Re: Traffic Analysis References
Hi Leandro, I am compiling a review paper on traffic analysis as well as a talk. They can be found here: http://homes.esat.kuleuven.be/~gdanezis/TAIntro.pdf http://homes.esat.kuleuven.be/~gdanezis/talks/TAIntro-prez.pdf These will soon be expanded (by January) since they are going to be presented as a talk to the CCC (Berlin) as well as a book chapter. If anyone with material on the subject can give me more pointers I would be most grateful. Yours, George Leandro Meiners wrote: > Dear list, > > Can anybody point me to any good references regarding traffic analysis? > > regards, > > Leandro. > > -- > Leandro Federico Meiners > > GnuPG key fingerprint: > 7B98 C0F5 42A3 2BEE 44AF > 9D19 936F 5957 27DF AE74 > > GnuPG-Key: > http://pgp.mit.edu:11371/pks/lookup?op=index&search=lmeiners%40gmail.com&fingerprint=on&exact=on > - > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Secure phones from VectroTel?
Hi all! > The devices apparently use D-H key exchange to produce a 128 bit AES > key which is then used as a stream cipher (presumably in OFB or a > similar mode). Authentication appears to be via a 4 digit pin, > certainly not the best of mechanisms. The 4-digit PIN should not automatically be dismissed as a bad idea. The device *could* be performing a DH based protocols to bootstrap a strong secret from a week PIN. A secure example of such a protocol (there are many more): Stefan Lucks, Rüdiger Weis: How to turn a PIN into an Iron Beam. 385-396 (In Dimitris Gritzalis, Sabrina De Capitani di Vimercati, Pierangela Samarati, Sokratis K. Katsikas (Eds.): Security and Privacy in the Age of Uncertainty, IFIP TC11 18th International Conference on Information Security (SEC2003), May 26-28, 2003, Athens, Greece. IFIP Conference Proceedings 250 Kluwer 2003, ISBN 1-4020-7449-2) And a simpler one: Michael Roe, Bruce Christianson, David Wheeler. Secure sessions from weak secrets www.cl.cam.ac.uk/TechReports/UCAM-CL-TR-445.pdf Of course I have no idea if this is the technology used. George Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
PET 2006: Call for Participation
Call for Participation 6th Workshop on Privacy Enhancing Technologies (PET 2006) Robinson College, Cambridge, United Kingdom June 28 - June 30, 2006 http://petworkshop.org/2006/ Special Events: * Keynote speaker: Susan Landau, Sun Microsystems Laboratories on "The Missing Link", (Abstract at the end of the email.) * PET Award 2006 ceremony and reception at Microsoft Research, http://petworkshop.org/2006/award.html Co-located with: * The Fifth Workshop on the Economics of Information Security (WEIS 2006), 26-28 June, http://weis2006.econinfosec.org/ * IAVoSS Workshop On Trustworthy Elections (WOTE 2006) 29-30 June, http://www.win.tue.nl/~berry/wote2006/ Privacy and anonymity are increasingly important in the online world. Corporations, governments, and other organizations are realizing and exploiting their power to track users and their behavior, and restricting the ability to publish or retrieve documents. Approaches to not only protecting individuals and groups, but also companies and governments, from such profiling and censorship include decentralization, encryption, distributed trust, and automated policy disclosure. This 6th workshop addresses the design and realization of such privacy and anti-censorship services for the Internet and other communication networks by bringing together anonymity and privacy experts from around the world to discuss recent advances and new perspectives. Early registration by May 12 at: http://petworkshop.org/2006/petRegister.html Further local information on accommodation and travel is available on the PET workshop website (book accommodation early!): http://petworkshop.org/2006/petTravel.html Program Chairs: * Philippe Golle, PARC (Philippe.Golle at parc com) * George Danezis, K.U.Leuven (George.Danezis at esat kuleuven be) General Chair: * Richard Clayton, University of Cambridge (Richard.Clayton at cl cam ac uk) Research Program: (also at http://petworkshop.org/2006/program.html) Privacy and the real world * One Big File Is Not Enough: A Critical Evaluation of the Dominant Free-Space Sanitization Technique Simson Garfinkel and David Malan * Protecting Privacy with the MPEG-21 IPMP Framework Nicholas Paul Sheppard and Reihaneh Safavi-Naini * Privacy for Public Transportation Thomas S. Heydt-Benjamin, Hee-Jin Chae, Benessa Defend, and Kevin Fu * Privacy Rights Management - Taming Cellphone Cameras Mina Deng, Lothar Fritsch and Klaus Kursawe * Ignoring the Great Firewall of China Richard Clayton, Steven J. Murdoch and Robert N. M. Watson * I Know What You Did Last Summer: Self-Awareness, Imagined Communities,and Information Sharing in an Online Social Network Alessandro Acquisti and Ralph Gross Privacy policies * Enhancing Consumer Privacy in the Liberty Alliance Identity Federation and Web Services Frameworks Mansour Alsaleh and Carlisle Adams * Traceable and Automatic Compliance of Privacy Policies in Federated Digital Identity Management Anna C. Squicciarini, Abhilasha Bhargav-Spantzel, Alexei Czeskis and Elisa Bertino * Privacy Injector - Automated Privacy Enforcement through Aspects Chris Vanden Berghe and Matthias Schunter * A Systemic Approach to Automate Privacy Policy Enforcement in Enterprises Marco Casassa Mont and Robert Thyne Anonymous communications * Improving Sender Anonymity in a Structured Overlay with Imprecise Routing Giuseppe Ciaccio * Selectively Traceable Anonymity Luis von Ahn, Andrew Bortz, Nicholas Hopper and Kevin O'Neill * Valet Services: Improving Hidden Servers with a Personal Touch Lasse Øverlier and Paul Syverson * Blending different latency traffic with alpha-mixing Roger Dingledine, Andrei Serjantov and Paul Syverson Attacks: Traffic and Location analysis * Breaking the Collusion Detection Mechanism of MorphMix Parisa Tabriz and Nikita Borisov * Linking Anonymous Transactions: The Consistent View Attack Andreas Pashalidis and Bernd Meyer * Preserving User Location Privacy in Mobile Data Management Infrastructures Reynold Cheng, Yu Zhang, Elisa Bertino and Sunil Prabhakar * Location Access Effects on Trail Re-identification Bradley Malin and Edoardo Airoldi Private muti-party computation, authentication, and cryptography * Private Resource Pairing Joseph A. Calandrino and Alfred C. Weaver * On the Security of the Tor Authentication Protocol Ian Goldberg * Honest-Verifier Private Disjointness Testing without Random Oracles Susan Hohenberger and Stephen A. Weis * A Flexible Framework for Secret Handshakes Gene Tsudik and Shouhuai Xu * Optimal Key-Trees for Tree-Based Private Authentication Levente Buttyan, Tamas Holczer and Istvan Vajda
IPICS summer course in Computer Security
Call for Participation Intensive Program on Information and Communication Security IPICS 2006 Summer Course 17-28 July 2006, K.U. Leuven, Belgium https://www.cosic.esat.kuleuven.be/ipics2006/?i=S Special Focus: Privacy Technology (26-28 July) IPICS is a two week long summer school intended for final year undergraduate students, master students and starting PhD candidates, as well as those in the private sector, that wish to learn about the foundations of computer and communication security. IPICS takes the format of a two week course, taught by internationally renowned researchers and experts. The special theme this year is "Privacy Technology", with 3 days especially devoted to it. The special privacy course will cover: * Introduction, by the father of Privacy Technologies, David Chaum * Identity management and privacy Marit Hansen (ICPP, Schleswig-Holstein, Germany) * Anonymous credential systems and e-cash Jan Camenisch (IBM Zürich, Switserland) * Election schemes Peter Ryan (Newcastle University, U.K.) * Privacy policies, languages and applications Simone Ficher-Hübner (Karlstadt University, Sweden) * Location privacy and mobile devices Kai Rannenberg (Goethe University Frankfurt, Germany) * Anonymous communications Dogan Kesdogan (Technical University of Aachen, Germany) * Privacy public policy, law and economics Jos Dumortier (Katholieke Universiteit Leuven - ICRI, Belgium) Other topics will include: * Introduction to security and course overview (Bart Preneel, KU Leuven), * Computer crime and abuse (Nathan Clarke, Plymouth), * Business continuity planning (Gerald Quirchmayr, Vienna), * Cryptology (Bart Preneel, KU Leuven), * Authorization and access control (Günther Pernul, Regensburg), * PKI and PMI (Javier Lopez, Malaga), * Biometry (Pim Tuyls, KU Leuven), * Network Security (Sokrates Katsikas, Greece), * Cybercrime Investigation (Ahmed Patel), * RFID Security (Karl Posch, T.U.Graz), * Electronic commerce (Keith Martin, Royal Holloway), * Smart cards (Helena Handschuh, Spansion, France), * Trusted computing (Klaus Kursawe, Philips Eindhoven), * Secure hardware (Lejla Batina, Nele Mentens, KU Leuven), * eID cards (Danny De Cock, KU Leuven), * Security of C and C++ programs (Yves Younan, KU Leuven) (Full program at: https://www.cosic.esat.kuleuven.be/ipics2006/course_program.shtml?i=S) Registration: Registration is FREE for students. Academics are charged (150 euros) and industry participants are charged 500 euros for L-SEC members or 650 euros for non-members. We ask those interested to register as soon as possible, and before July 7th at: (Academics:) https://www.cosic.esat.kuleuven.be/ipics2006/application.shtml?i=S (Industry:) http://l-sec.emsecure.net/optiext/optiextension.dll?ID=gQeugRexMggM A limited supply of accommodation is available through KU Leuven, that you need to book well in advance through the registration process. More details on alternative hotels and local arrangements can be found at: https://www.cosic.esat.kuleuven.be/ipics2006/practical_info.shtml?i=S Contacts and further information: Web: https://www.cosic.esat.kuleuven.be/ipics2006/index.shtml?i=S Email: George Danezis (George.Danezis esat kuleuven be) Claudia Diaz (Claudia.Diaz esat kuleuven be) Prof. Bart Preneel (Bart.Preneel esat kuleuven be) Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]