[Cryptography] prism-proof email in the degenerate case
Very silly but trivial to implement so I went ahead and did so: To send a prism-proof email, encrypt it for your recipient and send it to irrefrangi...@mail.unipay.nl. Don't include any information about the recipient, just send the ciphertext (in some form of ascii armor). Be sure to include something in the message itself to indicate who it's from because no sender information will be retained. To receive prism-proof email, subscribe to the irrefrangible mailing list at http://mail.unipay.nl/mailman/listinfo/irrefrangible/. Use a separate email address for which you can pipe all incoming messages through a script. Upon receipt of a message, have your script attempt to decrypt it. If decryption succeeds (almost never), put it in your inbox. If decryption fails (almost always), put it in the bit bucket. (If you prefer not to subscribe you can instead download messages from the public list archive, but at some point I may discard archived messages and/or stop archiving.) The simple(-minded) idea is that everybody receives everybody's email, but can only read their own. Since everybody gets everything, the metadata is uninteresting and traffic analysis is largely fruitless. Spam isn't an issue because it will be discarded along with all the other mail that fails to decrypt for the recipient. Each group of correspondents can choose its own methods of encryption and key exchange. Scripts interfacing to, e.g., gpg on either end should be straightforward. Enjoy! /tongue-in-cheek ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
[Cryptography] [nicol...@cmu.edu: [fc-announce] Financial Cryptography 2014 Call for Papers]
--- Start of forwarded message --- Date: Wed, 2 Oct 2013 10:55:03 -0400 From: Nicolas Christin nicol...@cmu.edu Subject: [fc-announce] Financial Cryptography 2014 Call for Papers Call for Papers FC 2014 March 3-7, 2014 Accra Beach Hotel Spa, Barbados Financial Cryptography and Data Security is a major international forum for research, advanced development, education, exploration, and debate regarding information assurance, with a specific focus on financial, economic and commercial transaction security. Original works focusing on securing commercial transactions and systems are solicited; fundamental as well as applied real-world deployments on all aspects surrounding commerce security are of interest. Submissions need not be exclusively concerned with cryptography. Systems security, economic or financial modeling, and, more generally, inter-disciplinary efforts are particularly encouraged. Topics of interests include, but are not limited to: Anonymity and Privacy Applications of Game Theory to Security Auctions and Audits Authentication and Identification Behavioral Aspects of Security and Privacy Biometrics Certification and Authorization Cloud Computing Security Commercial Cryptographic Applications Contactless Payment and Ticketing Systems Data Outsourcing Security Digital Rights Management Digital Cash and Payment Systems Economics of Security and Privacy Electronic Crime and Underground-Market Economics Electronic Commerce Security Fraud Detection Identity Theft Legal and Regulatory Issues Microfinance and Micropayments Mobile Devices and Applications Security and Privacy Phishing and Social Engineering Reputation Systems Risk Assessment and Management Secure Banking and Financial Web Services Smartcards, Secure Tokens and Secure Hardware Smart Grid Security and Privacy Social Networks Security and Privacy Trust Management Usability and Security Virtual Goods and Virtual Economies Voting Systems Web Security Important Dates Workshop Proposal SubmissionJuly 31, 2013 Workshop Proposal Notification August 20, 2013 Mandatory Abstract Submission October 25, 2013, 23:59 UTC (firm) Paper SubmissionNovember 2, 2013, 23:59 UTC (firm) Paper Notification December 22, 2013 Final PapersJanuary 31, 2014 Poster and Panel Submission January 8, 2014 Poster and Panel Notification January 15, 2014 Conference March 3-7, 2014 Submission Submissions are sought in the following categories: (i) regular papers (15 pg LNCS format excluding references and appendices and maximum of 18 pg, i.e., 3 pg of references/appendices), (ii) short papers (8 pg LNCS format in total), (iii) panels and workshop proposals (2pg), and (iv) posters (1 pg). Committee members are not required to read the appendices, so the full papers should be intelligible without them. The regular and short paper submissions must be anonymous, with no author names, affiliations, acknowledgements, or obvious references. In contrast, panel, workshop proposal, and poster submissions must include author names and affiliations. Papers must be formatted in standard LNCS format and submitted as PDF files. Submissions in other formats will be rejected. All papers must be submitted electronically according to the instructions and forms found here and at the submission site. For each accepted paper the conference requires at least one registration at the general or academic rate. Authors may only submit work that does not substantially overlap with work that is currently submitted or has been accepted for publication to a conference/workshop with proceedings or a journal. We consider double submission serious research fraud and will treat it as such. In case of doubt contact the program chairs for any clarifications at fc14ch...@ifca.ai. IMPORTANT THIS YEAR: Abstracts must be registered by October 25 for both short and regular research papers. Papers whose abstract has not been submitted in time will not be considered. Registering abstracts that are currently under review at other venues is allowed, provided that the paper is either no longer under review at another venue or withdrawn from consideration before the submission deadline (November 2). Regular Research Papers Research papers should describe novel, previously unpublished scientific contributions to the field, and they will be subject to rigorous peer review. Accepted submissions will be included in the conference proceedings to be published in the Springer-Verlag Lecture Notes in Computer Science (LNCS) series. Submissions are limited to 15 pages excluding references and maximum of 18 pages (i.e., 3 pages of references and appendices). Committee members are not required to read the appendices, so the full papers should be intelligible without them. Regular papers must be anonymous with no author names, affiliations, acknowledgements, or obvious references. Short Papers Short papers are also subject
[Cryptography] [nicol...@cmu.edu: [fc-announce] Financial Cryptography 2014 Preliminary Call for Papers]
--- Start of forwarded message --- Date: Mon, 1 Jul 2013 08:40:55 -0400 From: Nicolas Christin nicol...@cmu.edu Organization: Carnegie Mellon University - INI/CyLab Subject: [fc-announce] Financial Cryptography 2014 Preliminary Call for Papers Preliminary Call for Papers FC 2014 March 3-7, 2014 Accra Beach Hotel Spa, Barbados Financial Cryptography and Data Security is a major international forum for research, advanced development, education, exploration, and debate regarding information assurance, with a specific focus on financial, economic and commercial transaction security. Original works focusing on securing commercial transactions and systems are solicited; fundamental as well as applied real-world deployments on all aspects surrounding commerce security are of interest. Submissions need not be exclusively concerned with cryptography. Systems security, economic or financial modeling, and, more generally, inter-disciplinary efforts are particularly encouraged. Topics of interests include, but are not limited to: Anonymity and Privacy Applications of Game Theory to Security Auctions and Audits Authentication and Identification Behavioral Aspects of Security and Privacy Biometrics Certification and Authorization Cloud Computing Security Commercial Cryptographic Applications Contactless Payment and Ticketing Systems Data Outsourcing Security Digital Rights Management Digital Cash and Payment Systems Economics of Security and Privacy Electronic Crime and Underground-Market Economics Electronic Commerce Security Fraud Detection Identity Theft Legal and Regulatory Issues Microfinance and Micropayments Mobile Devices and Applications Security and Privacy Phishing and Social Engineering Reputation Systems Risk Assessment and Management Secure Banking and Financial Web Services Smartcards, Secure Tokens and Secure Hardware Smart Grid Security and Privacy Social Networks Security and Privacy Trust Management Usability and Security Virtual Goods and Virtual Economies Voting Systems Web Security Important Dates Workshop Proposal SubmissionJuly 31, 2013 Workshop Proposal Notification August 20, 2013 Paper SubmissionOctober 25, 2013, 23:59 UTC (19:59 EDT, 16:59 PDT) -- FIRM DEADLINE, NO EXTENSIONS WILL BE GRANTED Paper Notification December 15, 2013 Final PapersJanuary 31, 2014 Poster and Panel Submission January 8, 2014 Poster and Panel Notification January 15, 2014 Conference March 3-7, 2014 Submission Submissions are sought in the following categories: (i) regular papers (15 pg LNCS format excluding references and appendices and maximum of 18 pg, i.e., 3 pg of references/appendices), (ii) short papers (8 pg LNCS format in total), (iii) panels and workshop proposals (2pg), and (iv) posters (1 pg). Committee members are not required to read the appendices, so the full papers should be intelligible without them. The regular and short paper submissions must be anonymous, with no author names, affiliations, acknowledgements, or obvious references. In contrast, panel, workshop proposal, and poster submissions must include author names and affiliations. Papers must be formatted in standard LNCS format and submitted as PDF files. Submissions in other formats will be rejected. All papers must be submitted electronically according to the instructions and forms found here and at the submission site. For each accepted paper the conference requires at least one registration at the general or academic rate. Authors may only submit work that does not substantially overlap with work that is currently submitted or has been accepted for publication to a conference/workshop with proceedings or a journal. We consider double submission serious research fraud and will treat it as such. In case of doubt contact the program chairs for any clarifications at fc14ch...@ifca.ai. Regular Research Papers Research papers should describe novel, previously unpublished scientific contributions to the field, and they will be subject to rigorous peer review. Accepted submissions will be included in the conference proceedings to be published in the Springer-Verlag Lecture Notes in Computer Science (LNCS) series. Submissions are limited to 15 pages excluding references and maximum of 18 pages (i.e., 3 pages of references and appendices). Committee members are not required to read the appendices, so the full papers should be intelligible without them. Regular papers must be anonymous with no author names, affiliations, acknowledgements, or obvious references. Short Papers Short papers are also subject to peer review, however, the intention is to encourage authors to introduce work in progress, novel applications and corporate/industrial experiences. Short papers will be evaluated with a focus on novelty and potential for sparking participants' interest and future research avenues. Short paper submissions are limited to 8 pages in
[sp...@cs.stevens.edu: WECSR 2011 CFP - Deadline Oct 15, 2010 - please disseminate]
--- Start of forwarded message --- Date: Thu, 23 Sep 2010 13:00:27 -0400 (EDT) From: Sven Dietrich sp...@cs.stevens.edu Subject: WECSR 2011 CFP - Deadline Oct 15, 2010 - please disseminate Source is at: http://www.cs.stevens.edu/~spock/wecsr2011/cfp.html Call for Papers 2nd Workshop on Ethics in Computer Security Research 2011 http://www.cs.stevens.edu/~spock/wecsr2011/ March 4, 2011 Bay Gardens Beach Resort, St. Lucia A workshop co-located with The Fifteenth Conference on Financial Cryptography and Data Security (FC'11) Submissions are now open (Deadline: Oct 15, 2010) Computer security often leads to discovering interesting new problems and challenges. The challenge still remains to follow a path acceptable for Institutional Review Boards at academic institutions, as well as compatible with ethical guidelines for professional societies or government institutions. However, no exact guidelines exist for computer security research yet. This workshop will bring together computer security researchers, practitioners, policy makers, and legal experts. This workshop solicits submissions describing or suggesting ethical and responsible conduct in computer security research. While we focus on setting standards and sharing prior experiences and experiments in computer security research, successful or not, we tap into research behavior in network security, computer security, applied cryptography, privacy, anonymity, and security economics. This workshop will favor discussions among participants, in order to shape the future of ethical standards in the field. It will be co-located with the Fifteenth International Conference on Financial Cryptography and Data Security 2011. Program Chair: Sven Dietrich, Stevens Institute of Technology Program Committee: Michael Bailey, University of Michigan Elizabeth Buchanan, University of Wisconsin-Milwaukee Aaron Burstein, University of California Berkeley Nicolas Christin, Carnegie Mellon University Michael Collins, RedJack Marc Dacier, Symantec Research Roger Dingledine, The Tor Project David Dittrich, University of Washington Kenneth Fleischmann, University of Maryland Rachel Greenstadt, Drexel University Erin Kenneally, UC San Diego/CAIDA/Elchemy Engin Kirda, EURECOM Howard Lipson, CERT John McHugh, University of North Carolina, Chapel Hill Peter Neumann, SRI International Vern Paxson, University of California, Berkeley / ICSI Len Sassaman, KU Leuven Angela Sasse, University College London Angelos Stavrou, George Mason University Michael Steinmann, Stevens Institute of Technology Paul Syverson, Naval Research Laboratory Submissions WECSR 2011 solicits submissions in three categories: 1. Position papers. Submitted papers must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or conference with proceedings. Position paper submission should not exceed 6 pages in length, excluding bibliography and well-marked appendices. 2. Case studies. Submitted case studies must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or conference with proceedings. Submitted case studies should not exceed 12 pages in length, excluding bibliography and well-marked appendices. 3. Panel proposals. Submitted panel proposals should list the panel topic, a moderator, and a list of confirmed panelists, along with a short biography of the participants. The composition should be adequately selected as to generate copious discussion. Panelists will be given an opportunity to submit a position statement for the final proceedings. Paper Submission Instructions Submissions must be formatted in the style of the Springer Publications format for Lecture Notes in Computer Science (LNCS). For complete details, see Springer's Author Instructions. Papers must be submitted electronically via the EasyChair submission page. Papers must be submitted in PDF (Adobe's Portable Document Format) format. Papers will not be accepted in any other format. Questions about conference submissions should be directed to the Program Chair at spock AT cs DOT stevens DOT edu. Proceedings The WECSR 2011 Proceedings will be published in the Springer Lecture Notes in Computer Science (LNCS) in conjunction with the FC'11 proceedings. Important Dates: Paper Submission: October 15, 2010 Author Notification:November 15, 2010 Camera-ready for Pre-Proceedings: December 15, 2010 WECSR 2011 Dates: March 4, 2011 - -- Sven Dietrich Stevens Institute of Technology Assistant Professor Castle Point on Hudson Computer Science Dept Hoboken, NJ 07030, USA sp...@cs.stevens.eduT: +1-201-216-8078 F: +1-201-216-8249 --- End of forwarded message --- - The Cryptography Mailing List Unsubscribe by sending unsubscribe
[gd...@microsoft.com: [fc-announce] Call for papers: Financial Cryptography and Data Security (FC2011)]
--- Start of forwarded message --- From: George Danezis gd...@microsoft.com To: fc-annou...@ifca.ai fc-annou...@ifca.ai Date: Wed, 21 Jul 2010 15:56:36 + Subject: [fc-announce] Call for papers: Financial Cryptography and Data Security (FC2011) Financial Cryptography and Data Security (FC 2011), Bay Gardens Beach Resort, St. Lucia February 28 - March 4, 2011 - http://ifca.ai/fc11/ [CFP in PDF: http://ifca.ai/fc11/fc11cfp.pdf] Financial Cryptography and Data Security is a major international forum for research, advanced development, education, exploration, and debate regarding information assurance, with a specific focus on commercial contexts. The conference covers all aspects of securing transactions and systems. Original works focusing on both fundamental and applied real-world deployments on all aspects surrounding commerce security are solicited. Submissions need not be exclusively concerned with cryptography. Systems security and inter-disciplinary efforts are particularly encouraged. Topics include: Anonymity and Privacy, Auctions and Audits, Authentication and Identification, Backup Authentication, Biometrics, Certification and Authorization, Cloud Computing Security, Commercial Cryptographic Applications, Transactions and Contracts, Data Outsourcing Security, Digital Cash and Payment Systems, Digital Incentive and Loyalty Systems, Digital Rights Management, Fraud Detection, Game Theoretic Approaches to Security, Identity Theft, Spam, Phishing and Social Engineering, Infrastructure Design, Legal and Regulatory Issues, Management and Operations, Microfinance and Micropayments, Mobile Internet Device Security, Monitoring, Reputation Systems, RFID-Based and Contactless Payment Systems, Risk Assessment and Management, Secure Banking and Financial Web Services, Securing Emerging Computational Paradigms, Security and Risk Perceptions and Judgments, Security Economics, Smartcards, Secure Tokens and Hardware, Trust Management, Underground-Market Economics, Usability, Virtual Economies, Voting Systems IMPORTANT DATES Workshop Proposal Submission: August 6, 2010 Workshop Proposal Notification: August 30, 2010 Paper Submission: October 1, 2010 Paper Notification: November 15, 2010 Final Papers: December 17, 2010 Poster and Panel Submission: December 3, 2010 Poster and Panel Notification: December 13, 2010 SUBMISSION Submission categories: (i) regular papers (15 pg LNCS format), (ii) short papers (8 pg), (iii) panels and workshops (2 pg), and (iv) posters (1 pg). Anonymized submissions will be double-blind reviewed. Papers must be formatted in standard LNCS format and submitted as PDF files. Submissions in other formats will be rejected. All papers must be submitted electronically according to the instructions and forms found on this web site and at the submission site. Authors may only submit work that does not substantially overlap with work that is currently submitted or has been accepted for publication to a conference with proceedings or a journal. We consider double submission serious research fraud and will treat it as such. In case of doubt contact the program chair for any clarifications at fc11ch...@ifca.ai. Regular Research Papers. Research papers should describe novel, previously unpublished scientific contributions to the field, and they will be subject to rigorous peer review. Accepted submissions will be included in the conference proceedings to be published in the Springer-Verlag Lecture Notes in Computer Science (LNCS) series. Submissions are limited to 15 pages. Short Papers. Short papers are also subject to peer review, however, the intention is to encourage authors to introduce work in progress, novel applications and corporate/industrial experiences. Short papers will be evaluated with a focus on novelty and potential for sparking participants' interest and future research avenues. Short paper submissions are limited to 8 pages in standard LNCS format. The paper title for short papers should necessarily include the text '(a short paper)'. Panel Proposals. We especially would like to encourage submissions of panel proposals. These should include a very brief description of the panel topics, as well as of the prospective panelists. Accepted panel sessions will be presented at the conference. Moreover, each participant will contribute a one-page abstract to be published in the conference proceedings. Please feel free to contact us directly if you would like to further discuss the suitability of a certain topic. Panel submissions should be up to 2 pages, sent to fc11ch...@ifca.ai. Posters. The poster session is the perfect venue to share a provocative opinion, interesting established or preliminary work, or a cool idea that will spark discussion. Poster presenters will benefit from a multi-hour session to discuss their work, get exposure, and receive feedback from attendees. Poster submissions should be 1 page (in the same LNCS format). Please keep in mind
Re: Has any public CA ever had their certificate revoked?
Date: Tue, 5 May 2009 10:17:00 -0700 From: Paul Hoffman paul.hoff...@vpnc.org the CA fixed the problem and researched all related problems that it could find. From what I've read of the incident (I think it's the one referred to), Comodo revoked the bogus mozilla.com cert and got their reseller Certstar (who issued it) to start performing validation. Security common sense might suggest that they validate all certs previously issued by Certstar and check the validation procedures of their other resellers. Do you know whether they did so? The former seems a major undertaking and commercially delicate. Ray - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
[tmo...@seas.harvard.edu: [fc-announce] Financial Crypto February 23-26 in Barbados, Early Registration Deadline Approaching]
From: Tyler Moore tmo...@seas.harvard.edu Subject: [fc-announce] Financial Crypto February 23-26 in Barbados, Early Registration Deadline Approaching To: fc-annou...@ifca.ai Date: Wed, 7 Jan 2009 21:58:44 -0500 Call for Participation Financial Cryptography and Data Security '09 http://fc09.ifca.ai/ Thirteenth International Conference February 23-26, 2009 Accra Beach Hotel Resort Barbados Early registration deadline approaching fast! Register by January 21 to receive a discount. For full details, visit: http://fc09.ifca.ai/registration.html Also, reserve your hotel room by January 22 in order to guarantee availability: http://fc09.ifca.ai/accommodation.html Financial Cryptography and Data Security is a major international forum for research, advanced development, education, exploration and debate regarding information assurance in the context of finance and commerce. We have assembled a vibrant program featuring 21 peer- reviewed research paper presentations, two panels (on the economics of information security and on authentication), and a keynote address by David Dagon. To view the complete program, visit: http://fc09.ifca.ai/program.html We look forward to seeing you in Barbados! Tyler Moore FC '09 General Chair ___ fc-announce mailing list fc-annou...@ifca.ai http://mail.ifca.ai/mailman/listinfo/fc-announce -- - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: The bank fraud blame game
Date: Tue, 3 Jul 2007 10:01:19 +0200 (CEST) From: Stefan Lucks [EMAIL PROTECTED] BTW, Peter, are you aware that your device looks similar to the one proposed in the context of the CAFE project? See http://citeseer.ist.psu.edu/48859.html This has been a more ambitious project, not just supporting secure banking applications at an insecure host PC, but rather a digital wallet. Nevertheless, it may be interesting to study why the project failed (or ended without follow-on projects). I have no quick answer to this question, but as much as I understand, the banks where just not interested in deploying such a device. I guess, it was much too expensive at that time. Instead, in Germany we got the Geldkarte, a simple and very cheap smartcard for payment purposes with neither a display nor a keyboard. The Geldkarte has been around us for about ten years, and, as far as I can tell, hardly any customer is interested in using it. There was a follow-up project called OPERA that implemented a user trial of the CAFE system on the premises of the European Commission in Brussels and two Greek banks in Athens (primarly with smart cards--the infrared wallets worked too but most users didn't have them). During the course of the CAFE project some commercial electronic purse systems emerged, notably Proton (from Banksys in Belgium, replicated in other counties under other names) and Mondex. These were in many ways less sophisticated than CAFE's system (which was multi-issuer, multi-currency, privacy-respecting, etc.) but had serious commercial backing. For the most part these seem to have stagnated or died. I suspect that getting them to catch on would require drastic measures such as: - differential pricing: electronic purse payments are potentially cheaper to process than those of debit cards because they are offline, but consumers find it more convenient to keep money in their bank account than on a smart card and will likely continue to do so as long as it costs no more. (This may become less of an issue if/when all vending machines and parking meters are on the internet anyway.) - coercion: if vending machines and parking meters accepted only electronic purses and not cash, this would drive their adoption. Something like this happened with phone cards--here in this part of the world it is difficult to find a pay phone that still takes coins (except a few at airports). Of course phone cards too have been somewhat obsoleted by ubiquitous cell phones (which might also make good electronic wallets--I believe NTT DoCoMo is/was taking this approach using FeliCa, but I haven't followed how it's doing.). Ray Hirschfeld former Technical Director, CAFE - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
[EMAIL PROTECTED]: [fc-announce] FC07: Preliminary program and call for participation]
From: Sven Dietrich [EMAIL PROTECTED] Subject: [fc-announce] FC07: Preliminary program and call for participation To: [EMAIL PROTECTED] Date: Mon, 8 Jan 2007 08:08:09 -0500 (EST) Dear Colleague, Please see below for the preliminary program and call for participation for Financial Cryptography and Data Security 2007. Please note the upcoming hotel and registration deadlines. See you in Tobago! - -- Sven Dietrich - [EMAIL PROTECTED] Program Chair, Financial Cryptography and Data Security 2007 http://fc07.ifca.ai/ Financial Cryptography and Data Security 2007 (FC07) PRELIMINARY PROGRAM CALL FOR PARTICIPATION Hilton Tobago Resort Lowlands, Scarborough, Trinidad/Tobago February 12-15, 2007 http://fc07.ifca.ai/ - -- Hotel Registration - -- The FC07 Hotel Reservation Deadline is THIS MONDAY, January 8. http://fc07.ifca.ai/accommodations.html Registration will open early next week. The deadline for early early registration rates is January 22. http://fc07.ifca.ai/registration.html - -- Preliminary Program - -- All events take place at the Hilton Tobago Resort unless otherwise noted. Sunday, February 11, 2007 5:00pm-7:00pm Registration reception poolside Hilton Tobago Resort Monday, February 12, 2007 7:30am-8:30am Breakfast and Registration 8:30am-8:45am Welcome, Minister of Finance (tentative) 8:45am-9:00am Conference opening, Conference Chairs 9:00am-10:00am Keynote Address Mike Bond Title: Leaving Room for the Bad Guys When designing a crypto protocol, or building a large security architecture, no competent designer ignores considering the bad guy, and anticipating his plans. But often we designers find ourselves striving to build totally secure systems and protocols -- in effect writing the bad guys entirely out of the equation. In a large system, when you exclude the bad guys, they soon muscle their way in elsewhere, and maybe in a new and worse way over which you may have much less control. A crypto protocol with no known weaknesses may be a strong tool, but when it does break, it will break in an unpredictable way. This talk explores the hypothesis that it is safer and better for designers to give the bad guys their cut, but to keep it small, and keep in control. It may not just be our systems but also our protocol building blocks that should be designed to make room for the bad guy to take his cut. The talk is illustrated with examples of very successful systems with known weaknesses, drawn primarily from the European EMV payment system, and banking security in general. We also discuss a few too secure systems that end up failing in worse ways as a result. 10:00am-10:30am Break 10:30am-12:00pm Technical Paper Session Payment Systems Vulnerabilities in First-Generation RFID-enabled Credit Cards, Thomas S. Heydt-Benjamin (University of Massachusetts Amherst, USA), Daniel V. Bailey (RSA Laboratories, USA), Kevin Fu (University of Massachusetts Amherst, USA), Ari Juels (RSA Laboratories, USA), and Tom O'Hare (Innealta, Inc.) Conditional E-Cash, Larry Shi and Bogdan Carbunar (Motorola Labs) and Radu Sion (Stony Brook University, USA) A Privacy-Protecting Multi-Coupon Scheme with Stronger Protection against Splitting, Liqun Chen (HP Laboratories), Alberto Escalante, Hans Loehr, Mark Manulis, and Ahmad-Reza Sadeghi (Horst Goertz Institute Bochum, Germany) 12:00pm-1:00pm Lunch 1:00pm-2:30pm Panel: RFID - yes or no, Moderator: TBD 2:30pm-3:00pm Break 3:00pm-4:00pm Technical Paper Session Anonymity A Model of Onion Routing with Provable Anonymity, Joan Feigenbaum (Yale University), Aaron Johnson (Yale University, USA), and Paul Syverson (Naval Research Laboratory, USA) K-Anonymous Multi-party Secret Handshakes, Shouhuai Xu (UTSA) and Moti Yung (RSA Laboratories and Columbia University, USA) 4:00pm Adjourn 6:00pm-9:00pm Reception Location: TBA Tuesday, February 13, 2007 7:30am-9:00am Breakfast 9:00am-10:30am Technical Paper Session Authentication Using a Personal Device to Strengthen Password Authentication from an Untrusted Computer, Mohammad Mannan and Paul C. van Oorschot (Carleton University, Canada) Scalable Authenticated Tree Based Group Key Exchange for Ad-Hoc Groups, Yvo Desmedt (University College London, UK), Tanja Lange (Eindhoven University of Technology, Netherlands) and Mike Burmester (Florida State University, USA) On Authentication with HMAC and Non-Random Properties, Christian Rechberger and Vincent Rijmen (Graz University of Technology, Austria) 10:30am-11:00am Break 11:00am-12:00pm Technical Paper Session Anonymity and Privacy Hidden Identity-Based Signatures, Aggelos Kiayias and Hong-Sheng Zhou (University of
[EMAIL PROTECTED]: [fc-announce] Usable Security--Prelim Program--Jan 8 Hotel Deadline]
From: Rachna Dhamija [EMAIL PROTECTED] Subject: [fc-announce] Usable Security--Prelim Program--Jan 8 Hotel Deadline To: [EMAIL PROTECTED] Date: Fri, 5 Jan 2007 11:45:31 -0800 Below is the preliminary program for Usable Security, a workshop that will be held in conjunction with FC07. Note that the hotel reservation deadline is this Monday. Hope to see you in Tobago in February! Rachna Dhamija USEC'07 Program Chair USABLE SECURITY 2007 PRELIMINARY PROGRAM CALL FOR PARTICIPATION February 15-16, 2007 https://www.usablesecurity.org Hotel Registration The FC/USEC Hotel Reservation Deadline is THIS MONDAY, January 8. http://fc07.ifca.ai/accommodations.html Registration will open early next week. The deadline for early early registration rates is January 22. https://usablesecurity.org/registration.html Preliminary Program Thursday, February 15, 2007 12PM - Close of FC'07 1:30PM - Full Paper Session 1 * An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks Collin Jackson (Stanford University) Dan Simon (Microsoft Research) Desney Tan (Microsoft Research) Adam Barth (Stanford University) * WSKE: Web Server Key Enabled Cookies Chris Masone (Dartmouth College) Kwang-Hyun Baek (Dartmouth College) Sean Smith (Dartmouth College) 3:30PM - Panel The Future of Phishing Moderator: Ross Anderson (University of Cambridge) 6PM - USEC Reception Friday, February 16, 2007 9:00AM - Full Paper Session 2 * Usability Analysis of Secure Pairing Methods Ersin Uzun (University of California, Irvine and Nokia Research Center Helsinki) Kristiina Karvonen (Helsinki University of Technology) N. Asokan (Helsinki University of Technology and Nokia Research Center Helsinki) * Low-cost Manufacturing, Usability, and Security: An Analysis of Bluetooth Simple Pairing and Wi-Fi Protected Setup Cynthia Kuo (Carnegie Mellon University) Jesse Walker (Intel Corporation) Adrian Perrig (Carnegie Mellon University) * Empirical Studies on Software Notices to Inform Policy Makers and Usability Designers Jens Grossklags (University of California, Berkeley) Nathan Good (University of California, Berkeley) 11AM - Demo * Prime III: Where Usable Security and Electronic Voting Meet Philicity Williams, E. Vincent Cross, II, Idongesit Mkpong- Ruffin, Yolanda McMillian, Kathryn Nobles, Priyanka Gupta, and Juan E. Gilbert (Auburn University) 1PM - Panel * Building Trusted Systems: Does Trusting Computing Enable Trusted Systems? Moderator: Raquel Hill (Indiana University) 3PM - Work-in-Progress (WIP) Papers Session Program Committee Ross Anderson, University of Cambridge Steven Bellovin, Columbia University Rachna Dhamija, Harvard University (Program Chair) Dan Boneh, Stanford University Simson Garfinkel, Harvard University Raquel Hill, Indiana University Jason Hong, Carnegie Mellon University Burt Kaliski, RSA Security and RSA Laboratories Robert Miller, Massachusetts Institute of Technology Andrew Patrick, National Research Council Canada Angela Sasse, University College London Dan Schutzer, Financial Services Technology Consortium Sean Smith, Dartmouth College J. D. Tygar, U.C. Berkeley Paul van Oorschot, Carleton University Tara Whalen, Dalhousie University Ka-Ping Yee, U.C. Berkeley ___ fc-announce mailing list [EMAIL PROTECTED] http://mail.ifca.ai/mailman/listinfo/fc-announce -- - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
[EMAIL PROTECTED]: [fc-announce] USEC'07 CFP Extended Deadline (Nov 12)]
From: Rachna Dhamija [EMAIL PROTECTED] Subject: [fc-announce] USEC'07 CFP Extended Deadline (Nov 12) To: [EMAIL PROTECTED] Date: Mon, 30 Oct 2006 15:34:40 -0800 Please note that the USEC'07 submission deadline has been extended from November 5 to November 12. This workshop will be co-located with Financial Cryptography and Data Security (FC'07). Please notify your colleagues of the new deadline, and encourage them to make a submission. - -- FINAL CALL FOR PAPERS Usable Security (USEC'07) http://www.usablesecurity.org/ February 15-16, 2007 Lowlands, Scarborough, Trinidad/Tobago A workshop co-located with The Eleventh Conference on Financial Cryptography and Data Security (FC'07) Submissions Due Date EXTENDED: November 12, 2006, 11:59pm, PST Some of the most challenging problems in designing and maintaining secure systems involve human factors. A great deal remains to be understood about users' capabilities and motivations to perform security tasks. Usability problems have been at the root of many widely reported security failures in high-stakes financial, commercial and voting applications. USEC'07 seeks submissions of novel research from academia and industry on all theoretical and practical aspects of usable security in the context of finance and commerce. The workshop will bring together an interdisciplinary group of researchers and practitioners, allowing experts in human-computer interaction, cryptography, data security and public policy to explore emerging problems and solutions. ==Organizers== Program Chair: Rachna Dhamija, Harvard University Program Committee: Ross Anderson, University of Cambridge Steven Bellovin, Columbia University Dan Boneh, Stanford University Simson Garfinkel, Harvard University Raquel Hill, Indiana University Jason Hong, Carnegie Mellon University Burt Kaliski, RSA Security and RSA Laboratories Robert Miller, Massachusetts Institute of Technology Andrew Patrick, National Research Council Canada Angela Sasse, University College London Dan Schutzer, Financial Services Technology Consortium Sean Smith, Dartmouth College J. D. Tygar, U.C. Berkeley Paul van Oorschot, Carleton University Ka-Ping Yee, U.C. Berkeley Tara Whalen, Dalhousie University General Chair: Stuart Schechter, MIT Lincoln Laboratory ==Submission Categories== USEC'07 invites submissions in three categories: (1) research papers, (2) abstracts and demos, and (3) working sessions. For all accepted submissions, at least one author must attend the conference and present the work. Research Papers Submitted papers must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. Research paper submissions should be at most 12 pages, excluding bibliography and appendices (appendices may include usability study materials and data). Accepted submissions will appear both in a pre-proceedings, available at the workshop, and in a formal proceedings. After receiving feedback from the workshop, authors will have the opportunity to revise their papers before submitting a camera-ready draft for the final proceedings. Abstracts and Demos Submissions in this category should consist of a short summary of work (1-3 pages in length) to be reviewed by the Program Committee, along with a short biography of the presenters. Accepted submissions will be presented at the conference, and a one-page abstract will be published in the conference proceedings. Where appropriate, software or hardware demonstrations are encouraged as part of the presentations in these sessions. Working Sessions We are soliciting topics for working sessions at the intersection of usability, security, finance and commerce. Working sessions will explore topics in depth with significant participation from audience members. Proposals for working sessions should include the proposed topic, format (e.g., panel of invited experts, moderated discussion session, design exercises), prospective participants, time required and a plan for engaging participation from audience members. ==Important Dates== Paper Submission: November 12, 2006 Author Notification: December 15, 2006 Camera-ready for Pre-Proceedings: January 31, 2007 FC'07 Dates: February 12-15, 2007 USEC'07 Dates: February 15-16, 2007 Camera-ready for Final Proceedings: March 15, 2007 ___ fc-announce mailing list [EMAIL PROTECTED] http://mail.ifca.ai/mailman/listinfo/fc-announce -- - The Cryptography Mailing List
[EMAIL PROTECTED]: [fc-announce] CFP EXTENDED DEADLINE (Oct 16): Financial Cryptography 2007, Feb 12-15, 2007, Tobago]
From: Sven Dietrich [EMAIL PROTECTED] Subject: [fc-announce] CFP EXTENDED DEADLINE (Oct 16): Financial Cryptography 2007, Feb 12-15, 2007, Tobago Date: Fri, 6 Oct 2006 16:36:36 -0400 (EDT) Dear Colleague, by popular request, the deadline has been extended to Oct 16, 2006. Please inform your students and colleagues of this new deadline and encourage them to submit given this extra time. Regards, Sven - -- Sven Dietrich - [EMAIL PROTECTED] Program Chair, Financial Cryptography and Data Security 2007 http://fc07.ifca.ai/ - --- Final Call for Papers FC'07: Financial Cryptography and Data Security http://fc07.ifca.ai/ Eleventh International Conference February 12-15, 2007 Lowlands, Scarborough, Trinidad and Tobago Submissions Due Date (EXTENDED): October 16, 2006, 11:59pm, EDT (UTC-4) Program Chair: Sven Dietrich (Carnegie Mellon University) General Chair: Rafael Hirschfeld (Unipay) At its 11th year edition, Financial Cryptography and Data Security (FC'07) is a well established and major international forum for research, advanced development, education, exploration, and debate regarding security in the context of finance and commerce. We will continue last year's augmentation of the conference title and expansion of our scope to cover all aspects of securing transactions and systems. These aspects include a range of technical areas such as: cryptography, payment systems, secure transaction architectures, software systems and tools, fraud prevention, secure IT infrastructure, and analysis methodologies. Our focus will also encompass financial, legal, business, and policy aspects. Material both on theoretical (fundamental) aspects of securing systems,and on secure applications and real-world deployments will be considered. The conference goal is to bring together top cryptographers, data-security specialists, and computer scientists with economists, bankers, implementers, and policy makers. Intimate and colorful by tradition, the FC'07 program will feature invited talks, academic presentations, technical demonstrations, and panel discussions. This conference is organized annually by the International Financial Cryptography Association (IFCA). Original papers, surveys, and presentations on all aspects of financial and commerce security are invited. Submissions must have a strong and visible bearing on financial and commerce security issues, but can be interdisciplinary in nature and need not be exclusively concerned with cryptography or security. Possible topics for submission to the various sessions include, but are not limited to: Anonymity and Privacy Auctions Audit and Auditability Authentication and Identification, including Biometrics Certification and Authorization Commercial Cryptographic Applications Commercial Transactions and Contracts Digital Cash and Payment Systems Digital Incentive and Loyalty Systems Digital Rights Management Financial Regulation and Reporting Fraud Detection Game Theoretic Approaches to Security Identity Theft, Phishing and Social Engineering Infrastructure Design Legal and Regulatory Issues Microfinance and Micropayments Monitoring, Management and Operations Reputation Systems RFID-Based and Contactless Payment Systems Risk Assessment and Management Secure Banking and Financial Web Services Securing Emerging Computational Paradigms Security and Risk Perceptions and Judgments Security Economics Smart Cards and Secure Tokens Trust Management Trustability and Trustworthiness Underground-Market Economics Virtual Economies Voting system security For those interested, last year's proceedings are available from Springer. Submission Instructions Submission Categories FC'07 is inviting submissions in four categories: (1) research papers, (2) systems and applications presentations, (3) panel sessions, (4) surveys. For all accepted submissions, at least one author must attend the conference and present the work. Research Papers Research papers should describe novel scientific contributions to the field, and they will be subject to rigorous peer review. Accepted submissions will be included in the conference proceedings to be published in the Springer-Verlag Lecture Notes in Computer Science (LNCS) series after the conference, so the submissions must be formatted in the standard LNCS format (15 page limit). Systems and Application Presentations Submissions in this category should describe novel or successful systems with an emphasis on secure digital commerce applications. Presentations may concern commercial systems, academic prototypes, or open-source projects for any of the topics listed above. Where appropriate, software or hardware demonstrations are encouraged as part of the presentations in these sessions. Submissions in this category should consist of a short summary of the work (1-6 pages in length) to be reviewed by the Program Committee, along with a short biography of the presenters. Accepted submissions
[EMAIL PROTECTED]: [fc-announce] CFP: Financial Cryptography 2007, Feb 12-15, 2007, Tobago (submission deadline Oct 9, 2006)]
From: Sven Dietrich [EMAIL PROTECTED] Subject: [fc-announce] CFP: Financial Cryptography 2007, Feb 12-15, 2007, Tobago (submission deadline Oct 9, 2006) To: [EMAIL PROTECTED] Date: Tue, 12 Sep 2006 17:11:33 -0400 (EDT) Dear Colleague, please find below the call for papers for Financial Cryptography 2007, Feb 12-15, 2007.. The online paper submission service is now active. Please visit http://fc07.ifca.ai/ for more details. Best regards, Sven Dietrich Program Chair, FC 2007 - --- Call for Papers FC'07: Financial Cryptography and Data Security http://fc07.ifca.ai/ Eleventh International Conference February 12-15, 2007 Lowlands, Scarborough, Trinidad and Tobago Submissions Due Date: October 9, 2006, 11:59pm, EDT (UTC-4) Program Chair: Sven Dietrich (Carnegie Mellon University) General Chair: Rafael Hirschfeld (Unipay) At its 11th year edition, Financial Cryptography and Data Security (FC'07) is a well established and major international forum for research, advanced development, education, exploration, and debate regarding security in the context of finance and commerce. We will continue last year's augmentation of the conference title and expansion of our scope to cover all aspects of securing transactions and systems. These aspects include a range of technical areas such as: cryptography, payment systems, secure transaction architectures, software systems and tools, fraud prevention, secure IT infrastructure, and analysis methodologies. Our focus will also encompass financial, legal, business, and policy aspects. Material both on theoretical (fundamental) aspects of securing systems,and on secure applications and real-world deployments will be considered. The conference goal is to bring together top cryptographers, data-security specialists, and computer scientists with economists, bankers, implementers, and policy makers. Intimate and colorful by tradition, the FC'07 program will feature invited talks, academic presentations, technical demonstrations, and panel discussions. This conference is organized annually by the International Financial Cryptography Association (IFCA). Original papers, surveys, and presentations on all aspects of financial and commerce security are invited. Submissions must have a strong and visible bearing on financial and commerce security issues, but can be interdisciplinary in nature and need not be exclusively concerned with cryptography or security. Possible topics for submission to the various sessions include, but are not limited to: Anonymity and Privacy Auctions Audit and Auditability Authentication and Identification, including Biometrics Certification and Authorization Commercial Cryptographic Applications Commercial Transactions and Contracts Digital Cash and Payment Systems Digital Incentive and Loyalty Systems Digital Rights Management Financial Regulation and Reporting Fraud Detection Game Theoretic Approaches to Security Identity Theft, Phishing and Social Engineering Infrastructure Design Legal and Regulatory Issues Microfinance and Micropayments Monitoring, Management and Operations Reputation Systems RFID-Based and Contactless Payment Systems Risk Assessment and Management Secure Banking and Financial Web Services Securing Emerging Computational Paradigms Security and Risk Perceptions and Judgments Security Economics Smart Cards and Secure Tokens Trust Management Trustability and Trustworthiness Underground-Market Economics Virtual Economies Voting system security For those interested, last year's proceedings are available from Springer. Submission Instructions Submission Categories FC'07 is inviting submissions in four categories: (1) research papers, (2) systems and applications presentations, (3) panel sessions, (4) surveys. For all accepted submissions, at least one author must attend the conference and present the work. Research Papers Research papers should describe novel scientific contributions to the field, and they will be subject to rigorous peer review. Accepted submissions will be included in the conference proceedings to be published in the Springer-Verlag Lecture Notes in Computer Science (LNCS) series after the conference, so the submissions must be formatted in the standard LNCS format (15 page limit). Systems and Application Presentations Submissions in this category should describe novel or successful systems with an emphasis on secure digital commerce applications. Presentations may concern commercial systems, academic prototypes, or open-source projects for any of the topics listed above. Where appropriate, software or hardware demonstrations are encouraged as part of the presentations in these sessions. Submissions in this category should consist of a short summary of the work (1-6 pages in length) to be reviewed by the Program Committee, along with a short biography of the presenters. Accepted submissions will be presented at the conference (25 minutes per
[EMAIL PROTECTED]: [fc-announce] CFP: Usable Security (USEC'07)]
From: Rachna Dhamija [EMAIL PROTECTED] Subject: [fc-announce] CFP: Usable Security (USEC'07) To: [EMAIL PROTECTED] Date: Fri, 25 Aug 2006 10:55:05 -0400 This workshop will be held in conjunction with Financial Cryptography and Data Security '07. We encourage you to participate and to circulate this CFP to those who may be interested. FIRST CALL FOR PAPERS Usable Security (USEC'07) http://www.usablesecurity.org/ February 15-16, 2007 Lowlands, Scarborough, Trinidad/Tobago A workshop co-located with The Eleventh Conference on Financial Cryptography and Data Security (FC'07) Submissions Due Date: November 5, 2006, 11:59pm, PST Some of the most challenging problems in designing and maintaining secure systems involve human factors. A great deal remains to be understood about users' capabilities and motivations to perform security tasks. Usability problems have been at the root of many widely reported security failures in high-stakes financial, commercial and voting applications. USEC'07 seeks submissions of novel research from academia and industry on all theoretical and practical aspects of usable security in the context of finance and commerce. The workshop will bring together an interdisciplinary group of researchers and practitioners, allowing experts in human-computer interaction, cryptography, data security and public policy to explore emerging problems and solutions. ==Organizers== Program Chair: Rachna Dhamija, Harvard University Program Committee (not complete): Steven Bellovin, Columbia University Dan Boneh, Stanford University Simson Garfinkel, Harvard University Raquel Hill, Indiana University Jason Hong, Carnegie Mellon University Burt Kaliski, RSA Security and RSA Laboratories Robert Miller, Massachusetts Institute of Technology Andrew Patrick, National Research Council Canada Angela Sasse, University College London Dan Schutzer, Financial Services Technology Consortium Sean Smith, Dartmouth College J. D. Tygar, U.C. Berkeley Paul van Oorschot, Carleton University Ka-Ping Yee, U.C. Berkeley General Chair: Stuart Schechter, MIT Lincoln Laboratory ==Submission Categories== USEC'07 invites submissions in three categories: (1) research papers, (2) abstracts and demos, and (3) working sessions. For all accepted submissions, at least one author must attend the conference and present the work. Research Papers Submitted papers must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. Research paper submissions should be at most 12 pages, excluding bibliography and appendices (appendices may include usability study materials and data). Accepted submissions will appear both in a pre-proceedings, available at the workshop, and in a formal proceedings. After receiving feedback from the workshop, authors will have the opportunity to revise their papers before submitting a camera-ready draft for the final proceedings. Abstracts and Demos Submissions in this category should consist of a short summary of work (1-3 pages in length) to be reviewed by the Program Committee, along with a short biography of the presenters. Accepted submissions will be presented at the conference, and a one-page abstract will be published in the conference proceedings. Where appropriate, software or hardware demonstrations are encouraged as part of the presentations in these sessions. Working Sessions We are soliciting topics for working sessions at the intersection of usability, security, finance and commerce. Working sessions will explore topics in depth with significant paricipation from audience members. Proposals for working sessions should include the proposed topic, format (e.g., panel of invited experts, moderated discussion session, design exercises), prospective participants, time required and a plan for engaging participation from audience members. ==Important Dates== Paper Submission: November 5, 2006 Author Notification: December 15, 2006 Camera-ready for Pre-Proceedings: January 31, 2007 FC'07 Dates: February 12-15, 2007 USEC'07 Dates: February 15-16, 2007 Camera-ready for Final Proceedings: March 15, 2007 ___ fc-announce mailing list [EMAIL PROTECTED] http://mail.ifca.ai/mailman/listinfo/fc-announce -- - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
[EMAIL PROTECTED]: [fc-announce] Financial Cryptography 2007 Call for Papers]
From: Sven Dietrich [EMAIL PROTECTED] Subject: [fc-announce] Financial Cryptography 2007 Call for Papers To: [EMAIL PROTECTED] Date: Fri, 28 Jul 2006 11:41:39 -0400 (EDT) Dear Colleague, please find below the first Call for Papers for FC'07. Best regards, Sven Dietrich - -- Dr. Sven DietrichCERT Research - Software Engineering Institute [EMAIL PROTECTED] 4500 Fifth Ave, Pittsburgh, PA 15213, USA Tel: +1-412-268-7711 Fax: +1-412-268-6989 PGPkeyID: 0x04185247 - -- First Call for Papers FC'07: Financial Cryptography and Data Security http://fc07.ifca.ai/ Eleventh International Conference February 12-15, 2007 Lowlands, Scarborough, Trinidad and Tobago Submissions Due Date: October 9, 2006, 11:59pm, EDT (UTC-4) Program Chair: Sven Dietrich (Carnegie Mellon University) General Chair: Rafael Hirschfeld (Unipay) At its 11th year edition, Financial Cryptography and Data Security (FC'07) is a well established and major international forum for research, advanced development, education, exploration, and debate regarding security in the context of finance and commerce. We will continue last year's augmentation of the conference title and expansion of our scope to cover all aspects of securing transactions and systems. These aspects include a range of technical areas such as: cryptography, payment systems, secure transaction architectures, software systems and tools, fraud prevention, secure IT infrastructure, and analysis methodologies. Our focus will also encompass financial, legal, business, and policy aspects. Material both on theoretical (fundamental) aspects of securing systems,and on secure applications and real-world deployments will be considered. The conference goal is to bring together top cryptographers, data-security specialists, and computer scientists with economists, bankers, implementers, and policy makers. Intimate and colorful by tradition, the FC'07 program will feature invited talks, academic presentations, technical demonstrations, and panel discussions. This conference is organized annually by the International Financial Cryptography Association (IFCA). Original papers, surveys, and presentations on all aspects of financial and commerce security are invited. Submissions must have a strong and visible bearing on financial and commerce security issues, but can be interdisciplinary in nature and need not be exclusively concerned with cryptography or security. Possible topics for submission to the various sessions include, but are not limited to: Anonymity and Privacy Auctions Audit and Auditability Authentication and Identification, including Biometrics Certification and Authorization Commercial Cryptographic Applications Commercial Transactions and Contracts Digital Cash and Payment Systems Digital Incentive and Loyalty Systems Digital Rights Management Financial Regulation and Reporting Fraud Detection Game Theoretic Approaches to Security Identity Theft, Physhing and Social Engineering Infrastructure Design Legal and Regulatory Issues Microfinance and Micropayments Monitoring, Management and Operations Reputation Systems RFID-Based and Contactless Payment Systems Risk Assessment and Management Secure Banking and Financial Web Services Securing Emerging Computational Paradigms Security and Risk Perceptions and Judgments Security Economics Smart Cards and Secure Tokens Trust Management Trustability and Trustworthiness Underground-Market Economics Virtual Economies Voting system security For those interested, last year's proceedings are available from Springer. Submission Instructions Submission Categories FC'07 is inviting submissions in four categories: (1) research papers, (2) systems and applications presentations, (3) panel sessions, (4) surveys. For all accepted submissions, at least one author must attend the conference and present the work. Research Papers Research papers should describe novel scientific contributions to the field, and they will be subject to rigorous peer review. Accepted submissions will be included in the conference proceedings to be published in the Springer-Verlag Lecture Notes in Computer Science (LNCS) series after the conference, so the submissions must be formatted in the standard LNCS format (15 page limit). Systems and Application Presentations Submissions in this category should describe novel or successful systems with an emphasis on secure digital commerce applications. Presentations may concern commercial systems, academic prototypes, or open-source projects for any of the topics listed above. Where appropriate, software or hardware demonstrations are encouraged as part of the presentations in these sessions. Submissions in this category should consist of a short summary of the work (1-6 pages in length) to be reviewed by the Program Committee, along with a short biography of the presenters. Accepted submissions will be presented at the conference (25 minutes
[EMAIL PROTECTED]: Fwd: Re: Any idea of who could help? Thanks!]
From: Tommy Poggio [EMAIL PROTECTED] Subject: Fwd: Re: Any idea of who could help? Thanks! Date: Tue, 28 Mar 2006 16:42:53 -0500 This is a question from a Globe reporter...anybody with useful pointers to relevant experts/people? thanks! t 03/27/2006 04:23:13 PM Dear Tommy -- I am wondering if you know anyone who might be able to help me with this? I wrote a while ago about a fascinating project focussed on deciphering the Incan khipu (see below). The basic idea is that they are collections of knots used in the Incan empire to record information. It is known that some of them contain numbers, perhaps recording census data or tax information for the empire. But some believe that the knots records language -- perhaps histories or other narratives. Cracking this code would be hugely important, not to mention interesting, because it would open up the still very mysterious Incan empire the same way that ancient Egypt has been opened up. All this is a rather long-winded prelude to my question, which is whether there are people out there who are working on computational techniques to decipher ancient scripts, not necessarily the khipu problem. I am thinking of doing a story on this. Any thoughts or leads at all would be most appreciated. It would even be a help to talk to someone who has done cryptography who could explain how the ancient scripts problem would be similar to, and different from, the problem of cracking a present-day encryption scheme. Let me know if you have any thoughts. Best, Gareth SCHOLAR SEES STRANDS OF ANCIENT SECRETS Author: By Gareth Cook, Globe Staff Date: 07/04/2003 Page: A1 Section: National/Foreign CAMBRIDGE - For centuries, the mighty Incan empire has confounded researchers. The Incas controlled territory up and down the spine of South America, with a sophisticated system of tributes and distribution that kept millions fed through the seasons. They built irrigation systems and stone temples in the clouds. And yet they had no writing. For scholars, this has been like trying to imagine how the Romans could have administered their vast empire without written Latin. Now, after more than a decade of fieldwork and research, a professor at Harvard University believes he has uncovered a language of binary code recorded in knotted strings - a writing system unlike virtually any other. The strings are found on khipus, ancient Incan objects that look something like mops. About 600 khipus (also spelled quipu) survive in museums and private collections, and archeologists have long known that the elaborately knotted strings of some khipus recorded numbers like an abacus. Harvard's Gary Urton said the khipus contain a wealth of overlooked information hidden in their construction details, like the way the knots are tied - and that these could be the building blocks of a lost writing system which records the history, myths, and poetry of the Incas. The theory has Incan scholars abuzz. The discovery of true Incan writing would revolutionize their field the same way that deciphering the Egyptian hieroglyphics or Mayan glyphs lifted a veil from those civilizations. But it also has broader interest because the khipus could constitute what is, to Western eyes, a very unorthodox writing system, using knots and strings in three dimensions instead of markings on a flat expanse of paper, clay, or stone. What makes this work so interesting is that what is being expressed is being conceptualized in such a different way than we conceptualize, said Sabine MacCormack, a historian of the Romans and the Incas who is a professor at the University of Notre Dame. This is about an expression of the human mind, the likes of which we don't have elsewhere. The only way to prove Urton's theory correct would be to translate the khipus, which no one has yet done. In his new book, he proposes a new method for transcribing the knotted strings which he believes could lead to breakthroughs. And his work, funded in part by a genius grant from the MacArthur Foundation, has helped fuel a resurgence of scholarly interest in khipus. Later this month, the Chilean Museum of Pre-Columbian Art in Santiago is opening the world's first exhibit dedicated to the khipu. We are on the cusp of a very hot period, said Frank Salomon, a professor of anthropology at the University of Wisconsin who has studied khipus extensively. The khipu mystery dates to the early 16th century, when the Incas were conquered by Francisco Pizarro and the Spanish set about destroying their culture. The missionaries sent to South America tried to eliminate all touches of the old gods, including the strange stringed textiles that the Incas said held their histories. The Spanish chroniclers often exaggerated, but they did record histories of
[EMAIL PROTECTED]: Financial Cryptography and Data Security '06 - Call for Participation]
From: Patrick McDaniel [EMAIL PROTECTED] Subject: Financial Cryptography and Data Security '06 - Call for Participation To: [EMAIL PROTECTED] Date: Mon, 30 Jan 2006 08:51:58 -0500 Financial Cryptography and Data Security '06 February 2nd -- March 2nd, 2006 Anguilla, British West Indies http://fc06.ifca.ai EARLY REGISTRATION DATE: FEB 3, 2006 *** Call for Participation and Program *** At its 10th year edition, Financial Cryptography and Data Security (FC'06) is a well established and major international forum for research, advanced development, education, exploration, and debate regarding security in the context of finance and commerce. Kicking off this the 10th year festivities is our Keynote Address by the renowned cryptographer Ron Rivest. One of the most influential figures in cryptography, Ron will review some of his past predictions and lessons learned over the last 10 years, and prognosticate directions for the next decade. The conference will also feature an invited talk by Michael Froomkin, Are We All Cypherpunks Yet?, about the current legal landscape of Financial Cryptography. Registration for Financial Cryptography 2006 is now open; details and online registration can be found at http://fc06.ifca.ai along with information about discounted hotel accommodation and travel. Financial Cryptography is organized by the International Financial Cryptography Association (IFCA). More information can be obtained from the IFCA web site at http://www.ifca.ai or by contacting the conference general chair, Patrick McDaniel, at [EMAIL PROTECTED] ** Invited Speakers ** Ron Rivest (Keynote) Michael Froomkin ** Panels ** Ten Years of Financial Cryptography, Moderator: Moti Young Identity Management, Moderator: Frank Trotter ** Main Conference Program ** Authentication and Fraud Detection Authentication and Fraud Detection Phoolproof phishing prevention, Bryan Parno and Cynthia Kuo and Adrian Perrig (Carnegie Mellon University) A Protocol For Secure Public Instant Messaging, Mohammad Mannan and Paul C. van Oorschot (School of Computer Science, Carleton University, Canada) Using Automated Banking Certificates to Detect Unauthorized Financial Transactions, C. Corzo, F. Corzo S., N. Zhang, and A. Carpenter (University of Manchester) Privacy Privacy in encrypted content distribution using private broadcast encryption, Adam Barth and Dan Boneh (Stanford University) and Brent Waters (SRI International) A Private Stable Matching Algorithm, Philippe Golle (Palo Alto Research Center) Private Policy Negotiation, Klaus Kursawe and Gregory Neven (Katholieke Universiteit Leuven) and Pim Tuyls (Philips Research Eindhoven) Reputation and Mix-Nets Uncheatable Reputation for Distributed Computation Markets, Bogdan Carbunar (Purdue University) and Radu Sion (Stony Brook University) An Efficient Publicly Verifiable Mix-net for Long Inputs, Jun Furukawa and Kazue Sako (NEC Corporation, Japan) Auditable Privacy: On Tamper-evident Mix Networks, Jong Youl Choi (Indiana University at Bloomington) and Philippe Golle (Palo Alto Research Center) and Markus Jakobsson (Indiana University at Bloomington) Conditional Financial Cryptography A Generic Construction for Token-Controlled Public Key Encryption, David Galindo (Radboud University Nijmegen) and Javier Herranz (INRIA Futurs-Laboratoire d'Informatique (LIX)) Authenticated Key-Insulated Public-Key Encryption and Time-Release Cryptography, Jung Hee Cheon (Dept. of Mathematics, Seoul National Univ., Korea) and Nick Hopper and Yongdae Kim and Osipkov (Dept. of Computer Science and Eng., University of Minnesota-Twin Cities) Conditional Encrypted Mapping and Comparing Encrypted Numbers, Ian F. Blake (Dept. ECE University of Toronto) and Vladimir Kolesnikov (Dept. Comp. Sci. University of Toronto) Revisiting Oblivious Signature-Based Envelopes: New Constructs and Properties, Samad Nasserian (RWTH Aachen University) and Gene Tsudik (University of California, Irvine) Payment Systems Provably Secure Electronic Cash based on Blind Multisignature Schemes, Yoshikazu Hanatani (The University of Electro-Comunications) and Yuichi Komano (Toshiba Corporation) and Kazuo Ohta (The University of Electro-Comunications) and Noboru Kunihiro (The University of Electro-Comunications) Efficient Provably Secure Restrictive Partially Blind Signatures from Bilinear Pairings, Xiaofeng Chen and Fangguo Zhang (Sun Yat-sen University, China) and Yi Mu and Willy Susilo (University of Wollongong, Australia) Privacy-Protecting Coupon System Revisited, Lan
[EMAIL PROTECTED]: CARDIS'2006 Call for Papers]
From: Josep Domingo [EMAIL PROTECTED] Subject: CARDIS'2006 Call for Papers To: Josep Domingo [EMAIL PROTECTED] Date: Wed, 16 Feb 2005 18:29:37 +0100 (MET) Apologies for cross-posting. Please disseminate to potential contributors. === *** CFP CARDIS 2006 + CFP CARDIS 2006 + CFP CARDIS 2006 + CFP*** - -- CARDIS'06 - Tarragona, Catalonia, SpainApril 19-21, 2006 The 7th Smart Card Research and Advanced Application IFIP Conference, organized by IFIP Working Groups WG 8.8 and WG 11.2 and sponsored by IEEE Spain Section, will be held in Tarragona, Catalonia, Spain, April 19-21, 2006. Since 1994, CARDIS is the foremost international conference dedicated to Smart Card research and application. Every two years the scientific community congregates to present new ideas and to discuss recent developments. Also 2006, thirty eight years after Jürgen Dethloff and Helmut Grötrupp filed their idea of incorporating an integrated circuit in an identification card, CARDIS'06 will bring together leading researchers and practitioners in the development and deployment of state of the art Smart Card technologies. The fast evolutionary process in the field of Information Security requires an adequate means to represent the human in the process of human-machine interaction. Smart Cards, or, by extension, smart devices with their processing power and their direct correlation to the user are considered to be the first choice. In rather young and new realms, such as Pervasive Computing, smart cards and devices face new challenges. Today, the capabilities of smart cards and devices with their highly advanced specialized security features reach far beyond. They are the basis for many secure systems and play a decisive role in ID management. Established computer science areas, like hardware design, operating systems, modeling systems, cryptography or distributed systems have adapted to this fast growing technology and yield new application ranges and investigate emerging challenges for these domains. Unlike events devoted to commercial and application aspects of Smart Cards, CARDIS conferences gather researchers and technologists who are focused in all aspects of the design, development, deployment, validation and application of Smart Cards or smart personal devices. - -- Conference Scope - -- The program committee seeks papers describing the design, development, application, and validation of Smart Card technologies. Submissions across a broad range of Smart Card development phases are encouraged, from exploratory research and proof-of-concept studies to practical application and deployment of Smart Card technology. Topics of interest include, but are not limited to: * Smart Device, Person Representation and Ambient Intelligence * Smart Device, Identity, Privacy and Trust * Smart Card (Smart Device) and Applications in the Internet, WLAN, DRM, ... * Smart Card and Smart Device software (OS, VM, API) * High-level data model and management (On-card data sharing schemes) * (Distributed) Application development and deployment * From Smart Card to Smart Device (hardware, form factor, display) * Biometrics and Smart Cards * High-speed, small-footprint encryption * Cryptographic protocols for Smart Cards (and Smart Devices) * Attacks and countermeasures in hardware and software * Hardware, software and service (application) validation and certification * Formal Modeling * Security of RFID systems * Interplay of TPMs and Smartcards - - Important Dates - - Abstract submission 9 October 2005 Full Paper submission16 October 2005 Notification to authors 30 November 2005 Camera-ready 15 January 2006 Conference 19-21 April 2006 - --- Instructions for Paper Submission - --- Submitted papers should represent novel contributions related to the topics listed above. They must be original, unpublished, and not submitted to another conference or journal for consideration of publication. Papers must be written in English; they should not exceed 16 pages in total. When appropriate, authors should arrange for a release for publication from their employer prior to submission. Papers accompanied by non-disclosure agreement forms will not be accepted. Accepted papers will be presented at the conference and published in the proceedings, which will appear in Springer's Lecture Notes in Computer Science and will be available at the conference. At least one author of each accepted paper is required to register with the conference and present the paper. Abstracts and papers must be submitted in electronic form using the conference tool setup for this conference (see submission section on www.cardis.org). To submit a paper,
[EMAIL PROTECTED]: [fc-announce] FC'05 - Registration Now Open]
From: Stuart E. Schechter [EMAIL PROTECTED] Subject: [fc-announce] FC'05 - Registration Now Open To: [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Wed, 12 Jan 2005 21:29:22 -0500 Registration now open at http://www.ifca.ai/fc05/registration.html Call for Participation Financial Cryptography and Data Security February 28 - March 3, 2005 Roseau, Dominica http://www.ifca.ai/fc05 * Registration is now open * Financial Cryptography and Data Security (FC'05) is the premier international forum for research, advanced development, education, exploration, and debate regarding security in the context of finance and commerce. We have augmented our conference title and expanded our scope to cover all aspects of securing transactions and systems. These aspects include a range of technical areas such as: cryptography, payment systems, secure transaction architectures, software systems and tools, user and operator interfaces, fraud prevention, secure IT infrastructure, and analysis methodologies. FC'05 brings together top cryptographers, data-security specialists, and scientists with economists, bankers, implementers, and policy makers. Intimate and colorful by tradition, the FC'05 program will features invited talks (to be announced), academic presentations, technical demonstrations, and panel discussions. This conference is organized annually by the International Financial Cryptography Association (IFCA). Keynote Speakers Lynne Coventry (NCR) Usable Security: A conundrum? Bezalel Gavish (Southern Methodist University) Trust and Swindling on the Internet Panel Sessions == Financial Technology in the Developing World Allan Friedman (Harvard) - Organizer Alessandro Acquisti (CMU) H William Burdett, Jr. (Foley Lardner, LLP) Jon Peha (CMU) Phishing Steve Myers (Indiana University) - Organizer Drew Dean (SRI) Stuart Stubblebine (Stubblebine Research Labs) Richard Clayton (Cambridge, UK) Markus Jakobsson (Indiana University CACR) Research Papers === Fraud within Asymmetric Multi-Hop Cellular Networks Gildas Avoine (EPFL, Lausanne, Switzerland) Information-Theoretic Security Analysis of Physical Uncloneable Functions P. Tuyls B. Skoric S. Stallinga A.H. Akkermans W. Ophey (Philips Research Laboratories, The Netherlands) Views, Reactions and Impact of Digitally-Signed Mail in e-Commerce. Simson L. Garfinkel Jeffrey I. Schiller Erik Nordlander (MIT) David Margrave (Amazon.com) Robert C. Miller (MIT) Identity-based Partial Message Recovery Signatures (or How to Shorten ID-based Signatures) Fangguo Zhang (Sun Yat Sen University, P.R.China) Yi Mu Willy Susilo (University of Wollongong, Australia) How to Non-Interactively Update a Secret Eujin Goh (Stanford University) Philippe Golle (Palo Alto Research Center) Interactive Diffie-Hellman Assumptions with Applications to Password-Based Authentication Michel Abdalla David Pointcheval (Ecole Normale Superieure) Achieving Fairness in Private Contract Negotiation Keith Frikken Mikhail Atallah (Purdue University) Protecting Secret Data from Insider Attacks David Dagon Wenke Lee Richard Lipton (Georgia Tech) RFID Traceability A Multilayer Problem Gildas Avoine Philippe Oechslin (EPFL Lausanne Switzerland) A User-Friendly Approach to Human Authentication of Messages Jeff King Andre dos Santos (Georgia Tech) Countering Identity Theft through Digital Uniqueness, Location Cross-Checking, and Funneling P.C. van Oorschot (Carleton University) S. Stubblebine (Stubblebine Research Labs) Policy-Based Cryptography and Applications Walid Bagga Refik Molva (Eurecom) A Privacy Protecting Coupon System Liqun Chen (HP Laboratories) Matthias Enzmann (Fraunhofer SIT) Ahmad-Reza Sadeghi (University of Bochum) Markus Schneider (Fraunhofer SIT) Michael Steiner (IBM T.J. Watson) Analysis of a Multi-Party Fair Exchange Protocol and Formal Proof of Correctness in the Strand Space model Steve Kremer Aybek Mukhamedov Eike Ritter (University of Birmingham, UK) Secure Biometric Authentication for Weak Computational Devices Mikhail J. Atallah Keith B. Frikken (Purdue) Michael T. Goodrich (UC Irvine) Roberto Tamassia (Brown) Small Coalitions Cannot Manipulate Voting Edith Elkind (Princeton University) Helger Lipmaa (Helsinki University of Technology) Efficient Privacy-Preserving Protocols for Multi-Unit Auctions Felix Brandt (Stanford) Tuomas Sandholm (Carnegie Mellon University) Risk Assurance for Hedge Funds using Zero Knowledge Proofs Michael Szydlo (RSA
[EMAIL PROTECTED]: [fc-announce] CFP: FC'05 - Financial Cryptography and Data Security]
From: Stuart Schechter [EMAIL PROTECTED] Subject: [fc-announce] CFP: FC'05 - Financial Cryptography and Data Security To: [EMAIL PROTECTED] Date: Tue, 18 May 2004 16:59:41 -0400 Organization: Harvard University FC'05 Financial Cryptography and Data Security http://www.ifca.ai/fc05/ CALL FOR PAPERS Ninth International Conference February 28-March 3, 2005 Roseau, The Commonwealth Of Dominica Submissions Due Date: September 10, 2004 Financial Cryptography and Data Security (FC'05) is the premier international forum for research, advanced development, education, exploration, and debate regarding security in the context of finance and commerce. We have augmented our conference title and expanded our scope to cover all aspects of securing transactions and systems. These aspects include a range of technical areas such as: cryptography, payment systems, secure transaction architectures, software systems and tools, user and operator interfaces, fraud prevention, payment systems, secure IT infrastructure, and analysis methodologies. Our focus will also encompass legal, financial, business and policy aspects. Material both on theoretical (fundamental) aspects of securing systems and on secure applications and real-world deployments will be considered. The conference goal is to bring together top cryptographers, data-security specialists, and scientists with economists, bankers, implementers, and policy makers. Intimate and colorful by tradition, the FC'05 program will feature invited talks, academic presentations, technical demonstrations, and panel discussions. This conference is organized annually by the International Financial Cryptography Association (IFCA). Original papers and presentations on all aspects of financial and commerce security are invited. Submissions must have a visible bearing on financial and commerce security issues, but can be interdisciplinary in nature and need not be exclusively concerned with cryptography or security. Possible topics for submission to the various sessions include, but are not limited to: * Anonymity and Privacy * Auctions * Audit and Auditability * Authentication and Identification, including Biometrics * Certification and Authorization * Commercial Cryptographic Applications * Commercial Transactions and Contracts * Digital Cash and Payment Systems * Digital Incentive and Loyalty Systems * Digital Rights Management * Financial Regulation and Reporting * Fraud Detection * Game Theoretic Approaches to Security * Infrastructure Design * Legal and Regulatory Issues * Microfinance and Micropayments * Monitoring, Management and Operations * Reputation Systems * RFID-Based and Contactless Payment Systems * Risk Assessment and Management * Secure Banking * Secure Financial Web Services * Securing Emerging Computational Paradigms * Security and Risk Perceptions and Judgments * Security Economics * Smart Cards and Secure Tokens * Trust Management * Trustability and Trustworthiness * Underground-Market Economics * Usability and Acceptance of Security Systems * User and Operator Interfaces SUBMISSION INSTRUCTIONS === FC'05 is inviting submissions in three categories: (1) research papers, (2) systems and applications presentations, (3) panel sessions. For all accepted submissions, at least one author must attend the conference and present the work. Research Papers === Research papers should describe novel scientific contributions to the field, and they will be subject to vigorous peer review. Papers can be a maximum of 15 pages in length (including references and appendices), and accepted submissions will be published in full in the conference proceedings. Submission of previously published material and simultaneous submission of papers to other conferences or workshops with proceedings is not permitted. Authors of research papers found to be doubly submitted risk having all their submissions withdrawn from consideration as well as other appropriate sanctions. Systems and Application Presentations = Submissions in this category should describe novel or successful systems with an emphasis on secure digital commerce applications. Presentations may concern commercial systems, academic prototypes, or open-source projects for any of the topics listed above. Where appropriate, software or hardware demonstrations are encouraged as part of the presentations in these sessions. Contributions must reflect careful thought and effort and provide valuable, up-to-date experience that is relevant to practitioners in the fields of financial cryptography and data security. Submissions in this category should consist of a short summary of the work (1-6 pages in length) to be reviewed by the
Re: quantum hype
Date: Fri, 19 Sep 2003 11:57:22 -0400 From: Ian Grigg [EMAIL PROTECTED] If I understand this correctly, this is both an eavesdropping scenario and an MITM scenario. In the above, Eve is acting as Mallory, as she is by definition intercepting the bits and re- sending them on? As Dave Howe pointed out, Eve is acting as a repeater and tries not to alter the bits. This seems a sensible model of eavesdropping for QKD. The threat is that Alice and Bob might incorporate bits that were seen by Eve into their key. If Bob never receives a bit, it won't be used. That is, the Quantum Property is that Eve can be detected because she destroys photos in the act of listening, and Mallory, who can resend the photons, has only a 50% chance of reading each bit correctly in advance, so he can be detected after the fact as well, as 25% of his bits are wrong. The terminology destroy is used a bit loosely. I think the important thing for QKD is that if a photon is measured with the wrong basis, the information it is carrying about the key is lost. Ray - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]