Privacy and anonymity are increasingly important in the online world. Corporations, governments, and other organizations are realizing and exploiting their power to track users and their behavior. Approaches to protecting individuals, groups, but also companies and governments, from profiling and censorship include decentralization, encryption, distributed trust, and automated policy disclosure.

The 12th Privacy Enhancing Technologies Symposium addresses the design and realization of such privacy services for the Internet and other data systems and communication networks by bringing together anonymity and privacy experts from around the world to discuss recent advances and new perspectives.

The symposium seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of privacy technologies, as well as experimental studies of fielded systems. We encourage submissions with novel technical contributions from other communities such as law, business, and data protection authorities, that present their perspectives on technological issues.

Submissions are due 20 February 2012, 23:59 UTC. Further details can be found in the full Call for Papers.

The USENIX Security Symposium brings together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security of computer systems and networks. The 21st USENIX Security Symposium will be held August 8–10, 2012, in Bellevue, WA.

All researchers are encouraged to submit papers covering novel and scientifically significant practical works in computer security. Submissions are due on Thursday, 16 February 2012, 11:59 p.m. PST. The Symposium will span three days, with a technical program including refereed papers, invited talks, posters, panel discussions, and Birds-of-a-Feather sessions. Workshops will precede the symposium on August 6 and 7. Further details can be found in the full Call for Papers.

In common with other USENIX conferences, the proceedings of USENIX Security 2012 will be open access, and made available for free to everyone from the first day of the event.

The inaugural SATIN workshop was held at the National Physical Laboratory (NPL) on Monday/Tuesday this week. The workshop format was presentations of 15 minutes followed by 15 minutes of discussions — so all the 49 registered attendees were able to contribute to success of the event.

Many of the papers were about DNSSEC, but there were also papers on machine learning, traffic classification, use of names by malware and ideas for new types of naming system. There were also two invited talks: Roy Arends from Nominet (who kindly sponsored the event) gave an update on how the co.uk zone will be signed, and Rod Rasmussen from Internet Identity showed how passive DNS is helping in the fight against eCrime. All the papers, and the presenters slides can be found on the workshop website.

The workshop will be run again (as SATIN 2012), probably on March 22/23 (the week before IETF goes to Paris). The CFP, giving the exact submission schedule, will appear in late August.

The PET Award is presented annually to researchers who have made an outstanding contribution to the theory, design, implementation, or deployment of privacy enhancing technology. It is awarded at the annual Privacy Enhancing Technologies Symposium (PETS).

The PET Award carries a prize of 3000 USD thanks to the generous support of Microsoft. The crystal prize itself is offered by the Office of the Information and Privacy Commissioner of Ontario, Canada.

Any paper by any author written in the area of privacy enhancing technologies is eligible for nomination. However, the paper must have appeared in a refereed journal, conference, or workshop with proceedings published in the period from August 8, 2009 until April 15, 2011.

The complete award rules including eligibility requirements can be found under the award rules section of the PET Symposium website.

Anyone can nominate a paper by sending an email message containing the following to award-chair11@petsymposium.org.

• Paper title
• Author(s)
• Author(s) contact information
• Publication venue and full reference
• Link to an available online version of the paper
• A nomination statement of no more than 500 words.

All nominations must be submitted by April 15th, 2011. The Award Committee will select one or two winners among the nominations received. Winners must be present at the PET Symposium in order to receive the Award. This requirement can be waived only at the discretion of the PET Advisory board.

More information about the PET award (including past winners) is available at http://petsymposium.org/award/

More information about the 2011 PET Symposium is available at http://petsymposium.org/2011.

Financial Cryptography and Data Security (FC 2011)
Bay Gardens Beach Resort, St. Lucia
February 28 — March 4, 2011

Financial Cryptography and Data Security is a major international forum for research, advanced development, education, exploration, and debate regarding information assurance, with a specific focus on commercial contexts. The conference covers all aspects of securing transactions and systems.

NB: Discounted hotel rate is available only until December 30, 2010

Topics include:

Anonymity and Privacy, Auctions and Audits, Authentication and Identification, Backup Authentication, Biometrics, Certification and Authorization, Cloud Computing Security, Commercial Cryptographic Applications, Transactions and Contracts, Data Outsourcing Security, Digital Cash and Payment Systems, Digital Incentive and Loyalty Systems, Digital Rights Management, Fraud Detection, Game Theoretic Approaches to Security, Identity Theft, Spam, Phishing and Social Engineering, Infrastructure Design, Legal and Regulatory Issues, Management and Operations, Microfinance and Micropayments, Mobile Internet Device Security, Monitoring, Reputation Systems, RFID-Based and Contactless Payment Systems, Risk Assessment and Management, Secure Banking and Financial Web Services, Securing Emerging Computational Paradigms, Security and Risk Perceptions and Judgments, Security Economics, Smartcards, Secure Tokens and Hardware, Trust Management, Underground-Market Economics, Usability, Virtual Economies, Voting Systems

Important Dates

Hotel room reduced rate cut-off: December 30, 2010
Reduced registration rate cut-off: January 21, 2011

Please send any questions to fc11general@ifca.ai

Invited Talks

Markus Jakobsson (PayPal)
Why Mobile Security is not Like Traditional Security

Keynote TBC

Program

Rainer Boehme and Stefanie Poetzsch
Collective Exposure: Peer Effects in Voluntary Disclosure of Personal Data

Nicolas Christin, Serge Egelman, Timothy Vidas and Jens Grossklags
It’s All About The Benjamins: Incentivizing users to ignore security advice

Julien Freudiger, Reza Shokri and Hubaux Jean-Pierre
Evaluating the Privacy Risk of Location-Based Services

Jeremy Clark and Urs Hengartner
Selections: An Internet Voting System with Over-the-Shoulder Coercion-Resistance

Benedikt Westermann and Dogan Kesdogan
Malice versus AN.ON: Possible Risks of Missing Replay and Integrity Protection

Guomin Yang, Shanshan Duan, Duncan Wong, Chik-How Tan and Huaxiong Wang
Authenticated Key Exchange under Bad Randomness

Martin Franz, Bogdan Carbunar, Radu Sion, Stefan Katzenbeisser, Miroslava Sotakova, Peter Williams and Andreas Peter
Oblivious Outsourced Storage with Delegation

Rob Johnson, Leif Walsh and Michael Lamb
Homomorphic Signatures for Digital Photographs

Femi Olumofin and Ian Goldberg
Revisiting the Computational Practicality of Private Information Retrieval

Ulrich Rührmair, Christian Jaeger and Michael Algasinger
An Attack on PUF-based Session Key Exchange and a Hardware-based Countermeasure

Henryk Plötz and Karsten Nohl
Peeling Away Layers of an RFID Security System

Ross Anderson, Omar Choudary and Steven Murdoch
Might Financial Cryptography Kill Financial Innovation? — The Curious Case of EMV

Shujun Li, Ahmad-Reza Sadeghi, Soeren Heisrath, Roland Schmitz and Junaid Jameel Ahmad
hPIN/hTAN: A Lightweight and Low-Cost e-Banking Solution against Untrusted Computers

Theodoor Scholte, Davide Balzarotti and Engin Kirda
Quo Vadis? A Study of the Evolution of Input Validation Vulnerabilities in Web Applications

Pern Hui Chia and Svein Knapskog
Re-Evaluating the Wisdom of Crowds in Assessing Web Security

Mohammad Mannan, David Barrera, Carson Brown, David Lie and Paul Van Oorschot
Recovering Forgotten Passwords Using Personal Devices

Short Papers

Jay Novak, Jonathan Stribley, Kenneth Meagher, Scott Wolchok and Alex Halderman
Absolute Pwnage: Security Risks of Remote Administration Tools

Ben Palmer, kris bubendorfer and Ian Welch
A Protocol for Anonymously Establishing Digital Provenance in Reseller Chains

Philip Marquardt, David Dagon and Patrick Traynor
Impeding Individual User Profiling in Shopper Loyalty Programs

Debin Liu, Ninghui Li, XiaoFeng Wang and L. Jean Camp
Beyond Risk-Based Access Control: Towards Incentive-Based Access Control

Mohammed Tuhin and Reihaneh Safavi-Naini
Optimal One Round Almost Perfectly Secure Message Transmission

Oliver Spycher, Reto König, Rolf Haenni and Michael Schläpfer
A New Approach Towards Coercion-Resistant Remote E-Voting in Linear Time

Christopher Soghoian and Sid Stamm
Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL

Kirill Levchenko and Damon McCoy
Proximax: Fighting Censorship With an Adaptive System for Distribution of Open Proxies

Peter Lofgren and Nicholas Hopper
BNymble: More anonymous blacklisting at almost no cost

Martin Franz, Stefan Katzenbeisser, Bjoern Deiseroth, Kay Hamacher, Somesh Jha and Heike Schroeder
Towards Secure Bioinformatics Services

Workshops

FC11 is held in conjunction with the following workshops, all to be held on March 4 2011:

Workshop on Ethics in Computer Security Research

Computer security often leads to discovering interesting new problems and challenges. The challenge still remains to follow a path acceptable for Institutional Review Boards at academic institutions, as well as compatible with ethical guidelines for professional societies or government institutions.

The Future of User Authentication and Authorization on the Web

The web is essential for business and personal activities well beyond information retrieval, such online banking, financial transactions, and payment authorization, but reliable user authentication remains a challenge. The one-day workshop will explore important questions in this area.

Real-Life Cryptographic Protocols and Standardization

The purpose of this workshop is to study the design criteria of real-life cryptographic protocols, how one prioritized the requirements and limitations, and how one modeled real life entities. This workshop also aims to stimulate discussions on standardizing cryptographic protocols to proliferate their use.

Social Program

In addition to the technical sessions, the program includes a rum-punch reception, beach BBQ, half-day excursions, and rump session.

Organizers

General Chair: Steven Murdoch, University of Cambridge, UK
Local Arrangements Chair: Fabian Monrose, University of North Carolina Chapel
Hill, US

Program Committee

Program Chair: George Danezis, Microsoft Research, UK

Ross Anderson, University of Cambridge, UK
Tuomas Aura, Helsinki University of Technology, FI
Lucas Ballard, Google, US
Adam Barth, UC Berkeley, US
Elisa Bertino, Purdue University, US
Kevin Butler, University of Oregon, US
Srdjan Capkun, ETH Zurich, CH
Veronique Cortier, CNRS / LORIA, FR
Ernesto Damiani, University of Milan, IT
Claudia Diaz, K.U.Leuven, BE
Roger Dingledine, The Tor Project, US
Orr Dunkelman, Weizmann Institute of Science, IL
Simone Fisher-Hubner, Karlstad University, SE
Craig Gentry, IBM T.J.Watson Research Center, US
Dieter Gollmann, Technische Universitat Harburg, DE
Rachel Greenstadt, Drexel University, US
Jean-Pierre Hubaux, Ecole Polytechnique Federale de Lausanne, CH
Markus Jakobsson, Indiana University, US
Jaeyeon Jung, Intel Research, US
Stefan Katzenbeisser, Technische Universitat Darmstadt, DE
Angelos Keromytis, Columbia University, US
Arjen Lenstra, Ecole Polytechnique Federale de Lausanne, CH
Helger Lipmaa, Cybernetica AS, EE
Evangelos Markatos, FORTH, GR
David Molnar, Microsoft Research, US
Tyler Moore, Harvard University, US
David Naccache, Ecole normale superieure, FR
Thomas Ristenpart, University of Wisconsin, US
Peter Ryan, Universite du Luxembourg, LU
Ahmad-Reza Sadeghi, Ruhr-University Bochum, DE
Rei Safavi-Naini, University of Calgary, CA
Nigel Smart, University of Bristol, UK
Jessica Staddon, Google, US
Angelos Stavrou, George Mason University, US
Paul Syverson, Naval Research Laboratory, US
Nicholas Weaver, International Computer Science Institute, US
Moti Yung, Google, US

The Financial Cryptography and Data Security Conference is organized by The International Financial Cryptography Association (IFCA).

The Workshop on the Economics of Information Security (WEIS) is the leading forum for interdisciplinary scholarship on information security, combining expertise from the fields of economics, social science, business, law, policy and computer science. Prior workshops have explored the role of incentives between attackers and defenders, identified market failures dogging Internet security, and assessed investments in cyber-defense.

The ninth installment of WEIS will take place June 7–8 at Harvard. Submissions are due in one week, February 22, 2010. For more information, see the complete call for papers.

WEIS 2010 will build on past efforts using empirical and analytic tools to not only understand threats, but also strengthen security through novel evaluations of available solutions. How should information risk be modeled given the constraints of rare incidence and high interdependence? How do individuals’ and organizations’ perceptions of privacy and security color their decision making? How can we move towards a more secure information infrastructure and code base while accounting for the incentives of stakeholders?

If you have been working to answer questions such as these, then I encourage you to submit a paper.

HotPETs – the 2nd Hot Topics in Privacy Enhancing Technologies (co-located with PETS) will be held in Seattle, 5–7 August 2009.

HotPETs is the forum for new ideas on privacy, anonymity, censorship resistance, and related topics. Work-in-progress is welcomed, and the format of the workshop will be to encourage feedback and discussion. Submissions are especially encouraged on the human side of privacy: what do people believe about privacy? How does privacy work in existing institutions?

Papers (up to 15 pages) are due by 8 May 2009. Further information can be found in the call for papers.

I am on the program committee for the 9th Privacy Enhancing Technologies Symposium (PETS 2009), to be held in Seattle, WA, USA, 5–7 August 2009. PETS is the leading venue for research on privacy and anonymity, offering an enjoyable environment and stimulating discussion. If you are working in this field, I can strongly recommend submitting a paper.

This year, we are particularly looking for submissions from topics other than anonymous communications, so if work from your field may be applied, or is otherwise related, to the topic of privacy, I’d encourage you to consider PETS as a potential venue.

The submission deadline for the main session is 2 March 2009. As with last year, we will also have a “HotPETS” event, for new and exciting work in the field which is still in a formative state. Submissions for HotPETS should be received by 8 May 2009.

Further information can be found in the call for papers.

I am on the program committee for the Privacy Enhancing Technologies Symposium (previously the PET Workshop), which this year will be held in Leuven, Belgium, 23–25 July 2008. PETS is one of the leading venues for research in privacy, so if you have any relevant research, I can thoroughly recommend submitting it here.

In addition to the main paper session, a new feature this year is HotPETS, which gives the opportunity for short presentations on new and exciting ideas that are potentially not yet mature enough for publication. As usual, proposals for panels are also invited.

The deadline for submissions is 19 February 2008 (except for HotPETS, which is 11 April 2008). More details can be found in the Call For Papers.

If you need an incentive for writing up some cool security stuff you did recently, note that the deadline for paper submissions to PerSec 2007 is in just over a week, 2006-09-24.

PerSec 2007 is the Fourth IEEE International Workshop on Pervasive Computing and Communication Security, to be held in conjunction with IEEE PerCom in March 2007 in New York City.