July 06, 2008
Digital Evidence: Musing on the rocky path to wisdom
I've notched up two events in London: the International Conference on Digital Evidence 10 days ago, and yesterday I attended BarCampBankLondon. I have to say, they were great events!
Another great conference in our space was the original FC in 1997 in Anguilla. This was a landmark in our field because it successfully brought together many disciplines who could each contribute their specialty. Law, software, cryptography, managerial, venture, economics, banking, etc. I had the distinct pleasure of a professor in law gently chiding me that I was unaware of an entire school of economics known as transaction economics that deeply affected my presentation. You just can't get that at the regular homogeneous conference, and while I notice that a couple of other conferences are laying claim to dual-discipline audiences, that's not the same thing as Caribbean polyglotism.
Digital Evidence was as excellent as that first FC97, and could defend a top rating in conferences in the financial cryptography space. It had some of interactivity, perhaps for two factors: it successfully escaped the trap or fixation on local jurisdiction, and it had a fair smattering of technical people who could bring the practical perspective to the table.
Although I'd like to blog more about the presentations, it is unlikely that I can travel that long journey; I've probably enough material for a month, and no month to do it in. Which highlights a continuing theme here at on this blog: there is clearly a hole in the knowledge-to-wisdom market. It is now even an archaic cliche that we have too much data, too much information to deal with, so how do we make the step up through knowledge and on to wisdom?
Conferences can help; but I feel it is far too easy to fall into the standard conference models. Top quality names aimed at top paying attendees, blindness by presumptions about audience and presenters (e.g., academic or corporate), these are always familiar complaints.
Another complaint is that so much of the value of conferences happens when the "present" button is set to "off". And that leads to a sort of obvious conclusion, in that the attendees don't so much want to hear about your discoveries, rather, what they really want is to develop solutions to their own problems. FC solved this in a novel way by having the conference in the Caribbean and other tourist/financial settings. This lucky choice of a pleasant holiday environment, and the custom of morning papers leaving afternoons freer made for a lot of lively discussion.
There are other models. I experimented at EFCE, which Rachel, Fearghas and I ran a few years back in Edinburgh. My call (and I had to defend my corner on this one) was that the real attendees were the presenters. If you could present to peers who would later on present to you, then we could also more easily turn off the button and start swapping notes. If we could make an entire workshop of peers, then structure would not be imposed, and relationships could potentially form naturally and evolve without so many prejudices.
Which brings us to yesterday's event: BarCampBankLondon. What makes this bash unusual is that it is a meeting of peers (like EFCE), there is a cross-discipline focus (finance and computing, balanced with some legal and consulting people) and there isn't much of an agenda or a selection process (unlike EFCE). Addendum: James Gardner suggests that other conferences are dead, in the face of BarCamp's model.
I'm all for experimentation, and BCBL seemed to manage the leading and focussing issue with only the lightest of touches. What is perhaps even more indicative of the (this?) process was that it was only 10 quid to get in, but you consume your Saturday on un-paid time. Which is a great discriminator: those who will sacrifice to work this issue turned up, and those looking for easy, paid way to skive off work did not.
So, perhaps an ideal format would be a BarCamp coupled with the routine presentations? Instead of a panel session (which I find a bit fruitless) replace one afternoon with a free-for-all? This is also quite similar to the "rump sessions" that are favoured in the cryptography world. Something to think about when you are running your next conference.
June 17, 2008
Digital Evidence -- 26-27 June, London
Cryptographers, software and hardware architects and others in the tech world have developed a strong belief that everything can be solved with more bits and bites. Often to our benefit, but sometimes to our cost. Just so with matters of law and disputes, where inventions like digital signatures have laid a trail of havoc and confusion through security practices and tools. As we know in financial cryptography, public-key reverse encryptions -- confusingly labelled as digital signatures -- are more usefully examined within the context of the law of evidence than within that of signatures.
Now here cometh those who have to take these legal theories from the back of the technologists' napkins and make them really work: the lawyers. Stephen Mason leads an impressive line-up from many countries in a conference on Digital Evidence:
Digital evidence is ubiquitous, and to such an extent, that it is used in courts every day in criminal, family, maritime, banking, contract, planning and a range of other legal matters. It will not be long before the only evidence before most courts across the globe will all be in the form of digital evidence: photographs taken from mobile telephones, e-mails from Blackberries and laptops, and videos showing criminal behaviour on You Tube are just some of the examples. Now is the time for judges, lawyers and in-house counsel to understand (i) that they need to know some of the issues and (ii) they cannot ignore digital evidence, because the courts deal with it every day, and the amount will increase as time goes by. The aim of the conference will be to alert judges, lawyers (in-house lawyers as well as lawyers in practice), digital forensic specialists, police officers and IT directors responsible for conducting investigations to the issues that surround digital evidence.
Not digital signatures, but evidence! This is a genuinely welcome development, and well worth the visit. Here's more of the blurb:
Conference Programme International Conference on Digital Evidence26th- 27th June 2008, The Vintner's Hall, London – UNITED KINGDOM
Conference: 26th & 27th June 2008, Vintners' Hall, London
Cocktail & Dinner: 26th June 2008, The Honourable Society of Gray's InnTHE FIRST CONFERENCE TO TREAT DIGITAL EVIDENCE FULLY ON AN INTERNATIONAL PLATFORM...
12 CPD HOURS - ACCREDITED BY THE LAW SOCIETY & THE BAR STANDARDS BOARD
This event has also been accredited on an ad hoc basis under the Faculty's CPD Scheme and will qualify for 12 hoursUnderstanding the Technology: Best Practice & Principles for Judges, Lawyers, Litigants, the Accused & Information Security & Digital Evidence Specialists
MIS is hosting & developing this event in partnership with & under the guidance of Stephen Mason, Barrister & Visiting Research Fellow, Digital Evidence Research, British Institute of International and Comparative Law.
Mr. Mason is in charge of the programme's content and is the author of Electronic Signatures in Law (Tottel, 2nd edn, 2007) [This text covers 98 jurisdictions including case law from Argentina, Australia, Brazil, Canada, China, Colombia, Czech Republic, Denmark, Dominican Republic, England & Wales, Estonia, Finland, France, Germany, Greece, Hungary, Israel, Italy, Lithuania, Netherlands, Papua New Guinea, Poland, Portugal, Singapore, South Africa, Spain, Switzerland and the United States of America]. He is also an author and general editor of Electronic Evidence: Disclosure, Discovery & Admissibility (LexisNexis Butterworths, 2007) [This text covers the following jurisdictions: Australia, Canada, England & Wales, Hong Kong, India, Ireland, New Zealand, Scotland, Singapore, South Africa and the United States of America]. Register Now!Stephen is also International Electronic Evidence, general editor, (British Institute of International and Comparative Law, 2008), ISBN 978-1-905221-29-5, covering the following jurisdictions: Argentina, Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Egypt, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Italy, Japan, Latvia, Lithuania, Luxembourg, Malta, Mexico, Netherlands, Norway, Poland, Romania, Russia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Thailand and Turkey.
June 06, 2008
BarCampBankLondon: alternative finance workshop
Thomas Barker sends this press release:
Innovators Gather in the City to Set Shape for Future of Finance
Contact: Thomas Barker
Email: tbarker(at)barcampbank[..]org
LONDON, UK, Monday June 2nd, 2008 - On Saturday July 5th, 2008, one of the most unusual conferences in the financial services industry, BarCampBankLondon (BCBL), will get underway at 9:30 AM near the heart of the City. BCB London follows the success of previous BarCampBanks in Paris, Seattle, San Francisco, New Hampshire and New York City. Ranging from interested students, to banking executives, to VCs, startup founders and internet technologists. BCBL is a forum where participants from diverse backgrounds can get together to discuss topics impacting the industry. It will attract thought leaders and innovators from as far away as America for an intense day of discussions on the future of financial services.
Event co-founder, Frederic Baud said "We wanted to get away from the typical event where a group of senior executives listen to PowerPoint slides and exchange business cards. This is really about getting together people who share a genuine interest in building the future." The event has no set speakers, agenda or sales pitches and getting in the door will only set you back £10. To ensure that the event is relevant to all those attending, the agenda will be discussed online (http://barcamp.org/BarCampBankLondon), then set by the participants on the morning of the event.
It might seem strange that an event like this has taken so long to reach London, a city often considered to be the global financial hub. Another organizer, Thomas Barker said "People might not immediately think of London as a tech cluster. But walking around the City, you can see hundred of software firms nestled in among the banks and lawyers. There's a lot happening here". So far, BCBL intends to discuss the topics of P2P lending, startup financing, mobile banking, personal finance management and micro-finance amongst others.
To attend BCBL, register online at http://bcblondon.eventbrite.com/ .
Sun Microsystems are generously hosting BCBL in their City offices. The event, which is organized by volunteers, welcomes participation from anyone who would like to help with logistics or spreading the word. Interested parties can contact Thomas Barker at tbarker [at]barcampbank,org, or Antony Evans at Antony (At) thestartupexchange D0t com.
About BarCampBank:
The aim of BarCampBank is to foster innovation and the creation of new business models in the world of banking and finance. The next BarCampBank after London will be held in Charleston, USA. For more information, please contact George Pasley at gpasley att gmail d0T com . The following one will be held in Vancouver, Canada. For more information, please contact Tim McAlpine at tmcalpine (a) currencymarketing AT ca .# # #
If you'd like more information about his event, please contact Thomas Barker (contact information above) or Antony Evans (Antony _Att_ thestartupexchange . com)
April 18, 2008
2 views on the RSA security conference: a war of signals?
2 guys went to RSA conference and came back with slightly different tales. Both are down on it. Gunnar Peterson says the sellers of product are not of our kind, to put it politely. He spotted an apparent exception with Ping Identity, a seller of something or other, which apparently is impressing clients, who reported this anecdote:
Someone wandered by our booth and when they saw the Ping logo, they stopped and paused, looking perplexed. When one of our sales team inquired, the gentleman said, "I thought you guys were bigger than that."
Signal! In a market with insufficient information, signals arise as proxies for the metrics that we don't have, but still demand. There are no good signals, only less bad ones, because if it was good it would be a metric.
In this case, the observer thought that the booth size indicated corporate size, with the implied expectation that this said something (good) about the product. The Ping guy went on to muse on a strategy of deliberately going perverting the signal by setting his booth size at 10x10 (feet?) regardless. He could go further, and not go at all, but apparently he isn't ready for that test.
Meanwhile, Bruce Schneier also went to RSA and said:
Talk to the exhibitors, though, and the most common complaint is that the attendees aren't buying.It's not the quality of the wares. The show floor is filled with new security products, new technologies, and new ideas. Many of these are products that will make the attendees' companies more secure in all sorts of different ways. The problem is that most of the people attending the RSA Conference can't understand what the products do or why they should buy them. So they don't.
This is a subtle difference between Gunnar and Bruce. Gunnar says that all is crap, and Bruce says that the products are good, but the buyers don't get it. Bruce's theory is that the marketing departments are not selling on security, and in some sense have drifted off to selling something else.
"I can't figure out what any of those companies do," he replied.I believe him. The booths are filled with broad product claims, meaningless security platitudes and unintelligible marketing literature. You could walk into a booth, listen to a five-minute sales pitch by a marketing type, and still not know what the company does. Even seasoned security professionals are confused.
Which is to say, whatever they are selling, it isn't speaking to security, as far as their customers are concerned. So if we assume that they do know security (whatever that means) and their products are good for us (as Bruce suggests), the question then becomes, why can't they communicate this to us?
Bruce provides the answer elsewhere:
In 2006, IBM bought ISS. The same year BT bought my company, Counterpane, and last year it bought INS. These aren't large security companies buying small security companies; these are non-security companies buying large and small security companies.
Whatever it is that the security companies know, it isn't about what the customer needs. Now, we could split hairs about this point: is the wisdom that the company holds "security" or, is what the customer needs, security?
But it is clear that the customer needs X and the seller isn't aware of what X is. Further, if the above events are indicative, the specialised security company is not capable of entering the market for X. The market for X is reserved for the IT generalist company.
I agree with the notion that we are facing crunch time for the sector (and have been predicting it for longer than I care to remember). It is certainly an exercise for the armchair economists to predict where it goes from here. But, let there be no doubt about change: It has to change, because the disconfirming data is in: the security industry did not save us from the current threats, and has no good answer, if the RSA conference is anything to go by.
From my armchair, here is where it goes: It's your job, do it. Security is something that becomes a part of the application, and the market then splits two ways: you the builder of applications will do it yourself, or you will outsource practically all of the application to (only) companies who can sell all parts of the application, from requirements to rollout (the consolidation that Bruce refers to).
Buy IBM, sell anti-virus companies. Ditch security professionals as contractors, re-employ them as permanent parts of your generalist team, if they are general enough. Integrate savvy people into your team, and encourage them to learn some security, too. Install books on secure programming on the bookshelf, uninstall security products.
Which still leaves a hair-splitting question of what the difference between security and X is. Well, back to my armchair for that one.
February 14, 2008
FC2008 -- report by Dani Nagy
This was my first time [writes Dani Nagy] at the annual Financial Cryptography and Data Security Conference, even though I have extensively used results published at this conference in my research. In short, it was very interesting from both a technical and a social point of view (as in learning new results and meeting interesting people from the field). And it was a lot of fun, too.
Pairing based cryptography seems to be all the rage in the fundamental crypto research department. Secure Function Evaluation seems to be slowly inching from pure theory into the realm of applicable techniques. But don't hold your breath, yet.
In between theory and practice, was Moty Yung's very entertaining invited talk about Kleptography -- using cryptographic techniques for offensive, malicious purposes, rather than defenses, typically against other cryptographic systems. As an example, he gave a public-private RSA key generation algorithm, which is indistinguishable from an honest, random one in a black box manner, and even if reverse engineered, the keys generated with it can be factored only with the effort of factoring a key half that long. The attacker, however, that pushes this key generation algorithm on unsuspecting victims, will be able to factor their keys with very little effort.
By sheer accident, I found myself on the panel about e-cash. The topic was the gap between real-life electronic cash and academic research. One rule was not to speak about one's own work. The participants were selected from different parts of the world and different walks of life. For me, the biggest news was that credit cards are not common at all in Japan. For most of the people, WebMoney (which was what I talked about) was a complete novelty; I, in turn, found it a bit surprising that WebMoney is almost entirely unknown among FC people. On the other hand, the reason is obvious: most of their publications, including scientific ones, are available only in Russian.
The rump session was a lot of fun, too. In the last minute, I decided to present the core of my other paper that was rejected. There were many different talks, with quite a bit of humor.
The other panel, about usability issues was also interesting, but my personal conclusion was that there's still a very long way to go, until Skype-like usability becomes the norm rather than odd exceptions. The completely wrong threat models of the 1990-es with all-powerful adversaries, men in the middle and completely trustworthy third parties are still to deeply entrenched in many people's thinking.
For future conferences, the goal is to attract more people with finance, business and law backgrounds, in addition to cryptography and CS, which still dominate almost exclusively, despite the fact that there is a growing realization that it is not necessarily the crypto part that makes or breaks FC solutions.
At the general meeting of IFCA, there were the usual voting-on-voting discussions and people not willing to take any responsibility for anything, but I sort of expected it. The important news is that the next island is Barbados and the one after that is, hopefully, Tenerife (this is what most voting members seem to prefer, including myself). The financial objective of having the cost of two conferences in the bank has not been achieved yet, but IFCA is getting there. The nightmare scenario is that a hurricane destroys the island AFTER EVERYTHING HAS BEEN PAID, and all registered participants still need to be refunded.
The conference hotel (Beach Resort El Cozumeleño) was excellent (except for one of the evening shows, which was horrible), the Internet access was reasonably good, the food was good, the sea and the weather were warm, so the overall impression is very positive. The various organized activities were fun, too, such as diving and snorkeling.
For those of us, who left some time before and/or after the conference for exploring, the Yucatan peninsula also offered numerous opportunities. But that was not strictly part of the conference.
Daniel A. Nagy
AgilEight, Security Architect
August 31, 2007
Identity news: Identity Forum, November 07 open for business, Second Life identifies with its users
Over at the Digital Identity Forum, they have announced this year's conference. London, 21-22 November. I have been to several of the series run by Consult-Hyperion, and can attest that they are worthwhile. Dave and companions do try very hard to cover a broad swathe of the difficult territory known as "Identity," without getting caught in the academic definitions trap that other conferences perpetually fall into.
Well recommended! And, by way of disclosure, I might be there myself, courtesy of a prize ticket.
To continue identifying with today's theme, over in Second Life, they have added an identity verification service. One blog thinks that this is a great move:
The possibilities are huge. Off the top of my head, I see contracts executed in-world, legal representation that starts in-world, and virtual world employment that goes beyond warming a camp chair. And that’s just the beginning.The important details are:
- Verification is voluntary.
- You can verify your age, location, gender, and/or name.
- You can do it piecemeal (e.g. just age, for access to restricted content).
- If you don’t verify age, you can’t access restricted parcels.
- It will be free at first, but there will be fees imposed later.
This other blog sounds warnings of skepticism:
The new system is called "Identity Verification (IDV)", a shift away from the old use of the term "age verification". The shift is significant, as the focus now is in finding out who its users are, rather than whether or not it's ok to let them in. None of this information will be stored by Linden Lab, but no such assurances have been given about what the service provider will do with your personal details once they have them.The service provider is Integrity, a subsidiary of Aristotle, a data-mining agency in the business of helping people run political campaigns. Users will have to trust that they won't ever use their personal details for anything that disagrees with their personal politics.
And other comments of how much of a failure the chosen service provider is.
I'll defer commenting on that one today. Frequent visitors to the world of FC can probably guess!
July 05, 2007
Metricon 2.0 -- Boston, 7.Aug.2007 -- talks announced
Gunnar Peterson writes The agenda for Metricon 2.0 in Boston August 7th has been set. Metricon is co-located with Usenix security conference. The details, travel info, registration, and agenda are here.
There are a limited number of openings so please REGISTER SOON if interested in attending. A summary of the presentations:
Consequence"
Rate Enterprise Software"
Visualizations"
The Read more....
July 04, 2007
CFP -- FC07 -- papers by 25th September
This is writes Radu Sion an advanced call for papers for the Financial Cryptography and Data Security Conference in Cozumel, Mexico, 28-31 January, 2008 (http://fc08.ifca.ai).
Financial Cryptography and Data Security is a major international forum for research, advanced development, education, exploration, and debate regarding information assurance in the context of finance and commerce. The conference covers all aspects of securing transactions and systems. Submissions focusing on both fundamental and applied real-world deployments are solicited.
This year, for the first time, we are also accepting submissions for posters and short papers. The poster session is the perfect venue to share a provocative opinion, interesting established or preliminary work, or a cool idea that will spark discussion. Poster presenters will benefit from a multi-hour session to discuss their work, get exposure, and receive feedback from attendees. The intention behind short papers (peer-reviewed) is to encourage authors to introduce work in progress, novel applications and corporate or industrial experiences. Short papers will be evaluated with a focus on novelty and potential for sparking participants' interest and future research avenues.
DATES
Submission: 25 September
Posters: 13 November
Panels: 13 November
April 24, 2007
WEIS2007 - Econ Info Sec - programme announced
Follows is the Programme for WEIS2007, the annual Workshop on Economics of Information Security to be held in June 7- 8, 2007, Pittsburgh, USA.
Session I - 8:30-10:30am (Disclosure),
The legitimate vulnerability market: the secretive world of 0-day exploit sales
Charles Miller, Independent Security Evaluators
Inadvertent Disclosure - Information Leaks in the Extended Enterprise
M. Eric Johnson and Scott Dynes, Dartmouth College
Network Security: Vulnerabilities and Disclosure Policy
Jay Pil Choi, Michigan State University,
Chaim Fershtman, Neil Gandal, Tel Aviv University
The Countervailing Incentive of Restricted Patch Distribution: Economic and Policy Implications
Mohammad S. Rahman Karthik Kannan, Mohit Tawarmalani, Purdue University
Session II - 11am-12pm (Privacy),
On the Viability of Privacy-Enhancing Technologies in a Self-Regulated Business-to-Consumer Market: Will Privacy Remain a Luxury Good?
Rainer Böhme and Sven Koble, Technische Universität Dresden
When 25 Cents is too much: An Experiment on Willingness-To-Sell and Willingness-To-Protect Personal Information
Jens Grossklags, University of California at Berkeley,
Alessandro Acquisti, Carnegie Mellon University
Keynote speech (George Loewenstein),
WEIS 2007 is delighted to host a keynote speech by Dr. George Loewenstein, Herbert A. Simon Professor of Economics and Psychology at Carnegie Mellon University.George Loewenstein is the Herbert A. Simon Professor of Economics and Psychology at Carnegie Mellon University. He received his PhD from Yale University in 1985 and since then has held academic positions at The University of Chicago and Carnegie Mellon University, and fellowships at Center for Advanced Study in the Behavioral Sciences, The Institute for Advanced Study in Princeton, The Russell Sage Foundation and The Institute for Advanced Study in Berlin. He is one of the founders of the field of behavioral economics and more recently of the new field of neuroeconomics. Loewenstein's research focuses on applications of psychology to economics, and his specific interests include decision making over time, bargaining and negotiations, psychology and health, law and economics, the psychology of adaptation, the role of emotion in decision making, the psychology of curiosity, conflict of interest, and "out of control" behaviors such as impulsive violent crime and drug addiction. He has published over 100 journal articles, numerous book chapters, and has edited 6 books on topics ranging from intertemporal choice to behavioral economics to emotions.
Session III - 2:-3:30pm (Security Investments),
Optimally Securing Enterprise Information Systems and Assets
Vineet Kumar, Rahul Telang, Tridas Mukhopadhyay, Carnegie Mellon University
Interdependence of Reliability and Security
Peter Honeyman, University of Michigan,
Galina A. Schwartz, University of California Berkeley,
Ari Van Assche, HEC Montréal
A Framework for Classifying and Comparing Models of Cyber Security Investment to Support Policy and Decision-Making
Rachel Rue, Shari Lawrence Pfleeger and David Ortiz, RAND Corporation
Session IV - 4-5:30pm (Managed security Service Providers),
Growth and sustainability of MSSP networks
Alok Gupta and Dmitry Zhdanov, University of Minnesota
Will Outsourcing IT Security Lead to a Higher Social Level of Security?
Brent Rowe, RTI International
Measuring Security Investment Benefit for Off the Shelf Software Systems - A Stakeholder Value Driven Approach
Yue Chen, Barry Boehm, Luke Sheppard, University of Southern California
Session I - 8:30-10am (Privacy-Personalization),
Incentive Design for Free but No Free Disposal Services: The Case of Personalization under Privacy Concerns
Ramnath K. Chellappa, Emory University Atlanta,
Shivendu Shivendu, University of Southern California
The Effect of Online Privacy Information on Purchasing Behavior: An Experimental Study
Janice Tsai, Serge Egelman, Lorrie Cranor, Alessandro Acquisti, Carnegie Mellon University
Economics of User Segmentation, Profiling, and Detection in Security
Srinivasan Raghunathan, Huseyin Cavusoglu, Byungwan Koh, The University of Texas at Dallas,
Bin Mai, Northwestern State University
Session II - 10:30am-12pm (Empirics of Information Security),
The Deterrent Effect of Enforcement Against Computer Hackers: Cross-Country Evidence
Ivan Png, Chen Yu Wang, National University of Singapore
An Empirical Analysis of the Current State of Phishing Attack and Defence
Tyler Moore and Richard Clayton, University of Cambridge
Privacy, Network Effects and Electronic Medical Record Technology Adoption
Amalia R. Miller, University of Virginia,
Catherine E. Tucker, MIT
Session IV 3- 4:30pm (Risk),
Mental Models of Computer Security Risks
Farzaneh Asgharpour, Debin Liu, L. Jean Camp, Indiana University
Cyber-Insurance: Copula Pricing Framework and Implications for Risk Management
Hemantha S. B. Herath, Brock University,
Tejaswini C. Herath, University at Buffalo
Strategic Defense and Attack of Complex Networks
Kjell Hausken, University of Stavanger
April 09, 2007
Metricon 2.0 -- Boston, 7.Aug.2007
Better be quick -- Gunnar posts that to get a talk idea into Metricon 2.0, you have to have it in by 11th May.
Second Workshop on Security Metrics (MetriCon 2.0)August 7, 2007 Boston, MA
Do you cringe at the subjectivity applied to security in every manner? If so, MetriCon 2.0 may be your antidote to change security from an artistic "matter of opinion" into an objective, quantifiable science. The time for adjectives and adverbs has gone; the time for hard facts and data has come.
MetriCon 2.0 is intended as a forum for lively, practical discussion in the area of security metrics. It is a forum for quantifiable approaches and results to problems afflicting information security today, with a bias towards practical, specific implementations. Topics and presentations will be selected for their potential to stimulate discussion in the Workshop.
MetriCon 2.0 will be a one-day event, Tuesday, August 7, 2007, ...
And I just posted over on EC that one needed slow, careful, critical thought to consider metrics and data...
January 10, 2007
Usable Security 2007 -- Preliminary Programme -- colocated with FC2007
Preliminary Programme for "USABLE SECURITY 2007" which is colocated with FC2007 below, again in "title-only-peer-review" mode.
An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks WSKE: Web Server Key Enabled Cookies (Panel) - The Future of Phishing Usability Analysis of Secure Pairing Methods Low-cost Manufacturing, Usability, and Security: An Analysis of Bluetooth Simple Pairing and Wi-Fi Protected Setup Empirical Studies on Software Notices to Inform Policy Makers and Usability Designers Prime III: Where Usable Security and Electronic Voting Meet (Panel) Building Trusted Systems: Does Trusting Computing Enable Trusted Systems?
Click to vote your interest: https://www.usablesecurity.org/accepted.html
(Ha! Finally someone else who supports encrypted web browsing. Hey, guys, can you fix the links so that they are relative and keep people in HTTPS?)
January 08, 2007
FC07 Preliminary Programme - Leaving Room for the Bad Guys
Mike Bond, an EMV researcher from Cambridge crypto labs and now Security Director at Cryptomathic, is giving the Kenote Address at FC. As it strongly rhymes with many of my rantings (GP, Pareto-secure, the hacker yin-yang relationship ...) here is the abstract in full. The other Invited Talk by Dawn Jutla also resonates with talk of end-to-end security and how Kherchhoffs' 6th says the user is the first requirement.
(Keynote - Mike Bond)Leaving Room for the Bad Guys
When designing a crypto protocol, or building a large security architecture, no competent designer ignores considering the bad guy, and anticipating his plans. But often we designers find ourselves striving to build totally secure systems and protocols -- in effect writing the bad guys entirely out of the equation. In a large system, when you exclude the bad guys, they soon muscle their way in elsewhere, and maybe in a new and worse way over which you may have much less control. A crypto protocol with no known weaknesses may be a strong tool, but when it does break, it will break in an unpredictable way.
This talk explores the hypothesis that it is safer and better for designers to give the bad guys their cut, but to keep it small, and keep in control. It may not just be our systems but also our protocol building blocks that should be designed to make room for the bad guy to take his cut. The talk is illustrated with examples of very successful systems with known weaknesses, drawn primarily from the European EMV payment system, and banking security in general. We also discuss a few "too secure" systems that end up failing in worse ways as a result.
(Invited Talk — Dawn Jutla)Title: Usable SPACE: Security, Privacy, and Context for the Mobile User
Users breach the security of data within many financial applications daily as human and/or business expediency to access and use information wins over corporate security policy guidelines. Recognizing that changing user context often requires different security mechanisms, we discuss end-to-end solutions combining several security and context mechanisms for relevant security control and information presentation in various mobile user situations. We illustrate key concepts using Dimitri Kanevsky's (IBM Research) early 2000s patented inventions for voice security and classification.
Curiously, these talks are the most encouraging for a long time. Does this signify a shift in IFCA focus away from academic crypto to practical security?
The rest of the programme I pass on in "title-only-peer-review-mode" so you can scan and click for anything that grabs attention.
Programme in title-only-peer-review-mode:
Vulnerabilities in First-Generation RFID-enabled Credit Cards Conditional E-Cash A Privacy-Protecting Multi-Coupon Scheme with Stronger Protection against Splitting (Panel) RFID - yes or no? A Model of Onion Routing with Provable Anonymity K-Anonymous Multi-party Secret Handshakes Using a Personal Device to Strengthen Password Authentication from an Untrusted Computer Scalable Authenticated Tree Based Group Key Exchange for Ad-Hoc Groups On Authentication with HMAC and Non-Random Properties Hidden Identity-Based Signatures Space-Efficient Private Search Cryptographic Securities Exchanges Improved multi-party contract signing Informant: Detecting Sybils Using Incentives Dynamic Virtual Credit Card Numbers The unbearable lightness of PIN cracking (Panel) Virtual Economies - Threats and Risks, Moderator The Motorola Personal Digital Right Manager Certificate Revocation using Fine Grained Certificate Space Partitioning An Efficient Aggregate Shuffle Argument Scheme
December 01, 2006
CFP - Computer Security Foundations
Twan says of WEIS: "Darn, why did I miss this workshop!? ... interesting stuff" Me too. Here's another one:
20th IEEE Computer Security Foundations Workshop (CSF)
Venice, Italy, July 6 - 8, 2007
Sponsored by the Technical Committee on Security and Privacy
of the IEEE Computer Society
CSF20 website: http://www.dsi.unive.it/CSFW20/
CSF home page: http://www.ieee-security.org/CSFWweb/
CSF CFP: http://www.cs.chalmers.se/~andrei/CSF07/cfp.html
The IEEE Computer Security Foundations Workshop (CSF) series brings together researchers in computer science to examine foundational issues in computer security. Over the past two decades, many seminal papers and techniques have been presented first at CSF. The CiteSeer Impact page lists CSF as 38th out of more than 1200 computer science venues in impact (top 3.11%) based on citation frequency. There is a possibility of upgrading CSF to an IEEE symposium already in 2007.
New theoretical results in computer security are welcome. Also welcome are more exploratory presentations, which may examine open questions and raise fundamental concerns about existing theories. Panel proposals are welcome as well as papers. Possible topics include, but are not limited to:
Authentication Access control Distributed systems
Information flow Trust and trust security
Security management Security for mobile
protocols Security models computing
Anonymity and Intrusion Executable content
Privacy detection Decidability and
Electronic voting Data and system complexity
Network security integrity Formal methods for
Resource usage Database security security
control Language-based
security
Proceedings published by the IEEE Computer Society Press will be available at the workshop, and selected papers will be invited for submission to the Journal of Computer Security.
Important Dates
Papers due: Monday, February 5, 2007 Panel proposals due: Thursday, March 15, 2007 Notification: Monday, March 26, 2007 Camera-ready papers: Friday, April 27, 2007 Workshop: July 6-8, 2007
Workshop Location
The 20th IEEE Computer Security Foundations Workshop will be held in the facilities of Venice International University, located on the island of San Servolo, about 10 minutes by water ferry from the Piazza San Marco.
More details: http://www.cs.chalmers.se/~andrei/CSF07/cfp.html
September 15, 2006
WESII - Programme - Economics of Securing the Information Infrastructure
The Workshop on the Economics of Securing the Information Infrastructure
http://wesii.econinfosec.org/
October 23-24, 2006
Washington, DC
PRELIMINARY PROGRAM & CALL FOR PARTICIPATION
...
9:00AM Panel - Economic Barriers and Incentives for DNSSEC Deployment
11:00AM Session 1
* Comparing the Costs of Public Key Authentication Infrastructures
* Economics of Internet Security Outsourcing: Simulation Results Based on the Schneier Model
* The Effect of Information Security Incidents on Corporate Values in the Japanese Stock Market
1:30PM Panel - Data Sources: Should we answer questions for which data is available, can we get more data, or can we do without?
3:30PM Session 2
* Toward A Dynamic Modeling Of The Vulnerability Black Market
* Toward One Strong National Breach Disclosure Law - Justification and Requirements
* Using Self-interest to Prevent Malice; Fixing the Denial of Service Flaw of the Internet
9:00AM Session 3
* A Closer Look at Attack Clustering
* Predictive Modelling for Security Operations Economics
* Assessing Trusted Network Access Control Cost-Benefit Factors
11:00AM Session 4
* The Statistical Value of Information
* On the Economic Placement of Monitors in Router Level Network Topologies
1:00PM Work-in-Progress (WIP) Session
* Economic Interpretation and a Simulation Exercise for Exploring Corporate Investments in Cyber Security
* Securing Our Data Storage Infrastructures
* A Neo-institutional Perspective on Cyber Attacks
* Beyond Media Hype: Empirical Analysis of Disclosed Privacy Breaches 2005-2006 and a DataSet/Database Foundation for Future Work
* Securing the Process of Insurance Application
* Evaluation of Information Security Investment Portfolios: A Probabilistic Approach
* Direct measurement of spam zombie activity in a residential broadband network
========================================================================
Hotel & Registration
========================================================================
*The WESII Hotel Reservation Deadline is September 20*
*Registration is now open*
========================================================================
Preliminary Program
========================================================================
For updates, see
Monday, October 23, 2006
9:00AM Panel
Economic Barriers and Incentives for DNSSEC Deployment
Moderator: Andy Ozment
Panelists: Sam Weiler, Steve Crocker, and more TBA
11:00AM Session 1
* Comparing the Costs of Public Key Authentication Infrastructures
Patroklos Argyroudis (University of Dublin, Trinity College)
Robert McAdoo (University of Dublin, Trinity College)
Donal O'Mahony (University of Dublin, Trinity College)
* Economics of Internet Security Outsourcing:
Simulation Results Based on the Schneier Model
William Yurcik (University of Illinois)
Wen Ding (University of Illinois)
* The Effect of Information Security Incidents on Corporate
Values in the Japanese Stock Market
Masaki Ishiguro (Mitsubishi Research Institute)
Hideyuki Tanaka (The Graduate School of
Interdisciplinary Information Studies),
Kanta Matsuura (Institute of Industrial Science,
University of Tokyo),
Ichiro Murase (Mitsubishi Research Institute)
1:30PM Panel
Data Sources:
Should we answer questions for which data is available,
can we get more data, or can we do without?
Moderator: Allan Friedman
Panelists: TBA
3:30PM Session 2
* Toward A Dynamic Modeling Of The Vulnerability Black Market
Jaziar Radianti (Agder University College)
Jose. J. Gonzalez (Agder University College)
* Toward One Strong National Breach Disclosure Law -
Justification and Requirements
William Yurcik (University of Illinois)
Ragib Hasan (University of Illinois at Urbana-Champaign)
* Using Self-interest to Prevent Malice;
Fixing the Denial of Service Flaw of the Internet
Bob Briscoe (BT & UCL)
Tuesday, October 24, 2006
9:00AM Session 3
* A Closer Look at Attack Clustering
Rainer Böhme (TU Dresden)
Gaurav Kataria (Carnegie Mellon University)
* Predictive Modelling for Security Operations Economics
Mike Yearworth (HP Labs)
Brian Monahan (HP Labs)
David Pym (HP Labs)
* Assessing Trusted Network Access Control Cost-Benefit Factors
Susmit Panjwani (Deviant Intelligence LLC)
Stephanie Tan (IBM)
11:00AM Session 4
* The Statistical Value of Information
Luther Martin (Voltage Security)
* On the Economic Placement of Monitors in
Router Level Network Topologies
Yongping Tang (Iowa State University)
Thomas E. Daniels (Iowa State University)
1:00PM Work-in-Progress (WIP) Session
* Economic Interpretation and a Simulation Exercise for
Exploring Corporate Investments in Cyber Security
Jonathan Crawford (University of Virginia)
Kenneth G. Crowther (University of Virginia)
Barry Horowitz (University of Virginia)
James Lambert (University of Virginia)
* Securing Our Data Storage Infrastructures
Bob Mungamuru (Stanford University)
Hector Garcia-Molina (Stanford University)
* A Neo-institutional Perspective on Cyber Attacks
Nir Kshetri (University of North Carolina--Greensboro)
* Beyond Media Hype: Empirical Analysis of Disclosed Privacy
Breaches 2005-2006 and a DataSet/Database Foundation for Future Work
Ragib Hasan (University of Illinois at Urbana-Champaign)
William Yurcik (University of Illinois)
* Securing the Process of Insurance Application
Vincent Wolff-Marting (University of Leipzig)
André Köhler (University of Leipzig)
Volker Gruhn (University of Leipzig)
* Evaluation of Information Security Investment Portfolios:
A Probabilistic Approach
Tae-Sung Kim (Chungbuk National University)
Chandrasekhar Subramaniam (UNC Charlotte),
Sungjune Park (UNC Charlotte),
Ram Kumar (UNC Charlotte)
* Direct measurement of spam zombie activity in a
residential broadband network
Geoff Bennett (StreamShield)
Brian Webb (BT Retail)
========================================================================
Program Committee
========================================================================
Alessandro Acquisti Carnegie Mellon University
Heinz School of Public Policy & Management
Ross Anderson University of Cambridge
Jean Camp Indiana University
Huseyin Cavusoglu University of Texas at Dallas
Richard Clayton University of Cambridge
Steve Crocker Shinkuro / DNSSEC Deployment Working Group
Ben Edelman Harvard University Department of Economics
Allan Friedman Harvard University
Kennedy School of Government
Adam M. Golodner Cisco Systems
Larry Gordon University of Maryland
Smith School of Business
Yacov Haimes University of Virginia
Cathy Handley U.S. Department of Commerce, National
Telecommunications & Information Administration
Barry Horowitz University of Virginia
Richard Hovey U.S. Federal Communications Commission (FCC)
Jeff Hunker Carnegie Mellon University
Heinz School of Public Policy & Management
M. Eric Johnson The Tuck School of Business at Dartmouth College
Jeffrey M. Kopchik U.S. Federal Deposit Insurance Corporation (FDIC)
Technology Supervision Branch
Steve Lipner Microsoft
Marty Loeb University of Maryland
Smith School of Business
Doug Maughan U.S. Department of Homeland Security (DHS)
Science and Technology Directorate
Doug Montgomery U.S. National Institute of Standards & Technology
Internetworking Technologies Group
Milton Mueller Syracuse University School of Information Studies
Andrew Odlyzko University of Minnesota
Andy Ozment MIT Lincoln Laboratory / University of Cambridge
Shari Lawrence Pfleeger RAND Corporation
Stuart Schechter MIT Lincoln Laboratory
Bruce Schneier Counterpane Internet Security
Rahul Telang Carnegie Mellon University
Heinz School of Public Policy & Management
Andrew Wyckoff Organisation for Economic Cooperation and
Development (OECD)
Bill Yurcik National Center for Supercomputing Applications
(NCSA)
========================================================================
Workshop Sponsors
========================================================================
The Institute for Information Infrastructure Protection (I3P)
The Workshop on the Economics of Information Security (WEIS)
________________________________________________________________________
Economics of Information Security (EIS) Mailing List Information
We retried your name from either the author/attendee lists of one of the
previous workshops on the economics of information security (WEIS) or
through the suggestion of a member of the WEIS steering committee.
This list will never be used for commercial purposes and we will work to
ensure traffic is kept to a minimum (no more than 10 messages per year).
If you would prefer not to receive future emails about this or related
workshops, we apologize for this intrusion and offer you the following
options for unsubscribing:
1) Visit http://announce-list.econinfosec.org
2) Email stuart@econinfosec.org
FC'07 - call for papers - Financial Cryptography and Data Security
Call for Papers
FC'07: Financial Cryptography and Data Security
http://fc07.ifca.ai/
Eleventh International Conference
February 12-15, 2007
Lowlands, Scarborough, Trinidad and Tobago
Submissions Due Date: October 9, 2006, 11:59pm, EDT (UTC-4)
Program Chair: Sven Dietrich (Carnegie Mellon University)
General Chair: Rafael Hirschfeld (Unipay)
At its 11th year edition, Financial Cryptography and Data Security (FC'07) is a well established and major international forum for research, advanced development, education, exploration, and debate regarding security in the context of finance and commerce. We will continue last year's augmentation of the conference title and expansion of our scope to cover all aspects of securing transactions and systems. These aspects include a range of technical areas such as: cryptography, payment systems, secure transaction architectures, software systems and tools, fraud prevention, secure IT infrastructure, and analysis methodologies. Our focus will also encompass financial, legal, business, and policy aspects. Material both on theoretical (fundamental) aspects of securing systems,and on secure applications and real-world deployments will be considered.
...
http://fc07.ifca.ai/
The conference goal is to bring together top cryptographers, data-security
specialists, and computer scientists with economists, bankers,
implementers, and policy makers. Intimate and colorful by tradition, the
FC'07 program will feature invited talks, academic presentations,
technical demonstrations, and panel discussions.
This conference is organized annually by the International Financial
Cryptography Association (IFCA).
Original papers, surveys, and presentations on all aspects of financial
and commerce security are invited. Submissions must have a strong and
visible bearing on financial and commerce security issues, but can be
interdisciplinary in nature and need not be exclusively concerned with
cryptography or security. Possible topics for submission to the various
sessions include, but are not limited to:
Anonymity and Privacy
Auctions
Audit and Auditability
Authentication and Identification, including Biometrics
Certification and Authorization
Commercial Cryptographic Applications
Commercial Transactions and Contracts
Digital Cash and Payment Systems
Digital Incentive and Loyalty Systems
Digital Rights Management
Financial Regulation and Reporting
Fraud Detection
Game Theoretic Approaches to Security
Identity Theft, Phishing and Social Engineering
Infrastructure Design
Legal and Regulatory Issues
Microfinance and Micropayments
Monitoring, Management and Operations
Reputation Systems
RFID-Based and Contactless Payment Systems
Risk Assessment and Management
Secure Banking and Financial Web Services
Securing Emerging Computational Paradigms
Security and Risk Perceptions and Judgments
Security Economics
Smart Cards and Secure Tokens
Trust Management
Trustability and Trustworthiness
Underground-Market Economics
Virtual Economies
Voting system security
For those interested, last year's proceedings are available from Springer.
Submission Instructions
Submission Categories
FC'07 is inviting submissions in four categories: (1) research papers, (2)
systems and applications presentations, (3) panel sessions, (4) surveys.
For all accepted submissions, at least one author must attend the
conference and present the work.
Research Papers
Research papers should describe novel scientific contributions to the
field, and they will be subject to rigorous peer review. Accepted
submissions will be included in the conference proceedings to be published
in the Springer-Verlag Lecture Notes in Computer Science (LNCS) series
after the conference, so the submissions must be formatted in the standard
LNCS format (15 page limit).
Systems and Application Presentations
Submissions in this category should describe novel or successful systems
with an emphasis on secure digital commerce applications. Presentations
may concern commercial systems, academic prototypes, or open-source
projects for any of the topics listed above. Where appropriate, software
or hardware demonstrations are encouraged as part of the presentations in
these sessions. Submissions in this category should consist of a short
summary of the work (1-6 pages in length) to be reviewed by the Program
Committee, along with a short biography of the presenters. Accepted
submissions will be presented at the conference (25 minutes per
presentation), and a one-page abstract will be published in the conference
proceedings.
Panel Sessions
Proposals for panel sessions are also solicited, and should include a
brief description of the panel as well as prospective participants.
Accepted panel sessions will be presented at the conference, and each
participant will contribute a one-page abstract to be published in the
conference proceedings.
Surveys
A limited number of surveys presentations may also be included in the
program. We encourage submissions that summarize the current state of the
art on any well-defined subset of the above listed submission topics. A
limited description of visions on future directions of research in these
topics would also be appreciated. Survey submissions can be significantly
shorter than research paper submissions.
Preparation Instructions
Submissions to the research papers, systems/application presentation
categories, and surveys must be received by the due date. Papers must be
formatted in standard PostScript or PDF format. Submissions in other
formats will be rejected. All papers must be submitted electronically
according to the instructions and forms found on this web site and at the
submission site.
Authors should provide names and affiliations at submission time, and have
the option of including or not names and affiliations in their submitted
papers, that must include on their first page the title of the paper, a
brief abstract, and a list of topical keywords. Accepted submissions will
be included in the conference proceedings to be published in the
Springer-Verlag Lecture Notes in Computer Science (LNCS) series after the
conference, so the submissions must be formatted in the standard LNCS
format (15 page limit). Authors of accepted submissions will be required
to complete and sign an IFCA copyright form. A pre-proceedings volume
containing preliminary versions of the papers will be distributed at the
conference.
Questions about all conference submissions should be directed to the
Program Chair at fc07chair@cert.org.
Paper Submission
Authors should only submit work that does not substantially overlap with
work that is currently submitted or has been accepted for publication to a
conference with proceedings or a journal.
To submit your paper, use our online submission service..
The Rump Session
FC'07 will also include the popular "rump session" held on one of the
evenings in an informal, social atmosphere. The rump session is a program
of short (5-7 minute), informal presentations on works in progress,
off-the-cuff ideas, and any other matters pertinent to the conference. Any
conference attendee is welcome to submit a presentation to the Rump
Session Chair (to be announced). This submission should consist of a talk
title, the name of the presenter, and, if desired, a very brief abstract.
Submissions may be sent via e-mail, or submitted in person through the
Monday of the conference.
Associated Workshop
There will be a Usability Workshop held in conjunction with FC 2007.
Program Committee
Alessandro Acquisti, Carnegie Mellon University
Jon Callas, PGP Corporation
Yvo Desmedt, University College London
Giovanni di Crescenzo, Telcordia Technologies
Roger Dingledine, The Free Haven Project
Bernhard Esslinger, Deutsche Bank
Philippe Golle, PARC
Klaus Kursawe, Philips Research Eindhoven
Arjen Lenstra, EPFL
Patrick McDaniel, Penn State University
Tatsuaki Okamoto, NTT
Kazue Sako, NEC
Radu Sion, SUNY Stony Brook
Stuart Stubblebine, Stubblebine Consulting
Paul Syverson, NRL
Mike Szydlo, RSA
Jonathan Trostle, ASK Consulting and Research
Moti Yung, RSA & Columbia University
Yuliang Zheng, University of North Carolina at Charlotte
Important Dates:
Paper Submission: October 9, 2006
Notification: December 11, 2006
Pre-Proceedings: January 11, 2007
Conference dates: February 12-15, 2007
Post Proceedings: April 10, 2007
August 10, 2006
Usable Security (USEC'07)
Rachna writes: I am organizing a workshop on usable security that will be held in conjunction with Financial Cryptography and Data Security (FC'07). I encourage people on this list to submit their work and/or to attend the workshop!
Thanks,
Rachna
FIRST CALL FOR PAPERSUsable Security (USEC'07)
http://www.usablesecurity.org/February 15-16, 2007
Lowlands, Scarborough, Trinidad/TobagoA workshop co-located with
The Eleventh Conference on Financial Cryptography and Data Security (FC'07)Submissions Due Date: November 5, 2006, 11:59pm, PST
Some of the most challenging problems in designing and maintaining secure systems involve human factors. A great deal remains to be understood about users' capabilities and motivations to perform security tasks. Usability problems have been at the root of many widely reported security failures in high-stakes financial, commercial and voting applications.
USEC'07 seeks submissions of novel research from academia and industry on all theoretical and practical aspects of usable security in the context of finance and commerce. The workshop will bring together an interdisciplinary group of researchers and practitioners, allowing experts in human-computer interaction, cryptography, data security and public policy to explore emerging problems and solutions.
(Editorial comment -- it is good to see the arisal of more polymath conferences, which is where much of the work will be done in risks and security in the future.)
July 29, 2006
FC'07 - call for papers
FC'07: Financial Cryptography and Data Security
http://fc07.ifca.ai/
Eleventh International Conference
February 12-15, 2007
Lowlands, Scarborough, Trinidad and Tobago
Submissions Due Date: October 9, 2006, 11:59pm, EDT (UTC-4)
Program Chair: Sven Dietrich (Carnegie Mellon University)
General Chair: Rafael Hirschfeld (Unipay)
At its 11th year edition, Financial Cryptography and Data Security (FC'07) is a well established and major international forum for research, advanced development, education, exploration, and debate regarding security in the context of finance and commerce. We will continue last year's augmentation of the conference title and expansion of our scope to cover all aspects of securing transactions and systems. These aspects include a range of technical areas such as: cryptography, payment systems, secure transaction architectures, software systems and tools, fraud prevention, secure IT infrastructure, and analysis methodologies. Our focus will also encompass financial, legal, business, and policy aspects. Material both on theoretical (fundamental) aspects of securing systems,and on secure applications and real-world deployments will be considered.
...
The conference goal is to bring together top cryptographers, data-security
specialists, and computer scientists with economists, bankers, implementers,
and policy makers. Intimate and colorful by tradition, the FC'07 program
will feature invited talks, academic presentations, technical
demonstrations, and panel discussions.
This conference is organized annually by the International Financial
Cryptography Association (IFCA).
Original papers, surveys, and presentations on all aspects of financial and
commerce security are invited. Submissions must have a strong and visible
bearing on financial and commerce security issues, but can be
interdisciplinary in nature and need not be exclusively concerned with
cryptography or security. Possible topics for submission to the various
sessions include, but are not limited to:
Anonymity and Privacy
Auctions
Audit and Auditability
Authentication and Identification, including Biometrics
Certification and Authorization
Commercial Cryptographic Applications
Commercial Transactions and Contracts
Digital Cash and Payment Systems
Digital Incentive and Loyalty Systems
Digital Rights Management
Financial Regulation and Reporting
Fraud Detection
Game Theoretic Approaches to Security
Identity Theft, Physhing and Social Engineering
Infrastructure Design
Legal and Regulatory Issues
Microfinance and Micropayments
Monitoring, Management and Operations
Reputation Systems
RFID-Based and Contactless Payment Systems
Risk Assessment and Management
Secure Banking and Financial Web Services
Securing Emerging Computational Paradigms
Security and Risk Perceptions and Judgments
Security Economics
Smart Cards and Secure Tokens
Trust Management
Trustability and Trustworthiness
Underground-Market Economics
Virtual Economies
Voting system security
For those interested, last year's proceedings are available from Springer.
Submission Instructions
Submission Categories
FC'07 is inviting submissions in four categories: (1) research papers, (2)
systems and applications presentations, (3) panel sessions, (4) surveys. For
all accepted submissions, at least one author must attend the conference and
present the work.
Research Papers
Research papers should describe novel scientific contributions to the field,
and they will be subject to rigorous peer review. Accepted submissions will
be included in the conference proceedings to be published in the
Springer-Verlag Lecture Notes in Computer Science (LNCS) series after the
conference, so the submissions must be formatted in the standard LNCS format
(15 page limit).
Systems and Application Presentations
Submissions in this category should describe novel or successful systems
with an emphasis on secure digital commerce applications. Presentations may
concern commercial systems, academic prototypes, or open-source projects for
any of the topics listed above. Where appropriate, software or hardware
demonstrations are encouraged as part of the presentations in these
sessions. Submissions in this category should consist of a short summary of
the work (1-6 pages in length) to be reviewed by the Program Committee,
along with a short biography of the presenters. Accepted submissions will be
presented at the conference (25 minutes per presentation), and a one-page
abstract will be published in the conference proceedings.
Panel Sessions
Proposals for panel sessions are also solicited, and should include a brief
description of the panel as well as prospective participants. Accepted panel
sessions will be presented at the conference, and each participant will
contribute a one-page abstract to be published in the conference
proceedings.
Surveys
A limited number of surveys presentations may also be included in the
program. We encourage submissions that summarize the current state of the
art on any well-defined subset of the above listed submission topics. A
limited description of visions on future directions of research in these
topics would also be appreciated. Survey submissions can be significantly
shorter than research paper submissions.
Preparation Instructions
Submissions to the research papers, systems/application presentation
categories, and surveys must be received by the due date. Papers must be
formatted in standard PostScript or PDF format. Submissions in other formats
will be rejected. All papers must be submitted electronically according to
the instructions and forms found on this web site and at the submission
site.
Authors should provide names and affiliations at submission time, and have
the option of including or not names and affiliations in their submitted
papers, that must include on their first page the title of the paper, a
brief abstract, and a list of topical keywords. Accepted submissions will be
included in the conference proceedings to be published in the
Springer-Verlag Lecture Notes in Computer Science (LNCS) series after the
conference, so the submissions must be formatted in the standard LNCS format
(15 page limit). Authors of accepted submissions will be required to
complete and sign an IFCA copyright form. A pre-proceedings volume
containing preliminary versions of the papers will be distributed at the
conference.
Questions about all conference submissions should be directed to the Program
Chair at fc07chair@cert.org
Paper Submission
Authors should only submit work that does not substantially overlap with
work that is currently submitted or has been accepted for publication to a
conference with proceedings or a journal.
Paper submission will occur via website to be announced at a later time.
The Rump Session
FC'07 will also include the popular "rump session" held on one of the
evenings in an informal, social atmosphere. The rump session is a program of
short (5-7 minute), informal presentations on works in progress,
off-the-cuff ideas, and any other matters pertinent to the conference. Any
conference attendee is welcome to submit a presentation to the Rump Session
Chair (to be announced). This submission should consist of a talk title, the
name of the presenter, and, if desired, a very brief abstract. Submissions
may be sent via e-mail, or submitted in person through the Monday of the
conference.
Associated Workshop
There will be a Usability Workshop held in conjunction with FC 2007. Details
will be published at a later time.
Program Committee
Alessandro Acquisti, Carnegie Mellon University
Jon Callas, PGP Corporation
Yvo Desmedt, University College London
Giovanni di Crescenzo, Telcordia Technologies
Roger Dingledine, The Freehaven Project
Bernhard Esslinger, Deutsche Bank
Philippe Golle, PARC
Klaus Kursawe, Philips Research Eindhoven
Arjen Lenstra, EPFL
Patrick McDaniel, Penn State University
Tatsuaki Okamoto, NTT
Kazue Sako, NEC
Radu Sion, SUNY Stony Brook
Stuart Stubblebine, Stubblebine Consulting
Paul Syverson, NRL
Mike Szydlo, RSA
Jonathan Trostle, ASK Consulting and Research
Moti Yung, RSA & Columbia University
Yuliang Zheng, University of North Carolina at Charlotte
Important Dates:
Paper Submission: October 9, 2006
Notification: December 11, 2006
Pre-Proceedings: January 11, 2007
Conference dates: February 12-15, 2007
Post Proceedings: April 10, 2007
May 24, 2006
CFP - W. Economics of Securing the Information Infrastructure
October 23-24, 2006 Washington, DC
SECOND CALL FOR PAPERS
Our information infrastructure suffers from decades-old vulnerabilities, from the low-level algorithms that select communications routes to theapplication-level services on which we are becoming increasingly dependent. Are we investing enough to protect our infrastructure? How can we best overcome the inevitable bootstrapping problems that impede efforts to add security to this infrastructure? Who stands to benefit and who stands to lose as security features are integrated into these basic services? How can technology investment decisions best be presented to policymakers?
We invite infrastructure providers, developers, social scientists, computer scientists, legal scholars, security engineers, and especially policymakers to help address these and other related questions. Authors of accepted papers will have the opportunity to present their work to government and corporate policymakers. We encourage collaborative research from authors in multiple fields and multiple institutions.
Submissions Due: August 6, 2006 (11:59PM PST)
March 28, 2006
Call for Nominations - 2006 PET AWARD
You are invited to submit nominations to the 2006 PET Award.
The PET Award is presented annually to researchers who have made an outstanding contribution to the theory, design, implementation, or deployment of privacy enhancing technology. It is awarded at the annual Privacy Enhancing Technologies Workshop (PET). The PET Award carries a prize of 3000 Euros thanks to the generous support of Microsoft.
Any paper by any author written in the area of privacy enhancing technologies is eligible for nomination. However, the paper must have appeared in a refereed journal, conference, or workshop with published proceedings in the period that goes from the end of the penultimate PET Workshop (the PET workshop prior to the last PET workshop that has already occurred: i.e. June 2004) until April 15th, 2006. The complete Award rules including eligibility requirements can be found at http://petworkshop.org/award/.
Anyone can nominate a paper by sending an email message containing the following to award-chairs06@petworkshop.org:
- Paper title
- Author(s)
- Author(s) contact information
- Publication venue
- A nomination statement of no more than 250 words.
All nominations must be submitted by April 15th, 2006. A seven-member Award committee will select one or two winners among the nominations received. Winners must be present at the PET workshop in order to receive the Award. This requirement can be waived only at the discretion of the PET Advisory board.
2006 Award Committee:
- Alessandro Acquisti (chair), Carnegie Mellon University, USA
- Roger Dingledine (co-chair), The Free Haven Project, USA
- Ram Chellappa, Emory University, USA
- Lorrie Cranor, Carnegie Mellon University, USA
- Rosario Gennaro, IBM Research, USA
- Ian Goldberg, Zero Knowledge Systems, Canada
- Markus Jakobsson, Indiana University at Bloomington, USA
More information about the PET award (including past winners) is available at http://petworkshop.org/award/.
More information about the 2006 PET workshop is available at http://petworkshop.org/2006/.
-----------------------
Alessandro Acquisti
Heinz School, Carnegie Mellon University
(P) 412 268 9853
(F) 412 268 5339
http://www.heinz.cmu.edu/~acquisti
-----------------------
March 20, 2006
Digital Money 29th, 30th
Digital Money is coming up, 29th and 30th March. Always good for a visit.
The goal of the Forum is to encourage discussion and debate around the real issues at the heart of electronic identity [sic - must be digital money] in all its forms. In addition to this Forum, every autumn we organise the annual Digital Identity Forum (see the web site at www.digitalidforum.com for more details), the sister event to the Digital Money Forum.
There are several great things about the Hyperion conferences. Firstly, Dave and the team work hard to keep the commercial presentations down to a minimum. Next, he casts out looking for up and coming trends including the wild and woolly social experiments. Lastly, there's usually a great book giveaway!
Talks I'd travel some distance for, if I could:
Replacing Cash with Mobile Phones
Susie Lonie, Vodafone
A case study on the African M-PESA schemeCurrency for Kids
Jonathan Attwood, Swap-it-Shop UK
The UK's "eBay for kids"Cross-Border Funds Transfer before the Internet - The ransom of King Richard
David Boyle, Author of "Blondel's Song"
November 06, 2005
ACM Interactions - special issue on Security
Submissions Deadline: February 1st, 2006
Publications Issue: May+June 2006 Issue
PDF: here but please note that it causes lockups.
Interactions is published bi-monthly by the Association for Computer Machinery (ACM) for designers of interactive products. It is a magazine that balances articles written for professionals and researchers alike providing broad coverage of topics relevant to the HCI community.
The May+June 2006 issue of Interactions is dedicated to the user experience around security in information systems. Designing systems that are both secure and usable offers unique challenges to interaction designers. System complexity, user acceptance and compliance, and decisions about protection versus convenience all factor into the design process and resulting effectiveness of security systems in the hands of users.
Interactions invites authors to submit case studies and articles related to the security user experience. Papers should be written in a reader-friendly magazine style and tone as opposed to a conference proceedings or journal style (no abstracts, appendicies, etc).
Relevant contributions will address issues related, but not limited to, the following:
- Interaction design of systems with usable security and user trust as primary goals
- Innovative methods for conducting user experience evaluations on user trust or security systems
- Novel user interfaces or interaction methods for security systems
- Basic principles of psychology of user-security interaction
- Best practices and interaction guidelines in the design of secure and trustworthy systems
- Field research related to user-security interaction in the wild
- Social and/or philosophical issues related to security, trust, and the user experience
Interactions invites papers in the following two formats:
- Case Studies 7-9 pages. Case Studies are reports on experiences gained and lessones learned designing, using, or studying security components/systems or techniques. They take a comprehensive view of a problem from requirements analysis through design, implementation, and use.
- Articles 1-3 pages. Articles are much shorter and broader case studies and may present research findings, points of view, social or philosophical inquiries, novel interface designs, or other information relevant to the HCI community regarding security and the user experience.
Papers that appear in Interactions are archived in the ACM Digital Library and available online. The Special Issue on Security will appear in the May+June 2006 issue of Interactions and the deadline for submissions is February 1st, 2006.
For more information about submission guidelines or appropriate topics, contact ryan.west@sas.com.
November 04, 2005
CFP for iTrust in May 2006
iTrust closes for submitted papers in a couple of weeks - November 18, 2005. The conference itself is on 16th-19th May 2006, and is in Tuscanny in Italy. As it aspires to be cross-disciplinary and involved in all aspects of "trust" over the net, it is actually quite close to Financial Cryptography. Here's the blurb, click on the site for the rest:
Call for PapersThe iTrust international Conference looks at trust from multidisciplinary perspectives: economic, legal, psychology, philosophy, sociology as well as information technology.
Building upon the work of the IST iTrust working group (http://www.itrust.uoc.gr) and the success of the three previous iTrust International conferences, the aims of iTrust'2006 are to attract a critical mass of experts from industry, government and academia with a keen interest in the area of trust management.
The objectives of the Conference are:
- To facilitate the cross-disciplinary investigation of fundamental issues underpinning computational trust models by bringing together expertise from technology oriented sciences, law, philosophy and social sciences.
- To facilitate the emergence of widely acceptable trust management processes for dynamic open systems and applications.
- To facilitate the development of new paradigms in the area of dynamic open systems which effectively utilize computational trust models.
To facilitate the integration of new trust management paradigms and emerging architectures for Grid computing and Virtual Organizations.- To help the incorporation of trust management elements in existing standards.
Topics of Interest:Full technical papers contributing to the issue of trust management are solicited in the relevant areas, including but not limited to:
- The legal notion of trust in computer science and engineering
- Requirements and methodologies to ensure that the user can reasonably trust the functioning of software systems
- Trust management frameworks for secure collaborations in dynamic Virtual Organisations
- Design of trust-based architectures and decision-making mechanisms for e-community and e-service interactions
- Trust specification, analysis and reasoning
- Dynamics of trust dispositions and relations
- Realization of prototypes of software architectures and applications
- Trust elements in contract negotiation, execution monitoring, re-negotiation and arbitration
- Legal contribution to trust in technological infrastructures and interactions: the on-line identification of subjects, the evaluation of their reliability, data protection, security, privacy and, confidentiality, commercial transactions, the resolution of disputes, software agents, and management of access to source code
- Trust in interaction and cooperation mediated through computer and network, and the balance of control and intervention
- Research in on-line trust, the trust of the consumer towards the web sites of distribution companies
- Analysis of the relationship between trust and such notions as Confidence, distrust, diffidence, expectation, risk, and reliance
Important Dates
Submission of papers: November 18, 2005
Notification of paper acceptance: January 13, 2006
Submission of final camera ready version: February 17, 2006Submissions must be original and must not have been submitted for publication elsewhere. Submission will be through the web. Available soon.
The proceedings of the Conference will be published by Springer in the Lecture Notes in Computer Science series (under negotiation). Submissions must be in English and authors should ensure that papers are formatted according to the LNCS format (see author's instructions given on the Conference Web site). Full technical papers should not exceed 15 pages in the abovementioned format.
Contact: itrust06@iit.cnr.it
October 13, 2005
Conferences coming up... and this weekend is Pooool
Conferences coming up soon - close of submission dates, in order of how close they are:
- I/S cybersecurity review - closed at the beginning of October but Jean says rush it to him this weekend at latest...
- FC returns to Anguilla end of Feb - the closing date is
17th20th October - * FIRST Baltimore, USA - the closing date is 31st October
- iTrust next May in Italy: closing date is November 18.
- * Eurocrypt, St Petersburg Russia, May/June 2006: closing November 30, 2006
- Codecon, california, Feb 2006 - closing on 15th December.
- * Journal of Strategic Information Systems: Special Issue on Privacy and Security: closing January 15, 2006
- * NEW2AN 2006, St Petersburg Russia, May/June 2006: closing January 16, 2006
- * ACM Interactions: Special Issue on Security: closing February 1st, 2006
- Workshop on Econ and Info Security, England, June 2006: closing 20th March
If anybody has any others specifically for FC style topics let me know. * means I added it after first blog posting.
If you are in Austria over the next couple of weekends, check out Pooool in Vienna's Museum Quarter. It's an open event that brings together an interesting polymath crowd of artists, business and software people to explore how to better match artistic needs to business needs and the technology of the net.
DRM in other words, but done from the point of view of sharing not exploiting. The difference between this attempt and others is that they are looking far deeper into property rights as agreements, and agreements as tradeable financial instruments for others like monies, and trading as market places for acquiring and creating new work. I've been asked to put my contracts experience into the mix, and it's a challenging project.
(If I find the link I'll post it, elsewise just read below for the full programme.)
Optical Machines for the New Collecting Society - Expo to the Future
october 8th to 23rd 2005
daily from 10a.m. to 10p.m
free entrance
Invitation for the creative culture, art colleges, advanced technical colleges, universities and cultural enterprises.
In the halls of the Museum Quarter's Freiraum pooool plays offers the first Expo for visualists, Users, research and developing institutions, art and culture enterprises as well as companies!
The areas of activity for the visual arts are infinite.
The exiting realm of visual media has scarcely begun!!
Where is the creative potential? Where are we going? What are the technical possibilities? How can the art-form be relevant for society? Where is the long-term advantage?
During the 10 days of this globally unique event pooool offers a survey of the diverse new forms of the Visual Arts and will inform through presentations, discussions and by experience and practice oriented exhibits. The utilization of the Visual Arts is advancing intensively the world over. Conscious awareness and commercial marketing obviously lag behind this progression.
With this Expo pooool will open a barely investigated universe. Get prepared.
pooool plays Incentive and Participation Program
You can register to join or participate in both group and individual presentations. Themes:
• visual media products, techniques and artists
• the diversity of products for mobile devices
(mobil phones, PDAs, MP3, 3GP..)
• experience applied examples for semi-public and public space.
(facades, interiors, Info-screens, visual wallpaper ...)
• Join the pool platform and participate! Upload your material to the pool data-archive. Bring your analog or digital visuals to the Expo!
• Perform with us! Work on and modify the visual material in the pooool databank or project on an architecture model. (A gigantic architecture model is available.)
Or you are looking for communication and would like to participate in
• exchanging experience and content with the local and international Visual Arts Scene
• gaining contact to artists and cultural institutions
• joining panel and round-table discussions, giving lectures on selected subjects
pooool podium
Especially the cultural and artistic aspects are of growing in importance for the future. Legal questions need to be clarified, contextual and commercial collaborations promoted and above all qualitative socio-political standards need evolve, that are not only serve public interests, but the artists as well. pool podium offers a broad discussion forum to this purpose.
Block 1 Visualists - october 9./10./11. sunday-tuesday
Monday 10.10./19h pooool Presentation and Discussion
Platform :: Archive, Label & Community
Julia Zdarsky MagArt. pooool co-founder and visualist from the very first.
Tuesday 11.10./ Phemos Lecture
Existing Technologies and Future Perspectives ::
Block 2 Publicities - october 14./15./16. friday-sunday
Friday 14.10. / 16h Lecture Followed by Discussion
inverted panopticum
Thomas Fürstner, Prof. University of Applied Arts, Vienna, Digital Arts
Oliver Bertram, Ass. Prof.. University of Applied Arts, Vienna
Monday 17.10/19 h pooool Campfire Winding ways through copyright and exploitation
Where are the approaches to fair exploitation models and clear copyright situations? We will address these questions within the scope of c-pooool.
Found around the campfire are
Elisabeth Vlasaty (Lawyer)
Roland Alton-Scheidl (International media group / cooperative)
Andreas Trawöger (Free Software Foundation)
Robert Stachel (Community TV Vienna)
Georg Pleger (Creative Commons Vienna, invited)
Block 3 Clients & Customers - october 21./22./23., friday-sunday
Industry
Music
registrar for program placement, group/individual presentations and participants:
Melissa Saavedra +43 / 699 / 10752218
info@pooool.net
pooool is a departure promoted project
August 03, 2005
FC conference returns to Anguilla
For the 2006 conference, the annual Financial Cryptography conference run by IFCA will return to Anguilla.
Crucial dates are: papers submitted by 17th October. Conference itself is 27th February to 2nd March (monday - thursday). The full announcement:
Call for Papers FC'06: Financial Cryptography and Data Security
http://fc06.ifca.ai/Tenth International Conference
February 27 to March 2, 2006
Anguilla, British West IndiesSubmissions Due Date: October 17, 2005
Program Chairs: Giovanni Di Crescenzo (Telcordia)
Avi Rubin (Johns Hopkins University)General Chair: Patrick McDaniel (Penn State University)
Local Arrangements Chair: Rafael Hirschfeld (Unipay Technologies)
At its 10th year edition, Financial Cryptography and Data Security (FC'06) is a well established and major international forum for research, advanced development, education, exploration, and debate regarding security in the context of finance and commerce. We will continue last year's augmentation of the conference title and expansion of our scope to cover all aspects of securing transactions and systems. These aspects include a range of technical areas such as: cryptography, payment systems, secure transaction architectures, software systems and tools, user and operator interfaces, fraud prevention, secure IT infrastructure, and analysis methodologies. Our focus will also encompass financial, legal, business and policy aspects. Material both on theoretical (fundamental) aspects of securing systems, on secure applications and real-world deployments will be considered.
The conference goal is to bring together top cryptographers, data-security specialists, and scientists with economists, bankers, implementers, and policy makers. Intimate and colorful by tradition, the FC'06 program will feature invited talks, academic presentations, technical demonstrations, and panel discussions. In addition, we will celebrate this 10th year edition with a number of initiatives, such as: especially focused session, technical and historical state-of-the-art panels, and one session of surveys.
This conference is organized annually by the International Financial Cryptography Association (IFCA).
Original papers, surveys and presentations on all aspects of financial and commerce security are invited. Submissions must have a visible bearing on financial and commerce security issues, but can be interdisciplinary in nature and need not be exclusively concerned with cryptography or security. Possible topics for submission to the various sessions include, but are not limited to:
Anonymity and Privacy Microfinance and Auctions Micropayments Audit and Auditability Monitoring, Management and Authentication and Operations Identification, including Reputation Systems Biometrics RFID-Based and Contactless Certification and Payment Systems Authorization Risk Assessment and Commercial Cryptographic Management Applications Secure Banking and Financial Commercial Transactions and Web Services Contracts Securing Emerging Digital Cash and Payment Computational Paradigms Systems Security and Risk Digital Incentive and Perceptions and Judgments Loyalty Systems Security Economics Digital Rights Management Smart Cards and Secure Financial Regulation and Tokens Reporting Trust Management Fraud Detection Trustability and Game Theoretic Approaches to Trustworthiness Security Underground-Market Economics Identity Theft, Physhing and Usability and Acceptance of Social Engineering Security Systems Infrastructure Design User and Operator Interfaces Legal and Regulatory Issues Voting system securitySubmission Instructions Submission Categories
FC'06 is inviting submissions in four categories: (1) research papers, (2) systems and applications presentations, (3) panel sessions, (4) surveys. For all accepted submissions, at least one author must attend the conference and present the work.
Research Papers
Research papers should describe novel scientific contributions to the field, and they will be subject to rigorous peer review. Papers can be a maximum of 15 pages in length (including references and appendices), and accepted submissions will be published in full in the conference proceedings.
Systems and Application Presentations
Submissions in this category should describe novel or successful systems with an emphasis on secure digital commerce applications. Presentations may concern commercial systems, academic prototypes, or open-source projects for any of the topics listed above. Where appropriate, software or hardware demonstrations are encouraged as part of the presentations in these sessions. Submissions in this category should consist of a short summary of the work (1-6 pages in length) to be reviewed by the Program Committee, along with a short biography of the presenters. Accepted submissions will be presented at the conference (25 minutes per presentation), and a one-page abstract will be published in the conference proceedings.
Panel Sessions
Proposals for panel sessions are also solicited, and should include a brief description of the panel as well as prospective participants. Accepted panel sessions will be presented at the conference, and each participant will contribute a one-page abstract to be published in the conference proceedings.
Surveys
A limited number of surveys presentations may also be included in the program. We encourage submissions that summarize the current state of the art on any well-defined subset of the above listed submission topics. A limited description of visions on future directions of research in these topics would also be appreciated. Survey submissions can be significantly shorter than research paper submissions.
Preparation Instructions
Submissions to the research papers, systems/application presentation categories and surveys must be received by the due date. Papers must be formatted in standard PostScript, PDF format, or MS Word. Submissions in other formats will be rejected. All papers must be submitted electronically according to the instructions and forms found on this web site and at the submission site.
Authors should provide names and affiliations at submission time, and have the option of including or not names and affiliations in their submitted papers, that must include on their first page the title of the paper, the a brief abstract, and a list of topical keywords. Accepted submissions will be included in the conference proceedings to be published in the Springer-Verlag Lecture Notes in Computer Science (LNCS) series after the conference, so the submissions must be formatted in the standard LNCS format (15 page limit). Authors of accepted submissions will be required to complete and sign an IFCA copyright form. A pre-proceedings volume containing preliminary versions of the papers will be distributed at the conference.
Questions about all conference submissions should be directed to the Program Chairs.
Paper Submission
Authors should only submit work that does not substantially overlap with work that is currently submitted or has been accepted for publication to a conference with proceedings or a journal.
Please check back as the deadline approaches for a link to the submission server.
The Rump Session
FC'06 will also include the popular "rump session" held on one of the evenings in an informal, social atmosphere. The rump session is a program of short (5-7 minute), informal presentations on works in progress, off-the-cuff ideas, and any other matters pertinent to the conference. Any conference attendee is welcome to submit a presentation to the Rump Session Chair (to be announced). This submission should consist of a talk title, the name of the presenter, and, if desired, a very brief abstract. Submissions may be sent via e-mail, or submitted in person through the Monday of the conference.
Program Committee
Matt Blaze, University of Pennsylvania
Alfredo De Santis, University of Salerno, Italy
Sven Dietrich, CERT Research Center
Juan Garay, Bell Labs
Dan Geer, Verdasys
Ari Juels, RSA
Aggelos Kiayias, University of Connecticut
Yoshi Kohno, University of California San Diego
Arjen Lenstra, Bell Labs and Technische Universiteit Eindhoven
Helger Lipmaa, Cybernetica AS and University of Tartu
Steve Myers, Indiana University
Andrew Odlyzko, University of Minnesota
Tatsuaki Okamoto, NTT
Carles Padro, Universitat Politecnica de Catalunya
Andrew Patrick, NRC, Canada
Ahmad-Reza Sadeghi, Ruhr-University Bochum
Kazue Sako, NEC
Dawn Song, CMU
Stuart Stubblebine, University of California Davis & Stubblebine Labs
Adam Stubblefield, Independent Security Evaluators
Paul Syverson, NRL
Mike Szydlo, RSA
Gene Tsudik, University of California Irvine
Doug Tygar, Berkeley University
Alma Whitten, Google
Yacov Yacobi, Microsoft Research
Moti Yung, RSA & Columbia University
Yuliang Zheng, University of North CarolinaImportant Dates:
Paper Submission: October 17, 2005
Notification: December 8th, 2005
Pre-Proceedings: January 27th, 2005
Conference dates: February 27 to March 2, 2006
Post Proceedings: April 10, 2006
April 17, 2005
Conferences as Scams
For some reason I kept getting mailed about a conference called "Systemics, Cybernetics and Informatics." Perhaps it is the name, as Systemics is a company I have something to do with... But a brief look at the conference left me wondering whether it really existed; and later on I noticed other strange conferences popping up in Florida with similar weird appearances, and similar spam techniques. And, today, Levi pointed me at this: All is answered!
Computer-generated gibberish submitted, accepted
Thursday, April 14, 2005 Posted: 7:29 PM EDT (2329 GMT)
CAMBRIDGE, Massachusetts (Reuters) -- In a victory for pranksters at the Massachusetts Institute of Technology, a bunch of computer-generated gibberish masquerading as an academic paper has been accepted at a scientific conference.
Jeremy Stribling said Thursday that he and two fellow MIT graduate students questioned the standards of some academic conferences, so they wrote a computer program to generate research papers complete with "context-free grammar," charts and diagrams.
The trio submitted two of the randomly assembled papers to the World Multi-Conference on Systemics, Cybernetics and Informatics (WMSCI), scheduled to be held July 10-13 in Orlando, Florida.
To their surprise, one of the papers -- "Rooter: A Methodology for the Typical Unification of Access Points and Redundancy" -- was accepted for presentation.
The prank recalled a 1996 hoax in which New York University physicist Alan Sokal succeeded in getting an entire paper with a mix of truths, falsehoods, non sequiturs and otherwise meaningless mumbo-jumbo published in the quarterly journal Social Text, published by Duke University Press.
Stribling said he and his colleagues only learned about the Social Text affair after submitting their paper.
"Rooter" features such mind-bending gems as: "the model for our heuristic consists of four independent components: simulated annealing, active networks, flexible modalities, and the study of reinforcement learning" and "We implemented our scatter/gather I/O server in Simula-67, augmented with opportunistically pipelined extensions."
Stribling said the trio targeted WMSCI because it is notorious within the field of computer science for sending copious e-mails that solicit admissions to the conference.
The idea of a fake submission was to counter "fake conferences...which exist only to make money," explained Stribling and his cohorts' website, "SCIgen - An Automatic CS Paper Generator."
"Our aim is to maximize amusement, rather than coherence," it said. The website allows users to "Generate a Random Paper" themselves, with fields for inserting "optional author names."
"Contrarily, the lookaside buffer might not be the panacea..."
Nagib Callaos, a conference organizer, said the paper was one of a small number accepted on a "non-reviewed" basis -- meaning that reviewers had not yet given their feedback by the acceptance deadline.
"We thought that it might be unfair to refuse a paper that was not refused by any of its three selected reviewers," Callaos wrote in an e-mail. "The author of a non-reviewed paper has complete responsibility of the content of their paper."
However, Callaos said conference organizers were reviewing their acceptance procedures in light of the hoax.
Asked whether he would disinvite the MIT students, Callos replied, "Bogus papers should not be included in the conference program."
Stribling said conference organizers had not yet formally rescinded their invitation to present the paper.
The students were soliciting cash donations so they could attend the conference and give what Stribling billed as a "completely randomly-generated talk, delivered entirely with a straight face."
They exceeded their goal, with $2,311.09 cents from 165 donors.
March 17, 2005
Open Peer Review
Following on from discussions on peer reviewed papers, I checked an up and coming conference (Econ & Security), and
Take a paper and blog it in some fashion. (Perhaps limit the blog entry to the abstract and a link to the full paper.) Then, open the blog entry for comments and trackbacks.
Hey presto, we have peer review but not peer gatekeeping. (So far this was all Adam's idea.) We can also include substantial milestones such as major review periods, closing off one blog entry and shifting to another when the author has enough material to rewrite.
Reputation is built in as over time, the volume of attention should indicate the importance of the work. Let's draw a line in the sand and say that papers should be licensed under a Creative Commons licence.
Now, blogs already do this. But they are spontaneous, free flowing and full of spelling errors. So in order to turn the blog more to a weighty forum suited to the gravity of academia, we could put some links on the blog front page indicating the papers under spotlight.
Has anyone got an FC paper ready to roll? As Digital Money and FC-conference have just passed, and Econ&Security is closed, there seems to be a bit of a hole for the next 6 months in the peer review process. I would point out that the workshop in Electronic Contracting is open for another month. Oops, no, it's closed too. Double-oops. It's cancelled for lack of critical mass! Well, that just goes to show how hard the conference game is - having been there myself.
Having said that, in general, most of these conferences presume that Internet discussion does not count as publication. So you can have the best of both worlds, you can take advantage of a blog peer-review forum to hone your argument, then go for old world dead tree publication as well. (As long as you are careful not to muck up the licensing...)
March 14, 2005
Digital Money Forum - London - this week
Hyperion's Digital Money Forum is on, Wednesday and Thursday. Dave Birch runs an engaging show for financial cryptographers, and well worth the 2 days if you can get to London. At £275, it doesn't break the bank.
(I guess they'll take late bookings.) The schedule is on the site, but it is in PDF.
February 24, 2005
Cybercash on Vacation - ruminations on FC
Peter Wayner has written a downbeat piece on the history of the Financial Cryptography conference. He asks a bunch of people why FC hasn't taken off, and gets a lottery of answers. I think he's wrong...
The ideas have infiltrated into places, but few have noticed. PayPal did find some sustenance in the process, as did the gold currencies, and certain of the ideas that were talked about are now internalised. They simply didn't tell the FCers. Other more conventional plays such as ETFs have simply adopted the models from those players, and again, they've not recognised where they came from. Either publically or privately.
The reason for this lack of feedback on success - and hence the apparant lack of success - is because the FC organisers lack one thing: perspective. They were either academics, security guys, geeks, cryptographers or netizens. Often they were 2 or even 3 of those, but rarely did they have a straightforward business ability to integrate the ideas into other spheres. It was this integration that I wrote about in the 7 layers paper, and it is this integration that people like Dave Birch speak of in the conferences he runs.
When business people attend the 'vacational conference' of FC, what they see are a lot of different ideas expressed as fomulas, and it is left to them to construct them into business context. The fact that they didn't then credit FC with their successes is a foregone conclusion, as the FC community isn't capable of understanding the perspective that they are offering. That doesn't mean it wasn't there, it is just that until organisers stop treating FC as a forum to present new equations, they won't have the language to recognise what it's about.
January 25, 2005
FC05 Registration Deadline
There are now (26°C) less than two weeks (writes Stuart Schechter) to register for FC05 (Dominica, 28th Feb - 3rd March, 24 °C) before the late registration rates kick in. Registering by February 6th is necessary to ensure that we can provide you with food, pre-proceedings, and a conference t-shirt (warmth is guaranteed).
If you must register late, please get in touch with me and let me know your t-shirt size and whether you will be qualifying for the general, academic, or student rate. If we don't know to expect you, we cannot guarantee that there will be pre-proceedings, t-shirts, or meal tickets available for you. (But you won't freeze.)
Best regards
Stuart Schechter
General Chair
Financial Cryptography and Data Security 2005
Registration deadline drivers:
January 25 - 26 °C, clear, sunny, warm.
February 7 - Late registration period begins at 12:00AM EST
February 7 - Orders for pre-proceedings due to printer
February 7 - Orders for t-shirts due to shirt printer
February 14 - Count of attendees due to hotel caterers
February 28 to March 3 - 24 °C, 2cm precipitation
January 01, 2005
Journal of Internet Banking and Commerce
Recent grumbles in the comments to the recent FC papers post brought to mind an old journal called JIBC. I'd lost my "subscription" reminder to it many years ago and I guess I just assumed it had stopped. But, no, a little googling and I found it: the Journal of Internet Banking and Commerce. It is still pushing out 2-3 editions per year.
Back in the very early years, JIBC was there and publishing before things like the Financial Cryptography term had even been coined by Bob Hettinga. So I'm happy to come back and cheer them into the last year of their decade, given that the the first edition of this venerable journal was January 1996!
Some highlights include a regular column by Dave Birch, an article asking Why does SSL dominate the e-payment market ?, and an article predicting the return of digital cash in Waves Of Multimedia Banking Development.
JIBC published my second paper in 1997, the Critique on the 1994 EU Report on Prepaid Cards. Sometimes papers work out well, the lessons in that one are still useful in comparison to where Europe is now. So say I, at least.
December 29, 2004
FC'05 programme - announced
Stuart Schechter sent out the FC05 programme announcement just now, and it includes a text version of the programme, so here it is. The programme looks pretty good this year, with some varied stuff away from the "pure crypto" legacy of prior FC conferences.
For those who don't know, FC is a fun conference, with a lot of 'beach time' due to the locations. Good mixing opportunities are had by all.
The program and preliminary schedule can be found at:
http://www.ifca.ai/fc05/program.html
An official call for participation will be sent out as soon as
registration is open. (We expect this to be early next week.)
If you've yet to make travel arrangements, I would encourage you to stay
in Dominica on Thursday night (3/3) or longer to avoid a rush to the airport
after the morning program. In the past, attendees who have stayed after the
conference have found that this is an excellent time to meet with others.
Keynote Speakers
================
Lynne Coventry (NCR)
Bezalel Gavish (Southern Methodist University)
Panel Sessions
==============
Financial Technology in the Developing World
Allan Friedman (Harvard) - Organizer
Alessandro Acquisti (CMU)
H William Burdett, Jr. (Foley & Lardner, LLP)
Jon Peha (CMU)
Phishing
Steve Myers (Indiana University) - Organizer
Drew Dean (SRI)
Stuart Stubblebine (Stubblebine Research Labs)
Richard Clayton (Cambridge, UK)
Markus Jakobsson (Indiana University CACR)
Research Papers
===============
Fraud within Asymmetric Multi-Hop Cellular Networks
Gildas Avoine (EPFL, Lausanne, Switzerland)
Information-Theoretic Security Analysis of Physical Uncloneable Functions
P. Tuyls
B. Skoric
S. Stallinga
A.H. Akkermans
W. Ophey (Philips Research Laboratories, The Netherlands)
Views, Reactions and Impact of Digitally-Signed Mail in e-Commerce.
Simson L. Garfinkel
Jeffrey I. Schiller
Erik Nordlander (MIT)
David Margrave (Amazon.com)
Robert C. Miller (MIT)
Identity-based Partial Message Recovery Signatures
(or How to Shorten ID-based Signatures)
Fangguo Zhang (Sun Yat Sen University, P.R.China)
Yi Mu
Willy Susilo (University of Wollongong, Australia)
How to Non-Interactively Update a Secret
Eujin Goh (Stanford University)
Philippe Golle (Palo Alto Research Center)
Interactive Diffie-Hellman Assumptions with Applications
to Password-Based Authentication
Michel Abdalla
David Pointcheval (Ecole Normale Superieure)
Achieving Fairness in Private Contract Negotiation
Keith Frikken
Mikhail Atallah (Purdue University)
Protecting Secret Data from Insider Attacks
David Dagon
Wenke Lee
Richard Lipton (Georgia Tech)
RFID Traceability A Multilayer Problem
Gildas Avoine
Philippe Oechslin (EPFL Lausanne Switzerland)
A User-Friendly Approach to Human Authentication of Messages
Jeff King
Andre dos Santos (Georgia Tech)
Countering Identity Theft through Digital Uniqueness,
Location Cross-Checking, and Funneling
P.C. van Oorschot (Carleton University)
S. Stubblebine (Stubblebine Research Labs)
Policy-Based Cryptography and Applications
Walid Bagga
Refik Molva (Eurecom)
A Privacy Protecting Coupon System
Liqun Chen (HP Laboratories)
Matthias Enzmann (Fraunhofer SIT)
Ahmad-Reza Sadeghi (University of Bochum)
Markus Schneider (Fraunhofer SIT)
Michael Steiner (IBM T.J. Watson)
Analysis of a Multi-Party Fair Exchange Protocol and Formal
Proof of Correctness in the Strand Space model
Steve Kremer
Aybek Mukhamedov
Eike Ritter (University of Birmingham, UK)
Secure Biometric Authentication for Weak Computational Devices
Mikhail J. Atallah
Keith B. Frikken (Purdue)
Michael T. Goodrich (UC Irvine)
Roberto Tamassia (Brown)
Small Coalitions Cannot Manipulate Voting
Edith Elkind (Princeton University)
Helger Lipmaa (Helsinki University of Technology)
Efficient Privacy-Preserving Protocols for Multi-Unit Auctions
Felix Brandt (Stanford)
Tuomas Sandholm (Carnegie Mellon University)
Risk Assurance for Hedge Funds using Zero Knowledge Proofs
Michael Szydlo (RSA Security/Independent)
Testing Disjointness of Private Datasets
Aggelos Kiayias (University of Connecticut)
Antonina Mitrofanova (Rutgers University)
Time Capsule Signature
Yevgeniy Dodis (NYU)
Dae Hyun Yum (POSTECH)
Probabilistic Escrow of Financial Transactions
with Cumulative Threshold Disclosure
Stanislaw Jarecki (UC Irvine)
Vitaly Shmatikov (UT Austin)
Approximation in Message Authentication
Giovanni Di Crescenzo
Richard Graveman (Telcordia)
Gonzalo Arce
Renwei Ge (U Delaware)
Systems & Applications Presentations
====================================
Securing Sensitive Data with the Ingrian DataSecure Platform
Andrew Koyfman (Ingrian Networks)
Ciphire Mail Email Encryption
Lars Eilebrecht (Ciphire Labs)
December 27, 2004
FC'05 (the conference) posts the programme!
FC'05 - the Financial Cryptography conference to be held in Dominica, first week of March - has posted a preliminary programme. I haven't seen it announced yet, so maybe this is a 'leak' :-)
There are lots of interesting papers, and it looks like this year they may have actually brought in more relevant stuff. Also, two panels:
A Panel on Phishing! Well, it makes sense. The only thing that will protect users from being phished will be good relationship management ... as based on caching of certs. That's finance and crypto, right there.
And, a Panel on Financial Technology in the Developing World. Another fine topic where much has been done, much could be done, and much more is being asked of us.
May 21, 2004
FC05 - Dominica - March 2005
FC'05 is announced with a new title "Financial Cryptography and Data Security." Vital statistics are 28th Feb to 3rd March, 2005, in Roseau, Dominica, East Caribbean, and submissions in the Call for Papers are due by 10th September, 2004.
-------- Original Message --------
Subject: [fc-announce] CFP: FC'05 - Financial Cryptography and Data Security
Date: Tue, 18 May 2004 16:59:41 -0400
From: Stuart Schechter <stuart@eecs.harvard.edu>
Organization: Harvard University
To: <fc-announce@ifca.ai>
Financial Cryptography and Data Security
http://www.ifca.ai/fc05/
CALL FOR PAPERS
Ninth International Conference
February 28-March 3, 2005
Roseau, The Commonwealth Of Dominica
Submissions Due Date: September 10, 2004
Financial Cryptography and Data Security (FC'05) is the premier international forum for research, advanced development, education, exploration, and debate regarding security in the context of finance and commerce. We have augmented our conference title and expanded our scope to cover all aspects of securing transactions and systems. These aspects include a range of technical areas such as: cryptography, payment systems, secure transaction architectures, software systems and tools, user and operator interfaces, fraud prevention, payment systems, secure IT infrastructure, and analysis methodologies. Our focus will also encompass legal, financial, business and policy aspects. Material both on theoretical (fundamental) aspects of securing systems and on secure applications and real-world deployments will be considered.
The conference goal is to bring together top cryptographers, data-security specialists, and scientists with economists, bankers, implementers, and policy makers. Intimate and colorful by tradition, the FC'05 program will feature invited talks, academic presentations, technical demonstrations, and panel discussions. This conference is organized annually by the International Financial Cryptography Association (IFCA).
Original papers and presentations on all aspects of financial and commerce security are invited. Submissions must have a visible bearing on financial and commerce security issues, but can be interdisciplinary in nature and need not be exclusively concerned with cryptography or security. Possible topics for submission to the various sessions include, but are not limited to:
* Anonymity and Privacy
* Auctions
* Audit and Auditability
* Authentication and Identification, including Biometrics
* Certification and Authorization
* Commercial Cryptographic Applications
* Commercial Transactions and Contracts
* Digital Cash and Payment Systems
* Digital Incentive and Loyalty Systems
* Digital Rights Management
* Financial Regulation and Reporting
* Fraud Detection
* Game Theoretic Approaches to Security
* Infrastructure Design
* Legal and Regulatory Issues
* Microfinance and Micropayments
* Monitoring, Management and Operations
* Reputation Systems
* RFID-Based and Contactless Payment Systems
* Risk Assessment and Management
* Secure Banking
* Secure Financial Web Services
* Securing Emerging Computational Paradigms
* Security and Risk Perceptions and Judgments
* Security Economics
* Smart Cards and Secure Tokens
* Trust Management
* Trustability and Trustworthiness
* Underground-Market Economics
* Usability and Acceptance of Security Systems
* User and Operator Interfaces
=======================
FC'05 is inviting submissions in three categories:
(1) research papers,
(2) systems and applications presentations,
(3) panel sessions.
For all accepted submissions, at least one author must attend the conference and present the work.
Research Papers
===============
Research papers should describe novel scientific contributions to the field, and they will be subject to vigorous peer review. Papers can be a maximum of 15 pages in length (including references and appendices), and accepted submissions will be published in full in the conference proceedings. Submission of previously published material and simultaneous submission of papers to other conferences or workshops with proceedings is not permitted. Authors of research papers found to be doubly submitted risk having all their submissions withdrawn from consideration as well as other appropriate sanctions.
Systems and Application Presentations
=====================================
Submissions in this category should describe novel or successful systems with an emphasis on secure digital commerce applications. Presentations may concern commercial systems, academic prototypes, or open-source projects for any of the topics listed above. Where appropriate, software or hardware demonstrations are encouraged as part of the presentations in these sessions. Contributions must reflect careful thought and effort and provide valuable, up-to-date experience that is relevant to practitioners in the fields of financial cryptography and data security. Submissions in this category should consist of a short summary of the work (1-6 pages in length) to be reviewed by the Program Committee, along with a short biography of the presenters. Accepted submissions will be presented at the conference (25 minutes per presentation), and a one-page abstract will be published in the conference proceedings.
Panel Sessions
==============
Proposals for panel sessions are also solicited, and should include a brief description of the panel as well as prospective participants. Panel proposals should be submitted via e-mail, in plain ASCII format, to the Program Chairs. Accepted panel sessions will be presented at the conference, and each participant will contribute a one-page abstract to be published in the conference proceedings.
The Rump Session
================
FC'05 will also include the popular "rump session" held on one of the evenings in an informal, social atmosphere. The rump session is a program of short (5-7 minute), informal presentations on works in progress, off-the-cuff ideas, and any other matters pertinent to the conference. Any conference attendee is welcome to submit a presentation to the Rump Session Chair (to be announced). This submission should consist of a talk title, the name of the presenter, and, if desired, a very brief abstract. Submissions may be sent via e-mail, or submitted in person through the Monday of the conference.
Preparation Instructions
========================
Submissions to the research papers and systems/application presentation categories must be received by the due date. Papers must be formatted in standard PostScript, PDF format, or MS Word. Submissions in other formats will be rejected. All papers must be submitted electronically according to the instructions and forms found on this web site. (Specific instructions for electronic submissions will be published in the near future.)
Author names and affiliations on submissions must be explicit. In other words, submitted papers should not be anonymized. Submissions must include on the first page the title of the paper, the names and affiliations of all authors, a brief abstract, and a list of topical keywords. Accepted submissions will be included in the conference proceedings to be published in the Springer-Verlag Lecture Notes in Computer Science (LNCS) series after the conference, so the submissions must be formatted in the standard LNCS format. Authors of accepted submissions will be required to complete and sign an IFCA copyright form. A pre-proceedings volume containing preliminary versions of the papers will be distributed at the conference.
Questions about all conference submissions should be directed to the Program Chairs.
===============
Submission Deadline: September 10, 2004
Author Notification: November 1, 2004
Pre-Proceedings Version Due: TBA
Conference: February 28 - March 3, 2005
Final Proceedings Version Due: TBA
=====================
Conference Website: http://www.ifca.ai/fc05/
General Chair:
Stuart Schechter, stuart@eecs.harvard.edu
Program Chairs:
Andrew Patrick, Andrew.Patrick@nrc-cnrc.gc.caMoti Yung, moti@cs.columbia.edu
Program Committee: TBA
_______________________________________________
fc-announce mailing list
fc-announce@ifca.ai
http://mail.ifca.ai/mailman/listinfo/fc-announce
February 14, 2004
Workshop on Sensitive Data
July, 2004, Stanford, California
This workshop is intended to foster collaborations between computer scientists who seek to enhance the security and privacy of sensitive data about people and organizations and domain experts in fields that need technological solutions to address customer concerns and to fulfill legal obligations. The goal is to formulate specific technical problems that are important to user communities that deal with large amounts of sensitive but are not satisfactorily solved by current
technology.
PORTIA Workshop on Sensitive Data in Medical, Financial, and Content-Distribution Systems
July 8-9, 2004
Frances C. Arrillaga Alumni Center, Stanford University, Stanford CA
A half-day will be spent on each of three domains:
1) Medicine, in which advances in computing and communication technology can enhance treatment and research but can also threaten patient privacy. This session will include an invited presentation by Dr. Daniel Masys, Director of Biomedical Informatics at the UCSD Medical School (http://medicine.ucsd.edu/faculty/masys/).
2) Financial services, in which vast amounts of transaction data are routinely stored and transmitted, but individuals and firms are deeply concerned about security and privacy, and complex legal requirements apply. This session will include an invited presentation by Dr. Daniel Schutzer, Vice President, Director of External Relations and Emerging Technologies in Information Security and Compliance at Citigroup.
3) Digital content distribution, in which rights holders and libraries seek distribution systems that simultaneously obey copyright law, respect user privacy, and permit legitimate user profiling, usage
monitoring, and data mining.
There will also be one half-day devoted to technological challenges common to all domains and user communities that deal with large amount of sensitive data. Activities will include invited presentations, contributed presentations, and break-out sessions.
Workshop Co-Chairs:
Joan Feigenbaum (Yale University)
Vitaly Shmatikov (SRI)
Vicky Weissman (Cornell University)
Important Dates:
May 1, 2004: Submissions due
May 1, 2004: Requests for travel support due
June 1, 2004: Accept/reject decisions sent
June 15, 2004: Final abstracts due
July 8-9, 2004: Workshop
Submission Instructions:
If you would like to speak at this workshop, please send a 1- to 2-page abstract of your proposed talk by May 1, 2004 to pw-org@csl.sri.com. If your submission is accepted, you will be expected to provide a final version of your abstract for posting on the workshop website by June 15, 2004. Links to complete papers may also be posted at the speakers' request but are not required.
Travel Support:
A modest amount of travel support is available. If you would like to attend this workshop but require travel support in order to do so, please contact pw-org@csl.sri.com by May 1, 2004.
This workshop is sponsored by the National Science Foundation's ITR program through the PORTIA project on sensitive data (http://crypto.stanford.edu/portia).
February 03, 2004
Paysec 2004
Payments Systems and Security
18/19th June 2004
Enhyper are proud to announce a conference with a difference,Payments Systems and Security, to be held at The Innholders Hall, London, on 18/19th Jun 2004.
At PaySec2004 we've brought together payments systems developers, security architects, operational risk practitioners and academics to address all aspects of technology, security and operation in the payment systems domain, both present and future state.
The best of the Internet versus the best of the City. Short key technical demonstrations will be interspersed to bring context to the challenges and the solutions. Rump sessions will allow you to contribute your experiences for the benefit of others.
Headline Topics
* Payment Transformations and integration
* Settlement to T+0 and RTGS
* Programmatic electronic contract negotiation
* Systems Performance Monitoring: Service Level Compliance
* Extensible Electronic Currency Frameworks
* SSL/SSH based infrastructure to enhance federated security
* Payment Systems as Critical National Infrastructure
* Automated System Risk Audits for Operational Risk Compliance
* Strategies for Defending against Infrastructure Attacks
* Reusable Security Architecture via pre-risk assessed patterns
Speakers
Geoff Chick, Product Director, Century 24 Solutions
Integration Objects
Dr Iain Saville, Head of Business Process Reform, Lloyds
Kinnect - Taking Contracts Digital
Ian Grigg, Principal Architect, Systemics
Integrating Business into the Payments System
Dr Alistair Dunlop, Director of the Open Middleware
Infrastructure Institute, University of Southampton
Grid Computing based Web Services
Paul Guthrie, Principal/CTO, Payment Software Corporation
Micropayments and E-Cash, Then and Now
Dr Simon Lelieveldt, Lelieveldt Consultancy
Security Profiles in Pre-paid payments
Frank Trotter, CEO, Everbank
Blazing the Internet Bank Trail
Graeme Burnett, Enhyper
Future State Security Architecture
James Turk, Managing Director, Goldmoney
Internet Gold - the new Governance
John Walker, Managing Director, NDS UK Ltd
Unto the breach: breaking the hardware and cryptography
of smart card chips.
(Some additional speaker slots are reserved.)
Details
Conference site is at http://www.enhyper.com/paysec/
Location: London, 18/19th Jun 2004. Venue details on site.
Cost: £1500 which includes all catering and all refreshments.
Advance Registration is at
http://www.enhyper.com/paysec/registration.html
Please note that this is not a sales conference.
Speakers are not selling their product to attendees.
January 21, 2004
CodeCon 2004
The program for CodeCon 2004 has been announced.
CodeCon is the premier showcase of active hacker projects. It is a workshop for developers of real-world applications with working code and active development projects. All presentations will given by one of the active developers, and accompanied by a functional demo.
Highlights of CodeCon 2004 include:
PGP Universal - Automatic, transparent email encryption with zero clicks
Osiris - A free Host Integrity Monitor designed for large scaleserver deployments that require auditable security
Tor - Second-generation Onion Routing: a TCP-based anonymizing overlay network
Vesta - An advanced software configuration management system that handles both versioning source files and building
PETmail - Permission-based anti-spam replacement for SMTP
FunFS - Fast User Network File System - An advanced network file system designed as a successor for NFS
Codeville - Distributed version control system
Audacity - A cross-platform multi-track audio editor
The third annual CodeCon takes place February 20 - 22, noon - 6pm, at Club NV (525 Howard Street) in San Francisco. CodeCon registration is $95; a $20 discount is available for attendees who register online prior to February 1, 2004.
http://www.codecon.org/2004/registration.html