From hgi-news-international at lists.ruhr-uni-bochum.de Sun Jun 22 14:50:53 2008 From: hgi-news-international at lists.ruhr-uni-bochum.de (English Newsletter of the Horst Gö rtz Institute of IT Security in Bochum) Date: Sun, 22 Jun 2008 14:50:53 +0200 Subject: [HGI-news-int] Mailinglist Eurocrypt 2009 Message-ID: <485E4AAD.2060309@hgi.rub.de> Hi, To be reminded on the Eurocrypt 2009 deadline, early bird registration, and other interesting news, you can simply subscribe to its mailing list at http://lists.ruhr-uni-bochum.de/mailman/listinfo/eurocrypt2009 We'll keep the number of announcements low (and the list moderated), so you won't have too many eMails in your inbox! And the best bit: you won't miss out any important news :-) Apart from this, you can view more information on Eurocrypt 2009 at http://www.iacr.org/conferences/eurocrypt2009/ Cheers, Christopher From hgi-news-international at lists.ruhr-uni-bochum.de Thu Jun 26 16:29:42 2008 From: hgi-news-international at lists.ruhr-uni-bochum.de (English Newsletter of the Horst Gö rtz Institute of IT Security in Bochum) Date: Thu, 26 Jun 2008 16:29:42 +0200 Subject: [HGI-news-int] Newsletter 01e Message-ID: <4863A7D6.10408@hgi.rub.de> **No 01e Thursday, 26 June 2008** http://www.hgi.rub.de/hgi/newsletter/n01e Horst G?rtz Institute for IT-Security in Informationsystems Ruhr-University Bochum, Germany http://www.hgi.rub.de/ Content ======= First English HGI Newsletter http://www.hgi.rub.de/hgi/newsletter/n01e#first-english-hgi-newsletter REMOTE KEYLESS entry system for cars and buildings hacked http://www.hgi.rub.de/hgi/newsletter/n01e#remote-keyless-entry-system-for-cars-and-buildings-hacked Conference "Future of Trust in Computing" http://www.hgi.rub.de/hgi/newsletter/n01e#conference-future-of-trust-in-computing CHES Workshop http://www.hgi.rub.de/hgi/newsletter/n01e#ches-workshop Workshop SWSOA http://www.hgi.rub.de/hgi/newsletter/n01e#workshop-swsoa 6th escar - Embedded Security in Cars Conference http://www.hgi.rub.de/hgi/newsletter/n01e#th-escar-embedded-security-in-cars-conference EUROCRYPT 2009 http://www.hgi.rub.de/hgi/newsletter/n01e#eurocrypt-2009 SECSI - Secure Component and System Identification http://www.hgi.rub.de/hgi/newsletter/n01e#secsi-secure-component-and-system-identification TRUST 2008 http://www.hgi.rub.de/hgi/newsletter/n01e#trust-2008 Prof. Dr. J?rg Schwenk and the HGI organised the workshop on "E-Security in the E-Government http://www.hgi.rub.de/hgi/newsletter/n01e#prof-dr-j-rg-schwenk-and-the-hgi-organised-the-workshop-on-e-security-in-the-e-government a-i3/BSI Symposium 2008: Security and Identity in Internet Portals http://www.hgi.rub.de/hgi/newsletter/n01e#a-i3-bsi-symposium-2008-security-and-identity-in-internet-portals CACE (Computer Aided Cryptography Engineering) started in January this year http://www.hgi.rub.de/hgi/newsletter/n01e#cace-computer-aided-cryptography-engineering-started-in-january-this-year Dr.-Ing. Marko Wolf achived "outstanding" (sehr gut) for his Ph.D. http://www.hgi.rub.de/hgi/newsletter/n01e#dr-ing-marko-wolf-achived-outstanding-sehr-gut-for-his-ph-d Prof. Dr. Alexander May is member of the Programm Committee of the SCC http://www.hgi.rub.de/hgi/newsletter/n01e#prof-dr-alexander-may-is-member-of-the-programm-committee-of-the-scc Timo Kasper member of the programme committee of the 4th RFID-Security Workshop http://www.hgi.rub.de/hgi/newsletter/n01e#timo-kasper-member-of-the-programme-committee-of-the-4th-rfid-security-workshop Transfer Price for Prof. Dr.-Ing. Ahmad-Reza Sadeghi http://www.hgi.rub.de/hgi/newsletter/n01e#transfer-price-for-prof-dr-ing-ahmad-reza-sadeghi Stevens and Ruhr University sign MOU for IT security research http://www.hgi.rub.de/hgi/newsletter/n01e#stevens-and-ruhr-university-sign-mou-for-it-security-research Workshop "Sicherheit 2008" in Saarbr?cken http://www.hgi.rub.de/hgi/newsletter/n01e#workshop-sicherheit-2008-in-saarbr-cken Guests http://www.hgi.rub.de/hgi/newsletter/n01e#guests HGI Seminar http://www.hgi.rub.de/hgi/newsletter/n01e#hgi-seminar Invited Talks http://www.hgi.rub.de/hgi/newsletter/n01e#invited-talks Information http://www.hgi.rub.de/hgi/newsletter/n01e#information PUBLICATIONS http://www.hgi.rub.de/hgi/newsletter/n01e#publications First English HGI Newsletter ============================ Having started June 2003 with our first _German_ [http://www.hgi.rub.de/hgi/newsletter/ newsletter], we received a lot of encouragement and an ever growing number of readers since then. Hence we have decided to take the idea of this newsletter a bit furher and to compile a special *international version* of it. The first item is now in your hand - or well, in your Inbox. We have selected news from the past three newsletters, covering a period from January 2008 onwards. The idea is to publish an English newsletter every 2-4 month - depending on the number of news items we have. We all here at the Horst G?rtz Institute for IT-Security in Bochum, Germany, do hope very much that you find the newsletter interesting and helpful. If you have any comments - both positive or negative - please drop us a line: hgi-office at rub.de top_ REMOTE KEYLESS entry system for cars and buildings hacked ========================================================= Prof. Paar and his Communication Security Group, as part of the Horst G?rtz Institute for IT Security presented a complete break of remote keyless entry systems based on the KeeLoq RFID technology as part of their research in embedded security. The shown vulnerability applies to all known car and building access control systems that rely on the KeeLoq cipher. The security hole allows illegitimate parties to access buildings and cars after remote eavesdropping from a distance of up to 100 meters. The attack - which combines sidechannel cryptoanalysis with specific properties of the KeeLoq algorithm - can be applied to all known variants in which KeeLoq is used in real world systems. Besides the frequent use of KeeLoq for garage door openers and other building access applications, it is also known that several automotive manufacturers like Toyota/Lexus base their anti-theft protection on assumed secure devices featuring KeeLoq. http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/projects/keeloq/keel/oq_en.pdf Microsoft CardSpace defeated by HGI Students Xuan Chen and Christoph L?hr, two outstanding IT-security students at Horst G?rtz Institute for IT Security (HGI), have implemented an attack against CardSpace and show that an identity thief may filch the authentication token issued by CardSpace. This is a crucial security problem. CardSpace is supposed to replace login-procedures Web-wide - at least if the plans of Microsoft and other major players such as Google, Yahoo and VeriSign come true. http://demo.nds.rub.de/cardspace/ top_ EVENTS TO COME: =============== Conference "Future of Trust in Computing" ----------------------------------------- This conference will take place on 1. - 2. July 2008 in Berlin and will be supported by the HGI. "Future of Trust in Computing" aims at bringing together researchers, regulators, technology developers, consumer organizations, and users of new technologies to discuss issues associated with preserving and enforcing users' trust in digital economy. Trust is a complex notion combining technical and policy issues, and this conference offers a venue to talk about trust in a holistic way. The focus of the event is on the adoption and development of Trusted Computing technologies, their future trends and technology innovations, and privacy/policy issues addressed from legal, technological and usability points of view. The conference takes place at the Swissotel Berlin on the Kurf?rstendamm and proposes an ambitious program including talks on numerous areas of TC technology and policy, panel discussions, and ample opportunities for networking. Prof. Dr.-Ing. Ahmad-Reza Sadeghi (Chair for System Security) is member of its Steering Committee and one of the Program Co-Chairs. http://www.tc-conference.com/ top_ CHES Workshop ------------- On 10 - 13 August this year the 10. CHES workshop will take place in Washington, DC USA. This series was launched by Prof. Dr.-Ing. Christof Paar who now is President of the CHES Steering Committee. Another member of the HGI, Prof. Dr.-Ing. Ahmad-Reza Sadgehi and a former member (Dr. Lemke-Rust) act as members of the Programme Committee. The CHES workshop is THE platform for exchanging results and scientific progress in all areas of cryptographic hardware and embedded security systems. It bridges the gap between cryptographic research and applied cryptography. Therefore participants from either science, industry and other organisations are equally welcome. Already now, the number of participants has reached 250. http://www.chesworkshop.org top_ Workshop SWSOA -------------- This workshop will take place on 11. September 2008 in Munich. Its target is to bring together researchers and industry practitioners that are engaged in all kinds of security issues related to Web Services, Web Service compositions and Service-Oriented Architectures in general. It is intended to be a forum for presenting and exchanging new ideas, discussing security problems with existing specifications and exploring new fields in the area of enabling security, privacy and trust for Web Services and Service-Oriented Architecture. It is part of the 38. Annual Convention of the "Gesellschaft f?r Informatik". Prof.-Dr. Schwenk (Chair for Network and Data Security) is member of its Program Committee http://swsoa.comsys.informatik.uni-kiel.de/committee.html top_ 6th escar - Embedded Security in Cars Conference ------------------------------------------------ This conference will take place on 18. - 19. November 2008 in Hamburg. escar has established itself as the premier forum for information, discussion and exchange of ideas in this innovative field of security in cars. Information technology is the driving force behind innovations in the automotive industry. One crucial aspect of future IT applications in cars is the IT security of embedded applications. Embedded security will be an enabling technology for the majority of car IT sytems such as telematics, infotainment, secure software download, and ad hoc networks. escar is the premier international conference which provides a forum for a systematic treatment of this emerging field. Prof. Dr.-Ing. Christof Paar (Chair for Embedded Security) will be one of the Program Chairs. http://www.escar.info/ top_ EUROCRYPT 2009 -------------- The HGI has been invited by the IARC to run and organise the Eurocrypt 2009. It is the largest crypto conference in the world. General Chair is Prof. Dr. Alexander May, Co-Chairs are Prof. Dr. Roberto Avanzi, Prof. Dr.-Ing. Christof Paar, Prof. Dr. - Ing. Ahmad-Reza Sadgehi, Prof. Dr. J?rg Schwenk und Dr. Christopher Wolf. The conference will take place in Cologne from April 26-30, 2009 at the Maritim Hotel. http://www.iacr.org/conferences/eurocrypt2009/index.html top_ Further News ============ SECSI - Secure Component and System Identification -------------------------------------------------- From 17. to 18. March 2008 the Workshop "Secure Component and System Identification (SECSI)" organized by the Horst G?rtz Institut took place in Berlin. The secure identification of devices - a seemingly specific problem - is a major concern for a large number of applications. Counterfeiting of all kinds of products (ranging from textiles over pharmaceuticals to bank notes) and parts (from rinter cartridges over ICs to spare parts for heavy machinery) are areas with urgent need for strong and secure device identification. RFID systems are a second application domain. Finally, secure identification is important for access control. The goal of the workshop was to bring together researchers and practitioners in this emerging area. The main focus was on technical solutions for the problem of device identification. Thus, researchers from academia and industry as well as people from the application areas of device identification have contributed to SECSI workshop. http://www.secsi-workshop.org top_ TRUST 2008 ---------- Prof. Sadeghi was scientific chair of the conference TRUST 2008, that was held from 11th-13th March in Villach, Austria (http://www.trust2008.eu/). The conference aimed at bringing together scientists from all over the world, who work in the field of Trusted Computing. It is the first time that TRUST was held. More than 140 scientist participated in this event. While chairing TRUST 2008, Prof. Sadeghi, Chair of System Security at the Ruhr-University Bochum, at the same time organized an introductory session into this area. Topis as "Trusted Channels", "Trusted Virtual Domains", "Runtime Monitoring" and methods were discussed with international research partners such as e.g. IBM Research Z?rich, HPLabs Bristol and the Politechnikum of Turin. The focus was on promoting research and publishing papers. More Infos: http://www.trust2008.eu top_ Prof. Dr. J?rg Schwenk and the HGI organised the workshop on "E-Security in the E-Government -------------------------------------------------------------------------------------------- On 31 March 2008 the Horst G?rtz Institute together with the "Physikalisch-Technische Bundesanstalt" organised a one-day workshop on "E-Security in the E-Government" in Bochum. Current topics in the area of electronic administration such as e.g. "B?rgerportale", electronic identity card or legal long-term storage of electronic data have been discussed. The workshop was mainly for practising experts working in public services. www.hgi.rub.de/egov/ top_ a-i3/BSI Symposium 2008: Security and Identity in Internet Portals ------------------------------------------------------------------ Around 140 participated on April 22/23 at the 3rd interdisciplinary Symposium of the working group identity protection in the Internet (a-i3) and the German Fedederal Office for Information Security (BSI). Main organizers were the HGI members Prof. Dr. Georg Borges and Prof. Dr. J?rg Schwenk. Main topic were both technial and legal aspects of Internet portals and current developments in Germany regarding the federal eMail concept D-Mail, payment in the European Payment Area SEPA and current developments in identity theft. https://www.a-i3.org/content/view/948/234/ top_ CACE (Computer Aided Cryptography Engineering) started in January this year --------------------------------------------------------------------------- CACE is co-financed by the European Commission under EU Framework Programme 7. The project is running for 3 years from January 2008 until December 2010. The consortium of the project consists of twelve European partners from nine countries, among which is the Horst G?rtz Institute. The central objective is the development of a toolbox that supports the production of high quality cryptographic software. The department of System Security aims at providing crypto engineers and practicioners with Zero-Knowledge Proofs (ZKPOK) . www.trust.rub.de/home/current-projects/cace/ top_ Dr.-Ing. Marko Wolf achived "outstanding" (sehr gut) for his Ph.D. ------------------------------------------------------------------ Dr.-Ing. Marko Wolf completed his Ph.D. entitled "Security Engineering for Vehicular IT Systems, Improving Trustworthiness and Dependability of Automotive IT Applications" on April 4, 2008 with "outstanding" (sehr gut). The thesis was written under supervision of Prof. Dr. Christof Paar, second advisor was Prof. Dr. Wilhem Sch?fer (University Paderborn). top_ Prof. Dr. Alexander May is member of the Programm Committee of the SCC ---------------------------------------------------------------------- Prof. May was member of the Programm Committee of the first international conference on "Symbolic Computation and Cryptography", the SCC 2008, which will took place on 28. - 30. April in Beijing. The SCC 2008 is the first such conference in series, where research and developments in the area of symbolic computation and cryptography were presented and discussed. http://www.cc4cm.org/scc2008/ top_ Timo Kasper member of the programme committee of the 4th RFID-Security Workshop ------------------------------------------------------------------------------- From July 9-11, 2008, the forth Workshop on RFID-Security will take place in Budapest. This year, the workshop will concentrate on solutions for security and data protection in advanced contactless technologies like RFID. Timo Kasper from the chair of Embedded Security is member of the programme committee. In addition, his college Thomas Eisenbarth will give an invited talk entitled "Open Sesame! How Secure are RFID Access Controll Systems?" http://events.iaik.tugraz.at/RFIDSec08/ top_ Transfer Price for Prof. Dr.-Ing. Ahmad-Reza Sadeghi ---------------------------------------------------- The winners of last year's innovation and transfer prize have been Prof. Sadeghi (Chair for System Security) together with Ammar Alkassar and Christian St?bl, both from Sirrix Security Technologies AG, as well as Prof. Dr. Dr. med. Hanns Hatt (Chair of Cell Physiology, RUB). The price is a donnation of the "Gesellschaft der Freunde der RUB" and the rubitec GmbH. With this prize the Ruhr-University Bochum honours the successful implementation of Know How of the University into marketable products and policies. top_ Stevens and Ruhr University sign MOU for IT security research ------------------------------------------------------------- On 13 December last year Prof. Dr.-Ing. Christof Paar chaired the "US-German Round Table on IT Security" at the University Club in New York City. Prof. Dr. Pinkwart, Minister for Innovation, Science, Research and Technology was among the guests, as well as further members of the ministry and 15 top class American scientists. Bochum turned out to be the top location for IT Security in Germany, which was highlighted by the short presence of Prof. Dr. Elmar Weiler, Rector of Ruhr University. Prof. Susanne Wetzel from the Stevens Institute of Technology and Prof. Paar took this occasion to initialize a "Memorandum of Understanding" for a partnership between their institutes, to promote the exchange of undergraduate and graduate students. top_ Workshop "Sicherheit 2008" in Saarbr?cken ----------------------------------------- On 2 - 4 April 2008 the Conference "Sicherheit 2008" took place in Saarbr?cken where experts from science and industry have been discussing current topics on IT security. The conference offered the possibility to present scientific results as well as industrial innovations within an intense and scientifically based exchange of knowledge between all the participants. One of the session chairs was Dr. Frederik Armknecht, Dr. Christopher Wolf was member of the programme committee. http://www.sicherheit2008.de top_ Guests ====== | http://www.hgi.rub.de/deutsch/newsletter/HGI-Newsletter27.htm#10 | `Martin Novotny` (Januar - M?rz 2008) | Czech Technical University, Prag / Tschechische Republik | Lehrstuhl EMSEC, http://www.emsec.rub.de/team.html | | `Amir Moradi` (Januar - M?rz 2008) | Sharif University of Technology, Teheran / Iran | Lehrstuhl EMSEC, http://www.emsec.rub.de/team.html | | `Miguel Morales Sandoval` (Januar 2008) | Instituto Nacional de Astrofisica, Puebla, Pue / Mexico | Lehrstuhl EMSEC, http://www.emsec.rub.de/team.html | | `Saar Drimer` (Januar 2008) | The University of Cambridge, Cambridge / UK | Lehrstuhl EMSEC, http://www.emsec.rub.de/team.html | | `Ivan Visconti` (Februar 2008) | Universit? degli Studi di Salerno (UNISA), Salerno/ Italien | Lehrstuhl TRUST, http://www.trust.rub.de/staff | | `Seyyd Hasan Mir Jalili` (M?rz 2008) | EPFL, Lausanne / Schweiz | Lehrstuhl EMSEC, http://www.emsec.rub.de/team.html | top_ | HGI Seminar =========== | `22 Oct 2007 Daniel Bailey / RSA Laboratories` | **WARP: Wireless Authenticator Research Project** | http://www.hgi.rub.de/deutsch/lehrangebot/seminar/ws200708.html#a01 | | | `25 Oct 2007 Prof. Dr. Daniel J. Bilar / Wellesley College, Massachusetts (USA)` | **Flying below the Radar: Practical and Theoretical Malware Challenges** | http://www.hgi.rub.de/deutsch/lehrangebot/seminar/ws200708.html#a02 | | `8 Nov 2007 Lijun Liao / Ruhr-University Bochum` | **Signieren mit Chipkartensystemen in unsicheren Umgebungen** | http://www.hgi.rub.de/deutsch/lehrangebot/seminar/ws200708.html#a02 | | `15 Nov 07 Dr. Guido Blady / Ruhr-University Bochum` | **Punktez?hlalgorithmen f?r den Hecke-Operator und Anwendungen auf Modulkurven von Geschlecht 4** | http://www.hgi.rub.de/deutsch/lehrangebot/seminar/ws200708.html#a04| | | `22 Nov 07 Dr. Shujun Li / FernUniversit?t Hagen` | **Multimedia Encryption: Problems, Incompatibilities, and New Perspectives** | http://www.hgi.rub.de/deutsch/lehrangebot/seminar/ws200708.html#a05 | | `29 Nov 07 Patrick Stewin / Ruhr-University Bochum` | **Beyound Secure Channels** | http://www.hgi.rub.de/deutsch/lehrangebot/seminar/ws200708.html#a06 | | `06 Dec 07 Amir Moradi / Sharif University of Technology, Teheran` | **DPA-Resistant Logic Styles and Power Efficiency** | http://www.hgi.rub.de/deutsch/lehrangebot/seminar/ws200708.html#a07 | | `13 Dec 07 Dr. Frederik Armknecht / Ruhr-Universitz Bochum` | **Algebraic Attacks on Stream Ciphers** | http://www.hgi.rub.de/deutsch/lehrangebot/seminar/ws200708.html#a08 | | `10 Jan 08 Maike Ritzenhofen / Ruhr-University Bochum` | **Solving systems of modular equations in one variable** | http://www.hgi.rub.de/deutsch/lehrangebot/seminar/ws200708.html#a09 | | `17 Jan 08 Alberto Escalante / Ruhr-University Bochum` | **A Privacy-Protecting Multi-Coupon Scheme with Stronger Protection against Splitting** | http://www.hgi.rub.de/deutsch/lehrangebot/seminar/ws200708.html#a10 | | `31 Jan 2008 Matthias Niesing / secunet Security Networks AG` | **EAC-PKI f?r elektronische Reisedokumente** | http://www.hgi.rub.de/deutsch/lehrangebot/seminar/ws200708.html#a12 | | `7 Feb 2008 Thomas Schneider / University of Erlangen-N?rnberg` | **A Practical Universal Circuit Construction and Secure Evaluation of Private Functions** | http://www.hgi.rub.de/deutsch/lehrangebot/seminar/ws200708.html#a13 | | `21 Febr 2008 Ivan Visconti / Universita degli Studi di Salerno (Italien)` | **Co-Sound YK Proofs with Public Keys** | http://www.hgi.rub.de/deutsch/lehrangebot/seminar/ws200708.html#a14 | | `6 March 2008 Benedikt H?fer / Ludwig-Maximilians-University M?nchen` | **Paarungen und ihre ambivalente Rolle in der Kryptographie** | http://www.hgi.rub.de/deutsch/lehrangebot/seminar/ws200708.html#a15 | | `13 March 2008 Dr. Francois-Xavier Standaert / Universit? Catolique de Louvain, Belgium` | **A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks** | http://www.hgi.rub.de/deutsch/lehrangebot/seminar/ws200708.html#a16 | | `20 March 2008 Karsten Nohl / University of Virginia, USA` | **From Silicon to C: Reverse-Engineering Cryptographic Hardware** | http://www.hgi.rub.de/deutsch/lehrangebot/seminar/ws200708.html#a17 | | `3 April 2008 Christoph B?sch / Ruhr-University Bochum` | **Efficient Fuzzy Extractors for Reconfigurable Hardware** | http://www.hgi.rub.de/deutsch/lehrangebot/seminar/ws200708.html#a18 | | `10 April 2008 Jesse Walker / Intel Corporation (USA)` | **Distributed Trust in Community Networks** | http://www.hgi.rub.de/hgi/hgi-seminar/aktuelles/#a02 | | `11 April 2008 Giovanni di Crescenzo / Telcordia Technologies, (NJ, USA)` | **Perfectly Secure Password Protocols in the Bounded Retrieval Model** | http://www.hgi.rub.de/hgi/hgi-seminar/aktuelles/#a03 | | `17 April 2008 Tibor Jager / Ruhr-University Bochum` | **On Black-Box Ring Extraction and Integer Factorization** | http://www.hgi.rub.de/hgi/hgi-seminar/aktuelles/#a04 | | `24 April 2008 Martin Novotny and Andy Rupp / Ruhr-University Bochum` | **Realtime A5/1 Attacks with Precomputed Tables** | http://www.hgi.rub.de/hgi/hgi-seminar/aktuelles/#a05 | | `8 Mai 2008 Sandra Steinbrecher / TU Dresden` | **Mehrseitige Sicherheit in Reputationssystemen** | http://www.hgi.rub.de/hgi/hgi-seminar/aktuelles/#a06 | | `15 May 2008 Steffen Schulz / Ruhr-University Bochum` | **Bleichenbacher-Angriff auf SSL mit RSA-PKCS#1** | http://www.hgi.rub.de/hgi/hgi-seminar/aktuelles/#a07 | | `21 May 2008 A. Moradi, Thomas Eisenbarth und T. Kasper / Ruhr-University Bochum` | **On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoq Code Hopping Scheme** | http://www.hgi.rub.de/hgi/hgi-seminar/aktuelles/#a08 | | `30 May 2008 Eike Kiltz / CWI (The Netherlands)` | **Programmable Hash Funktions and Their Applications** | http://www.hgi.rub.de/hgi/hgi-seminar/aktuelles/#a09 | | `5 June 2008 Ralf Benzm?ller / G DATA, Bochum` | **Schadcode im Internet** | http://www.hgi.rub.de/hgi/hgi-seminar/aktuelles/#a10 | | `12 June 2008 Kerstin Lemke-Rust / Ruhr-University Bochum` | **Multivariate Seitenkanalanalysen** | http://www.hgi.rub.de/hgi/hgi-seminar/aktuelles/#a11 | top_ | Invited Talks: ============== During the meeting "RFID Security: Theory and Practice", March 26-29, 2008, `Prof. Dr.-Ing. Christof Paar` gave the following talk **"The Constructive and Destructive Side of Modern Cryptography for RFID Security**". On February 21, 2008 `Prof. Dr.-Ing. Christof Paar` gave the following talk: **"Security Applications in Cars" during the workshop on Secure Vehicular Communications: Results and Challenges Ahead"** in Lausanne, Switzerland. During the meeting "RFID CUSP Worshop" at the John Hopkins University, USA, `Prof. Dr.-Ing. Christof Paar` gave the following talk: **"New Directions in Lightweight Cryptographic Primitives for RFID Applications"**. During the Workshop on "Secure Component and System Identification" held on March 17-18,2008 in Berlin `Prof. Dr. Ahmad Sadeghi` gave a talk about the security on e-Passports with the following title: **"Identification Protocols Revisited - Episode I: E-Passports"** based on a joint work with C. Blundo, G. Persiano, and Ivan Visconti. (http://www.secsi-workshop.org/) During "Software & Systems Quality Conference 2008", April 15-18 2008, `Prof. Dr.-Ing. Christof Paar` gave the following Keynote-Talk **"The Next 10 Years of IT Security: iPhone, Xbox and BMWs"**. During "ECRYPT: Challenges and Perspectives for Academia and Industry" in Antwerpen, May 29, 2008; `Prof. Dr.-Ing. Christof Paar` gave the presentation: **"Constructive and Destructive Aspects of Embedded Security for Current and Future Cars"**. On May 5th, 2008 `Prof. Dr. J?rg Schwenk` gave during the IBM TEC Meeting in Stuttgart a presentation regarding **?HGI - mit Sicherheit vorne dabei? (translation: "HGI - front runner of IT Security")**. During the "Workshop RFID Security: Theory and Practice" in Leiden (Lorentz Center), March 26-29, 2008, `Prof. Dr. Christof Paar` gave the presentation **"The Constructive and Destructive Side of Modern Cryptography for RFID Security"**. During the annual meeting of the German society on Dataprotection and Data Security (DuD 2008 - Datenschutz und Datensicherheit), `Prof. Dr. Ing. Christof Paar` gave on June 10, 2008, the presentation **"Schwachstellen bei Funkt?r?ffnern und Verschl?sselung mit 1000 Gattern" (translation: "Weaknesses at remote door openers and encryption with 1000 gates")**. At the 7th XML-Signature Workshop in Hagenberg, Austria, May 19+20, 2008, `Lijun Liao` has presented **"Semanik f?r XML-Signatur" (translation: "Semantic for XML-Signature") and "Sichere Webmail mit WS-Trust" (translation: "Secure Web-Mail with WS-Trust")**. During the D.A.CH Security 2008 on June 25, 2008, `Dr. Christoph Wegener` and `Dirk Birk` presented **Web Exploit Toolkits im Vergleich - Moderne Infektionsroutinen (translation: "Comparison between Web Exploit Toolkits - Modern Infection Routines")**. http://www.syssec.at/dach08_programm/#t2s1b: top_ | PUBLICATIONS: ------------- `F. Armknecht, J. Furukawa, K. Kurosawa`: **A Universally Composable Group Key Exchange Protocol with Minimum Communication Effort** SCN 2008 `Andrey Bogdanov`: **Multiple-Differential Side-Channel Collision Attacks on AES** Workshop on Cryptographic Hardware and Embedded Systems (CHES 2008), LNCS, Springer-Verlag, 2008. `Nicolas T. Courtois, Gregory V. Bard, Andrey Bogdanov: **Periodic Ciphers, Ciphers with Small Blocks and Cryptanalysis of KeeLoq** Tatra Mountains Mathematical Publications, to appear in 2008. `Andrey Bogdanov, Gregor Leander, Christof Paar, Axel Poschmann, M.J.B. Robshaw, Yannick Seurin. Hash Functions and RFID Tags : Mind The Gap` **Workshop on Cryptographic Hardware and Embedded Systems (CHES 2008)** LNCS, Springer-Verlag, 2008. `Andy Rupp, Gregor Leander, Endre Bangerter, Ahmad-Reza Sadeghi, Alexander W. Dent`: **Sufficient Conditions for Computational Intractability Regarding Generic Algorithms** Cryptology ePrint Archive: Report 2007/360, http://eprint.iacr.org/2007/360 `Armknecht, Frederik; Escalante, Alberto; Loehr, Hans; Manulis, Mark; Sadeghi, Ahmad-Reza (2008)`: **Secure Multi-Coupons for Federated Environments: Privacy-Preserving and Customer-Friendly**, angenommen f?r: The 4th Information Security Practice and Experience Conference (ISPEC 2008), 21-23 April 2008, Sydney, Australia. URL (SpringerLink): http://dx.doi.org/10.1007/978-3-540-79104-1_3 `Balasubramanin, Sundar; Bogdanov, Andrey; Rupp, Andy; Ding, Jintai; Carter, Harold W. (2008)`: **Fast Multivariate Signature Generation in Hardware. The Case of Rainbow** (Poster), angenommen f?r IEEE Symposium on Field-Programmable Custom Computing Machines, April 2008 `Benedikt Driessen, Axel Poschmann, Christof Paar`: **Comparison of Innovative Signature Algorithms for WSNs**, angenommen auf: der ACM Konferenz WiSec 2008, 31.03.2008 - 02.04.2008 in Alexandria, Virginia, USA http://www.crypto.rub.de/imperia/md/content/texte/publications/conferences/s ignatures_wisec2008.pdf `Bodo M?ller, Andy Rupp`: **Faster Multi-Exponentiation through Caching: Accelerating (EC)DSA Signature Verification Cryptology ePrint Archive**: Report 2007/470, http://eprint.iacr.org/2007/470 `Christof Paar, Axel Poschmann, Matthew J.B. Robshaw`: **New Designs in Lightweight Symmetric Encryption**, Buchkapitel in: Springerbuch "RFID-Security: Techniques, Protocols and System-On-Chip Design" akzeptiert `Gabriel, Roland; Sowa, Sebastian; Wiedemann, Jochen (2008)`: **Improving information security compliance ? A process-oriented approach for managing organizational change**, in:Proceedings of the Multikonferenz Wirtschaftsinformatik 2008 (MKWI 2008), M?nchen, 2008, S. 247-248 `G?neysu, Tim; Kasper, Timo; Novotny, Martin; Paar, Christof; Rupp, Andy (2008)`: **Cryptanalysis with COPACOBANA**, angenommen f?r IEEE Transactions on Computers, Special Section on Special-Purpose Hardware for Cryptography and Cryptanalysis. `Maike Ritzenhofen, Alexander May (2008)`: **Solving Systems of Modular Equations in One Variable: How many RSA-encrypted messages does Eve need to know?"** Internationale Conference on Practice and Theory in Public Key Cryptography (PKC 2008), Lecture Notes in Computer Science,Springer-Verlag, 2008. Wird in einem Monat auf http://www.cits.rub.de/personen/may.html verlinkt. `Marko Wolf, Christof Paar (2008)`: **Security Requirements Engineering in the Automotive Domain: On Specification Procedures and Implementational Aspects**, in: SICHERHEIT 2008:Sicherheit ? Schutz und Zuverl?ssigkeit, 4. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft f?r Informatik e.V., Saarbr?cken, 2. ? 4. April 2008. (angenommener Artikel) `Asokan, Andr? Osterhues, Ahmad-Reza Sadeghi, Christian St?ble, Marko Wolf (2008)`: **"Securing Peer-to-peer Distributions for Mobile Devices"**, 4th Information Security Practice and Experience Conference (ISPEC 2008), Sydney, Australia, 21 - 23 April 2008. (angenommener Artikel) `Osterhues, Andre; Sadeghi, Ahmad-Reza; Wolf, Marko; Stueble, Christian; Asokan, N. (2008)`: **Securing Peer-to-peer Distributions for Mobile Devices**, angenommen f?r: The 4th Information Security Practice and Experience Conference (ISPEC 2008), 21-23 April 2008, Sydney, Australia. URL (SpringerLink): http://dx.doi.org/10.1007/978-3-540-79104-1_12 `Rhode, Sebastian; Eisenbarth, Thomas; Dahmen, Eric; Buchmann, Johannes; Paar, Christof (2008)`: **Efficient Hash-Based Signatures on Embedded Device**, in: SECSI 20008 `Roland Gabriel, Sebastian Sowa, Jochen Wiedemann (2008)`: **Improving information security compliance ? A process-oriented approach for managing organizational change**, in: Proceedings of the Multikonferenz Wirtschaftsinformatik 2008 (MKWI 2008), forthcoming. `Rolfes, Carsten; Poschmann, Axel; Leander, Gregor; Paar, Christoph (2008)`: **Security for 1000 Gate Equivalents**, in: SECSI 2008 `Scheibel, Michael; St?ble, Christian; Wolf, Marko (2008)`: **An Interoperable Security Architecture for Vehicular Software Protection**, in: International Workshop on Interoperable Vehicles (IOV 2008), ETH Zurich, Switzerland. March 26, 2008. http://www.crypto.rub.de/publications.html `Sebastian Gajek, Lijun Liao, Bodo M?ller, J?rg Schwenk`: **SSL-over-SOAP: Towards a Token-based Key Establishment Framework for Web Services**. 2nd ECOWS Workshop on Emerging Web Services Technology - WEWST 2007. Proceedings of the 5th IEEE European Conference on Web Services - ECOWS 2007. To appear. `Sebastian Gajek, Mark Manulis, Ahmad-Reza Sadeghi and J?rg Schwenk`: **Provably Secure Browser-Based User-Aware Mutual Authentication over TLS**, accepted for ASIACCS'08 `Sebastian Gajek and Ahmad-Reza Sadeghi (2008)`: **A Forensic Framework for Tracing Phishers International Federation for Information Processing**, to appear in LNCS 6102 `Sebastian Gajek, Lijun Liao, and J?rg Schwenk`: **Towards a Formal Semantic of XML Signature**, accepted for presentation at W3C Workshop Next Steps for XML Signature and XML Encryption, Mountain View (USA), 2007. `Shahab Mirzadeh, Frederik Armknecht, Jordi Jaen Pallares, Hossam Afifi, Rahim Tafazzoli`: **CPFP: An efficient key management scheme for large scale personal networks**. IEEE ISWPC 2008 (http://www.iswpc.org/2008/index.html) `Sowa, Sebastian; Tsinas, Lampros; Gabriel, Roland (2008)`: **BORIS ? Business ORiented management of Information Security**, angenommen f?r: WEIS 2008, Workshop on the Economics of Information Security, The Center for Digital Strategies / Tuck School of Business, Dartmouth College, Hanover, NH, June 25-28, 2008. `Sowa, Sebastian (Ed.) (2008)`: **ISEB XChange-Seminar WS 2007/08** ? Vortragsreihe des Instituts f?r Sicherheit im E-Business, in: Arbeitsbericht Nr. 28 des Instituts f?r Sicherheit im E-Business (ISEB), Ruhr-Universit?t Bochum, Bochum 2008 `Thomas Eisenbarth, Sandeep Kumar, Christof Paar,Axel Poschmannm, Leif Uhsadel`: **Survey of Lightweight Cryptography, erschienen im Journal: IEEE Design&Test ofComputers, Special Issue Design and test of ICs for secure embedded computing** http://www.crypto.rub.de/imperia/md/content/texte/publications/journals/lwc_survey_ieee_dtco2007.pdf `Tim G?neysu, Bodo M?ller, Christof Paar`: **Dynamic Intellectual Property Protection for Reconfigurable Devices**. Proceedings of the IEEE International Conference on Field-Programmable Technology 2007 - ICFPT'07. To appear. `Altmann, Kristina; Jager, Tibor; Rupp, Rupp, Andy (2008)`: **On Black-Box Ring Extraction and Integer Factorization**, in: 35th International Colloquium on Automata, Languages and Programming (ICALP) 2008. Vorl?ufige Version: http://eprint.iacr.org/2008/156 `Bogdanov, Andrey; Eisenbarth, Thomas; Rupp, Andy; Wolf, Christopher(2008)`: **Time-Area Optimized Public-Key Engines: MQ-Cryptosystems as Replacement for Elliptic Curves?**, 10th Workshop on Cryptographic Hardware and Embedded Systems 2008 (to appear). `Bogdanov, Andrey; Rupp, Andy; Ding, Jintai; Carter, Harold W. (2008)`: **Fast Multivariate Signature Generation in Hardware: The Case of Rainbow**, Sundar Balasubramanian, 19th IEEE International Conference Application-specific Systems, Architectures and Processors 2008 (to appear). `Gajek, Sebastian; Manulis, Mark, Schwenk, J?rg (2008)`: **Enforcing User-Aware Browser-Based Mutual Authentication with Strong Locked Same-Origin Policy**. Akzeptiert f?r 13th Australasian Conference on Information Security and Privacy (ACISP 2008). `Gendrullis, Timo; Novotny, Martin; Rupp, Andy (2008)`: **A Real-World Attack Breaking A5/1 within Hours** 10th Workshop on Cryptographic Hardware and Embedded Systems 2008 (to appear) Vorl?ufige Version: http://eprint.iacr.org/2008/147. `Jager, Tibor; J?kel, Heiko; Schwenk, J?rg (2008)`: **Nutzung von selbstsignierten Client-Zertifikaten zur Authentifikation bei SSL/TLS; Sicherheit 2008: Sicherheit, Schutz und Zuverl?ssigkeit**; in: Konferenzband der 4. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft f?r Informatik e.V. (GI), 2.-4. April 2008 im Saarbr?cker Schloss. GI-LNI 128 2008 ISBN 978-3-88579-222-2. `Manulis, Mark; Schwenk, J?rg (2008)`: **Security Model and Framework for Information Aggregation in Sensor Networks**. Akzeptiert f?r ACM Transactions on Sensor Networks, 2008. `M?ller, Bodo; Rupp, Andy (2008)`: **Faster Multi-Exponentiation through Caching: Accelerating (EC)DSA Signature Verification**, 6th Conference on Security and Cryptography for Networks 2008 (to appear), Vorl?ufige Version: http://eprint.iacr.org/2007/470. `Oppliger, Rolf; Schwenk, J?rg; Helbach, J?rg (2008)`: **Protecting Code Voting Against Vote Selling**; Sicherheit 2008: Sicherheit, Schutz und Zuverl?ssigkeit; in: Konferenzband der 4. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft f?r Informatik e.V. (GI), 2.-4. April 2008 im Saarbr?cker Schloss. GI-LNI 128 2008 ISBN 978-3-88579-222-2. `Szerwinski, Robert; G?neysu, Tim (2008)`: **Exploiting the Power of GPUs for Asymmetric Cryptography** In: E. Oswald and P. Rohatgi (Eds.): CHES 2008, LNCS 5154, pp. 79-99 top_ Information ============================ **Subscribe:** If you wish to subscribe to the HGI News by email, you can do so by sending an according email to: tellmann at crypto.ruhr-uni-bochum.de . **Unsubscribe:** If you wish to unsubscribe from the HGI News, please send an according email to: tellmann at crypto.ruhr-uni-bochum.de . **Download:** All HGI-Newsletters can be downloaded from: http://www.hgi.rub.de/hgi/newsletter/ **Editorial Section**: Dr. Christopher Wolf Email: hgi-office at rub.de **Executive Director**: Prof. Dr. J?rg Schwenk Email: Joerg.Schwenk at rub.de