Cipher Electronic Newsletter of the Technical Committe on    Security & Privacy A Technical Committee of the Computer Society of the IEEE  Electronic Issue (EI) 134,  September 19, 2016 Hilarie Orman,  Editor Richard Austin, Book Review Editor Sven Dietrich, Associate Editor Yong Guan, Calendar Editor

Contents:

• Letter from the Editor 
   

• Commentary and Opinion

  • Richard Austin's review of the book, How to Measure Anything in Cybersecurity Risk by Douglas W. Hubbard and Richard Seiersen

  • NewsBits:  Announcements and correspondence from readers (please contribute!)

    • Microsoft Shoots Itself in the Trusted Boot
    • TCP Sequence Numbers, The Once and Future Flaw
    • Repressive Governments Buy iPhone Spyware (3 items)
    • Microsoft Fights Feds For User Privacy
    • Federal Directive Clarifies Cyberattack Handling
    • Democrats Made Transparent by Hackers
    • Bit By Stolen Bitcoin (two items)
    • NIST SHA-3 Derived Function
    • HTTP 2 Implementations Open DDOS Channels
    • Pizza Hacker Convicted
    • Crypto Backdoor Socialization by FBI (2 items)
    • AP to FBI: Tell Us How You Hacked the iPhone

  • Book reviews from past Cipher issues

  • Conference Reports and Commentary from past Cipher issues

  • News items from past Cipher issues

 

• Listing of academic positions available  by Cynthia Irvine
  Nothing new since Cipher E133

 

• Conference and Workshop Announcements

  • Cipher calls-for-papers and calendar
      Cipher calendar announcements are on Twitter; follow "ciphernews"
      new calls or announcements added since Cipher E133 (the calls-for-papers and the calendar announcements may differ slightly in content or time of update): 

  • 9/17/16- 9/19/16: IWDW, 15th International Workshop on Digital-forensics and Watermarking, Beijing, China
  • 9/19/16: ICSS, Industrial Control System Security Workshop, Held in conjunction with 32nd Annual Computer Security Applications Conference (ACSAC 2016), Los Angeles, CA, USA; Submissions are due
  • 9/19/16- 9/21/16: RAID, 19th International Symposium on Research in Attacks, Intrusions and Defenses, Paris, France
  • 9/20/16- 9/22/16: SADFE, 11th International Conference on Systematic Approaches to Digital Forensics Engineering, Kyoto, Japan
  • 9/26/16- 9/27/16: WISTP, 10th WISTP International Conference on Information Security Theory and Practice, Heraklion, Crete, Greece
  • 9/26/16- 9/30/16: ESORICS, 21st European Symposium on Research in Computer Security, Heraklion, Crete
  • 10/ 1/16: IEEE Communications Magazine, Feature Topic on Traffic Measurements for Cyber Security; Submissions are due
  • 10/ 1/16: INTRICATE-SEC, 5th International Workshop on Security Intricacies in Cyber-Physical Systems and Services, Taipei, Taiwan; Submissions are due
  • 10/ 1/16: SG-CRC, 2nd Singapore Cyber Security R&D Conference, Singapore; Submissions are due
  • 10/ 3/16: DFRWS-EU, DFRWS digital forensics EU conference, Lake Constance, Germany; Submissions are due
  • 10/10/16-10/12/16: SecureComm, 12th EAI International Conference on Security and Privacy in Communication Networks, Guangzhou, China
  • 10/17/16-10/19/16: CNS, 4th IEEE Conference on Communications and Network Security, Philadelphia, PA, USA
  • 10/19/16: WWW, WWW Security and Privacy Track, Perth, Australia; Submissions are due
  • 10/24/16-10/28/16: ACM CCS, 23rd ACM Conference on Computer and Communications Security, Vienna, Austria
  • 10/24/16: WISCS, 3rd ACM Workshop on Information Sharing and Collaborative Security, Held in conjunction with 23rd ACM Conference on Computer and Communications Security (CCS 2016), Hofburg Palace, Vienna, Austria
  • 10/28/16: TrustED, 6th International Workshop on Trustworthy Embedded Devices, Held in conjunction with 23rd ACM Conference on Computer and Communications Security (CCS 2016), Hofburg Palace, Vienna, Austria
  • 10/28/16: CCSW, 8th ACM Cloud Computing Security Workshop, Held in conjunction with 23rd ACM Conference on Computer and Communications Security (CCS 2016), Hofburg Palace, Vienna, Austria
  • 10/28/16: CPS-SPC, 2nd ACM Workshop on Cyber-Physical Systems Security & Privacy, Held in conjunction with 23rd ACM Conference on Computer and Communications Security (CCS 2016), Hofburg Palace, Vienna, Austria
  • 11/ 1/16: HOST, IEEE International Symposium on Hardware Oriented Security and Trust, McLean, VA, USA; Submissions are due
  • 11/ 1/16: ASIACCS, ACM Symposium on Information, Computer and Communications Security, Abu Dhabi, United Arab Emirates; Submissions are due
  • 11/ 2/16-11/ 4/16: NordSec, 21st Nordic Conference on Secure IT Systems, Oulu, Finland
  • 11/ 4/16: SP, 38th IEEE Symposium on Security and Privacy, San Jose, CA, USA; Submissions are due
  • 11/12/16: GenoPri, 3rd International Workshop on Genome Privacy and Security, Held in conjunction with the AMIA 2016 Annual Symposium, Chicago, IL, USA
  • 11/23/16-11/15/16: FNSS, 2nd International Conference on Future Networks Systems and Security, Paris, France
  • 11/30/16: PETS, 17th Privacy Enhancing Technologies Symposium, Minneapolis, MN, USA; Submissions are due
  • 12/ 1/16: IEEE MultiMedia, Special Issue on Cybersecurity for Cyber-Enabled Multimedia Applications; Submissions are due
  • 12/ 1/16-12/ 2/16: Mycrypt, 2nd International Conference on Cryptology & Malicious Security, Kuala Lumpur, Malaysia
  • 12/ 2/16: Advances in Multimedia journal, Special Issue on Emerging Challenges and Solutions for Multimedia Security; Submissions are due
  • 12/ 4/16-12/ 7/16: WIFS, 8th IEEE International Workshop on Information Forensics and Security, Abu Dhabi, UAE
  • 12/ 5/16-12/ 6/16: SSR, 3rd International conference on Security Standardization Research, Gaithersburg, MD, USA
  • 12/ 6/16: ICSS, Industrial Control System Security Workshop, Held in conjunction with 32nd Annual Computer Security Applications Conference (ACSAC 2016), Los Angeles, CA, USA
  • 12/14/16-12/16/16: BigTrust, 1st International Workshop on Trust, Security and Privacy for Big Data, Granada, Spain
  • 12/16/16-12/18/16: SPACE, 6th International Conference on Security, Privacy and Applied Cryptography Engineering, Hyderabad, India
  • 12/16/16-12/20/16: ICISS, 12th International Conference on Information Systems Security, Jaipur, India
  • 1/30/17- 2/ 1/17: IFIP 119 DF, 13th Annual IFIP WG 11.9 International Conference on Digital Forensics, Orlando, Florida, USA
  • 2/21/17- 2/22/17: SG-CRC, 2nd Singapore Cyber Security R&D Conference, Singapore
  • 2/26/17- 3/ 1/17: NDSS, Network and Distributed System Security Symposium,;, San Diego, California, USA
  • 2/28/17: PETS, 17th Privacy Enhancing Technologies Symposium, Minneapolis, MN, USA; Submissions are due
  • 3/ 1/16: IEEE Security & Privacy Magazine, Special issue on Digital Forensics; Submissions are due
  • 3/21/17- 3/23/17: DFRWS-EU, DFRWS digital forensics EU conference, Lake Constance, Germany
  • 3/27/17- 3/29/17: INTRICATE-SEC, 5th International Workshop on Security Intricacies in Cyber-Physical Systems and Services, Taipei, Taiwan
  • 4/ 2/17- 4/ 6/17: ASIACCS, ACM Symposium on Information, Computer and Communications Security, Abu Dhabi, United Arab Emirates
  • 4/ 3/17- 4/ 7/17: WWW, WWW Security and Privacy Track, Perth, Australia
  • 4/26/17- 4/28/17: IEEE EuroSP, 2nd IEEE European Symposium on Security and Privacy, Paris, France
  • 5/ 1/17- 5/ 5/17: HOST, IEEE International Symposium on Hardware Oriented Security and Trust, McLean, VA, USA
  • 5/22/17- 5/24/17: SP, 38th IEEE Symposium on Security and Privacy, San Jose, CA, USA
  • 7/18/17- 7/21/17: PETS, 17th Privacy Enhancing Technologies Symposium, Minneapolis, MN, USA
   
  
  • new calls or announcements added since Cipher E133

  • ICSS 2016 Industrial Control System Security Workshop, Held in conjunction with 32nd Annual Computer Security Applications Conference (ACSAC 2016), Los Angeles, CA, USA, December 6, 2016. (Submissions due 19 September 2016)

    Supervisory control and data acquisition (SCADA) and industrial control systems monitor and control a wide range of industrial and infrastructure processes such as water treatment, power generation and transmission, oil and gas refining and steal manufacturing. Such systems are usually built using a variety of commodity computer and networking components, and are becoming increasingly interconnected with corporate and other Internet-visible networks. As a result, they face significant threats from internal and external actors. For example, in 2010 the Stuxnet malware was specifically written to attack SCADA systems and caused millions of dollars in damages.The critical requirement for high availability in SCADA and industrial control systems, along with the use of resource constrained computing devices, legacy operating systems and proprietary software applications limits the applicability of traditional information security solutions. The goal of this workshop is to explore new security techniques that are applicable in the control systems context. Papers of interest including (but not limited to) the following subject categories are solicited:

    • Intrusion detection and prevention
    • Malware
    • Vulnerability analysis and risk management
    • Digital forensics
    • Virtualization
    • Application security
    • Performance evaluation of security methods and tools in control systems
    • Cybersecurity Education

  • IEEE Communications Magazine, Feature Topic on Traffic Measurements for Cyber Security, (Submissions Due 1 October 2016)

    Guest Editors: Wojciech Mazurczyk (Warsaw University of Technology, Poland), Koji Nakao (KDDI / NICT, Japan), Maciej Korczyski (Delft University of Technology, The Netherlands), Engin Kirda (Northeastern University, USA), Cristian Hesselman (SIDN Labs, The Netherlands), and Katsunari Yoshioka (Yokohama National University, Japan)
    
    In today's world, societies are becoming more and more dependent on open networks such as the Internet - where commercial activities, business transactions and government services are realized. This has led to the fast development of new cyber threats and numerous information security issues which cyber criminals exploit. The inability to provide trusted secure services in contemporary computer network technologies has a tremendous unfavorable socio-economic impact on global enterprises as well as individuals.
    
    Current communication networks are increasingly becoming pervasive, complex, and ever-evolving due to factors like enormous growth in the number of network users, continuous appearance of network applications, increasing amount of data transferred, and diversity of user behaviors. Understanding and measuring traffic in such networks is a not only difficult yet vital task for network management but recently also for cyber security purposes.
    
    Network traffic measuring and monitoring can, enable the analysis of the spreading of malicious software and its capabilities or can help us understand the nature of various network threats including those that exploit users' behavior and other user's sensitive information. On the other hand, network traffic investigation can also help us assess the effectiveness of the existing countermeasures or contribute to building new, better ones. Recently, traffic measurements have been utilized in the area of economics of cyber security e.g. to assess ISP "badness" or to estimate the revenue of cyber criminals.
    
    The aim of this feature topic is to bring together the research accomplishments by academic and industry researchers. The other goal is to show the latest research results in the field of cyber security and understand how traffic measurements can influence it. We encourage prospective authors to submit related distinguished research papers on the subject of both theoretical approaches and practical case reviews.
    
    This special issue presents some of the most relevant ongoing research in cyber security seen from the traffic measurements perspective. Topics include, but are not limited to the following:

    • Measurements for network incidents response, investigation and evidence handling
    • Measurements for network anomalies detection
    • Measurements for economics of cyber security
    • Network traffic analysis to discover the nature and evolution of the cyber security threats
    • Measurements for assessing the effectiveness of the threats detection/prevention methods and countermeasures
    • Novel passive, active and hybrid measurements techniques for cyber security purposes
    • Traffic classification and topology discovery tools for monitoring the evolving status of the network from the cyber security perspective
    • Correlation of measurements across multiple layers, protocols or networks for cyber security purposes
    • Novel visualization approaches to detect network attacks and other threats
    • Analysis of network traffic to provide new insights about network structure and behavior from the security perspective
    • Measurements of network protocol and applications behavior and its impact on cyber security and users' privacy
    • Measurements related to network security and privacy

  • INTRICATE-SEC 2017 5th International Workshop on Security Intricacies in Cyber-Physical Systems and Services, Taipei, Taiwan, March 27-29, 2017. (Submissions Due 1 October 2016)

    Cyber-physical systems (CPS) are ubiquitous in critical infrastructures such as electrical power generation, transmission, and distribution networks, water management, and transportation, but also in both industrial and home automation. For flexibility, convenience, and efficiency, CPS are increasingly supported by commodity hardware and software components that are deliberately interconnected using open standard general purpose information and communication technology (ICT). The long life-cycles of CPS and increasingly incremental changes to these systems require novel approaches to the composition and inter-operability of services provided. The paradigm of service-oriented architectures (SoA) has successfully been used in similar long-lived and heterogeneous software systems. However, adapting the SoA paradigm to the CPS domain requires maintaining the security, reliability and privacy properties not only of the individual components but also, for complex interactions and service orchestrations that may not even exist during the initial design and deployment of an architecture. An important consideration therefore is the design and analysis of security mechanisms and architectures able to handle cross domain inter-operability over multiple domains involving components with highly heterogeneous capabilities. The INTRICATE-SEC workshop aims to provide a platform for academics, industry, and government professionals to communicate and exchange ideas on provisioning secure CPS and Services.

  • SG-CRC 2017 2nd Singapore Cyber Security R&D Conference, Singapore, February 21-22, 2017. (Submissions Due 1 October 2016)

    This conference will bring together academics and practitioners from across the world to participate in a vibrant programme consisting of research papers, industrial best practices, and tools exhibition. This conference focus on techniques and methodologies oriented to construct resilient systems against cyber-attacks that will helps to construct safe execution environments, improving security of both hardware and software by means of using mathematical tools and engineering approaches for designing, verifying, and monitoring cyber physical systems. Authors are invited to submit original work on the topics that fall in the general area of cyber security. Submissions may focus on theoretical results, experiments, or a mix of both.

  • DFRWS-EU 2017 DFRWS digital forensics EU conference, Lake Constance, Germany, March 21-23, 2017. (Submissions Due 3 October 2016)

    This year two premier research conferences in Europe, the DFRWS digital forensics conference (DFRWS EU 2017) and the International Conference on IT Security Incident Management & IT Forensics (IMF 2017) are brought together. Established in 2001, DFRWS has become the premier digital forensics conference, dedicated to solving real world challenges, and pushing the envelope of what is currently possible in digital forensics. Since 2003, IMF has established itself as one of the premier venues for presenting research on IT security incident response and management and IT forensics. While the first IMF conference was organized to establish a research forum for German speaking researchers and practitioners from the field, it soon became an International conference attracting many experts across Europe. IMF 2017, being the 10th Conference, is also an important mile stone in bringing the two worlds of IT security incident response and management and forensics together. Both DFRWS and IMF organise informal collaborative environments each year that bring together leading researchers, practitioners, industry, tool developers, academics, law enforcement, and other government bodies from around the globe to tackle current and emerging challenges in their fields. The co-hosting of the two events will help generate new discussions and ideas by bringing together two strong research communities: DFRWS's community encompassing a broad range of topics in digital forensics, and IMF's community focusing on IT security incident response and management.

  • WWW 2017 WWW Security and Privacy Track, Perth, Australia, April 3-7, 2017. (Submissions Due 19 October 2016)

    The Security and Privacy track at the International World Wide Web Conference offers researchers working on security, privacy, trust, and abuse of trust to present their work to the broad community of researchers, with myriad backgrounds and interests, who will be attending the 2017 World Wide Web Conference. Relevant topics include:

    • Human and usability factors in Web security & privacy
    • Measurement of online crime/underground economics
    • Tracking, profiling, and countermeasures against them
    • Measurement, analysis, and circumvention of Web censorship
    • Browser security
    • Authentication and authorization for Web-based services
    • Social network security and privacy
    • Security and privacy of web protocols
    • Abusive content such as online harassments, spam, and fake reviews
    • Privacy-enhancing technologies for the Web
    • Legal, ethical, policy issues of Web security and privacy
    • Security for Web services (e.g., blogs, Web feed, wikis, social networks)
    • Applications of cryptography to the web
    • Security in Web-based electronic commerce (e-cash, auctions, etc.)
    • Security and privacy for intelligent assistants

  • HOST 2017 IEEE International Symposium on Hardware Oriented Security and Trust, McLean, VA, USA, May 1-5, 2017. (Submissions Due 1 November 2016)

    IEEE International Symposium on Hardware Oriented Security and Trust (HOST) aims to facilitate the rapid growth of hardware-based security research and development. HOST highlights new results in the area of hardware and system security. Relevant research topics include techniques, tools, design/test methods, architectures, circuits, and applications of secure hardware. HOST 2017 invites original contributions related to, but not limited by, the following topics:

    • Hardware Trojan attacks and detection techniques
    • Hardware techniques to facilitate software and/or system security
    • Hardware-based security primitives (PUFs, RNGs)
    • System-on-chip (SoC) security
    • Side-channel attacks and protection
    • Security, privacy, and trust protocols
    • Metrics, policies, and standards related to hardware security
    • Hardware IP trust (watermarking, metering, trust verification)
    • Trusted manufacturing including split manufacturing and 3D ICs
    • Security analysis and protection of Internet of Things (IoT)
    • Secure and efficient implementation of crypto algorithms
    • Reverse engineering and hardware obfuscation
    • Supply chain risks mitigation (e.g., counterfeit detection & avoidance)
    • Hardware tampering attacks and protection
    • Applications of hardware security to secure system development

  • ASIACCS 2017 ACM Symposium on Information, Computer and Communications Security, Abu Dhabi, United Arab Emirates, April 2-6, 2017. (Submissions Due 1 November 2016)

    Building on the success of ACM Conference on Computer and Communications Security (CCS), the ACM Special Interest Group on Security, Audit, and Control (SIGSAC) formally established the annual ACM Asia Conference on Computer and Communications Security (ASIACCS). Topics of interest include but are not limited to:

    • Access control
    • Accounting and audit
    • Applied cryptography
    • Authentication
    • Big data security and privacy
    • Biometrics
    • Blockchain and alternatives
    • Cloud computing security
    • Computer forensics
    • Cyber-physical security
    • Data and application security
    • Embedded systems security
    • Formal methods for security
    • Hardware-based security & applications
    • IoT security & privacy
    • Key management
    • Malware and botnets
    • Mobile computing security
    • Network security
    • Operating system security
    • Practical post-quantum security
    • Privacy-enhancing technology
    • Runtime attacks and defenses
    • Secure computation
    • Security architectures
    • Security of critical infrastructures
    • Security metrics
    • Software security
    • Threat modeling
    • Trusted computing
    • Usable security and privacy
    • Web security
    • Wireless security and privacy

  • SP 2017 38th IEEE Symposium on Security and Privacy, San Jose, CA, USA, May 22-24, 2017. (Submissions Due 4 November 2016)

    Since 1980 in Oakland, the IEEE Symposium on Security and Privacy has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation and measurement of secure systems. Topics of interest include:

    • Access control and authorization
    • Accountability
    • Anonymity
    • Application security
    • Attacks and defenses
    • Authentication
    • Censorship resistance
    • Cloud security
    • Distributed systems security
    • Economics of security and privacy
    • Embedded systems security
    • Forensics
    • Hardware security
    • Intrusion detection and prevention
    • Malware and unwanted software
    • Mobile and Web security and privacy
    • Language-based security
    • Network and systems security
    • Privacy technologies and mechanisms
    • Protocol security
    • Secure information flow
    • Security and privacy for the Internet of Things
    • Security and privacy metrics
    • Security and privacy policies
    • Security architectures
    • Usable security and privacy
    This topic list is not meant to be exhaustive; S&P is interested in all aspects of computer security and privacy. Papers without a clear application to security or privacy, however, will be considered out of scope and may be rejected without full review.
    
    Systematization of Knowledge Papers: As in past years, we solicit systematization of knowledge (SoK) papers that evaluate, systematize, and contextualize existing knowledge, as such papers can provide a high value to our community. Suitable papers are those that provide an important new viewpoint on an established, major research area, support or challenge long-held beliefs in such an area with compelling evidence, or present a convincing, comprehensive new taxonomy of such an area. Survey papers without such insights are not appropriate. Submissions will be distinguished by the prefix 'SoK:' in the title and a checkbox on the submission form. They will be reviewed by the full PC and held to the same standards as traditional research papers, but they will be accepted based on their treatment of existing work and value to the community, and not based on any new research results they may contain. Accepted papers will be presented at the symposium and included in the proceedings.

  • PETS 2017 17th Privacy Enhancing Technologies Symposium, Minneapolis, MN, USA, July 18 - July 21, 2017. (Submissions Due 31 August 31 2016; 30 November 2016; 28 February 28 2017)

    The annual Privacy Enhancing Technologies Symposium (PETS) brings together privacy experts from around the world to present and discuss recent advances and new perspectives on research in privacy technologies. Papers undergo a journal-style reviewing process and accepted papers are published in Proceedings on Privacy Enhancing Technologies (PoPETs), a scholarly, open access journal. Submitted papers should present novel practical and/or theoretical research into the design, analysis, experimentation, or fielding of privacy-enhancing technologies. While PETS/PoPETs has traditionally been home to research on anonymity systems and privacy-oriented cryptography, we strongly encourage submissions on a number of both well-established and emerging privacy-related topics, for which examples are provided below. PoPETs also solicits submissions for Systematization of Knowledge (SoK) papers. These are papers that critically review, evaluate, and contextualize work in areas for which a body of prior literature exists, and whose contribution lies in systematizing the existing knowledge in that area.

  • IEEE MultiMedia, Special Issue on Cybersecurity for Cyber-Enabled Multimedia Applications, (Submissions Due 1 December 2016)

    Guest Editors: Qun Jin (Waseda University, Japan), Yong Xiang (Deakin University, Australia), Guozi Sun (Nanjing University of Posts and Telecommunications, China), Yao Liu (University of South Florida, USA), and Chin-Chen Chang (Feng Chia University, Taiwan)
    
    With the rapid popularity of social network applications and advanced digital devices, the past few years have witnessed the explosive growth of multimedia big data in terms of both scale and variety. Such increasing multimedia data determines a new way of communication: seamless network connection, the joyfulness user experience, and free information sharing. Meanwhile, security issues related to such multimedia big data have arisen, and an urgent demand for novel technologies has emerged to deal with copyright protection, multimedia forgery detection, and cybersecurity, especially for cyber-enabled multimedia applications. Although many promising solutions have been proposed recently, it is still challenging for the multimedia community to effectively and efficiently handle security challenges over large-scale multimedia data, especially when the scale comes up from tens of thousands to tens of millions or even billions. This special issue aims to bring together the greatest research efforts in cybersecurity for cyber-enabled multimedia applications to specifically deal with the security challenges in the multimedia big data era. The main goals are to investigate novel ideas and research work of cybersecurity issues with multimedia big data; find or develop effective and efficient techniques and methods in computer vision, multimedia processing, and sensor networks for specific cybersecurity tasks, such as data hiding, and forensics; survey the progress of this area in the past years; and explore interesting and practical cyber-enabled multimedia applications. Submissions should be unpublished and present innovative research work offering contributions either from a methodological or application point of view. Topics of interest include, but are not limited to, the following:

    • Emerging fundamental issues in multimedia big data security
    • Text, audio, images, and video data hiding
    • Multimedia steganography and corresponding steganalysis
    • Multimedia watermarking, fingerprinting, and hashing
    • Multimedia forensics and data source identification
    • Cryptography, secret sharing, and biometrics
    • Multimedia network security, privacy, and protection
    • Multimedia big data trust management and access control
    • Secure covert communications and cybersecurity
    • Secure cyber-enabled multimedia applications in health, education, and so on

  • Advances in Multimedia journal, Special Issue on Emerging Challenges and Solutions for Multimedia Security, (Submissions Due 2 December 2016)

    Guest Editors: Wojciech Mazurczyk (Warsaw University of Technology, Poland), Artur Janicki (Warsaw University of Technology, Poland), Hui Tian (National Huaqiao University, China), and Honggang Wang (University of Massachusetts Dartmouth, USA)
    
    Today's world's societies are becoming more and more dependent on open networks such as the Internet, where commercial activities, business transactions, government services, and entertainment services are realized. This has led to the fast development of new cyber threats and numerous information security issues which are exploited by cyber criminals. The inability to provide trusted secure services in contemporary computer network technologies could have a tremendous socioeconomic impact on global enterprises as well as on individuals. In the recent years, rapid development in digital technologies has been augmented by the progress in the field of multimedia standards and the mushrooming of multimedia applications and services penetrating and changing the way people interact, communicate, work, entertain, and relax. Multimedia services are becoming more significant and popular and they enrich humans' everyday life. Currently, the term multimedia information refers not only to text, image, video, or audio content but also to graphics, flash, web, 3D data, and so forth. Multimedia information may be generated, processed, transmitted, retrieved, consumed, or shared in various environments. The lowered cost of reproduction, storage, and distribution, however, also invites much motivation for large-scale commercial infringement. The above-mentioned issues have generated new challenges related to protection of multimedia services, applications, and digital content. Providing multimedia security is significantly different from providing typical computer information security, since multimedia content usually involves large volumes of data and requires interactive operations and real-time responses. Additionally, ensuring digital multimedia security must also signify safeguarding of the multimedia services. Different services require different methods for content distribution, payment, interaction, and so forth. Moreover, these services are also expected to be 'smart' in the environment of converged networks, which means that they must adapt to different network conditions and types as multimedia information can be utilized in various networked environments, for example, in fixed, wireless, and mobile networks. All of these make providing security for multimedia even harder to perform. This special issue intends to bring together diversity of international researchers, experts, and practitioners who are currently working in the area of digital multimedia security. Researchers both from academia and industry are invited to contribute their work for extending the existing knowledge in the field. The aim of this special issue is to present a collection of high-quality research papers that will provide a view on the latest research advances not only on secure multimedia transmission and distribution but also on multimedia content protection. Potential topics include, but are not limited to:

    • Emerging technologies in digital multimedia security
    • Digital watermarking
    • Fingerprinting in multimedia signals
    • Digital media steganology (steganography and steganalysis)
    • Information theoretic analysis of secure multimedia systems
    • Security/privacy in multimedia services
    • Multimedia and digital media forensics
    • Quality of Service (QoS)/Quality of Experience (QoE) and their relationships with security
    • Security of voice and face biometry
    • Multimedia integrity verification and authentication
    • Multimedia systems security
    • Digital rights management
    • Digital content protection
    • Tampering and attacks on original information
    • Content identification and secure content delivery
    • Piracy detection and tracing
    • Copyright protection and surveillance
    • Forgery detection
    • Secure multimedia networking
    • Multimedia network protection, privacy, and security
    • Secure multimedia system design, trusted computing, and protocol security

  • IEEE Security & Privacy Magazine, Special issue on Digital Forensics, (Submissions Due 1 March 2017)

    Guest Editors: Wojciech Mazurczyk (Warsaw University of Technology & FernUniversitat in Hagen, Poland), Steffen Wendzel (Fraunhofer FKIE, Germany), Luca Caviglione (National Research Council of Italy, Italy), and Simson L. Garfinkel (National Institute of Standards and Technology, USA)
    
    Modern societies are becoming increasingly dependent on open networks where commercial activities, business transactions, and government services are delivered. Despite the benefits, these networks have led to new cyberthreats and cybersecurity issues. Abuse of and mistrust for telecommunications and computer network technologies have significant socioeconomic impacts on global enterprises as well as individuals. Cybercriminal activities such as fraud often require the investigations that span across international borders. In addition, they're often subject to different jurisdictions and legal systems. The increased intricacy of the communication and networking infrastructure complicates investigation of such activities. Clues of illegal digital activities are often buried in large volumes of data that makes crime detection and evidence collection difficult. This poses new challenges for law enforcement and compels computer societies to utilize digital forensics to combat the growing number of cybercrimes. Forensic professionals must be fully prepared to gather effective digital evidence. Forensic techniques must keep pace with new technologies; therefore, digital forensics is becoming more important for law enforcement and information and network security. This multidisciplinary area includes several fields, including law, computer science, finance, networking, data mining, and criminal justice. It faces diverse challenges and issues in terms of the efficiency of digital evidence processing and related forensic procedures. This special issue aims to collect the most relevant ongoing research efforts in digital forensics field. Topics include, but aren't limited to:

    • real-world case studies, best practices, and readiness;
    • challenges and emerging trends;
    • digital forensic triage;
    • antiforensics and anti-antiforensics approaches;
    • networking incident response, investigation, and evidence handling;
    • network forensics and traffic analysis;
    • detecting illegal sites and traffic (for instance, child abuse/exploitation);
    • malware and targeted attacks including analysis and attribution;
    • information-hiding techniques (network stenography, covert channels, and so on);
    • stealth communication through online games and its detection;
    • use and implications of machine learning in digital forensics;
    • big data and digital forensics;
    • network traffic fingerprinting and attacks;
    • cybercrimes design, detection, and investigation;
    • cybercrime issues and solutions from a digital forensics perspective;
    • nontraditional forensic scenarios and approaches (for instance, vehicles, SCADA, automation and control);
    • social networking forensics;
    • cloud forensics;
    • law enforcement and digital forensics; and
    • digital forensics for incident response, research, policy compliance enforcement, and so on

   

  • The Technical Committee on Security and Privacy

   

  • Staying in touch....

    • Information for Subscribers and Contributors

    • Who's where: recent address changes

    • Changing your email address?  Please send updates to cipher@ieee-security.org

   

  ---

  IEEE Computer Society's Technical Committee on Security and Privacy

  	TC home page	TC Officers
  	How to join the TCSP (or other TCs)	Open Access Proceedings
  	Cipher past issues archive
  	IEEE Computer Society	Cipher Privacy Policy

  
  

  ---