Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Cryptacus Newsletter
February 2018
Cryptacus Newsletter
Welcome to the February 2018 edition of the
monthly Cryptacus.eu newsletter, offering a glimpse
into recent developments in the cryptanalysis of
IoT & related areas. Send your contributions, com-
ments & feedback at cryptacus.newsletter@irisa.fr
News from the Chair ters for the book. ing on April 17th, and the Training
by G ILDAS AVOINE School from April 16th to April 20th.
It is worth noting that many pro-
posals are co-authored by researchers MC Members should attend the
from different COST countries, which MC Meeting, and they can attend the
points that a scientific network such workshop and the book session if rel-
as Cryptacus is definitely efficient to evant.
launch collaborations.
For the training school, registra-
The selection committee is cur- tion fees apply for all participants,
rently reviewing the received chapter but 37 grants are available for PhD
Dear Cryptacus Members, proposals. The acceptation deadline students.
will be slightly delayed, given that
With the approaching end of the several authors requested to post-
For your information, there is no
current grant period of your COST pone the submission deadline.
vacancy anymore in the hotel of the
Action, we received an impressive
event (Lince Azores Hotel). However,
high number of STSM applications. The selection committee will se-
many hotels are available around the
lect proposals, then it may invite ad-
venue. For example, several people
STSMs have never been as suc- ditional researchers to submit chap-
already booked in Hotel do Cole-
cessful as during this current grant ter proposals, if the topics covered
gio. Please check the accommodation
period (May 2017 - April 2018), and by the received proposals suffer from
page of the training school web site
this is the first time that Cryptacus gaps that should be filled in order to
for more details.
fully spends the budget assigned to make the book self-content and fully
STSMs. consistent.
The training School web site is
Next month, I will be able to pro- Following several questions that https://www.cryptacus.eu/en/
vide an accurate statement of the I received about our event in Sao events/training-school-2018/
accepted STSM applications. Miguel, I would like to remind and the workshop web site is https:
you that there is the workshop on //www.surrey.ac.uk/futuredb
I am also glad to announce that distance-bounding protocols on April
we received about 15 proposals after 14th and 15th, the book working Best regards,
the publication of the call for chap- session on April 16th, the MC Meet- Gildas Avoine
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 1
Recommended reading: the analyzed applications do not fol- line and traditional news media, such
Alarming state of mobile low best practices and disregard even as https://goo.gl/SNxUXU, https:
health applications legal obligations as imposed by con- //goo.gl/dc3HRQ, and even lead to
temporary data protection regula- the COST office to publish a media
tions (GDPR), thus jeopardizing the piece at https://goo.gl/p9HpLW.
privacy of tens of millions of users
across the World. Funding News
SMI2G Event
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 2
in collaboration with the European expertise in that year’s topic. The
Commission and Research Executive EIBURS topic for this year is "The
Agency. economic effects of a joint European
security and defence policy".
The EIB University Research The same employer is currently • Lecturer, Senior Lecturer, or
Sponsorship Programme (EIBURS) recruiting for a Senior Lecturer Reader in Cyber Security at
provides research grants of up to or Reader in Secure Systems, the University of Birmingham
e100,000 a year for a period of three this time with a deadline of School of Computer Science.
years, to interested university de- 23rd April. More info at https: Full-time, permanent positions,
partments or research centres with //goo.gl/unyTQp. with a closing deadline of 25th
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 3
February and a salary rang- 2018 at noon. More info at Blogs, posts and other
ing from £39,993 to £74,259. https://goo.gl/jq9Vrd recommended reads
They are particularly interested
Wyden’s letter
in those specialising in sys-
tems security or the inter-
section of security with arti-
ficial intelligence or human-
computer interaction. This is
a very interesting opportunity
to join an expanding group
which is rapidly becoming one
of the best groups in the UK. For other interesting positions all
More info at https://goo.gl/ across Europe, please check the re-
9VWs4h. cently revamped “Researchers in Mo- Ron Wyden is the Democratic
tion” portal at https://euraxess. Senator from Oregon.
ec.europa.eu/. It currently has close He’s an interesting and controversial
to 50 open positions in computer se- figure in the United States Senate,
curity and related areas, including and although after checking his vot-
in Poland, the UK, Finland, Slovenia, ing history one may disagree with the
Italy, Norway, Switzerland, and even timing or wisdom of some of his past
• Professor of Computer Science
in Spain! actions, it is difficult to argue against
at University College Cork -
School of Computer Science the fact that he is a strong advocate
and Information Technology. of civil liberties and (with the excep-
tion of assisted suicide) his views are
very liberal (in the best sense of the
This is an interesting position word, if any still exists) and closer to
in Ireland, at a prestigious in- these of NGOs such as the EFF.
stitution that wants to expand
its cyber security expertise. He has recently been again in the
spotlight because of his doubts about
They state in the ad that "The Proposals for STSMs a recent statement by the FBI Di-
School strategy is to expand its By now, you should be already rector, who claimed tech companies
research and teaching in the familiar with what Short Term Scien- can weaken their encryption without
area of cyber-security, and can- tific Missions (or STSMs, for short) harming cybersecurity.
didates with such expertise are are.
especially encouraged to apply. He, in a move that is nowadays
Applications from candidates Please make your willingness to sadly uncommon for politicians, seek
with expertise in other areas of receive STSMs proposals known by real expert’s advice.
computer science will also be sending me an email.
considered." As a result, he received a let-
Until I do not have any more, I’ll ter from Prof. Martin Hellman
This is a full-time and per- just publish mine: (signed also by Bellovin, Kocher and
manent position, with a rela- Schneier) saying this is simply not
tively high salary ranging from possible right now, at least not as
e109,129 to e140,962 de- stated by the FBI Director.
pending on experience.
It is interesting to note that the
FBI Director had claimed that "ex-
Note that, as it is becoming perts" had concluded these "excep-
increasingly common with cy- tional access" mechanisms were pos-
bersecurity positions, Garda sible without compromising security.
vetting or an international po- Senator’s Wyden call FBI’s bluff re-
lice clearance check may form • I will be very happy to receive questing them to name the experts
part of the selection process. anyone interested in investigat- who made such claim, and he has
ing randomness generation and not received an adequate answer to
The deadline for applica- testing, particularly on IoT de- date.
tions is Tuesday 6th March vices.
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 4
its, and 70% will go to the website
owner.
This is of course an awful practice
that, in the hands of criminals, can
be turned into something even worse
when they include said javascript on
hacked webpages, whose owners re-
main unaware of the events.
How to prevent attackers to com-
promise your web and plant code
that will abuse your visitors? In addi- Event calendar
tion to the usual security measures,
The 33rd IFIP TC-11 SEC 2018
there are some very specific ones
International Conference on Infor-
that are beautifully covered on a blog
mation Security and Privacy Pro-
https://goo.gl/iR5p6f by Scott
tection (SEC 2018) will take place
Helme.
in Poznan, Poland, from the 18
to the 20 September. Cryptacus’
Miroslaw Kutylowski is in the or-
ganisation. Deadline has passed, but
This is another twist on the ongo- this is a very nice event to reg-
ing war on crypto. ister and attend, with some very
high quality presentations. More
Looks particularly worrying if we info at http://ifipsec2018.pwr.
see it as part of the same effort that edu.pl/comittee.php
is desperately trying to push NSA’s
SPECK and SIMON for standardisa-
tion by ISO/IEC despite the strong
opposition of the German, Japanese This was in response to the dis-
and Israeli representatives. covery that more than 4,000 sites
were hosting mining scripts, many
Please don’t forget to contact your of these Government websites. This
national representative and ask him happened because a third party
or her to vote against these abu- provider (Text Help) was compro-
sive behaviour, from the authors of mised and their javascript library was
the beloved and heavily backdoored altered, introducing a crypto mining
script that was then subsequently in- The 17th Annual Workshop on
Dual-EC-DRBG.
cluded on thousands of websites. the Economics of Information Secu-
rity (WEIS) will take place next year
ALL YOUR MONERO ARE BE-
in Innsbruck, Austria.
LONG TO US Fortunately, this is easy to stop
with a tiny change to how the script
The notification of acceptance is
The latest pseudo-criminal trend is loaded in the code, adding the
on March 31. Rainer Böhme is the
is to turn your browser into a cryp- SRI Integrity Attribute that allows
conference chair.
tocurrency mining machine. the browser to determine if the file
There is even a legitimate (although has been modified, and reject it if
admittedly immoral) business model needed.
behind it, as for example proposed by
https://coinhive.com, that tries to Scott claims that to take this one
sell it as an alternative to online ads. step further and ensure absolute pro-
They basically provide you with tection, you can use Content Security
javascript that you can embed in Policy and the require-sri-for direc- The 23rd Australasian Conference
your webpages which will abuse your tive to make sure that no script is on Information Security and Privacy
visitor’s CPU to mine Monero, a cryp- allowed to load on the page without (ACISP 2018) will be held in Wollon-
tocurrency that can be mined for an SRI integrity attribute. On top of gong, Australia on July 11-13, 2018.
reasonable profit on normal CPUs that, you could be alerted to events
and that, conveniently, offers much like this happening on your site via It will, unsurprisingly, be orga-
more privacy than bitcoin. CSP Reporting. nized by the University of Wollon-
Coinhive will take 30% of the prof- gong. The submission deadline is
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 5
the 25 February 2018 at 11:59pm with a deadline on April 1st, and Of special interest to our audience is,
AEST and the notification will be on acceptance notification on May 11th, possibly, the 2nd International Work-
the 8th April. 2018. shop on Security and Forensics of IoT.
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 6