to:

    • Active Defense Systems
    • Applied Cryptography
    • Analysis, Benchmark of Security Systems
    • Authentication
    • Biometric Security
    • Complex Systems Security
    • Database and System Security
    • Data Protection
    • Data/System Integrity
    • Distributed Access Control
    • Distributed Attack Systems
    • Denial-of-Service
    • High Performance Network Virtualization
    • Hardware Security
    • High Performance Security Systems
    • Identity Management
    • Intelligent Defense Systems
    • Insider Threats
    • Intellectual Property Rights Protection
    • Internet and Network Forensics
    • Intrusion Detection and Prevention
    • Key Distribution and Management
    • Large-scale Attacks and Defense
    • Malware
    • Network Resiliency
    • Network Security
    • RFID Security and Privacy
    • Security Architectures
    • Security for Critical Infrastructures
    • Security in P2P systems
    • Security in Cloud and Grid Systems
    • Security in E-Commerce
    • Security in Pervasive/Ubiquitous Computing
    • Security and Privacy in Smart Grid
    • Security and Privacy in Wireless Networks
    • Security Policy
    • Secure Mobile Agents and Mobile Code
    • Security Theory and Tools
    • Standards and Assurance Methods
    • Trusted Computing
    • Trust Management
    • World Wide Web Security

  • CNS 2015 3rd IEEE Conference on Communications and Network Security, Florence, Italy, September 28-30, 2015. (Submission Due 24 April 2015)

    IEEE Conference on Communications and Network Security (CNS) is a new conference series in IEEE Communications Society (ComSoc) core conference portfolio and the only ComSoc conference focusing solely on cyber security. IEEE CNS is also a spin-off of IEEE INFOCOM, the premier ComSoc conference on networking. The goal of CNS is to provide an outstanding forum for cyber security researchers, practitioners, policy makers, and users to exchange ideas, techniques and tools, raise awareness, and share experience related to all practical and theoretical aspects of communications and network security. Building on the success of the past two years' conferences, IEEE CNS 2015 seeks original high-quality technical papers from academia, government, and industry. Topics of interest encompass all practical and theoretical aspects of communications and network security, all the way from the physical layer to the various network layers to the variety of applications reliant on a secure communication substrate. Submissions with main contribution in other areas, such as information security, software security, system security, or applied cryptography, will also be considered if a clear connection to secure communications/networking is demonstrated. Particular topics of interest include, but are not limited to:

    • Anonymization and privacy in communication systems
    • Biometric authentication and identity management
    • Computer and network forensics
    • Data and application security
    • Data protection and integrity
    • Availability of communications, survivability of networks in the presence of attacks
    • Key management and PKI for networks
    • Information-theoretic security
    • Intrusion detection and prevention
    • Location privacy
    • Mobile security
    • Outsourcing of network and data communication services
    • Physical layer security methods, cross-layer methods for enhancing security
    • Secure routing, network management
    • Security for critical infrastructures
    • Security metrics and performance evaluation
    • Security and privacy for big data
    • Security and privacy in body area networks
    • Security and privacy in content delivery network
    • Security and privacy in cloud computing and federated cloud
    • Security and privacy in crowdsourcing
    • Security and privacy in the Internet of Things
    • Security and privacy in multihop wireless networks: ad hoc, mesh, sensor, vehicular and RFID networks
    • Security and privacy in peer-to-peer networks and overlay networks
    • Security and privacy in single-hop wireless networks: Wi-Fi, Wi-Max
    • Security and privacy in smart grid, cognitive radio networks, and disruption/delay tolerant networks
    • Security and privacy in social networks
    • Security and privacy in pervasive and ubiquitous computing
    • Social, economic and policy issues of trust, security and privacy
    • Traffic analysis
    • Usable security for networked computer systems
    • Vulnerability, exploitation tools, malware, botnet, DDoS attacks
    • Web, e-commerce, m-commerce, and e-mail security

  • Elsevier Future Generation Computer Systems, Special Issue on Cloud Cryptography: State of the Art and Recent Advances. (Submission Due 1 May 2015)

    Editors: Kim-Kwang Raymond Choo (University of South Australia, Australia), Josep Domingo-Ferrer (Universitat Rovira i Virgili, Catalonia), and Lei Zhang (East China Normal University, China)
    
    Cloud computing is widely used by organisations and individuals. Despite the popularity of cloud computing, cloud security is still an area needing further research. A particularly promising approach to achieve security in this new computing paradigm is through cryptography, but traditional cryptographic techniques are not entirely suitable for cloud implementation due to computational efficiency limitations and other constraints. This special issue is dedicated to providing both scientists and practitioners with a forum to present their recent research on the use of novel cryptography techniques to improve the security of the underlying cloud architecture or ecosystem, particularly research that integrates both theory and practice. For example, how do we design an efficient cloud cryptography system that offers enhanced security without compromising on usability and performance? An efficient fully homomorphic encryption scheme might be an option. Such a scheme should guarantee that the cloud service provider is unable to view the content of the data he stores (thereby ensuring data confidentiality to users). However, sufficiently efficient fully homomorphic encryption is not yet available. We encourage authors to be exploratory in their submissions - that is, to report on advances beyond the state of the art in research and development of cryptographic techniques that result in secure and efficient means of ensuring security and privacy of cloud data. Topics of interest include but are not limited to:

    • Anonymity
    • Access control
    • Cloud key agreement
    • Distributed authentication and authority
    • Implementation of cryptographic schemes
    • Homomorphic encryption
    • Multi-cloud security
    • Privacy-preserving provisioning
    • Remote proofs of storage
    • Searchable encryption
    • Secure computation

  • CRITIS 2015 10th International Conference on Critical Information Infrastructures Security, Berlin, Germany, October 5-7, 2015. (Submission Due 10 May 2015)

    CRITIS 2015 has four foci. Topic category 1, Resilience and protection of cyber-physical systems, covers advances in the classical CIIP sectors telecommunication, cyber systems and electricity infrastructures. Topic category 2 focuses on advances in C(I)IP policies and best practices in C(I)IP specifically from stakeholders' perspectives. In topic category 3, general advances in C(I)IP, we are explicitly inviting contributions from additional infrastructure sectors like energy, transport, and smart built infrastructure) and cover also cross-sector CI(I)P aspects. In 2013, the CRITIS series of conferences has started to foster contributions from young experts and researchers ("Young CRITIS"), and in 2014 this has been reinforced by the first edition of the CIPRNet Young CRITIS Award (CYCA). We will continue both activities at CRITIS 2015, since our demanding multi-disciplinary field of research requires open-minded talents.

  • ACM-CCS 2015 22nd ACM Conference on Computer and Communications Security, Denver, Colorado, USA, October 12-16, 2015. (Submission Due 15 May 2015)

    The ACM Conference on Computer and Communications Security (CCS) is the flagship annual conference of the Special Interest Group on Security, Audit and Control (SIGSAC) of the Association for Computing Machinery (ACM). The conference brings together information security researchers, practitioners, developers, and users from all over the world to explore cutting-edge ideas and results. It provides an environment to conduct intellectual discussions. From its inception, CCS has established itself as a high standard research conference in its area.

  • IEICE Transactions on Information and Systems, Special Issue on Information and Communication System Security. (Submission Due 22 May 2015)

    Editors: Toshihiro Yamauchi (Okayama University, Japan), Yasunori Ishihara (Osaka University, Japan), and Atsushi Kanai (Hosei University, Japan).
    
    The major topics include, but are not limited to:

    • Security Technologies on AdHoc Network, P2P, Sensor Network, RFID, Wireless Network, Mobile Network, Home Network, Cloud, and SNS
    • Access Control, Content Security, DRM, CDN, Privacy Protection, E-Commerce, PKI, Security Architecture, Security Protocol, Security Implementation, Technologies, Secure OS, Security Evaluation/Authentication

  • IEEE Transactions on Services Computing, Special Issue on Security and Dependability of Cloud Systems and Services. (Submission Due 31 May 2015)

    Editors: Marco Vieira (University of Coimbra, Portugal) and Stefano Russo (Università di Napoli Federico II, Italy).
    
    Service-based cloud systems are being used in business-, mission- and safety-critical scenarios to achieve operational goals. Their characteristics of complexity, heterogeneity, and fast-changing dynamics bring difficult challenges to the research and industry communities. Among them, security and dependability (Sec. & Dep.) have been widely identified as increasingly relevant issues. Crucial aspects to be addressed include: metrics, techniques and tools for assessing Sec. & Dep.; modeling and evaluation of the impact of accidental and malicious threats; failure and recovery analysis; Sec. & Dep. testing, testbeds, benchmarks; infrastructure interdependencies, interoperability in presence of Sec. & Dep. guarantees. The objective of this Special Issue is to bring together sound original contributions from researchers and practitioners on methodologies, techniques and tools to assess or improve the security and dependability of cloud systems and services. Suggested topics include, but are not limited to:

    • Design, deployment and management of secure and dependable cloud systems and services
    • Secure and dependable Service-Oriented Architecture (SOA)
    • Secure and dependable Big Data services
    • Specification and design methodologies (e.g., model-driven, component-based)
    • Modeling and simulation of security and dependability of cloud systems and services
    • Metrics for quantifying services dependability and security
    • Dependability and security benchmarking of cloud systems
    • Verification and validation (V&V) for dependability and security evaluation of services
    • Formal verification, testing, analytical and experimental evaluation of services
    • Off-line versus on-line dependability and security services assessment
    • Protocols and network technologies for dependable and secure mobile cloud applications
    • Virtualization for dependable cloud networks
    • Future Internet architectures and protocols for mobile cloud computing
    • Design and use of supporting tools for creating dependable and secure services
    • Case studies illustrating challenges and solutions in designing secure and dependable cloud systems and services

  • ICISS 2015 11th International Conference on Information Systems Security, Kolkata, India, December 16-20, 2015. (Submission Due 29 July 2015)

    The conference series ICISS (International Conference on Information Systems Security), held annually, provides a forum for disseminating latest research results in information and systems security. ICISS 2015, the eleventh conference in this series, will be held under the aegis of the Society for Research in Information Security and Privacy (SRISP). Submissions are encouraged from academia, industry and government, addressing theoretical and practical problems in information and systems security and related areas. Topics of interest include but are not limited to:

    • Access and Usage Control
    • Application Security
    • Authentication and Audit
    • Biometric Security
    • Cloud Security
    • Cryptographic Protocols
    • Cyber-physical Systems Security
    • Data Security and Privacy
    • Digital Forensics
    • Digital Rights Management
    • Distributed Systems Security
    • Formal Models in Security
    • Identity Management
    • Intrusion Detection and Prevention
    • Intrusion Tolerance and Recovery
    • Key Management
    • Language-based Security
    • Malware Analysis and Mitigation
    • Network Security
    • Operating Systems Security
    • Privacy and Anonymity
    • Secure Data Streams
    • Security and Usability
    • Security Testing
    • Sensor and Ad Hoc Network Security
    • Smartphone Security
    • Software Security
    • Usable Security
    • Vulnerability Detection and Mitigation
    • Web Security

  • Journal of Computer and System Sciences, Special Issue on Cyber Security in the Critical Infrastructure: Advances and Future Directions. (Submission Due 31 August 2015)

    Editors: Jemal Abawajy (Deakin University, Australia), Kim-Kwang Raymond Choo (University of South Australia, Australia), and Rafiqul Islam (Charles Sturt University, Australia). This special issue invites original research papers that reports on state-of-the-art and recent advancements in securing our critical infrastructure and cyberspace, with a particular emphasis on novel techniques to build resilient critical information infrastructure. Topics of interest include but are not limited to:

    • Cyber security mitigation techniques for critical infrastructures such as banking and finance, communications, emergency services, energy, food chain, health, mass gatherings, transport and water
    • Cyber threat modelling and analysis
    • Cyber forensics
    • Visual analytics and risk management techniques for cyber security
    • Cyber security test beds, tools, and methodologies

 

• The Technical Committee on Security and Privacy

 

• Staying in touch....

  • Information for Subscribers and Contributors

  • Who's where: recent address changes

  • Changing your email address?  Please send updates to cipher@ieee-security.org