Re: Traffic Analysis References

2006-10-23 Thread George Danezis
Hi Leandro,

I am compiling a review paper on traffic analysis as well as a talk.
They can be found here:

These will soon be expanded (by January) since they are going to be
presented as a talk to the CCC (Berlin) as well as a book chapter.

If anyone with material on the subject can give me more pointers I would
be most grateful.



Leandro Meiners wrote:
 Dear list,
 Can anybody point me to any good references regarding traffic analysis?
 Leandro Federico Meiners
 GnuPG key fingerprint:
 7B98 C0F5 42A3 2BEE 44AF
 9D19 936F 5957 27DF AE74
 The Cryptography Mailing List
 Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: Secure phones from VectroTel?

2006-05-23 Thread George Danezis
Hi all!

 The devices apparently use D-H key exchange to produce a 128 bit AES
 key which is then used as a stream cipher (presumably in OFB or a
 similar mode). Authentication appears to be via a 4 digit pin,
 certainly not the best of mechanisms.

The 4-digit PIN should not automatically be dismissed as a bad idea. The
device *could* be performing a DH based protocols to bootstrap a strong
secret from a week PIN.

A secure example of such a protocol (there are many more):

Stefan Lucks, Rüdiger Weis: How to turn a PIN into an Iron Beam. 385-396
(In Dimitris Gritzalis, Sabrina De Capitani di Vimercati, Pierangela
Samarati, Sokratis K. Katsikas (Eds.): Security and Privacy in the Age
of Uncertainty, IFIP TC11 18th International Conference on Information
Security (SEC2003), May 26-28, 2003, Athens, Greece. IFIP Conference
Proceedings 250 Kluwer 2003, ISBN 1-4020-7449-2)

And a simpler one:

Michael Roe, Bruce Christianson, David Wheeler.
Secure sessions from weak secrets

Of course I have no idea if this is the technology used.



The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

IPICS summer course in Computer Security

2006-05-17 Thread George Danezis
Call for Participation

Intensive Program on Information and Communication Security
IPICS 2006 Summer Course
17-28 July 2006, K.U. Leuven, Belgium

Special Focus: Privacy Technology (26-28 July)

IPICS is a two week long summer school intended for final year
undergraduate students, master students and starting PhD candidates, as
well as those in the private sector, that wish to learn about the
foundations of computer and communication security. IPICS takes the
format of a two week course, taught by internationally renowned
researchers and experts.

The special theme this year is Privacy Technology, with 3 days
especially devoted to it. The special privacy course will cover:

* Introduction, by the father of Privacy Technologies,
  David Chaum
* Identity management and privacy
  Marit Hansen (ICPP, Schleswig-Holstein, Germany)
* Anonymous credential systems and e-cash
  Jan Camenisch (IBM Zürich, Switserland)
* Election schemes
  Peter Ryan (Newcastle University, U.K.)
* Privacy policies, languages and applications
  Simone Ficher-Hübner (Karlstadt University, Sweden)
* Location privacy and mobile devices
  Kai Rannenberg (Goethe University Frankfurt, Germany)
* Anonymous communications
  Dogan Kesdogan (Technical University of Aachen, Germany)
* Privacy public policy, law and economics
  Jos Dumortier (Katholieke Universiteit Leuven - ICRI, Belgium)

Other topics will include:

* Introduction to security and course overview (Bart Preneel, KU Leuven),
* Computer crime and abuse (Nathan Clarke, Plymouth),
* Business continuity planning (Gerald Quirchmayr, Vienna),
* Cryptology (Bart Preneel, KU Leuven),
* Authorization and access control (Günther Pernul, Regensburg),
* PKI and PMI (Javier Lopez, Malaga),
* Biometry (Pim Tuyls, KU Leuven),
* Network Security (Sokrates Katsikas, Greece),
* Cybercrime Investigation (Ahmed Patel),
* RFID Security (Karl Posch, T.U.Graz),
* Electronic commerce (Keith Martin, Royal Holloway),
* Smart cards (Helena Handschuh, Spansion, France),
* Trusted computing (Klaus Kursawe, Philips Eindhoven),
* Secure hardware (Lejla Batina, Nele Mentens, KU Leuven),
* eID cards (Danny De Cock, KU Leuven),
* Security of C and C++ programs (Yves Younan, KU Leuven)
(Full program at:


Registration is FREE for students. Academics are charged (150 euros) and
industry participants are charged 500 euros for L-SEC members or 650
euros for non-members.

We ask those interested to register as soon as possible, and before July
7th at:

A limited supply of accommodation is available through KU Leuven, that
you need to book well in advance through the registration process. More
details on alternative hotels and local arrangements can be found at:

Contacts and further information:

George Danezis (George.Danezis at esat kuleuven be)
Claudia Diaz (Claudia.Diaz at esat kuleuven be)
Prof. Bart Preneel (Bart.Preneel at esat kuleuven be)


The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]