- arXiv [preprints – selected new articles]:
- Privacy design strategies
- Anonymous and adaptively secure revocable IBE with constant size public parameters
- Optimal contrast greyscale visual cryptography schemes with reversing
- Multilayer image watermarking scheme for providing high security
- Bio-Thentic Card: Authentication concept for RFID card
- Image encryption using Fibonacci-Lucas transformation
- Secure abstraction with code capabilities
- Computing optimal security strategies for interdependent assets
- Interdependent defense games: Modeling interdependent security under deliberate attacks
- A scalable Byzantine grid
- Ball, J. (2012, Oct. 23). Experts warn about security flaws in airline boarding passes. Washington Post. [Read]
- Beckett, L. (2012, Oct. 22). How companies have assembled political profiles for millions of internet users [Pro Publica]. [Read]
- Binney, W., & Wiebe, J. K. (2012, Oct. 23). SCOTUS must be last bulwark against NSA snooping. Politico. [Read]
- Brecher, A., (2012, Oct. 22). Cyberattacks and the covert action statute: Toward a domestic legal framework for offensive cyber operations [Michigan Law Review preprint]. [Read]
- Chesney, R. (2012). Computer network operations and U.S. domestic law: An overview [International Law Studies preprint]. [Read]
- Cryptology ePrint Archive [preprints]: new articles this week
- Cyber snooping – in whose hands should internet governance be entrusted? [Frontline Club]. (2012, Oct. 23). [Watch / Panel discussion with Kirsty Hughes, Birgitta Jónsdóttir, Jacob Appelbaum, Karl Kathuria & Ian Brown]
- Enderle, R. (2012, Oct. 19). Why the government’s cybersecurity plan will end in catastrophe. CIO. [Read]
- Fahl, S., Harbach, M., Muders, T., & Smith, M. (2012, Oct.). Why Eve and Mallory love Android: An analysis of Android SSL (insecurity). Paper presented at the 19th ACM Conference on Computer and Communications Security. [Read]
- Gallagher, R. (2012, Oct. 19). FBI accused of dragging feet on release of info about ‘Stingray’ surveillance technology. Slate. [Read]
- Goodin, D. (2012, Oct. 24). Phony certificates fool faulty crypto in apps from AIM, Chase, and more. Ars Technica. [Read / Also this week: HP suppresses H3C vulnerabilities demo / Apple removes Java from OSX browsers]
- Greenberg, A. (2012, Oct. 24). Bulgarian banks threaten to crush Wikileaks’ most successful copycat site. Forbes. [Read]
- Hope, C., & Coughlin, C. (2012, Oct. 19). Gary McKinnon: Eric Holder formally complains to UK and refuses to take Theresa May’s calls. Telegraph. [Read]
- Krebs, B. (2012, Oct. 22). Service sells access to Fortune 500 firms. Krebs on Security. [Read / Typical Cisco server username / pwd: “Cisco” / “Cisco”]
- Mimoso, M. (2012, Oct. 24). Operation High Roller banked on fast-flux botnet to steal millions. threatpost. [Read / Also this week: Open DNS resolvers used to amplify DDoS attacks / Barnes & Noble POS terminals compromised / Customers ruled against in PlayStation hack suit]
- Oxford Intelligence Group. (2012, June 18 – newly available). Cyber security and social science [symposium]. [Download transcripts / “Issues of trust on the internet, analysis of social media, and ‘Advanced Persistent Threats’ were discussed by experts in computer science, behavioral psychology, sociology, policy and other interdisciplinary fields”.]
- Perlroth, N. (2012, Oct. 22). The attack on the internet that wasn’t [RE: 10/22 DNS DDoS drill]. New York Times. [Read / Also this week: Cyberattack on Saudi oil company disquiets US]
- Pescatore, J. (2012, Oct. 19). Dealing with federal continuous monitoring security requirements [Gartner]. [Gartner – search for title in box at upper right].
- Peterson, D. (2012, Oct. 25). New Project Basecamp tools for CoDeSys, 200+ vendors effected [digital bond]. [Read]
- Sasso, B. (2012, Oct. 23). ACLU requests documents on drones. The Hill. [Read / Also this week: Obama briefly mentions cybersecurity in debate / Microsoft grilled over privacy changes / FTC settles with Compete / Intelligence sharing added to draft cyber order]
- Tapadinhas, J. (2012, Oct. 19). How to meet the security challenges of mobile BI [Gartner]. [Gartner – search for title in box at upper right].
- United States. Federal Trade Commission. (2012, ). Facing facts: Best practices for common uses of facial recognition technologies. [Read / Summary]
- Valentino-DeVries, J. (2012, Oct. 22). Judge questions tools that grab cellphone data on innocent people. Wall Street Journal. [Read]
- Verizon. (2012, Oct.). 2012 data breach investigations report. [Read]
- Verton, D. (2012, Oct. 19). I’m betting on Kaspersky. [RE: secure SCADA OS]. Homeland Security Today. [Read]
- Walker, D. (2012, Oct. 24). Thousands scammed by .gov open redirect flaw. SC Magazine. [Read]
- WikiLeaks. (2012, Oct. 25). Detainee policies [“WikiLeaks has begun releasing the ‘Detainee Policies’: more than 100 classified or otherwise restricted files from the United States Department of Defense covering the rules and procedures for detainees in U.S. military custody.”] [Press release]
- Wired for change: The power and pitfalls of big data [Ford Foundation conference]. (2012, Oct. 23). [Watch / “. . . provocative conversations about the challenges and opportunities big data presents for social change makers. How can we ensure that vast data sets are tapped for the common good? How do we protect the right to privacy? And how do we build a transparent framework for data collection and analysis that allows us to create a better and more equitable future for all?”]
- Zetter, K. (2012, Oct. 24). How a Google headhunter’s e-mail unraveled a massive net security hole. Wired. [Read / Also this week: Everything you’ve been told about passwords is wrong]
Proceedings
- 2012 ACM Conference on Computer and Communications Security (2012, Oct. 16-18) – papers presented [full text]:
- Table of contents + all papers [“81 full papers, a record number . . . representing an acceptance rate of 19%”]
- 2nd International Conference on Security, Privacy, and Applied Cryptography Engineering. (2012, Nov. 3-4) – papers presented [abstracts / request]:
- A novel circuit design methodology to reduce side channel leakage
- The schedulability of AES as a countermeasure against side channel attacks
- Impact of extending side channel attack on cipher variants: A case study with the HC series of stream ciphers
- Performance and security evaluation of AES S-box-based glitch PUFs on FPGAs
- Relaxing IND-CCA: Indistinguishability against chosen ciphertext verification attack
- Towards formal analysis of key control in group key agreement protocols
- Some results on related Key-IV pairs of grain
- A differential fault attack on Grain-128a using MACs
- Breaking Hitag 2 revisited
- Reduction in lossiness of RSA trapdoor permutation
- Adaptively secure efficient lattice (H)IBE in standard model with short public parameters