[HGI-news-int] HGI-Newsletter #03 (EN)

Tue Jan 26 16:53:12 CET 2010

HGI-Newsletter
http://www.hgi.rub.de/hgi/newsletter/

No 03e - Tuesday, 26th January 2010
Horst Görtz Institute for IT Security
Ruhr-University Bochum
http://www.hgi.rub.de/

Content
=======
HGI well represented at Financial Crypto 2010
Emmy Noether Grant
First graduate in "Master of Science in Applied IT-Security"
Three ITS-Students awarded by Cast e.V.
New members for the HGI Board of Directors
Professor Paar interviewed by Deutsche Welle DW-World
"Understanding Cryptography" by Prof. Paar and Dr. Pelzl
Academy for hackers
Programme Committees
Workshops
Invited Talks
Talks
HGI Colloquium
Publications

HGI well represented at Financial Crypto 2010
=============================================
Four papers by HGI authors have been accepted for next year's conference
"Financial Cryptography and Data Security" including two full papers
(out of 19 papers, 14.6% acceptance rate) and two short papers (out of
15 papers, 26.1% acceptancerate). Another two papers have been accepted
for colocated workshops. Congratulations to the authors whom we whish a
pleasant stay in Tenerife.
Source: http://fc10.ifca.ai/AcceptedPapers.htm

Emmy Noether Grant
==================
The German Science Foundation (DFG) has awarded an Emmy Noether grant to
HGI member Christopher Wolf for his application on “Multivariate
Quadratic Systems in Public-Key Kryptology”. These very distinguished
Emmy Noether grants are awarded for a 5-year-period. The funding for an
independent junior research group includes the position of head for the
applicant, and the personnel necessary to complete the project during
the funding period  (2 Ph.D. students in this case). It therefore allows
independent research.

First graduate in "Master of Science in Applied IT-Security"
============================================================
Mr Andreas Mayer from Schwäbisch Hall (near Stuttgart) is the first
student to graduate in Applied IT Security as "Master of Science in
Applied IT Security". This distance degree course lasting four terms is
Europe-wide the only one of its kind offered by HGI partner is-its in
cooperation with the Ruhr-University Bochum. It combines scientific
basics with economic topics. Mr Mayer’s thesis on “Browser-based
single-sign-on safe and webwide applicable identity management with TLS
federation” was supervised by Professor Jörg Schwenk, the current
director of the HGI.

Three ITS-Students awarded by Cast e.V.
=======================================
For the 9th time, the Competence Center for Applied Security Technology
(CAST e.V.) has awarded extraordinary young talent in the field if IT
security with the CAST Award for IT security. Innovative ideas and new
concepts dealing with the subject "Security in Information Technology"
are the main focus of the jury. CAST is one of the most important
non-profit associations for communication and advanced training for IT
security in Germany. Among this year’s winners are HGI members Annika
Paus, Steffen Schulz and Hendrik Dettmer. CAST e.V. grants the graduates
free participation in the CAST workshops and a prize money.

New members for the HGI Board of Directors
=========================================
According the HGI's by-law, some HGI members have been elected to the
Board of Directors during its last General Assembly. Professor Borges
will now represent the academic group of professors within the HGI. The
remaining group of academics will be represented by Dipl.-Ing. Meiko
Jensen and Alexander Meurer, while the group of non-academics will have
Ms Petra Winkel to act on their behalf. Another new member of the board
will be Mr Vincent Immler representing the students and their positions.
Congratulations to all newly elected members on their appointments!
Their future engagement for the institute is very much appreciated.

Professor Paar interviewed by Deutsche Welle DW-World
=====================================================
Deutsche Welle DW-World has been interviewing Prof. Christof Paar on the
failed takeover of Opel by Magna and the continuous pressure to find new
companies to set up business in Bochum. He referred to the success of
ITS studies in Bochum and how this and how this and the spin-off of
technology companies like escrypt GmbH – Embedded Security demonstrate a
regional development directly opposed to the case of Opel, rather
enhancing the structural change of the economy in the Ruhr Valley. The
interview is available at:
http://www.dw-world.de/dw/article/0,,4866525,00.html

Dominik Birk on manhunt for m€x
===============================
On Wednesday, 25 November 2009 Dominik Birk was answering questions
during the radio business show „m€x“ at radio station “Hessische
Rundfunk” analyzing recent cases of identity theft in Spain. He
demonstrated how creditcard details can be manipulated, that they are
offered throughout the internet and therefore can be easily used by
criminal hackers to get access to accounts of credit card holders.
Dominik Birk’s research looks into the methods of those criminals. He
knows this market and the data offered on the web quite well. The
interview can be downloaded from:
http://www.hr-online.de/website/fernsehen/sendungen/index.jsp?rubrik=2634

"Understanding Cryptography" by Prof. Paar and Dr. Pelzl
========================================================
Professor Christof Paar (HGI) and Dr. Jan Pelzl (escrypt) have been
publishing a new textbook on cryptography at Springer with the title
"Understanding Cryptography. A Textbook for Students and Practioners".
Primarily, this book refers to readers with a technical background but
without an education in mathematics, however still offers a wide and
precise range of information. Due to its strong focus on practical
issues such as standardized ciphers, state-of-the-art security
recommendations and implementation issues, the book is also especially
useful for practitioners in industry who want to learn about modern
security mechanisms.
The book teaches virtually all modern crypto schemes of practical
relevance, including the Advanced Encryption Standard (AES), DES and
3DES, RSA, elliptic curves, Diffie-Hellman key exchange, Digital
Signature Algorithms, ECDSA and the SHA hash function family. Protocols
and key establishment methods, including certificates and public-key
infrastructure, are also introduced. Timely topics such as lightweight
ciphers for RFIDs and mobile devices are treated as well. More
information can be found at: http://www.crypto-textbook.com/

Academy for hackers
===================
The Ruhr University Bochum is offering a seminar which as such is unique
in Germany. It offers the possibility to graduate as Masters
specializing in hacking techniques. Christof Wegener and Dominik Birk,
both members of the HGI, are the responsible lecturers. These studies
aim at making these students aware of the threats the Internet poses by
exposing them to various borderline experiences so that they lateron
will find ways to deal with the dark sides of information technology.

Programme Committees
====================
Ahmed-Reza Sadgehi:
**Finanical Cryptography 2010**, Tenerife, Canary Islands

Christopher Wolf: **YACC'X: Yet Another Conference on Cryptography**,
Porquerolles Island, France, http://grim.univ-tln.fr/YACC10/

Workshops
=========
Ernesto Damiani, Nils Gruschka, Florian Kerschbaum, Jörg Schwenk:
**First IEEE International Workshop on Web Service and Business Process
Security**, WSBPS colocated with IEEE SERVICES 2010, Miami, FL, USA.

 Ahmad-Reza Sadeghi: **Trust 2010**; 21-23 June 2010, Berlin,
www.trust2010.org

Invited Talks
=============
Alexander May: **Unravelled Linearization with Lattices**, “ESC 2010 -
Early Symmetric Crypto Seminar”; Remich, 11.- 15. January 2010)

Alexander May: **Lösen von RSA Problemen mittels Gitterreduktion**,
(„Mathematisches Kolloquium Oldenburg“, 6.January.2010)

Talks
=====
Christian Wachsmann: **Anonymizer-Enabled Security and Privacy for
RFID**, Ahmad-Reza Sadeghi, Ivan Visconti, and Christian Wachsmann
(Dipartimento di Informatica e Applicazioni, University of Salerno,
Italy, Dezember 2009; s. auch: http://www.rcis.aist.go.jp/cans2009/index.htm

Marcel Winandy: **TruWallet: Trustworthy and Migratable Wallet-Based Web
Authentication**,  (4th Annual Workshop on Scalable Trusted Computing
(STC 2009), Chicago, USA, November 13, 2009)
http://projects.cerias.purdue.edu/stc2009/

Marcel Winandy: **Dynamic Integrity Measurement and Attestation: Towards
Defense Against Return-Oriented Programming Attacks**, (4th Annual
Workshop on Scalable Trusted Computing (STC 2009), Chicago, USA,
November 13, 2009) http://projects.cerias.purdue.edu/stc2009/

Luigi Catuogno: **Transparent Mobile Storage Protection in Trusted
Virtual Domains**, (23rd Large Installation System Administration
Conference (LISA 2009), Baltimore, USA, November 1 - 6, 2009)
http://www.usenix.org/events/lisa09/tech/slides/catuogno.pdf

HGI Colloquium
==============
`15. Oktober 2009 David Oswald / Ruhr-Universität Bochum`:
**Development of an Integrated Environment for Side-Channel Analysis
and Fault Injection**, http://www.hgi.rub.de/hgi/hgi-seminar/aktuelles/#a01
22. Oktober 2009 Enrico Thomae`, **Permutations among the HFE
Polynomials**, http://www.hgi.rub.de/hgi/hgi-seminar/aktuelles/#a02
`3. November 2009 Andreas Noack / Ruhr-Universität Bochum`, **Group
Key Agreement for Wireless Mesh Networks**,
http://www.hgi.rub.de/hgi/hgi-seminar/aktuelles/#a04

`5. November 2009 Birgit Pfitzmann / IBM Watson`, **Galapagos:
Application-Dependency Discovery in Services Research**,
http://www.hgi.rub.de/hgi/hgi-seminar/aktuelles/#a03

`12. November 2009 Georg Becker / Ruhr-Universität Bochum`,
**Constructive use of side-channels**,
http://www.hgi.rub.de/hgi/hgi-seminar/aktuelles/#a05

`19. November 2009 Mathias Herrmann / Ruhr-Universität Bochum`,
**Attacking Power Generators Using Unravelled Linearization**,
http://www.hgi.rub.de/hgi/hgi-seminar/aktuelles/#a06

`26. November 2009 Stefan Heyse / Ruhr-Universität Bochum`, | **Coding
based crypto for embedded devices: Performance, Sidechannels and
Countermeasures**, http://www.hgi.rub.de/hgi/hgi-seminar/aktuelles/#a07

Publications
============
Endre Bangerter, Stephan Krenn, Ahmad-Reza Sadeghi, Thomas Schneider,
Joe-Kai Tsay: **On the Design and Implementation of Efficient
Zero-Knowledge Proofs of Knowledge**, ECRYPT workshop on Software
Performance Enhancements for Encryption and Decryption and Cryptographic
Compilers (SPEED-CC'09), October 12-13, Berlin, Germany.

Luigi Catuogno, Alexandra Dmitrienko, Konrad Eriksson, Dirk Kuhlmann,
Gianluca Ramunno, Ahmad-Reza Sadeghi, Steffen Schulz, Matthias Schunter,
Marcel Winandy, Jing Zhan: **Trusted Virtual Domains -- Design,
Implementation and Lessons Learned**, (INTRUST 2009), Beijing, China,
December 17-19, 2009

Felix Grert, Daniel Bueyer, Jörg Schwenk, Christoph Wegener: **Attacking
of SmartCard-based Banking Applications with JavaScript-based
Rootkits**, 14th International Conference on Financial Cryptography and
Data Security, (FC'10),January 25-28, Tenerife, Canary Islands, Spain

Nils Gruschka, Meiko Jensen, Luigi Lo Iacono: **A Design Pattern for
Event-Based Processing of Security-enriched SOAP Messages**, Proceedings
of the Second International Workshop on Security Aspects in Grid and
Cloud Computing (SAGC 2010)

Kimmo Järvinen, Vladimir Kolesnikov, Ahmad-Reza Sadeghi, Thomas
Schneider: **Embedded SFE: Offloading Server and Network using Hardware
Tokens**, 14th International Conference on Financial Cryptography and
Data Security (FC'10), January 25-28, Tenerife, Canary Islands, Spain

Timo Kasper, Christof Paar, Michael Silbermann: **All You Can Eat or
Breaking a Real-World Contactless Payment System**, 14th International
Conference on Financial Cryptography and Data Security, (FC'10),January
25-28, Tenerife, Canary Islands, Spain

Florian Kohlar, Jörg Schwenk, Meiko Jensen, Sebastian Gajek: **Secure
Bindings of SAML Assertions to TLS Sessions**, In Proceedings of the
Fifth International Conference on Availability, Reliability and Security
(ARES2010)

Vladimir Kolesnikov, Ahmad-Reza Sadeghi, Thomas Schneider: **Improved
Garbled Circuit Building Blocks and Applications to Auctions and
Computing Minima**, ECRYPT workshop on Software Performance Enhancements
for Encryption and Decryption and Cryptographic Compilers (SPEED-CC'09),
October 12-13, Berlin, Germany

Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy: **Patterns for Secure
Boot and Secure Storage in Computer Systems**, 4th International
Workshop on Secure systems methodologies using patterns (SPattern 2010),
Krakow, Poland, February 15-18, 2010.

Axel Poschmann, Amir Moradi: **Lightweight Cryptography and
DPACountermeasures: A Survey**, Workshop on Lightweight Cryptography for
Resource-Constrained Devices; http://www.wlc2010.udl.cat/

Ahmad-Reza Sadeghi, Thomas Schneider, Immo Wehrenberg: **Efficient
Privacy-Preserving Face Recognition**, 12th International Conference on
Information Security and Cryptology (ICISC'09), December 2-4, Seoul, Korea.

Steffen Schulz and Ahmad-Reza Sadeghi: **Extending IPsec for Efficient
Remote Attestation**, 14th International Conference on Financial
Cryptography and Data Security, (FC'10),January 25-28, Tenerife, Canary
Islands, Spain

Sven Schäge, Jörg Schwenk: **A CDH-Based Ring Signature Scheme with
Short Signatures and Public Keys**, 14th International Conference on
Financial Cryptography and Data Security, (FC'10),January 25-28,
Tenerife, Canary Islands, Spain

Steffen Schulz and Ahmad-Reza Sadeghi: **Extending IPsec for Efficient
Remote Attestation**, RLCPS Workshop at Financial Cryptography 2010

Information
===========
Subscribe:
  If you wish to subscribe to the HGI News by email, you can do so at
 http://lists.ruhr-uni-bochum.de/mailman/listinfo/hgi-news-international

Unsubscribe:
  If you wish to unsubscribe from the HGI News, please visit
http://lists.ruhr-uni-bochum.de/mailman/listinfo/hgi-news-international

Download:
All HGI-Newsletters (both English and German) can be downloaded from:
http://www.hgi.rub.de/hgi/newsletter

Editor:
    Dr. Christopher Wolf, Email: hgi-office at rub.de

Executive Director of the Horst Görtz Institute:
    Prof. Dr. Jörg Schwenk, Email: Joerg.Schwenk at rub.de