[HGI-news-int] Newsletter 01e
English Newsletter of the Horst Gö rtz Institute of IT Security in Bochum
hgi-news-international at lists.ruhr-uni-bochum.de
Thu Jun 26 16:29:42 CEST 2008
**No 01e Thursday, 26 June 2008**
http://www.hgi.rub.de/hgi/newsletter/n01e
Horst Görtz Institute for IT-Security in Informationsystems
Ruhr-University Bochum, Germany
http://www.hgi.rub.de/
Content
=======
First English HGI Newsletter
http://www.hgi.rub.de/hgi/newsletter/n01e#first-english-hgi-newsletter
REMOTE KEYLESS entry system for cars and buildings hacked
http://www.hgi.rub.de/hgi/newsletter/n01e#remote-keyless-entry-system-for-cars-and-buildings-hacked
Conference "Future of Trust in Computing"
http://www.hgi.rub.de/hgi/newsletter/n01e#conference-future-of-trust-in-computing
CHES Workshop
http://www.hgi.rub.de/hgi/newsletter/n01e#ches-workshop
Workshop SWSOA
http://www.hgi.rub.de/hgi/newsletter/n01e#workshop-swsoa
6th escar - Embedded Security in Cars Conference
http://www.hgi.rub.de/hgi/newsletter/n01e#th-escar-embedded-security-in-cars-conference
EUROCRYPT 2009
http://www.hgi.rub.de/hgi/newsletter/n01e#eurocrypt-2009
SECSI - Secure Component and System Identification
http://www.hgi.rub.de/hgi/newsletter/n01e#secsi-secure-component-and-system-identification
TRUST 2008
http://www.hgi.rub.de/hgi/newsletter/n01e#trust-2008
Prof. Dr. Jörg Schwenk and the HGI organised the workshop on "E-Security
in the E-Government
http://www.hgi.rub.de/hgi/newsletter/n01e#prof-dr-j-rg-schwenk-and-the-hgi-organised-the-workshop-on-e-security-in-the-e-government
a-i3/BSI Symposium 2008: Security and Identity in Internet Portals
http://www.hgi.rub.de/hgi/newsletter/n01e#a-i3-bsi-symposium-2008-security-and-identity-in-internet-portals
CACE (Computer Aided Cryptography Engineering) started in January this year
http://www.hgi.rub.de/hgi/newsletter/n01e#cace-computer-aided-cryptography-engineering-started-in-january-this-year
Dr.-Ing. Marko Wolf achived "outstanding" (sehr gut) for his Ph.D.
http://www.hgi.rub.de/hgi/newsletter/n01e#dr-ing-marko-wolf-achived-outstanding-sehr-gut-for-his-ph-d
Prof. Dr. Alexander May is member of the Programm Committee of the SCC
http://www.hgi.rub.de/hgi/newsletter/n01e#prof-dr-alexander-may-is-member-of-the-programm-committee-of-the-scc
Timo Kasper member of the programme committee of the 4th RFID-Security
Workshop
http://www.hgi.rub.de/hgi/newsletter/n01e#timo-kasper-member-of-the-programme-committee-of-the-4th-rfid-security-workshop
Transfer Price for Prof. Dr.-Ing. Ahmad-Reza Sadeghi
http://www.hgi.rub.de/hgi/newsletter/n01e#transfer-price-for-prof-dr-ing-ahmad-reza-sadeghi
Stevens and Ruhr University sign MOU for IT security research
http://www.hgi.rub.de/hgi/newsletter/n01e#stevens-and-ruhr-university-sign-mou-for-it-security-research
Workshop "Sicherheit 2008" in Saarbrücken
http://www.hgi.rub.de/hgi/newsletter/n01e#workshop-sicherheit-2008-in-saarbr-cken
Guests
http://www.hgi.rub.de/hgi/newsletter/n01e#guests
HGI Seminar
http://www.hgi.rub.de/hgi/newsletter/n01e#hgi-seminar
Invited Talks
http://www.hgi.rub.de/hgi/newsletter/n01e#invited-talks
Information
http://www.hgi.rub.de/hgi/newsletter/n01e#information
PUBLICATIONS
http://www.hgi.rub.de/hgi/newsletter/n01e#publications
First English HGI Newsletter
============================
Having started June 2003 with our first _German_
[http://www.hgi.rub.de/hgi/newsletter/ newsletter], we received a lot of
encouragement and an ever growing number of readers since then. Hence we
have decided to take the idea of this newsletter a bit furher and to
compile a special *international version* of it. The first item is now
in your hand - or well, in your Inbox.
We have selected news from the past three newsletters, covering a period
from January 2008 onwards. The idea is to publish an English newsletter
every 2-4 month - depending on the number of news items we have.
We all here at the Horst Görtz Institute for IT-Security in Bochum,
Germany, do hope very much that you find the newsletter interesting and
helpful. If you have any comments - both positive or negative - please
drop us a line: hgi-office at rub.de
top_
REMOTE KEYLESS entry system for cars and buildings hacked
=========================================================
Prof. Paar and his Communication Security Group, as part of the Horst
Görtz Institute for IT Security presented a complete break of remote
keyless entry systems based on the KeeLoq RFID technology as part of
their research in embedded security. The shown vulnerability applies to
all known car and building access control systems that rely on the
KeeLoq cipher. The security hole allows illegitimate parties to access
buildings and cars after remote eavesdropping from a distance of up to
100 meters. The attack - which combines sidechannel cryptoanalysis with
specific properties of the KeeLoq algorithm - can be applied to all
known variants in which KeeLoq is used in real world systems.
Besides the frequent use of KeeLoq for garage door openers and other
building access applications, it is also known that several automotive
manufacturers like Toyota/Lexus base their anti-theft protection on
assumed secure devices featuring KeeLoq.
http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/projects/keeloq/keel/oq_en.pdf
Microsoft CardSpace defeated by HGI Students Xuan Chen and Christoph
Löhr, two outstanding IT-security students at Horst Görtz Institute for
IT Security (HGI), have implemented an attack against CardSpace and show
that an identity thief may filch the authentication token issued by
CardSpace.
This is a crucial security problem. CardSpace is supposed to replace
login-procedures Web-wide - at least if the plans of Microsoft and other
major players such as Google, Yahoo and VeriSign come true.
http://demo.nds.rub.de/cardspace/
top_
EVENTS TO COME:
===============
Conference "Future of Trust in Computing"
-----------------------------------------
This conference will take place on 1. - 2. July 2008 in Berlin and will
be supported by the HGI. "Future of Trust in Computing" aims at bringing
together researchers, regulators, technology developers, consumer
organizations, and users of new technologies to discuss issues
associated with preserving and enforcing users' trust in digital
economy. Trust is a complex notion combining technical and policy
issues, and this conference offers a venue to talk about trust in a
holistic way. The focus of the event is on the adoption and development
of Trusted Computing technologies, their future trends and technology
innovations, and privacy/policy issues addressed from legal,
technological and usability points of view. The conference takes place
at the Swissotel Berlin on the Kurfürstendamm and proposes an ambitious
program including talks on numerous areas of TC technology and policy,
panel discussions, and ample opportunities for networking.
Prof. Dr.-Ing. Ahmad-Reza Sadeghi (Chair for System Security) is member
of its Steering Committee and one of the Program Co-Chairs.
http://www.tc-conference.com/
top_
CHES Workshop
-------------
On 10 - 13 August this year the 10. CHES workshop will take place in
Washington, DC USA. This series was launched by Prof. Dr.-Ing.
Christof Paar who now is President of the CHES Steering Committee.
Another member of the HGI, Prof. Dr.-Ing. Ahmad-Reza Sadgehi and a
former member (Dr. Lemke-Rust) act as members of the Programme
Committee. The CHES workshop is THE platform for exchanging results and
scientific progress in all areas of cryptographic hardware and embedded
security systems. It bridges the gap between cryptographic research and
applied cryptography. Therefore participants from either science,
industry and other organisations are equally welcome. Already now, the
number of participants has reached 250.
http://www.chesworkshop.org
top_
Workshop SWSOA
--------------
This workshop will take place on 11. September 2008 in Munich. Its
target is to bring together researchers and industry practitioners that
are engaged in all kinds of security issues related to Web Services, Web
Service compositions and Service-Oriented Architectures in general. It
is intended to be a forum for presenting and exchanging new ideas,
discussing security problems with existing specifications and exploring
new fields in the area of enabling security, privacy and trust for Web
Services and Service-Oriented Architecture. It is part of the 38. Annual
Convention of the "Gesellschaft für Informatik". Prof.-Dr. Schwenk
(Chair for Network and Data Security) is member of its Program Committee
http://swsoa.comsys.informatik.uni-kiel.de/committee.html
top_
6th escar - Embedded Security in Cars Conference
------------------------------------------------
This conference will take place on 18. - 19. November 2008 in Hamburg.
escar has established itself as the premier forum for information,
discussion and exchange of ideas in this innovative field of security in
cars. Information technology is the driving force behind innovations in
the automotive industry. One crucial aspect of future IT applications in
cars is the IT security of embedded applications. Embedded security will
be an enabling technology for the majority of car IT sytems such as
telematics, infotainment, secure software download, and ad hoc networks.
escar is the premier international conference which provides a forum for
a systematic treatment of this emerging field. Prof. Dr.-Ing.
Christof Paar (Chair for Embedded Security) will be one of the Program
Chairs.
http://www.escar.info/
top_
EUROCRYPT 2009
--------------
The HGI has been invited by the IARC to run and organise the Eurocrypt
2009. It is the largest crypto conference in the world. General Chair is
Prof. Dr. Alexander May, Co-Chairs are Prof. Dr. Roberto Avanzi, Prof.
Dr.-Ing. Christof Paar, Prof. Dr. - Ing. Ahmad-Reza Sadgehi, Prof. Dr.
Jörg Schwenk und Dr. Christopher Wolf. The conference will take place in
Cologne from April 26-30, 2009 at the Maritim Hotel.
http://www.iacr.org/conferences/eurocrypt2009/index.html
top_
Further News
============
SECSI - Secure Component and System Identification
--------------------------------------------------
From 17. to 18. March 2008 the Workshop "Secure Component and System
Identification (SECSI)" organized by the Horst Görtz Institut took
place in Berlin. The secure identification of devices - a seemingly
specific problem - is a major concern for a large number of
applications. Counterfeiting of all kinds of products (ranging from
textiles over pharmaceuticals to bank notes) and parts (from rinter
cartridges over ICs to spare parts for heavy machinery) are areas with
urgent need for strong and secure device identification.
RFID systems are a second application domain. Finally, secure
identification is important for access control.
The goal of the workshop was to bring together researchers and
practitioners in this emerging area. The main focus was on technical
solutions for the problem of device identification. Thus, researchers
from academia and industry as well as people from the application areas
of device identification have contributed to SECSI workshop.
http://www.secsi-workshop.org
top_
TRUST 2008
----------
Prof. Sadeghi was scientific chair of the conference TRUST 2008, that
was held from 11th-13th March in Villach, Austria
(http://www.trust2008.eu/). The conference aimed at bringing together
scientists from all over the world, who work in the field of Trusted
Computing. It is the first time that TRUST was held. More than 140
scientist participated in this event.
While chairing TRUST 2008, Prof. Sadeghi, Chair of System Security at
the Ruhr-University Bochum, at the same time organized an introductory
session into this area. Topis as "Trusted Channels", "Trusted Virtual
Domains", "Runtime Monitoring" and methods were discussed with
international research partners such as e.g. IBM Research Zürich, HPLabs
Bristol and the Politechnikum of Turin. The focus was on promoting
research and publishing papers.
More Infos: http://www.trust2008.eu
top_
Prof. Dr. Jörg Schwenk and the HGI organised the workshop on "E-Security
in the E-Government
--------------------------------------------------------------------------------------------
On 31 March 2008 the Horst Görtz Institute together with the
"Physikalisch-Technische Bundesanstalt" organised a one-day workshop on
"E-Security in the E-Government" in Bochum. Current topics in the area
of electronic administration such as e.g. "Bürgerportale", electronic
identity card or legal long-term storage of electronic data have been
discussed. The workshop was mainly for practising experts working in
public services.
www.hgi.rub.de/egov/
top_
a-i3/BSI Symposium 2008: Security and Identity in Internet Portals
------------------------------------------------------------------
Around 140 participated on April 22/23 at the 3rd interdisciplinary
Symposium of the working group identity protection in the Internet
(a-i3) and the German Fedederal Office for Information Security (BSI).
Main organizers were the HGI members Prof. Dr. Georg Borges and Prof.
Dr. Jörg Schwenk. Main topic were both technial and legal aspects of
Internet portals and current developments in Germany regarding the
federal eMail concept D-Mail, payment in the European Payment Area SEPA
and current developments in identity theft.
https://www.a-i3.org/content/view/948/234/
top_
CACE (Computer Aided Cryptography Engineering) started in January this year
---------------------------------------------------------------------------
CACE is co-financed by the European Commission under EU Framework
Programme 7. The project is running for 3 years from January 2008 until
December 2010. The consortium of the project consists of twelve European
partners from nine countries, among which is the Horst Görtz Institute.
The central objective is the development of a toolbox that supports the
production of high quality cryptographic software. The department of
System Security aims at providing crypto engineers and practicioners
with Zero-Knowledge Proofs (ZKPOK) .
www.trust.rub.de/home/current-projects/cace/
top_
Dr.-Ing. Marko Wolf achived "outstanding" (sehr gut) for his Ph.D.
------------------------------------------------------------------
Dr.-Ing. Marko Wolf completed his Ph.D. entitled "Security Engineering
for Vehicular IT Systems, Improving Trustworthiness and Dependability of
Automotive IT Applications" on April 4, 2008 with "outstanding" (sehr gut).
The thesis was written under supervision of Prof. Dr. Christof Paar,
second advisor was Prof. Dr. Wilhem Schäfer (University Paderborn).
top_
Prof. Dr. Alexander May is member of the Programm Committee of the SCC
----------------------------------------------------------------------
Prof. May was member of the Programm Committee of the first
international conference on "Symbolic Computation and Cryptography", the
SCC 2008, which will took place on 28. - 30. April in Beijing. The SCC
2008 is the first such conference in series, where research and
developments in the area of symbolic computation and cryptography were
presented and discussed.
http://www.cc4cm.org/scc2008/
top_
Timo Kasper member of the programme committee of the 4th RFID-Security
Workshop
-------------------------------------------------------------------------------
From July 9-11, 2008, the forth Workshop on RFID-Security will take
place in Budapest. This year, the workshop will concentrate on solutions
for security and data protection in advanced contactless technologies
like RFID.
Timo Kasper from the chair of Embedded Security is member of the
programme committee. In addition, his college Thomas Eisenbarth will
give an invited talk entitled "Open Sesame! How Secure are RFID Access
Controll Systems?"
http://events.iaik.tugraz.at/RFIDSec08/
top_
Transfer Price for Prof. Dr.-Ing. Ahmad-Reza Sadeghi
----------------------------------------------------
The winners of last year's innovation and transfer prize have been Prof.
Sadeghi (Chair for System Security) together with Ammar Alkassar and
Christian Stübl, both from Sirrix Security Technologies AG, as well as
Prof. Dr. Dr. med. Hanns Hatt (Chair of Cell Physiology, RUB). The price
is a donnation of the "Gesellschaft der Freunde der RUB" and the rubitec
GmbH. With this prize the Ruhr-University Bochum honours the successful
implementation of Know How of the University into marketable products
and policies.
top_
Stevens and Ruhr University sign MOU for IT security research
-------------------------------------------------------------
On 13 December last year Prof. Dr.-Ing. Christof Paar chaired the
"US-German Round Table on IT Security" at the University Club in New
York City. Prof. Dr. Pinkwart, Minister for Innovation, Science,
Research and Technology was among the guests, as well as further members
of the ministry and 15 top class American scientists. Bochum turned out
to be the top location for IT Security in Germany, which was highlighted
by the short presence of Prof. Dr. Elmar Weiler, Rector of Ruhr University.
Prof. Susanne Wetzel from the Stevens Institute of Technology and Prof.
Paar took this occasion to initialize a "Memorandum of Understanding"
for a partnership between their institutes, to promote the exchange of
undergraduate and graduate students.
top_
Workshop "Sicherheit 2008" in Saarbrücken
-----------------------------------------
On 2 - 4 April 2008 the Conference "Sicherheit 2008" took place in
Saarbrücken where experts from science and industry have been discussing
current topics on IT security. The conference offered the possibility to
present scientific results as well as industrial innovations within an
intense and scientifically based exchange of knowledge between all the
participants. One of the session chairs was Dr. Frederik Armknecht, Dr.
Christopher Wolf was member of the programme committee.
http://www.sicherheit2008.de
top_
Guests
======
| http://www.hgi.rub.de/deutsch/newsletter/HGI-Newsletter27.htm#10
| `Martin Novotny` (Januar - März 2008)
| Czech Technical University, Prag / Tschechische Republik
| Lehrstuhl EMSEC, http://www.emsec.rub.de/team.html
|
| `Amir Moradi` (Januar - März 2008)
| Sharif University of Technology, Teheran / Iran
| Lehrstuhl EMSEC, http://www.emsec.rub.de/team.html
|
| `Miguel Morales Sandoval` (Januar 2008)
| Instituto Nacional de Astrofisica, Puebla, Pue / Mexico
| Lehrstuhl EMSEC, http://www.emsec.rub.de/team.html
|
| `Saar Drimer` (Januar 2008)
| The University of Cambridge, Cambridge / UK
| Lehrstuhl EMSEC, http://www.emsec.rub.de/team.html
|
| `Ivan Visconti` (Februar 2008)
| Università degli Studi di Salerno (UNISA), Salerno/ Italien
| Lehrstuhl TRUST, http://www.trust.rub.de/staff
|
| `Seyyd Hasan Mir Jalili` (März 2008)
| EPFL, Lausanne / Schweiz
| Lehrstuhl EMSEC, http://www.emsec.rub.de/team.html
| top_
|
HGI Seminar
===========
| `22 Oct 2007 Daniel Bailey / RSA Laboratories`
| **WARP: Wireless Authenticator Research Project**
| http://www.hgi.rub.de/deutsch/lehrangebot/seminar/ws200708.html#a01
|
|
| `25 Oct 2007 Prof. Dr. Daniel J. Bilar / Wellesley College,
Massachusetts (USA)`
| **Flying below the Radar: Practical and Theoretical Malware Challenges**
| http://www.hgi.rub.de/deutsch/lehrangebot/seminar/ws200708.html#a02
|
| `8 Nov 2007 Lijun Liao / Ruhr-University Bochum`
| **Signieren mit Chipkartensystemen in unsicheren Umgebungen**
| http://www.hgi.rub.de/deutsch/lehrangebot/seminar/ws200708.html#a02
|
| `15 Nov 07 Dr. Guido Blady / Ruhr-University Bochum`
| **Punktezählalgorithmen für den Hecke-Operator und Anwendungen auf
Modulkurven von Geschlecht 4**
| http://www.hgi.rub.de/deutsch/lehrangebot/seminar/ws200708.html#a04|
|
| `22 Nov 07 Dr. Shujun Li / FernUniversität Hagen`
| **Multimedia Encryption: Problems, Incompatibilities, and New
Perspectives**
| http://www.hgi.rub.de/deutsch/lehrangebot/seminar/ws200708.html#a05
|
| `29 Nov 07 Patrick Stewin / Ruhr-University Bochum`
| **Beyound Secure Channels**
| http://www.hgi.rub.de/deutsch/lehrangebot/seminar/ws200708.html#a06
|
| `06 Dec 07 Amir Moradi / Sharif University of Technology, Teheran`
| **DPA-Resistant Logic Styles and Power Efficiency**
| http://www.hgi.rub.de/deutsch/lehrangebot/seminar/ws200708.html#a07
|
| `13 Dec 07 Dr. Frederik Armknecht / Ruhr-Universitz Bochum`
| **Algebraic Attacks on Stream Ciphers**
| http://www.hgi.rub.de/deutsch/lehrangebot/seminar/ws200708.html#a08
|
| `10 Jan 08 Maike Ritzenhofen / Ruhr-University Bochum`
| **Solving systems of modular equations in one variable**
| http://www.hgi.rub.de/deutsch/lehrangebot/seminar/ws200708.html#a09
|
| `17 Jan 08 Alberto Escalante / Ruhr-University Bochum`
| **A Privacy-Protecting Multi-Coupon Scheme with Stronger Protection
against Splitting**
| http://www.hgi.rub.de/deutsch/lehrangebot/seminar/ws200708.html#a10
|
| `31 Jan 2008 Matthias Niesing / secunet Security Networks AG`
| **EAC-PKI für elektronische Reisedokumente**
| http://www.hgi.rub.de/deutsch/lehrangebot/seminar/ws200708.html#a12
|
| `7 Feb 2008 Thomas Schneider / University of Erlangen-Nürnberg`
| **A Practical Universal Circuit Construction and Secure Evaluation of
Private Functions**
| http://www.hgi.rub.de/deutsch/lehrangebot/seminar/ws200708.html#a13
|
| `21 Febr 2008 Ivan Visconti / Universita degli Studi di Salerno
(Italien)`
| **Co-Sound YK Proofs with Public Keys**
| http://www.hgi.rub.de/deutsch/lehrangebot/seminar/ws200708.html#a14
|
| `6 March 2008 Benedikt Höfer / Ludwig-Maximilians-University München`
| **Paarungen und ihre ambivalente Rolle in der Kryptographie**
| http://www.hgi.rub.de/deutsch/lehrangebot/seminar/ws200708.html#a15
|
| `13 March 2008 Dr. Francois-Xavier Standaert / Université Catolique de
Louvain, Belgium`
| **A Unified Framework for the Analysis of Side-Channel Key Recovery
Attacks**
| http://www.hgi.rub.de/deutsch/lehrangebot/seminar/ws200708.html#a16
|
| `20 March 2008 Karsten Nohl / University of Virginia, USA`
| **From Silicon to C: Reverse-Engineering Cryptographic Hardware**
| http://www.hgi.rub.de/deutsch/lehrangebot/seminar/ws200708.html#a17
|
| `3 April 2008 Christoph Bösch / Ruhr-University Bochum`
| **Efficient Fuzzy Extractors for Reconfigurable Hardware**
| http://www.hgi.rub.de/deutsch/lehrangebot/seminar/ws200708.html#a18
|
| `10 April 2008 Jesse Walker / Intel Corporation (USA)`
| **Distributed Trust in Community Networks**
| http://www.hgi.rub.de/hgi/hgi-seminar/aktuelles/#a02
|
| `11 April 2008 Giovanni di Crescenzo / Telcordia Technologies, (NJ, USA)`
| **Perfectly Secure Password Protocols in the Bounded Retrieval Model**
| http://www.hgi.rub.de/hgi/hgi-seminar/aktuelles/#a03
|
| `17 April 2008 Tibor Jager / Ruhr-University Bochum`
| **On Black-Box Ring Extraction and Integer Factorization**
| http://www.hgi.rub.de/hgi/hgi-seminar/aktuelles/#a04
|
| `24 April 2008 Martin Novotny and Andy Rupp / Ruhr-University Bochum`
| **Realtime A5/1 Attacks with Precomputed Tables**
| http://www.hgi.rub.de/hgi/hgi-seminar/aktuelles/#a05
|
| `8 Mai 2008 Sandra Steinbrecher / TU Dresden`
| **Mehrseitige Sicherheit in Reputationssystemen**
| http://www.hgi.rub.de/hgi/hgi-seminar/aktuelles/#a06
|
| `15 May 2008 Steffen Schulz / Ruhr-University Bochum`
| **Bleichenbacher-Angriff auf SSL mit RSA-PKCS#1**
| http://www.hgi.rub.de/hgi/hgi-seminar/aktuelles/#a07
|
| `21 May 2008 A. Moradi, Thomas Eisenbarth und T. Kasper /
Ruhr-University Bochum`
| **On the Power of Power Analysis in the Real World: A Complete Break
of the KeeLoq Code Hopping Scheme**
| http://www.hgi.rub.de/hgi/hgi-seminar/aktuelles/#a08
|
| `30 May 2008 Eike Kiltz / CWI (The Netherlands)`
| **Programmable Hash Funktions and Their Applications**
| http://www.hgi.rub.de/hgi/hgi-seminar/aktuelles/#a09
|
| `5 June 2008 Ralf Benzmüller / G DATA, Bochum`
| **Schadcode im Internet**
| http://www.hgi.rub.de/hgi/hgi-seminar/aktuelles/#a10
|
| `12 June 2008 Kerstin Lemke-Rust / Ruhr-University Bochum`
| **Multivariate Seitenkanalanalysen**
| http://www.hgi.rub.de/hgi/hgi-seminar/aktuelles/#a11
| top_
|
Invited Talks:
==============
During the meeting "RFID Security: Theory and Practice", March 26-29,
2008, `Prof. Dr.-Ing. Christof Paar` gave the following talk **"The
Constructive and Destructive Side of Modern Cryptography for RFID
Security**".
On February 21, 2008 `Prof. Dr.-Ing. Christof Paar` gave the following
talk: **"Security Applications in Cars" during the workshop on Secure
Vehicular Communications: Results and Challenges Ahead"** in Lausanne,
Switzerland.
During the meeting "RFID CUSP Worshop" at the John Hopkins University,
USA, `Prof. Dr.-Ing. Christof Paar` gave the following talk:
**"New Directions in Lightweight Cryptographic Primitives for RFID
Applications"**.
During the Workshop on "Secure Component and System Identification" held
on March 17-18,2008 in Berlin `Prof. Dr. Ahmad Sadeghi` gave a talk
about the security on e-Passports with the following title:
**"Identification Protocols Revisited - Episode I: E-Passports"** based
on a joint work with C. Blundo, G. Persiano, and Ivan Visconti.
(http://www.secsi-workshop.org/)
During "Software & Systems Quality Conference 2008", April 15-18 2008,
`Prof. Dr.-Ing. Christof Paar` gave the following Keynote-Talk **"The
Next 10 Years of IT Security:
iPhone, Xbox and BMWs"**.
During "ECRYPT: Challenges and Perspectives for Academia and Industry"
in Antwerpen, May 29, 2008;
`Prof. Dr.-Ing. Christof Paar` gave the presentation: **"Constructive
and Destructive Aspects of Embedded Security for Current and Future Cars"**.
On May 5th, 2008 `Prof. Dr. Jörg Schwenk` gave during the IBM TEC
Meeting in Stuttgart a presentation regarding **„HGI - mit Sicherheit
vorne dabei“ (translation: "HGI - front runner of IT Security")**.
During the "Workshop RFID Security: Theory and Practice" in Leiden
(Lorentz Center), March 26-29, 2008, `Prof. Dr. Christof Paar` gave the
presentation **"The Constructive and Destructive Side of Modern
Cryptography for RFID Security"**.
During the annual meeting of the German society on Dataprotection and
Data Security (DuD 2008 - Datenschutz und Datensicherheit), `Prof. Dr.
Ing. Christof Paar` gave on June 10, 2008, the presentation
**"Schwachstellen bei Funktüröffnern und Verschlüsselung mit 1000 Gattern"
(translation: "Weaknesses at remote door openers and encryption with
1000 gates")**.
At the 7th XML-Signature Workshop in Hagenberg, Austria, May 19+20,
2008, `Lijun Liao` has presented **"Semanik für XML-Signatur"
(translation: "Semantic for XML-Signature") and "Sichere Webmail mit
WS-Trust" (translation: "Secure Web-Mail with WS-Trust")**.
During the D.A.CH Security 2008 on June 25, 2008, `Dr. Christoph
Wegener` and `Dirk Birk` presented **Web Exploit Toolkits im Vergleich -
Moderne Infektionsroutinen (translation: "Comparison between Web Exploit
Toolkits - Modern Infection Routines")**.
http://www.syssec.at/dach08_programm/#t2s1b:
top_
|
PUBLICATIONS:
-------------
`F. Armknecht, J. Furukawa, K. Kurosawa`:
**A Universally Composable Group Key Exchange Protocol with Minimum
Communication Effort**
SCN 2008
`Andrey Bogdanov`:
**Multiple-Differential Side-Channel Collision Attacks on AES**
Workshop on Cryptographic Hardware and Embedded Systems (CHES 2008),
LNCS, Springer-Verlag, 2008.
`Nicolas T. Courtois, Gregory V. Bard, Andrey Bogdanov:
**Periodic Ciphers, Ciphers with Small Blocks and Cryptanalysis of KeeLoq**
Tatra Mountains Mathematical Publications, to appear in 2008.
`Andrey Bogdanov, Gregor Leander, Christof Paar, Axel Poschmann, M.J.B.
Robshaw, Yannick Seurin. Hash Functions and RFID Tags : Mind The Gap`
**Workshop on Cryptographic Hardware and Embedded Systems (CHES 2008)**
LNCS, Springer-Verlag, 2008.
`Andy Rupp, Gregor Leander, Endre Bangerter, Ahmad-Reza Sadeghi,
Alexander W. Dent`:
**Sufficient Conditions for Computational Intractability Regarding
Generic Algorithms**
Cryptology ePrint Archive: Report 2007/360, http://eprint.iacr.org/2007/360
`Armknecht, Frederik; Escalante, Alberto; Loehr, Hans; Manulis, Mark;
Sadeghi, Ahmad-Reza (2008)`:
**Secure Multi-Coupons for Federated Environments: Privacy-Preserving
and Customer-Friendly**, angenommen für:
The 4th Information Security Practice and Experience Conference (ISPEC
2008), 21-23 April 2008, Sydney, Australia.
URL (SpringerLink): http://dx.doi.org/10.1007/978-3-540-79104-1_3
`Balasubramanin, Sundar; Bogdanov, Andrey; Rupp, Andy; Ding, Jintai;
Carter, Harold W. (2008)`:
**Fast Multivariate Signature Generation in Hardware. The Case of
Rainbow** (Poster), angenommen für IEEE Symposium on Field-Programmable
Custom Computing Machines, April 2008
`Benedikt Driessen, Axel Poschmann, Christof Paar`:
**Comparison of Innovative Signature Algorithms for WSNs**, angenommen
auf: der ACM Konferenz WiSec 2008, 31.03.2008 - 02.04.2008 in
Alexandria, Virginia, USA
http://www.crypto.rub.de/imperia/md/content/texte/publications/conferences/s
ignatures_wisec2008.pdf
`Bodo Möller, Andy Rupp`:
**Faster Multi-Exponentiation through Caching: Accelerating (EC)DSA
Signature Verification Cryptology ePrint Archive**: Report 2007/470,
http://eprint.iacr.org/2007/470
`Christof Paar, Axel Poschmann, Matthew J.B. Robshaw`:
**New Designs in Lightweight Symmetric Encryption**, Buchkapitel in:
Springerbuch "RFID-Security: Techniques, Protocols and System-On-Chip
Design" akzeptiert
`Gabriel, Roland; Sowa, Sebastian; Wiedemann, Jochen (2008)`:
**Improving information security compliance – A process-oriented
approach for managing organizational change**, in:Proceedings of the
Multikonferenz
Wirtschaftsinformatik 2008 (MKWI 2008), München, 2008, S. 247-248
`Güneysu, Tim; Kasper, Timo; Novotny, Martin; Paar, Christof; Rupp, Andy
(2008)`:
**Cryptanalysis with COPACOBANA**, angenommen für IEEE Transactions on
Computers, Special Section on Special-Purpose Hardware for Cryptography
and Cryptanalysis.
`Maike Ritzenhofen, Alexander May (2008)`:
**Solving Systems of Modular Equations in One Variable: How many
RSA-encrypted messages does Eve need to know?"** Internationale
Conference on Practice and Theory in Public Key Cryptography (PKC 2008),
Lecture Notes in Computer Science,Springer-Verlag, 2008.
Wird in einem Monat auf http://www.cits.rub.de/personen/may.html verlinkt.
`Marko Wolf, Christof Paar (2008)`:
**Security Requirements Engineering in the Automotive Domain: On
Specification Procedures and Implementational Aspects**, in: SICHERHEIT
2008:Sicherheit – Schutz und Zuverlässigkeit, 4. Jahrestagung des
Fachbereichs Sicherheit der Gesellschaft für Informatik e.V.,
Saarbrücken, 2. – 4. April 2008. (angenommener Artikel)
`Asokan, André Osterhues, Ahmad-Reza Sadeghi, Christian Stüble, Marko
Wolf (2008)`:
**"Securing Peer-to-peer Distributions for Mobile Devices"**, 4th
Information Security Practice and Experience Conference (ISPEC 2008),
Sydney, Australia, 21 - 23 April 2008. (angenommener Artikel)
`Osterhues, Andre; Sadeghi, Ahmad-Reza; Wolf, Marko; Stueble, Christian;
Asokan, N. (2008)`:
**Securing Peer-to-peer Distributions for Mobile Devices**, angenommen für:
The 4th Information Security Practice and Experience Conference (ISPEC
2008), 21-23 April 2008, Sydney, Australia.
URL (SpringerLink): http://dx.doi.org/10.1007/978-3-540-79104-1_12
`Rhode, Sebastian; Eisenbarth, Thomas; Dahmen, Eric; Buchmann, Johannes;
Paar, Christof (2008)`:
**Efficient Hash-Based Signatures on Embedded Device**, in: SECSI 20008
`Roland Gabriel, Sebastian Sowa, Jochen Wiedemann (2008)`:
**Improving information security compliance – A process-oriented
approach for managing organizational change**, in:
Proceedings of the Multikonferenz Wirtschaftsinformatik 2008 (MKWI
2008), forthcoming.
`Rolfes, Carsten; Poschmann, Axel; Leander, Gregor; Paar, Christoph
(2008)`:
**Security for 1000 Gate Equivalents**, in: SECSI 2008
`Scheibel, Michael; Stüble, Christian; Wolf, Marko (2008)`:
**An Interoperable Security Architecture for Vehicular Software
Protection**, in: International Workshop on Interoperable Vehicles (IOV
2008), ETH Zurich, Switzerland. March 26, 2008.
http://www.crypto.rub.de/publications.html
`Sebastian Gajek, Lijun Liao, Bodo Möller, Jörg Schwenk`:
**SSL-over-SOAP: Towards a Token-based Key Establishment Framework for
Web Services**.
2nd ECOWS Workshop on Emerging Web Services Technology - WEWST 2007.
Proceedings of the 5th IEEE European Conference on Web Services - ECOWS
2007. To appear.
`Sebastian Gajek, Mark Manulis, Ahmad-Reza Sadeghi and Jörg Schwenk`:
**Provably Secure Browser-Based User-Aware Mutual Authentication over
TLS**, accepted for ASIACCS'08
`Sebastian Gajek and Ahmad-Reza Sadeghi (2008)`:
**A Forensic Framework for Tracing Phishers International Federation for
Information Processing**, to appear in LNCS 6102
`Sebastian Gajek, Lijun Liao, and Jörg Schwenk`:
**Towards a Formal Semantic of XML Signature**, accepted for
presentation at W3C Workshop Next Steps for XML Signature and XML
Encryption, Mountain View (USA), 2007.
`Shahab Mirzadeh, Frederik Armknecht, Jordi Jaen Pallares, Hossam Afifi,
Rahim Tafazzoli`:
**CPFP: An efficient key management scheme for large scale personal
networks**.
IEEE ISWPC 2008 (http://www.iswpc.org/2008/index.html)
`Sowa, Sebastian; Tsinas, Lampros; Gabriel, Roland (2008)`:
**BORIS – Business ORiented management of Information Security**,
angenommen für: WEIS 2008, Workshop on the Economics of Information
Security, The Center for Digital Strategies / Tuck School of Business,
Dartmouth College, Hanover, NH, June 25-28, 2008.
`Sowa, Sebastian (Ed.) (2008)`:
**ISEB XChange-Seminar WS 2007/08** – Vortragsreihe des Instituts für
Sicherheit im E-Business, in: Arbeitsbericht Nr. 28 des Instituts für
Sicherheit im E-Business (ISEB), Ruhr-Universität Bochum, Bochum 2008
`Thomas Eisenbarth, Sandeep Kumar, Christof Paar,Axel Poschmannm, Leif
Uhsadel`:
**Survey of Lightweight Cryptography, erschienen im Journal: IEEE
Design&Test ofComputers, Special Issue Design and test of ICs for secure
embedded computing**
http://www.crypto.rub.de/imperia/md/content/texte/publications/journals/lwc_survey_ieee_dtco2007.pdf
`Tim Güneysu, Bodo Möller, Christof Paar`:
**Dynamic Intellectual Property Protection for Reconfigurable Devices**.
Proceedings of the IEEE International Conference on Field-Programmable
Technology 2007 - ICFPT'07.
To appear.
`Altmann, Kristina; Jager, Tibor; Rupp, Rupp, Andy (2008)`:
**On Black-Box Ring Extraction and Integer Factorization**, in:
35th International Colloquium on Automata, Languages and Programming
(ICALP) 2008.
Vorläufige Version: http://eprint.iacr.org/2008/156
`Bogdanov, Andrey; Eisenbarth, Thomas; Rupp, Andy; Wolf,
Christopher(2008)`:
**Time-Area Optimized Public-Key Engines: MQ-Cryptosystems as
Replacement for Elliptic Curves?**, 10th Workshop on Cryptographic
Hardware and Embedded Systems 2008 (to appear).
`Bogdanov, Andrey; Rupp, Andy; Ding, Jintai; Carter, Harold W. (2008)`:
**Fast Multivariate Signature Generation in Hardware: The Case of
Rainbow**, Sundar Balasubramanian, 19th IEEE International Conference
Application-specific Systems, Architectures and Processors 2008 (to
appear).
`Gajek, Sebastian; Manulis, Mark, Schwenk, Jörg (2008)`:
**Enforcing User-Aware Browser-Based Mutual Authentication with Strong
Locked Same-Origin Policy**. Akzeptiert für 13th Australasian Conference
on Information Security and Privacy (ACISP 2008).
`Gendrullis, Timo; Novotny, Martin; Rupp, Andy (2008)`:
**A Real-World Attack Breaking A5/1 within Hours**
10th Workshop on Cryptographic Hardware and Embedded Systems 2008 (to
appear)
Vorläufige Version: http://eprint.iacr.org/2008/147.
`Jager, Tibor; Jäkel, Heiko; Schwenk, Jörg (2008)`:
**Nutzung von selbstsignierten Client-Zertifikaten zur Authentifikation
bei SSL/TLS; Sicherheit 2008: Sicherheit, Schutz und Zuverlässigkeit**;
in: Konferenzband der 4. Jahrestagung des Fachbereichs Sicherheit der
Gesellschaft für Informatik e.V. (GI), 2.-4.
April 2008 im Saarbrücker Schloss.
GI-LNI 128 2008 ISBN 978-3-88579-222-2.
`Manulis, Mark; Schwenk, Jörg (2008)`:
**Security Model and Framework for Information Aggregation in Sensor
Networks**. Akzeptiert für ACM Transactions on Sensor Networks, 2008.
`Möller, Bodo; Rupp, Andy (2008)`:
**Faster Multi-Exponentiation through Caching: Accelerating (EC)DSA
Signature Verification**, 6th Conference on Security and Cryptography
for Networks 2008 (to appear),
Vorläufige Version: http://eprint.iacr.org/2007/470.
`Oppliger, Rolf; Schwenk, Jörg; Helbach, Jörg (2008)`:
**Protecting Code Voting Against Vote Selling**; Sicherheit 2008:
Sicherheit, Schutz und Zuverlässigkeit; in: Konferenzband der 4.
Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik
e.V. (GI), 2.-4. April 2008 im Saarbrücker Schloss.
GI-LNI 128 2008 ISBN 978-3-88579-222-2.
`Szerwinski, Robert; Güneysu, Tim (2008)`:
**Exploiting the Power of GPUs for Asymmetric Cryptography**
In: E. Oswald and P. Rohatgi (Eds.): CHES 2008, LNCS 5154, pp. 79-99
top_
Information
============================
**Subscribe:**
If you wish to subscribe to the HGI News by email, you can do so by
sending an according email to: tellmann at crypto.ruhr-uni-bochum.de .
**Unsubscribe:**
If you wish to unsubscribe from the HGI News, please send an according
email to: tellmann at crypto.ruhr-uni-bochum.de .
**Download:**
All HGI-Newsletters can be downloaded from:
http://www.hgi.rub.de/hgi/newsletter/
**Editorial Section**:
Dr. Christopher Wolf
Email: hgi-office at rub.de
**Executive Director**:
Prof. Dr. Jörg Schwenk
Email: Joerg.Schwenk at rub.de
More information about the HGI-News-International
mailing list