---

---

Contents:

• Letter from the Editor 
   

• Conference and Workshop Announcements

  • Commentary and Opinion

    • Sven Dietrich's review of SCION: A Secure Internet Architecture by Adrian Perrig, Pawel Szalachowski, Raphael M. Reischuk, and Laurent Chuat

    • NewsBits:  Announcements and correspondence from readers (please contribute!)

      • There's a Russian in my router
      • PGP Mime, decryption through invisible html
      • Did he or didn't he? Only Tor knows ...
      • Your Location Data, Free to the World

    • Book reviews from past Cipher issues

    • Conference Reports and Commentary from past Cipher issues

    • News items from past Cipher issues

   

  • Listing of academic positions available  by Cynthia Irvine
    

 

• Listing of academic positions available  by Cynthia Irvine
  New since Cipher E143:
  Temple University
  Philadelphia, Pennsylvania. USA
  Chair, Department of Computer and Information Sciences
  For information contact: zoran.obradovic@temple.edu with "Chair position" as the subject
  Applications may be submitted electronically at: https://academicjobsonline.org/ajo/jobs/10070

 

• Cipher calls-for-papers and calendar
    Cipher calendar announcements are on Twitter; follow "ciphernews"
  Requests for inclusion in the list should sent per instructions.
    new calls or announcements added since Cipher E143 (the calls-for-papers and the calendar announcements may differ slightly in content or time of update): 

• 6/ 1/18: SP, 40th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, Submissions are due
• 6/ 4/18- 6/ 7/18: WIIoTS, Workshop on Industrial Internet of Things Security, Bilbao, Spain
• 6/ 4/18- 6/ 8/18: ASIACCS, ACM Symposium on Information, Computer and Communications Security, Sungdo, Incheon, Korea
• 6/ 8/18: ICICS, 20th International Conference on Information and Communications Security, Lille, France, Submissions are due
• 6/15/18: ACSAC, 2018 Annual Computer Security Applications Conference, San Juan, Puerto Rico, USA, Submissions are due
• 6/16/18: STM, 14th International Workshop on Security and Trust Management, Co-located with the 23rd European Symposium On Research in Computer Security (ESORICS 2018), Barcelona, Spain, Submissions are due
• 6/22/18: SSR, 4th Conference on Security Standards Research, Darmstadt, Germany, Submissions are due
• 6/25/18: DSML, International Workshop on Dependable and Secure Machine Learning, Co-located with the 48th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2018), Luxembourg City, Luxembourg
• 6/26/18- 6/27/18: ESSoS, International Symposium on Engineering Secure Software and Systems, Campus Paris-Saclay, France
• 7/ 1/18: SP, 40th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, Submissions are due
• 7/ 2/18- 7/ 4/18: IVSW, 3rd International Verification and Security Workshop, Costa Brava, Spain
• 7/ 6/18: CRiSIS, 13th International Conference on Risks and Security of Internet and Systems, Arcachon, France, Submissions are due
• 7/ 8/18: GRAMSEC, 5th International Workshop on Graphical Models for Security, Co-located with CSF 2018, Oxford, UK
• 7/ 8/18- 7/13/18: WCCI-Blockchain, Blockchain Research and Applications Session, Held in conjunction with the 2018 World Congress on Computational Intelligence (WCCI 2018), Rio de Janeiro, Brasil
• 7/15/18- 7/18/18: DFRWS, 18th Annual DFRWS USA 2018 Conference, Providence, Rhode Island, USA
• 7/16/18- 7/18/18: DBSec, 32nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy, Bergamo, Italy
• 7/20/18: ISDDC, International Conference on Intelligent, Secure and Dependable Systems in Distributed and Cloud Environments, Vancouver, BC, Canada, Submissions are due
• 7/24/18- 7/27/18: PETS, 18th Privacy Enhancing Technologies Symposium, Barcelona, Spain
• 8/ 1/18: SP, 40th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, Submissions are due
• 8/10/18: NordSec, 23rd Nordic Conference on Secure IT Systems, Oslo, Norway, Submissions are due
• 8/12/18- 8/14/18: SOUPS, 14th Symposium on Usable Privacy and Security, Baltimore, MD, USA
• 8/12/18- 8/14/18: SciSec, 1st International Conference on Science of Cyber Security, Beijing, China
• 8/12/18- 8/15/18: DASC, 16th IEEE International Conference on Dependable, Autonomic and Secure Computing, Athens, Greece
• 8/15/18- 8/17/18: USENIX Security, 27th USENIX Security Symposium, Baltimore, MD, USA
• 8/19/18- 8/23/18: Crypto, 38th International Cryptology Conference, Santa Barbara, CA, USA
• 8/27/18- 8/30/18: ARES, 13th International Conference on Availability, Reliability and Security, Hamburg, Germany
• 8/27/18- 8/30/18: FARES, 13th International Workshop on Frontiers in Availability, Reliability and Security, Hamburg, Germany
• 8/27/18- 8/30/18: WCTI, International Workshop on Cyber Threat Intelligence, Held in conjunction with the 13th International Conference on Availability, Reliability and Security (ARES 2018), Hamburg, Germany
• 8/28/18- 8/31/18: NSPW, New Security Paradigms Workshop, Cumberland Lodge, Windsor, UK
• 9/ 1/18: SP, 40th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, Submissions are due
• 9/ 3/18- 9/ 5/18: IWSEC, 13th International Workshop on Security, Sendai, Japan,
• 9/ 6/18- 9/ 7/18: STM, 14th International Workshop on Security and Trust Management, Co-located with the 23rd European Symposium On Research in Computer Security (ESORICS 2018), Barcelona, Spain
• 9/10/18- 9/12/18: ICDF2C, 10th EAI International Conference on Digital Forensics & Cyber Crime, New Orleans, LA, USA
• 9/17/18: IFIP 11.9 DF, 15th Annual IFIP WG 11.9 International Conference on Digital Forensics, Orlando, Florida, USA, Submissions are due
• 9/17/18- 9/19/18: PLLS, 2nd Workshop on the Protection of Long-Lived Systems, Parnu, Estonia
• 9/18/18: STRIVE, 1st Workshop on Safety, securiTy, and pRivacy In automotiVe systEms, Co-located with SAFECOMP 2018, Vasteras, Sweden
• 9/18/18- 9/20/18: NISK, 11th Norwegian Information Security Conference, Longyearbyen, Svalbard, Norway
• 9/30/18-10/ 2/18: SecDev, IEEE Security Development Conference, Cambridge, MA, USA
• 9/30/18-10/ 3/18: CANS, 17th International Conference on Cryptology and Network Security, Naples, Italy
• 10/1/18: Springer International Journal of Information Security, Special Issue on IoT Security and Privacy, Submissions are due
• 10/ 1/18: SP, 40th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, Submissions are due
• 10/15/18-10/19/18: ACM-CCS, 25th ACM Conference on Computer and Communications Security, Toronto, Canada
• 10/16/18-10/18/18: CRiSIS, 13th International Conference on Risks and Security of Internet and Systems, Arcachon, France
• 10/29/18-10/31/18: ICICS, 20th International Conference on Information and Communications Security, Lille, France
• 11/ 1/18: SP, 40th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, Submissions are due
• 11/26/18-11/27/18: SSR, 4th Conference on Security Standards Research, Darmstadt, Germany
• 11/28/18-11/30/18: ISDDC, International Conference on Intelligent, Secure and Dependable Systems in Distributed and Cloud Environments, Vancouver, BC, Canada
• 11/28/18-11/30/18: NordSec, 23rd Nordic Conference on Secure IT Systems, Oslo, Norway
• 12/ 1/18: SP, 40th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, Submissions are due
• 12/ 3/18-12/ 7/18: ACSAC, 2018 Annual Computer Security Applications Conference, San Juan, Puerto Rico, USA
• 1/28/19- 1/30/19: IFIP 11.9 DF, 15th Annual IFIP WG 11.9 International Conference on Digital Forensics, Orlando, Florida, USA
• 5/20/19- 5/22/19: SP, 40th IEEE Symposium on Security and Privacy, San Francisco, CA, USA
 

• new calls or announcements added since Cipher E143

• SP 2019 40th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, May 20-22, 2019. (Submission Due first day of each month)

  Since 1980 in Oakland, the IEEE Symposium on Security and Privacy has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation and measurement of secure systems. Topics of interest include:

  • Access control and authorization
  • Accountability
  • Anonymity
  • Application security
  • Attacks and defenses
  • Authentication
  • Censorship resistance
  • Cloud security
  • Distributed systems security
  • Economics of security and privacy
  • Embedded systems security
  • Forensics
  • Hardware security
  • Intrusion detection and prevention
  • Malware and unwanted software
  • Mobile and Web security and privacy
  • Language-based security
  • Network and systems security
  • Privacy technologies and mechanisms
  • Protocol security
  • Secure information flow
  • Security and privacy for the Internet of Things
  • Security and privacy metrics
  • Security and privacy policies
  • Security architectures
  • Usable security and privacy
  This topic list is not meant to be exhaustive; S&P is interested in all aspects of computer security and privacy. Papers without a clear application to security or privacy, however, will be considered out of scope and may be rejected without full review.
  
  Systematization of Knowledge Papers As in past years, we solicit systematization of knowledge (SoK) papers that evaluate, systematize, and contextualize existing knowledge, as such papers can provide a high value to our community. Suitable papers are those that provide an important new viewpoint on an established, major research area, support or challenge long-held beliefs in such an area with compelling evidence, or present a convincing, comprehensive new taxonomy of such an area. Survey papers without such insights are not appropriate. Submissions will be distinguished by the prefix "SoK:" in the title and a checkbox on the submission form. They will be reviewed by the full PC and held to the same standards as traditional research papers, but they will be accepted based on their treatment of existing work and value to the community, and not based on any new research results they may contain. Accepted papers will be presented at the symposium and included in the proceedings.
  
  Workshops The Symposium is also soliciting submissions for co-located workshops. Further details on submissions can be found at https://www.ieee-security.org/TC/SP2019/workshops.html.
  
  Ongoing Submissions To enhance the quality and timeliness of the scientific results presented as part of the Symposium, and to improve the quality of our reviewing process, IEEE S&P now accepts paper submissions 12 times a year, on the first of each month. The detailed process can be found at the conference call-for-papers page.

• ICICS 2018 20th International Conference on Information and Communications Security, Lille, France, October 29-31, 2018. (Submission Due 8 June 2018)

  The conference started in 1997 and aims at bringing together leading researchers and practitioners from both academia and industry to discuss and exchange their experiences, lessons learned, and insights related to computer and communications security. Original papers offering novel research contributions on all aspects of information and communications security are solicited for submission to ICICS 2018. Topics of interest include, but are not limited to:

  • Access control
  • Anonymity
  • Applied cryptography
  • Authentication and authorization
  • Biometrics security
  • Blockchain and digital currency security
  • Cloud security
  • Computer and digital forensics
  • Cyber-Physical Systems security
  • Data and system integrity
  • Database security
  • Distributed systems security
  • E-Commerce security and trust issues
  • Embedded systems security
  • Engineering issues of cryptographic protocols and security systems
  • Fraud and cyber-crime
  • Hardware security
  • Identity access management
  • Industrial Control Systems security
  • Information hiding and watermarking
  • Insider threat detection
  • Intellectual property protection
  • Intrusion detection
  • IoT security and privacy
  • Key management and key recovery
  • Language-based security
  • Malware and Anti-malware
  • Mobile computing security and privacy
  • Network security
  • Network Functions Virtualization security
  • Operating systems security
  • Post-snowden cryptography
  • Privacy protection
  • Privacy-preserving data mining
  • Risk assessment
  • Social networks security, privacy and trust
  • Software Defined Networking security
  • Security management
  • Security models, metrics, and policies
  • Security and privacy of Big Data
  • Security of Critical Infrastructures
  • Trust and reputation systems
  • Trusted computing and trustworthy computing technologies
  • Usable security and privacy
  • Underground economy
  • Verification of security protocols
  • Web security
  • Wireless security

• ACSAC 2018 2018 Annual Computer Security Applications Conference, San Juan, Puerto Rico, USA, December 3-7, 2018. (Submission Due 15 June 2018)

  ACSAC brings together cutting edge researchers, with a broad cross-section of security professionals drawn from academia, industry, and government, gathered to present and discuss the latest security results and topics. With peer reviewed technical papers, invited talks, panels, national interest discussions, workshops, and professional development and training courses, ACSAC continues its core mission of investigating practical solutions for computer and network security technology. We plan to hold ACSAC at the Condado Plaza Hilton in San Juan, Puerto Rico. Centrally located in the trendy Condado Beach area, near historic Old San Juan, the hotel is an ideal location to both attend the conference and spend time relaxing and sightseeing in the warm tropical weather. While the island of Puerto Rico continues to recover and rebuild from the devastating impact of Hurricane Maria, we have been reassured that the hotel and San Juan will be ready for us in December. We plan to visit San Juan this summer to confirm its readiness. We invite you to submit your work to the conference. As an internationally recognized forum where practitioners, researchers, and developers meet to learn and to exchange practical ideas and experiences in computer and network security, we welcome your contributions. In addition to peer-reviewed papers on new work, we also welcome case studies on real-world applications, panels featuring interactive expert discussions, in-depth course on new and emerging topics, and workshops comprised of 1-2 days sessions on hot topics.

• STM 2018 14th International Workshop on Security and Trust Management, Co-located with the 23rd European Symposium On Research in Computer Security (ESORICS 2018), Barcelona, Spain, September 6-7, 2018. (Submission Due 16 June 2018)

  STM (Security and Trust Management) is a working group of ERCIM (European Research Consortium in Informatics and Mathematics). STM 2018 is the fourteenth workshop in this series and will be held in Barcelona, Spain, in conjunction with the 23rd European Symposium On Research in Computer Security (ESORICS 2018). The workshop seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of security and trust in ICTs.

• SSR 2018 4th Conference on Security Standards Research, Darmstadt, Germany, November 26-27, 2018. (Submission Due 22 June 2018)

  The purpose of this conference is to discuss the many research problems deriving from studies of existing standards, the development of revisions to existing standards, and the exploration of completely new areas of standardisation. Indeed, many security standards bodies are only beginning to address the issue of transparency, so that the process of selecting security techniques for standardisation can be seen to be as scientific and unbiased as possible. This year, we hope to tap into the current trend, which has seen more standardisation efforts being open to interaction with academics. This follows in the footsteps of IETFÍs design approach for TLS 1.3, which has seen substantial academic input. Similarly, several post-quantum efforts have seen interaction between academia and industry. This conference is intended to cover the full spectrum of research on security standardisation, including, but not restricted to, work on cryptographic techniques (including ANSI, IEEE, IETF, ISO/IEC JTC 1/SC 27, ITU-T and NIST), security management, security evaluation criteria, network security, privacy and identity management, smart cards and RFID tags, biometrics, security modules, and industry-specific security standards (e.g. those produced by the payments, telecommunications and computing industries for such things as payment protocols, mobile telephony and trusted computing).

• CRiSIS 2018 13th International Conference on Risks and Security of Internet and Systems, Arcachon, France, October 16-18, 2018. (Submission Due 6 July 2018)

  The International Conference on Risks and Security of Internet and Systems 2018 will be the 13th in a series dedicated to security issues in Internet-related applications, networks and systems. Internet has become essential for the exchange of information between user groups and organizations from different backgrounds and with different needs and objectives. These users are exposed to increasing risks regarding security and privacy, due to the development of more and more sophisticated online attacks, the growth of Cyber Crime, etc. Attackers nowadays do not lack motivation and they are more and more experienced. To make matters worse, for performing attacks have become easily accessible. Moreover, the increasing complexity as well as the immaturity of new technologies such as pervasive, mobile and wireless devices and networks, raise new security challenges. In this context, new security mechanisms and techniques should be deployed to achieve an assurance level acceptable for critical domains such as energy, transportation, health, defence, banking, critical infrastructures, embedded systems and networks, avionics systems, etc. The CRiSIS conference offers a remarkable forum for computer and network security actors from industry, academia and government to meet, exchange ideas and present recent advances on Internet-related security threats and vulnerabilities, and on the solutions that are needed to counter them. The topics addressed by CRiSIS range from the analysis of risks, attacks to networks and system survivability, to security models, security mechanisms and privacy enhancing technologies. The authors are invited to submit research results as well as practical experiment or deployment reports. Industrial papers about applications or case studies are also welcomed in different domains (e.g., telemedicine, banking, e-government, e-learning, e-commerce, critical infrastructures, mobile networks, embedded applications, etc.).

• ISDDC 2018 International Conference on Intelligent, Secure and Dependable Systems in Distributed and Cloud Environments, Vancouver, BC, Canada, November 28-30, 2018. (Submission Due 20 July 2018)

  This conference solicits papers addressing issues related to the design, analysis, and implementation, of dependable and secure infrastructures, systems, architectures, algorithms, and protocols that deal with network computing, mobile/ubiquitous systems, cloud systems, and IoT systems.

• NordSec 2018 23rd Nordic Conference on Secure IT Systems, Oslo, Norway, November 28-30, 2018. (Submission Due 10 August 2018)

  NordSec addresses a broad range of topics within IT security with the aim of bringing together computer security researchers and encouraging interaction between academia and industry. In addition to regular research paper submissions, we invite participants to present their ideas in poster sessions during lunches and coffee breaks. NordSec 2018 welcomes contributions within, but not limited to, the following areas:

  • Access control and security models
  • Applied cryptography
  • Blockchains
  • Cloud security
  • Commercial security policies and enforcement
  • Cryptanalysis
  • Cryptographic protocols
  • Cyber crime, warfare, and forensics
  • Economic, legal, and social aspects of security
  • Enterprise security
  • Hardware and smart card security
  • Mobile and embedded security
  • Internet of Things and M2M security
  • Internet, communication, and network security
  • Intrusion detection
  • Language-based techniques for security
  • New ideas and paradigms in security
  • Operating system security
  • Privacy and anonymity
  • Public-key cryptography
  • Security and machine learning
  • Security education and training
  • Security evaluation and measurement
  • Security management and audit
  • Security protocols
  • Security usability
  • Social engineering and phishing
  • Software security and malware
  • Symmetric cryptography
  • Trust and identity management
  • Trusted computing
  • Vulnerability testing
  • Web application security

• IFIP 11.9 DF 2019 15th Annual IFIP WG 11.9 International Conference on Digital Forensics, Orlando, Florida, USA, January 28-30, 2019. (Submission Due 17 September 2018)

  The IFIP Working Group 11.9 on Digital Forensics (www.ifip119.org) is an active international community of scientists, engineers and practitioners dedicated to advancing the state of the art of research and practice in digital forensics. The Fifteenth Annual IFIP WG 11.9 International Conference on Digital Forensics will provide a forum for presenting original, unpublished research results and innovative ideas related to the extraction, analysis and preservation of all forms of electronic evidence. Papers and panel proposals are solicited. All submissions will be refereed by a program committee comprising members of the Working Group. Papers and panel submissions will be selected based on their technical merit and relevance to IFIP WG 11.9. The conference will be limited to approximately sixty participants to facilitate interactions between researchers and intense discussions of critical research issues. Keynote presentations, revised papers and details of panel discussions will be published as an edited volume - the fifteenth volume in the well-known Research Advances in Digital Forensics book series (Springer, Heidelberg, Germany) during the summer of 2019. Technical papers are solicited in all areas related to the theory and practice of digital forensics. Areas of special interest include, but are not limited to:

  • Theories, techniques and tools for extracting, analyzing and preserving digital evidence
  • Enterprise and cloud forensics
  • Embedded device forensics
  • Internet of Things forensics
  • Digital forensic processes and workflow models
  • Digital forensic case studies
  • Legal, ethical and policy issues related to digital forensics

• Springer International Journal of Information Security, Special Issue on IoT Security and Privacy, (Submission Due 1 October 2018)

  Guest Editors: Takeshi Takahashi (National Institute of Information and Communications Technology, Japan), Rodrigo Roman Castro (Universidad de Malaga, Spain), Ryan Ko (University of Waikato, New Zealand), Bilhanan Silverajan (Tampere University of Technology, Finland), and Said Tabet (Dell EMC, USA).
  
  The Internet is gradually transforming from a communication platform for conventional IT appliances into the Internet of Things (IoT), increasingly interconnecting many assorted devices and sensors. These devices are generally referred as IoT devices, and many of them are inexpensive and can be constrained in terms of energy, bandwidth and memory. The establishment of IoT ecosystems in various domains is bringing multiple benefits to human users and companies alike. Example of such domains include Smart Homes, Smart Cities, the Industrial Internet and even Intelligent Transportation Systems. However, the IoT as a whole - including related paradigms such as Machine-to-Machine (M2M) and Cyber-Physical Systems (CPS) - is susceptible to a multitude of threats. In fact, many IoT devices currently are insecure and have many security vulnerabilities. For example, many vulnerable IoT devices which have been infected with malware have subsequently become comprised into large botnets, resulting in devastating DDOS attacks. Consequently, ensuring the security of such IoT ecosystems - before, during, and after an attack takes place - is a crucial issue for our society at this moment. This special issue aims to collect contributions by leading-edge researchers from academia and industry, show the latest research results in the field of IoT security and privacy, and provide valuable information to researchers as well as practitioners, standards developers and policymakers. Its aim is to focus on the research challenges and issues in IoT security. Manuscripts regarding novel algorithms, architectures, implementations, and experiences are welcome. Topics include but are not limited to:

  • Secure protocols for IoT devices
  • Privacy solutions and privacy helpers for IoT environments
  • Trust frameworks and secure/private collaboration mechanisms for IoT environments
  • Secure management and self-healing for IoT environments
  • Operative systems security for IoT devices
  • Security diagnosis tools for IoT devices
  • Threat and vulnerability detection in IoT environments
  • Anomaly detection and prevention mechanisms in IoT networks
  • Case studies of malware analysis in IoT environments
  • IoT forensics and digital evidence
  • Testbeds and experimental facilities for IoT security analysis and research
  • Standardization activities for IoT security
  • Security and privacy solutions tailored to specific IoT domains and ecosystems

 

• The Technical Committee on Security and Privacy

 

• Staying in touch....

  • Information for Subscribers and Contributors

  • Who's where: recent address changes

  • Changing your email address?  Please send updates to cipher@ieee-security.org

 

---

IEEE Computer Society's Technical Committee on Security and Privacy

	TC home page	TC Officers
	How to join the TCSP (or other TCs)	Open Access Proceedings
	Cipher past issues archive
	IEEE Computer Society	Cipher Privacy Policy

---