_/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/_/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/_/ _/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/ ============================================================================ Newsletter of the IEEE Computer Society's TC on Security and Privacy Electronic Issue 180 July 23, 2024 Hilarie Orman, Editor Sven Dietrich, Assoc. Editor cipher-editor @ ieee-security.org cipher-assoc-editor @ ieee-security.org Sven Dietrich Yong Guan Book Review Editor Calendar Editor cipher-bookrev @ ieee-security.org cipher-cfp @ ieee-security.org ============================================================================ The newsletter is also at http://www.ieee-security.org/cipher.html Cipher is published 6 times per year Contents: * Letter from the Editor * Commentary and Opinion and News o Sven Dietrich's review of "Read Write Own: Building the Next Era of the Internet" by Chris Dixon o News Items - Physician, Staunch Thine IT Wound! - The Security Software of My Enemy is My Enemy - Car Sales Impeded When Hacking Succeeded - You Rang? - It's not a bird, it's not a plane, it's not even a cyberattack! - Fujitsu Software Goes Postal, Turns Brits into Felons o Book reviews, Conference Reports and Commentary and News items from past Cipher issues are available at the Cipher website * List of Computer Security Academic Positions, by Cynthia Irvine * Conference and Workshop Announcements o Upcoming calls-for-papers and events * Staying in Touch o Information for subscribers and contributors o Recent address changes * Links for the IEEE Computer Society TC on Security and Privacy o Becoming a member of the TC o TC Officers o TC publications for sale ==================================================================== Letter from the Editor ==================================================================== Dear Readers: In looking over the archives of this newsletter, I realized that the online version of Cipher was first published 30 years ago. That was when Carl Landwehr took the groundbreaking step of moving the snail mailed version to the newfangled "web". That milestone, in turn, marked just about 30 years of the ARPA/DARPA network that became the Internet. If history is to be our guide, publication should be reaching a new paradigm shift just about now. The research community continues to struggle with the meshing of publication economics and need for quick and accurate dissemination of research results. The future is cloudy, but Cipher trudges on. Along the lines of "what's new with the Internet", this month we have Sven Dietrich's review of a book on that topic titled "Read Write Own: Building the Next Era of the Internet". It is available through traditional media: in print or via Kindle. The disturbing trend in cyberattacks of late is massive disruption of business through attacks on middleman services. Business-to-business services form a large network that facilitate the movement and coordination of money and documents and processes. If one of these services is disabled by a cyberattack, the ramifications are immense. It is easy to conclude that such businesses should take security seriously. But, anyone who did that by installing Crowdstrike's Falcon software would have cause to curse security altogether. Some several days after a faulty release of the software disabled a percent of the world's PCs, some businesses are still trying to recover. BSOD Mama Lay that pointer down, babe Lay that pointer down Null exception mama Lay that pointer down Oh, hackin' data in a big array Was I havin' fun Until one byte wasn't addressed right Now my OS won't run. Oh, lay that pointer down, babe Lay that pointer down Nothin' there but error Lay that pointer down. (with apologies to Al Dexter) Hilarie Orman cipher-editor @ ieee-security.org ==================================================================== Commentary and Opinion and News ==================================================================== Book reviews from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/BookReviews.html, and conference reports are archived at http://www.ieee-security.org/Cipher/ConfReports.html ____________________________________________________________________ Book Review By Sven Dietrich July 23, 2024 ____________________________________________________________________ Read Write Own: Building the Next Era of the Internet by Chris Dixon Random House 2024. ISBN 978-0-59373-138-3 (hardcover), 978-0-59373-140-6 (ebook) 320 pages The Internet came about with the intent to survive major disasters, including war, disruptions, and system failures. Last week the world found out what it means when 8.5 million components of this Internet cease to function due to a flawed software update from a centralized entity in a once mostly decentralized world, thereby impacting critical infranstructure such as travel, hospitals, emergency services, banking, and more. This book "Read Write Own: Building the Next Era of the Internet" helps us realize how far the Internet has come from the days of inception, how intertwined we are with it in our daily lives, and how we might shape its future and ours. Author Chris Dixon retraces the history of the Internet through the lens of three phases of development that he calls "Read. Write. Own," and makes projections for the future. For those who have experienced the early stages of the Internet, they will appreciate the recall of those times. For those who haven't, they will appreciate the anecdotes from those pioneer times. Both groups will enjoy reading about musings for a hopefully better future. This 320-page book is divided into five parts and fourteen numbered chapters. Chapters are subdivided into named sections. Throughout the book, you will find the occasional black-and-white diagram or table. A roadmap in the beginning of the book helps the reader understand the flow of the book. A set of notes, which are not listed in the text itself, is grouped by chapter at the end of the book, plus a keyword-based index. The notes are mostly references to news articles or web links to support the author's points. The book is written in a more popular science or business style rather than in a rigorous scientific manner. In that form, it conveys the message well at that level, always with a first-person "voice" of the sole author. An introduction sets the stage for the book, providing more background on the author and their viewpoints, as well as a roadmap for the book. Part One "Read. Write." delves into the history of the Internet in three chapters. It shows the transition of a research-based Internet based on network and application protocols and free exchange into a corporate-dominated by the big Internet companies such as Google, Microsoft, or Meta. This covers predominantly the era of the 1990s and 2000s, with a slow monopolization of services by the big Internet companies. Part Two "Own." describes the advent of blockchain in three chapters, with a new computing paradigm and a renewed opportunity for a decentralized approach. It also covers tokens and blockchain networks, and digital ownership, from both a technical and economic perspective. Part Three "A New Era" shows the empowerment of the user by blockchain networks in five chapters. Topics such as community-based software, take rates, building networks with token incentives, "tokenomics," and network governance get discussed here. Part Four "Here and Now" addresses controversial topics in one chapter, such as regulatory issues and the so-called casino culture that sees cryptocurrencies and blockchains as gambling objects. Part Five "What's Next" has the author touch upon topics such as social networks, video games, virtual worlds, and artificial intelligence with the lens of blockchain networks in two chapters. The idea is that those technologies could enable users to regain ownership lost to the centralized and corporatized world the Internet has become. A Conclusion attempts to put a positive spin on the status quo. It outlines the opportunities that users have and should empower them to take the Internet in the direction they want, possibly to regain more ownership with the tools at their disposal. Overall the book is aimed at industry practitioners in technology, e-commerce, and online marketplaces, as well as tech-curious business users. Chris Dixon has put his heart and soul into this book, sharing his experiences in working in this field as part of the investor role he plays in the blockchain and cryptocurrency domains, among others. This book was entertaining and light summer reading. Through the anecdotes it brought back many memories of the earlier days of the Internet as well as the early days of blockchain. I enjoyed reading this book. It will find its proper place on my bookshelves. ------------------------------------------------------------------- Sven Dietrich reviews technology and security books for IEEE Cipher. He welcomes your thoughts at spock at ieee dot org ==================================================================== News Briefs ==================================================================== News briefs from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/NewsBriefs.html - Physician, Staunch Thine IT Wound! The Aftermath of a U.K. Cyberattack: Blood Shortages and Delayed Operations Several London hospitals, still reeling from a cyberattack last week, have made an urgent plea to medical students to help stem the disruption. https://www.nytimes.com/2024/06/13/world/europe/nhs-london-hospital-cyberattack.html Publisher: The New York Times Date: June 13, 2024 By: Jenny Gross Summary: In June, a ransomware attack on a UK company, Synnovis, a private firm that analyzes blood tests, "crippled services at two major National Health Service hospital trusts, Guy's and St. Thomas' and King's College." A week later, a spokesman described the situation as 'critical'. Hundreds of surgeries had been postponed, and the backlog of blood tests was large enough that medical students were asked to donate their time to helping. -------------------------------------------- Earlier story: London Hospitals Face Major Disruptions After Cyberattack A system used by several major London hospitals was targeted in a ransomware cyberattack, forcing the cancellation of services and the diversion of patients. https://www.nytimes.com/2024/06/05/world/europe/london-hospitals-cyberattack.html Publisher: The New York Times Date: June 5, 2024 By: Jenny Gross Summary: A UK company Synnovis, which manages blood transfusions and blood testing services was disable by a ransomware attack. "Ciaran Martin, a former head of British cybersecurity, told BBC Radio 4 on Wednesday that a Russian cybercriminal group known as Qilin was most likely behind the attack." The ransom demand is said to be $50M (according to a Techradar https://www.techradar.com/pro/security/average-ransomware-payment-demands-soars-as-criminals-grow-more-confident>article. -------------------------------------------- Ransomware Assault on NHS: A Deep Dive into the Synnovis Data Breach https://www.intercede.com/ransomware-assault-on-nhs-a-deep-dive-into-the-synnovis-data-breach/> Publisher: Intercede Date: July 12th 2024 By: Ellie Dean-Foster Summary: Not only did the ransomware attack on Synnovis disrupt health care at major hospitals, but it was also accompanied by the theft of 400GB of patient records. ------------------------------------------------------------------------------- The Security Software of My Enemy is My Enemy https://www.scmagazine.com/news/us-to-ban-kaspersky-software-sales-over-ties-with-russia-reports-say> US to ban Kaspersky software sales over ties with Russia Critical Infrastructure Security, Government Regulations, Industry Regulations Publisher: SC Magazine Date: June 20, 2024 By Shaun Nichols: Summary: Kaspersky software has not been implicated in any nefarious activities, but the US government has long been uneasy about its popular system security product the company's founder has ties to the Russian government (see this 2017 article in SC Media). In 2017 the US barred government agencies and their contractors from using its antivirus product. The other shoe has taken 7 years to fall, but the Department of Commerce, which was rumored to be poised to ban import and sales of Kaspersky products, did indeed proceed with that ban. ----------------------------------------- https://www.bis.gov/press-release/commerce-department-prohibits-russian-kaspersky-software-us-customers> Commerce Department Prohibits Russian Kaspersky Software for U.S. Customers Publisher: US Bureau of Industry & Security Date: June 20, 2024 By: Press Release Today, the Department of Commerce's Bureau of Industry and Security (BIS) announced a Final Determination prohibiting Kaspersky Lab, Inc., the U.S. subsidiary of a Russia-based anti-virus software and cybersecurity company, from directly or indirectly providing anti-virus software and cybersecurity products or services in the United States or to U.S. persons. The prohibition also applies to Kaspersky Lab, Inc.'s affiliates, subsidiaries and parent companies (together with Kaspersky Lab, Inc., "Kaspersky"). -------------------------------------------- Kaspersky Compliance Statement https://usa.kaspersky.com/about/press-releases/2024_kaspersky-statement-on-compliance-in-the-us-following-icts-final-determination Publisher: Kaspersky Press Release Date: July 18, 2024 Summary: "Kaspersky statement on compliance in the U.S. following ICTS Final Determination In conformity with the Final Determination by the U.S. Department of Commerce, Kaspersky announces it has stopped sales contracts of its anti-virus software and cybersecurity products in the United States ahead of July 20, 2024. Starting from September 30, 2024, Kaspersky will be prohibited from providing anti-virus signature updates and codebase updates to U.S. consumers and businesses. Until then, the company will continue fulfilling its obligations under all existing contracts. Starting from July 20, 2024 Kaspersky will also gradually wind down its U.S. operations and eliminate U.S.-based positions." ------------------------------------------------------------------------------- Car Sales Impeded When Hacking Succeeded https://www.cbsnews.com/news/cdk-cyber-attack-outage-auto-dealerships-cbs-news-explains/> CDK cyberattack shuts down auto dealerships across the U.S. Here's what to know. Publisher: CBS News Date: June 19, 2024 By: Megan Cerullo Summary: We know that a national economy is a complex system, and such systems have a myriad of parts that function together to "make the wheels go round". Cyberattacks afflict the parts based on details of their computer configurations, not their place in the economy. You may have never heard of CDK systems, but it provides software systems to manage the ways that car dealerships handle money: payroll, financing, insurance, etc. When a cyberattack took down CDK's computerized services, dealerships tried to hobble along with ad hoc spreadsheets and sticky notes. Sales plummeted as staff were bereft of the tools of their trade. The ransomware took down over 10K dealerships. CDK was hit again days later (see subsequent article from CPO Magazine). -------------------------------------------- https://www.nytimes.com/2024/06/21/business/cyberattack-car-dealers-cdk.html> Cyberattacks Disrupt Car Sales by Dealers in U.S. and Canada The attacks on a software provider, CDK Global, affect systems that store customer records and automate paperwork and data for sales and service. Publisher: The New York Times Date: June 21, 2024 By: Neal E. Boudette -------------------------------------------- https://www.cpomagazine.com/cyber-security/saas-provider-cdk-global-suffers-a-second-cyber-attack-disrupting-thousands-of-auto-dealers/> SaaS Provider CDK Global Suffers a Second Cyber Attack Disrupting Thousands of Auto Dealers Publisher: CPO Magazine Date: June 27, 2024 By: Alicia Hope Summary: CDK was in the process of restoring some of its systems when a second attack threw them into chaos again. They took systems offline and advised dealerships not to connect to their VPN until further notice. Pencil-and-paper workarounds used by some dealerships kept some operations going, but the inability to access previous transactions was a definite impediment. ------------------------------------------------------------------------------- You Rang? https://www.nytimes.com/2024/07/12/business/att-data-breach.html> AT&T Says Phone Data of 'Nearly All' Customers Was Breached in 2022 More than 100 million customers' phone records were exposed, but the breach did not include contents of calls, texts or data such as Social Security numbers and passwords. Publisher: Date: July 12, 2024 By: Jenny Gross and Danielle Kaye Summary: Somehow AT&T phone records from two years ago were illegally accessed. As a result, the phone call records, a year's worth, for their non-government customers were revealed. Although the information is "only" which phone numbers called which other phone numbers, the information could be mined to reveal contact patterns of interest to criminals, law enforcement, or place old snoops. Some clever data analyst might be able to discover social connections that could be used for directed advertising, either commercial or political. However, AT& believes that the data is not available to the public. -------------------------------------------- https://www.prnewswire.com/news-releases/att-addresses-illegal-download-of-customer-data-302195733.html> AT&T Addresses Illegal Download of Customer Data Publisher: AT&T Date: Jul 12, 2024 Summary: AT&T reports that in April they learned that some customer data had been illegally downloaded from a cloud platform. One person was apprehended. The data probably remained with the perpetrators and is not publicly available. ------------------------------------------------------------------------------- It's not a bird, it's not a plane, it's not even a cyberattack! It's a CrowdStrike null pointer exception! There was worldwide business disruption when a faulty update to a popular piece of security software an amok on Windows machines. The company behind the problem took care to emphasize that it was not a cyberattack, just a mistake. https://www.nytimes.com/2024/07/19/business/hospitals-cancel-nonessential-surgeries-global-technology-outage.html> Hospitals Cancel Nonessential Surgeries After Global Technology Outage Hospital systems across the country reported I.T. disruptions. A spokesman for Kaiser Permanente called the situation "unprecedented." Publisher: The New York Times Date: July 19, 2024 By: Annie Correal and Jill Cowan Summary: A botched update of a security app for Microsoft Windows caused disruption across many business sectors. Although only a percent of all Windows machines were affected, some of those were important to scheduling airline flights, for example. In the health sector, lives were on the line when hospitals, notably all Kaiser Permanente facilities, were unable to schedule surgeries (ER rooms remained open). Massachusetts General and Providence Health systems were also affected. The software in question is CrowdStrikes's Falcon system. The update invoked a fatal error that crashed the Windows OS. Although it looked liked a massive cyberattack, CrowdStrike explained that it was simply a bug, one that they were working on fixing. -------------------------------------------- https://www.techtarget.com/whatis/feature/Explaining-the-largest-IT-outage-in-history-and-whats-next> CrowdStrike outage explained: What caused it and what’s next A CrowdStrike update caused a massive IT outage, crashing millions of Windows systems. Critical services and business operations were disrupted, revealing tech reliance risks. Publisher: TechTarget Date: 23 Jul 2024 By: Sean Michael Kerner Summary: Channel file 291 is an update that shall live in infamy. That was the file with the "logic flaw" that caused CrowdStrike's update to its Falcon platform to cause a kernel exception that crashed Microsoft Windows machines. The CrowdStrike product is used for endpoint security. It was hard to distinguish the results of the bug from a sophisticated cyberattack. ------------------------------------------------------------------------------- Fujitsu Software Goes Postal, Turns Brits into Felons https://www.bbc.com/news/articles/c8975zprepro UK Post Office victims are still having to fight Publisher: BBC News Date: July 22, 2024 By: Pritti Mistry Summary: About 700 Britons who ran Post Office stations were accused of misappropriating funds based on the accounting done by the software system, Horizon, that they were required to use. Even though that system was revealed as severely faulty, the victims of the unwarranted prosecution are still having trouble clearing their names. The Post Office offered this statement: "We are deeply sorry for the pain which has been suffered by so many people, their families and friends throughout the Horizon IT scandal." The Post Office is working "as fast as we can" to financially redress the falsely accused postmasters. -------------------------------------------- Previous stories: https://www.cnbc.com/2024/01/23/post-office-scandal-fujitsu-role-in-could-have-reputational-consequences.html> Fujitsu role in Britain's Post Office scandal could have severe reputational consequences, analysts say. Publisher: CNBC Date: Jan 23 2024 By: Elliot Smith ------------------------------------- --What the hell is going on with the U.K. Post Office? Massive computer glitches, compounded by alleged cover-ups and court cases, have produced a very British scandal. https://www.fastcompany.com/91017767/uk-post-office-explained> Publisher: Fastcompany.com Date: 01-26-2024 By: Chris Stokel-Walker ==================================================================== Listing of academic positions available by Cynthia Irvine ==================================================================== http://cisr.nps.edu/jobscipher.html -------------- This job listing is maintained as a service to the academic community. If you have an academic position in computer security and would like to have in it included on this page, send the following information: Institution, City, State, Position title, date position announcement closes, and URL of position description to: irvine@cs.nps.navy.mil ==================================================================== Conference and Workshop Announcements ==================================================================== The complete Cipher Calls-for-Papers is located at http://www.ieee-security.org/CFP/Cipher-Call-for-Papers.html The Cipher event Calendar is at http://www.ieee-security.org/Calendar/cipher-hypercalendar.html Requests for inclusion in the list should sent per instructions: http://www.ieee-security.org/Calendar/submitting.html ____________________________________________________________________ Cipher Event Calendar ____________________________________________________________________ TPS 2024 6th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications, Washington D.C., USA, October 28-30, 2024. https://www.sis.pitt.edu/lersais/conference/tps/2024/ Submission dates: 21 June 2024 and 29 July 2024 ARES 2024 19th International Conference on Availability, Reliability and Security, Vienna, Austria, July 30 - August 2, 2024. http://www.ares-conference.eu/ CUING 2024 8th International Workshop on Cyber Use of Information Hiding, Held in conjunction with the 19th International Conference on Availability, Reliability and Security (ARES 2024), Vienna, Austria, July 30 - August 2, 2024. https://www.ares-conference.eu/cuing ENS 2024 7th International Workshop on Emerging Network Security, Held in conjunction with the 19th International Conference on Availability, Reliability and Security (ARES 2024), Vienna, Austria, July 30 - August 2, 2024. https://www.ares-conference.eu/ens/ BASS 2024 4th International Workshop on Behavioral Authentication for System Security, Held in conjunction with the 19th International Conference on Availability, Reliability and Security (ARES 2024), Vienna, Austria, July 30 - August 2, 2024. https://www.ares-conference.eu/workshops/bass/ EDid 2024 1st International Workshop on Emerging Digital Identities, Held in conjunction with the 19th International Conference on Availability, Reliability and Security (ARES 2024), Vienna, Austria, July 30 - August 2, 2024. https://www.ares-conference.eu/edid ICISS 2024 20th International Conference on Information Systems Security, Jaipur, India, December 16-20, 2024. https://iciss.isrdc.in/ Submission date: 31 July 2024 SOUPS 2024 20th Symposium on Usable Privacy and Security, Philadelphia, PA, USA, August 11-13, 2024. https://www.usenix.org/conference/soups2024 ICSS 2024 10th Industrial Control System Security Workshop, Held in conjunction with the Annual Computer Security Applications Conference (ACSAC), Waikiki, Hawaii, Dec 10, 2024. https://www.acsac.org/2024/workshops/icss/ Submission date: 12 August 2024 CSET 2024 17th Cyber Security Experimentation and Test Workshop, Philadelphia, PA, USA, August 13, 2024. https://cset24.isi.edu/index.html USENIX Security 2024 33rd USENIX Security Symposium, Philadelphia, PA, USA, August 14-16, 2024. https://www.usenix.org/conference/usenixsecurity24 SciSec 2024 6th International Conference on Science of Cyber Security, Copenhagen, Denmark, August 14-16, 2024. https://scisec.org/index.html UbiSec 2024 4th International Conference on Ubiquitous Security, Changsha, China, December 29-31, 2024. http://ubisecurity.org/2024/ Submission date: 15 August 2024 ICICS 2024 26th International Conference on Information and Communications Security, Mytilene, Greece, August 26-28, 2024. http://icics2024.aegean.gr/submissions/ PETS 2025 25th Privacy Enhancing Technologies Symposium, Washington, DC and Online, July, 2025 (dates to be confirmed). https://petsymposium.org/cfp25.php Submission dates: 31 May 2024, 31 August 2024, 30 November 2024, and 28 February 2025 ACM Distributed Ledger Technologies: Research and Practice, Special Issue on Blockchain for 6G Trust, Security, and Privacy. https://dl.acm.org/pb-assets/static_journal_pages/dlt/pdf/ACM_DLT_SI_Blockchain_6G_Trust_Security_Privacy-1709931907953.pdf Submission date: 1 September 2024 CSR 2024 IEEE International Conference on Cyber Security and Resilience, London, UK, Hybrid Conference, September 2-4, 2024. https://www.ieee-csr.org/ USENIX Security 2025 34th USENIX Security Symposium, Seattle, WA, USA, August 13-15, 2025. https://www.usenix.org/conference/usenixsecurity25 Submission dates: 4 September 2024 and 22 January 2025 FPS 2024 17th International Symposium on Foundations & Practice of Security, Montreal, Canada, December 9-11 2024. https://fps-2024.hec.ca/ Submission date: 6 September 2024 SCN 2024 14th International Conference on Security and Cryptography for Networks, Amalfi, Italy. September 11-13, 2024. https://scn.unisa.it/scn24/index.php/call-for-papers/ IFIP 119 DF 2025 21st Annual IFIP WG 11.9 International Conference on Digital Forensics, New Delhi, India, January 6-7, 2025. http://www.ifip119.org/ Submission date: 15 September 2024 ESORICS 2024 9th European Symposium on Research in Computer Security, Bydgoszcz, Poland, September 16-20, 2024. https://esorics2024.org DPM 2024 18th International Workshop on Data Privacy Management, Co-located with ESORICS 2024, Bydgoszcz, Poland, September 19, 2024. https://deic.uab.cat/dpm/dpm2024/ CBT 2024 8th International Workshop on Cryptocurrencies and Blockchain Technology, Co-located with ESORICS 2024, Bydgoszcz, Poland, September 19, 2024. http://cbtworkshop.org/ SYSTOR 2024 17th ACM International System and Storage Conference, Tel Aviv-Yaffo, Israel, September 23-25, 2024. https://www.systor.org/2024/ eCrime 2024 19th annual APWG eCrime symposium, Boston, Massachusetts, USA, September 24-26, 2024. https://ecrime2024.hotcrp.com CANS 2024 International Conference on Cryptology and Network Security, Cambridge, UK, September 24-27, 2024. https://2024.cansconference.org/ DFRWS EU 2025 Digital Forensics Research Conference Europe, Hybrid, Brno, Czech Republic, April 1-4, 2025. https://dfrws.org/conferences/dfrws-eu-2025/ Submission date: 27 September 2024 EuroUSEC 2024 European Symposium on Usable Security conference, Karlstad, Sweden, September 30 - October 1, 2024. https://eurousec24.kau.se RAID 2024 27th International Symposium on Research in Attacks, Intrusions and Defenses, Padua, Italy, September 30 - October 2, 2024. https://raid2024.github.io/ CNS 2024 12th IEEE Conference on Communications and Network Security, Taipei, Taiwan, September 30 - October 3, 2024. https://cns2024.ieee-cns.org/ 6GQ 2024 Workshop on Postquantum Cryptography and Quantum Communication for 6G Networks, Held in conjunction with the 49th Annual IEEE Conference on Local Computer Networks (IEEE LCN 2024), Caen, Normandy, France, October 8-10, 2024. https://sites.google.com/view/6gq2024/home MarCaS 2024 2nd IEEE LCN Special Track on Maritime Communication and Security, Held in conjunction with the 49th Annual IEEE Conference on Local Computer Networks (IEEE LCN 2024), Caen, Normandy, France, October 8-10, 2024. https://garykessler.net/lcn_marcas/ BRAINS 2024 6th Conference on Blockchain Research & Applications for Innovative Networks and Services, Berlin, Germany, October 8-11, 2024. https://brains.dnac.org/2024/ HealthSec 2024 Workshop on Cybersecurity in Healthcare, Held in conjunction with the 31st ACM Conference on Computer and Communications Security (CCS 2024), Salt Lake City, Utah USA, October 14, 2024. https://publish.illinois.edu/healthsec/ ACM CCS 2024 31th ACM Conference on Computer and Communications Security, Salt Lake City, Utah, USA, October 14-18, 2024. https://www.sigsac.org/ccs/CCS2024/call-for/call-for-papers.html ASHES 2024 8th Workshop on Attacks and Solutions in Hardware Security, Held in conjunction with the 31st ACM CCS 2024, Salt Lake City, UT, USA, October 14-18, 2024. https://sss2024.github.io TPS 2024 6th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications, Washington D.C., USA, October 28-30, 2024. https://www.sis.pitt.edu/lersais/conference/tps/2024/ ICTAI 2024 36th IEEE International Conference on Tools with Artificial Intelligence, Herndon, VA, USA, October 30 - November 1, 2024. https://ictai.computer.org/2024/ DFDS 2025 1st Digital Forensics Doctoral Symposium, Held in conjunction with Digital Forensics Research Conference Europe (DFRWS EU 2025), Brno, Czech Republic, April 1, 2025. https://www.dfrws.org/conferences/dfds2025/ Submission date: 4 November 2024 DASC 2024 22nd IEEE International Conference on Dependable, Autonomic and Secure Computing, Boracay Island, Malay, Philippines, November 5-8, 2024. http://cyber-science.org/2024/dasc/ SP 2025 46th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, May 12-15, 2025. https://www.sp2025.ieee-security.org/cfpapers.html Submission date: 14 November 2024 NSS-SocialSec 2024 Joint 18th International Conference on Network and System Security and 10th International Symposium on Security and Privacy in Social Networks and Big Data, Abu Dhabi, UAE, November 20-22, 2024. http://nsclab.org/nss-socialsec2024/index.html CRiSIS 2024 19th International Conference on Risks and Security of Internet and Systems, Aix-en-Provence, France, November 26-28, 2024. https://crisis2024.univ-gustave-eiffel.fr PETS 2025 25th Privacy Enhancing Technologies Symposium, Washington, DC and Online, July, 2025 (dates to be confirmed). https://petsymposium.org/cfp25.php Submission dates: 31 May 2024, 31 August 2024, 30 November 2024, and 28 February 2025 UIC 2024 21th IEEE International Conference on Ubiquitous Intelligence and Computing, Denarau Island, Fiji, December 2-7, 2024. https://www.ieee-smart-world.org/2024/uic/ FPS 2024 17th International Symposium on Foundations & Practice of Security, Montreal, Canada, December 9-11 2024. https://fps-2024.hec.ca/ ICSS 2024 10th Industrial Control System Security Workshop, Held in conjunction with the Annual Computer Security Applications Conference (ACSAC), Waikiki, Hawaii, Dec 10, 2024. https://www.acsac.org/2024/workshops/icss/ ICISS 2024 20th International Conference on Information Systems Security, Jaipur, India, December 16-20, 2024. https://iciss.isrdc.in/ CSCML 2024 8th International Symposium on Cyber Security, Cryptology and Machine Learning, Beer-Sheva, Israel - Virtual, December 19-20, 2024. https://www.cscml.org/ UbiSec 2024 4th International Conference on Ubiquitous Security, Changsha, China, December 29-31, 2024. http://ubisecurity.org/2024/ IFIP 119 DF 2025 21st Annual IFIP WG 11.9 International Conference on Digital Forensics, New Delhi, India, January 6-7, 2025. http://www.ifip119.org/ USENIX Security 2025 34th USENIX Security Symposium, Seattle, WA, USA, August 13-15, 2025. https://www.usenix.org/conference/usenixsecurity25 Submission date: 4 September 2024 and 22 January 2025 NDSS 2025 Network and Distributed System Security Symposium and Workshops, San Diego, CA, USA, February 23-28, 2025. https://www.ndss-symposium.org/ndss2025/submisions/call-for-papers/ PETS 2025 25th Privacy Enhancing Technologies Symposium, Washington, DC and Online, July, 2025 (dates to be confirmed). https://petsymposium.org/cfp25.php Submission dates: 31 May 2024, 31 August 2024, 30 November 2024, and 28 February 2025 DFDS 2025 1st Digital Forensics Doctoral Symposium, Held in conjunction with Digital Forensics Research Conference Europe (DFRWS EU 2025), Brno, Czech Republic, April 1, 2025. https://www.dfrws.org/conferences/dfds2025/ DFRWS EU 2025 Digital Forensics Research Conference Europe, Hybrid, Brno, Czech Republic, April 1-4, 2025. https://dfrws.org/conferences/dfrws-eu-2025/ SP 2025 46th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, May 12-15, 2025. https://www.sp2025.ieee-security.org/cfpapers.html USENIX Security 2025 34th USENIX Security Symposium, Seattle, WA, USA, August 13-15, 2025. https://www.usenix.org/conference/usenixsecurity25 ==================================================================== Information on the Technical Committee on Security and Privacy ==================================================================== ____________________________________________________________________ Information for Subscribers and Contributors ____________________________________________________________________ SUBSCRIPTIONS: Two options, each with two options: 1. To receive the full ascii CIPHER issues as e-mail, send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe". OR send a note to cipher-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) 2. To receive a short e-mail note announcing when a new issue of CIPHER is available for Web browsing send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe postcard". OR send a note to cipher-postcard-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) To remove yourself from the subscription list, send e-mail to cipher-admin@ieee-security.org with subject line "unsubscribe" or "unsubscribe postcard" or, if you have subscribed directly to the xmission.com mailing list, use your password (sent monthly) to unsubscribe per the instructions at http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher or http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher-postcard Those with access to hypertext browsers may prefer to read Cipher that way. It can be found at URL http://www.ieee-security.org/cipher.html CONTRIBUTIONS: to cipher @ ieee-security.org are invited. Cipher is a NEWSletter, not a bulletin board or forum. It has a fixed set of departments, defined by the Table of Contents. Please indicate in the subject line for which department your contribution is intended. Calendar and Calls-for-Papers entries should be sent to cipher-cfp @ ieee-security.org and they will be automatically included in both departments. To facilitate the semi-automated handling, please send either a text version of the CFP or a URL from which a text version can be easily obtained. For Calendar entries, please include a URL and/or e-mail address for the point-of-contact. For Calls for Papers, please submit a one paragraph summary. See this and past issues for examples. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. All reuses of Cipher material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy, publications using Cipher material should obtain permission from the contributors. ____________________________________________________________________ Recent Address Changes ____________________________________________________________________ Address changes from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/AddressChanges.html _____________________________________________________________________ How to become <> a member of the IEEE Computer Society's TC on Security and Privacy _____________________________________________________________________ You may easily join the TC on Security & Privacy (or other TCs) by completing the on-line form at IEEE at https://www.computer.org/web/tandc/technical-committees ______________________________________________________________________ TC Conference Publications Online ______________________________________________________________________ The proceedings of previous conferences are available from the Computer Society's Digital Library. IEEE Security and Privacy Symposium IEEE Computer Security Foundations IEEE European Security and Privacy Symposium From 2012 onward, these are available without charge from the digital library 12 months after the conference. ____________________________________________________________________________ TC Officers ____________________________________________________________________________ Chair: Security and Privacy Symposium Chair Emeritus: Gabriela Ciocarlie Daniel Takabi Associate Professor Associate Professor University of Texas at Georgia State University San Antonio https://cas.gsu.edu/profile/daniel-takabi tcchair at ieee-security.org Vice Chair: Treasurer: Thorsten Holtz Yong Guan Faculty Member Professor CISPA Helmholtz Center for Department of Electrical and Computer Information Security Engineering tcchair at ieee-security.org Iowa State University, Ames, IA 50011 treasurer@ieee-security.org Newsletter Editor: Security and Privacy Symposium, 2024 Chair: Hilarie Orman Trent Jaeger Purple Streak, Inc. Associate Professor 500 S. Maple Dr. Pennsylvania State University Woodland Hills, UT 84653 https://www.cse.psu.edu/~trj1/ cipher-editor@ieee-security.org sp24-chair@ieee-security.org TC Awards Chair: Tegan Brennan Assistant Professor Stevens Institute of Technology tbrenna5 at stevens.edu ____________________________________________________________________________ BACK ISSUES: Cipher is archived at: http://www.ieee-security.org/cipher.html Cipher is published 6 times per year --=====================_purplestreak_932242421235479791===--