[Publicity-list] [Publicity-list]: DIMACS Workshop on Large-Scale Internet Attacks
* DIMACS Workshop on Large-Scale Internet Attacks September 23 - 24, 2003 DIMACS Center, Rutgers University, Piscataway, NJ Organizers: Vern Paxson, ICSI, [EMAIL PROTECTED] Steve Bellovin, ATT Research, [EMAIL PROTECTED] Stuart Staniford, Silicon Defense Stefan Savage, University of California, [EMAIL PROTECTED] Presented under the auspices of the Special Focus on Communication Security and Information Privacy. As the Internet has grown greatly in size, new forms of attacks that leverage the network's increasing scale have gained prominence. At the same time, the network's scale also often increases the difficulty of countering attacks, making it more difficult to trace back attackers or deploy widespread defensive measures. This workshop aims to assess the lay of the land in terms of large-scale Internet attacks and then to look for principles common to the problem domain. The focus will be on three general types of large-scale attacks: distributed denial-of-service (DDOS), self-propagating malicious code (worms), and attacks targetting the network's components (infrastructure attacks). Participation in the workshop is quite limited because of the emphasis on achieving a high degree of interactivity discussion. Potential attendees interested in participating should contact the organization chair at [EMAIL PROTECTED], including a description of relevant background and the specific topic(s) of interest for discussion exploration. Workshop Program: Preliminary Program for DIMACS Workshop on Large-Scale Attacks IMPORTANT: the workshop is meant to be a true workshop, in which the actual program is fluid, and the emphasis is on interactivity and incubating new connections (both between people and across areas). We anticipate last-minute changes, and indeed may alter the program on the spot as discussion and opportunity suggests. Tuesday, September 23, 2003 8:30 - 9:30 Breakfast and Registration 9:30 - 9:40 Opening remarks Melvin Janowitz, Associate Director of DIMACS 9:40 - 10:00 Welcome Attendee Introductions 10:00 - 12:00 Experiences with large-scale attacks A Large-scale View of Large-scale Attacks Sean Donalen, SBC Internet Services Infrastructure Attack Trends Craig Labovitz, Arbor Networks Attacks on services Discussion 12:00 - 1:30 Lunch 1:30 - 3:00 DDoS Overview John Ioannidis, ATT Labs - Research Defenses Angelos Keromytis, Columbia University Source address filtering Discussion: is the problem still relevant? is traceback relevant? barriers to deploying solutions? 3:00 - 3:30 Break 3:30 - 5:00 Techniques Telescopes David Moore, UCSD Sampling techniques George Varghese, UCSD P2P techniques, large-scale coordination Joel Sandin, Stanford University Honeynets Dave Dittrich, University of Washington Open Mike (i.e., we'll call in advance for presentations here) Discussion 6:00 Dinner Wednesday, September 24, 2003 8:30 - 9:00 Breakfast and Registration 9:00 - 11:30 Worms Overview Stuart Staniford, Silicon Defense Diverse axes of scaling Dan Ellis, MITRE Modeling/detecting worm propagation Lixin Gao, University of Massachusetts Topological worm defenses Nick Weaver, UCB Break Pulsing attacks on routers Auto-patching Angelos Keromytis, Columbia University Discussion 11:30 - 1:00 Lunch 1:00 - 2:30 Attacks on routing BGP attacks Targeted link attacks Steve Bellovin, ATT Labs - Research Authentication and robustness Alex Snoeren, UCSD Discussion 2:30 - 2:45 Break 2:45 - 4:00 Where do we need to go? Facilitated discussion Stefan Savage, UCSD ** Registration Fees: (Pre-registration deadline: September 17, 2003) Regular Rate Preregister before deadline $120/day After preregistration deadline $140/day Reduced Rate* Preregister before deadline $60/day After preregistration deadline $70/day Postdocs Preregister before deadline $10/day After preregistration deadline $15/day DIMACS Postdocs $0
[Publicity-list]: DIMACS/PORTIA Workshop on Privacy-Preserving Data Mining
* DIMACS/PORTIA Workshop on Privacy-Preserving Data Mining March 15 - 16, 2004 DIMACS Center, Rutgers University, Piscataway, NJ Organizers: Cynthia Dwork, Microsoft, dwork at microsoft.com Benny Pinkas, HP Labs, benny.pinkas at hp.com Rebecca Wright, Stevens Institute of Technology, rwright at cs.stevens-tech.edu Presented under the auspices of the Special Focus on Communication Security and Information Privacy, and the PORTIA project. This workshop and working group will bring together researchers and practitioners in cryptography, data mining, and other areas to discuss privacy-preserving data mining. The workshop sessions on March 15 and 16, 2004 will consist of invited talks and discussion. March 17, 2004 will be a working group of invited participants to identify and explore approaches that could serve as the basis for more sophisticated algorithms and implementations than presently exist, and to discuss directions for further research and collaboration. Both the workshop and working group will investigate the construction and exploitation of private databases, e.g. * Merging information from multiple data sets in a consistent, secure, efficient and privacy-preserving manner; * Sanitizing databases to permit privacy-preserving public study. In a wide variety of applications it would be useful to be able to gather information from several different data sets. The owners of these data sets may not be willing, or legally able, to share their complete data with each other. The ability to collaborate without revealing information could be instrumental in fostering inter-agency collaboration. Particular topics of interest include: * Secure multi-party computation. This is a very general and well-studied paradigm that unfortunately has not been used in practice so far. We will investigate ways to make it more efficient and encourage its deployment. * Statistical techniques such as data swapping, post-randomization, and perturbation. * Articulation of different notions and aspects of privacy. * Tradeoffs between privacy and accuracy. * Architectures that facilitate private queries by a (semi-trusted) third party. * Methods for handling different or incompatible formats, and erroneous data. We will investigate ideas from dimension reduction, clustering and searching strategy. ** Registration Fees: (Pre-registration deadline: March 8, 2004) Regular Rate Preregister before deadline $120/day After preregistration deadline $140/day Reduced Rate* Preregister before deadline $60/day After preregistration deadline $70/day Postdocs Preregister before deadline $10/day After preregistration deadline $15/day DIMACS Postdocs $0 Non-Local Graduate Undergraduate students Preregister before deadline $5/day After preregistration deadline $10/day Local Graduate Undergraduate students $0 (Rutgers Princeton) DIMACS partner institution employees** $0 DIMACS long-term visitors*** $0 Registration fee to be collected on site, cash, check, VISA/Mastercard accepted. Our funding agencies require that we charge a registration fee during the course of the workshop. Registration fees include participation in the workshop, all workshop materials, breakfast, lunch, breaks and any scheduled social events (if applicable). * College/University faculty and employees of nonprofit and government organizations will automatically receive the reduced rate. Other participants may apply for a reduction of fees. They should email their request for the reduced fee to the Workshop Coordinator at [EMAIL PROTECTED] Include your name, the Institution you work for, your job title and a brief explanation of your situation. All requests for reduced rates must be received before the pre-registration deadline. You will promptly be notified as to the decision about it. ** Fees for employees of DIMACS partner institutions are waived. DIMACS partner institutions are: Rutgers University, Princeton University, ATT Labs - Research, Bell Labs, NEC Laboratories America and Telcordia Technologies. Fees for employees of DIMACS affiliate members Avaya Labs, IBM Research and Microsoft Research are also waived. ***DIMACS long-term visitors who are in residence at DIMACS for two or more weeks inclusive of dates of workshop. * Information on participation, registration, accomodations, and travel can be found at: http://dimacs.rutgers.edu/Workshops/Privacy/ **PLEASE BE SURE TO PRE-REGISTER EARLY** - The Cryptography Mailing List
DIMACS Workshop on Electronic Voting -- Theory and Practice
* DIMACS Workshop on Electronic Voting -- Theory and Practice May 26 - 27, 2004 DIMACS Center, Rutgers University, Piscataway, NJ Organizers: Markus Jakobsson, RSA Laboratories, [EMAIL PROTECTED] Ari Juels, RSA Laboratories, [EMAIL PROTECTED] Presented under the auspices of the Special Focus on Communication Security and Information Privacy and the Special Focus on Computation and the Socio-Economic Sciences.. To many technologists, electronic voting represents a seemingly simple exercise in system design. In reality, the many requirements it imposes with regard to correctness, anonymity, and availability pose an unusually thorny collection of problems, and the security risks associated with electronic voting, especially remotely over the Internet, are numerous and complex, posing major technological challenges for computer scientists. (For a few examples, see references below.) The problems range from the threat of denial-of-service-attacks to the need for careful selection of techniques to enforce private and correct tallying of ballots. Other possible requirements for electronic voting schemes are resistance to vote buying, defenses against malfunctioning software, viruses, and related problems, audit ability, and the development of user-friendly and universally accessible interfaces. The goal of the workshop is to bring together and foster an interplay of ideas among researchers and practitioners in different areas of relevance to voting. For example, the workshop will investigate prevention of penetration attacks that involve the use of a delivery mechanism to transport a malicious payload to the target host. This could be in the form of a ``Trojan horse'' or remote control program. It will also investigate vulnerabilities of the communication path between the voting client (the devices where a voter votes) and the server (where votes are tallied). Especially in the case of remote voting, the path must be ``trusted'' and a challenge is to maintain an authenticated communications linkage. Although not specifically a security issue, reliability issues are closely related and will also be considered. The workshop will consider issues dealing with random hardware and software failures (as opposed to deliberate, intelligent attack). A key difference between voting and electronic commerce is that in the former, one wants to irreversibly sever the link between the ballot and the voter. The workshop will discuss audit trails as a way of ensuring this. The workshop will also investigate methods for minimizing coercion and fraud, e.g., schemes to allow a voter to vote more than once and only having the last vote count. This workshop is part of the Special Focus on Communication Security and Information Privacy and will be coordinated with the Special Focus on Computation and the Socio-Economic Sciences. This workshop follows a successful first WOTE event, organized by David Chaum and Ron Rivest in 2001 at Marconi Conference Center in Tomales Bay, California (http://www.vote.caltech.edu/wote01/). Since that time, a flurry of voting bills has been enacted at the federal and state levels, including most notably the Help America Vote Act (HAVA). Standards development has represented another avenue of reform (e.g., the IEEE Voting Equipment Standards Project 1583), while a grassroots movement (http://www.verifiedvoting.org) has arisen to promote the importance of audit trails as enhancements to trustworthiness. ** Participation: Interested participants may contact the organizers. ** Registration Fees: (Pre-registration deadline: May 20, 2004) Regular Rate Preregister before deadline $120/day After preregistration deadline $140/day Reduced Rate* Preregister before deadline $60/day After preregistration deadline $70/day Postdocs Preregister before deadline $10/day After preregistration deadline $15/day DIMACS Postdocs $0 Non-Local Graduate Undergraduate students Preregister before deadline $5/day After preregistration deadline $10/day Local Graduate Undergraduate students $0 (Rutgers Princeton) DIMACS partner institution employees** $0 DIMACS long-term visitors*** $0 Registration fee to be collected on site, cash, check, VISA/Mastercard accepted. Our funding agencies require that we charge a registration fee during the course of the workshop. Registration fees include participation in the workshop, all workshop materials, breakfast, lunch, breaks and any scheduled social events (if applicable). * College/University faculty and employees of nonprofit and government organizations will automatically receive the reduced rate. Other participants may apply for a reduction of fees. They should email their request for the
[Publicity-list]: DIMACS Workshop on Usable Privacy and Security Software
* DIMACS Workshop on Usable Privacy and Security Software July 7 - 8, 2004 DIMACS Center, Rutgers University, Piscataway, NJ Organizers: Lorrie Cranor, Chair, Carnegie Mellon University, [EMAIL PROTECTED] Mark Ackerman, University of Michigan, [EMAIL PROTECTED] Fabian Monrose, Johns Hopkins University, [EMAIL PROTECTED] Andrew Patrick, NRC Canada, [EMAIL PROTECTED] Norman Sadeh, Carnegie Mellon University, [EMAIL PROTECTED] Presented under the auspices of the Special Focus on Communication Security and Information Privacy. This workshop and working group is intended to bring together security and privacy experts with human-computer interaction experts to discuss approaches to developing more usable privacy and security software. The workshop sessions on July 7 and July 8 will include invited talks and discussion. July 9 will feature a working group of invited participants who will spend the day identifying important problems, discussing some of the research issues raised during the workshop in more depth, and brainstorming about approaches to future research, collaboration, and more user-centered design of security and privacy software. ** Participation: Participation in the workshop is open to anyone who registers (no submission necessary). Participation in the working group on July 9 is limited because of the emphasis on achieving a high degree of interactivity and discussion. Workshop participants who are interested in participating in the working group session should send a 1-page abstract or position paper describing their work relevant to this workshop to [EMAIL PROTECTED] Abstracts and position papers should be submitted in plain text, HTML, or PDF formats only. All submissions must be received by April 2, 2004 and authors will be notified by April 19, 2004 as to whether they have been accepted to participate in the working group. In addition, the authors of some submissions will be invited to present 10-minute short talks about their work. Submissions may describe ongoing or planned work related to the development of usable interfaces for security or privacy software, or they may discuss important research problems or propose a research agenda in this area. Submissions are especially encouraged that identify security and privacy areas in need of examination by HCI researchers, as well as areas where HCI researchers would like assistance from security and privacy researchers. ** Registration Fees: (Pre-registration deadline: June 30, 2004) Please see website for registration fees and details. * Information on participation, registration, accomodations, and travel can be found at: http://dimacs.rutgers.edu/Workshops/Tools/ **PLEASE BE SURE TO PRE-REGISTER EARLY** - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
[Publicity-list] DIMACS Tutorial on Social Choice and Computer Science
* DIMACS Tutorial on Social Choice and Computer Science May 10 - 14, 2004 DIMACS Center, Rutgers University, Piscataway, NJ Organizers: Kevin Chang, University of Illinois, [EMAIL PROTECTED] Michel Regenwetter, University of Illinois, [EMAIL PROTECTED] Presented under the auspices of the Special Focus on Computation and the Socio-Economic Sciences. The theory of social choice and voting has had a long history in the social sciences, dating back to early work of Condorcet and others in the 18th century. Some modern issues facing the theory of social choice relate heavily to computer science. Often we need to determine preferences for an individual or group, while maintaining accuracy, fairness and security, sometimes with only limited information and/or computational power. This tutorial will consider computer science and social science issues in insuring the best choices given limited information and computation. It will build on early work on computational complexity of computing the winner of an election in. Moreover, we are also seeing voting/social choice issues arising in strictly computer science applications such as database and information retrieval, Internet search and meta-search, and collaborative filtering. The tutorial will also consider such applications. The tutorial will present an introduction to the concepts and models of individual preference or utility as well as social choice theory and introduce participants to a variety of modern computational issues and computer science applications. The following is a tentative list of topics: * Introduction to Voting Theory: History and Procedures. * Computational Complexity of Social Choice Procedures. * Mathematical Representations of Preference and Utility. * Ranking and Preference in Computer Science: Models and Semantics. * Rank-based Top-k Query Algorithms in Database Search. * Voting and Security: An introduction to the use of error-resilient, waitless methods of voting analysis. * Collaborative Filtering in Information Retrieval. * Internet Search and Meta-Search. * Behavioral Social Choice Theory. * Voting over the Internet. ** Participation: Talks for this workshop are by invitation only. ** Workshop Program: Monday, May 10, 2004 8:15 - 8:45 Registration and Breakfast 8:45 - 9:00 Welcome and Opening Remarks Fred Roberts, DIMACS Director Kevin Chang and Michel Regenwetter, Organizers 9:00 - 9:50 Introduction to Voting Theory: History and Procedures Arnold Urken, Stevens Institute of Technology 9:50 - 10:05 Break 10:05 - 10:55 Introduction to Voting Theory: History and Procedures (continued) Arnold Urken, Stevens Institute of Technology 10:55 - 11:10 Break 11:10 - 12:00 Introduction to Voting Theory: History and Procedures (continued) Arnold Urken, Stevens Institute of Technology 12:00 - 1:30 Lunch - DIMACS Lounge 1:30 - 2:20 Mathematical Representations of Preference and Utility Michel Regenwetter, University of Illinois at Urbana-Champaign 2:20 - 2:35 Break 2:35 - 3:25 Mathematical Representations of Preference and Utility (continued) Michel Regenwetter, University of Illinois at Urbana-Champaign 3:25 - 3:40 Break 3:40 - 4:30 Mathematical Representations of Preference and Utility (continued) Michel Regenwetter, University of Illinois at Urbana-Champaign Tuesday, May 11, 2004 8:30 - 9:00 Registration and Breakfast 9:00 - 9:50 Voting and Security Arnold Urken, Stevens Institute of Technology 9:50 - 10:05 Break 10:05 - 10:55 Voting and Security (continued) Arnold Urken, Stevens Institute of Technology 10:55 - 11:10 Break 11:10 - 12:00 Voting and Security (continued) Arnold Urken, Stevens Institute of Technology 12:00 - 1:30 Lunch - DIMACS Lounge 1:30 - 2:20 Computational Complexity of Social Choice Procedures Craig Tovey, Georgia Institute of Technology 2:20 - 2:35 Break 2:35 - 3:25 Computational Complexity of Social Choice Procedures (continued) Craig Tovey, Georgia Institute of Technology 3:25 - 3:40 Break 3:40 - 4:30 Computational Complexity of Social Choice Procedures (continued) Craig Tovey, Georgia Institute of Technology Wednesday, May 12, 2004 8:30 - 9:00 Registration and Breakfast 9:00 - 9:50 Ranking and Preference in Computer Science: Models and Semantics Kevin Chang, University of Illinois at Urbana-Champaign 9:50 - 10:05 Break 10:05 - 10:55 Ranking and Preference in Computer Science: Models
DIMACS Workshop on Electronic Voting -- Theory and Practice
* DIMACS Workshop on Electronic Voting -- Theory and Practice May 26 - 27, 2004 DIMACS Center, Rutgers University, Piscataway, NJ Organizers: Markus Jakobsson, RSA Laboratories, [EMAIL PROTECTED] Ari Juels, RSA Laboratories, [EMAIL PROTECTED] Presented under the auspices of the Special Focus on Communication Security and Information Privacy and the Special Focus on Computation and the Socio-Economic Sciences.. To many technologists, electronic voting represents a seemingly simple exercise in system design. In reality, the many requirements it imposes with regard to correctness, anonymity, and availability pose an unusually thorny collection of problems, and the security risks associated with electronic voting, especially remotely over the Internet, are numerous and complex, posing major technological challenges for computer scientists. (For a few examples, see references below.) The problems range from the threat of denial-of-service-attacks to the need for careful selection of techniques to enforce private and correct tallying of ballots. Other possible requirements for electronic voting schemes are resistance to vote buying, defenses against malfunctioning software, viruses, and related problems, audit ability, and the development of user-friendly and universally accessible interfaces. The goal of the workshop is to bring together and foster an interplay of ideas among researchers and practitioners in different areas of relevance to voting. For example, the workshop will investigate prevention of penetration attacks that involve the use of a delivery mechanism to transport a malicious payload to the target host. This could be in the form of a ``Trojan horse'' or remote control program. It will also investigate vulnerabilities of the communication path between the voting client (the devices where a voter votes) and the server (where votes are tallied). Especially in the case of remote voting, the path must be ``trusted'' and a challenge is to maintain an authenticated communications linkage. Although not specifically a security issue, reliability issues are closely related and will also be considered. The workshop will consider issues dealing with random hardware and software failures (as opposed to deliberate, intelligent attack). A key difference between voting and electronic commerce is that in the former, one wants to irreversibly sever the link between the ballot and the voter. The workshop will discuss audit trails as a way of ensuring this. The workshop will also investigate methods for minimizing coercion and fraud, e.g., schemes to allow a voter to vote more than once and only having the last vote count. This workshop is part of the Special Focus on Communication Security and Information Privacy and will be coordinated with the Special Focus on Computation and the Socio-Economic Sciences. This workshop follows a successful first WOTE event, organized by David Chaum and Ron Rivest in 2001 at Marconi Conference Center in Tomales Bay, California (http://www.vote.caltech.edu/wote01/). Since that time, a flurry of voting bills has been enacted at the federal and state levels, including most notably the Help America Vote Act (HAVA). Standards development has represented another avenue of reform (e.g., the IEEE Voting Equipment Standards Project 1583), while a grassroots movement (http://www.verifiedvoting.org) has arisen to promote the importance of audit trails as enhancements to trustworthiness. ** Program: This is a preliminary program. Wednesday, May 26, 2004 7:45 - 8:20 Breakfast and Registration 8:20 - 8:30 Welcome and Opening Remarks Fred Roberts, DIMACS Director 8:30 - 9:15 Ron Rivest (tentative) 9:15 - 10:15 Rebecca Mercuri 10:15 - 10:45 Break 10:45 - 11:30 David Chaum 11:30 - 12:15 Michael Shamos 12:15 - 1:30 Lunch 1:30 - 1:50 European online voting experiences Andreu Riera i Jorba 1:50 - 2:10 Providing Trusted Paths Using Untrusted Components Andre Dos Santos 2:10 - 2:30 Internet voting based on PKI: the TruE-vote system Emilia Rosti 2:30 - 2:50 Andy Neff 2:50 - 3:10 Aggelos Kiayas 3:10 - 3:30 How hard is it to manipulate voting? Edith Elkind and Helger Lipmaa 3:30 - 3:50 Towards a dependability case for the Chaum e - voting scheme Peter Ryan 3:50 - 4:20 Break 4:20 - 4:40 Secure practical voting systems: A Cautionary Note Quisquater 4:40 - 5:25 Rob Ritchie 5:25 - 6:10 Panel (moderator: David Chaum) 6:10 - 7:30 Buffet Dinner - Reception - DIMACS Lounge Thursday, May 27, 2004 7:45 - 8:30 Breakfast and Registration 8:30 - 9:15 Rice University hack - a - vote project Dan
[Publicity-list]: DIMACS Workshop on Mobile and Wireless Security
* DIMACS Workshop on Mobile and Wireless Security June 15 - 17 , 2004 DIMACS Center, Rutgers University, Piscataway, NJ Organizers: Bill Arbaugh, University of Maryland, [EMAIL PROTECTED] Presented under the auspices of the Special Focus on Communication Security and Information Privacy. The rapid growth of both voice and data wireless communications has resulted in several serious security problems in both the voice and data spaces. Unfortunately, many of the early security mistakes made with wireless voice communications were repeated with data communications, i.e. the use of flawed authentication and confidentiality algorithms. For example, the standards committee for 802.11 left many of the difficult security issues such as key management and a robust authentication mechanism as open problems. This has led many organizations to use either a permanent fixed cryptographic variable or no encryption with their wireless networks. Since wireless networks provide an adversary a network access point that is beyond the physical security controls of the organization, security can be a problem. Similarly, attacks against WEP, the link-layer security protocol for 802.11 networks can exploit design failures to successfully attack such networks. This workshop will focus on addressing the many outstanding issues that remain in wireless cellular and WLAN networking such as (but not limited to): Management and monitoring; ad-hoc trust establishment; secure roaming between overlay networks; availability and denial of service mitigation; and network and link layer security protocols. We will seek to extend work on ad hoc networking from a non-adversarial setting, assuming a trusted environment, to a more realistic setting in which an adversary may attempt to disrupt communication. We will investigate a variety of approaches to securing ad hoc networks, in particular ways to take advantage of their inherent redundancy (multiple routes between nodes), replication, and new cryptographic schemes such as threshold cryptography. ** Participation: Participants interested in presenting talks may contact the organizer. ** Registration: Pre-registration deadline: June 8, 2004 Please see website for registration information. * Information on participation, registration, accomodations, and travel can be found at: http://dimacs.rutgers.edu/Workshops/MobileWireless/ **PLEASE BE SURE TO PRE-REGISTER EARLY** - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
[Publicity-list] DIMACS Workshop on Security Analysis of Protocols
* DIMACS Workshop on Security Analysis of Protocols June 7 - 9, 2004 DIMACS Center, CoRE Building, Rutgers University, Piscataway, NJ Organizers: John Mitchell, Stanford, [EMAIL PROTECTED] Ran Canetti, IBM Watson, [EMAIL PROTECTED] Presented under the auspices of the Special Focus on Communication Security and Information Privacy. The analysis of cryptographic protocols is a fundamental and challenging area of network security research. Traditionally, there have been two main approaches. One is the logic approach aimed at developing automated tools for the formal verification of protocols. The other is the computational or complexity-theoretic approach that characterizes protocol security as a set of computational tasks and proves protocol security via reduction to the strength of the underlying cryptographic functions. Although these two lines of work share a common goal, there has been little commonality between them until the last year or two. The goal of this workshop is to promote work on security analysis of protocols and provide a forum for cooperative research combining the logical and complexity-based approaches. The workshop will include tutorials on the basics of each approach and will allow researchers from both communities to talk about their current work. Several tutorials and a number of research talks have already been selected. However, some additional program slots have been set aside for late-breaking Contributions from interested participants. If you are interested in giving a talk, please send a title and short abstract (1-3 pages) to the organizers, Ran Canetti and John Mitchell, with subject heading DIMACS Security Protocols - title and abstract, by May 15, 2004. TOPICS * - Analysis methods involving computational complexity * - Game-theoretic approaches * - Methods based on logic and symbolic computation * - Probabilistic methods * - Model checking and symbolic search * - Formal proof systems * - Decision procedures and lower bounds * - Anything else that sounds like a great idea ** Participation: Several tutorials and a number of research talks have already been selected. However, some additional program slots have been set aside for late-breaking Contributions from interested participants. If you are interested in giving a talk, please send a title and short abstract (1-3 pages) to the organizers, Ran Canetti and John Mitchell, with subject heading DIMACS Security Protocols - title and abstract, by May 15, 2004. The workshop will be open to the public. If you'd like to give a presentation, please send a title and abstract to the organizers by May 15, 2004. Also, we intend this to be a participatory and interactive meeting so we hope you will be able to contribute to the meeting even without giving an announced talk. ** Registration Fees: (Pre-registration deadline: May 28, 2004) Please see website for information on registration. * Information on participation, registration, accomodations, and travel can be found at: http://dimacs.rutgers.edu/Workshops/Protocols/ **PLEASE BE SURE TO PRE-REGISTER EARLY** - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
[Publicity-list] DIMACS Workshop on Security Analysis of Protocols
* DIMACS Workshop on Security Analysis of Protocols June 7 - 9, 2004 DIMACS Center, CoRE Building, Rutgers University, Piscataway, NJ Organizers: John Mitchell, Stanford, [EMAIL PROTECTED] Ran Canetti, IBM Watson, [EMAIL PROTECTED] Presented under the auspices of the Special Focus on Communication Security and Information Privacy. The analysis of cryptographic protocols is a fundamental and challenging area of network security research. Traditionally, there have been two main approaches. One is the logic approach aimed at developing automated tools for the formal verification of protocols. The other is the computational or complexity-theoretic approach that characterizes protocol security as a set of computational tasks and proves protocol security via reduction to the strength of the underlying cryptographic functions. Although these two lines of work share a common goal, there has been little commonality between them until the last year or two. The goal of this workshop is to promote work on security analysis of protocols and provide a forum for cooperative research combining the logical and complexity-based approaches. The workshop will include tutorials on the basics of each approach and will allow researchers from both communities to talk about their current work. Several tutorials and a number of research talks have already been selected. However, some additional program slots have been set aside for late-breaking Contributions from interested participants. If you are interested in giving a talk, please send a title and short abstract (1-3 pages) to the organizers, Ran Canetti and John Mitchell, with subject heading DIMACS Security Protocols - title and abstract, by May 15, 2004. TOPICS * - Analysis methods involving computational complexity * - Game-theoretic approaches * - Methods based on logic and symbolic computation * - Probabilistic methods * - Model checking and symbolic search * - Formal proof systems * - Decision procedures and lower bounds * - Anything else that sounds like a great idea ** Participation: Several tutorials and a number of research talks have already been selected. However, some additional program slots have been set aside for late-breaking Contributions from interested participants. If you are interested in giving a talk, please send a title and short abstract (1-3 pages) to the organizers, Ran Canetti and John Mitchell, with subject heading DIMACS Security Protocols - title and abstract, by May 15, 2004. The workshop will be open to the public. If you'd like to give a presentation, please send a title and abstract to the organizers by May 15, 2004. Also, we intend this to be a participatory and interactive meeting so we hope you will be able to contribute to the meeting even without giving an announced talk. ** Workshop Program: Monday, June 7, 2004 8:30 - 9:00 Breakfast and Registration - 4th Floor CoRE Bldg. 9:00 - 9:10 Welcome and Opening Remarks Fred Roberts, DIMACS Director 9:10 - 9:30 Welcome John Mitchell, Stanford University Ran Canetti, IBM Watson 9:30 - 10:30 Tutorial: Formal methods and protocol analysis Peter Ryan, University of Newcastle Upon Tyne 10:30 - 11:00 Break 11:00 - 12:30 Session Modeling security protocols using I/O automata Nancy Lynch, MIT Automata-based analysis of recursive cryptographic protocols Thomas Wilke, Kiel University Formal Analysis of Availability Carl A. Gunter, UPenn 12:30 - 2:00 Lunch 2:00 - 3:00 Tutorial: Towards cryptographically sound formal analysis Daniele Micciancio, UCSD 3:00 - 3:30 Break 3:30 - 5:00 Session A Reactively Secure Dolev-Yao-style Cryptographic Library Birgit Pfitzmann, IBM Research Automated Computationally Faithful Verification of Cryptoprotocols: Applying and Extending the Abadi-Rogaway-Jürjens Approach Jan Jerjens, TU Munich Universally Composable Symbolic Analysis of Cryptographic Protocols Jonathan Herzog, MIT 5:00 Reception - Wine and cheese - DIMACS Lounge Tuesday, June 8, 2004 8:30 - 9:00 Breakfast and Registration - 4th Floor CoRE Bldg. 9:30 - 10:30 Tutorial: On composability of cryptographic protocols Yehuda Lindell, IBM Research 10:30 - 11:00 Break 11:00 - 12:30 Session New Notions of Security: Achieving Universal Composability without Trusted Setup Manoj Prabhakaran and Amit Sahai, Princeton U
[Publicity-list]: DIMACS Workshop on Usable Privacy and Security Software
* DIMACS Workshop on Usable Privacy and Security Software July 7 - 8, 2004 DIMACS Center, Rutgers University, Piscataway, NJ Organizers: Lorrie Cranor, Chair, ATT, [EMAIL PROTECTED] Mark Ackerman, University of Michigan, [EMAIL PROTECTED] Fabian Monrose, Johns Hopkins University, [EMAIL PROTECTED] Andrew Patrick, NRC Canada, [EMAIL PROTECTED] Norman Sadeh, Carnegie Mellon University, [EMAIL PROTECTED] Presented under the auspices of the Special Focus on Communication Security and Information Privacy. This workshop and working group is intended to bring together security and privacy experts with human-computer interaction experts to discuss approaches to developing more usable privacy and security software. The workshop sessions on July 7 and July 8 will include invited talks and discussion. July 9 will feature a working group of invited participants who will spend the day identifying important problems, discussing some of the research issues raised during the workshop in more depth, and brainstorming about approaches to future research, collaboration, and more user-centered design of security and privacy software. ** Participation: Participation in the workshop is open to anyone who registers (no submission necessary). ** Program: Wednesday, July 7, 2004 8:15 - 8:50 Breakfast and Registration - CoRE Bldg., 4th floor 8:50 - 9:00 Welcome and Opening Remarks Fred Roberts, DIMACS Director 9:00 - 9:15 Opening Session Welcome: Lorrie Cranor, Carnegie Mellon University 9:15 - 11:30 CHALLENGES, APPROACHES, AND MENTAL MODELS Usable Security: Beyond the Interface Angela Sasse, University College London HCI Issues in Privacy Mark Ackerman, University of Michigan Security as Experience and Practice: Supporting Everyday Security Paul Dourish, UC Irvine Best Practices for Usable Security In Desktop Software Simson Garfinkel, MIT Short Talk: A Flock of Birds, Safely Staged Scott Flinn, National Research Council of Canada 11:30 - 12:00 BREAK 12:00 - 12:45 Keynote: Privacy and Security: Putting People First Elizabeth Mynatt, Georgia Institute of Technology 12:45 - 1:45 LUNCH 1:45 - 2:30 Keynote: Human-Scale Security Matt Blaze, University of Pennsylvania 2:30 - 3:00 BREAK 3:00 - 5:30 AUTHENTICATION Some Practical Guidance for Improved Password Usability Mike Just, Treasury Board of Canada Fingerprint authentication: The user experience Lynne Coventry, NCR Authentication for Humans Rachna Dhamija, UC Berkeley On user choice in graphical password schemes Fabian Monrose, Johns Hopkins University Short talk: Secure Web Authentication with Mobile Phones Min Wu, MIT Short talk: Toward Usable Security Dirk Balfanz, Palo Alto Research Center 5:30 Reception 6:15 Dinner Thursday, July 8, 2004 8:30 - 9:00 Breakfast and Registration 9:00 - 10:30 PRIVACY, ANONYMITY, AND ENCRYPTION TOOLS (part I) Cryptography and Information Sharing in Civil Society Marc Levine, Benetech Anonymity loves company: Usability as a security parameter Roger Dingledine, The Free Haven Project Making Security Visible Alma Whitten, Google Short talk: Techniques for Visual Feedback of Security State Tara Whalen, Dalhousie University 10:30 - 11:00 BREAK 11:00 - 12:30 PRIVACY, ANONYMITY, AND ENCRYPTION TOOLS (part II) Privacy Analysis for the Casual User Through Bugnosis David Martin, University of Massachusetts Lowell Protecting privacy in software agents: Lessons from the PISA project Andrew Patrick, National Research Council, Canada Architectural issues in distributed, privacy-protecting social networking Lenny Foner, MIT Short talk: Privacy in Instant Messaging Sameer Patil, University of California, Irvine 12:45 - 1:45 LUNCH 1:45 - 3:15 UBIQUITOUS COMPUTING Knowing What You're Doing: A Design Goal for Usable Ubicomp Privacy Scott Lederer, UC Berkeley Privacy Challenges in Ubiquitous Computing Marc Langheinrich, ETH Zurich Semantic Web Technologies to Reconcile Privacy
[Publicity-list] DIMACS Workshop on Electronic Voting -- Theory and Practice
* DIMACS Workshop on Electronic Voting -- Theory and Practice May 26 - 27, 2004 DIMACS Center, Rutgers University, Piscataway, NJ Organizers: Markus Jakobsson, RSA Laboratories, [EMAIL PROTECTED] Ari Juels, RSA Laboratories, [EMAIL PROTECTED] Presented under the auspices of the Special Focus on Communication Security and Information Privacy and the Special Focus on Computation and the Socio-Economic Sciences.. To many technologists, electronic voting represents a seemingly simple exercise in system design. In reality, the many requirements it imposes with regard to correctness, anonymity, and availability pose an unusually thorny collection of problems, and the security risks associated with electronic voting, especially remotely over the Internet, are numerous and complex, posing major technological challenges for computer scientists. (For a few examples, see references below.) The problems range from the threat of denial-of-service-attacks to the need for careful selection of techniques to enforce private and correct tallying of ballots. Other possible requirements for electronic voting schemes are resistance to vote buying, defenses against malfunctioning software, viruses, and related problems, audit ability, and the development of user-friendly and universally accessible interfaces. The goal of the workshop is to bring together and foster an interplay of ideas among researchers and practitioners in different areas of relevance to voting. For example, the workshop will investigate prevention of penetration attacks that involve the use of a delivery mechanism to transport a malicious payload to the target host. This could be in the form of a ``Trojan horse'' or remote control program. It will also investigate vulnerabilities of the communication path between the voting client (the devices where a voter votes) and the server (where votes are tallied). Especially in the case of remote voting, the path must be ``trusted'' and a challenge is to maintain an authenticated communications linkage. Although not specifically a security issue, reliability issues are closely related and will also be considered. The workshop will consider issues dealing with random hardware and software failures (as opposed to deliberate, intelligent attack). A key difference between voting and electronic commerce is that in the former, one wants to irreversibly sever the link between the ballot and the voter. The workshop will discuss audit trails as a way of ensuring this. The workshop will also investigate methods for minimizing coercion and fraud, e.g., schemes to allow a voter to vote more than once and only having the last vote count. This workshop is part of the Special Focus on Communication Security and Information Privacy and will be coordinated with the Special Focus on Computation and the Socio-Economic Sciences. This workshop follows a successful first WOTE event, organized by David Chaum and Ron Rivest in 2001 at Marconi Conference Center in Tomales Bay, California (http://www.vote.caltech.edu/wote01/). Since that time, a flurry of voting bills has been enacted at the federal and state levels, including most notably the Help America Vote Act (HAVA). Standards development has represented another avenue of reform (e.g., the IEEE Voting Equipment Standards Project 1583), while a grassroots movement (http://www.verifiedvoting.org) has arisen to promote the importance of audit trails as enhancements to trustworthiness. ** Program: This is a preliminary program. Wednesday, May 26, 2004 7:45 - 8:20 Breakfast and Registration 8:20 - 8:30 Welcome and Opening Remarks Fred Roberts, DIMACS Director 8:30 - 9:15 Ron Rivest, MIT (tentative) 9:15 - 10:15 Rebecca Mercuri 10:15 - 10:45 Break 10:45 - 11:30 David Chaum 11:30 - 12:15 Michael Shamos, Carnegie Mellon University 12:15 - 1:30 Lunch 1:30 - 1:50 European online voting experiences Andreu Riera i Jorba, Universitat AutUnoma de Barcelona, Spain 1:50 - 2:10 Providing Trusted Paths Using Untrusted Components Andre Dos Santos, Georgia Institute of Technology 2:10 - 2:30 Internet voting based on PKI: the TruE-vote system Emilia Rosti, Università degli Studi di Milano, Italy 2:30 - 2:50 Andy Neff, VoteHere, Inc. 2:50 - 3:10 E-voting with Vector Ballots : Homomorphic Encryption with Writeins and Shrink-and-Mix networks Aggelos Kiayas, University of Connecticut 3:10 - 3:30 How hard is it to manipulate voting? Edith Elkind, Princeton University and Helger Lipmaa, Helsinki University of Technology 3:30 - 3:50 Towards a dependability case for the Chaum e - voting scheme Peter Ryan,
[Publicity-list]: DIMACS Workshop on Mobile and Wireless Security
***CALL FOR PAPERS* * DIMACS Workshop on Mobile and Wireless Security November 3 - 5, 2004 DIMACS Center, Rutgers University, Piscataway, NJ Organizers: Bill Arbaugh, University of Maryland, [EMAIL PROTECTED] Presented under the auspices of the Special Focus on Communication Security and Information Privacy. The rapid growth of both voice and data wireless communications has resulted in several serious security problems in both the voice and data spaces. Unfortunately, many of the early security mistakes made with wireless voice communications were repeated with data communications, i.e. the use of flawed authentication and confidentiality algorithms. For example, the standards committee for 802.11 left many of the difficult security issues such as key management and a robust authentication mechanism as open problems. This has led many organizations to use either a permanent fixed cryptographic variable or no encryption with their wireless networks. Since wireless networks provide an adversary a network access point that is beyond the physical security controls of the organization, security can be a problem. Similarly, attacks against WEP, the link-layer security protocol for 802.11 networks can exploit design failures to successfully attack such networks. This workshop will focus on addressing the many outstanding issues that remain in wireless cellular and WLAN networking such as (but not limited to): Management and monitoring; ad-hoc trust establishment; secure roaming between overlay networks; availability and denial of service mitigation; and network and link layer security protocols. We will seek to extend work on ad hoc networking from a non-adversarial setting, assuming a trusted environment, to a more realistic setting in which an adversary may attempt to disrupt communication. We will investigate a variety of approaches to securing ad hoc networks, in particular ways to take advantage of their inherent redundancy (multiple routes between nodes), replication, and new cryptographic schemes such as threshold cryptography. ** Call for Participation: Advances in wireless technology as well as several other areas are changing the way the world does business and as a result computing is becoming more mobile, and users are demanding continuous access to the Internet. At the same time, the number of devices with embedded networking technology is growing exponentially--from boxes with RFID tags to Wi-Fi capable refrigerators since they destroy the notion of a static defensive perimeter. Furthermore, these trends make the ease of use and management of wireless based networks more important since naïve consumers in the future will be establishing and using wireless networks on a scale significantly larger than today. This workshop will focus on identifying the current and future problems in wireless security and privacy and discuss possible solutions. The three day workshop will be organized around a series of talks on subjects related to mobility, wireless, and security and privacy technologies. There will be a mix between invited talks and talks selected from extended abstracts with plenty of discussion time between talks. Authors are encouraged to submit an extended abstract on any topic related to wireless and mobile security. Example topics of interest are Interworking security, mesh network security, sensor network security, the privacy of RFID networks, and the security of community networks. These topics are examples only and authors are encouraged to submit extended abstracts on other topics related to the workshop as long as the abstract is of a technical and research nature. Authors are also encouraged to submit early work, and new or outlandish ideas as the primary goal of the workshop is to allow researchers from the networking and security communities to meet in a workshop environment where ideas can be exchanged and discussed in an inter-disciplinary environment. Authors should submit a two page extended abstract in a font no less than 11pt with reasonable margins by midnight (Eastern time) September 1, 2004. Submission instructions will be posted at http://www.missl.cs.umd.edu/dimacs-workshop. ** Registration: Pre-registration deadline: October 27, 2004 Please see website for registration information. * Information on participation, registration, accomodations, and travel can be found at: http://dimacs.rutgers.edu/Workshops/MobileWireless/ **PLEASE BE SURE TO PRE-REGISTER EARLY**
DIMACS Workshop on Mobile and Wireless Security
***CALL FOR PAPERS* * DIMACS Workshop on Mobile and Wireless Security November 3 - 5, 2004 DIMACS Center, Rutgers University, Piscataway, NJ Organizers: Bill Arbaugh, University of Maryland, [EMAIL PROTECTED] Presented under the auspices of the Special Focus on Communication Security and Information Privacy. CALL FOR PAPERS DEADLINE: September 1, 2004 The rapid growth of both voice and data wireless communications has resulted in several serious security problems in both the voice and data spaces. Unfortunately, many of the early security mistakes made with wireless voice communications were repeated with data communications, i.e. the use of flawed authentication and confidentiality algorithms. For example, the standards committee for 802.11 left many of the difficult security issues such as key management and a robust authentication mechanism as open problems. This has led many organizations to use either a permanent fixed cryptographic variable or no encryption with their wireless networks. Since wireless networks provide an adversary a network access point that is beyond the physical security controls of the organization, security can be a problem. Similarly, attacks against WEP, the link-layer security protocol for 802.11 networks can exploit design failures to successfully attack such networks. This workshop will focus on addressing the many outstanding issues that remain in wireless cellular and WLAN networking such as (but not limited to): Management and monitoring; ad-hoc trust establishment; secure roaming between overlay networks; availability and denial of service mitigation; and network and link layer security protocols. We will seek to extend work on ad hoc networking from a non-adversarial setting, assuming a trusted environment, to a more realistic setting in which an adversary may attempt to disrupt communication. We will investigate a variety of approaches to securing ad hoc networks, in particular ways to take advantage of their inherent redundancy (multiple routes between nodes), replication, and new cryptographic schemes such as threshold cryptography. ** Call for Participation: Advances in wireless technology as well as several other areas are changing the way the world does business and as a result computing is becoming more mobile, and users are demanding continuous access to the Internet. At the same time, the number of devices with embedded networking technology is growing exponentially--from boxes with RFID tags to Wi-Fi capable refrigerators since they destroy the notion of a static defensive perimeter. Furthermore, these trends make the ease of use and management of wireless based networks more important since naive consumers in the future will be establishing and using wireless networks on a scale significantly larger than today. This workshop will focus on identifying the current and future problems in wireless security and privacy and discuss possible solutions. The three day workshop will be organized around a series of talks on subjects related to mobility, wireless, and security and privacy technologies. There will be a mix between invited talks and talks selected from extended abstracts with plenty of discussion time between talks. Authors are encouraged to submit an extended abstract on any topic related to wireless and mobile security. Example topics of interest are Interworking security, mesh network security, sensor network security, the privacy of RFID networks, and the security of community networks. These topics are examples only and authors are encouraged to submit extended abstracts on other topics related to the workshop as long as the abstract is of a technical and research nature. Authors are also encouraged to submit early work, and new or outlandish ideas as the primary goal of the workshop is to allow researchers from the networking and security communities to meet in a workshop environment where ideas can be exchanged and discussed in an inter-disciplinary environment. Authors should submit a two page extended abstract in a font no less than 11pt with reasonable margins by midnight (Eastern time) September 1, 2004. Submission instructions will be posted at http://www.missl.cs.umd.edu/dimacs-workshop. ** Registration: Pre-registration deadline: October 27, 2004 Please see website for registration information. * Information on participation, registration, accomodations, and travel can be found at: http://dimacs.rutgers.edu/Workshops/MobileWireless/ **PLEASE BE SURE TO PRE-REGISTER EARLY**
[Publicity-list] DIMACS Workshop on Mobile and Wireless Security
* DIMACS Workshop on Mobile and Wireless Security November 3 - 4, 2004 DIMACS Center, Rutgers University, Piscataway, NJ Organizers: Bill Arbaugh, University of Maryland, [EMAIL PROTECTED] Presented under the auspices of the Special Focus on Communication Security and Information Privacy. CALL FOR PAPERS DEADLINE: September 1, 2004 The rapid growth of both voice and data wireless communications has resulted in several serious security problems in both the voice and data spaces. Unfortunately, many of the early security mistakes made with wireless voice communications were repeated with data communications, i.e. the use of flawed authentication and confidentiality algorithms. For example, the standards committee for 802.11 left many of the difficult security issues such as key management and a robust authentication mechanism as open problems. This has led many organizations to use either a permanent fixed cryptographic variable or no encryption with their wireless networks. Since wireless networks provide an adversary a network access point that is beyond the physical security controls of the organization, security can be a problem. Similarly, attacks against WEP, the link-layer security protocol for 802.11 networks can exploit design failures to successfully attack such networks. This workshop will focus on addressing the many outstanding issues that remain in wireless cellular and WLAN networking such as (but not limited to): Management and monitoring; ad-hoc trust establishment; secure roaming between overlay networks; availability and denial of service mitigation; and network and link layer security protocols. We will seek to extend work on ad hoc networking from a non-adversarial setting, assuming a trusted environment, to a more realistic setting in which an adversary may attempt to disrupt communication. We will investigate a variety of approaches to securing ad hoc networks, in particular ways to take advantage of their inherent redundancy (multiple routes between nodes), replication, and new cryptographic schemes such as threshold cryptography. ** Call for Participation: Advances in wireless technology as well as several other areas are changing the way the world does business and as a result computing is becoming more mobile, and users are demanding continuous access to the Internet. At the same time, the number of devices with embedded networking technology is growing exponentially--from boxes with RFID tags to Wi-Fi capable refrigerators since they destroy the notion of a static defensive perimeter. Furthermore, these trends make the ease of use and management of wireless based networks more important since naive consumers in the future will be establishing and using wireless networks on a scale significantly larger than today. This workshop will focus on identifying the current and future problems in wireless security and privacy and discuss possible solutions. The three day workshop will be organized around a series of talks on subjects related to mobility, wireless, and security and privacy technologies. There will be a mix between invited talks and talks selected from extended abstracts with plenty of discussion time between talks. Authors are encouraged to submit an extended abstract on any topic related to wireless and mobile security. Example topics of interest are Interworking security, mesh network security, sensor network security, the privacy of RFID networks, and the security of community networks. These topics are examples only and authors are encouraged to submit extended abstracts on other topics related to the workshop as long as the abstract is of a technical and research nature. Authors are also encouraged to submit early work, and new or outlandish ideas as the primary goal of the workshop is to allow researchers from the networking and security communities to meet in a workshop environment where ideas can be exchanged and discussed in an inter-disciplinary environment. Authors should submit a two page extended abstract in a font no less than 11pt with reasonable margins by midnight (Eastern time) September 1, 2004. Submission instructions will be posted at http://www.missl.cs.umd.edu/dimacs-workshop. Workshop Program: The following is a list of invited speakers: * Bernard Aboba, Microsoft * Nancy Cam-Winget, Cisco * David Johnston, Intel * James Kempf, DoCoMo USA Labs * Insun Lee, Samsung Electronics * Jari Malinen, Nokia * Jesse Walker, Intel ** Registration: Pre-registration deadline: October 27, 2004 Please see website for registration information.
[Publicity-list] DIMACS Workshop on Mobile and Wireless Security
* DIMACS Workshop on Mobile and Wireless Security November 3 - 4, 2004 DIMACS Center, Rutgers University, Piscataway, NJ Organizers: Bill Arbaugh, University of Maryland, [EMAIL PROTECTED] Presented under the auspices of the Special Focus on Communication Security and Information Privacy. CALL FOR PAPERS DEADLINE: September 1, 2004 The rapid growth of both voice and data wireless communications has resulted in several serious security problems in both the voice and data spaces. Unfortunately, many of the early security mistakes made with wireless voice communications were repeated with data communications, i.e. the use of flawed authentication and confidentiality algorithms. For example, the standards committee for 802.11 left many of the difficult security issues such as key management and a robust authentication mechanism as open problems. This has led many organizations to use either a permanent fixed cryptographic variable or no encryption with their wireless networks. Since wireless networks provide an adversary a network access point that is beyond the physical security controls of the organization, security can be a problem. Similarly, attacks against WEP, the link-layer security protocol for 802.11 networks can exploit design failures to successfully attack such networks. This workshop will focus on addressing the many outstanding issues that remain in wireless cellular and WLAN networking such as (but not limited to): Management and monitoring; ad-hoc trust establishment; secure roaming between overlay networks; availability and denial of service mitigation; and network and link layer security protocols. We will seek to extend work on ad hoc networking from a non-adversarial setting, assuming a trusted environment, to a more realistic setting in which an adversary may attempt to disrupt communication. We will investigate a variety of approaches to securing ad hoc networks, in particular ways to take advantage of their inherent redundancy (multiple routes between nodes), replication, and new cryptographic schemes such as threshold cryptography. ** Call for Participation: Advances in wireless technology as well as several other areas are changing the way the world does business and as a result computing is becoming more mobile, and users are demanding continuous access to the Internet. At the same time, the number of devices with embedded networking technology is growing exponentially--from boxes with RFID tags to Wi-Fi capable refrigerators since they destroy the notion of a static defensive perimeter. Furthermore, these trends make the ease of use and management of wireless based networks more important since naive consumers in the future will be establishing and using wireless networks on a scale significantly larger than today. This workshop will focus on identifying the current and future problems in wireless security and privacy and discuss possible solutions. The three day workshop will be organized around a series of talks on subjects related to mobility, wireless, and security and privacy technologies. There will be a mix between invited talks and talks selected from extended abstracts with plenty of discussion time between talks. Authors are encouraged to submit an extended abstract on any topic related to wireless and mobile security. Example topics of interest are Interworking security, mesh network security, sensor network security, the privacy of RFID networks, and the security of community networks. These topics are examples only and authors are encouraged to submit extended abstracts on other topics related to the workshop as long as the abstract is of a technical and research nature. Authors are also encouraged to submit early work, and new or outlandish ideas as the primary goal of the workshop is to allow researchers from the networking and security communities to meet in a workshop environment where ideas can be exchanged and discussed in an inter-disciplinary environment. Authors should submit a two page extended abstract in a font no less than 11pt with reasonable margins by midnight (Eastern time) September 1, 2004. Submission instructions will be posted at http://www.missl.cs.umd.edu/dimacs-workshop. Workshop Program: The following is a list of invited speakers: * Bernard Aboba, Microsoft * Nancy Cam-Winget, Cisco * David Johnston, Intel * James Kempf, DoCoMo USA Labs * Insun Lee, Samsung Electronics * Jari Malinen, Nokia * Jesse Walker, Intel ** Registration: Pre-registration deadline: October 27, 2004 Please see website for registration information.
[Publicity-list] DIMACS Workshop on Computational Issues in Auction Design
* DIMACS Workshop on Computational Issues in Auction Design October 7 - 8, 2004 DIMACS Center, Rutgers University, Piscataway, NJ Organizers: Jayant Kalagnanam, IBM Watson Lab, [EMAIL PROTECTED] Eric Maskin, School of Social Science, Institute for Advanced Study, [EMAIL PROTECTED] David Parkes, Harvard University, [EMAIL PROTECTED] Aleksandar Pekec, Fuqua School of Business, Duke University, [EMAIL PROTECTED] Michael Rothkopf, Rutgers University, [EMAIL PROTECTED] Presented under the auspices of the Special Focus on Computation and the Socio-Economic Sciences. Recent advances in information technology and its rapid acceptance by the business community have allowed for the possibility of expediting complex business transactions. The most prominent example is use of auctions in corporate procurement and in government deregulation efforts. When many items with interrelated values are being sold, economic efficiency can be increased by allowing bidders to make bids on combinations of items. Procedures for auctioning combinations of items have inherent computational problems that have to be overcome, and the emergence of these issues has sparked considerable research activity in the computer science and combinatorial optimization communities. The most prominent example is combinatorial auctions in which multiple goods are auctioned and bidders have and wish to express different valuations on which goods complement each other and which goods substitute for each other. Topics of interest include: -- expressive bidding languages -- practical applications (e.g. to electricity, spectrum,...) -- procurement and e-sourcing -- combinatorial exchanges -- preference elicitation -- optimal auction design -- approximate mechanisms -- communication and computation complexity in combinatorial auctions ** Workshop Program: Thursday, October 7, 2004 8:00 - 8:30 Registration and Breakfast - CoRE Building, 4th Floor 8:30 - 8:45 Welcome and Opening Remarks Fred Roberts, DIMACS Director 8:45 - 9:30 Characterizing Dominant Strategy Mechanisms with Multi-dimensional types Rakesh Vohra, Northwestern 9:30 - 10:10 Multiitem auctions with credit limits Shmeul Oren and Shehzad Wadawala, UC Berkeley 10:10 - 10:30 Break 10:30 - 11:15 Approximation Algorithms for Truthful Mechanisms Eva Tardos, Cornell 11:15 - 11:55 Tolls for heterogeneous selfish users in multicommodity generalized congestion games Lisa Fleischer, Carnegie Mellon University, Kamal Jain, MSR and Mohammad Mahdian, MIT 11:55 - 12:35 VCG Overpayment in Random Graphs Evdokia Nikolova and David Karger, MIT 12:35 - 2:00 Lunch 2:00 - 2:45 The communication requirements of social choice rules and supporting budget sets Ilya Segal, Stanford University 2:45 - 3:25 The communication complexity of the private value single item bisection auction Elena Grigorieva, P Jean-Jacques Herings, Rudolf Muller, and Dries Vermeulen, U. Maastricht 3:25 - 3:45 Break 3:45 - 4:30 Market Mechanisms for Redeveloping Spectrum Evan Kwerel, FCC 4:30 - 5:15 Issues in Electricity Market Auction Design Richard O'Neill, FERC 5:15 - 6:15 Panel 6:30 Dinner Friday, October 8, 2004 8:00 - 8:30 Breakfast and Registration 8:30 - 9:15 Incentive Compatibility in Multi-unit Auctions Sushil Bikhchandani, UCLA 9:15 - 10:00 The Over-Concentrating Nature of Simultaneous Ascending Auctions Charles Zheng, Northwestern 10:00 - 10:20 Break 10:20 - 11:00 Designing Auction Protocols under Asymmetric Information on Nature's Selection Takayuki Ito, Nagoya Inst., Makoto Yokoo, Kyushu and Shigeo Matsubara, NTT 11:00 - 11:40 Towards a Characterization of Polynomial Preference Elicitation with Value queries in Combinatorial Auctions Paolo Santi, Pisa, Tuomas Sandholm, Carnegie Mellon University and Vincent Conitzer, CMU 11:40 - 12:20 Applying learning algorithms to preference elicitation in combinatorial auctions Sebastien Lahaie and David C. Parkes, Harvard 12:20 - 1:30 Lunch 1:30 - 2:15 To auction or not? Historical perspectives on the development of ecommerce Andrew Odlyzko, University of Minnesota 2:15 - 2:55 Non-computational Approaches to Mitigating Computational Problems in Combinatorial Auctions Sasa Pekec, Duke University
DIMACS Workshop on Mobile and Wireless Security
* DIMACS Workshop on Mobile and Wireless Security November 3 - 4, 2004 DIMACS Center, Rutgers University, Piscataway, NJ Organizers: Bill Arbaugh, University of Maryland, [EMAIL PROTECTED] Presented under the auspices of the Special Focus on Communication Security and Information Privacy. The rapid growth of both voice and data wireless communications has resulted in several serious security problems in both the voice and data spaces. Unfortunately, many of the early security mistakes made with wireless voice communications were repeated with data communications, i.e. the use of flawed authentication and confidentiality algorithms. For example, the standards committee for 802.11 left many of the difficult security issues such as key management and a robust authentication mechanism as open problems. This has led many organizations to use either a permanent fixed cryptographic variable or no encryption with their wireless networks. Since wireless networks provide an adversary a network access point that is beyond the physical security controls of the organization, security can be a problem. Similarly, attacks against WEP, the link-layer security protocol for 802.11 networks can exploit design failures to successfully attack such networks. This workshop will focus on addressing the many outstanding issues that remain in wireless cellular and WLAN networking such as (but not limited to): Management and monitoring; ad-hoc trust establishment; secure roaming between overlay networks; availability and denial of service mitigation; and network and link layer security protocols. We will seek to extend work on ad hoc networking from a non-adversarial setting, assuming a trusted environment, to a more realistic setting in which an adversary may attempt to disrupt communication. We will investigate a variety of approaches to securing ad hoc networks, in particular ways to take advantage of their inherent redundancy (multiple routes between nodes), replication, and new cryptographic schemes such as threshold cryptography. ** Call for Participation: Advances in wireless technology as well as several other areas are changing the way the world does business and as a result computing is becoming more mobile, and users are demanding continuous access to the Internet. At the same time, the number of devices with embedded networking technology is growing exponentially--from boxes with RFID tags to Wi-Fi capable refrigerators since they destroy the notion of a static defensive perimeter. Furthermore, these trends make the ease of use and management of wireless based networks more important since naive consumers in the future will be establishing and using wireless networks on a scale significantly larger than today. This workshop will focus on identifying the current and future problems in wireless security and privacy and discuss possible solutions. The three day workshop will be organized around a series of talks on subjects related to mobility, wireless, and security and privacy technologies. There will be a mix between invited talks and talks selected from extended abstracts with plenty of discussion time between talks. Workshop Program: Wednesday, November 3, 2004 9:00 - 10:00 Breakfast and Registration 10:00 - 10:15 Welcome and Overview of Program Fred Roberts, DIMACS Director 10:15 - 11:00 Wireless Authentication Overivew William Arbaugh 11:00 - 11:45 TBD DJ Johnston, Intel (tentatively confirmed) 11:45 - 12:30 Role of Authorization in Wireless Network Security Pasi Eronen, Nokia 12:30 - 2:00 Lunch 2:00 - 2:45 Network Access Control Schemes Vulnerable to Covert Channels Florent Bersani 2:45 - 3:30 TBD Jesse Walker, Intel 3:30 - 4:00 Break 4:00 - 5:00 Secure and Efficient Network Access Jari Arkko, Ericsson 5:00 Social Event Thursday, November 4, 2004 8:30 - 9:00 Breakfast and Registration 9:00 - 9:45 Extending the GSM/3G Key Infrastructure Scott Guthery 9:45 - 10:30 Wireless Security and Roaming Overview Nidal Aboudagga, UCL 10:30 - 11:00 Break 11:00 - 11:45 TBD James Kempf, DoCoMo USA Labs 11:45 - 12:30 TBD Nancy Cam-Winget, Cisco 12:30 - 2:00 Lunch 2:00 - 2:45 Securing Wireless Localization Zang Li, Rutgers 2:45 - 3:30 Discussion Period- how to move forward, hard problems? William Arbaugh 3:30 Closing ** Registration:
[Publicity-list] DIMACS Workshop on Mobile and Wireless Security
* DIMACS Workshop on Mobile and Wireless Security November 3 - 4, 2004 DIMACS Center, Rutgers University, Piscataway, NJ Organizers: Bill Arbaugh, University of Maryland, [EMAIL PROTECTED] Presented under the auspices of the Special Focus on Communication Security and Information Privacy. The rapid growth of both voice and data wireless communications has resulted in several serious security problems in both the voice and data spaces. Unfortunately, many of the early security mistakes made with wireless voice communications were repeated with data communications, i.e. the use of flawed authentication and confidentiality algorithms. For example, the standards committee for 802.11 left many of the difficult security issues such as key management and a robust authentication mechanism as open problems. This has led many organizations to use either a permanent fixed cryptographic variable or no encryption with their wireless networks. Since wireless networks provide an adversary a network access point that is beyond the physical security controls of the organization, security can be a problem. Similarly, attacks against WEP, the link-layer security protocol for 802.11 networks can exploit design failures to successfully attack such networks. This workshop will focus on addressing the many outstanding issues that remain in wireless cellular and WLAN networking such as (but not limited to): Management and monitoring; ad-hoc trust establishment; secure roaming between overlay networks; availability and denial of service mitigation; and network and link layer security protocols. We will seek to extend work on ad hoc networking from a non-adversarial setting, assuming a trusted environment, to a more realistic setting in which an adversary may attempt to disrupt communication. We will investigate a variety of approaches to securing ad hoc networks, in particular ways to take advantage of their inherent redundancy (multiple routes between nodes), replication, and new cryptographic schemes such as threshold cryptography. ** Workshop Program: Wednesday, November 3, 2004 9:00 - 10:00 Breakfast and Registration 10:00 - 10:15 Welcome and Overview of Program Fred Roberts, DIMACS Director 10:15 - 11:00 Wireless Authentication Overview William Arbaugh 11:00 - 11:45 Role of Authorization in Wireless Network Security Pasi Eronen, Nokia 11:45 - 12:30 Network Access Control Schemes Vulnerable to Covert Channels Florent Bersani 12:30 - 2:00 Lunch 2:00 - 2:45 802.11 Authentication and Keying Requirements Jesse Walker, Intel 2:45 - 3:30 Secure and Efficient Network Access Jari Arkko, Ericsson 3:30 - 4:00 Break 4:00 - 5:00 Extending the GSM/3G Key Infrastructure Scott Guthery, CTO Mobile-Mind, Inc. 5:00 Social Event Thursday, November 4, 2004 8:30 - 9:00 Breakfast and Registration 9:00 - 9:45 Wireless Security and Roaming Overview Nidal Aboudagga, UCL 9:45 - 10:30 A Proposal for Next Generation Cellular Network Authentication and Authorization Architecture James Kempf, DoCoMo USA Labs 10:30 - 11:00 Break 11:00 - 11:45 Threshold Cryptography and Wireless Roaming Dan Geer and Moti Yung 11:45 - 12:30 Securing Wireless Localization Zang Li, Rutgers 12:30 - 2:00 Lunch 2:00 - 3:30 Discussion Period- how to move forward, hard problems? William Arbaugh 3:30 Closing ** Registration: Pre-registration deadline: October 27, 2004 Please see website for registration information. * Information on participation, registration, accomodations, and travel can be found at: http://dimacs.rutgers.edu/Workshops/MobileWireless/ **PLEASE BE SURE TO PRE-REGISTER EARLY** - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
DIMACS Workshop on Security of Web Services and E-Commerce
Call for Participation Deadline January 17, 2005 *** DIMACS Workshop on Security of Web Services and E-Commerce May 5 - 6, 2005 DIMACS Center, Rutgers University, Piscataway, NJ Organizer: Brian LaMacchia, Microsoft, [EMAIL PROTECTED] Presented under the auspices of the Special Focus on Communication Security and Information Privacy. The growth of Web Services, and in particular electronic commerce activities based on them, is quickly being followed by work on Web Services security protocols. While core XML security standards like XMLDSIG, XMLENC and WS-Security have been completed, they only provide the basic building blocks of authentication, integrity protection and confidentiality for Web Services. Additional Web Services standards and protocols are required to provide higher-order operations such as trust management, delegation, and federation. At the same time, the sharp rise in phishing attacks and other forms of on-line fraud simply confirms that all our work on security protocols is for naught if we cannot make it both possible and easy for the average user to discover when a security property has failed during a transaction. This workshop aims to explore these areas as well as other current and future security and privacy challenges for Web Services applications and e-commerce. ** Participation: The workshop will be open to the public (no submission is necessary to attend). If you'd like to give a presentation please send a title and abstract to [EMAIL PROTECTED] by January 17, 2005. Submissions may describe ongoing or planned work related to the security of Web Services and electronic commerce, or they may discuss important research problems or propose a research agenda in this area. Also, we intend this to be a participatory and interactive meeting so we hope you will be able to contribute to the meeting even without giving an announced talk. * Registration: Pre-registration deadline: April 28, 2005 Please see website for complete registration information: http://dimacs.rutgers.edu/Workshops/Commerce/ * Information on participation, registration, accomodations, and travel can be found at: http://dimacs.rutgers.edu/Workshops/Commerce/ **PLEASE BE SURE TO PRE-REGISTER EARLY** - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
DIMACS Workshop on Large-Scale Games at Northwestern University
**Call For Papers * DIMACS Workshop on Large-Scale Games April 17 - 19, 2005 **Location: Evanston Campus, Northwestern University, Evanston, Illinois** Organizers: Lance Fortnow, University of Chicago, [EMAIL PROTECTED] Rakesh Vohra, Northwestern University, [EMAIL PROTECTED] Presented under the auspices of the Special Focus on Computation and the Socio-Economic Sciences. On the Internet we have games with a large number of agents, asynchronous play, and an the absence of full knowledge about the number of agents one is playing against or the beliefs they possess. The Internet is not the only institution to possess these features nor the first. Markets for traditional goods and services as well as travel networks all possess these features. This workshop is devoted to the analysis of large scale games of the kinds inspired by the Internet and other computer networks, markets, traffic networks and other large systems. We invite papers that will show how to adapt and extend classical game theoretic models to deal with a large number of players, accommodate the absence of common knowledge, common priors, asynchrony in play and distributed computation. Examples of the kind of work that would be suitable for this workshop include price of anarchy models, robust and on-line mechanism design, timing games, asymptotic analysis of traditional auctions, continuous double auctions (two-sided markets) and network formation. Please submit an extended abstract or paper (in .pdf form only) to [EMAIL PROTECTED] by January 15, 2005. Include the word `DIMACS' in the subject heading. Acceptance decisions will be made by February 15, 2005. It will consist of 5 invited overview talks (hour long) and a collection of submitted talks (half hour). The overview talks are listed below. This workshop is supported by DIMACS, the Managerial Economics and Decision Sciences Department of the Kellogg School (http://www.kellogg.nwu.edu/meds/index.htm) and Northwestern University's Institute for Complex Systems (http://ccl.northwestern.edu/nico/). The workshop will take place at Northwestern University's Evanston Campus. It will start on the morning of the 17th and end around lunch time on the 19th. OVERVIEW TALKS: * Network and Coalition Formation: Matthew Jackson * Price of Anarchy Models: Tim Roughgarden * Equilibrium Notions for Games with Many Players: Ehud Kalai * Mechanism Design Models without the Common Prior: Jason Hartline * Asymptotic Analysis of Market Mechanisms: Mark Satterthwaite ** Call For Participation: Please submit an extended abstract or paper (in .pdf form only) to [EMAIL PROTECTED] by January 15, 2005. Include the word `DIMACS' in the subject heading. Acceptance decisions will be made by February 15, 2005. ** Registration Fees: (Pre-registration deadline: March 15, 2005) Please see website for additional registration information. * Information on participation, registration, accomodations, and travel can be found at: http://dimacs.rutgers.edu/Workshops/Games/ **PLEASE BE SURE TO PRE-REGISTER EARLY** *** - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
DIMACS Workshop on Security of Web Services and E-Commerce
Call for Participation Deadline January 17, 2005 *** DIMACS Workshop on Security of Web Services and E-Commerce May 5 - 6, 2005 DIMACS Center, Rutgers University, Piscataway, NJ Organizer: Brian LaMacchia, Microsoft, [EMAIL PROTECTED] Presented under the auspices of the Special Focus on Communication Security and Information Privacy. The growth of Web Services, and in particular electronic commerce activities based on them, is quickly being followed by work on Web Services security protocols. While core XML security standards like XMLDSIG, XMLENC and WS-Security have been completed, they only provide the basic building blocks of authentication, integrity protection and confidentiality for Web Services. Additional Web Services standards and protocols are required to provide higher-order operations such as trust management, delegation, and federation. At the same time, the sharp rise in phishing attacks and other forms of on-line fraud simply confirms that all our work on security protocols is for naught if we cannot make it both possible and easy for the average user to discover when a security property has failed during a transaction. This workshop aims to explore these areas as well as other current and future security and privacy challenges for Web Services applications and e-commerce. ** Participation: The workshop will be open to the public (no submission is necessary to attend). If you'd like to give a presentation please send a title and abstract to: [EMAIL PROTECTED] by January 17, 2005. Submissions may describe ongoing or planned work related to the security of Web Services and electronic commerce, or they may discuss important research problems or propose a research agenda in this area. Also, we intend this to be a participatory and interactive meeting so we hope you will be able to contribute to the meeting even without giving an announced talk. * Registration: Pre-registration deadline: April 28, 2005 Please see website for complete registration information: http://dimacs.rutgers.edu/Workshops/Commerce/ * Information on participation, registration, accomodations, and travel can be found at: http://dimacs.rutgers.edu/Workshops/Commerce/ **PLEASE BE SURE TO PRE-REGISTER EARLY** - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
DIMACS Workshop on Theft in E-Commerce: Content, Identity, and Service
CALL FOR PARTICIPATION** * DIMACS Workshop on Theft in E-Commerce: Content, Identity, and Service April 14 - 15, 2005 DIMACS Center, Rutgers University, Piscataway, NJ Organizers: Drew Dean, SRI International, [EMAIL PROTECTED] Markus Jakobsson, Indiana University, [EMAIL PROTECTED] Presented under the auspices of the Special Focus on Communication Security and Information Privacy. On April 14-15, 2005, we will hold a DIMACS workshop at Rutgers University, NJ, on the topic of Theft in E-Commerce. This will include but not be limited to theft of content, of identity, and of service. While theft is an old problem, the automated nature of e-commerce introduces new opportunities for traditional forms of theft, as well as entirely new forms of theft. The centrality of computation makes these threats a part of computer security. This is an area of research where we are seeing a lot of activity, and where we believe there is a great potential for valuable research contributions. While our primary interest is in defenses against theft, we are also interested in novel attacks and real data about attacks, as the defenders need to know what to defend against. For more information about the workshop location, organization, and the program (once finalized), please see: http://dimacs.rutgers.edu/Workshops/Intellectual/ We are soliciting contributions in these areas, for both long and short presentations (approx 30 minutes vs 10 minutes.) There are no proceedings, but we request that presentation material is submitted to the organizers at the time of the workshop, allowing it to be posted on the DIMACS webpage. In order to propose a talk, please contact one of the organizers, Markus Jakobsson ([EMAIL PROTECTED]) or Drew Dean ([EMAIL PROTECTED]) with a title and a short abstract by February 28, 2005 that allows us to determine whether your proposed talk will fit within the scope of the workshop. Please refer to the information on the webpage above for workshop registration, hotel reservation and travel information, and information on how to apply for financial support for those in need of this. There will be a limited number of scholarships to defray travel costs, with priority given to students and speakers who can not receive funding to attend. The workshop is sponsored by RSA Security. ** Registration: Pre-registration deadline: April 7, 2005 Please see website for registration information. * Information on participation, registration, accomodations, and travel can be found at: http://dimacs.rutgers.edu/Workshops/Intellectual/ **PLEASE BE SURE TO PRE-REGISTER EARLY** - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
DIMACS Workshop on Bounded Rationality
Registration Deadline: January 24, 2005** * DIMACS Workshop on Bounded Rationality January 31 - February 1, 2005 DIMACS Center, Rutgers University, Piscataway, NJ Organizers: Lance Fortnow, University of Chicago, [EMAIL PROTECTED] Richard McLean, Rutgers University, [EMAIL PROTECTED] Daijiro Okada, Rutgers University, [EMAIL PROTECTED] Presented under the auspices of the Special Focus on Computation and the Socio-Economic Sciences. Traditionally, economists and game theorists have assumed that strategic agents are fully rational but in the last few decades a number of game theorists have argued that human players do not behave in a way consistent with theoretical predictions. Questions have been raised regarding the postulate of full rationality and some have proposed formalizations of partially or boundedly rational players and games played by such players. If one takes the view that a process of decision-making in economic or other social situations constitutes computation in a formal sense of theoretical computer science, then one is naturally led to some notion of bounded computational power as a formal expression of bounded rationality. Two important and complementary questions in this line of inquiry are (1) What is the computational power required in order to play a game in a way consistent with full rationality? (2) If players are limited in their computational power, how different will equilibrium outcomes be from the fully rational case? This workshop will bring together economists and game theorists interested in bounded rationality, as well as theoretical computer scientists with experience in limited computational models. Topics of interest include: * Bounded recall and bounded complexity in repeated games * Strategic aspects of machine learning * Game theoretic applications of cryptography ** Program: This is a preliminary program. Monday, January 31, 2005 8:15 - 8:50 Breakfast and Registration 8:50 - 9:00 Welcome and Opening Remarks Fred Roberts, DIMACS Director 9:00 - 10:00 Correlation, Communication, Complexity and Competition Abraham Neyman, Hebrew University 10:00 - 10:30 Break 10:30 - 11:30 Olivier Gossner, TBA 11:30 - 12:30 Players as Serial or Parallel Random Access Machines Timothy Van Zandt, INSEAD 12:30 - 2:00 Lunch 2:00 - 3:00 Michael Kearns, University of Pennsylvania, TBA 3:00 - 3:30 Break 3:30 - 4:30 Deterministic Calibration and Nash Equilibrium Sham Kakade, University of Pennsylvania 4:30 - 5:30 For Bayesian Wannabees, Are Disagreements not About Information? Robin Hanson, George Mason University 6:00 Dinner - DIMACS Lounge Tuesday, February 1, 2005 8:30 - 9:00 Breakfast and Registration 9:00 - 10:00 Algorithms for Graphical Games Luis Ortiz, MIT 10:00 - 10:30 Break 10:30 - 11:30 Deterministic Calibration with Simpler Checking Rules Dean Foster, University of Pennsylvania 11:30 - 1:00 Lunch 1:00 - 2:00 Mechanism Design and Deliberative Agents Kate Larsen, University of Waterloo 2:00 - 2:30 Break 2:30 - 3:30 Vahab Mirrokni, MIT, Convergence Issues in Competitive Games 3:30 - 4:30 Efficient Equilibrium Algorithms for Compact Repeated Games Michael Littman, Rutgers University ** Registration Fees: (Pre-registration deadline: January 24, 2005) Please see website for additional registration information. * Information on participation, registration, accomodations, and travel can be found at: http://dimacs.rutgers.edu/Workshops/Bounded/ **PLEASE BE SURE TO PRE-REGISTER EARLY** *** - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
DIMACS Workshop on Security of Web Services and E-Commerce
***CFP DEADLINE EXTENDED to Friday, February 11, 2005*** *** DIMACS Workshop on Security of Web Services and E-Commerce May 5 - 6, 2005 DIMACS Center, Rutgers University, Piscataway, NJ Organizer: Brian LaMacchia, Microsoft, [EMAIL PROTECTED] Presented under the auspices of the Special Focus on Communication Security and Information Privacy. The growth of Web Services, and in particular electronic commerce activities based on them, is quickly being followed by work on Web Services security protocols. While core XML security standards like XMLDSIG, XMLENC and WS-Security have been completed, they only provide the basic building blocks of authentication, integrity protection and confidentiality for Web Services. Additional Web Services standards and protocols are required to provide higher-order operations such as trust management, delegation, and federation. At the same time, the sharp rise in phishing attacks and other forms of on-line fraud simply confirms that all our work on security protocols is for naught if we cannot make it both possible and easy for the average user to discover when a security property has failed during a transaction. This workshop aims to explore these areas as well as other current and future security and privacy challenges for Web Services applications and e-commerce. ** Participation: The workshop will be open to the public (no submission is necessary to attend but please register online). If you'd like to give a presentation please send a title and abstract to: [EMAIL PROTECTED] by February 11, 2005. Submissions may describe ongoing or planned work related to the security of Web Services and electronic commerce, or they may discuss important research problems or propose a research agenda in this area. Also, we intend this to be a participatory and interactive meeting so we hope you will be able to contribute to the meeting even without giving an announced talk. * Registration: Pre-registration deadline: April 28, 2005 Please see website for complete registration information: http://dimacs.rutgers.edu/Workshops/Commerce/ * Information on participation, registration, accomodations, and travel can be found at: http://dimacs.rutgers.edu/Workshops/Commerce/ **PLEASE BE SURE TO PRE-REGISTER EARLY** - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
DIMACS Workshop on Theft in E-Commerce: Content, Identity, and Service
CALL FOR PARTICIPATION** * DIMACS Workshop on Theft in E-Commerce: Content, Identity, and Service April 14 - 15, 2005 DIMACS Center, Rutgers University, Piscataway, NJ Organizers: Drew Dean, SRI International, [EMAIL PROTECTED] Markus Jakobsson, Indiana University, [EMAIL PROTECTED] Presented under the auspices of the Special Focus on Communication Security and Information Privacy. On April 14-15, 2005, we will hold a DIMACS workshop at Rutgers University, NJ, on the topic of Theft in E-Commerce. This will include but not be limited to theft of content, of identity, and of service. While theft is an old problem, the automated nature of e-commerce introduces new opportunities for traditional forms of theft, as well as entirely new forms of theft. The centrality of computation makes these threats a part of computer security. This is an area of research where we are seeing a lot of activity, and where we believe there is a great potential for valuable research contributions. While our primary interest is in defenses against theft, we are also interested in novel attacks and real data about attacks, as the defenders need to know what to defend against. For more information about the workshop location, organization, and the program (once finalized), please see: http://dimacs.rutgers.edu/Workshops/Intellectual/ We are soliciting contributions in these areas, for both long and short presentations (approx 30 minutes vs 10 minutes.) There are no proceedings, but we request that presentation material is submitted to the organizers at the time of the workshop, allowing it to be posted on the DIMACS webpage. In order to propose a talk, please contact one of the organizers, Markus Jakobsson ([EMAIL PROTECTED]) or Drew Dean ([EMAIL PROTECTED]) with a title and a short abstract by February 28, 2005 that allows us to determine whether your proposed talk will fit within the scope of the workshop. Please refer to the information on the webpage above for workshop registration, hotel reservation and travel information, and information on how to apply for financial support for those in need of this. There will be a limited number of scholarships to defray travel costs, with priority given to students and speakers who can not receive funding to attend. The workshop is sponsored by RSA Security. ** Registration: Pre-registration deadline: April 7, 2005 Please see website for registration information. * Information on participation, registration, accomodations, and travel can be found at: http://dimacs.rutgers.edu/Workshops/Intellectual/ **PLEASE BE SURE TO PRE-REGISTER EARLY** - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
DIMACS Workshop on Theft in E-Commerce: Content, Identity, and Service
* DIMACS Workshop on Theft in E-Commerce: Content, Identity, and Service April 14 - 15, 2005 DIMACS Center, Rutgers University, Piscataway, NJ Organizers: Drew Dean, SRI International, [EMAIL PROTECTED] Markus Jakobsson, Indiana University, [EMAIL PROTECTED] Presented under the auspices of the Special Focus on Communication Security and Information Privacy and is sponsored by RSA Security. This workshop is focusing on Theft in E-Commerce (of content, identity and service). While theft is an old problem, the automated nature of e-commerce introduces new opportunities for traditional forms of theft, as well as entirely new forms of theft. The centrality of computation makes these threats a part of computer security. This is an area of research where we are seeing a lot of activity, and where we believe there is a great potential for valuable research contributions. While our primary interest is in defenses against theft, we are also interested in novel attacks and real data about attacks, as the defenders need to know what to defend against. It is our hope that we could stimulate such research by bringing together the leaders in this area, which is the very intention of this workshop. ** Workshop Program: This is a preliminary program subject to change. Thursday, April 14, 2005 8:00 - 8:30 Registration and Breakfast 8:30 - 8:45 Welcome and Opening Comments Fred Roberts, DIMACS Director 8:45 - 9:45 Identity Theft: A Risk to Be Managed Richard A Parry, Consumer Risk Management, JPMorganChase 9:45 - 10:15 Identity Theft and Legitimately - Minted Fraudulent Credentials Paul Van Oorschot, Carleton University, Canada 10:15 - 10:30 Break 10:30 - 11:15 Some are not thieves! Alexandr Andoni, MIT 11:00 - 11:30 Using Mutual Authentication to Fight Phishing Steve Myers, IUB 11:30 - 12:00 Building a Cryptovirus Using Microsoft's Cryptographic API Adam L: Young, LECG, LLC 12:00 - 1:30 Break 1:30 - 2:00 An open - source USB token Hein Roehrig, University of Calgary 2:00 - 2:30 Passwords Don't Get No Respect - - Or, How to Make the Most of (Weak) Shared Secrets Burt Kaliski, RSA Security 2:30 - 3:00 Blocking Phishing Spam: Pitfalls and Future Directions Minaxi Gupta, IUB 3:00 - 3:15 Break 3:15 - 3:45 Phishing Countermeasures Aaron Emigh, Radix Labs 3:45 - 4:15 Messin' with Texas: Deriving Mother's Maiden Names Using Public Records Virgil Griffith, IUB Friday, April 15, 2005 8:00 - 8:30 Breakfast and Registration 8:30 - 9:15 Identity Theft: Methods and Prevention John Black, University of Colorado 9:00 - 9:30 Preventing Theft in the Open Naftaly Minsky, Rutgers University 9:30 - 10:15 Expressing Human Trust in Distributed Systems: the Mismatch Between Tools and Reality Sean Smith, Dartmouth College 10:00 - 10:15 Break 10:15 - 10:45 Separable Identity - Based Ring Signatures: Theoretical Foundations for Fighting Phishing Attacks Susan Hohenberger, MIT 10:45 - 11:15 Fighting Phishing Attacks: A Lightweight Trust Architecture for Detecting Spoofed Emails Ben Adida, MIT 11:15 - 11:45 How to Search Privately on Streaming Data Rafail Ostrovsky, UCLA 11:45 - 12:15 Distributed Phishing Attacks Markus Jakobsson, IUB, CACR 12:15 - 1:45 Lunch 1:45 - 2:15 Are Peripheral Security Indicators Effective to Prevent Phishing Attacks? Min Wu, MIT 2:15 - 2:45 Kleptography: The Outsider Inside Your Crypto Devices, and its Trust Implications Moti Yung, Columbia University 2:45 - 3:15 Safeguarding wireless service access Panos Papadimitratos, Virginia Tech 3:15 - 3:30 Break 3:30 - 4:00 Social Networks and Trust Networks Jean Camp, IUB 4:00 - 4:30 Fraud and Fraud Reduction on the Internet Bezalel Gavish, Southern Methodist University ** Registration: Pre-registration deadline: April 7, 2005 Please see website for registration information http://dimacs.rutgers.edu/Workshops/Intellectual/ * Information on participation, registration, accomodations, and travel can be found at: http://dimacs.rutgers.edu/Workshops/Intellectual/ **PLEASE BE SURE TO PRE-REGISTER EARLY**
DIMACS Workshop on Security of Web Services and E-Commerce
*Pre-registration deadline: April 28, 2005* *** DIMACS Workshop on Security of Web Services and E-Commerce May 5 - 6, 2005 DIMACS Center, Rutgers University, Piscataway, NJ Organizer: Brian LaMacchia, Microsoft, [EMAIL PROTECTED] Presented under the auspices of the Special Focus on Communication Security and Information Privacy. The growth of Web Services, and in particular electronic commerce activities based on them, is quickly being followed by work on Web Services security protocols. While core XML security standards like XMLDSIG, XMLENC and WS-Security have been completed, they only provide the basic building blocks of authentication, integrity protection and confidentiality for Web Services. Additional Web Services standards and protocols are required to provide higher-order operations such as trust management, delegation, and federation. At the same time, the sharp rise in phishing attacks and other forms of on-line fraud simply confirms that all our work on security protocols is for naught if we cannot make it both possible and easy for the average user to discover when a security property has failed during a transaction. This workshop aims to explore these areas as well as other current and future security and privacy challenges for Web Services applications and e-commerce. ** Workshop Program: This is a preliminary program subject to change. Thursday, May 5, 2005 8:00 - 9:00 Breakfast and Registration 9:00 - 9:15 Welcome Opening Remarks 9:15 - 9:45 On the relation between Web Services Security and traditional protocols Eldar Kleiner and A.W. Roscoe, Oxford University Computing Laboratory, UK 9:45 - 10:15 Verification Tools for Web Services Security Cédric Fournet, Microsoft Research -- Cambridge, UK 10:15 - 10:30 Break 10:30 - 11:00 Flexible Regulation of Virtual Enterprises Naftaly Minsky, Rutgers University 11:00 - 11:30 Negotiated Security and Privacy Policies for Web Services George Yee, National Research Council 11:30 - 12:00 Regulating Synchronous Communication, and its Applications to Web-Services Constantin Serban, Rutgers University 12:00 - 1:30 Lunch 1:30 - 2:00 Scalable Configuration Management For Secure Web Services Infrastructure Sanjai Narain, Telcordia Technologies, Inc., USA 2:00 - 2:30 Automating Deployment Configuration of Web Services Security J. Micallef, B. Falchuk and C. Chung, Telcordia Technologies, Inc., USA 2:30 - 3:00 Software Based Acceleration Methods for XML Signature Youjin Song and Yuliang Zheng, UNC-Charlotte, USA 3:00 - 3:30 Analysis of aspects of XML WS-* that make hardware optimizations harder or easier Eugene Kuznetsov, DataPower Technology, Inc., USA 3:30 - 3:45 Break 3:45 - 4:15 XACML and role-based access control Jason Crampton, Royal Holloway, University of London, UK 4:15 - 4:45 Use of REL Tokens for Higher-order Operations Thomas DeMartini, ContentGuard, USA 4:45 - 5:15 Electronic Document Authorization: A Case for Practical, Secure Delegation and Authorization Young H. Etheridge Friday, May 6, 2005 8:00 - 9:00 Breakfast Registration 9:00 - 9:30 Towards Decentralized and Secure Electronic Marketplace Yingying Chen, Constantin Serban, Wenxuan Zhang and Naftaly Minsky, Rutgers University 9:30 - 10:00 A Negotiation-based Access Control Model for Web Services Elisa Bertino, Purdue University , A. C. Squicciarini and L. Martino, University of Milano, Italy 10:00 - 10:30 Using Certified Policies to Regulate E-Commerce Victoria Ungureanu, Rutgers University 10:30 - 10:45 Break 10:45 - 11:15 Active Intermediaries in Web Service and E-Commerce Environments John Linn, RSA Laboratories 11:15 - 11:45 Web services and Federated Identity Management Birgit Pfitzmann, IBM Zurich Research Lab, Switzerland 11:45 - 12:15 Web Services Architecture and the Old World Philip Hallam-Baker 12:15 - 1:45 Lunch 1:45 - 2:15 On-line Certificate Validation via LDAP Component Matching Jong Hyuk Choi, Sang Seok Lim, IBM T. J. Watson Research Center, and Kurt D. Zeilenga, IBM Linux Technology Center 2:15 - 2:45 A Convenient Method for Securely Managing Passwords Brent Waters, Stanford University, Alex Halderman, and Ed Felten, Princeton University 2:45 - 3:00 Break 3:00 - 3:30 Identifying Malicious Web Requests through Changes
Conference: APPLIED CRYPTOGRAPHY and NETWORK SECURITY (ACNS 2005)
The following message is being forwarded to you at the request of Rebecca Wright. *** C A L L F O RP A R T I C I P A T I O N -- Conference: APPLIED CRYPTOGRAPHY and NETWORK SECURITY (ACNS 2005) - Location: COLUMBIA UNIVERSITY, NEW YORK CITY, NEW YORK, USA Dates: JUNE 7-10, 2005 - We invite you to participate in the Third Annual Conference on Applied Cryptography and Network Security (ACNS 2005). This international conference features original research papers on scientific and technical aspects of cryptology and network security and is the third in its series. There are two tracks at ACNS: a research-oriented papers track (that will appear as a Springer's LNCS proceedings available at the conference) and an industrial/ short papers track (that will appear as a pre-proceedings and will be available at the conference as well). The latter has an emphasis on practical applications. In addition, invited talks by leading experts in the field, covering various recent developments, will be presented. It has been quite a while since there was a major full conference dedicated to cryptography and security in the New York City Metropolitan Area (a kind of NewYorCrypt), and ACNS 2005 is just it! It will enable an advanced forum on cryptography and security in the setting of New York City in one of the best time of the year to be in the the city. This setting should allow the local researchers, students and industry community easy access to very current issues and topics, and should attract international participants as well. The details about the program, the committee, registration details and additional information is available at: http://acns2005.cs.columbia.edu We believe that members of the scientific and technical industry community who will participate will enjoy a high level scientific event in the promising setting of NYC in June. John Ioannidis, Angelos Keromytis and Moti Yung General and Program Chairs, ACNS2005 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
THE SIXTH ACM CONFERENCE ON ELECTRONIC COMMERCE (EC-05)
This message is being forwarded to you on behalf of Joan Feigenbaum, Yale University, DIMACS Member *** THE SIXTH ACM CONFERENCE ON ELECTRONIC COMMERCE (EC-05) Registration now Open! See Accepted Papers, Workshops, Tutorials, below. June 5-8, 2005, Vancouver, Canada http://www.acm.org/ec05 Registration is now open for ACM EC-05! Early registration ends May 16th, so sign up now at: http://www.acm.org/sigs/sigecom/ec05/registrations.shtml Since 1999 the ACM Special Interest Group on Electronic Commerce (SIGECOM) has sponsored the leading scientific conference on advances in theory, systems, and applications for electronic commerce. Below is the schedule for the 4 tutorials, 1 workshop, and 32 papers accepted for ACM EC-05. For additional information, please visit: http://www.acm.org/ec05. This year, ACM EC-05 will be held from Sunday, June 5 through Wednesday, June 8, 2005 at the Vancouver Marriott Pinnacle resort, a first-class hotel located downtown in the stunning city of Vancouver, Canada. For more information about the conference surroundings, visit Vancouver's tourism Web site: http://www.tourismvancouver.com *** Tutorials http://www.acm.org/sigs/sigecom/ec05/tutorials.shtml Sun, Jun 5, 2005 - Morning 1) Optimal Mechanism Design without Priors - Jason Hartline 2) Trading Agent Design and Analysis - Michael P. Wellman Sun, Jun 5, 2005 - Afternoon (two one-hour talks) 1) Polynomial Time Algorithms for Market Equilibria - Kamal Jain and Vijay Vazirani 2) Algorithms for Combinatorial Auctions and Exchanges - Tuomas Sandholm *** Workshop http://research.yahoo.com/~pennockd/ext/ssa/ Sun, Jun 5 2005 - All Day Workshop on Sponsored Search Auctions - David Pennock and Kursad Asdemir *** Final program MONDAY 08:30 - 10:10 Ranking Systems: The PageRank Axioms Alon Altman, Moshe Tennenholtz Weak monotonicity suffices for truthfulness on convex domains Michael Saks, Lan Yu Marginal Contribution Nets: A Compact Representation Scheme for Coalitional Games Samuel Ieong, Yoav Shoham Cost Sharing in a Job Scheduling Problem Using the Shapley Value Debasis Mishra, Bharath Rangarajan 10:10 - 10:40 BREAK 10:40 - 12:20 Interconnected Communication Networks Provisioned Selfishly Pedro Ferreira, Marvin Sirbu Hidden-Action in Multi-Hop Routing Michal Feldman, John Chuang, Ion Stoica, Scott Shenker Content Availability, Pollution and Poisoning in Peer-to-Peer File Sharing Networks Nicolas Christin, Andreas Weigend, John Chuang A Price-Anticipating Resource Allocation Mechanism for Distributed Shared Clusters Michal Feldman, Kevin Lai, Li Zhang 12:20 - 02:00 LUNCH 02:00 - 03:00 Invited Speaker: Ehud Kalai, Northwestern University 03:00 - 03:30 BREAK 03:30 - 05:10 Nearly Optimal Multi Attribute Auctions Amir Ronen, Daniel Lehmann Optimal Design of English Auctions with Discrete bid Levels Esther David, Alex Rogers, Nicholas Jennings, Jeremy Schiff, Sarit Kraus Robust Solutions for Combinatorial Auctions Alan Holland, Barry O'Sullivan Online Auctions with Re-usable Goods Mohammad Taghi Hajiaghayi, Robert D. Kleinberg, Mohammad Mahdian, David Parkes TUESDAY 08:30 - 10:10 First-Price Path Auctions Nicole Immorlica, David Karger, Evdokia Nikolova, Rahul Sami From Optimal Limited to Unlimited Supply Auctions Robert McGrew, Jason Hartline True Costs of Cheap Labor Are Hard To Measure: Edge Deletion and VCG Payments in Graphs Edith Elkind Multi-unit auctions with budget-constrained bidders Christian Borgs, Jennifer Chayes, Nicole Immorlica, Mohammad Mahdian, Amin Saberi 10:10 - 10:40 BREAK 10:40 - 12:20 Graceful Service Degradation (or, How to Know your Payment is Late) Alexandr Andoni, Jessica Staddon Privacy-Preserving Credit Checking Keith Frikken, Mikhail Atallah, Chen Zhang Dynamic and Secure B2B E-contract Update Management Samuil Angelov, Sven Till, Paul Grefen Secure Distributed Human Computation Craig Gentry, Zulfikar Ramzan, Stuart Stubblebine 12:20 - 02:00 LUNCH 02:00 - 03:00 Invited Talk: Jennifer Rexford, Princeton University 03:00 - 03:30 BREAK 03:30 - 05:10 Communication Complexity of Common Voting Protocols
1st TIPPI Workshop
Trustworthy Interfaces for Passwords and Personal Information The following message is being forwarded at the request of Burt Kaliski, RSA Security and Dan Boneh, Stanford University. * 1st TIPPI Workshop Trustworthy Interfaces for Passwords and Personal Information Sponsored by the PORTIA project Date: June 13th, 2005 Location: Stanford University, Gates Computer Science Building, Room B12 Organizers: Burt Kaliski, RSA Security Dan Boneh, Stanford University Workshop Purpose Despite tremendous advances in computer technology in general and information security in particular, users still typically provide personal information and credentials such as passwords the same way they did 30 years ago: through a text interface that they assume they can trust. Today, that trust assumption clearly can no longer be relied on. Many security protocols have been proposed to protect credentials and personal information, but few are used in practice. A major reason is that the protocols have not been implemented in a way that ensures that they are actually used. For instance, a rogue Web site can still just ask the user for her password, regardless of how sophisticated a protocol the correct site employs. The purpose of the workshop is to facilitate an effective solution to these problems by bringing together the designers of the cryptographic protocols with the implementers of the user interfaces. Ideally, a user should have confidence that when she provides a password or other personal information, she can trust the interface she interacts with to protect her data from misuse - even if an attacker happens to be the one that asked her to provide it. In short, our hope is that the workshop will motivate a trend where trustworthy interfaces for passwords and personal information - TIPPI - are the typical ones in our industry. Speakers Current confirmed speakers include: Todd Inskeep, Bank of America. Roots of Trusted Interfaces and the User Experience. Dave Jevans, Anti-Phishing Working Group Ramesh Kesanupalli, Phoenix Technologies. Solutions for Secure and Trustworthy Authentication. Steve Myers, Indiana University Delayed Password Disclosure. Submissions: We welcome additional presentations, both long (30 minutes) and short (10 minutes). If you would like to give a presentation, please send us a proposed title and abstract by May 15. There will be no proceedings, but presentations and research papers (if available) will be posted on the Web. More Information: For more information, please contact Burt Kaliski http://www.rsasecurity.com/rsalabs/node.asp?id=2017 or Dan Boneh http://crypto.stanford.edu/~dabo/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
DIMACS Workshop on Information Security Economics
* DIMACS Workshop on Information Security Economics January 18 - 19, 2007 DIMACS Center, CoRE Building, Rutgers University Organizers: Alessandro Acquisti, Carnegie Mellon University, [EMAIL PROTECTED] Jean Camp, Indiana University, [EMAIL PROTECTED] Presented under the auspices of the Special Focus on Communication Security and Information Privacy and the Special Focus on Computation and the Socio-Economic Sciences. The deployment of an information security solution can be evaluated on whether the benefits expected from its deployment are higher than the costs of its deployment. Yet it is hard to quantify both benefits and costs, due to uncertainty about factors such as attackers' motivations, probability of an attack, and cost of an attack. This uncertainty about the value of tangible costs and benefits is complicated by intangible costs and benefits, such as user and market perceptions of the value of security. The field of economics has well developed theories and methods for addressing with these types of uncertainty. As such, there has been a growing interest in the economics of information security. Past notable work used the tools of economics to offer insights into computer security, offered mathematical economic models of computer security, detailed potential regulatory solutions to computer security, or clarified the challenges of improving security as implemented in practice. The goal of this workshop is to expand that interest in economics of information security. To meet this goal the workshop will bring together researchers already engaged in this interdisciplinary effort with other researchers in areas such as economics, security, theoretical computer science, and statistics. Topics of interest include economics of identity and identity theft, liability, torts, negligence, other legal incentives, game theoretic models, security in open source and free software, cyber-insurance, disaster recovery, reputation economics, network effects in security and privacy, return on security investment, security risk management, security risk perception both of the firm and the individual, economics of trust, economics of vulnerabilities, economics of malicious code, economics of electronic voting security, and economic perspectives on spam. Call for Participation: Investments in information security are contingent on the expected benefits and costs of their deployment. Yet, it is difficult to quantify those trade-offs: uncertainties about attackers' skills and motivations, systems' dependability, and the consequences of security failures are heightened by intangible considerations - such as individual perceptions of the value of security. In recent years, growing attention has been directed towards the application to information security of economic models for the evaluation of complex trade-offs under risk and uncertainty. This economics of information security has offered mathematical models of returns on security investments and behavioral models of users' decision making; it has detailed regulatory solutions to cyber-security issues; and it has clarified the challenges of improving everyday security and privacy. The DIMACS Workshop on Information Security Economics aims at enlarging the interest in this area by bringing together researchers already engaged in the field with other scientists and investigators in disciplines such as economics, business, statistics, and computer science. We encourage researchers and industry experts to submit manuscripts with original work to the Workshop; we especially encourage collaborative and interdisciplinary research from authors in multiple fields. Topics of interest include (but are not limited to) empirical and theoretical works on the economics of: * vulnerabilities and malicious code * spam, phishing, and identity theft * privacy, reputation, and trust * DRM and trusted computing * cyber-insurance, returns on security investments, and security risk management * security risk perception at the firm and individual levels. Questions about the workshop may be addressed to: [EMAIL PROTECTED] Organizers: Alessandro Acquisti, Carnegie Mellon University, [EMAIL PROTECTED] Jean Camp, Indiana University, [EMAIL PROTECTED] Submission instructions Submissions are due by November 3, 2006 (11:59PM PST), preferably in PDF format, to: [EMAIL PROTECTED] Submissions should not exceed approximately 10,000 words. Notifications of acceptance for the program will be sent by November 18, 2006. Registration: (Pre-registration deadline: January 8, 2007 ) Please see website for complete registration details.
DIMACS Workshop on Information Security Economics
* DIMACS Workshop on Information Security Economics January 18 - 19, 2007 DIMACS Center, CoRE Building, Rutgers University Organizers: Alessandro Acquisti, Carnegie Mellon University, [EMAIL PROTECTED] Jean Camp, Indiana University, [EMAIL PROTECTED] Presented under the auspices of the Special Focus on Communication Security and Information Privacy and the Special Focus on Computation and the Socio-Economic Sciences. The deployment of an information security solution can be evaluated on whether the benefits expected from its deployment are higher than the costs of its deployment. Yet it is hard to quantify both benefits and costs, due to uncertainty about factors such as attackers' motivations, probability of an attack, and cost of an attack. This uncertainty about the value of tangible costs and benefits is complicated by intangible costs and benefits, such as user and market perceptions of the value of security. The field of economics has well developed theories and methods for addressing with these types of uncertainty. As such, there has been a growing interest in the economics of information security. Past notable work used the tools of economics to offer insights into computer security, offered mathematical economic models of computer security, detailed potential regulatory solutions to computer security, or clarified the challenges of improving security as implemented in practice. The goal of this workshop is to expand that interest in economics of information security. To meet this goal the workshop will bring together researchers already engaged in this interdisciplinary effort with other researchers in areas such as economics, security, theoretical computer science, and statistics. Topics of interest include economics of identity and identity theft, liability, torts, negligence, other legal incentives, game theoretic models, security in open source and free software, cyber-insurance, disaster recovery, reputation economics, network effects in security and privacy, return on security investment, security risk management, security risk perception both of the firm and the individual, economics of trust, economics of vulnerabilities, economics of malicious code, economics of electronic voting security, and economic perspectives on spam. Call for Participation: Investments in information security are contingent on the expected benefits and costs of their deployment. Yet, it is difficult to quantify those trade-offs: uncertainties about attackers' skills and motivations, systems' dependability, and the consequences of security failures are heightened by intangible considerations - such as individual perceptions of the value of security. In recent years, growing attention has been directed towards the application to information security of economic models for the evaluation of complex trade-offs under risk and uncertainty. This economics of information security has offered mathematical models of returns on security investments and behavioral models of users' decision making; it has detailed regulatory solutions to cyber-security issues; and it has clarified the challenges of improving everyday security and privacy. The DIMACS Workshop on Information Security Economics aims at enlarging the interest in this area by bringing together researchers already engaged in the field with other scientists and investigators in disciplines such as economics, business, statistics, and computer science. We encourage researchers and industry experts to submit manuscripts with original work to the Workshop; we especially encourage collaborative and interdisciplinary research from authors in multiple fields. Topics of interest include (but are not limited to) empirical and theoretical works on the economics of: * vulnerabilities and malicious code * spam, phishing, and identity theft * privacy, reputation, and trust * DRM and trusted computing * cyber-insurance, returns on security investments, and security risk management * security risk perception at the firm and individual levels. Questions about the workshop may be addressed to: [EMAIL PROTECTED] Organizers: Alessandro Acquisti, Carnegie Mellon University, [EMAIL PROTECTED] Jean Camp, Indiana University, [EMAIL PROTECTED] Submission instructions Submissions are due by November 3, 2006 (11:59PM PST), preferably in PDF format, to: [EMAIL PROTECTED] Submissions should not exceed approximately 10,000 words. Notifications of acceptance for the program will be sent by November 18, 2006. Registration: (Pre-registration deadline: January 8, 2007 ) Please see website for complete registration details.
IEEE International Conference on Intelligence and Security Informatics 2007
* IEEE International Conference on Intelligence and Security Informatics 2007 May 23-24, 2007 Hyatt Hotel New Brunswick, New Jersey ** DEADLINE FOR EARLY REGISTRATION IS ALMOST HERE ** Hosted by: Rutgers, The State University of New Jersey DIMACS-CAIT Laboratory for Port Security Center for Discrete Mathematics and Theoretical Computer Science (DIMACS) Center for Interdisciplinary Studies in Information Privacy and Security Sponsored by: Institute of Electrical and Electronics Engineers (IEEE) IEEE Systems, Man, and Cybernetics Society IEEE Intelligent Transportation Systems Society National Science Foundation Intelligence Technology Innovation Center Department of Homeland Security * Informatics research has emerged as a key scientific discipline and applications domain supporting counterterrorism and homeland security's missions of anticipation, interdiction, prevention, preparedness and response to terrorist acts. ISI 2007 provides a forum for discussions among these vital communities: academic researchers (in information technologies, computer science, public policy, and social studies), local, state, and federal law enforcement and intelligence experts, and information technology industry consultants and practitioners. Security informatics is a rapidly growing multidisciplinary area that crosscuts numerous disciplines, including computer science, information technology, engineering, public policy, medicine (medical informatics), biology (bioinformatics), social and behavioral sciences, political science, and modeling and analysis. The combination of intelligence and security informatics strives to integrate computational social science, advanced information technologies and algorithms to support counterterrorism and homeland security policies, organizations and operations (both domestically and internationally). Because of the conference's location near major New York - New Jersey ports, one of its key themes is port security, where the term port is used here in its broad sense, namely, as a point of entry/exit for secure flows of people and cargo. Other themes cover the components of effective counterterrorism, dynamic data analysis, and critical-infrastructure protection technologies. This conference aims to foster the development and growth of a counterterrorism and homeland-security community by providing a forum and podium for diverse communities: academia, government (local, state, federal law enforcement, intelligence experts, etc.) and industry (consultants and practitioners etc.). We solicit contribution of long or short papers, and proposals for panel discussions on both the science and the practice of intelligence and security informatics. The conference proceedings will be published as an IEEE publication. Several satellite conferences will also be held before ISI-2007. The upcoming IEEE International Conference on Intelligence and Security Informatics 2007 (ISI 2007) will be held May 23-24, 2007, in New Brunswick, New Jersey, at the Hyatt Hotel. There will also be two satellite conferences: The 2007 Conference on Interdisciplinary Studies in Information Privacy and Security. This conference will be held on May 22nd, 2007 from 9 a.m to 5 p.m. at the University Inn, Douglass Campus, Rutgers, New Brunswick. The second event is the NSF Workshop on Biosurveillance Systems and Case Studies, May 22, 2007, New Brunswick, New Jersey. The two previous symposia on ISI (ISI-2003, ISI-2004) were held in Tucson, Arizona; the third (ISI-2005) in Atlanta, Georgia; the fourth (ISI-2006) in San Diego, California. These meetings provided a stimulating intellectual forum for discussions among previously disparate communities: academic researchers (in information technologies, computer science, public policy, and social and behavioral studies), local, state, and federal law enforcement and intelligence experts, and information technology industry consultants and practitioners. Proceedings of these past ISI meetings were published in Springer Lecture Notes in Computer Science (LNCS). * Registration Fees: (Pre-registration deadline: May 15, 2007) For complete registration information, please see: http://dimacs.rutgers.edu/ISI2007/registration.htm Your conference fee will entitle you to: - Entrance to all conference presentations - Breakfast on both conference days (May 23-24) - Entrance to the Conference Reception, held in conjunction with the Poster and Demonstration Session, where ample food will be served (evening, May 23)
Announcing DIMACS 2007-2010 Special Focus on Algorithmic Foundations of the Internet
[Moderator's note: the Secure Routing focus may be of interest to some readers. --Perry] *** Announcing DIMACS 2007-2010 Special Focus on Algorithmic Foundations of the Internet http://dimacs.rutgers.edu/SpecialYears/2007_AFI/ *** The Internet has an ever-expanding role in our daily lives; yet, it is arguably one of the most fragile components of our nation's critical infrastructure. The Internet was designed as a research network without the expectation that it would eventually be used for everything from banking, commerce, and telecommunications to the remote management of power networks. The scale and heterogeneity of the Internet have far surpassed all expectations, and the Internet is responding by showing signs of strain. Moreover, new applications heighten the need for security and network management capabilities, neither of which were major goals in the original design of Internet protocols. DIMACS is hosting a 3-year special focus devoted to the study of algorithms and protocols for large-scale networks. The focus is scheduled to start in August 2007 and continue through July 2010. The special focus aims to enhance our understanding of the limitations of today's protocols, as well as the gains that new designs could achieve. This is an emerging cross-disciplinary area that requires expertise from several fields including networking, theory of computing, computer and communications security, and game theory. Research collaborations spanning these communities are crucial to making progress on the most challenging problems, and enabling these collaborations is a major goal of this special focus. As the Internet continues to grow, more and more business-critical functions rely on its availability. One can easily envision a future in which the vast majority of communications traffic, including telephone, television, radio, business data, and government data, will rely on an Internet infrastructure that is available and secure. For the Internet to meet these challenges, we need a much deeper understanding of the properties of our existing protocols and the fundamental tradeoffs that should guide the design of the future Internet. Providing a strong algorithmic foundation for the Internet is especially timely, as the research community embarks on an ambitious rethinking of the Internet architecture. There are many algorithms and protocols used in the Internet and its applications. Some adequately serve their desired purposes, while others need improvement. However, there is a disconnect between the methodology and results of algorithms research and the methodology and results used to guide the adoption of Internet protocol standards. On the one hand, traditional distributed-algorithms research does not adequately model the Internet's design goals, including autonomy, scalability, and privacy. On the other hand, protocol-adoption standards far too often rely on experimentation and testing by vendors and select customers, not on formal analysis. Protocols are often tweaked to add customer functionality without scrutinizing the resulting behavior in worst-case situations or proving any kind of correctness or security properties. Furthermore, these worst-case situations occur more often than expected, due to both the sheer size of the network and the fact that malicious agents can use security flaws to take control of significant parts of the Internet. This special focus seeks to bridge the gap between networking research focused on the existing artifacts - the protocols and mechanisms underlying today's Internet - and the new work that needs to be done to lay a solid foundation for the design of a future Internet. Research focusing on today's network emphasizes characterization, primarily through measurement and prototyping, of existing protocols and mechanisms, in order to improve our understanding of the Internet and guide incremental changes to the system. Although algorithmic models have played a role in this work, the details of today's protocols and mechanisms often defy attempts to impose rigorous models after the fact. The future Internet needs to be more secure, be easier to manage, and take greater advantage of new underlying technologies, such as sensor networks, wireless networks, and optical switching. This argues for the design of new protocols and mechanisms with their key properties in mind from the outset. An algorithmic mindset is an extremely important ingredient in this line of research. This special focus is guided by a deep understanding of the current Internet but allows for the possibility of radical change where it is warranted. The focus seeks to analyze and design protocols, algorithms, and architectures for a future Internet that is based on sound mathematical and computational foundations,
BSF/DIMACS/DyDAn Workshop on Data Privacy
* BSF/DIMACS/DyDAn Workshop on Data Privacy February 4 - 7, 2008 DIMACS/DyDAn Center, CoRE Building, Rutgers University Organizers: Kobbi Nissim, Ben Gurion University, kobbi at cs.bgu.ac.il Benny Pinkas, University of Haifa, benny at cs.haifa.ac.il Rebecca Wright, Rutgers University, rebecca.wright at rutgers.edu Presented under the auspices of the DIMACS Special Focus on Communication Security and Information Privacy and the Center for Dynamic Data Analysis (DyDAn). An ever-increasing amount of data is available in digital form, often accessible via a network. Not surprisingly, this trend is accompanied by an increase in public awareness of privacy issues and by legislation of privacy laws. The interest in privacy, and the tension between privacy and utility of data, is amplified by our growing ability to collect and store large amounts of data, and our ability to mine meaningful information from it. This workshop will view privacy in a broad sense in order to facilitate interaction and discussion between privacy-oriented researchers in different communities. The study of privacy is inherently interdisciplinary, spanning a range of applications and scenarios, such as analysis of census data, detection and prevention of terrorist activity, and biomedical research. There is a fundamental interplay between privacy and law, security, economics, and the social sciences. This workshop will foster interactions between researchers in these fields with those in statistics and computer science, toward the goal of developing problem formulations that can be translated into a technical mathematical language that lends itself to a more rigorous study of privacy. The workshop will contrast these formal definitions with more intuitive notions of privacy from the social sciences, economics, philosophy and law to determine the extent to which they capture the perceived meaning of privacy in different settings. Privacy-preserving technologies may soon become an integral part of the basic infrastructure for the collection and dissemination of official statistics, as well as for research in business, economics, medical sciences, and social sciences. Functional solutions for preserving privacy would therefore serve as a central part of the infrastructure for those disciplines. This workshop will address a variety of questions on algorithms for privacy-preserving analysis such as: * To what extent can such techniques be applied to statistical data? * What are the consequences to privacy and confidentiality if such techniques are not used? * Are changes in statistical tools needed to make them compatible with such techniques? * Can the techniques be modified to allow use of standard statistical tools and practices? ** Program: Monday, February 4, 2008 8:00 - 8:50 Breakfast and Registration 8:50 - 9:00 Welcome and Opening remarks Rebecca Wright, DIMACS Deputy Director 9:00 - 10:00 Tutorial: Differential Privacy Adam Smith, Penn State University 10:00 - 10:30 PINQ Frank McSherry 10:30 - 11:00 Break 11:00 - 12:00 Tutorial: Smooth Sensitivity and Sampling Sofya Raskhodnikova, Penn State University 12:00 - 12:30 Tutorial: Exponential Mechanism Kunal Talwar 12:30 - 2:00 Lunch 2:00 - 3:00 Tutorial: Statistical Methods Alexandra Slavkovic 3:00 - 3:30 Break 3:30 - 4:30 Tutorial: Synthetic Data John Abowd Tuesday, February 5, 2008 8:30 - 9:00 Breakfast and Registration 9:00 - 10:30 Tutorial: Secure Multiparty Computation and Privacy-Preserving Data Mining Yehuda Lindell, Bar Ilan University 10:30 - 11:00 Break 11:00 - 11:35 The Difficulty of Preventing Disclosure Moni Naor 11:35 - 12:05 E Gov, Online Citizen Scrutiny and Participation - The Joint Challenges for Cryptologists and Policy Makers Tal Zarsky, University of Haifa 12:05 - 12:30 Robust De-anonymization of Multi-dimensional Databases Vitaly Shmatikov, The University of Texas at Austin 12:30 - 2:00 Lunch Statistics: 2:00 - 2:25 Privacy: Theory Meets Practice on the Map John Abowd 2:25 - 2:50 A Hybrid Perturbation/Swapping Approach for Masking Numerical Data Rathindra Sarathy, Oklahoma State University 2:50 - 3:20 Break 3:20 - 3:45 Deterministic History-Independent Strategies for Storing Information on Write-Once Memories Gil Segev, Weizmann Institute of Science 3:45 - 4:10 Cell Suppressions Leak Information Shubha Nabar, Stanford University 4:10 - 4:35 A Learning Theory Perspective on Data
