[HGI-news-int] HGI-Newsletter #02 (EN)

Mon Nov 16 19:40:49 CET 2009

HGI-Newsletter
http://www.hgi.rub.de/hgi/newsletter/

No 02e - Monday, 16th of November 2009
Horst Görtz Institute for IT Security
Ruhr-University Bochum
http://www.hgi.rub.de/

Content
=======
* HGI Papers accepted for Flagship-Conferences
* Dr Horst Görtz awarded with Federal Cross of Merit
* Workshop on Factoring Large Numbers
* HGI one of the organizers of the 7th escar conference
* Prof. Schwenk awarded with Inventor’s Prize of the Ruhr-Universität
Bochum
* Program Committees
* Organizing Committees
* Talks
* Guests
* HGI Colloquium
* Publications

http://www.hgi.rub.de/hgi/newsletter/

HGI Papers accepted for Flagship-Conferences
============================================
This year exceptionally many papers by HGI have been accepted for
various important conferences. Among those, four papers have been
accepted for Asiacrypt, which is one of the three flagship conferences
of IACR (acceptance rate ca. 14%). Two have been accepted for ESORICS,
which is the most important European security conference (acceptance
rate ca. 18%) and two papers have been accepted for CHES, the leading
workshop on cryptology in embedded devices and one of the four IACR
workshops (acceptance rate 19,6%). Another one has been accepted for
ACSAC (acceptance rate 19,6%).
top_

Dr. Horst Görtz awarded with Federal Cross of Merit
===================================================
On Monday 24 August Horst Görtz has been awarded the Federal Cross of
Merit first class by Andreas Pinkwart, the Minister of Innovation of
North Rhine-Westphalia, in appreciation of his outstanding
entrepreneurial initiative and his extraordinary private support of IT
security. Already since the 1980ies Dr. Görtz, after whom our institute
is named, has been notably involved in IT security. Among some of his
greatest merits are the developing and funding of our Horst Görtz
Institute. With the foundation of the Horst Görtz Fund in 1996 it is no
longer only science and technology of IT security that he supports but
also the treatment of comatose patients and children who suffer from
cancer. Owing to his constant support of our HGI during the last 10
years Bochum has become a renowned location for research in the field of
IT security. Yet in 1996, Dr. Görtz, the founder of Ultimaco Software
GmbH, was awarded the Golden Award Software for Europe.

Workshop on Factoring Large Numbers
===================================
On 11 and 12 September 2009 a workshop on current topics in the context
of factoring large numbers has been held at the Ruhr-University Bochum.
The workshop was organized by the Chair in Cryptology and IT-Security
and supported by the Federal Office for Information Security (BSI).
Invited speakers included: D.J. Bernstein, Willi Geiselmann, Antoine
Joux, Tanja Lange and Claus-Peter Schnorr. Further information on the
workshop is available at the following website:
http://www.cits.rub.de/itsc/conferences/factoring_workshop.html

HGI one of the organizers of the 7th escar conference
=====================================================
0n November 24 and 25 this year the 7th escar conference on Embedded
Security in Cars will be organized by HGI and its eurobits partners
escrypt and ISITS. The conference will take place in the conference
centre at the Düsseldorf International Airport. escar is the leading
international workshop in the area of automotive data security, where
all relevant aspects related to this topic can be discussed. Specialists
from all over the world covering topics of technology and applications
of IT systems in cars such as telematics, infotainment, secure software
downloads and ad-hoc networks will guarantee a top-class event. For more
information please visit the following website: http://www.escar.info

Prof. Schwenk awarded with Inventor’s Prize of the Ruhr-Universität Bochum
==========================================================================
Prof. Schwenk and his team Tibor Jager, Sebastian Gajek and Prof.
Manulis (TU Darmstadt) have been awarded the prize for the patent “
Secure Browser-based Single Sign-On with Client Certificates”. Their
software offers two methods to make browser-based single sign-on safer.
Each year the Inventor’s Prize, financed by the RUB and Rubitec, is
awarded for the three most patentable inventions elaborated by members
of the RUB

Program Committees
==================
Roberto Avanzi: SPEED CC, Berlin, Germany
Tim Güneysu: SHARCS 2009, Lausanne, Switzerland
Alexander May: Eurocrypt 2010, Nice, France
Alexander May: SCC 2010, University of London, Egham, UK
Christof Paar: CRYPTO 2009, Santa Barbara, USA
Christof Paar: SHARCS 2009, Lausanne, Switzerland
Christof Paar: HOST 2009, San Francisco, USA
Christof Paar: COSADE 2010, Darmstadt, Germany
Ahmad Sadeghi: HOST 2009, San Francisco, USA
Christopher Wolf: WEWoRC 2009, Graz, Austria

Organizing Committees
=====================
Roberto Avanzi: CHiLE 2009, Frutillar, Chile
Alexander May: Eurocrypt 2009, Cologne, Germany
Meiko Jensen: IEEE International Workshop on Web Services Performance
(WSP), Los Angeles, USA, 2009
Christopher Wolf: Eurocrypt 2009, Cologne, Germany

Talks
=====
Meiko Jensen: **Sicherheitsmodellierung für Web-Service basierte
Geschäftsprozesse**, CAST-Workshop "SOA Security", Darmstadt, Germany
04.June 2009.

Frederik Armknecht: **Memory Leakage-Resilient Encryption based on
Physically Unclonable Functions**, Dagstuhl Seminar Series, Dagstuhl,
Germany

Frederik Armknecht: **Foundations for Forgery-Resilient Cryptographic
Hardware** and **Foundations of Modern Cryptography**, Sirrix, Germany

Meiko Jensen: **Analysis of Signature Wrapping Attacks and
Countermeasures**, 7th IEEE International Conference on Web Services
(ICWS), Los Angeles, USA, 2009.

Roberto Avanzi: **Trace Zero Varieties: Cryptographic Applications**,
SPEED CC, Berlin, Germany, 12 - 13 October 2009

Christof Paar: **Crypto Engineering: Some History and Some Case
Studies**, CHES 2009, EPFL Lausanne, Switzerland, 6-9. September 2009
http://www.springerlink.com/content/y567804vk88m2826/

Christof Paar: **KeeLoq and Side-Channel Analysis: Evolution of an
Attack** FDTC 2009, EPFL Lausanne, Lausanne, 6. September 2009

Tibor Jager: **Lossy Trapdoor Functions**, Seminar
Series:"Perlenseminar", University of Dortmund, Germany, May 2009
http://ls2-www.cs.tu-dortmund.de/lehre/Perlenseminar.html

Meiko Jensen: **Privacy Against the Business Partner: Issues for
Realizing End-to-End Confidentiality in Web Service Compositions**,
First International Workshop on Business Process Security (BPS), Linz,
Austria, 2009
http://www.securescm.org/images/stories/brochure/BPS09Program.pdf

Meiko Jensen: **Analysis of Signature Wrapping Attacks and
Countermeasures**, MyPhD Workshop, Passau, Germany, 24.- 26. August 2009

Florian Kohler: **Security of Browser-based Protocols**, MyPhD Workshop,
Passau, Germany, 24.- 26. August 2009

Timo Kasper: **EM Side-Channel Attacks on Commercial Contactless
Smartcards using Low-Cost Equipment**, 10th International Workshop on
Information Security Applications, WISA 2009, Busan, Korea, 25-27 August
2009

Stefan Heyse: **MicroEliece: McEliece for Embedded Devices**, CHES 2009,
EPFL Lausanne, Switzerland, 6-9. September 2009
http://www.springerlink.com/content/44818244160740r1/

Markus Kaspar: **Trojan Side-Channels: Lightweight Hardware Trojans
through Side-Channel Engineering**, CHES 2009, EPFL Lausanne,
Switzerland, 6-9. September 2009
http://www.springerlink.com/content/e2m2p31046173713/

Guests
======
Dr. Aurelie Bauer; Département d'informatique, ENS Paris, France
27.07.-08.08 Institute for Cryptology and IT-Security; collaboration
with Prof. May, Maike Ritzenhofen and Mathias Herrmann

Arno Fehm; School of Mathemtics, Tel Aviv University, Tel Aviv, Isreael
01.07.- 31.07. Institute for Cryptology and IT-Security; collaboration
with Prof. Avanzi on "Fast scalar multiplication on elliptic curves in 
cryptographie"

Ludovic Perret; Laboratoire d'Informatique de Paris 6, Univ. Paris 6,
France, 01.07.- 03.07., Chair for System Security: Algebraic homorphic 
Decoding based on coding theory

Daniel Augot; Laboratoire d'informatique, École Polytechnique,
Palaiseau, France, 01.07. - 03.07. Chair for System Security: Algebraic 
homorphic Decoding based on coding theory

HGI Colloquium
==============
`18.06.2009 Tibor Jager (NDS)`: **The Generic Hardness of Subset 
Membership Problems under the Factoring Assumption**
http://www.hgi.rub.de/admin/static_pages/page/2230/#a07

`25.06.2009 Thomas Schneider (SySec)`: **Secure Evaluation of Private 
Linear BranchingPrograms with Medical Applications**
http://www.hgi.rub.de/admin/static_pages/page/2230/#a08

`02.07.2009 Roberto Avanzi (CITS)`: **Parallel Harvesting for Index 
Calculus** http://www.hgi.rub.de/admin/static_pages/page/2230/#a09

`09.07.2009 Andreas Hoheisel (Fraunhofer-Institut für Rechnerarchitektur 
und Softwaretechnik FIRST, Berlin)`: **Side-Channel Analysis Resistant 
Implementation of AES on Automotive Processors**
http://www.hgi.rub.de/admin/static_pages/page/2230/#a10

`16.07.2009 Sven Schäge (NDS)`: **Twin Signature Schemes, Revisited**
http://www.hgi.rub.de/admin/static_pages/page/2230/#a11

`06.08.2009 Aurelie Bauer (Département d'informatique, ENS Paris)`:
**Towards a Rigorous Generalization of Coppersmith's Methods for Finding 
Small Roots of Multivariate Polynomial Equations**
http://www.hgi.rub.de/admin/static_pages/page/2230/#a12

`15.10.2009 David Oswald (EMSEC)`: **Development of an Integrated 
Environment for Side-Channel Analysis and Fault Injection**
http://www.hgi.rub.de/hgi/hgi-seminar/aktuelles/#a01

`22.10.2009 Enrico Thomae`: **Permutations among the HFE Polynomials**
http://www.hgi.rub.de/hgi/hgi-seminar/aktuelles/#a02

Publications
============
`Yali Liu, Frederik Armknecht, Dipak Ghosal, Stefan Katzenbeisser,
Ahmad-Reza Sadeghi, Steffen Schulz`:
**Hide and Seek in Time - Robust Covert Timing Channels**
14th European Symposium on Research in Computer Security (ESORICS 2009)

`Mauro Barni, Pierluigi Failla, Vladimir Kolesnikov, Riccardo
Lazzeretti, Ahmad-Reza Sadeghi, Thomas Schneider`:
**Secure Evaluation of Private Linear Branching Programs with Medical
Applications**
14th European Symposium on Research in Computer Security (ESORICS 2009)
http://eprint.iacr.org/2009/195.

`Endre Bangerter, Thomas Briner, Wilko Henecka, Stephan Krenn,
Ahmad-Reza Sadeghi, Thomas Schneider`:
**Automatic Generation of Sigma-Protocols**
6th European Workshop on Public Key Services, Applications and
Infrastructures (EUROPKI 2009)

`Frederik Armknecht and Dirk Westhoff (HAW Hamburg)`:
**Agreement with low-end devices**
SENSEAPP 2009 - Fourth IEEE International Workshop on Practical Issues in
Building Sensor Network Applications

`Meiko Jensen, Jörg Schwenk, Nils Gruschka, Luigi Lo Iacono`:
**On Technical Security Issues in Cloud Computing**
IEEE International Conference on Cloud Computing (CLOUD-II), Bangalore,
India, 2009

`Meiko Jensen, Nils Gruschka`:
**Privacy Against the Business Partner: Issues for Realizing End-to-End
Confidentiality in Web Service Compositions**
International Workshop on Business Processes Security (BPS), DEXA 2009,
Linz, Österreich

`Bruno Blanchet, Aaron D. Jaggard, Jesse Rao, Andre Scedrov, Joe-Kai Tsay`:
**Refining Computationally Sound Mechanized Proofs for Kerberos**
Workshop on Formal and Computational Cryptography, FCC 2009, July 11-12,
2009, Port Jefferson, New York, USA im Zusammenahng mit der CSF 2009:
http://infsec.uni-trier.de/fcc2009/index.php?content=program

`Sebastian Gajek, Chen Xuan, M. Steiner (IBM), Jörg Schwenk`:
**Risks of the Cardspace Protocol**
Information Security Conference (ISC 2009), Pisa

`Tibor Jager, Jörg Schwenk`:
**On the analysis of cryptographic assumptions in the generic ring model**
Mitsuru Matsui, editor, "Advances in Cryptology" - ASIACRYPT 2009, 15th
International Conference on the Theory and
Application of Cryptology and Information Security" Tokio, Japan, 6-10
Dezember 2009, Springer 2009

`Antonia Azzini, Stefania Marrara, Meiko Jensen, Jörg Schwenk`:
**Extending the Similarity-Based XML Multicast Approach with Digital
Signatures**
Proceedings of the ACM Workshop on Secure Web Services (SWS), Chicago,
Illinois, U.S.A., 2009.

`Meiko Jensen, Lijun Liao, Jörg Schwenk`:
**The Curse of Namespaces in the Domain of XML Signature**
Proceedings of the ACM Workshop on Secure Web Services (SWS)2, Chicago,
Illinois, U.S.A., 2009.

`Vladimir Kolesnikov, Ahmad-Reza Sadeghi, Thomas Schneider`:
**Improved Garbled Circuit Building Blocks and Applications to Auctions
and Computing Minima**
8th International Conference on Cryptology And Network Security (CANS'09)

`Benny Pinkas, Thomas Schneider, Nigel P. Smart, Stephen C. Williams`:
**Secure Two-Party Computation is Practical**
Mitsuru Matsui, editor, "Advances in Cryptology" - ASIACRYPT 2009, 15th
International Conference on the Theory and
Application of Cryptology and Information Security, Tokio, Japan, 6-10
Dezember 2009, Springer 2009

`Mauro Barni, Pierluigi Failla, Vladimir Kolesnikov, Riccardo
Lazzeretti, Annika Paus, Ahmad-Reza Sadeghi, Thomas Schneider`:
**Efficient Privacy-Preserving Classification of ECG Signals**
1st IEEE International Workshop on Information Forensics and Security
(IEEE WIFS '09)

`Martin Novotný, Timo Kasper`:
**Cryptanalysis of KeeLoq with COPACOBANA**
Special-purpose Hardware for Attacking Cryptographic Systems 2009,
SHARCS 2009 Lausanne, Switzerland. 9-10 September 2009

`Timo Kasper, David Oswald, Christof Paar`:
**EM Side-Channel Attacks on Commercial Contactless Smartcards using
Low-Cost Equipment**
10th International Workshop on Information Security Applications, WISA
2009, Busan, Korea. 25-27 August 2009

`Markus Kasper, Timo Kasper, Amir Moradi, Christof Paar`:
**Breaking KeeLoq in a Flash: On Extracting Keys at Lightning Speed**
2nd International Conference on Cryptology in Africa, Progress in
Cryptology - AFRICACRYPT 2009, Gammarth, Tunesien, 21-25 Juni 2009
http://www.crypto.rub.de/imperia/md/content/texte/publications/conferences/africacrypt2009_keeloq.pdf

`Thomas Eisenbarth, Tim Güneysu, Stefan Heyse, Christof Paar`:
**"MicroEliece: McEliece for Embedded Devices**
http://www.springerlink.com/content/44818244160740r1/

`Lang Lin, Markus Kasper, Tim Güneysu, Christof Paar, Wayne Burleson`:
**Trojan Side-Channels: Lightweight Hardware Trojans through
Side-Channel Engineering**
http://www.springerlink.com/content/e2m2p31046173713/

`Sebastian Gajek, Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy`:
**TruWallet: Trustworthy and Migratable Wallet-Based Web Authentication**
The Fourth Annual Workshop on Scalable Trusted Computing (ACM STC'09), 2009

`Luigi Catuogno, Hans Löhr, Mark Manulis, Ahmad-Reza Sadeghi`:
**Transparent Mobile Storage Protection in Trusted Virtual Domains**
USENIX 23rd Large Installation System Administration Conference (LISA
'09), 2009

`Jorge Guajardo, Tim Güneysu, Sandeep S. Kumar, Christof Paar`:
**Secure IP-Block Distribution for Hardware Devices**
EEE International Workshop on Hardware-Oriented Security and Trust -
HOST 2009, San Francisco, USA, 27. Juli 2009

`Tim Güneysu, Gerd Pfeiffer, Christof Paar, Manfred Schimmler`:
**Three Years of Evolution: Cryptanalysis with COPACOBANA**
SHARCS'09 - Special-purpose Hardware for Attacking Cryptographic
Systems, 9-10. September 2009, Lausanne, Schweiz

`Daniel V. Bailey, Brian Baldwin, Lejla Batina, Daniel J. Bernstein,
Peter Birkner, Joppe W. Bos, Gauthier van Damme, Giacomo de Meulenaer,
Junfeng Fan, Tim Güneysu, Frank Gurkaynak, Thorsten Kleinjung, Tanja
Lange, Nele Mentens, Christof Paar, Francesco Regazzoni, Peter Schwabe,
Leif Uhsadel`:
**The Certicom Challenges ECC2-X**
SHARCS'09 - Special-purpose Hardware for Attacking Cryptographic
Systems, 9-10. September 2009, Lausanne, Schweiz

`Nils Gruschka, Meiko Jensen, Luigi Lo Iacono, Jörg Schwenk`:
**XML Signature Wrapping Angriffe - What You Process is not Always What
You Verify**
Datenschutz und Datensicherheit 09/2009

Subscribe: If you wish to subscribe to the HGI News by email, you can do 
so at 
http://lists.ruhr-uni-bochum.de/mailman/listinfo/hgi-news-international

Unsubscribe: If you wish to unsubscribe from the HGI News, please visit
http://lists.ruhr-uni-bochum.de/mailman/listinfo/hgi-news-international

Download: All HGI-Newsletters (both English and German) can be 
downloaded from: http://www.hgi.rub.de/hgi/newsletter

Editor: Dr. Christopher Wolf, Email: hgi-office at rub.de

Executive Director of the Horst Görtz Institute:
Prof. Dr. Jörg Schwenk, Email: Joerg.Schwenk at rub.de