Tag: signature

Jun 29

MIG: Mozilla InvestiGator by mozilla

Mozilla’s platform for real-time digital forensics and incident response of modern infrastructures

MIG is a platform to perform investigative surgery on remote endpoints. It enables investigators to obtain information from large numbers of systems in parallel, thus accelerating investigation of incidents and day-to-day operations security. Watch on YouTube

MIG is composed of agents installed on all systems of an infrastructure that are be queried in real-time to investigate the file-systems, network state, memory or configuration of endpoints.

It’s an army of Sherlock Holmes, ready to interrogate your infrastructure within seconds.

Capability Linux MacOS Windows
file inspection check check check
network inspection check check (partial)
memory inspection check check check
vuln management check (planned) (planned)
system auditing (planned) (planned) (planned)

Imagine that it’s 7am on a saturday morning, and someone just released a critical vulnerability for your favorite PHP application. The vuln is already exploited and security groups are releasing indicators of compromise. Your weekend isn’t starting great, and the thought of manually inspecting thousands of systems isn’t making it any better.

MIG can help. The signature of the vulnerable PHP app (an md5 of a file, a regex on file, or just a filename) can be searches for across all your systems using the file module. Similarly, indicators of compromise such as specific log entries, backdoor files with {md5,sha{1,256,512,3-{256,512}}} hashes, IP addresses from botnets or signature in processes memories can be investigated using MIG. Suddenly, your weekend is looking a lot better. And with just a few command lines, thousands of systems will be remotely investigated to verify that you’re not at risk.

Source: MIG: Mozilla InvestiGator by mozilla

Nov 29

Seminar: Helena Bruyninckx “Creating Signature Schemes by using quantum principles” (December 2, 2013)

December 2, 2013 – 13.00 – Computer Department Seminar Room – NO Building, 7th floor (NO7.07)

Speaker : Helena Bruyninckx (ERM & ULB)

Title : Creating Signature Schemes by using quantum principles

Jan 31

The 2013 International Conference on Security and Management – SAM’13

CALL FOR PAPERS

Paper Submission Deadline: March 18, 2013

The 2013 International Conference on Security and Management
SAM’13

July 22-25, 2013, Las Vegas, USA

http://sam.udmercy.edu/sam13/

You are invited to submit a full paper for consideration. All accepted
papers will be published in printed conference books/proceedings (ISBN)
and will also be made available online. The proceedings will be indexed
in science citation databases that track citation frequency/data for
each paper. In addition, like prior years, extended versions of selected
papers (about 35%) will appear in journals and edited research books
(publishers include: Springer, Elsevier, BMC, and others). SAM’13
is composed of a number of tracks, including: tutorials, sessions,
workshops, posters, and panel discussions. The conference will be held
July 22-25, 2013, Las Vegas, USA.

SCOPE: Topics of interest include, but are not limited to, the following:

O Network Security
-Security Algorithms
-Mobile Network Security
-Security in CDN (Contents Distribution Networks)
-Virtual Private Network (VPN)
-Tracing Techniques in Internet
-Active Networks
-Security in Grid
-Web Monitoring
-Network Security Engineering
-Transport-Level Security
-Wireless Network Security
-IP Security
-Electronic Mail security

O Cryptographic Technologies
-Security Protocols
-Key Management Techniques
-Cryptographic Technologies
-Applications of Block and Stream Ciphers
-Applications of Public Key Cryptology
-Message Authentication and Hash Functions
-Anonymity
-Digital Signature Schemes
-Secret Sharing
-Cryptanalysis

O Security Management
-Surveillance Technologies
-Security Policies
-Security for Protocol Management
-Location Management
-QoS Management
-Resource Management
-Channel Management
-Mobility Management
-Digital Contents Copyright Protection
-System Security Management
-Network Security Management
-Management in Network Equipment
-Storage Area Networks (SAN) Management
-Information Security Management
-Government Security Policy
-Web Penetration Testing
-Security Operations
-Vulnerabilities Management

O Security Education
-Computer Security Education
-Network Security Education
-Cyber Security Education
-Cyber Security Body of Knowledge
-Information Assurance Education

O Information Assurance
-Mission Assurance
-Risk Assessment and Risk Management
-Continuity of Operations and Business Impact Analysis
-Cyber Security Compliance
-Security Auditing
-Security-Savvy Software Development
-Disaster Recovery
-Business Continuity Analysis
-Access Control
-Secure Use of Software
-Secure Performance

O Biometrics and Forensics
-Novel Biometric Methods
-Forensics
-Biological Security Technologies
-Face Recognition Systems
-Signature Recognition Systems
-Cyber Forensics
-Forensic Analysis
-Biometric Technologies for Security
-Feature Extraction and Matching Algorithms

O Hardware Security
-Embedded Systems Security
-Cryptographic Processors and Co-Processors
-Security Architectures
-True and Pseudorandom Number Generators
-Side Channel Attacks
-Fault Attacks
-Hardware Tamper Resistance
-Smart Card Processors
-Secure Storage Devices

O Security Applications
-Security in E-Commerce and M-Commerce
-Secure OS
-Watermarking
-High-Tech Systems at Airports
-Emerging Technologies and Applications
-Cloud Computing Security
-Database Security
-Data Mining Security
-Cyber Security Automation

O Computer Security
-Firewall Systems
-Hacking Techniques and Related Issues
-Intrusion Detection System (IDS)
-Honeypot
-Virus Issues (Detection, Prevention …)
-Trusted Computing
-Alert Correlation
-Attack Graphs
-Incident Responding
-Malware Analysis
-Incident Responding

IMPORTANT DATES:

January 31, 2013: Workshop / Session Proposals
March 18, 2013: Submission of full papers (about 7 pages)
April 18, 2013: Notification of acceptance (+/- two days)
May 5, 2013: Final papers + Copyright + Registration
July 22-25, 2013: The 2013 International Conference on Security
and Management (SAM’13)

CO-SPONSORS:

Currently being prepared – The Academic Sponsors of the last offering of
FECS (2012) included research labs and centers affiliated with:
Minnesota Supercomputing Institute, USA; Argonne National Laboratory,
Illinois, USA; George Mason University, Virginia, USA; Harvard University,
Cambridge, Massachusetts, USA; Center for Cyber Defense, NCAT, North
Carolina, USA; Center for Advanced Studies in Identity Sciences (CASIS:
NC A&T, Carnegie Mellon, Clemson, UNC Wilmington), USA; Massachusetts
Institute of Technology (MIT), Cambridge, Massachusetts, USA; Texas A&M
University, USA; UMIT, Institute of Bioinformatics and Translational
Research, Austria; University of Iowa, USA; Russian Academy of Sciences,
Moscow, Russia; NDSU-CIIT Green Computing and Communications Laboratory,
USA; Medical Image HPC and Informatics Lab, Iowa, USA; and others.
Sponsors At-Large included (corporate, associations, organizations):
Intel Corporation; Super Micro Computer, Inc., California, USA; Altera
Corporation; The International Council on Medical and Care Compunetics;
International Society of Intelligent Biological Medicine; US Chapter of
World Academy of Science; High Performance Computing for Nanotechnology;
Luna Innovations; World Academy of Biomedical Sciences and Technologies;
Manx Telecom; Computer Science Research, Education, and Applications
Press; HoIP Telecom; Hodges Health; Leading Knowledge; OMG; Science
Publications and others.

SUBMISSION OF REGULAR PAPERS:

Prospective authors are invited to submit their papers by uploading them
to the evaluation web site at:
https://www.easychair.org/account/signin.cgi?conf=sam13
( OR http://world-comp.org ).
Submissions must be uploaded by March 18, 2013 and must be in either
MS doc or pdf formats (about 7 pages including all figures, tables,
and references – single space, font size of 10 to 12). All reasonable
typesetting formats are acceptable (later, the authors of accepted
papers will be asked to follow a particular typesetting format to
prepare their final papers for publication.) Papers must not have been
previously published or currently submitted for publication elsewhere.
The first page of the paper should include: title of the paper, name,
affiliation, postal address, and email address for each author. The
first page should also identify the name of the Contact Author and a
maximum of 5 topical keywords that would best represent the content
of the paper. The track title must also be stated on the first page of the
paper as well as a 100 to 150-word abstract. The length of the final/
Camera-Ready papers (if accepted) will be limited to 7
(two-column IEEE style) pages.

Each paper will be peer-reviewed by two experts in the field for
originality, significance, clarity, impact, and soundness. In cases of
contradictory recommendations, a member of the conference program
committee would be charged to make the final decision (accept/reject);
often, this would involve seeking help from additional referees.
Papers whose authors include a member of the conference program
committee will be evaluated using the double-blinded review process.
(Essay/philosophical papers will not be refereed but may be considered
for discussion/panels).

The proceedings will be published in printed conference books (ISBN) and
will also be made available online. The proceedings will be indexed in
science citation databases that track citation frequency/data for each
published paper. Science citation databases include: Inspec / IET / The
Institute for Engineering & Technology; The French National Center for
Scientific Research, CNRS, INIST databases, PASCAL (accessable from
INIST, Datastar, Dialog, EBSCO, OVID, Questel.Orbit, Qwam, and STN
International); P3P8PCTD70148 and others. Though, there is no guarantee
that the proceedings will also be included in SCI EI Compendex/Elsevier
indexings; in the past, the proceedings were included in these databases.
Therefore, we will also be sending the proceedings for indexing
procedures to SCI EI Compendex/Elsevier. The printed proceedings/books
will be available for distribution on site at the conference.

SUBMISSION OF POSTER PAPERS:

Poster papers can be 2 pages long. Authors are to follow the same
instructions that appear above (see, SUBMISSION OF REGULAR PAPERS) except
for the submission is limited to 2 pages. On the first page, the author
should state that “This paper is being submitted as a poster”. Poster
papers (if accepted) will be published if and only the author of the
accepted paper wishes to do so. please email your poster papers to the
poster co-chairs: Hanen Idoudi ( Hanen.Idoudi@ensi.rnu.tn ), or
Esmiralda Moradian ( moradian@kth.se ).

PROPOSAL FOR ORGANIZING WORKSHOPS/SESSIONS:

Each conference is composed of a number of tracks. A track can be a
session, a workshop, or a symposium. A session will have at least 6
papers; a workshop at least 12 papers; and a symposium at least 18
papers. Track chairs will be responsible for all aspects of their
tracks, including: soliciting papers, reviewing, selecting, …
The names of track chairs will appear as Associate Editors in the
conference proceedings and on the cover of the printed books (and
indexed in science databases as such).

Proposals to organize tracks (sessions, workshops, or symposiums) should
include the following information: name and address (+ email) of proposer,
his/her biography, title of track, a 100-word description of the topic of
the track, the name of the conference the track is submitted for
consideration (ie, SAM), and a short description on how the track
will be advertised (in most cases, track proposers solicit papers from
colleagues and researchers whose work is known to the track proposer).
E-mail your track proposal to the Workshops/Sessions co-chairs:
Flaminia Luccio ( luccio@unive.it ) or Sergey Morozov
( morozose@udmercy.edu ). We would like to receive the track proposals
as soon as possible but by no later than January 31, 2013.

MEMBERS OF STEERING COMMITTEE:

Currently being finalized. The members of the Steering Committee of The
2012 Congress that FECS was (and will be) part of included: Dr. Selim
Aissi, (formerly: Chief Strategist – Security, Intel Corporation, USA)
Senior Business Leader & Chief Architect, Visa Corporation, USA; Prof.
Babak Akhgar, PhD, FBCS, CITP, Professor of Informatics, Sheffield
Hallam University, Sheffield, UK; Prof. Hamid R. Arabnia, Professor of
Computer Science, Elected Fellow of ISIBM, Editor-in-Chief of Journal
of Supercomputing (Springer), University of Georgia, USA; Prof. Kevin
Daimi, Professor of Computer Science, Director of Computer Science and
Software Engineering Programs, Department of Mathematics, Computer
Science and Software Engineering, University of Detroit Mercy, Detroit,
Michigan, USA; Prof. Gerry Vernon Dozier, Professor of Computer Science,
Chair of Department of Computer Science and Director of Center for
Advanced Studies in Identity Sciences, Center for Cyber Defense, North
Carolina A&T State University, North Carolina, USA; Dr. Michael R.
Grimaila, Associate Professor, Air Force Institute of Technology,
Systems Engineering, Fellow of ISSA, CISM, CISSP, IAM/IEM, Editorial
Board of ISSA Journal, Air Force Center of Cyberspace Research, Advisor
to the Prince of Wales Fellows & Prince Edward Fellows at MIT and
Harvard Universities and PC member of NATO Cooperative Cyber Defence
Centre of Excellence (CCD COE); Prof. Kun Chang Lee, Professor of MIS
and WCU Professor of Creativity Science, Business School and Department
of Interaction Science, Sungkyunkwan University, Seoul, South Korea;
Prof., Dr., Dr.h. Victor Malyshkin, Head of Supercomputer Software
Department (SSD), Institute of Computational Mathematics and
Mathematical Geophysics, Russian Academy of Sciences, Russia;
Prof. George Markowsky, Professor and Chair of Computer Science,
Associate Director of School of Computing and Information Science,
Chair of International Advisory Board of IEEE IDAACS and Director 2013
Northeast Collegiate Cyber Defense Competition, Chair Bangor Foreign
Policy Forum, Cooperating Professor of Mathematics & Statistics
Department UMaine, Cooperating Professor of School of Policy &
International Affairs UMaine, University of Maine, Orono, Maine, USA;
Prof. Andy Marsh, Director of HoIP, Director of HoIP Telecom, UK,
Secretary-General of WABT, Vice- president of ICET, Visiting Professor,
University of Westminster, UK; Prof. James J. (Jong Hyuk) Park,
Professor of Computer Science and Engineering, Seoul National
University of Science and Technology (SeoulTech), Korea, President of
KITCS, Presidentof FTRA, Editor-in-Chiefs of HCIS, JoC and IJITCC
Journals; Ashu M. G. Solo (Publicity Chair), Fellow of British
Computer Society, Principal R&D Engineer, Maverick Technologies
America; Prof. Sang C. Suh, Head and Professor of Computer Science,
Vice President, of Society for Design and Process Science (SDPS),
Director of Intelligent Cyberspace Engineering Lab (ICEL), Texas A&M
University, Com., Texas, USA; Prof. Layne T. Watson, IEEE Fellow,
NIA Fellow, ISIBM Fellow, Fellow of The National Institute of
Aerospace, Virginia Polytechnic Institute & State University,
Virginia, USA

The 2013 Program Committee for SAM conference is currently being
compiled. Many who have already joined the committees are renowned
leaders, scholars, researchers, scientists and practitioners of the
highest ranks; many are directors of research labs., fellows of
various societies, heads/chairs of departments, program directors of
research funding agencies, as well as deans and provosts.

Program Committee members are expected to have established a strong and
documented research track record. Those interested in joining the
Program Committee should email daimikj@udmercy.edu
the following information for consideration/evaluation: Name,
affiliation and position, complete mailing address, email address,
a one-page biography that includes research expertise, and details of
two recent papers on security.

GENERAL INFORMATION:

SAM is an international conference that serves researchers, scholars,
professionals, students, and academicians who are looking to both foster
working relationships and gain access to the latest research results.
It is being held jointly (same location and dates) with a number of
other research conferences; namely, The 2013 World Congress in Computer
Science, Computer Engineering, and Applied Computing (WORLDCOMP). The
Congress is the largest annual gathering of researchers in computer
science, computer engineering and applied computing. We anticipate to
have 2,100 or more attendees from over 85 countries.

The 2013 Congress will be composed of research presentations, keynote
lectures, invited presentations, tutorials, panel discussions, and
poster presentations. In recent past, keynote/tutorial/panel speakers
have included: Prof. David A. Patterson (pioneer, architecture, U. of
California, Berkeley), Dr. K. Eric Drexler (known as Father of
Nanotechnology), Prof. John H. Holland (known as Father of Genetic
Algorithms; U. of Michigan), Prof. Ian Foster (known as Father of Grid
Computing; U. of Chicago & ANL), Prof. Ruzena Bajcsy (pioneer, VR, U.
of California, Berkeley), Prof. Barry Vercoe (Founding member of MIT
Media Lab, MIT), Dr. Jim Gettys (known as X-man, developer of X Window
System, xhost; OLPC), Prof. John Koza (known as Father of Genetic
Programming, Stanford U.), Prof. Brian D. Athey (NIH Program Director,
U. of Michigan), Prof. Viktor K. Prasanna (pioneer, U. of Southern
California), Dr. Jose L. Munoz (NSF Program Director and Consultant),
Prof. Jun Liu (pioneer, Broad Institute of MIT & Harvard U.),
Prof. Lotfi A. Zadeh (Father of Fuzzy Logic), Dr. Firouz Naderi (Head,
NASA Mars Exploration Program/2000-2005 and Associate Director, Project
Formulation & Strategy, Jet Propulsion Lab, CalTech/NASA; Director,
NASA’s JPL Solar System Exploration), Prof. David Lorge Parnas (Fellow
of IEEE, ACM, RSC, CAE, GI; Dr.h.c.: ETH Zurich, Prof. Emeritus,
McMaster U. and U. of Limerick), Prof. Eugene H. Spafford (Executive
Director, CERIAS and Professor, Purdue University), Dr. Sandeep
Chatterjee (Vice President & Chief Technology Officer, SourceTrace
Systems, Inc.), Prof. Haym Hirsh (Rutgers University, New Jersey, USA
and former director of Division of Information and Intelligent Systems,
National Science Foundation, USA), Dr. Flavio Villanustre (Vice-
President, HPCC Systems), and many other distinguished speakers. To
get a feeling about the Congress’s atmosphere, see the 2012 delegates
photos available at: http://infinitydempsey.smugmug.com/WorldComp

An important mission of the Congress is “Providing a unique platform for
a diverse community of constituents composed of scholars, researchers,
developers, educators, and practitioners. The Congress makes concerted
effort to reach out to participants affiliated with diverse entities
(such as: universities, institutions, corporations, government agencies,
and research centers/labs) from all over the world. The Congress also
attempts to connect participants from institutions that have teaching as
their main mission with those who are affiliated with institutions that
have research as their main mission. The Congress uses a quota system to
achieve its institution and geography diversity objectives.”

One main goal of the Congress is to assemble a spectrum of affiliated
research conferences, workshops, and symposiums into a coordinated
research meeting held in a common place at a common time. This model
facilitates communication among researchers in different fields of
computer science, computer engineering, and applied computing. The
Congress also encourages multi-disciplinary and inter-disciplinary
research initiatives; ie, facilitating increased opportunities for
cross-fertilization across sub-disciplines.

MEASURABLE SCIENTIFIC IMPACT OF CONGRESS:

As of December 2012, papers published in the Congress proceedings have
received over 27,000 citations (includes about 2,000 self-citations).
Citation data obtained from http://academic.research.microsoft.com/ .

CONTACT:

Inquiries should be sent to: daimikj@udmercy.edu

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Jan 10

Ecole de printemps d’informatique théorique 2013

ECOLE DE PRINTEMPS D’INFORMATIQUE THEORIQUE 2013
Algorithmique des réseaux euclidiens et applications
Autrans (Isère), 18-22 mars 2013

[Merci à tou(te)s de faire suivre aux personnes susceptibles d’être
intéressées hors GDR IM]

Comité d’organisation : Guillaume Hanrot (LIP, ENS Lyon), Damien Séon
(LIP, ENS Lyon), Damien Stehlé (LIP, ENS Lyon)

Comité scientifique des EPIT : Roberto Amadio (Paris 7 / PPS),
Pierre-Louis Curien (CNRS/PPS), Guillaume Hanrot (ENS Lyon/LIP),
Frédéric Magniez (CNRS/LIAFA — président), Jean Mairesse
(CNRS/LIAFA), Anca Muscholl (U. Bordeaux / LaBRI).
—————————————————————————
L’Ecole de Printemps d’Informatique Théorique est une institution dans
le domaine de l’Informatique Théorique en France. L’Ecole s’est
développée sous la direction de Maurice Nivat en 1973. Durant ses 39
ans d’existence, elle a couvert un large spectre des thèmes porteurs
en informatique théorique et elle représente maintenant le lieu de
rencontre par excellence pour les nouvelles générations de chercheurs
du domaine.

L’édition 2013 s’intéressera à l’algorithmique des réseaux euclidiens
et à ses applications. Les réseaux euclidiens (informellement, les
grilles de points régulièrement espacés dans un espace euclidien) sont
un outil classique en informatique théorique. Un grand nombre de
problèmes algorithmiques classiques et importants (programmation
linéaire entière, factorisation de polynômes à coefficients
rationnels, détection de relations linéaires entre nombres réels, …)
peuvent se ré-exprimer en termes de réseaux euclidiens, et être
résolus en trouvant des vecteurs de petite taille dans des réseaux
bien choisis.

L’algorithmique des réseaux euclidiens est en plein essor. D’importants
progrès ont été réalisés dans le cadre de la compréhension du coût de la
résolution des problèmes algorithmiques centraux (comme calculer des
vecteurs courts de réseaux arbitraires).

Mais surtout, certaines applications se développent à un rythme
effréné. Citons en particulier la cryptographie reposant sur les
réseaux : il s’agit d’un vaste ensemble de primitives cryptographiques
(chiffrement, signatures digitales, protocoles d’identification) dont
la sécurité repose sur la difficulté de problèmes algorithmiques
s’exprimant à l’aide des réseaux. Les raisons de cet engouement sont
multiples : potentiel d’efficacité important, preuves de sécurité sous
un nombre restreint d’hypothèses bien étudiées, résistance apparente
au calcul quantique, et fonctionnalités nouvelles. Une de ces
nouvelles fonctionnalités est le chiffrement homomorphe, permettant
d’effectuer des calculs en n’ayant accès qu’aux données chiffrées,
dont les applications potentielles (à long terme) semblent à ce jour
considérable.

D’autres domaines applications seront abordés : communications
(eg. codes pour les communications sans fil), programmation linéaire
entière, arithmétique des ordinateurs (eg. approximation de fonctions
en vue de leur évaluation efficace). Un cours sera également consacré
à l’analyse d’algorithmes en lien avec la réduction de réseaux.

Orateurs invités :
J.-C. Belfiore (Télécom ParisTech, Paris)
N. Brisebarre (CNRS, Lyon)
D. Dadush (NYU, New York)
G. Hanrot (ENS Lyon, Lyon)
V. Lyubashevsky (INRIA, Paris)
D. Stehlé (ENS Lyon, Lyon)
B. Vallée (CNRS, Caen)

Informations pratiques :
————————
L’école se tiendra à Autrans (Isère) au village vacances des Escandilles,
www.escandille.com.  Une arrivée est prévue le dimanche 17 mars, et la
fin de l’école est prévue le vendredi 22 mars après le déjeuner.

Les frais d’inscription prévisionnels devraient tourner autour de 400
euros, incluant l’hébergement en pension complète.

Calendrier prévisionnel :
————————-
* Pré-inscriptions du 15 décembre au 15 janvier
* Inscription définitive avant le 9 mars.

Dec 07

AVOTE : Principaux résultats du projet

Principaux résultats du projet

Le vote électronique offre de nombreux avantages comme le vote à distance ou l’automatisation de la phase de dépouillement. Cependant, la moindre faille dans un système de vote électronique pourrait conduire à une fraude à grande échelle. L’objectif général du projet était de concevoir des techniques pour analyser la sécurité des protocoles de vote. Nos résultats s’articulent sur quatre principaux plans.

  • Formalisation de propriétés: Nous avons identifié et formalisé les propriétés souhaitées: correction du résultat, confidentialité des votes, impossibilité pour un votant de révéler son vote, vérifiabilité du processus de vote. Nous avons défini formellement ces propriétés dans des modèles symboliques, souvent sous la forme de propriété d’équivalence. (, )
  • Procédures de décision:
    Nous avons développé des techniques pour déterminer si un protocole de vote assure ou non les propriétés souhaitées comme par exemple la confidentialité d’un vote. D’un point de vue technique, cela revient à décider des propriétés d’équivalence sur des algèbres de processus. Nos travaux ont porté sur deux principaux types d’équivalence: équivalence statique (pour un intrus observateur) et équivalence observationnelle (pour un intrus pleinement actif). Dans les deux cas, les propriétés des primitives cryptographiques (chiffrement, ou exclusif, …) sont axiomatisées par des théories équationnelles. Nous avons obtenu de nombreux résultats de décision aussi bien pour l’équivalence statique que pour l’équivalence observationnelle, et cela pour différentes théories équationnelles. (, , , [CD10], , )
  • Outils:
    Nous avons réalisé quatre prototypes pour analyser automatiquement des propriétés d’équivalence de protocoles, et en particulier la confidentialité dans les protocoles de vote. Nos quatre prototypes sont KiSs et , pour un attaquant observateur, ainsi que aKiSs et ADECS/Datep, pour un attaquant pleinement actif.
  • Études de cas:
    Nous avons validé nos résultats sur plusieurs études de cas issues de la littérature dont le protocole FOO, qui est à la base de nombreux protocoles utilisant les signatures en aveugle et le protocole JCJ implémenté en tant que CIVITAS. Nous avons également analysé Helios, un protocole de vote réel, développé récemment par Ben Adida et le Crypto Group de l’Université Catholique de Louvain (UCL). Ce protocole a été utilisé plusieurs fois pour des élections grandeur nature, par exemple en 2009 pour l’élection du recteur de l’UCL avec plus de 5000 votants et aussi en 2010 par l’association internationale de cryptographie (IACR) pour élire son conseil. Nous avons mis à jour une faille dans le protocole Helios permettant de mettre à mal la confidentialité des votes. Nous avons proposé une correction, ainsi qu’une preuve de confidentialité pour la nouvelle version ainsi obtenue. Nous avons également montré qu’Helios assurait la vérifiabilité individuelle et la vérifiabilité universelle, permettant une transparence du scrutin. ([DKR09b], , [KSR10])
    Une autre étude de cas pratique fut le protocole de vote à distance (bulletins imprimés avec codes à barre) utilisé par le CNRS dans le cadre d’élection au CAES (comité d’entreprise du CNRS). Nous avons montré comment il était possible de « bourrer les urnes » et notifié le CNRS . Un correctif a été apporté par la société prestataire, pour le scrutin suivant. ()

L’ensemble des publications du projet est disponible iciSuite du projet: Une partie des thèmes de recherche du projet ANR AVOTÉ a été reprise dans le projet ERC ProSecure (Provably secure systems: foundations, design, and modularity) et dans le projet ANR VIP (Programme JCJC) (Verification of Indistinguishability Properties). Le projet ProSecure a pour but de développer des techniques modulaires et génériques pour analyser de nouvelles familles de protocoles de sécurité, et notamment les protocoles de vote. Le projet VIP s’intéresse plus particulièrement à l’analyse de propriétés du type “respect de la vie privée” qui jouent un rôle important dans de nombreuses applications (dont les protocoles de vote). Une variante d’Helios, appelée Helios-C, est en cours de développement. Cette variante permet d’être conforme aux recommandations de la CNIL (le nom des électeurs ne doit pas être public), tout en garantissant toujours la confidentialité des vote et la vérifiabilité du scrutin, même vis-à-vis d’une urne hébergée sur un serveur malhonnête.

Analyse formelle de protocoles de vote électronique (AVOTÉ).

Aug 11

PHP Shell Detector – web shell detection tool – Emposha

PHP Shell Detector is a php script that helps you find and identify php shells. It also has a “web shells” signature database that helps to identify “web shell” up to 99%.

via PHP Shell Detector – web shell detection tool – Emposha.

May 31

9th European PKI Workshop: Research and Applications (EuroPKI 2012)

CALL FOR PAPERS
9th European PKI Workshop: Research and Applications (EuroPKI 2012)
in conjunction with ESORICS 2012
Pisa, Italy – September 13-14, 2012

The 9th European PKI Workshop: Research and Applications (EuroPKI
2012) will be held in Pisa, Italy.  The workshop seeks submissions
from academia, industry, and government presenting novel research on
all aspects of Public Key Services, Applications, and
Infrastructures. Topics of interest include, but are not limited to:

– Anonymity
– Architecture and modeling
– Attribute-based access control
– Authentication
– Authorization and delegation
– Certificates management
– Cross certification
– Directories
– eCommerce/eGovernment
– Fault-tolerance and reliability
– Federations
– Group signatures
– ID-based schemes
– Identity management
– Implementations
– Interoperability
– Key management
– Legal issues
– Long-time archiving
– Mobile PKI
– Multi-signatures
– PKI in the Cloud
– Policies and regulations
– Privacy
– Privilege management
– Protocols
– Repositories
– Risk attacks
– Scalability and performance
– Security of PKI systems
– Standards
– Timestamping
– Trust management
– Trusted computing
– Ubiquitous scenarios
– Web services security

SUBMISSION INSTRUCTIONS
Submitted papers must not substantially overlap with papers that have
been published or that have been simultaneously submitted to a journal
or a conference with proceedings. All submissions should be
appropriately anonymized (i.e., papers should not contain author names
or affiliations, or obvious citations). Submissions should be at most
16 pages, including the bibliography and well-marked appendices, and
should follow the LNCS style. Submissions are to be made to the
submission web site at easychair.org. Only pdf files will be
accepted. Submissions not meeting these guidelines risk rejection
without consideration of their merits. Papers must be received by the
deadline of June 16, 2012 (11:59 p.m. American Samoa time).  Authors
of accepted papers must guarantee that their papers will be presented
at the workshop. Pre-proceedings will be made available at the
workshop. As for all previous EuroPKI events, it is planned to have
post-proceedings published by Springer in the Lecture Notes in
Computer Science (LNCS) series.

IMPORTANT DATES
Paper submission due: June 16, 2012
Notification to authors: July 15, 2012
Camera ready due: August 1, 2012

ESORICS GENERAL CHAIR
Fabio Martinelli
CNR, Italy

PROGRAM CHAIRS
Sabrina De Capitani di Vimercati
Universita’ degli Studi di Milano, Italy

Chris Mitchell
Royal Holloway, University of London, UK

PUBLICITY CHAIR
Giovanni Livraga
Universita’ degli Studi di Milano, Italy

PROGRAM COMMITTEE
Lejla Batina, Radboud University Nijmegen, The Netherlands
David Chadwick, University of Kent, UK
Sherman S. M. Chow, University of Waterloo, Canada
Paolo D’Arco, University of Salerno, Italy
Bao Feng, Institute for Infocomm Research, Singapore
Eduardo Fernandez-Medina, Universidad de Castilla la Mancha, Spain
Simone Fischer-Huebner, Karlstad University, Sweden
Sara Foresti, Universita’ degli Studi di Milano, Italy
Steven Furnell, Plymouth University, UK
Peter Gutmann, University of Auckland, New Zealand
Ravi Jhawar, Universita’ degli Studi di Milano, Italy
Sokratis Katsikas, University of Piraeus, Greece
Dogan Kesdogan, University of Siegen, Germany
Elisavet Konstantinou, University of the Aegean, Greece
Costas Lambrinoudakis, University of Piraeus, Greece
Herbert Leitold, A-SIT, Austria
Javier Lopez, University of Malaga, Spain
Fabio Martinelli, CNR, Italy
Catherine Meadows, NRL, USA
Stig Mjolsnes, NTNU, Norway
Yi Mu, University of Wollongong, Australia
Svetla Nikova, Katholieke Universiteit Leuven, Belgium
Rolf Oppliger, eSECURITY Technologies, Switzerland
Massimiliano Pala, Polytechnic Institute, USA
Stefano Paraboschi, Universita’ degli Studi di Bergamo, Italy
Andreas Pashalidis, K.U.Leuven, Belgium
Olivier Pereira, Universite Catholique de Louvain, Belgium
Gunther Pernul, Universitat Regensburg, Germany
Sasa Radomirovic, University of Luxembourg,  Luxembourg
Pierangela Samarati, Universita’ degli Studi di Milano, Italy
Sean Smith, Dartmouth College, USA

CONFERENCE WEB PAGE: http://europki2012.dti.unimi.it
PC CHAIRS EMAIL: europki2012@unimi.it

May 14

Journal of Information Security

You are cordially invited to submit a manuscript to the Journal of Information Security (JIS, ISSN:2153-1242), published by Scientific Research Publishing (SCIRP).It is an international peer-reviewed open access journal devoted to publication of original contributions in relevant areas of information security.

 

Being an open access journal we offer the following advantages:

  • Researchers around the world have full access to all the published articles
  • Widest dissemination of your published work ensuring greater visibility
  • Free downloads of the published articles without any subscription fee

 

The journal of JIS has a distinguished editorial board ensuring that it maintains high scientific standards with a broad international coverage. To view a list of the journal’s editors please visitwww.scirp.org/journal/jis.

Aims & Scope of the journal include:

  • Access Control
  • Anti-Virus and Anti-Worms
  • Authentication and Authorization
  • Biometric Security
  • Cryptography
  • Data and System Integrity
  • Database Security
  • Distributed Systems Security
  • Electronic Commerce Security
  • Fraud Control
  • Grid Security
  • Information Hiding and Watermarking
  • Information Privacy
  • Information Security Engineering
  • Intellectual Property Protection
  • Intrusion Detection
  • Key Management and Key Recovery
  • Language-based Security
  • Network Security
  • Operating System Security
  • Risk Evaluation and Security Certification
  • Security for Mobile Computing
  • Security Models
  • Security Protocols
  • Security and Privacy for Social Computing
  • Security Evaluation
  • Signature and Key Agreement Protocol
  • Software Security
  • System Security
  • Trusted Computing and Trustworthy Computing Technology

Please read over the journal’s Author Guidelines for more information on the journal’s policies and the submission process. Once a manuscript has been accepted for publication, it will undergo language copyediting, typesetting, and reference validation in order to ensure the highest quality of publication quality.

Please do not hesitate to contact me if you have any questions about the journal.

Best regards,

Prof. Gyungho Lee
Editor in Chief
eic.jis@scirp.org

JIS Editorial Office
Scientific Research Publishing

May 11

Seminar: Helena Bruyninckx “Merkle signatures” (May 15, 2012)

May 15, 2012 – 12.30 – Computer Department Seminar Room – NO Building, 8th floor (2NO8.08)

Speaker : Helena Bruyninckx (ULB & RMA)

Title : Merkle signatures

Apr 24

9th European PKI Workshop: Research and Applications (EuroPKI 2012)

CALL FOR PAPERS
9th European PKI Workshop: Research and Applications (EuroPKI 2012)
in conjunction with ESORICS 2012
Pisa, Italy – September 13-14, 2012

The 9th European PKI Workshop: Research and Applications (EuroPKI
2012) will be held in Pisa, Italy.  The workshop seeks submissions
from academia, industry, and government presenting novel research on
all aspects of Public Key Services, Applications, and
Infrastructures. Topics of interest include, but are not limited to:

– Anonymity
– Architecture and modeling
– Attribute-based access control
– Authentication
– Authorization and delegation
– Certificates management
– Cross certification
– Directories
– eCommerce/eGovernment
– Fault-tolerance and reliability
– Federations
– Group signatures
– ID-based schemes
– Identity management
– Implementations
– Interoperability
– Key management
– Legal issues
– Long-time archiving
– Mobile PKI
– Multi-signatures
– PKI in the Cloud
– Policies and regulations
– Privacy
– Privilege management
– Protocols
– Repositories
– Risk attacks
– Scalability and performance
– Security of PKI systems
– Standards
– Timestamping
– Trust management
– Trusted computing
– Ubiquitous scenarios
– Web services security

SUBMISSION INSTRUCTIONS
Submitted papers must not substantially overlap with papers that have
been published or that have been simultaneously submitted to a journal
or a conference with proceedings. All submissions should be
appropriately anonymized (i.e., papers should not contain author names
or affiliations, or obvious citations). Submissions should be at most
16 pages, including the bibliography and well-marked appendices, and
should follow the LNCS style. Submissions are to be made to the
submission web site at easychair.org. Only pdf files will be
accepted. Submissions not meeting these guidelines risk rejection
without consideration of their merits. Papers must be received by the
deadline of May 25, 2012 (11:59 p.m. American Samoa time).  Authors
of accepted papers must guarantee that their papers will be presented
at the workshop. Pre-proceedings will be made available at the
workshop. As for all previous EuroPKI events, it is planned to have
post-proceedings published by Springer in the Lecture Notes in
Computer Science (LNCS) series.

IMPORTANT DATES
Paper submission due: May 25, 2012
Notification to authors: July 15, 2012
Camera ready due: August 1, 2012

ESORICS GENERAL CHAIR
Fabio Martinelli
CNR, Italy

PROGRAM CHAIRS
Sabrina De Capitani di Vimercati
Universita’ degli Studi di Milano, Italy

Chris Mitchell
Royal Holloway, University of London, UK

PUBLICITY CHAIR
Giovanni Livraga
Universita’ degli Studi di Milano, Italy

PROGRAM COMMITTEE
Lejla Batina, Radboud University Nijmegen, The Netherlands
David Chadwick, University of Kent, UK
Sherman S. M. Chow, University of Waterloo, Canada
Paolo D’Arco, University of Salerno, Italy
Bao Feng, Institute for Infocomm Research, Singapore
Eduardo Fernandez-Medina, Universidad de Castilla la Mancha, Spain
Simone Fischer-Huebner, Karlstad University, Sweden
Sara Foresti, Universita’ degli Studi di Milano, Italy
Steven Furnell, Plymouth University, UK
Peter Gutmann, University of Auckland, New Zealand
Ravi Jhawar, Universita’ degli Studi di Milano, Italy
Sokratis Katsikas, University of Piraeus, Greece
Dogan Kesdogan, University of Siegen, Germany
Elisavet Konstantinou, University of the Aegean, Greece
Costas Lambrinoudakis, University of Piraeus, Greece
Herbert Leitold, A-SIT, Austria
Javier Lopez, University of Malaga, Spain
Fabio Martinelli, CNR, Italy
Catherine Meadows, NRL, USA
Stig Mjolsnes, NTNU, Norway
Yi Mu, University of Wollongong, Australia
Svetla Nikova, Katholieke Universiteit Leuven, Belgium
Rolf Oppliger, eSECURITY Technologies, Switzerland
Massimiliano Pala, Polytechnic Institute, USA
Stefano Paraboschi, Universita’ degli Studi di Bergamo, Italy
Andreas Pashalidis, K.U.Leuven, Belgium
Olivier Pereira, Universite Catholique de Louvain, Belgium
Gunther Pernul, Universitat Regensburg, Germany
Sasa Radomirovic, University of Luxembourg,  Luxembourg
Pierangela Samarati, Universita’ degli Studi di Milano, Italy
Sean Smith, Dartmouth College, USA

CONFERENCE WEB PAGE: http://europki2012.dti.unimi.it
PC CHAIRS EMAIL: europki2012@unimi.it