[HGI-news-int] HGI Newsletter #05e

English Newsletter of the Horst Goertz Institute of IT Security in Bochum hgi-news-international at lists.ruhr-uni-bochum.de
Fri Dec 3 17:42:01 CET 2010 

**HGI-Newsletter**
http://www.hgi.rub.de/hgi/newsletter/n05e/

No 05e - Friday, 3 December 2010
Horst Görtz Institute for IT Security
­­Ruhr-University Bochum
http://www.hgi.rub.de


Content
=======

- Sofja Ko­va­levs­ka­ja Prize Winner new Pro­fes­sor at HGI
- Six HGI pro­jects awar­ded by BMBF with 1,9 mil­li­on Euros
- HGI successfull at the Third German Award for IT Security
- IT Security Events
- 10 years of ITS-Studies in Bochum
- Prof. Paar elected to IACR Board of Directors
- W3 Chair for System Security
- Programme Committees
- Workshops
- Invited talks
- Talks
- HGI Colloquium
- Publications


Sofja Ko­va­levs­ka­ja Prize Winner new Pro­fes­sor at HGI
====================================================
In September Prof. Dr. Eike Kiltz joined the Horst Görtz Institut with a 
W2-pro­fes­sorship. He will be part of Pro­fes­sor May’s team at the 
Chair of Cryp­to­lo­gy and will deal with all as­pects of de­ve­lo­ping 
and ana­ly­sing cryp­to­gra­phic me­thods. As one out of only 18 young 
re­se­ar­chers he re­cei­ved the Sof­ja-Ko­va­levs­ka­ja Prize awar­ded 
by the Alex­an­der von Hum­boldt Foundation. This prize amoun­ting to 
1,65 mil­li­on will allow him to con­ti­nue his re­se­arch. Pro­fes­sor 
Kiltz has gra­dua­ted from Bo­chum. After ha­ving held post doc 
po­si­ti­ons at UC San Diego and the “Cen­trum Wis­kun­de & 
In­for­ma­ti­ca” in Ams­ter­dam with the re­se­arch group “Cryp­to­lo­gy 
and In­for­ma­ti­on Se­cu­ri­ty” he now re­turns as Pro­fes­sor to the 
HGI. Plea­se go to http://homepages.cwi.nl/~kiltz/research.html for 
fur­ther in­for­ma­ti­on.

Six HGI pro­jects awar­ded by BMBF with 1,9 mil­li­on Euros
========================================================
Six pro­jects of re­se­ar­chers of the Horst Görtz In­sti­tu­te will be 
sup­por­ted by the “Fe­deral Mi­nis­try of Edu­ca­ti­on and Re­se­arch” 
(BMBF) with an amount of 1,9 mil­li­on Euros. The pro­jects MobWorm, 
Sec^2, ESET, RESIST, SCAAS and HIKOS aim at si­gni­fi­cant­ly 
im­pro­ving se­cu­ri­ty of pre­sent and fu­ture IT-Sys­tems. Throug­hout 
the next coup­le of years the pro­ject teams at the HGI and partners 
from science and economy are going to de­ve­lop pro­tec­ting 
me­cha­nis­ms for smart pho­nes and mo­bi­le data, smart cards and chip 
cards, as well as for board electronics of cars and software. Fur­ther 
de­tails can be found on: 
http://aktuell.ruhr-uni-bochum.de/pm2010/pm00323.html.de

HGI successfull at the Third German Award for IT Security
=========================================================
On Thursday, 25 November 2010 the third German Award for IT-Security was 
awarded by the Horst Görtz Foundation at the "Zentrum für IT-Sicherheit" 
in Bochum. Prof. Gregor Leander, Prof. Christof Paar and Dr. Axel 
Poschmann of the HGI received the 1st prize, 100,000 Euros, for their 
submission "PRESENT - Cost Optimized Security for Pervasive Computing". 
PRESENT is currently being standardized by ISO. The 2nd prize, which 
comes with a sum of 60,000 Euros, was awarded to Lucas Davi, Prof. 
Ah­mad-Re­za Sa­de­ghi and Mar­cel Wi­n­an­dy of the Chair of System 
Security of the HGI for their submission „ROP ­De­fen­der, a Tool for 
Prevention of Re­turn-Ori­en­ted Pro­gramming Attacks“. This award is 
one of the most prestigious prizes privately awarded in Germany 
honouring marketable inventions in the area of IT Security. Further 
information regarding the award and the prize winners can be found at 
http://horst-goertz.de/it_preis.html.

IT Security Events
==================
- 9 December, 2010  eurobits Christmas Party
- 18 January,  2011 Teacher Training, Cryptography & IT-Security
- 8 February, 2011  Student Day, Cryptography & IT-Security
- 21 March, 2011    14. Kryptotag / SPRING
- 27 May, 2011      its.connect 2011, jobfair

All events will take place in Bochum!

10 years of ITS-Studies in Bochum
=================================
For exactly 10 years now Bochum is offering academic programs in 
IT-Security. Currently there are three Master programs and a Bachelor
program, the latter of which is unique in Germany. 130 new students 
registered for this winter term. At the moment about 60 students
graduate with Bachelor and Master degrees every year and enjoy best 
career opportunities. The national newspaper "Süddeutsche Zeitung" lists
ITS as one of the 10 occupational areas with best future perspectives. 
For further information visit: 
http://sueddeutsche.de/karriere/berufe-mit-zukunft-karriere-wir-kommen-1.964189-9


Prof. Paar elected to IACR Board of Directors
=============================================
The 2010 election took place October 1 through November 15 to fill all 
four IACR Officer positions and three of nine IACR Director positions. 
This year, for the first time the election was conducted electronically 
using the Helios cryptographically-verifiable election system. Prof. 
Christof Paar, Director of the HGI, was elected to a Directorate post. 
With Dr. Christopher Wolf, there are now two German members (both at the 
HGI) in the Board of Directors of the IACR, the worlwide association of 
cryptologic researchers.

W3 Chair for System Security
============================
The position of Chair of System Security (formerly Prof. Ahmad Sadeghi) 
has become vacant. It is integrated in the Horst Görtz Institute for 
IT-Security, one of the the leading university-based research centres in 
this field. The future occupant is supposed to represent the department 
in this field in research and teaching. His/her scientific work will 
focus on one or more of the key research areas: operating system 
security; security in distributed systems; cryptography (protocols and 
algorithms). International visibility through publications and projects, 
substantial experience with external research funding are expected. The 
committee is currently reviewing the application, and the position is 
expected to be filled early 2011.


Programme Committees
====================

Thorsten Holz:
**European Workshop on System Security (EuroSec'10)**, Publicity Chair, 
Paris, 13 April 2010
**9th Workshop on the Economics of Information Security (WEIS 2010)**, 
Harvard University, Cambridge, USA, 7 – 8 June 2010
**7th Conference on Detection of Intrusions and Malware & Vulnerability 
Assessment (DIMVA '10)**, Bonn, 8 – 9 June 2010
**15th European Symposium on Research in Computer Security (ESORICS 
'10)**, Athen, Greece, 20 – 22 September 2010
**13th International Symposium on Recent Advances in Intrusion Detection 
(RAID '10)**, Publicity Chair, Ottawa, Ontario, Canada, 15 – 17 
September 2010

Eike Kiltz:
**30th International Cryptology Conference (CRYPTO 2010)**, Santa 
Barbara, USA, 30 May - 3 June 2010
**13th International Conference on Practice and Theory in Public Key 
Cryptography (PKC 2010)**, Paris, France, 26 - 28 May 2010

Alexander May:
**CT-RSA 2011**, San Francisco, USA, 14 - 18 February 2011
**14th International Conference on Practice and Theory in Public Key 
Cryptography (PKC 2011)**, Taormina, Italy, 6 - 9 March 2011
**30th International Conference on the Theory and Applications of 
Cryptographic Techniques (Eurocrypt 2011)**, Tallinn, Estonia, 15 -19 
May 2011



Workshops
=========
Alexander May, Frederic Vercauteren:
**MAYA WG2 – Research Meeting in Cryptoanalysis** K.U. Leuven ESAT, 9 
September 2010

Christopher Wolf, Frederik Armknecht:
**Sicherheit 2010: Special Session on Theory and Practice of 
Cryptography**, Berlin, 6 Oktober 2010

Invited talks
=============
Thorsten Holz: **Angriffe im Mobilen Internet**, a-i3/BSI - Symposium 
2010, Bochum

Thorsten Holz: **Tracking and Mitigation of Malicious Remote Control 
Networks**, Colloquium in connection with GI-Dissertationspreis 2010, 
Schloss Dagstuhl, Wadern

Thorsten Holz: **Botnets in 2010**, SIGINT 2010, Cologne

Thorsten Holz: **Erkennen von Botnetzen - Aktueller Forschungsstand und 
offene Probleme**, IT-Security Breakfast May 2010, IHK Bochum

Thorsten Holz: **Technical Aspects of the Waledac Takedown**, 19th 
Messaging Anti-Abuse Working Group Meeting, Barcelona

Thorsten Holz: **Effiziente Analyse von Schadsoftware im Kontext von 
Frühwarnsystemen**, University Bonn, Bonn

Thorsten Holz: **Botnet Detection and Mitigation**, Universität 
Darmstadt, DarmstadtMeiko Jensen ** Cloud Computing Standards: A 
Security Point of View**, IEEE Cloud Computing Standards Symposium, 
Miami, Florida, U.S.A., July 2010.

Timo Kasper, David Oswald, Christof Paar: **A Versatile Framework for 
Implementation Attacks on Cryptographic and Embedded Devices** Special 
Issue on Security in Computing of Transactions on Computational Sciences 
Journal

Alexander May: **Correcting Errors in RSA Private Keys**, 2nd 
International Conference on Symbolic Computation and Cryptography 2010, 
Royal Holloway, University of London, UKSCC 2010, Royal Holloway
http://scc2010.rhul.ac.uk/invited.php

Alexander May: **Lattice-based Cryptanalysis**, crypt at b-it 2010, Summer 
school on Cryptography, Bonn
http://cosec.bit.uni-bonn.de/students/events/cryptabit2010/

Alexander Meurer: **Correcting Errors in RSA Private Keys**, Crypto 
2010, 15 – 19 August 2010, Santa Barbara, Californien
http://www.iacr.org/conferences/crypto2010/program.html#ses2.2

Thomas Schneider: **Token-based cloud computing - secure outsourcing of 
data and arbitrary computations with lower latency**, 3rd International 
Conference on Trust and Trustworthy Computing (TRUST'10) - Workshop on 
Trust in the Cloud, 21 – 23 June 2010, Berlin, together with Ahmad-Reza 
Sadeghi und Marcel Winandy

Thomas Schneider: **Garbled circuits for leakage-resilience: Hardware 
implementation and evaluation of one-time programs**, 12th International 
Workshop on Cryptographic Hardware and Embedded Systems (CHES'10), 17 – 
20 August 2010, Santa Barbara, USA, together with Kimmo Järvinen, 
Vladimir Kolesnikov, und Ahmad-Reza Sadeghi



Talks
=====
Meiko Jensen: **An Anonymous Access Control and Accountability Scheme 
for Cloud Computing**, Third International Conference on Cloud Computing 
(IEEE CLOUD), Miami, Florida, USA, 2010

Meiko Jensen: **Attack Surfaces: A Taxonomy for Attacks on Cloud 
Services**, Third International Conference on Cloud Computing (IEEE 
CLOUD), Miami, Florida, USA, 2010

Meiko Jensen: **Towards Automated Processing of the Right of Access in 
Inter-Organizational Web Service Compositions**,  IEEE International 
Workshop on Web Service and Business Process Security (WSBPS), Miami, 
Florida, USA, 2010.

Clemens Kolbitsch, Thorsten Holz, Christopher Kruegel, Engin Kirda: 
**Inspector Gadget: Automated Extraction of Proprietary Gadgets from 
Malware Binaries**, IEEE Security and Privacy, Oakland

Hans Löhr: **Anonymous Authentication with TLS and DAA**,  TRUST 2010, 
Berlin, 21-23 June 2010, (together Emanuele Cesena, Gianluca Ramunno, 
Ahmad-Reza  Sadeghi, and Davide Vernizzi):

Christof Paar: **Physical Attacks in a Physical World**, MIT Computer 
Science and Artificial Intelligence Laboratory, Cambridge, USA, please 
see: 
http://www.csail.mit.edu/events/eventcalendar/calendar.php?show=event&id=2646

Thomas Schneider: **Token-based cloud computing - secure outsourcing of 
data and arbitrary computations with lower latency**, 3rd International 
Conference on Trust and Trustworthy Computing (TRUST'10) - Workshop on 
Trust in the Cloud, 21 – 23 June 2010, Berlin, (together with Ahmad-Reza 
Sadeghi and Marcel Winandy)

Thomas Schneider: **Garbled circuits for leakage-resilience: Hardware 
implementation and evaluation of one-time programs**, 12th International 
Workshop on Cryptographic Hardware and Embedded Systems (CHES'10), 17 – 
20 August 2010, Santa Barbara, USA. (together with Kimmo Järvinen, 
Vladimir Kolesnikov, und Ahmad-Reza Sadeghi)

Gilbert Wondracek, Thorsten Holz, Christian Platzer, Engin Kirda, 
Christopher Kruegel: **Is the Internet for Porn? An Insight Into the 
Online Adult Industry**, Ninth Workshop on the Economics of Information 
Security (WEIS 2010), Boston

Gilbert Wondracek, Thorsten Holz, Engin Kirda, Christopher Kruegel: **A 
Practical Attack to De-Anonymize Social Network Users**, IEEE Security 
and Privacy, Oakland



HGI Colloquium
==============

10 June 2010 Thorsten Mehlich / Ruhr-University Bochum	
**Strategien für effiziente Skalarmultiplikation**
http://www.hgi.rub.de/hgi/hgi-seminar/aktuelles/#strategien-f-r-effiziente-skalarmultiplikation

17 June 2010 Roberto Avanzi / Ruhr-University Bochum	
**Arithmetic of Supersingular Koblitz Curves in Characteristic Three**
http://www.hgi.rub.de/hgi/hgi-seminar/aktuelles/#arithmetic-of-supersingular-koblitz-curves-in-characteristic-three

24 June 2010 Christopher Wolf /Ruhr-University Bochum
**Äquivalente Schlüssel in Multivariaten Quadratischen Systemen**	
http://www.hgi.rub.de/hgi/hgi-seminar/aktuelles/#quivalente-schl-ssel-in-multivariaten-quadratischen-systemen

1 July 2010 Juraj Somorovsky / Ruhr-University Bochum
**Streaming-based verification of XML Signatures in SOAP Messages**
http://www.hgi.rub.de/hgi/hgi-seminar/aktuelles/#streaming-based-verification-of-xml-signatures-in-soap-messages

8 July 2010 Peter Schwabe / Eindhoven University of Technology 	
**New Software Speed Records for Cryptographic Pairings**
http://www.hgi.rub.de/hgi/hgi-seminar/aktuelles/#new-software-speed-records-for-cryptographic-pairings

15 July 2010 Florian Kohlar / Ruhr-University Bochum 	
**On Cryptographically Strong Bindings of SAML Assertions to Transport 
Layer Security**
http://www.hgi.rub.de/hgi/hgi-seminar/aktuelles/#on-cryptographically-strong-bindings-of-saml-assertions-to-transport-layer-security


21 July 2010 Mario Kirschbaum / IAIK Graz 	
**A Glimpse on DPA-Resistant ASIC Prototypes**
http://www.hgi.rub.de/hgi/hgi-seminar/aktuelles/#a-glimpse-on-dpa-resistant-asic-prototypes

22 July 2010 Lena Wiese / TU Dortmund
**Logical Requirements for Database Security**
http://www.hgi.rub.de/hgi/hgi-seminar/aktuelles/#logical-requirements-for-database-security

29 July 2010 Alexander Meurer / Ruhr-University Bochum
**Correcting Errors in RSA Private Keys**
http://www.hgi.rub.de/hgi/hgi-seminar/aktuelles/#correcting-errors-in-rsa-private-keys

The abstracts are available at 
http://www.hgi.rub.de/hgi/hgi-seminar/aktuelles/

Publications
============
José Bacelar Almeida, Endre Bangerter, Manuel Barbosa, Stephan Krenn, 
Ahmad-Reza Sadeghi, Thomas Schneider:
**A certifying compiler for zero-knowledge proofs of knowledge based on 
sigma-protocols**
15th European Symposium on Research in Computer Security (ESORICS'10), 
LNCS. Springer, 20 – 22 September 2010. Please also see: 
http://eprint.iacr.org/2010/339.

Marco Balduzzi, Christian Platzer, Thorsten Holz, Engin Kirda, Davide 
Balzarotti, Christopher Kruegel:
**Abusing Social Networks for Automated User Profiling**
International Symposium on Recent Advances in Intrusion Detection (RAID 
2010), Ottowa, Kanada

Endre Bangerter, Stephan Krenn, Ahmad-Reza Sadeghi, Thomas Schneider:
**YAZKC: Yet Another Zero-Knowledge Compiler**
19th USENIX Security Symposium (Security'10) Poster Session, 11 – 13 
August 2010.

Liqun Chen, Kurt Dietrich, Hans Löhr, Ahmad-Reza Sadeghi, Christian 
Wachsmann, Johannes Winter:
**Lightweight Anonymous Authentication with TLS and DAA for Embedded 
Mobile Devices**
  accepted for the 13th  Information Security Conference (ISC'10), 2010.

Nils Gruschka, Meiko Jensen, Luigi Lo Iacono, Norbert Luttenberger:
**Server-Side Streaming Processing of WS-Security**
IEEE Transactions on Services Computing (TSC, to appear).

Wilko Henecka, Stefan Kögl, Ahmad-Reza Sadeghi, Thomas Schneider, Immo 
Wehrenberg:
**TASTY: Tool for Automating Secure Two-partY computations**
17th ACM Conference on Computer and Communications Security (CCS'10). 
ACM, 4 – 8 Oktober, 2010. Please also see: http://eprint.iacr.org/2010/365.

Tibor Jager, Andy Rupp:
**The Semi-Generic Group Model and Applications to Pairing-based 
Cryptography**
The 16th Annual International Conference on the Theory and Application 
of Cryptology and Information Security (ASIACRYPT), Singapore, 2010

Tibor Jager, Florian Kohlar, Sven Schäge, Jörg Schwenk:
**Generic Compilers for Authenticated Key Exchange**
The 16th Annual International Conference on the Theory and Application 
of Cryptology and Information Security (ASIACRYPT), Singapore, 2010

Meiko Jensen, Sven Schäge, Jörg Schwenk:
**Towards an Anonymous Access Control and Accountability Scheme for 
Cloud Computing**
Proceedings of the Third International Conference on Cloud Computing 
(IEEE CLOUD), Miami, Florida, USA, 2010

Meiko Jensen, Jörg Schwenk:
**Definition, Application, and Enforcement of WS-Security Policies in 
Model-Driven SOAs**
Proceedings of the Third International Symposium on Web Services (WSS), 
Dubai, U.A.E., 2010

Florian Kohlar, Jörg Schwenk, Meiko Jensen, Sebastian Gajek.
**On Cryptographically Strong Bindings of SAML Assertions to Transport 
Layer Security.**
International Journal of Mobile Computing and Multimedia Communications 
(invited paper, IJMCMC, to appear).

Hans Löhr, Thomas Pöppelmann, Johannes Rave, Martin Steegmanns, Marcel 
Winandy:
**Trusted Virtual Domains on OpenSolaris: Usable Secure Desktop 
Environments**
accepted for the 5th International Workshop on Scalable  Trusted 
Computing (ACM STC'10), 2010.

Hans Löhr, Marcel Winandy, Ahmad-Reza Sadeghi:
**Securing the E-Health  Cloud**
accepted for the 1st ACM International Health Informatics  Symposium 
(ACM IHI 2010), 2010.

Ahmad-Reza Sadeghi, Thomas Schneider:
**Verschlüsselt Rechnen: Sichere Verarbeitung verschlüsselter 
medizinischer Daten am Beispiel der Klassifikation von EKG-Daten**
Workshop Innovative und sichere Informationstechnologie für das 
Gesundheitswesen von morgen (PerspeGKtive'10), LNI, 8 September 2010.

Michael Spreitzenbarth, Thorsten Holz:
**Towards Secure Deletion on Smartphones**
5th Conference on "Sicherheit: Schutz und Zuverlässigkeit" (SECURITY 
2010), Berlin

Philipp Trinius, Carsten Willems, Thorsten Holz, Konrad Rieck:
**A Malware Instruction Set for Behavior-Based Analysis**
5th Conference on "Sicherheit: Schutz und Zuverlässigkeit" (SICHERHEIT 
2010), Berlin




Information
===========

Subscribe:
     If you wish to subscribe to the HGI News by email, you can do so at
     http://lists.ruhr-uni-bochum.de/mailman/listinfo/hgi-news-international

Unsubscribe:
     If you wish to unsubscribe from the HGI News, please visit
     http://lists.ruhr-uni-bochum.de/mailman/listinfo/hgi-news-international

Download:
     All HGI-Newsletters (both English and German) can be downloaded from:
     http://www.hgi.rub.de/hgi/newsletter

Editor:
     Anja Nuss, Email: an at hgi.rub.de

Managing Director of the Horst Görtz Institute:
     Prof. Dr.-Ing. Chrstof Paar, Email: christoph.paar at rub.de

-- 
Dipl.-Math. Anja Nuß
Scientific Coordinator

Horst Görtz Institute for IT-Security
Ruhr-University Bochum, Germany

+49 (234) 32 - 27722
www.hgi.rub.de

More information about the HGI-News-International mailing list