Call for participation, First IEEE International Security InStorage Workshop
Early Registration ends December 3. Call For Participation First IEEE International Security In Storage Workshop December 11th, 2002 -- Greenbelt, Maryland, USA http://ieee-tfia.org/sisw2002 Co-Sponsored by IEEE Task Force for Information Assurance IEEE Mass Storage Systems Technical Committee The ability to create large shared storage systems in a secure manner has received little formal research. A comprehensive, systems approach to storage security is required for success of storage consolidation. This workshop serves as an open forum to discuss storage threats, technologies, methodologies and deployment. The proceedings will be published by IEEE and will be available in print and online. Attendees will receive a preprint of the proceedings at the workshop as well as the formal proceedings mailed after the workshop. Preliminary Program --- Wednesday, December 11, 2002 7:30 AM Registration and Continental Breakfast 8:30 AM Jack Cole Welcome: Introduction and Motivation 9:00 AM Donald. R. Beaver Network Security and Storage Security: Symmetries and Symmetry-Breaking 9:30 AM Alain Azagury, Ran Canetti, Michael Factor, Shai Halevi, Ealan Henis, Dalit Naor, Noam Rinetzky, Ohad Rodeh, and Julian Satran A Two Layered Approach for Securing an Object Store Network 10:00 AM David Samyde, Sergei Skorobogatov, Ross Anderson and Jean-Jacques Quisquater On a new way to read data from a volatile memory 10:30 AM Break 11:00 AM Shai Halevi and Phil Rogaway The Disk-Sector Encryption Problem: Constructing Tweakable Enciphering Modes that are Secure in the Sense of a Strong PRP 11:30 AM Adrian Baldwin and Simon Shiu Encryption And Key Management In A SAN 12:00 PM Yevgeniy Dodis, Moti Yung Exposure-Resilience for Free: The Hierarchical ID-based Encryption Case 12:30 PM Lunch (provided) 1:30 PM Axelle Apvrille, James Hughes Streamed or Detached Triple Integrity for a Time Stamped Secure Storage System 2:00 PM Benjamin C. Reed, Mark A. Smith, and Dejan Diklic Security Considerations When Designing a Distributed File System Using Object Storage Devices 2:30 PM Shuang-Yi Tang, Ying-Ping Lu and David H.C. Du Performance Study of Software-Based iSCSI Security 3:00 PM Break 3:30 PM Yongdae Kim, Fabio Maino, Maithili Narasimha, and Gene Tsudik Secure Group Services for Storage Area Networks 4:00 PM Theodore M. Wong, Chenxi Wang and Jeannette M. Wing Verifiable secret redistribution for archive systems 4:30 PM Break 5:00 PM Jim Hughes et.al. Panel: Results - Commentary - Realization 6:00 PM Adjourn Location -- The workshop will be at the Marriott Greenbelt. It is located at http://makeashorterlink.com/?Y2EB23452. The current advertised rates at this hotel is $119 per night. According to www.orbitz.com, there are other less expensive hotels in the Greenbelt MD area. This is just a sample of the available rooms at the time that this Call for Participation was prepared. Holiday Inn GREENBELT NASA/GODDARD $119 Courtyard by Marriott Greenbelt $109 Residence Inn by Marriott Greenbelt $119 Ramada Limited College Park $58.50 Howard Johnson Express Inn - College Park $54.00 Comfort Inn Suites $62.10 SUPER 8 MOTEL - COLLEGE PARK $50.29 The workshop has not negotiated special rates at the Workshop hotel or other hotels in the area. Transportation -- The Greenbelt Marriott is accessible from Baltimore Washington Airport, Reagan National Airport and Washington Dulles Airport. Round trip Hotel shuttles can be purchased at your expense at each of these airports. Conference Fees -- The conference fees Early Registration Before December 4, 2002 Full time Student - $50 IEEE Member - $200 Non-Member - $250 Onsite or Late Registration after December 3, 2002 IEEE Member - $250 Non-Member - $315 This includes breakfast, breaks and lunch. Does not include Hotel or transportation. Registration -- Register at http://www.cryptobroker.com/SIS02/register.php. The web site takes Visa, MC and American Express. You can also register and pay on site with Visa, MC and American Express, cash or check. Cancellation -- Cancellation before December 4, 2002 is possible with a $50 handling fee. All cancellations will be refunded after the conference. Canceling after Dec 3, 2002 will not be refunded
Re: Windows 2000 declared secure
Gentlepeople: I believe I have an interesting question... While I am not generally a Microsoft fan, the documentation that was pointed to seems to be inconsistent. I agree with most of what Johnathan says,and maybe this is just a nit that is irrelevant to the discussion at hand. The document that the email referenced is http://eros.cs.jhu.edu/~shap/NT-EAL4.html which in turn references page 9 of http://www.radium.ncsc.mil/tpep/library/protection_profiles/CAPP-1.d.pdf which I will quote a few paragraphs below where Johnathon quoted: 1.3 Strength of Environment The CAPP is for a generalized environment with a moderate level of risk to the assets. The assurance requirements and the minimum strength of function were chosen to be consistent with that level of risk. The assurance level is EAL 3 and the minimum strength of function is SOF-medium. But the press release states NT-2000 achieved EAL-4? From http://www.commoncriteria.org/docs/EALs.html the differences between EAL3 and EAL4 are: EAL3 - methodically tested and checked EAL3 permits a conscientious developer to gain maximum assurance from positive security engineering at the design stage without substantial alteration of existing sound development practices. It is applicable in those circumstances where developers or users require a moderate level of independently assured security, and require a thorough investigation of the TOE and its development without incurring substantial reengineering costs. An EAL3 evaluation provides an analysis supported by grey box testing, selective confirmation of the developer test results, and evidence of a developer search for obvious vulnerabilities. Development environmental controls and TOE configuration management are also required. EAL4 - methodically designed, tested and reviewed EAL4 permits a developer to maximize assurance gained from positive security engineering based on good commercial development practices. Although rigorous, these practices do not require substantial specialist knowledge, skills, and other resources. EAL4 is the highest level at which it is likely to be economically feasible to retrofit to an existing product line. It is applicable in those circumstances where developers or users require a moderate to high level of independently assured security in conventional commodity TOEs, and are prepared to incur additional security-specific engineering costs. An EAL4 evaluation provides an analysis supported by the low-level design of the modules of the TOE, and a subset of the implementation. Testing is supported by an independent search for vulnerabilities. Development controls are supported by a life-cycle model, identification of tools, and automated configuration management. [TOE stands for Target of Evaluation.] Is it arguable that the difference is minimal. Is there a more formal description of what can be done with an EAL3 vs an EAL4 device? Thanks jim On Thu, 2002-10-31 at 17:41, Mark Miller wrote: At 11:41 PM 10/30/2002 Wednesday, Peter Gutmann wrote: http://biz.yahoo.com/prnews/021029/sftu114_1.html Microsoft Windows 2000 Awarded Common Criteria Certification Tuesday October 29, 2:00 pm ET Achieves Highest Level of Security Evaluation for the Broadest Set of Real- World Scenarios What it means: http://eros.cs.jhu.edu/~shap/NT-EAL4.html Text by me above is hereby placed in the public domain Cheers, --MarkM - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] -- Jim Hughes [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: M-209 for sale?
It looks like it did not sell. Does anyone know of other examples of WW-II crypto gear for sale? Thanks. jim There's an M-209 for sale on EBay: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemitem=726499988 -- Jim Hughes [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Wild and Crazy: Interview with Palladium's Mario Juarez
I think his comment is can you cannot backup the key. Maybe the answer is that the key is in the processor and you must 1. get a new identity whenever you change processor chips and 2. that moving disks from machine to machine is not possible, only plaintext copy. Seems workable to me :^( On Tue, 2002-07-02 at 16:08, [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] writes: In other words, when the MB is fried because of some freak electrical surge, I'm screwed, because I can't put the HD into another machine and get the data off it? What's wrong with your backups? :-) This is like a problem Windows already has: if you move a disk onto different hardware, more often than not you can't boot because the wrong Hardware Adaptation Layer info is in the disk's boot sector. At least you can recover the data by mounting it as a second disk. /ji - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] -- - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: FC: Hollywood wants to plug analog hole, regulate A-D converters
I will add one more gallon of fuel to this fire and then sit by and watch it burn... Imagine *if* there is a mandated change that there be some kind of digital content filter in all D-A and *if* there is *any* probability at all (no matter how small) that non-copyrighted material will trigger this, would you put your life into the hands of a machine that will kill you if all of the redundant D-A converters fail at exactly the same time because of this feature?! Who should your children sue, Sony? Who pays for all the design, development and testing to prove that this event will not occur? Will this cause these machines to be developed in India instead? I honestly feel for the entertainment businesses and their losses, but trying to keep honest people honest, while crippling US competitiveness, seems to be a waste of their silver bullets, IMHO On Wed, 2002-05-29 at 16:04, Adam Fields wrote: Hughes, James P says: Change the billboard for elevator music (which will be protected). Will you be able to play back your digital dictations *if* they were recorded in an environment that included background music. IMHO, Silly does not mean they will not be successful. Look at DMCA. I'm curious - I've never seen any discussion of this, but it hit home quite forcefully when I was ejected from my battery park apartment on 9/11 and needed to temporarily install some software on a new computer - has anyone made the point that enforced technological copyright protections are detrimental to security because they eliminate the possibility of using that technology in an emergency? More than not being able to take a picture of your kid's birthday - what if all of those cameras refused to take pictures of the WTC burning? What if my computer was wiped out, and I needed to use a copy of some software to tell people I was still alive? Even if I was authorized to do so, the technological protections would prevent me from doing it, because I wouldn't be able to prove it to them (and this is a relatively minor inconvenience compared to the possibility that the key grantor is destroyed). It seems like these are more pervasive arguments that would appeal to more of a universal public good (individual safety and public record) than mere I want to watch TV when I want to. Granted, I agree with that argument too, but then, I'm one of the converted. Given that we seem to be rapidly moving towards a future where emergency situations are only going to become more prevalent, it seems strangely like a serious (physical, societal, etc...) security risk to lock down all this technology. -Original Message- From: Trei, Peter [EMAIL PROTECTED] To: '[EMAIL PROTECTED]' [EMAIL PROTECTED]; '[EMAIL PROTECTED]' [EMAIL PROTECTED] Sent: Wed May 29 12:29:39 2002 Subject: RE: FC: Hollywood wants to plug analog hole, regulate A-D conve rters Actually, it's unlikely that anyone would embed watermarks in billboard ads, or in ads in general. Copying an ad is usually a Good Thing from the advertiser's point of view - more exposure. It's only the program material which needs protection. To get back to security; could I use this to defeat video surrveilliance cameras, by wearing a copyrighted teeshirt?? This thread on this very silly idea from the MPAA has gone far enough, IMHO. Peter Trei -- From: [EMAIL PROTECTED][SMTP:[EMAIL PROTECTED]] Sent: Wednesday, May 29, 2002 2:14 PM To: [EMAIL PROTECTED] Subject: RE: FC: Hollywood wants to plug analog hole, regulate A-D conve rters From: Pete Chown [mailto:[EMAIL PROTECTED]] Sent: Sunday, May 26, 2002 8:05 AM David G. Koontz wrote: Can you imagine watermarks on billboard advertisements? How subliminal. Actually this would be weird. Suppose digital cameras had to be fitted with a watermark detection system. Suddenly, we have lost a much more fundamental fair use right -- the right to include copyright material as an incidental part of a photograph. [SNIP] I would like to buy some watermarked cloths please. Then I could be invisible :-) -Michael Heyman - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majordomo@wasabisystems. com -- - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]