January 25, 2013

• arXiv [preprints – full text]:

• Relative Generalized Rank Weight of Linear Codes and Its Applications to Network Coding
• General Method for the Security Analysis in a Quantum Direct Communication Protocol
• Key Agreement Over a 3-receiver Broadcast Channel
• Secret Key Agreement Using Conferencing in State- Dependent Multiple Access Channels with An Eavesdropper
• Cryptanalysis and Improvement of Two Certificateless Three-party Authenticated Key Agreement Protocols
• Secrecy Without One-way Functions

• Campbell, J. (2013, Jan. 24). LAPD Spied on 21 Using StingRay Anti-Terrorism Tool. LA Weekly. [Read]

• Cryptology ePrint Archive [preprints]: new articles

• Ducklin, P. (2013, Jan. 24). Kim Dotcom’s Coders Hacking on Mega’s Cryptography Even As We Speak. Naked Security. [Read / Also: 3 Charged for Gozi Bank Attacks]

• Gallagher, R. (2013, Jan. 24). Letter to Skype: Come Clean on Your Eavesdropping Capabilities and Policies. Slate. [Read]

• [Gartner – full text / link to database + search for title in box at upper right]]:

• Creating a Security Process Catalog
• Formalizing Security Processes
• Security Governance, Management and Operations Are Not the Same
• The Security Processes You Must Get Right

• Goodin, D. (2013, Jan. 24).  Secret Backdoors Found in Firewall, VPN Gear from Barracuda Networks. Ars Technica. [Read / Also: Canadian Student Expelled for White Hat Hack / Red October Quickly Unplugged]

• Google. (2013, Jan. 23). Transparency Report: What it Takes for Governments to Access Personal Information. [Read]

• HP’s Pwn2Own Hacking Contest Targets Browsers, Plug-ins. Infosecurity. [Read / Also: The Shift to ‘Post PC’ Threats / Study: 64% of Banks Claim DDoS Attacks / New HHS Rules Require Privacy / New EU Cyber Directive Expected Shortly]

• Martinez, J. (2013, Jan. 22). House Judiciary Committee to Look at Hacking Law in Wake of Swartz’s Death. The Hill. [Read / Also: Democrats Prioritize Cybersecurity Legislation / New House Trade Head Open to Privacy Regulation]

• McMillan, R. (2013, Jan. 18). Google Declares War on the Password. Wired. [Read]

• Rao, A., Jha, B., & Kini, G. (2013). Effect of Grammar on Security of Long Passwords [preprint]. [Read – download via Carnegie Mellon]

• Security & Communication Networks – new issue [full text]:

• Trust Modeling for Message Relay Control and Local Action Decision Making in VANETs
• Network Specific Vulnerability Based Alert Reduction Approach
• Further Analysis of Pairing-based Traitor Tracing Schemes for Broadcast Encryption
• What You See Predicts What You Get – Lightweight Agent-based Malware Detection
• Virtual Private Key Generator Based Escrow-free Certificateless Public Key Cryptosystem for Mobile Ad Hoc Networks
• Immunizing Mobile Ad Hoc Networks Against Collaborative Attacks Using Cooperative Immune Model
• Efficient and Strongly Unforgeable Identity-based Signature Scheme From Lattices in the Standard Model
• Toward Early Warning Against Internet Worms Based on Critical-sized Networks
• Modeling and Security Analysis of Enterprise Network Using Attack–defense Stochastic Game Petri Nets
• Secure Multicast Key Protocol for Electronic Mail Systems with Providing Perfect Forward Secrecy 
• A Security-enhanced Key Agreement Protocol Based on Chaotic Maps 
• Feature-based Type Identification of File Fragments

• Sood, A. K., & Enbody, R. J. (2013). Crimeware-as-a-service – A Survey of Commoditized Crimeware in the Underground Market [preprint]. International Journal of Critical Infrastructure Protection. [Read]

• Vijayan, J. (2013, Jan. 23). Exposure of Files on Unsecured Wireless No Excuse to Search, Judge Rules. Computerworld. [Read / Also: Targeted Attack on Reporters Without Borders / $396K Fine in PlayStation Hack]

Calls for Papers

Conferences

• International Conference on Privacy and Security in Mobile Systems [Atlantic City, NJ, June 24-27, 2013 – submissions due March 4]

• 4th IEEE Workshop on Data Security and Privacy in Wireless Networks [Madrid, Spain, June 4, 2013 – submissions due Feb. 28]

• Held in conjunction with the the 8th ACM Symposium on Information, Computer and Communications Security [all May 7, 2013, with submissions due Feb. 1]:

• ACM Asia Public-Key Cryptography Workshop
• 1st International Workshop on Security in Embedded Systems and Smartphones
• International Workshop on Security in Cloud Computing

• 13th annual IEEE Conference on Technologies for Homeland Security [Waltham, MA, Nov. 12-14, 2013 – submissions due March 15]

• 22nd USENIX Security Symposium [Washington, DC, Aug. 14-16, 2013 – submissions due Feb. 21]

January 18, 2013

• arXiv [preprints – full text]:

• Conditions on the Generator for Forging ElGamal Signature
• New Variant of ElGamal Signature Scheme
• An Outline of Security in Wireless Sensor Networks: Threats, Countermeasures and Implementations
• Bicategorical Semantics for Nondeterministic Computation
• Constraint Expressions and Workflow Satisfiability
• SkyDe: a Skype-based Steganographic Method
• Composable Security of Delegated Quantum Computation
• Cryptanalyzing an Image Encryption Scheme Based on Logistic Map

• Blaze, M., & Landau, S. (2013, Jan. 14). The FBI Needs Hackers, Not Backdoors. Wired. [Read]

• Christin, D., López, P., Reinhardt, A., Hollic, M., & Kauer, M. (2013). Share with Strangers: Privacy Bubbles as User-centered Privacy Control for Mobile Content Sharing Applications. Information Security Technical Report. [Read]

• Constantin, L. (2013, Jan. 17). Shylock Home Banking Malware Now Spreads via Skype, Researchers Say. Computerworld. [Read]

• Crump, C. (2013, Jan. 16). Justice Department Refuses to Release GPS Tracking Memos [ACLU]. [Read]

• Cryptology ePrint Archive [preprints]: new articles

• Fox IT Security. (2013, Jan. 13). Demystifying Pobelka: A Technical Intelligence Report on the Pobelka Botnet Operation. [Read / Summary]

• Goodin, D. (2013, Jan. 16). $5,000 Will Buy You Access to Another, New Critical Java Vulnerability. Ars Technica. [Read]

• Granick, J. (2013, Jan. 14). Towards Learning from Losing Aaron Swartz [Stanford Law School]. [Read: Pt. 1, Pt. 2]

• Heib, J. L., Schreiver, J., & Graham, J. H. (2013). A Security-Hardened Appliance for Implementing Authentication and Access Control in SCADA Infrastructures with Legacy Field Devices [preprint]. International Journal of Critical Infrastructure Protection. [Read]

• Higgins, K. J. (2013, Jan. 13). The SCADA Patch Problem. Security Dark Reading. [Read]

• Higgins, P., & Timm, T. (2013, Jan. 17). What the FBI Doesn’t Want You To Know About Its “Secret” Surveillance Techniques [Electronic Frontier Foundation]. [Read]

• International Journal of Information Security – preprints [Abstracts / Request]:

• Toward Tracing and Revoking Schemes Secure Against Collusion and Any Form of Secret Information Leakage
• Double-trapdoor Anonymous Tags for Traceable Signatures
• Fully Non-interactive Onion Routing with Forward Secrecy

• Kaspersky Lab. (2013, Jan. 14). “Red October” Diplomatic Cyber Attacks Investigation. securelist. [Read]

• Krebs, B. (2013, Jan. 13). Spam Volumes: Past & Present, Global & Local. Krebs on Security. [Read]

• Marquis-Boire, M. et al. (2013, Jan. 15). Planet Blue Coat: Mapping Global Censorship and Surveillance Tools [University of Toronto]. [Read]

• Pauli. D. (2013, Jan. 17). [DHS Intervenes After Medical Device Hack.] SC Magazine. [Read]

• Proctor, P. E. (2013, Jan. 17). Reset a Security Program That Does Not Work.  [Gartner – full text / search for title in box at upper right]

• Rashid, F.Y. (2013, Jan. 16). Health Data of More Than 5 Million Canadians Accessed In Multiple Breach Incidents. Securityweek. [Read / Also: Hackers Hit Mexico’s Defense Ministry / Hardening Ruby on Rails]

• Robertson, J. (2013, Jan. 11). A National Digital ID, Courtesy of the U.S. Postal Service? Bloomberg. [Read]

• Tung, L. (2013, Jan. 18). Microsoft Fights Back on Antivirus Certification Fail, Claims Malware Tests Aren’t Realistic. ZDNet. [Read / Also: Cyber Focus Growing in Indian Universities / S. Korea Accuses North of 2012 Attack / Deloitte: Password Life Expectancy Down to Seconds / Java Could Take Years to Fix]

January 11, 2013

• arXiv [preprints – full text]:

• Cloud Penetration Testing
• Authentication Schemes Using Polynomials Over Non-Commutative Rings
• Generalized Secure Transmission Protocol for Flexible Load-Balance Control with Cooperative Relays in Two-Hop Wireless Networks

• Bailey, B. (2013, Jan. 10). California AG has Privacy Recommendations for Mobile Industry. San Jose Mercury News. [Read / California AG report]

• Best, J. (2013, Jan. 10). Europe’s Anti-Cybercrime Centre to Go Live This Week. ZDNet. [Read / Also: M2M and IoT security overview / ]

• Chaos Computer Club. (2012, Dec.). [Videos from 29th Chaos Communication Conference] / [Some standouts: Privacy and the Car of the Future / Low-Cost Chip Microprobing / The Ethics of Activist DDOS Actions / Defeating Windows Memory Forensics / Jacob Appelbaum keynote]

• Cryptology ePrint Archive [preprints]: new articles

• European Network and Information Security Agency. (2012, Jan. 8). ENISA Threat Landscape. [Read  / “An overview of threats, together with current and emerging trends.”]

• Gallagher, R. (2013, Jan. 8). U.S. Spy Law Authorizes Mass Surveillance of European Citizens: Report. Slate. [Read / Also: FBI Documents Shine Light on Clandestine Cellphone Tracking Tool]

• Brewster, T. (2013, Jan. 10). Nokia Admits Decrypting User Data But Denies Man-in-the-Middle Attacks.  TechWeek Europe. [Read]

• Guitton, C. (2013). Cyber Insecurity as a National Threat: Overreaction from Germany, France and the UK? European Security. [Abstract / Request]

• Kravets, D. (2013, Jan. 8). Romanian Hacker Gets 21-Month Sentence for Breaching Subway’s Point-of-Sale System. Wired. [Read / Also: Military Abuse Yields Sentencing Credit for Manning]

• Lights Out For Java: Experts Say Turn It Off – And Leave It Off. Security Ledger. [Read]

• Martinez, J. (2013, Jan. 9). Business Leaders Press for Better Information-sharing About Cyber Threats.  The Hill. [Read]

• Mimoso, M. (2013, Jan. 11). Bank DDoS Attacks Using Compromised Web Servers as Bots. threatpost. [Read / Also: Alleged ZeuS Botmaster Arrested for Stealing $100 Million from U.S. Banks / Chrome 24 Fixes More Than 20 Flaws / Cool, BlackHole Exploit Kits Created by Same Hacker / Critical Flaws Patched in Ruby on Rails]

• O’Brien, D. (2013, Jan. 9). Yahoo HTTPS Mail Not a Moment Too Soon, Nor Too Late [Committee to Protect Journalists]. [Read]

• Park, S., Aslam, B., Turgut, D., & Zou, A. (2013). Defense Against Sybil Attack in the Initial Deployment Stage of Vehicular Ad Hoc Network Based on Roadside Unit Support. Security & Communication Networks [preprint]. [Abstract / Request]

• Pauli, D. (2013, Jan. 9). Linguistics Identifies Anonymous Users. SC Magazine. [Read]

• Perlroth, N., & Hardy, Q. (2013, Jan. 8). Bank Hacks Were Work of Iranians, Officials Say. New York Times. [Read]

• Power, R. (2013, Jan. 10). While the Cyber War Tail Wags the National Security Dog, Software Security Offers a Different Path to Cyber Peace. Computerworld. [Read]

• Soghoian, C. (2012, Jan. 8). US Surveillance Law May Poorly Protect New Text Message Services [ACLU]. [Read]

• United Kingdom. Parliament.  Defence Committee. (2012, Dec.) Defence and Cyber-Security. [Read]

• United States. Department of Homeland Security. Industrial Control Systems Cyber Emergency Response Team. (2012, Oct.-Dec.). ICS-CERT Monthly Monitor. [Read – Malware, many vulnerable systems easily identified with Shodan search engine]

• Yue, C. (2012, Dec.) Preventing the Revealing of Online Passwords to Inappropriate Websites with LoginInspector. Paper presented at the 26th Large Installation System Administration Conference. [Read]

January 4, 2013

• Aftergood, S. (2013, Jan. 2). Intelligence Oversight Steps Back From Public Accountability [Federation of American Scientists]. [Read]

• arXiv [preprints – full text]:

• An Ideal Multi-secret Sharing Scheme Based on Minimal Privileged Coalitions
• Prover and Verifier Based Password Protection: PVBPP
• Exploring Relay Cooperation Scheme for Load-Balance Control in Two-hop Secure Communication System
• Increasing Security in Cloud Environment
• The Piggy Bank Cryptographic Trope

• Bowes, R. (2013, Jan. 3). Padding Oracle Attacks: In Depth. SkullSecurity. [Read]

• Burts, B. (2012, Jan. 4). How a Regular IT Guy Helped Catch a Botnet Cybercriminal. Naked Security. [Read]

• Clayton, M. (2013, Jan. 3). Secret US Cybersecurity Program to Protect Power Grid Confirmed. Christian Science Monitor. [Read]

• Cryptology ePrint Archive [preprints]: new articles

• Did Stuxnet Strike Iran again? (2012, Dec. 27). Infosecurity. [Read / Also: Poor Disclosure Means Poor Security Standards in Japan / Security Flaws with Snapchat and Poke Exposed / Questions Still Need to be Answered on the Verizon ‘Hack’]

• Dworkin, M. (2012, Dec. 21). NIST Special Publication 800-38F: Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping. [Read – PDF download / Also: Trusted Geolocation in the Cloud: Proof of Concept Implementation (Draft)]

• Fisher, D. (2013, Jan. 3). SQL Injection Flaw Haunts All Ruby on Rails Versions. threatpost. [Read / Also: IE Zero-Day Watering Hole Attack Expands / Chrome Clickjacking Vulnerability Could Expose User Information / 2012: What Have We Learned / Facebook Patches Webcam Snooping Vulnerability]

• Gallagher, S. (2013, Jan. 4). Security Pros Predict “Major” Cyber Terror Attack This Year. Ars Technica. [Read]

• Gjelten, T. (2013, Jan. / Feb.). First Strike: US Cyber Warriors Seize the Offensive. World Affairs. [Read]

• IEEE Transactions on Information Forensics & Security – new issue [Abstracts / Request]:

• Internet Traffic Classification by Aggregating Correlated Naive Bayes Predictions
• User Authentication Through Mouse Dynamics
• Latent Fingerprint Matching Using Descriptor-Based Hough Transform
• Document Clustering for Forensic Analysis: An Approach for Improving Computer Inspection
• Robust Hashing for Image Authentication Using Zernike Moments and Local Features
• An Optimized Wavelength Band Selection for Heavily Pigmented Iris Recognition
• Recognizing Surgically Altered Face Images Using Multiobjective Evolutionary Algorithm
• Heap Graph Based Software Theft Detection
• Reversible Watermarking Based on Invariant Image Classification and Dynamic Histogram Shifting
• Face Recognition and Verification Using Photometric Stereo: The Photoface Database and a Comprehensive Evaluation
• Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication
• On the Security of End-to-End Measurements Based on Packet-Pair Dispersions
• COKE Crypto-Less Over-the-Air Key Establishment
• An Evaluation of Otoacoustic Emissions as a Biometric
• A Real-Time Design Based on FPGA for Expeditious Error Reconciliation in QKD System
• Matching Composite Sketches to Face Photos: A Component-Based Approach
• Decentralized Hypothesis Testing in Wireless Sensor Networks in the Presence of Misbehaving Nodes
• Pixel Group Trace Model-Based Quantitative Steganalysis for Multiple Least-Significant Bits Steganography
• Secrecy Capacity Enhancement With Distributed Precoding in Multirelay Wiretap Systems
• Component-Based Representation in Automated Face Recognition
• Physical Layer Security of TAS/MRC With Antenna Correlation
• On Mixing Fingerprints

• IEEE Transactions on Mobile Computing – selected new articles [full text]:

• Vampire Attacks: Draining Life from Wireless Ad Hoc Sensor Networks
• Secure Communication Based on Ambient Audio

• [India’s] Army Chief Issues Orders for Checking Cyber Invasion. (2012, Dec. 31). Business Standard. [Read]

• Kravets, D. (2012, Dec. 28). Senate Approves Warrantless Electronic Spy Powers. Wired. [Read / Also: Privacy and Security in 2012 Review / Feds Require Car Black Boxes Starting in 2012]

• Krebs, B. (2013, Jan. 13). Turkish Registrar Enabled Phishers to Spoof Google. Krebs on Security. [Read]

• Litian, A., Nicolett, M., & Schulte, W. R. (2012, Dec. 28).  Innovation Insight: Innovation Drives Seven Dimensions of Context-Aware Enterprise Security Systems [Gartner]. [Gartner – full text / search for title in box at upper right]

• Nakashima, E. (2013, Jan. 2). To Thwart Hackers, Firms Salting Their Servers With Fake Data. Washington Post. [Read]

• Perlroth, N. (2012, Dec. 31). Outmaneuvered at Their Own Game, Antivirus Makers Struggle to Adapt. New York Times. [Read]

• Roberts, P. F. (2012, Dec. 27). Mr. Mitnick, I Presume? Africa’s Coming Cyber Crime Epidemic. IT World. [Read]

• Rottman, G. (2012, Dec. 21). Open Source Intelligence and Crime Prevention [ACLU]. [Read]

• Sternstein, A. (2013, Jan. 3). DHS to Pick Up $6 billion Tab for Cyber Surveillance Systems at Every Department.  Nextgov. [Read]

• Verma, P. (2012). The Role of the Network in Implementing Security and Privacy. International Journal of Critical Infrastructure Protection. [Read]

• Walls, A. (2012, Dec. 28). Short, Focused and Just-in-Time Approaches to Security Awareness. [Gartner]. [Gartner – full text / search for title in box at upper right].

Calls for Papers

Conferences

• 4th International Conference on E-voting and Identity [Guilford, UK, July 17-19, 2013 – submissions due March 11]

• 9th Workshop on RFID Security [Graz, Austria, July 9-11 – submissions due April 2]