Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Cryptacus Newsletter
News from the Chair Castro accepted to be the editor of This month we recommend to
by G ILDAS AVOINE this newsletter. Thanks, Julio! I hope read the paper Lock It and Still Lose
you will keep this newsletter excit- It - On the (In)Security of Automo-
ing by regularly sending your news to tive Remote Keyless Entry Systems,
Julio. published in the 25th USENIX Se-
During Haifa’s meeting, we also curity Symposium (USENIX Security
discussed the third grand period. 2016).
Cryptacus encountered several diffi- This brilliant piece of work, by
culties to launch the third grant pe- our colleague and WG4 leader
riod, but this issue should be fixed Flavio Garcia (with David Os-
soon. Note that the scientific commit- wald, Timo Kasper and Pierre
tee, chaired by Bart Preneel, will pro- Pavlidès) which you can enjoy at
pose in the coming days the location http://goo.gl/nkeDB5, has been all
Cryptacus’ Management Committee of the next meeting. Right after, the over the news recently, being covered
Meeting organised in Haifa, Israel, MC will vote on the grant agreement, at news sites such as The Guardian,
was really interesting and useful which is a mandatory step before the Daiy Mail, WIRED, The Register, Busi-
(Thanks, Orr!) for the current and next period starts. Short-term scien- ness Insider, Daily Tech, Ars Tech-
future activities of our COST Ac- tific missions will then be able to be nica, etc. showing once more why
tion. The Management Committee organised again. the work we do can potentially have
(MC) decided there to make collab- an enormous societal impact. Con-
orations in Cryptacus’ even stronger, gratulations Flavio et al., nice work!
and to spread the information bet- Funding News
Recommended reading
ter among the members of the Ac-
tion, and more generally in the sci-
entific community. Among the dis-
cussed issues, the MC decided to pub-
lish a monthly newsletter that in-
cludes recent activities of the Action,
as well as news from the field (call
for papers, open positions, significant
publications, etc.). Julio Hernandez- There are a number of interesting
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 1
European calls for H2020 projects • Lectureship in the Founda-
in our (or closely related) areas in tion of Pervasive Data Sci-
• DS-08-2017 explicitly mentions
2017. We will cover in more detail ence at Lancaster University.
Privacy Enhancing Technolo-
in future editions of this newsletter They mention areas such as
gies in its description, ’to pro-
some of these opportunities, but for ’Internet of Things, smart
vide users with the functional-
now let’s list the most obvious ones: cities/spaces and pervasive
ity they require without expos-
computing’. It helps of you
ing any more information than
have interest or, preferably,
• DS-06-2017 has a deadline of necessary, and without losing
a track record as a data sci-
25 April 2017 and its topic control over their data, to any
entist. Salaries from £33,574
(Cryptography) is spot on. The third parties.’ but also requests
to £46,414. Permanent posi-
call is open to proposals ad- contributions in the area of ’Se-
tion. Call closing on the 18th
vancing in areas such as ho- cure Digital Identities’. More
September 2016. More info
momorphic encryption, data info at http://goo.gl/rFofmC
at http://goo.gl/ysa0HI. The
leakage, authenticated encryp- same folks at Lancaster offer
tion, post-quantum, automated There are other interesting calls an additional position as a Lec-
proofs for crypto protocols, etc. we will mention in future issues, turer in Cybersecurity (closing
But they also explicitly request where we will also provide with more on the 30th September 2016)
proposals dealing with the ’In- details on the ones briefly shown
ternet of Things, implantable above. We will try to encourage
medical devices and sensor • Research Associate or Senior
and support consortia build-up from
nodes that harvest energy from Research Associate in Cryp-
within Cryptacus, involving as many
the environment’ acknowledg- tography at Bristol. This is a
MC members as possible. Incoming
ing that ’there is a need for rolling call with only a nominal
MC and WG meetings will include
ultra-lightweight cryptology’ deadline of 18th of December.
opportunities to create consortia and
and that ’additional means They’re interested in hiring for
exchange know-how to competitively
to protect privacy in these their prestigious Cryptography
apply to H2020 calls.
applications (e.g. anonymity group in Multi-Party Compu-
in communications) should tation, the evaluation of the
Open Positions security of cryptographic im-
be developed.’ More info at
http://goo.gl/Ir8ekC. plementations, cryptography
resiliency against real world
attacks, design and implemen-
• DS-07-2017 belongs to the tation tools, etc. Salaries from
group of EU call with an un- £31,656 to £40,082. More info
godly deadline in August. I at http://goo.gl/TErYvr
imagine many of you have suf-
fered this in the past, and how
badly it can impact your hol- Proposals for STSMs
We would like to include in future
idays and relations. For this
newsletters open positions related to
and the next, the deadline is
our are of interest, so please send
24 August 2017. The topic cov-
us any employment opportunity you
ered is closer to cybersecurity,
want to publicize. For the time being,
in particular Addressing Ad-
we have these:
vanced Cyber Security Threats
and Threat Actors, and they
seek the ’development of novel • Lecturer/Associate Professor at
approaches for providing or- the University of Southamp-
ganizations the appropriate ton. They explicitly mention
situational awareness in rela- Internet of Things as one of
tion to cyber security threats’ the areas of expertise they’ll
with solutions including ’tech- be happy to appoint a candi- By now, you should be already
niques such as anomaly de- date. Call closes on the 20th familiar with what Short Term Scien-
tection, visualization tools, big September 2016. Salaries from tific Missions (or STSMs, for Short)
data analysis, threat analysis, £36,672 to £60,081 per year. are, but we have a healthy budget for
deep-packet inspection, proto- Permanent position. More info them within the Cryptacus project
col analysis, etc’. More details at http://goo.gl/uEYSxk and not enough demand.
at http://goo.gl/FPs4CD
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 2
This section could be used by any http://bristolcrypto.blogspot.be/, We surely have to mention the
of our readers to encourage visitors where you can find multiple blog imminent deadline of RFIDSec2016
to their group or lab. For that, please entries with description of their ac- (venue will be Hong Kong) on 12
send us a very brief description of tivities, and a variety of other inter- September (http://rfidsec2016.org/)
your profile and that of the intended esting topics, from their musings to as one of the yearly highlights for
visitor, and we’ll publicize it in here their live blogging of some of the our community, but the Mycrypt (on
to foster international cooperation main events in the Crypto calendar. the 15th) and Eurocrypt (on Octo-
within the COST project. ber 1st), together with ASIACCS (on
Event calendar November 1st), Finantial Cryptogra-
Blogs and posts to read phy (4th of November) and the FSE
(23rd of November) will make for a
busy end of the year for most of us.
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 3
O CTOBER 2016, N O 2
Cryptacus Newsletter
News from the Chair mittee will soon receive an official in- This month we have two items on
by G ILDAS AVOINE vitation. Any other researcher inter- our list of recommended readings.
ested by the cryptanalysis of ubiqui- One of them is an academic paper,
tous computing systems is welcome for which we have to thank Han-
to participate in these meetings. The dan Kilinç, the other a series of news
program will be available on the web- posts describing from different an-
site soon. gles the recent massive DDoS attack
The Action will then organize a work- suffered by Brian Krebs and others
shop, early in 2017. The Action is which apparently exploited a very
looking for organizers for this work- large network of compromised IoT
shop. If you are interested in organiz- devices.
ing this event in your country, please
contact Gildas Avoine or Bart Pre-
Cryptacus’ management committee neel. 1. Efficient Public-Key Distance
approved in September 2016 the Finally, I would like to thank those Bounding Protocol. Consid-
yearly work and budget plan. I am who sent information to crypta- ering that products which use
glad to inform Cryptacus’ members cus.newsletter@irisa.fr to feed Octo- Distance Bounding protocols
that the third grant period is conse- ber’s newsletter. Do not hesitate to tend to be quite computation-
quently open. Researchers interested use this information channel to an- ally constrained, the authors
on short-term scientific missions can nounce news about your own work constructed the most efficient
apply for a grant, following the pro- and spread important information for public-key DB protocol (Eff-
cedure described on the website of the community. pkDB) which is secure against
the Action, www.cryptacus.eu. All Recommended reading distance fraud, mafia fraud and
valid applications have been granted distance hijacking. It can be
so far, so do not hesitate to apply. also converted to a strong pri-
Two major events will be organized vate variant efficiently using
during the third grant period. First a IND-CCA secure encryption
of all, the Action will organize its scheme. The two protocols are
scientific meetings on November 6th the most efficient ones when
and 7th , 2016, in Sophia-Antipolis compared with other protocols
(France). offering the same security level.
Members of the management com- Handan Kilinç and Serge Vau-
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 1
denay. Efficient Public-Key Dis- The call draft specifically men- we have these:
tance Bounding Protocol. In Asi- tions security and privacy within its
acrypt, 2016 scope: ‘Advanced concepts for end-
to-end security in highly distributed, • Faculty Position in Distributed
heterogeneous and dynamic IoT envi- and Secure Hardware Systems.
2. A gargantuan DDoS attack (up Ecole Polytechnique Federale
ronments. Approaches must be holis-
to 620Gbps) directed towards de Lausanne - EPFL - School of
tic and include identification and
journalist Brian Krebs’ web- Engineering. Permanent, Full
authentication, data protection and
site was apparently based on a Time Position. Deadline is 30th
prevention against cyber-attacks at
million-device-strong IoT bot- October 2016. More info at
the device and system levels. They
net, including security cameras https://goo.gl/XhF7hf.
should address relevant security and
and the like. Akamai had prob-
privacy elements such as confiden-
lems defending Krebs’ site so
tiality, user data awareness and con- • Professor in Department of
he took it down. This seems
trol, integrity, resilience and authori- Computing The Hong Kong
as a revenge for his recent
sation.’ Polytechnic University. Prior-
journalistic efforts unmasking
DDoS gangs. More info here ity will be given to candidates
Further good news: ‘The Commis- with expertise in big data ana-
https://goo.gl/joEHDh. Part
sion considers that proposals request- lytics, human-centered comput-
of the problem seems to be
ing a contribution from the EU of ing and security. Recruitment
related to ’the sheer difficulty
between EUR 3 and 5 million would will continue until the position
of patching and updating IoT
allow this specific challenge to be ad- is filled. More info at https:
devices to take advantage of
dressed appropriately.’ More info on //goo.gl/dK9mz6. There are
the latest vulnerability plugs’.
this particularly tempting call can be other positions at the same
Food for though and a poten-
found at /urlhttps://goo.gl/66XM3Y. institution at the associate
tially very interesting research
area for some of you. Addi- and assistant professor level
There are many other interesting (https://goo.gl/zI8s9w).
tional info on this and related
calls that we will mention in future
security events can be read at
issues. If you are interested in par-
https://goo.gl/iGQ56r and
ticipating in one call and want us to • Lecturer in Computer Security.
https://goo.gl/bfgV4J.
highlight it in the newsletter, and to University of Birmingham. If
help build a consortium, don’t hesi- you want to join the prestigious
Funding News tate to contact us. Birmingham research group in
a full time permanent posi-
We will encourage and sup- tion, hurry up and apply before
port consortia build-up from within the 9th October. More info at
Cryptacus, involving as many MC https://goo.gl/k78cFz.
members as possible.
• If you don’t have your CV at
Incoming MC and WG meetings
the ready, you can try Lough-
will include opportunities to create
borough University, that of-
consortia and exchange know-how to
fers a similar position (https:
competitively apply to H2020 calls.
//goo.gl/paKkxv) with a
deadline on the 14th .
Open Positions
There are a number of interesting • If the Brexit woes are giv-
European calls for H2020 projects, ing you sleepless nights, this
but the one we cover this month is full-time permanent position at
possibly the most obvious one, as its the National College of Ireland
topic is ‘R&I on IoT integration and could be a good option. Offer-
platforms’. ing more generous salaries in
general than in the UK, this
In particular, we focus this month We would like to include in future has a deadline of 18th Oc-
on the call IoT-03-2017 which is a newsletters open positions related to tober and a remuneration of
Research and Innovation action with our are of interest, so please send up to e78k/year. More info at
a deadline of 25 April 2017. us any employment opportunity you https://goo.gl/MUtA0r.
want to publicize. For the time being,
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 2
Proposals for STSMs restore the DNS root keys, Dan is the
American representative.
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 3
N OVEMBER 2016, N O 3
Cryptacus Newsletter
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 1
Chaff" and was published in the In- in our area of interest or closely re- https://goo.gl/bL8Q3m.
ternational Conference on Applied lated ones. We will try, from within
Cryptography and Network Security, Cryptacus, to facilitate the build up
2016. of consortia to successfully apply to Proposals for STSMs
I find particularly fascinating how several of these opportunities.
they try and finally manage to distin- As you may have noticed, the sched-
guish random data from other mean- ule for the Sophia-Antipolis meeting
ingful information. You can find it is very tight, but we will try to ar-
here https://goo.gl/Yx8T5F range for a H2020 informal meeting
to exchange ideas and encourage
members to participate in these com-
petitive but highly rewarding bids. By now, you should be already
familiar with what Short Term Scien-
Open Positions tific Missions (or STSMs, for short)
are, but we have a healthy budget for
them within the Cryptacus project
and not enough demand.
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 2
In addition, I will recommend Event calendar
to read again the blog of Pen- I hope to meet many of you, either
Test Partners, and in particular this in Sophia-Antipolis, Cannes or Hong
https://goo.gl/ZisRhi which is Kong later this month, as we have
the entry in which they report on a number of very important events
their demo at Def Con 24 where they with very appealing programmes al-
demonstrated how easy it was to cre- ready available.
ate ransomware for IoT devices. RFIDSec2016 (Hong Kong) has
They chose a smart thermostat, partly just published its list of accepted
because of the scary/amusing conse- papers http://rfidsec2016.org/
quences of IoT vendor security com- program.html and many talks look
placency. They describe in detail how really interesting.
This month, I will recommend you
they created a fully functioning ran- The Cardis programme is also
to check the blog of the IoT Security
somware to take control of a smart available
Foundation, that is a unknown organ- https://2016.cardis.
thermostat and lock the user out un- org/program.html. It will be co-
isation for me, but seems legit having
til they paid up. located with the Lightsec Crypto
between his members heavyweights
The sad but very familiar conclusion Workshop in Cannes that also has an
such as Ross Anderson and Kenny
is that, as they put it, "Simple se- outstanding list of speakers https:
Patterson, between others. It is at
curity controls would have stopped //www.cosic.esat.kuleuven.be/
https://iotsecurityfoundation.
this hack working, yet they were not events/lightcrypto/timeline/, so
org/blog/. They have just celebrated
present." no excuses not to attend.
their first year.
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 3
D ECEMBER 2016, N O 4
Cryptacus Newsletter
News from the Chair Cryptanalysis of protocols and primi- mation channel to announce news
by G ILDAS AVOINE tives). about your own work and spread
important information for the com-
The Management Committee munity, including relevant call for
meeting was organized jointly with papers, job opportunities, etc.
the Working Groups meetings.
Recommended reading
An important point discussed dur-
ing the meeting was about the orga-
nization of a workshop around March
2017.
Cryptacus organized its bian-
nual meeting on November 6th -7th The workshop will cover the top-
in Sophia-Antipolis, in the French ics considered in Cryptacus, and will
Riviera. consist of talks given by researchers
who are not necessarily members of
More than 35 people attended the COST Action.
the working group meetings. Very
exciting talks were arranged by the A call for presentations will be
WG leaders, including the ones by published soon. Speakers of selected This month we will start and end
the two invited speakers: Takanori presentations will be invited to the our recommended reading section
Isobe (SONY Corporation), who workshop and fully financially sup- with a paper that perhaps many of
spoke about "Security of Block Ci- ported by the COST Action. you have already read titled ”Dif-
phers Beyond Blackbox Model", and ferential Computation Analysis: Hid-
Cristiano Giuffrida (Vrije Universiteit The location of the workshop will ing Your White-Box Designs is Not
Amsterdam) whose talk was entitled be announced in December 2016. Enough‘’, by Joppe W. Bos, Charles
"Imagine a World without Software Hubain, Wil Michiels and the great
Bugs". Finally, I would like to thank Philippe Teuwen.
those who sent information to crypta-
An interesting and very active cus.newsletter@irisa.fr to feed De- It was published at the last CHES
discussion about the concept of cember’s newsletter. conference, and it received the best
"lightweight cryptography" was also paper award.
initiated by Working Group 2 (WG2: Do not hesitate to use this infor-
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 1
You can access it and, more inter- Open Positions Proposals for STSMs
estingly, a video of their presentation,
at http://iacr.org/cryptodb/
data/paper.php?pubkey=27856.
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 2
Blogs and posts to read the industry is doing in IoT security, Event calendar
but there are many promising start- As I finish this newsletter many of
ups popping around and it’s easy not you will probably be in Hong Kong,
to know what type of technologies attending RFIDSec. For those who
they are working on. The selection is missed it, there are still some inter-
heavily based towards USA compa- esting events on the horizon to keep
nies, but still useful. It is curious to us happy and hopeful!
see so many small companies work-
ing on automotive IoT security. For those who need an urgent
excuse to escape to New York, the
Lastly, there is another potentially Real World Crypto Conference can’t
interesting piece discussing the usage be bested. They have just pub-
of blockchain to help in securing the lished a very interesting program
IoT. I’m not fully convinced by all the at http://www.realworldcrypto.
proposed ideas, but in any case they com/rwc2017/program that contains,
In https://goo.gl/gtwHgm we are worth knowing, and could even
find a very popular piece of news that for example, some very promising
be inspiring for some of you to de- presentations on embedded security.
fits perfectly within the Cryptacus velop new applications. More info at
remit: A security researcher (@Er- https://goo.gl/39AMbQ
rataRob) plugs (with caution, he’s If you want to learn a lot and fast
a paranoid security researcher after on privacy, you can’t get it much bet-
all) his newly acquired smart cam- ter than attending the 7th BIU Win-
era into his WiFi network at home ter School on Cryptography, which
and checks that all is nice and sound, is devoted this year to “Differential
only to witness how just 98 seconds Privacy: From Theory to Practice”.
later it gets compromised by a vari- Over five days, and with an excel-
ant of the infamous Mirai malware lent team of lecturers, you will have
(again recently in the news due to the opportunity to learn everything
crippling internet access for nearly there is about privacy in Tel-Aviv
1 million home users in Germany). at Bar-Ilan University. More info at
Admittedly, the camera is a cheap http://cyber.biu.ac.il/event/
model https://goo.gl/L91jZJ with the-7th-biu-winter-school/.
a default username/password of
root/xmhdipc. This is the sorrow Euro S&P is this year in Paris,
And now for something com- 26-28 April. A must! More at
state of affairs right now. By the
pletely different https://goo.gl/
way, the blog of this researcher, http://www.ieee-security.org/
mn6qsS, as good old John Cleese used
Robert Graham, is highly recom- TC/EuroSP2017/index.php
to say. I couldn’t help but add the fi-
mended, and you can find it at
nal position of the last game of the Last but not least, the summer
http://blog.erratasec.com/.
Carlsen-Karjakin match for the World school on real-world crypto and pri-
Chess Championship that just fin- vacy organised by Lejla will take
ished moments ago while yours truly place in Sibenik (Croatia), June 5
was writing this newsletter. It is an to 9. Highly recommended, for all
extremely beautiful and not so com- ages! Registration will open early
mon mate pattern that I’m sure many February 2017. More relevant info
of you will appreciate. Congrats to at http://summerschool-croatia.
Magnus for retaining the title on his cs.ru.nl/2017/.
birthday!
See you all soon!
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 3
JANUARY 2017, N O 5
Cryptacus Newsletter
News from the Chair Apart from this event, I also Once again, have a happy new
by G ILDAS AVOINE encourage you to submit propos- year!
als for Short-term Scientific Mis- Gildas
sions. STSMs are a great opportu-
nity for researchers to do a 1-week Recommended reading
to 3-month stay in a foreign coun-
try. If you are interested in ben-
efiting from such an opportunity,
please have a look at this page:
https://www.cryptacus.eu/en/stsm/
Happy new year to everyone, and Note that there is still plenty of
happy Cryptacus 2017! money for funding STSMs. Given that We will start 2017 by highlight a
This year will be highly important the current Grant Period will be com- paper that has received a fair share
for Cryptacus, especially with the pleted at the end of April 2017, your of media attention and is specially
organization of a workshop at Suto- STSM must finish before the end of dear to our hearts, as it benefited
more, in Montenegro, on March 14th April, or start after the beginning of from a STSM within Cryptacus. Its ti-
and 15th. This workshop is open to May. tle is “On the (in)security of the Latest
everyone - not only Cryptacus mem- If you are interested to set up a Generation Implantable Cardiac De-
bers - and a call for presentations will consortium for a H2020 proposal, do fibrillators and How to Secure Them”,
be published very soon. Researchers not hesitate to send an email to Julio, and is authored by Eduard Marin,
interested in presenting their work who can spread this information in Dave Singelée, Flavio D. Garcia, Tom
will be invited to submit a one-page the newsletter, or you can send your- Chothia, Rik Willems, and Bart Pre-
abstract describing their presenta- self an email to the mailing list of the neel. It appeared in the Proceedings
tion. Selected speakers will be fully Management Committee. of the 32nd Annual Conference on
reimbursed by Cryptacus, including Computer Security Applications, pp.
travel, hotel, and meals. More in- Finally, if you are interested in 226–236. ACM, 2016. You can read
formation will be published in the organizing a Cryptacus event in 2017 it at https://goo.gl/MKPJ69
coming days on the mailing list of or 2018, please contact me. The Man- The findings presented in the paper
the Action, including information for agement Committee will soon discuss were discussed in Security Week, The
the submission and for booking the about the activities of the next Grant Register, the Inquirer and The Sun,
hotel. Period that will start in May 2017. to mention only some of the many
media outlets that reflected on this
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 1
interesting research. too early, a defect that had lead at the Open Positions
time to at least 2 deaths. You can read
2016 was not a good time to be more about this catastrophic devel-
a major manufacturer of Implantable opment at https://goo.gl/cn5cSg.
Cardiac Defibrillators, and the fu- Curiously enough the short-selling
ture looks even bleaker. Apart from following the MW report this time
the above paper, which is clearly bad would have not generated massive
news for business in general, the con- profits, as the stock price of STJ was
troversial Muddy Waters Capital pub- $81.88 when the report was pub- Please send us any employment op-
lished in August a very strong short lished and never fall below $77.82 portunity you want to publicize in
recommendation on St. Jude Medi- despite all the evidence against their the newsletter. There are 2 open po-
cal, Inc. https://goo.gl/noGpyQ. products. All in all, a good case for sitions at Kent in the security do-
research impact and, interestingly, an main, at assistant professor level, full
It claimed their pacemakers, example that major security weak- time and permanent. Salary range is
ICDs, and CRTs should be recalled nesses can be a good predictor of £32,958 to £46,924. Deadline is 6th
immediately. These devices collec- other, even more egregious, technical February. More info at https://goo.
tively generated 46% of their 2015 shortcomings. gl/tHulul
revenue, and they seemed to suffer Other interesting positions are:
from serious product safety issues Please send your contributions
leading to unnecessary health risks. and suggestions for future issues of • Lecturer/Senior Lecturer in
They continued describing two types this newsletter. Cyber-Physical Systems, Uni-
of attacks against the devices: a crash versity of Cambridge. Deadline
attack that causes Cardiac Devices to is 10th January 2017. Salary in
Funding News the range £39,324 to £55,998
malfunction, including by apparently
pacing at a potentially dangerous per year. Full time, perma-
rate; and a battery drain attack that nent position. More info at
could be particularly harmful to de- https://goo.gl/oQMRZo. They
vice dependent users. explicitly mention Internet-of-
Things/IoT, wearable technolo-
gies and security & privacy.
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 2
Computing of Imperial College limitations and pitfalls of the PRNGs
London. The position is again and the TRNGs currently in use on
full-time, permanent. Deadline IoT devices.
is the 24th January. They men-
tion in their areas of interests If you want to see what kind of
network security, applied cryp- work I’ll be interested in carrying out,
tography, crypto-currencies and check my paper at RFIDSec’16 or the
blockchain technologies. preliminary presentation at the WG4
meeting.
Event calendar
For other interesting positions Contact me at jch27@kent.ac.uk
all across Europe, please check the if interested and/or for further info. Of course, the main dish in our
recently revamped ’Researchers in event calendar is the next Cryptacus
Motion’ portal https://euraxess. Management Committee & Working
Blogs and posts to read Groups Meeting in March, 14-15th,
ec.europa.eu/.
in Sutomore, Montenegro. It will be
organised by Milena Djukanovic.
Proposals for STSMs
Another quite interesting event is
the Early Symmetric Crypto (ESC),
that will take place 16-20 Jan-
uary in Canach, Luxembourg. Or-
ganised by Alex Biryukov it will
cover, as one of their Special Top-
ics, Lightweight Cryptography for the
IoT. The aim of the workshop is to
By now, you should be already
bring together leading experts and
familiar with what Short Term Scien-
talented junior researchers, and to
tific Missions (or STSMs, for short) Chris Brook has recently pub- let them exchange ideas, and discuss
are, but we have a healthy budget for lished an interesting piece called
open problems in an informal atmo-
them within the Cryptacus project ‘2016: The Year in IoT Insecurity’ at
sphere. More info at https://goo.
and not enough demand. https://goo.gl/As1laR where he gl/EeoWw7.
makes a recap of some of the biggest Euro S&P is this year in Paris,
We will repeat the STSM offer of stories of the past year in IoT security.
26-28 April. A must! More at https:
Aurélien Francillon from last month:
//goo.gl/fvjBVN
Another interesting read is ‘17 for
“At Eurecom we are actively work- 17’, a series of Q&A with leading Mi-
The summer school on real-world
ing on analyzing embedded devices crosoft researchers across the World
crypto and privacy organised by Lejla
software and building methodologies and across disciplines, where they
will take place in Sibenik (Croatia),
and tools for this. An example of that share their general prediction for
June 5 to 9. Highly recommended,
is our open source Avatar Framework 2017 to 2027 on a number of Com-
for all ages! Registration will open
(see http://s3.eurecom.fr/tools/ puter Science related topics, where
early February 2017. More relevant
avatar/) which is aimed to reverse computer security and IoT are cov-
info at https://goo.gl/cSCcUZ.
engineer devices and search for vul- ered directly or in passing in many
nerabilities. We are happy to receive of the answers. Truly though provok-
Last but not least, Agusti Solanas
visitors interested in the topic, for ing and inspiring reading at https:
is editing an Special Issue in the
example to get help to start using the //goo.gl/bSrcQM
International Journal of RF Tech-
Avatar framework on a given device.”
nologies Research and Applications
(ISSN: 1754-5730) on ‘Advances in
RFID for Smart Cities’ with a dead-
line of 17th March and a publica-
tion date in September. More info at
https://goo.gl/YbjggH
If you want to check with another See you all very soon!
doctor, TechRepublic has also pub-
lished a list of predictions, this time Best,
I will be happy to receive anyone more focused on IoT, at https:// Julio Hernandez-Castro
interested in investigating the many goo.gl/7DJIH8
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 3
F EBRUARY 2017, N O 6
Cryptacus Newsletter
News from the Chair PhD Students and Postdocs are es- do not hesitate to directly contact
by G ILDAS AVOINE pecially (but not exclusively) invited Milena.
to submit a presentation proposal.
Gildas
Note that, for each selected pre-
sentation, the travel and accommo- Recommended reading
dation expenses of the speaker will
be fully reimbursed. This is an op-
portunity for young researchers to
present their work and share ideas
with researchers from the scientific
Dear Cryptacus Members, community.
I would like to start this newslet- Last but not least, the submission
ter by thanking Milena Djukanovic, process is very lightweight, given that We will briefly cover in this is-
the organizer of the Cryptacus work- only a 1-page abstract is required by sue two papers co-authored by the
shop that will take place next month the program committee for the selec- legendary Adi Shamir, investigating
in Montenegro, on March 14th-15th. tion of the presentations. Smart Lights in quite some depth.
Milena already did a great job so Whether or not you plan to sub- The first is “Extended Functional-
far to set up the workshop in a very mit a presentation, you can regis- ity Attacks on IoT Devices: The Case
short time. I am sure we will have ter to the workshop using this link: of Smart Lights”, and is authored by
a great and enjoyable event in Suto- https://goo.gl/P5eCgN. Eyal Ronen and Adi Shamir, both
more next month. from the Weizmann Institute of Sci-
Note that booking in the hotel ence.
A call for presentations was re- of the workshop is particularly con-
cently distributed around. It can venient, because Milena Djukanovic They showed how the intended
be downloaded from the Cryptacus negociated that the room rate will functionality of smart lights can be
website, at https://goo.gl/n8iyLB. include the transportation from/to abused to build a covert LIFI com-
May I ask you to distribute this call the airport and the lunches. munication system to exfiltrate data,
to relevant mailing lists? even from highly secure environ-
If you have other questions, ments. They implemented the attack
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 1
and were able to read the leaked data This research has been covered in a but most of them apparently are go-
from a distance of over 100 meters number of major generalist newspa- ing for the straightforward topics
using only cheap and readily avail- pers and news sites such as the New of homomorphic encryption, ultra-
able equipment. Particularly funny York Times, Forbes, Motherboard, PC lightweight crypto, physical crypt-
was the fact that, as a receiver, they Magazine, The Register, Computer- analysis, quantum and automated
used a 12in Meade LX200 telescope. World, etc. proof techniques.
This was an Invited paper to IEEE
S&P Europe 2016. These brilliant papers will defi- It is possible, however, that there
You can read it at https://goo.gl/ nitely contribute to validate Shamir’s will be room for a proposal targeting
LJCM0A 15 predictions for the next 15 years, the challenge defined by ’Authenti-
as presented in his anniversary cated encrypted token research for
keynote "Financial Cryptography: mobile payment solutions and re-
Past, Present, and Future" at Fi- lated applications’. If you have ex-
nancial Cryptography 2016 (check perience in H2020, are willing to
https://goo.gl/ifBptN) particu- coordinate a proposal and have ideas
larly prediction #1 (Cybersecurity is for seriously contributing to this chal-
terrible, and will get worse) and #2 lenge, please do not hesitate to con-
(The Internet of Things will be a se- tact me at jch27@kent.ac.uk to fur-
curity disaster). ther discuss a joint bid.
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 2
permanent position. Deadline is most attractive position in this
23rd February 2017. More info February list, as Durham is a
at https://goo.gl/aiqfxq. small and beautiful city and the
university is one of the best
• Associate/Assistant Professor in in the UK. The initial salary
Formal Methods Technical Uni- will be circa £85,000 and may
Please send us any employment op-
versity of Denmark - DTU Com- rise significantly higher, typi-
portunity you want to publicize in
pute. Deadline is 5th February cally around £120,000 depend-
the newsletter.
2017. Full time, permanent po- ing on experience and achieved
sition. For further info or to targets.
There are still 2 open posi-
apply, check https://goo.gl/
tions at Kent in the security do-
3CHl2z.
main, at assistant professor level, full For other interesting positions
time and permanent. Salary range • Lecturer or Senior Lecturer or all across Europe, please check the
is £32,958 to £46,924. Deadline is Reader in Systems for the In- recently revamped ’Researchers in
6th February, so hurry up! Please ternet of Things at the Uni- Motion’ portal https://euraxess.
come to join an expanding team with versity of Edinburgh - School ec.europa.eu/.
many funding successes in Cyberse- of Informatics. Closes on the
curity! More info at https://goo. 15th February 2017. Another Proposals for STSMs
gl/tHulul. Also, there is now an full time, permanent position.
open position for a fully funded 3- Salary range is £39,324 to
years long PhD studentship with me, £55,998. Edinburgh is one of
so if you want to apply, please check the nicest places to leave in
https://goo.gl/YxDzTt. the UK, its university is ex-
Other interesting positions are: tremely prestigious and the cost
of living and accommodation
• Chair in Cyber-Secure Engi- is reasonably low. Also, they’re
neering Systems and Processes very welcoming of foreigners, By now, you should be already
at Cranfield University - School much more than their neigh- familiar with what Short Term Scien-
of Aerospace, Transport and bors to the South, and there’s tific Missions (or STSMs, for short)
Manufacturing (SATM). This the off-chance possibility that are, but we have a healthy budget for
professorship is full-time, per- they might not Brexit as they them within the Cryptacus project
manent. One of the topics voted against and they current and not enough demand.
they’re interested in is ’Secu- leaders are strongly opposed to
rity of Internet of Things (IoT) it. Or maybe they will do, later We will repeat the STSM offer of
devices and systems within in- claim independence and try to Aurélien Francillon from last month:
dustrial settings’. The closing re-enter the EU. For more info,
date is 9th February 2017. Ini- visit https://goo.gl/KNB9QD. “At Eurecom we are actively work-
tial salary is £66,366. More info ing on analyzing embedded devices
at https://goo.gl/aZczjS • Lecturer- Internet of Things, at software and building methodologies
University of Essex - School and tools for this. An example of that
• Lecturer/SL/Reader in Cyber of Computer Science and Elec- is our open source Avatar Framework
Security at the School of Com- tronic Engineering. Full time, (see http://s3.eurecom.fr/tools/
puting Science, University of permanent position, with a avatar/) which is aimed to reverse
Glasgow. Another full time, per- deadline on the 7th February engineer devices and search for vul-
manent position with a salary 2017. The position is based nerabilities. We are happy to receive
range between £33,943 and in Colchester, one of the most visitors interested in the topic, for
£55,998 per annum. Deadline beautiful and greenest cam- example to get help to start using the
is the 3rd of February. More info puses in the UK, and its salary Avatar framework on a given device.”
at https://goo.gl/ioChFq. range is £39,324 to £46,924.
More details at https://goo.
• Lecturer or Senior Lecturer gl/cSXjXP.
in Internet of Things (IoT)
and Cyber security at Liverpool • Professor in Department of
John Moores University - Com- Computer Science (with sub-
puter Science and Electron- sequent Department Headship)
ics and Electrical Engineering. at Durham University - Depart-
Starting salary is in the range ment of Computer Science. This
£39,324 to £48,327. Full time, is in my opinion one of the
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 3
I will be happy to receive anyone guess. And as long as the ransom The summer school on real-world
interested in investigating the many price isn’t too onerous, people will crypto and privacy organised by Lejla
limitations and pitfalls of the PRNGs pay.’ You can read more, and many in- will take place in Sibenik (Croatia),
and the TRNGs currently in use on teresting comments from readers, at June 5 to 9. Highly recommended,
IoT devices. https://goo.gl/sc92MA. for all ages! Registration will open
Another interesting reading can early February 2017. More relevant
Blogs and posts to read be found in the article ’How the info at https://goo.gl/cSCcUZ.
Internet of Things will affect secu-
rity & privacy’ by Andrew Meola for Esorics is this year in beautiful
Business Insider at https://goo.gl/ Oslo, from 11-15 September. Submis-
He3tCE. sion deadline is April 19th . Hope to
see many of you there!
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 4
M ARCH 2017, N O 6
Cryptacus Newsletter
News from the Chair • Constantinos Patsakis already apply for research stays start-
by G ILDAS AVOINE ing in June.
• Thomas Gougeon
The Management Committee will
• Ziya Alper Genc also have a meeting in Montenegro in
order to define the activities that will
• Eleni Isa be organized during the next Grant
Period.
• Pietro Monsurro
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 1
news and the relevance of the find- for security practitioners to migrate It’s the Horizon 2020 Secure So-
ing, that although totally expected to safer cryptographic hashes such cieties European Info Day and Bro-
has still considerable impact. as SHA-256 and SHA-3. Following kerage Event, that will take place in
Google’s vulnerability disclosure pol- Brussels on 6 - 7 March at the Radis-
The new was announced at the icy, we will wait 90 days before re- son Blu Royal Hotel.
Google Security Blog on the 23rd leasing code that allows anyone to
of February (at https://goo.gl/ create a pair of PDFs that hash to the The event is “organized by the
B4v3aO). It was a nice joint effort same SHA-1 sum given two distinct Network of Secure Societies National
by a team of CWI researchers (Marc images with some pre-conditions.” Contact Points - SEREN3, in collab-
Stevens, Pierre Karpman) and Google oration with the European Commis-
engineers (Elie Bursztein, Ange Al- More info in 90 days, and at sion. This information day and bro-
bertini, Yarik Markov, Alex Petit, https://shattered.io/ kerage event gives details on the
Clement Baisse). calls for proposals H2020-CIP 2017,
Funding News H2020-SEC 2017 and H2020-DS-
They spent a compu- 2017” and is highly recommended.
tation effort equivalent to
263.1 SHA-1 compressions (see There will be at least 265 partic-
https://eprint.iacr.org/2017/190). ipants, and there is the possibility to
arrange short meetings with up to 6
As the authors write, the com- of them to discuss ideas and consor-
putation took “approximately 6,500 tium building.
CPU years and 100 GPU years. As
a result while the computational If it’s too late for you to register,
power spent on this collision is keep an eye for similar events later
larger than other public cryptanalytic this year. We will inform you of them
computations, it is still more than We will arrange in the next in here.
100,000 times faster than a brute Cryptacus meeting in Montenegro
force search.” for a slot to discuss some of these More info at https://www.
calls in detail and will plan ahead b2match.eu/seren3brussels2017
Despite the undeniably impor- for them, focusing particularly on the
tance of the result, it created some August calls as by them the April one Open Positions
funny responses on different social will be too close. Our aim is to fa-
networks, such as: cilitate the build up of consortia to
successfully apply to several of these
opportunities.
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 2
line is the 06/04/2017. Ger- smaller security group but they
man and English fluency re- have some very talented peo-
quired. More info at https:// ple and have recently recruited
www.b-tu.de/fakultaet1/. very well and continue to at-
tract talent. Also one of the very
• Assistant Professor in Advanced top security groups in the UK.
Computer Science at Uni- For applying, check https://
versiteit Leiden. Deadline is goo.gl/yDLQS9.
12/03/2017. The want to ap-
point one assistant professor • Lecturer in Cyber Security, at • I will be happy to receive any-
in the area of Security and an- the University of Southamp- one interested in investigating
other in the field of Correctness ton. Application deadline is the the many limitations and pit-
& Automated testing. Salary 13th March, and salary range is falls of the PRNGs and the
range from e3,427 e5,330 £37,075 to £46,924. Full-time, TRNGs currently in use on IoT
gross per month. More info permanent position, more info devices.
at https://goo.gl/1GbhN6. at https://goo.gl/gvl0qo.
For other interesting positions Blogs and posts to read
In addition, a good number of all across Europe, please check the
positions in the other side of the recently revamped “Researchers in
channel have recently opened Motion” portal https://euraxess.
or are about to close: ec.europa.eu/.
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 3
info at https://goo.gl/cSCcUZ. Last but not least, Agusti Solanas
is editing an Special Issue in the
Even earlier on, we have (thanks International Journal of RF Tech-
Stefan!) the first spring school on se- nologies Research and Applications
curity and correctness in IoT, which (ISSN: 1754-5730) on ‘Advances in
takes place May 8-12 in Graz, Aus- RFID for Smart Cities’ with a dead-
tria. Topics range from software ex- line of 17th March and a publica-
ploits and hardware side-channels to tion date in September. More info at
formal methods for security verifica- https://goo.gl/YbjggH
tion. Standard registration is open
Event calendar until April 16. More info at http: Agusti is also organising a spe-
Of course, the main dish in our //springschool.iaik.tugraz.at/. cial session in a IEEE Conference on
event calendar is the next Cryptacus Smart Health with many topics of
Management Committee & Work- The program is very interesting, interest for Cryptacus members, in-
shop in March, 14-15th, in Sutomore, and brings in some of the best in cluding: Security, privacy and trust
Montenegro. It will be organised by the area (including many Cryptacus management for Smart Healthcare
Milena Djukanovic. people) and lots of practical labs. In services/applications, Lightweight
addition, they offer a limited number cryptography for Smart Healthcare
Euro S&P is this year in Paris, of student stipends to cover registra- devices and systems and Cryptanal-
26-28 April. A must! More at https: tion. ysis of protocols for Smart Health-
//goo.gl/fvjBVN care devices. More info at http:
ESORICS is this year in beautiful //rtsi2017.ieeesezioneitalia.
The summer school on real-world Oslo, from 11-15 September. Submis- it/tech_sessSH.html
crypto and privacy organised by Lejla sion deadline is April 19 . Hope to
th
See you all very soon!
will take place in Sibenik (Croatia), see many of you there!
June 5 to 9. Highly recommended, Best,
for all ages! Registration will open Julio Hernandez-Castro
early February 2017. More relevant
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 4
A PRIL 2017, N O 7
Cryptacus Newsletter
News from the Chair speakers who participated in the re- newsletter.
by G ILDAS AVOINE cent Montenegro’s workshop. They
came from Finland, France, Greece, In addition, Cryptacus is look-
Italy, Luxembourg, Serbia, Turkey, ing for a volunteer to manage the
and the United Kingdom. website. Pascal Junod has been the
website manager for two years but
Another workshop will likely be he got a new position and he decided
organized in Fall 2017, and a training to resign from Cryptacus.
school in Spring 2018. More infor- Pascal did a great job during two
mation will be provided in the next years to set up and manage the web-
newsletter. site.
Dear Cryptacus Members, Cryptacus is consequently now look-
ing for a volunteer to replace Pascal.
April 30th is the end of the current Now that the website site is launched,
yearly grant period. During this pe- the task is pretty lightweight. Pascal
riod, Cryptacus organized a meeting said he will ensure the transition.
at Sophia-Antipolis in France, and Please contact me if you want to vol-
a recent workshop at Sutomore in unteer.
Montenegro. It was a great success
and an enjoyable experience, in a All the best.
big part due to the excellent organ- In the meanwhile, Cryptacus’
isation my Milena Djukanovic, and members are invited to collaborate Gildas
it even got some coverage by Mon- on their own. Several initiatives have
tenegro’s Ministry of Research (see also been launched: a H2020 project Recommended reading
https://goo.gl/ug1GpF). proposal (see the email sent by Billy
Brumley), a collaborative book about
We also funded 6 grants for short- cryptanalysis in ubiquitous comput-
term scientific missions from, or to, ing systems (Julio Hernandez-Castro
the following countries: Belgium, will provide us with more details in
Finland, Greece, Italy, Israel, Nether- the coming weeks), and also do not
lands, Spain, Sweden, and Switzer- forget to promote STSMs, open fac- This month we will start with a
land. Cryptacus also funded the 14 ulty positions, and PhD theses in the paper on Grouping Proofs by Denis
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 1
Trc̆ek. It was published in the Journal per annum. Needless to say,
Sensors in 2016, number 16, volume this is the largest informa-
1. Its title is Wireless Sensors Grouping tion security group in the UK,
Proofs for Medical Care and Ambient and one of the most presti-
Assisted-Living Deployment, and you gious. More info at https://
can read it at http://www.mdpi. Please send us any employment op- goo.gl/0YZzp2. They also of-
com/1424-8220/16/1/33. portunity you want to publicize in fer https://goo.gl/hWCgvY a
the newsletter. more teaching-focused position
The paper provides a lengthy at the same Lecturer level.
and detailed review of the grouping There are plenty of interesting • Lecturer in Computer Security
proofs literature, detailing the many open positions, such as:
at the School of Computer Sci-
security issues encountered and tries
ence, within the College of
to extract lessons and prudent engi- • A PhD Scholarship is open for
Engineering and Physical Sci-
neering practices from them. It offers a thesis on forensics in em-
ences of the University of Birm-
a new lightweight grouping proof bedded systems in the research
ingham. Deadline for applica-
with privacy provisioning, and with group of Prof. Gildas Avoine in
tions is the 2nd of April. Salary
a formal security proof in HLPSL for Rennes (France). The PhD the-
range is £39,324 to £52,793,
AVISPA. sis will start in Fall 2017. Ap-
for a full time, permanent po-
plications must be sent before
sition. Birmingham has a much
Funding News April 20th , 2017. More informa-
smaller security group but they
tion at http://www.avoine.
have some very talented peo-
net/forensics_avoine.pdf
ple and have recently recruited
• Prof. Milutinovic wants us very well and continue to at-
to announce this position tract talent. Also one of the very
with Maxeler CyberSecu- top security groups in the UK.
rity https://www.maxeler. For applying, check https://
com/about-us/careers/ goo.gl/yDLQS9.
opportunities/#cyber_sec For other interesting positions
all across Europe, please check the
• Professor in Cryptology at
recently revamped “Researchers in
Aalto University. Deadline is
Motion” portal https://euraxess.
Following our H2020 Opportu- the 01/04/2017. More info at
ec.europa.eu/.
nities presentation in Montenegro, https://goo.gl/7hy5GL
we are happy that both Miodrag Mi-
• Professorship in Computer Net- Proposals for STSMs
haljevic and Billy Brumley gave it a
works and Communication Sys-
try to mount consortia and propos-
tems at Brandenburg Univer-
als for the Crypto call. Good luck to
sity of Technology (BTU). They
both and thanks for moving things
mention their interest in the ar-
forward! I am sure that many great
eas of “the internet of things”
things will come in the future when
and “security in computer net-
we target other calls with more time.
works”. The application dead-
This is why we will continue to ar- By now, you should be already
line is the 06/04/2017. Ger-
range another H2020 session on the familiar with what Short Term Scien-
man and English fluency re-
next Cryptacus meeting. It will be a tific Missions (or STSMs, for short)
quired. More info at https://
good opportunity to discuss some of are, but we have a healthy budget for
www.b-tu.de/fakultaet1/.
the most relevant future calls in de- them within the Cryptacus project
tail, and plan well ahead of them to In addition, a good number of and not enough demand.
increase your success chances. positions in the other side of the
If you are interested in participating channel have recently opened Until somebody sends more pro-
in this session, and particularly if you or are about to close: posals, we will repeat the STSM of-
want to briefly present a project idea fers of the past, including that of
to get feedback and potentially start • Lecturer in Information Secu-
Aurélien Francillon and mine.
building-up a consortium, please con- rity at the Information Secu-
tact me for booking a slot. rity Group of Royal Holloway,
University of London. Dead- • “At Eurecom we are actively
line is the 9th of April, and working on analyzing em-
Open Positions the salary £41,458 to £49,059 bedded devices software and
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 2
building methodologies and people) and lots of practical labs. In
tools for this. An example of addition, they offer a limited number
that is ourvopen source Avatar of student stipends to cover registra-
Framework (see http://s3. tion.
eurecom.fr/tools/avatar/)
which is aimed to reverse en- The summer school on real-world
gineer devices and search for crypto and privacy organised by Lejla
vulnerabilities. We are happy will take place in Sibenik (Croatia),
to receive visitors interested in June 5 to 9. Highly recommended,
Another interesting news item is
the topic, for example to get for all ages! Registration will open
the development of a new Metas-
help to start using the Avatar early February 2017. More relevant
ploit extension for testing the secu-
framework on a given device.” info at https://goo.gl/cSCcUZ.
rity of IoT devices. This extension
is called RFTransceiver and will let
ESORICS is this year in beautiful
us detect and scan wireless devices
Oslo, from 11-15 September. Submis-
operating outside the 802.11 spec.
sion deadline is April 19th . Hope to
This could be very useful for pen-
see many of you there!
testers and researchers finding vul-
nerabilities, for example, in smart
lighting systems using the Zigbee
communication protocol, network-
• I will be happy to receive any- enabled alarms, surveillance and
one interested in investigating door control systems, etc. More info Indocrypt is this year in Chennai,
the many limitations and pit- at https://goo.gl/RuXDEV. This is with a paper submission deadline of
falls of the PRNGs and the an useful addition to their IoT- August 20th and notification on the
TRNGs currently in use on IoT seeker free tool for finding connected 5th of October. The conference will be
devices. IoT devices and checking for de- from 10-13 December.
fault passwords, that can be down-
Blogs and posts to read loaded from https://information.
rapid7.com/iotseeker.
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 3
M AY 2017, N O 8
Cryptacus Newsletter
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 1
ist despite the correct use of cryp- More info at https://goo.gl/
tography. Concretely, they investigate m35w5A
the potential for using packet length
and timing information extract valu- • Senior Lecturer / Associate Pro-
able information from a device. Ex- fessor in Security at The Uni-
ploiting this, they can distinguish versity of Sydney - School of
Please send us any employment op-
(fingerprint) between devices, know Information Technologies, Fac-
portunity you want to publicize in
which different programs are running ulty of Engineering and Infor-
the newsletter.
on the same device, including which mation Technologies. Appar-
sensor is accessed. They also distin- ently housing prices in Sydney
Interesting opportunities are
guish between different ICMP mes- are astronomical, but the salary
lately arising in computer security
sage types despite the use of encryp- for the position, ranging from
with the transparent aim to attract
tion. £88,332.30 to £117,175.50
talent willing to leave the UK af-
may be good enough to cover
They finish their work by provid- ter Brexit. New Zealand, Australia,
for that. Deadline for applica-
ing a set of recommendations to ef- Canada and Ireland are some of the
tions is the 14th May. More info
ficiently mitigate these side channels firsts moving in this direction, as
at https://goo.gl/tT0U0X.
in the IoT context, notably padding shown in the list below. When will
and using time-constant code. France, the Netherlands and Ger- In addition, a good number of
The paper is very practical, with ex- many follow? Asking for a friend... positions on the wrong side
amples over two extremely popular of the channel have recently
devices running on an open source • Lecturer in Digital Security. opened:
OS (Contiki) with a typical stack of University of Auckland, New
Zealand - Faculty of Science, • Assistant/Associate Professor in
protocols. Computer Science at Durham
Department of Computer Sci-
ence. Deadline of 25th May University. Deadline is the 30th
Funding News 2017. They are particularly in- May, salary up to £55,998.
terested in experts on digital They mention in the job de-
forensics, security testing, or scription both computer secu-
software obfuscation, security rity and cryptographic analysis,
or privacy for mobile devices, whatever that may be. Apply at
cyber-physical systems (esp. In- https://goo.gl/pTPqwC.
ternet of Things), machine-to- • Last but not least, a couple of
machine systems, and big data new positions at the University
systems. More information at of Kent, my current institution,
https://goo.gl/Zb1tLJ. at the Senior Lecturer and the
• Senior Lecturer in Secure Sys- Lecturer level. Deadline is the
tems University of Surrey - 5th of June, applications and
Department of Computer Sci- further info at https://goo.
ence. Deadline is the 25th gl/7AjKg2.
We will continue to arrange an- May. Salary is from £39,324 to
other H2020 session on the next For other interesting positions
£57,674 per year. Two priority all across Europe, please check the
Cryptacus meeting. It will be a good areas are security through hard-
opportunity to discuss some of the recently revamped “Researchers in
ware and applied cryptography Motion” portal https://euraxess.
most relevant future calls in detail, and secure systems and applica-
and plan well ahead of them to in- tions https://goo.gl/HUWh5F.
ec.europa.eu/.
crease your success chances. There is a similar position at the
Proposals for STSMs
Lecturer level in the same in-
If you are interested in partici- stitution with the same dead-
pating in this session, and particu- line, you can get more info at
larly if you want to briefly present a https://goo.gl/xAaDbA.
project idea to get feedback and po-
tentially start building-up a consor- • Professor in Cryptology at Aalto
tium, please contact me for booking University. This post has been
a slot. around for a while. The dead-
line for applications has been By now, you should be already
moved forward from the 1st familiar with what Short Term Scien-
Open Positions April to the 3rd of May. tific Missions (or STSMs, for short)
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 2
are, but we have a healthy budget for âĂIJphlashingâĂİ. PDoS are attacks
them within the Cryptacus project that damage systems so badly that
and not enough demand. they require replacement or reinstal-
lation of hardware.
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 3
in Graz, Austria. Topics range from LatinCrypt is this year in La Ha-
software exploits and hardware side- bana, Cuba, running immediately af-
channels to formal methods for se- ter the Advanced School on Cryptol-
curity verification. Standard registra- ogy and Information Security in Latin
tion was open until April 16. More America (ASCrypto 2017), in cooper-
info at http://springschool.iaik. ation with IACR. The school will take Indocrypt is this year in Chennai,
tugraz.at/. place from the 17-19 September, and with a paper submission deadline of
the LatinCrypt conference from the August 20th and notification on the
The program is very interesting, 20-22. Deadline for paper submission 5th of October. The conference will be
and brings in some of the best in is the 8th May at 2pm GMT. from 10-13 December.
the area (including many Cryptacus
people) and lots of practical labs. In
addition, they offer a limited number
of student stipends to cover registra-
tion.
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 4
J UNE 2017, N O 9
Cryptacus Newsletter
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 1
More controversially, they argue Although off-putting in size, these Zealand - Faculty of Science,
that lightweight cryptography is too documents outline all the calls, bud- Department of Computer Sci-
large a field that should be split into gets and deadlines for the next three ence. Deadline of 25th May
two related but distinct areas: ultra- years: 2018-2021 (with the exception 2017. They are particularly in-
lightweight and IoT cryptography. of the ERC that publishes annually). terested in experts on digital
forensics, security testing, or
They propose the former to deal We cannot share these documents software obfuscation, security
only with the smallest of devices, publicly, but will be happy to answer or privacy for mobile devices,
for which a lower security level may your questions on particular calls if cyber-physical systems (esp. In-
be justified by the very harsh design you send them to me by email. ternet of Things), machine-to-
constraints. They envision the lat- machine systems, and big data
ter to focus on low-power embedded Use this opportunity to check calls systems. More information at
processors for which the AES and in your area of interest and buy your- https://goo.gl/Zb1tLJ.
modern hash function are too costly self months of extra time before the
but which have nevertheless to pro- calls are published later in the year • Senior Lecturer in Secure Sys-
vide a high level of security due to or in coming years. tems University of Surrey -
their greater connectivity. Department of Computer Sci-
As a brief taster, the areas most ence. Deadline is the 25th
Perhaps not all readers will agree relevant to the Cryptacus aims are May. Salary is from £39,324 to
with this proposal, but their division perhaps those covered in the Se- £57,674 per year. Two priority
makes sense and provides good food cure Societies. in particular we want areas are security through hard-
for though. to highlight the following calls: SU- ware and applied cryptography
INFRA02-2019 on ’Security for Smart and secure systems and applica-
As the authors say ’connecting a Cities and soft targets in Smart cities’. tions https://goo.gl/HUWh5F.
family of devices to a global network Interestingly, subtopic 3 on ’Under- There is a similar position at the
and protecting them with an 80-bit standing the drivers of cybercriminal- Lecturer level in the same in-
key is not a desirable situation, and ity and new methods to prevent, in- stitution with the same dead-
yet it is what may happen if an ultra- vestigate and mitigate cybercriminal line, you can get more info at
lightweight algorithm is used where behaviour’ has a description around https://goo.gl/xAaDbA.
an IoT one is needed’. Indeed. IoT and how it is an increasingly in-
• Hamilton Professorships in
terested target for cybercriminals.
Computer Science at Maynooth
Funding News University. The areas of interest
Open Positions cover, between others, Cyber-
security and Privacy. Plenty of
time to decide whether to ap-
ply, with a deadline on Friday
20th of October. Salary could
be e110,060 to e139,501 p.a.
for Professor A and e80,650
Please send us any employment op- to e106,655 p.a. for the Pro-
portunity you want to publicize in fessor B range. More info at
the newsletter. https://goo.gl/LSvKhM.
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 2
• There is also an exceptional and not enough demand. All over the news in recent times
opportunity at the increasingly here in the UK has been a study
active and prestigious secu- Until somebody sends more pro- by University of Twente that claims
rity group at the Vrije Univer- posals, we will repeat the STSM of- that smart meters are producing in
siteit Amsterdam. The post is fers of the past, including that of some case readings that wrongly try
for an Assistant or Associate Aurélien Francillon and mine. to charge customers up to six times
Professor position in Systems their right consumption.
Security, with a salary from
e3605 to e6438. More info at • “At Eurecom we are actively An example of this, covered
https://goo.gl/5bWHl8. working on analyzing em- in The Telegraph, is at https:
bedded devices software and //goo.gl/RtDXL1. This is, of course,
building methodologies and not great for smart meter adoption
In addition, there are a good
tools for this. An example of and by extension also could affect
number of positions on the
that is ourvopen source Avatar other smart devices.
wrong side of the channel:
Framework (see http://s3.
eurecom.fr/tools/avatar/) This is particularly worrisome in
• Assistant/Associate Professor in which is aimed to reverse en- the uK, as the government is push-
Computer Science at Durham gineer devices and search for ing for putting smart meters in every
University. Deadline is the 30th vulnerabilities. We are happy household by 2020, claiming it will
May, salary up to £55,998. to receive visitors interested in improve the accuracy of people’s en-
They mention in the job de- the topic, for example to get ergy bills.
scription both computer secu- help to start using the Avatar
rity and cryptographic analysis, framework on a given device.” The study points this is not always
whatever that may be. Apply at the case, and gives conspiracy theo-
https://goo.gl/pTPqwC. rists too worried about their privacy
impact https://goo.gl/mqoQVB fur-
• Lecturer/Senior Lecturer in Cy- ther fuel to vigorously oppose these
ber Security at De Montfort measures.
University - Faculty of Technol-
ogy. De Montfort is recruiting
Apparently the main culprits are
heavily in recent times, and
’green devices such as energy saving
clearly is trying to attract talent
light bulbs, heaters, LED bulbs and
and build a good cybersecurity • I will be happy to receive any- dimmers that change the shape of
team. Deadline for applications one interested in investigating electric currents which can result in
is the 2nd of July. More info at the many limitations and pit- a distorted reading’. Interesting but
https://goo.gl/0tK1AX falls of the PRNGs and the very troubling.
TRNGs currently in use on IoT
devices.
For other interesting positions
all across Europe, please check the Blogs, posts and other
recently revamped “Researchers in good reads
Motion” portal https://euraxess.
ec.europa.eu/.
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 3
issues that they can be easily com-
promised remotely so that attackers
can get total control over them and
heir video feeds.
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 4
J ULY 2017, N O 10
Cryptacus Newsletter
News from the Chair will also be sent soon. You can read a preliminary
by G ILDAS AVOINE version of it at https://goo.gl/
Another major action that will ih2MTG.
be launched soon, is the writing of
a book on the topics addressed in The authors present their report
Cryptacus. on a research project commissioned
the EU on the future of safety reg-
This idea comes from Montene- ulations once computers IoT is ev-
gro’s meeting, and Julio and I cur- erywhere. Authors reason that the
rently work on the organization of EU already regulates many aspects
Dear Cryptacus Members, this collaborative work. Cryptacus’ of the safety of vehicles, medical de-
members will receive an email soon vices, electrical equipment, domestic
The summer break is coming about this work. appliances and even toys and that
soon, and this newsletter is the last as these devices become ’smart’ their
one of the current academic year. I am sure many of you will be vol- vulnerabilities may be remotely ex-
unteers to work on this issue, possibly ploited, with consequent risks.
The next one will be in Septem- with some of your PhD Students.
ber. I hope you will enjoy your sum- These systems are certified under
mer break and come back well rested Have a great Summer! a disparate range of European, na-
in September. tional, industry and other schemes
so in their work they describe the
Gildas
On November 16-18, 2017 in Ni- problems and outline the opportu-
jmegen (Netherlands) Lejla Batina nities for governments, industry and
will organize Cryptacus’ workshop.
Recommended reading researchers.
You can already motivate your PhD This month we will briefly cover
students and colleague to submit a an important paper just uploaded to The controversially state:’The EU
presentation. the WEIS 2017 program webpage ti- is already the world’s main privacy
tled Standardisation and Certification regulator, as Washington doesn’t care
A call for presentation will be of the ’Internet of Things’ by Eireann and nobody else is big enough to
published during the summer. As I Leverett, Richard Clayton and Ross matter.’
told you in the last newsletter, the in- Anderson.
vitation letters for the MC members This will generate huge oppor-
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 1
tunities and challenges, and change ity and new methods to prevent, in- and secure systems and applica-
the environment as we see it now. vestigate and mitigate cybercriminal tions https://goo.gl/HUWh5F.
For example, they claim that safety behaviour’ has a description around There is a similar position at the
and security are merging: safety en- IoT and how it is an increasingly in- Lecturer level in the same in-
gineers are going to have to learn all terested target for cybercriminals. stitution with the same dead-
about security, and vice versa. line, you can get more info at
Open Positions https://goo.gl/xAaDbA.
Interesting food for though.
• Hamilton Professorships in
Funding News Computer Science at Maynooth
University. The areas of interest
cover, between others, Cyber-
security and Privacy. Plenty of
time to decide whether to ap-
ply, with a deadline on Friday
20th of October. Salary could
be e110,060 to e139,501 p.a.
for Professor A and e80,650
Please send us any employment op- to e106,655 p.a. for the Pro-
We have been given early access portunity you want to publicize in
to the next set of EU Horizon2020 fessor B range. More info at
the newsletter. https://goo.gl/LSvKhM.
draft work programmes.
Interesting opportunities are • Senior Lecturer / Associate Pro-
These are important documents - lately arising in computer security fessor in Security at The Uni-
describing all the EU research fund- with the transparent aim to attract versity of Sydney - School of
ing calls that will happen between talent willing to leave the UK af- Information Technologies, Fac-
2018 and 2021. ter Brexit. New Zealand, Australia, ulty of Engineering and Infor-
Canada, China and Ireland are some mation Technologies. Appar-
This is a great opportunity to get of the firsts moving in this direction, ently housing prices in Sydney
ahead of the game, plan early and as shown in the list below. When will are astronomical, but the salary
start talking to collaborators. France, the Netherlands and Ger- for the position, ranging from
many follow? Asking for a friend... £88,332.30 to £117,175.50
Although off-putting in size, these
may be good enough to cover
documents outline all the calls, bud-
for that. Deadline for applica-
gets and deadlines for the next three • Lecturer in Digital Security. tions is the 14th May. More info
years: 2018-2021 (with the exception University of Auckland, New at https://goo.gl/tT0U0X.
of the ERC that publishes annually). Zealand - Faculty of Science,
Department of Computer Sci- • There is also an exceptional
We cannot share these documents ence. Deadline of 25th May opportunity at the increasingly
publicly, but will be happy to answer 2017. They are particularly in- active and prestigious secu-
your questions on particular calls if terested in experts on digital rity group at the Vrije Univer-
you send them to me by email. forensics, security testing, or siteit Amsterdam. The post is
software obfuscation, security for an Assistant or Associate
Use this opportunity to check calls or privacy for mobile devices, Professor position in Systems
in your area of interest and buy your- cyber-physical systems (esp. In- Security, with a salary from
self months of extra time before the ternet of Things), machine-to- e3605 to e6438. More info at
calls are published later in the year machine systems, and big data https://goo.gl/5bWHl8.
or in coming years. systems. More information at
https://goo.gl/Zb1tLJ.
As a brief taster, the areas most In addition, there are a good
relevant to the Cryptacus aims are • Senior Lecturer in Secure Sys- number of positions on the
perhaps those covered in the Se- tems University of Surrey - wrong side of the channel:
cure Societies. in particular we want Department of Computer Sci-
to highlight the following calls: SU- ence. Deadline is the 25th
INFRA02-2019 on ’Security for Smart May. Salary is from £39,324 to • Assistant/Associate Professor in
Cities and soft targets in Smart cities’. £57,674 per year. Two priority Computer Science at Durham
Interestingly, subtopic 3 on ’Under- areas are security through hard- University. Deadline is the 30th
standing the drivers of cybercriminal- ware and applied cryptography May, salary up to £55,998.
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 2
They mention in the job de- publishing here. Until I do not have
scription both computer secu- any more, I’ll just publish mine.
rity and cryptographic analysis,
whatever that may be. Apply at
https://goo.gl/pTPqwC.
• Lecturer/Senior Lecturer in Cy-
ber Security at De Montfort
University - Faculty of Technol-
ogy. De Montfort is recruiting
heavily in recent times, and
clearly is trying to attract talent A funny piece of news was the
and build a good cybersecurity revelation that a number of CIA con-
team. Deadline for applications tractors were fired for stealing from
is the 2nd of July. More info at • I will be happy to receive any-
a smart vendor machine. The inves-
one interested in investigating
https://goo.gl/0tK1AX tigation, unveiled by BuzzFeed after
the many limitations and pit-
requesting a FoIA, showed that the
falls of the PRNGs and the
total amount of snack stolen was of
TRNGs currently in use on IoT
$3,314.
devices.
They used some sort of manipu-
lates payment cards after unplugging
Blogs, posts and other a cable connecting the machines to
good reads their electronic payment system.
New Fund for investing on IoT
start-ups They were caught after surveil-
Last, but not least, our CRYPTA-
lance cameras at several vending
CUS colleague Billy Brum-
locations recorded their moves.
ley (you can contact him at Trend Micro, the well known
billy.brumley@tut.fi) sent us security company, has recently
They admitted to the thefts. All
this position at his institution: launched a $100 million fund to in-
surrendered their CIA badges, were
vest in promising start-ups in the area
• Tenure Track at Assistant Pro- escorted from the building by se-
of IoT security.
fessor or Associate Professor curity, and fired by their respective
level, with a focus on software contract employers.
security, hardware security, crit- The company current value is
ical systems security or network around $7.5 billion, and it is present The Department of Justice de-
security at Tampere University in over 50 countries, with over 5,000 clined to press charges. More info
of Technology. The deadline is staff, and is best known for IT secu- here https://goo.gl/9wY5bw.
28 Aug. More information at rity products that include threat de-
https://goo.gl/9UCn16 tection and antivirus. A spokesperson
said:’Working with these investments
For other interesting positions will uncover insights into emerging
all across Europe, please check the ecosystem opportunities, disruptive
recently revamped “Researchers in business models, market gaps and
Motion” portal https://euraxess. skillset shortages.
ec.europa.eu/.
These learnings will influence
Proposals for STSMs Trend Micro’s cybersecurity solu-
By now, you should be already tion planning across the company’. Hypponen’s Bleak Forecast
familiar with what Short Term Scien- The form is looking at making 15-20
tific Missions (or STSMs, for short) investments per year. If you’re inter- Mikko Hypponen, the chief re-
are, but we have a healthy budget for ested in this initiative, please check search officer at F-Secure, gave a
them within the Cryptacus project https://goo.gl/6pacxQ. very interesting but arguably pes-
and not enough demand. simistic interview to The Reg (more
Not so smart, robbing smart at https://goo.gl/cwn1aj) dis-
Please send your willingness to vending machines cussing IoT security.
receive STSMs proposal to me for
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 3
Hypponen says IoT is unavoid- A very interesting piece pub- Indocrypt is this year in Chennai,
able. "If it uses electricity, it will be- lished in WIRED recently (https: with a paper submission deadline of
come a computer. If it uses electricity, //goo.gl/cCAsuT) showing yet an- August 20th and notification on the
it will be online. In future, you will other potential hacking target that 5th of October. The conference will be
only buy IoT appliances, whether you no-one though of previously, wind- from 10-13 December.
like it or not, whether you know it or farms. For two years researchers at
not." the University of Tulsa have been
He added: "Home appliance manu- pen-testing wind farms around the
facturers will be adding connectivity United States and found some glar-
to every device, no matter how mun- ing vulnerabilities. They will present
dane, because the price of adding it some of the technical details at Black
will be marginal. Those devices will Hat. After bypassing the physical se-
not be going online to benefit the curity put in place (which seems to
consumer, they will be going online be exceedingly easy, most are just
to benefit the vendor." protected by a PIN or a lock) and The 16th IMA International Con-
If this was not worrying enough, he planting a Raspberry Pi in a single ference on Cryptography and Coding
affirmed "They want analytics. In 10 turbine, they managed to compro- will take place in St Catherine’s Col-
or 15 years, they will add this 2-cent mise all the ones in the windfarm lege, University of Oxford from 12-
chip on every toaster. Now they know and mount attacks able of stopping 14 December. The deadline for sub-
where their customers are, on which then, repeatedly and suddenly trig- mission is the 14th of July. This is a
side of the city, how often do they gering their brakes to damage them, prestigious and venerable conference
toast, at what time of day, with what and relaying false feedback to oper- with an excellent Program Commit-
kind of bread, how often there are ators to prevent the sabotage from tee. More info at https://goo.gl/
failures. We can’t avoid the IoT revo- being detected. As Prof. Staggs, the KejTXB.
lution by refusing to play part." leader researcher, said "Once you
"Consumer appliance vendors which have access to one of the turbines,
are serious about [security] are very it’s game over."
hard to find," said Hypponen, "be- Quite interesting stuff and a new
cause cybersecurity is not a selling critical domain in desperate need for
point for washing machines. Price security.
is the most important selling point.
This means we are setting ourselves
up for failure." See you all back in September!
Interesting thoughts that, if true,
guarantee hard work for us Crypta- Best,
cus people for many years to come. Julio Hernandez-Castro
Event calendar
The 17th Smart Card Research
and Advanced Application (CARDIS)
Conference will be held in Lugano,
Switzerland, from November 13th to
15th 2017. The deadline is the 21st
of July.
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 4
S EPTEMBER 2017, N O 11
Cryptacus Newsletter
September 2017
Cryptacus Newsletter
Welcome to the September edition of the monthly
Cryptacus.eu newsletter, offering a glimpse into re-
cent developments in the cryptanalysis of IoT & re-
lated areas. Send more of your contributions, com-
ments & feedback at cryptacus.newsletter@irisa.fr
News from the Chair looking forward to work with her. the scientific agenda of the work-
by G ILDAS AVOINE shop.
Following the last Cryptacus
event, Milena Djukanovik concate- Please, note that a call for pre-
nated the abstracts received from the sentations will also be published next
speakers in order to issue a booklet. week. You can already write - or
It will be available on the Cryptacus invite your PhD students, Postdocs,
website very soon. colleagues, etc. to write - a short pro-
posal for a presentation, as done in
About the website: I already told Montenegro.
Dear Cryptacus Members, you that Pascal Junod (Switzerland)
left Cryptacus, given he got a new Finally, as already announced be-
I hope your all enjoyed your sum- position in a private company. Pascal fore the summer, the MC decided
mer break. The Cryptacus’ newsletter was our website manager, and he has that the Action should issue a book
is back, and I am pleased to announce been replaced by Ludovic Perret from about the cryptanalysis in ubiquitous
many good news. France. I would like to kindly thank computing systems. The book should
Ludovic for accepting to take care of be published before the end of the
First of all, the COST Association this new role. Action, namely December 2018. A
announced this summer that it has draft of call for chapters has been
been granted extra budget (EUR 6.67 As you know, the next Crypta- drafted and it will soon discussed by
million) from the European Commis- cus event will be in Nijmegen (The the working group leaders and vice-
sion. This has mainly been used to Netherlands) on November 16th- leaders. We expect to release the fi-
increase the budget of running COST 18th. A website has been created nal call for chapters to the Cryptacus
Actions, including Cryptacus. by Lejla Batina and Veelasha Moon- community by the end of September.
samy and it is now publicly available
Another news from the COST As- : at https://cryptacus.cs.ru.nl/ As promised, many good news
sociation is that Karina Marcus is the index.shtml in this letter, and many forthcom-
new science officer in charge of our ing scientific activities. Have a great
action, replacing Luule Mizera. It was The official invitations will be sent September!
a great pleasure to work with Luule to the MC Members in the coming
since February 2015. I would now days, and I will send to this mailing Gildas
like to welcome Karina, and I am list, next week, more details about
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 1
Opportunities ENISA Call for IoT Experts weak crypto, serious firmware update
ISO SC 27 WG2 call for contri- The European Union Agency for problems, and lots of privacy issues
butions Network and Information Security steaming from a variety of undocu-
We thank Orr Dunkelman for point- (ENISA) has launched a Call for Par- mented features.
ing us towards a call for contributions ticipation to invite experts in security
by ISO SC 27 WG2. This is the ISO of Internet of Things into its expert
work group that deals with Crypto group. The creation of the ENISA IoT
(it is aptly named ’Cryptography and SECurity (IoTSEC) Experts Group
security mechanisms’), and the dis- aims at gathering experts in the do-
cussion seems to be of relevance to mains of the entire spectrum of In-
the CRYPTACUS action. The deadline ternet of Things to exchange view-
for the contributions is the 15th of points and ideas on cyber security
September. threats, challenges and solutions. I
This request has to do with a highly recommend you to read more
first move to study the possibility about the IoTSEC group at https:
//resilience.enisa.europa.eu/ Hacking robots could have a num-
of standardising tweakable block ci- ber of undesirable impacts, depen-
phers and permutations. In this vein, iot-security-experts-group-1
and join it by filling the form at dent on the environment they are
they want your views on the follow- used on. For example, the authors
ing questions: https://goo.gl/tzEJkC. It will be
great to have a more significant pres- mention that at home they mostly
ence from Cryptacus members in a lead to privacy issues, with a minor
1. What advantages or disad-
group that will likely influence Euro- possibility of human and property
vantages do tweakable block
pean Security policies regarding IoT damage. The compromise of robots
ciphers have over conven-
for years to come. in use on business and industry en-
tional block ciphers and crypto-
vironments lead naturally to espi-
graphic permutations? Recommended reading onage, human and property damage
2. What advantages or disadvan- and to the compromise of corporate
tages do cryptographic permu- and business networks. It is in a
tations have over conventional healthcare or military context where
block ciphers and tweakable successful attacks can be more dan-
block ciphers? gerous, according to the authors, as
these will lead to direct threats to hu-
3. Are there any tweakable block man lives.
ciphers or cryptographic per- They highlighted that finding
mutations that are worth con- robots in large networks is easer than
sidering for standardization? expected, thanks to mDNS (multi-
This month we will cover a paper cast DNS) and the fact they tend to
4. Are there any modes of opera- called ’Hacking Robots Before Skynet’
tion for tweakable block ciphers use only a small range of hostnames
by Cesar Cerrudo (@cesarcer) who such as nao.local or ur.local and serial
or cryptographic permutations is the CTO of IOActive Labs and Lu-
that should be considered as numbers such as 011303P0017.local.
cas Apa (@lucasapa) that is a Se-
well? nior Security Consultant. Their work
5. Similar to cryptographic per- was presented at the HITB GSEC
mutations and tweakable block Conference in Singapore. The or-
ciphers, are there other mature ganisers have uploaded all contri-
symmetric-key primitives that butions to https://gsec.hitb.org/
should be considered for stan- materials/sg2017/.
dardization? The authors presented an exten-
sive piece of work investigating a va-
You can get more info at riety of robots, from home robots to
the webpage of the committee industrial ones, and found a wor-
http://isotc.iso.org/livelink/ rying number of security issues. A I was particularly interested in
livelink/open/jtc1sc27wg2. non-exhaustive list of the problems their analysis of robots as dan-
Please send your contributions to included insecure communications, gerous insider threats, mentioning
Atul Luykx or Tomer Ashur, both at memory corruption issues, remote that they come frequently equipped
KU Leuven, Who are the rapporteur code execution vulnerabilities, file with multiple microphones, HD and
and co-rapporteur, respectively. integrity and authentication issues, sometimes even 3D cameras that
lack of authorisation, the use of can be turned into spy cams, and
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 2
loaded with privacy-relevant algo- lesser known area that shares many Furthermore, there are a series of
rithms such as in-built face recogni- characteristics with IoT. national events planned, check with
tion software. This landscape make your National Contact Point for fur-
the ideal targets to gain extremely Funding News ther info at this stage.
valuable intelligence from inside a
company and of course the bunch of Open Positions
robots they examined offered little
to none security protections against
these attacks.
They have produced an hilarious
video, in which a hacked UBTech Al-
pha 2 goes ’Chucky’ https://youtu.
be/9A4ZQgzfl0Y that I highly recom- The European Commission will
mend you. organise a number of information
days in Brussels on the upcoming
2018-2020 calls for proposals in the
last Work Programme of Horizon
2020 (to be published in October).
These events will provide infor- Please send us any employment op-
mation on the content of the calls portunity you want to publicize in
and will often be combined with ded- the newsletter.
icated brokerage events to support Asking for a friend when oh when
there will be a more serious and
A somewhat less impressive but prospective applicants with finding
concerted effort from Europe to
highly educational video showing partners for projects.
The following events are planned attract talent willing to leave the
SoftBank’s NAO and Pepper robot
in the coming months. UK after the disastrous Brexit. Fine
being used as an espionage tool
countries such as New Zealand, Aus-
can be seen at https://youtu.be/ • 3-4 October 2017 - Industrial tralia, Canada, China and Ireland are
DSSTUvqMB3M. Innovation Information Days unashamedly moving in this direc-
Even worse than all their findings 2017 -Registration is already tion. When will France, the Nether-
(they are many more than the ref- open. lands and Germany follow?
erenced here, I strongly recommend
you to read their paper) was the ven- • 23-25 October 2017 - Energy
dor’s response after they responsibly Challenge Information Days -
disclosed they vulnerabilities found. Registration opens in Septem- • Optus Cyber Chair at La Trobe
Most of them reacted quite positively ber. University in Melbourne - Aus-
to the findings, and in some cases tralia. Full time, permanent po-
• 26-27 October 2017 - ’Cities
they even promised a quick patch or sition. The Optus Cyber Chair is
of the Future 2017’ Interna-
firmware update but unfortunately 3 anticipated to be a prominent
tional Brokerage Event - Save
months later many haven’t produced appointment of academic lead-
the date.
or deployed any solutions. ership at the level of profes-
The researchers found manu- • 8-9 November 2017 - Climate sor (Level E) and is a continu-
facturers were way more focused Societal Challenge Information ing role at La Trobe. Candidates
and more ready to invest in mar- Day and Brokerage Event - Reg- must have academic experience
keting than in security. The au- istration opens in September. and performance together with
thors found that too many research an international profile consis-
projects moved into production with- • 9-10 November 2017 - ICT Pro- tent with the expectations of
out adding security, and that the very posers’ Day 2017 in Budapest - appointment as a full profes-
basic human safety protections they Registration is already open. sor at La Trobe. The incum-
come with can be easily and remotely • 14-17 November 2017 - Food bent is expected to conduct and
disabled so that robots can kill and Security Societal Challenge 2 lead innovative and high im-
hurt people, and also damage prop- Infoweek - Registration opens pact research at an interna-
erty. Something needs to be done to in late September. tionally distinguished level and
address these threats, and very ur- produce high quality publica-
gently. • 8 December 2017 (TBC) - tions resulting from that re-
A very nice piece of practical re- Health Societal Challenge In- search. More info at https://
search that brings to our attention formation Day - Save the date. goo.gl/Teo81S. Deadline is the
multiple security issues in a relatively Registration opens in October. 18th September.
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 3
• Professor/Chair in Cyber Se- in Cyber Security at Lancaster Mirai-based malware vaccine
curity at the Victoria Univer- University, Department of Com- could protect insecure IoT devices
sity of Wellington in Welling- puting and Communications.
ton, New Zealand. Another in- These are two full time and A white worm derived from the Mirai
teresting position from down permanent positions at one of botnet aims to protect the most inse-
under. A perfect fit for lovers of the few prestigious GCHQ ac- cure IoT devices. The idea is not to-
The Lord of the Rings, The Hob- credited Centers of Excellence tally original, we discussed a similar
bit, The Chronicles of Narnia in Cybersecurity Research. The concept in a past newsletter, and not
and/or earthquakes and sheep. people at Lancaster are build- free of legal or ethical implications
Another full time, permanent ing one of the largest and most either: to abuse the vulnerability of
position. Bad jokes aside, the visible cybersecurity groups in these devices to inject a worm that
University is ranked in the top the UK and this investment is patches them. Its creators argue that
2% world-wide and Welling- starting to bore fruit. The com- it is ’similar to the epidemiological
ton has been rated in 2017 as mon deadline for these posi- approach that creates immunity with
the World’s best city for qual- tions is the 3rd of November. a vaccine by exposing the immune
ity of life. They state in the ad The Lecturer position https: system to a weakened form of the
that they have a very strong //goo.gl/G2NtmG has a salary disease.’
link with Carnegie-Mellon, and range of £34,520 to £47,722 There still remain many issues:
look to, in collaboration with and the Senior Lecturer posi- for example, some devices cannot be
an industry partner, host a tion https://goo.gl/bRQdpu fixed because they have hard-coded
CSIRT. Deadline for applica- goes from £50,618 to £56,950. passwords or back doors. Others have
tions is the 19th of Septem- software or firmware vulnerabilities
ber. Additional info at https: that are very hard to patch because
For other interesting positions
//goo.gl/JebwLx of a lack of a software update mech-
all across Europe, please check the
recently revamped “Researchers in anism.
• Professor in the Department of
Computer Science at Durham Motion” portal https://euraxess. The idea was presented and de-
University - Department of ec.europa.eu/. veloped in a paper called ’AntibIoTic:
Computer Science. This posi- Protecting IoT Devices Against DDoS
tion in one of Britain’s finest Proposals for STSMs Attacks’. This worm also tries to no-
universities is not particularly By now, you should be already tify the owner or remedy the prob-
earmarked for cybersecurity, familiar with what Short Term Scien- lem on the owner’s behalf by chang-
but they seem to be open to tific Missions (or STSMs, for short) ing credentials, patching software or
any outstanding candidate and are, but we have a healthy budget for updating firmware if at all possible.
to the best of my knowledge them within the Cryptacus project You can read a preprint in https:
there is no-one working on cy- and not enough demand. //goo.gl/x1rMpF.
ber at Durham and there’s ap- AntibIoTic crosses many legal and
petite for these skills. The dead- Please send your willingness to ethical lines, and I am for one sur-
line is on the 22nd of Septem- receive STSMs proposal to me for prised academics have proposed this
ber, salary starts at £61K, and publishing here. Until I do not have approach without including a deeper
there is more info at https:// any more, I’ll just publish mine. legal analysis.
goo.gl/a31Tmx.
• Hamilton Professorships in
Computer Science at Maynooth
University. The areas of interest
cover, between others, Cyber-
security and Privacy. Plenty of
time to decide whether to ap-
ply, with a deadline on Friday
20th of October. Salary could • I will be very happy to receive
be e110,060 to e139,501 p.a. anyone interested in investigat-
for Professor A and e80,650 ing randomness generation and
to e106,655 p.a. for the Pro- testing, particularly on IoT de-
fessor B range. More info at vices.
https://goo.gl/LSvKhM. More than 33,000 telnet cre-
Blogs, posts and other dentials from IoT devices exposed
• Lecturer and Senior Lecturer good reads
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 4
could close one or both doors, trap- Event calendar
ping passengers inside. To keep pas- Eurocrypt 2018 will take place in
sengers in the vehicle, a hacker could Tel Aviv, Israel, from April 29 to May
command the car wash to blast wa- 3. The submission deadline is the 19
ter constantly at the vehicle, making September, with notification on the
it a challenge to open its doors. If a 15 January. Orr Dunkelman is the
driver attempts to escape the hacked General Chair.
device while the car wash’s door is
open, the hacker could command a
door to open and close repeatedly to
strike when passengers exit the ve-
hicle. Or the attacker could hit the Financial Cryptography and Data
car or passengers with a mechanical Security 2018 (FC18) is taking place,
Not much to say about this: More arm within the car wash. The hack as usual, in an exotic location. This
than 33,000 telnet passwords of dif- was relatively simple, bypassing the time in Nieuwpoort in Curacao, from
ferent IoT devices were exposed pub- authentication mechanism and en- February 26 to March 2. The submis-
licly on pastebin for all to see and abling them to manipulate a variety sion deadline is the 15 September,
download before the admins deleted of functions. and the good news will arrive on the
them. Right now they will form part At the core of the hack is the fact 17 November.
of the arsenal of all your future at- that the entire platform for the wash-
tackers, so please get them and test ing machine operates Windows CE,
none of your devices is open to these which Microsoft killed off in 2013.
credentials, and that none of your IPs Sadly, manufacturers are still build-
is listed. ing futuristic devices like an Internet-
connected car washing machine on
Death in the Car Wash top of a dead platform.
While not all of the car wash mod-
els are connected to the Internet, at
least 150 are according to the Shodan The 2018 edition of the new kid
search engine which catalogs IoT de- on the block, a.k.a. Real World Crypto
vices connected to the public-facing will take place in Zurich, Switzer-
Internet. Who would have thought land, from January 10-12, 2018. The
five years ago that car washes could submission deadline is 5 October,
be Internet connected, or that the with a quick notification on the 4 De-
simple act of going to a car wash cember.
At Black Hat 2017, one of the could possibly be life-threatening?
most interesting hacks was that of
You can read the rest of the article
a car wash, surprisingly with life-
at https://goo.gl/S35y1o.
threatening consequences for passen-
gers. ”We’ve written an exploit to
cause a car wash system to physi-
cally attack; it will strike anyone in
the car wash” one of the authors said.
”We think this is the first exploit that
causes a connected device to attack See you all back in October!
someone."
They showed how a LaserWash Best,
car wash system, from manufacturer Julio Hernandez-Castro
PDQ, could be breached. An attacker
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 5
O CTOBER 2017, N O 12
Cryptacus Newsletter
October 2017
Cryptacus Newsletter
Welcome to the October edition of the monthly
Cryptacus.eu newsletter, offering a glimpse into re-
cent developments in the cryptanalysis of IoT & re-
lated areas. Send more of your contributions, com-
ments & feedback at cryptacus.newsletter@irisa.fr
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 1
in the Europol Headquarters in the All in all, an awesome and very
Hague later this month. informative piece of work.
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 2
on online authentication, looking the UK and this investment is Blogs, posts and other
for a solution enabling citizens to starting to bore fruit. The com- good reads
seamless authenticate across a wide mon deadline for these posi-
range of applications and devices. tions is the 3rd of November.
The ultimate objective is to foster the The Lecturer position https:
widespread adoption of services and //goo.gl/G2NtmG has a salary
products provided within the Digi- range of £34,520 to £47,722
tal Single Market of the European and the Senior Lecturer posi-
Union. The call is a single stage and tion https://goo.gl/bRQdpu
has an estimated budget of 4 Mil- goes from £50,618 to £56,950.
lion EUR. The deadline for the sub-
mission of proposals is 27 Septem-
• Lecturer or Senior Lecturer at
ber 2018. You can get more info at
the University of Cambridge - NSA botched attempt at star-
https://goo.gl/JWr1h9.
Department of Computer Sci- dardisation in the news
ence and Technology. This is It is not frequent that cryptogra-
Open Positions a full time and permanent po- phy gets in the news. This piece
sitions located at Aston. The by news agency Reuters https:
deadline is the 10th January //goo.gl/nwhsiV was later repro-
2018. The Lecturer position duced in many other media, much
https://goo.gl/zDhzhk has to the chagrin of the NSA team that
a salary range of £53,691 to is attempting to make Simon and
£56,950. Interviews will be Speck into ISO standards. Our own
held on 19-20th March 2018. Orr Dunkelman had a memorable
contribution to the piece, and was
quoted saying ”I don’t trust the de-
For other interesting positions
signers. There are quite a lot of peo-
all across Europe, please check the
Please send us any employment op- ple in NSA who think their job is to
recently revamped “Researchers in
portunity you want to publicize in subvert standards. My job is to se-
Motion” portal https://euraxess.
the newsletter. cure standards.” This is not a won
ec.europa.eu/.
battle yet, and if you want to know
how you can contribute to stop this
• Hamilton Professorships in Proposals for STSMs from happening, please contact your
Computer Science at Maynooth By now, you should be already country representatives on the ISO
University. The areas of interest familiar with what Short Term Scien- Committee and let them know.
cover, between others, Cyber- tific Missions (or STSMs, for short)
security and Privacy. Plenty of are, but we have a healthy budget for
time to decide whether to ap- them within the Cryptacus project
ply, with a deadline on Friday and not enough demand.
20th of October. Salary could
be e110,060 to e139,501 p.a. Please send your willingness to
for Professor A and e80,650 receive STSMs proposal to me for
to e106,655 p.a. for the Pro- publishing here. Until I do not have
fessor B range. More info at any more, I’ll just publish mine.
https://goo.gl/LSvKhM.
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 3
https://goo.gl/wwLpXr, let’s fo-
cus on this threat and work to fight
against it, right now.
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 4
N OVEMBER 2017, N O 13
Cryptacus Newsletter
November 2017
Cryptacus Newsletter
Welcome to the November edition of the monthly
Cryptacus.eu newsletter, offering a glimpse into re-
cent developments in the cryptanalysis of IoT & re-
lated areas. Send more of your contributions, com-
ments & feedback at cryptacus.newsletter@irisa.fr
News from the Chair small scientific and informal meet- for a couple of volunteers to partici-
by G ILDAS AVOINE ings/brainstormings (in parallel) pate to the selection committee.
about any topic you are interested Last but not least, if not already
in. done, please register to our Ni-
Please, think about topics you would jmegen’s workshop at crypta-
like to work on with other people. We cus.cs.ru.nl/registration.shtml in or-
will install a white board such that der to make the life of the organizers
everyone will be able to suggest top- easier. Many thanks.
ics and people will be able to register
to any topic. See you there!
We will also allow you to present
Dear Cryptacus Members, your topic(s) during a couple of min- Gildas Avoine
utes on Wednesday. You can so pre-
Next week, we will meet in Ni- pare 1 or 2 slides. This activity will
jmegen, the Netherlands, for our be fruitful only if we are proactive in Opportunities
biannual event. suggesting topics. Private lounges are
The scientific program is now avail- also possible if you want to pursue ENISA Call for IoT Experts
able on the web site at https: an ongoing collaboration.
//cryptacus.cs.ru.nl/.
Lejla Batina, Veelasha Moonsamy, During our event in Nijmegen,
and Irma Haerkens, the local orga- we will also take time to discuss
nizers, did a great job to prepare this about the book we plan to write on
event. the cryptanalysis in ubiquitous com-
We will have 29 talks, including an puting systems. The call for chap-
introduction by our COST Science ters, prepared with the collabora-
Officer, Karina Marcus, and 4 invited tion of the working group leaders, is
talks by Clémentine Maurice, Johann now online on Cryptacus’ website at: I had the opportunity to attend
Heyszl, Francesco Regazzoni, and www.cryptacus.eu the ENISA/Europol IoT Security Con-
Léo Perrin. Julio Hernandez-Castro will organize ference and expert meeting group in
It is worth noting that Thurs- a session on Thursday afternoon for the Hague in October 18-20 at Eu-
day afternoon will be devoted to members who are interested in sub- ropol Headquarters. It was a very
collaborations. We will organize mitting a chapter. We will also look lively event, with lots of interesting
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 1
presentations by some of the major and other secure hardware chips Funding News
actors and vendors in the discipline. manufactured by Infineon.
At the expert meeting there was a The attacker can compute the pri-
notable lack of representatives from vate part of an RSA key with sig-
academia, which in my view is very nificant less effort than the theo-
problematic. The group discussed a retical/expected one making the at-
draft tentatively titled ’Baseline Secu- tack feasible for commonly used key
rity Measures for IoT’ that is expected lengths, such as 512 bits but also
to be published and made publicly for 1024 and in some cases 2048
available before the end of the year. bits. For example, for some 512 bit
We will report on it in future newslet- keys just 2 CPU hours at a cost of
ters. $0.06 will suffice, or 97 CPU days The European Commission has
(costing $40-$80) for some 1024 bit pre-published the draft 2018-2020
RSA keys. The authors provided a se- work programme part for the Marie
ries of tools to verify online whether Sklodowska-Curie Actions (MSCA).
keys in use where affected. Major You can find it here https://
vendors including Microsoft, Google, goo.gl/ngkbES. It contains many
HP, Lenovo, Fujitsu etc. have released changes, mostly improvements in my
software updates and guidelines for opinion, over the past rules for Marie
mitigation. Curie Actions.
In the meantime, please seriously
The authors stated that the cur-
consider to at least try to join the
rently confirmed number of vulnera- The European Commission has
group, as there will be more meet-
ble keys found is about 760,000 and pre-published the draft 2018-2020
ings in the near future and more
the vulnerable chips are pervasive work programme part for Societal
joint work on standardisation and
and not necessarily sold directly by Challenge 6 - "Europe in a changing
IoT security that may have a pro-
Infineon, as the chips can be embed- world - Inclusive, innovative and re-
found effect on the security of Eu-
ded inside devices by other manufac- flective societies”. You can access it
rope. Read more about the IoTSEC
turers. at https://goo.gl/jk91TS.
group at https://goo.gl/uS1o4S
Estonia abruptly canceled roughly
and join it by filling the form at
half its national ID cards used for The European Commission re-
https://goo.gl/tzEJkC.
voting, filing taxes, and encrypting cently published its tenth progress
sensitive documents as a direct re- report ’Towards an effective and gen-
Recommended reading sult of the discovery. These results are uine Security Union’, which discusses
particularly relevant for IoT aficiona- progress over the last years and
dos, and affected electronic iden- planned actions to improve security,
tity documents across Europe, includ- including systematic checks and a re-
ing ePassports, eDriving licenses, na- vamping of the EU entry/exit system,
tional ID cards, etc. Problems have the establishment of an ’European
been reported with some of the ID Travel Information and Authorisation
documents in Estonia and Slovakia System (ETIAS)’, reinforce Europol,
but rumors abound that other coun- approving a new directive on combat-
In a month with no shortage of tries might be affected too. You can ing terrorism and firearms traffick-
new vulnerabilities, I have to confess read more about this issue at https: ing, as well as explosives-precursors
that on a personal level my favorite //goo.gl/RMYU6L. to combat home-made explosives,
one is the ROCA Attack. etc. It’s a good read, that you can
The associated paper title is ’The access at https://goo.gl/Heb5de.
Return of Coppersmith’s Attack: Prac-
tical Factorization of Widely Used The European Commission, and
RSA Moduli’. This work by Matus Ne- in particular the DG for Research &
mec, Marek Sys, Petr Svenda, Du- Innovation has launched a prize on
san Klinec and Vashek Matyas was online security as part of H2020 In-
accepted and presented a ACM CCS All in all, an awesome piece of dustrial Leadership pillar. This Hori-
2017, in Dallas, and describes a se- work that will probably continue to zon prize aims to significantly im-
rious vulnerability in generation of be relevant for years to come, as sim- prove citizen’s overall experience
RSA keys as implemented in a soft- ilar vulnerabilities will most likely on online authentication, looking
ware library widely adopted in cryp- crop up in other products. for a solution enabling citizens to
tographic smartcards, security tokens seamless authenticate across a wide
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 2
range of applications and devices. the Assistant Professor (tenure- Proposals for STSMs
The ultimate objective is to foster the track) and Associate Professor By now, you should be already
widespread adoption of services and level. This is part of an am- familiar with what Short Term Scien-
products provided within the Digi- bitious expansion program, so tific Missions (or STSMs, for short)
tal Single Market of the European there will probably be more job are, but we have a healthy budget for
Union. The call is a single stage and opportunities in the future. them within the Cryptacus project
has an estimated budget of 4 Mil- Applicants within all areas and not enough demand.
lion EUR. The deadline for the sub- of computer science are wel-
mission of proposals is 27 Septem- come, but they are strong on Please send your willingness to
ber 2018. You can get more info at crypto and computer secu- receive STSMs proposal to me for
https://goo.gl/JWr1h9. rity and candidates in these publishing here. Until I do not have
areas will likely be particu- any more, I’ll just publish mine.
Open Positions larly welcomed. The deadline
for applications is the 5th of
January, 2018. More informa-
tion at http://www.au.dk/en/
about/vacant-positions/
scientific-positions/
stillinger/Vacancy/show/
934877/5283/
• I will be very happy to receive
anyone interested in investigat-
ing randomness generation and
Please send us any employment op- testing, particularly on IoT de-
portunity you want to publicize in vices.
the newsletter.
Blogs, posts and other
good reads
• What in the UK is called ’the • Lecturer or Senior Lecturer at
other UCL’, that is, Univer- the University of Cambridge -
site catholique de Louvain, is Department of Computer Sci-
searching for a full-time pro- ence and Technology. This is
fessor in Software Security. If a full time and permanent po-
you are interested in this per- sitions located at Aston. The
manent position, you have to deadline is the 10th January
hurry up because the deadline 2018. The Lecturer position
for submitting applications in https://goo.gl/zDhzhk has
the 15th of November. You can a salary range of £53,691 to New and potentially more dan-
get more information and even £56,950. Interviews will be gerous IoT botnet
start your application at https: held on 19-20th March 2018. News of a new botnet, more sophis-
//goo.gl/nMwzAY. ticated than the infamous Mirai, are
making the rounds. The new mal-
ware goes by the name of Reaper,
and is way more powerful than the
already quite damaging Mirai which
limited itself to try a list of frequent
usernames and passwords and pri-
marily victimised IP cameras and
routers. Reaper, on the other hand,
is capable of exploiting known vul-
nerbilities in the targets it encoun-
For other interesting positions all ters,hacking its way in with an array
across Europe, please check the re- of tools and spreading itself further.
cently revamped “Researchers in Mo- If Mirai was capable of causing such
tion” portal https://euraxess.ec. havoc by imply abusing default cre-
• Aarhus University, in Denmark europa.eu/. dentials, researchers fear what can
is also offering positions at happen with Reaper and its bag of
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 3
nine exploits targeting products from 3. The notification is on the 15 Jan- The 3rd International Workshop
D-Link, Netgear, Linksys, Vacron, uary. Orr Dunkelman is the General on Boolean Functions and their Ap-
GoAhead, and AVTech. While many Chair. plications (BFA) is organized by the
of the targeted products have patches Selmer Center of the University of
available, unfortunately a significant Bergen.
number of users are not commonly
applying those. This is another pal- It will take place at the Alexan-
pable example of the need for better Financial Cryptography and Data dra Hotel, Loen, in Norway during
solutions regarding updating policies Security 2018 (FC18) is taking place, June 17-22, 2018. The deadline for
in the IoT ecosystem, as Reaper is for as usual, in an exotic location. This submission is April 1st, 2018 (no kid-
sure not the last malware taking ad- time in Nieuwpoort in Curacao, from ding) and the notification will be one
vantage of the current limitations in February 26 to March 2. The notifica- week later, on April 7th.
this area. Some researchers estimate tion will arrive on the 17 November.
Mirai controlled, at its peak, 2.5m
devices and the latest estimates for
Reaper are around 10 million. Even
more worryingly, CheckPoint has no-
ticed worm capabilites in Reaper, as
infected devices contribute to spread
the threat to new targets. Although This workshop occurs immedi-
not DDoS activity has been noticed at ately after a related one called
the time of this writing, it seems its WAIFI (International Workshop on
The 10th International Confer-
authors are still adding machines to the Arithmetic of Finite Fields 2018)
ence on Cryptology, AFRICACRYPT
the botnet and that any attack target in Bergen, which is on June 14-16,
2018, will take place in Marrakesh,
will really have a bad time defend- with a deadline on April 1st, and ac-
Morocco on 7-9 May. The submission
ing itself from For more info, check ceptance notification on May 11th,
deadline is on January 7, and the no-
https://goo.gl/eDYKWq or the very 2018. More info at http://waifi.
tification on February 20th.
interesting study by CheckPoint at org.
https://goo.gl/qRPvfx or, alter-
natively, an in-depth analysis by F-
Secure at https://goo.gl/XjWt2g.
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 4
D ECEMBER 2017, N O 14
Cryptacus Newsletter
December 2017
Cryptacus Newsletter
Welcome to the December edition of the monthly
Cryptacus.eu newsletter, offering a glimpse into re-
cent developments in the cryptanalysis of IoT & re-
lated areas. Send more of your contributions, com-
ments & feedback at cryptacus.newsletter@irisa.fr
I would like to start this newslet- You should also have received a Gildas Avoine
ter by thanking Lejla Batina, Veelasha few days ago my email containing the
Moonsamy, and Irma Haerkens for minutes of the book-related working
the organization of our workshop in session we organized in Nijmegen.
Nijmegen last month.
Recommended reading
Again, if you know that you will
It was a very successful workshop, submit a proposal, please send us a
and greatly organized. mail of intent without waiting for the
deadline, so we will be able to early
The slides of the presentations detect gaps in the covered topics.
will be available on the Cryptacus’
website soon. Please, use the address crypta-
cus.editors@irisa.fr to contact Julio
The next event will be at São and myself about matters regarding
Miguel Island, in the Portuguese the book.
archipelago of the Azores, in April.
Finally, I would like to remind you This month we are going to focus
Precise venue, dates, and pro- that the current grant period will end on a paper by Jeroen Delvaux, from
gram will be communicated by the on April 30th, 2018. KU Leuven, that presents a string of
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 1
attacks against popular PUF-based The original paper can be ac- • Artificial intelligence, block
authentication schemes. cessed at https://eprint.iacr. chain technology and bitcoin
org/2017/1134.pdf
• Dematerialised borders
The work is titled "Attacks on
Three PUF-Based Authentication Pro- Funding News The recommendations from the
tocols: PolyPUF, RPUF and PUF-FSM". audience were:
• Ensure that the defence re-
The author presents efficient im- search programme and activi-
personation attacks based on the use ties of the European Defence
of machine learning that exploit the Agency do not undermine each
poor diffusion and confusion proper- other.
ties of many PUF-based protocols.
• Improve dissemination and ex-
In fact, this work is a continuation ploitation; make better use of
of the author’s recent PhD Thesis, end-user networks; allow for
A recent workshop on the future greater flexibility to face urgent
where he analyzed the security of 21
of security research in Europe, organ- end-users’ needs
PUF-based authentication protocols
ised by the German Federal Ministry
and found numerous issues to the • Standardise and harmonise to
of Education and Research (BMBF),
extent that only 6 proposals survived overcome market fragmenta-
highlighted a number of priority poli-
this cryptanalysis effort. tion
cies, and stressed that security and
defence research is still a priority • Combine digital and physical
It is particularly relevant that the
area in Framework Programme 9 security research
3 protocols broken in this work have
(FP9).
been designed to be resistant to ma- • Security has both technological
chine learning attacks by using some and societal challenges, cover
The participants agreed that a
obfuscation logic, admittedly not them all in future calls
coordinated approach is needed in
very strong because it ought to be
response to recent security events • Ensure that key agencies are
lightweight.
across Europe and that, while de- engaged - Interpol, Europol,
fence and civil security research ac- border agencies, police force,
That makes feasible that, by using tivities have different objectives and
a relatively low number of challenge- fire and rescue services, etc.
stakeholders, the required solutions
response pairs, one can establish a will often be very similar if not the The Commission is planning to
relatively accurate model of the PUF same. hold a public hearing in December
and predict its response to unseen 2017 before the adoption of the Mul-
challenges employing artificial neural It seemed clear that civil security tiannual Financial Framework (MFF)
networks or support vector machines, research and defence research should in May 2018. The Commission’s pro-
to mention just a couple of machine continue to be funded from separate posal for the ninth framework pro-
learning approaches that generally pots and not be merged into a single gramme is to be published in early
produce good results. strand. Also, there was apparent the summer 2018.
need to better engage with industry
I particularly like the author’s and to promote, disseminate and ex- MSCA: 2018 RISE Call Open
analysis presented in the Aftermath ploit the results in Europe.
section, where he discusses the un- On the 23 November, the Euro-
derlying reasons for the vulnerabili- The participants at the workshop pean Commission opened the call for
ties found, and makes suggestions to made a number of recommendations proposals for the Marie Sklodowska-
avoid similar attacks that everybody for FP9, and stressed the importance Curie Actions (MSCA) European Re-
working in this area should consider of covering, in the security calls of the search and Innovation Staff Ex-
and implement in future proposals. following two years, the topics be- change (RISE).
low: The deadline is 21 March 2018.
A very interesting work by a very The available budget is 80 million,
promising early career researcher • Consider elections as critical in- and the call-related documents, in-
that casts a serious doubt on the secu- frastructure, and protect them cluding the guide for applicants, and
rity of many of the existing, including accordingly the link to the online submission are
some very recent, PUF-based authen- available on the Participant Portal.
• Fight against fake news
tication protocols. A must-read for Many national contact points are
anybody working in the field. • Fight against the fragmentation holding events for organisations in-
of societies terested in applying to the call in
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 2
early January. Contact the one in and closely related areas, in- held on 19-20th March 2018.
your country for further details. cluding positions that are open
to recruit at the Reader, Se-
Open Positions nior Lecturer or Lecturer level.
The earliest closing date for
these positions is 5th January
2018. More information at
https://www.sheffield.ac.
uk/dcs/jobs/index
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 3
IOTA the white paper, at https://iota. The 3rd International Workshop
org/IOTA_Whitepaper.pdf. on Boolean Functions and their Ap-
At the end of a very good year plications (BFA) is organized by the
for crypto currencies, where bitcoin Selmer Center of the University of
has had a prominent presence even Bergen.
in generalist media and many early
players have multiplied their invest- It will take place at the Alexan-
ments ten-fold or more, there is a dra Hotel, Loen, in Norway during
curious project that has attracted June 17-22, 2018. The deadline for
massive support in the community submission is April 1st, 2018 (no kid-
and is IoT related, hence my cover- ding) and the notification will be one
age here. week later, on April 7th.
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 4
JANUARY 2018, N O 15
Cryptacus Newsletter
January 2018
Cryptacus Newsletter
Welcome to the January 2018 edition of the
monthly Cryptacus.eu newsletter, offering a glimpse
into recent developments in the cryptanalysis of
IoT & related areas. Send your contributions, com-
ments & feedback at cryptacus.newsletter@irisa.fr
News from the Chair tocols (co-organization by COST Ac- available for trainees (e.g. PhD stu-
by G ILDAS AVOINE tion CRYPTACUS & ERC POPSTAR). dents, ECIs, etc.).
The year 2018 will actually be *** Monday 16th: Working ses- - Training School (also in-
important for Cryptacus, with two sion on the CRYPTACUS’ book. This formation on Book session and
major events, in April and Septem- session is free, open to everyone MC Meeting): https://goo.gl/
ber, respectively. although mostly dedicated to peo- w52ThM. Contact Ricardo Chaves
ple who submitted a chapter to the (Ricardo.Chaves@inesc-id.pt)
Also, we are on the home stretch CRYPTACUS’ book (if you plan to
now, given that Cryptacus will finish submit, but not done yet, let me
Finally, I would like to remind
in December 2018. know asap). Please, check the Crypta-
you that the current grant period will
cus website if you are not aware of
finish on April 30th, 2018.
In the meanwhile, let’s meet in the call for chapters.
Sao Miguel island, Azores (Portugal)
in April, where several Cryptacus’ *** Tuesday 17th: MC Meeting You still have time to apply for
events are colocated. This is a brief (8:30–10:00 am). For MC Members an STSM but you should send your
schedule: only. request very soon.
*** Saturday 14th / Sunday 15th: *** From Monday 16th to Friday Best regards,
Workshop on Distance Bounding Pro- 20th: Training School. Grants are Gildas Avoine
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 1
Recommended reading: above, that includes the very rele- Funding News
On the dangers of specu- vant disclosure process and some SMI2G
lation other interesting queries.
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 2
Department of Computer Sci-
ence. Salary from £67,970 to
£91,001 per annum. Dead-
line for applications is the 5th
March.
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 3
IOTA: Wouldn’t touch with a analysed the total unconvincing an-
barge-pole swers to the security issues publicly
reported.
Very interesting developments
around IOTA over the past weeks.
This last point regarding security
After a highly positive report on is possibly the most enlightening, so
the cryptocurrency published on the we will reproduce it in full:
14th of December by the influen-
tial MIT Technology Review, titled "A "Once the Digital Currency Ini-
Cryptocurrency Without a Blockchain tiative published the break in IOTA’s
Has Been Built to Outperform Bit- Event calendar
curl hash function, its author, Sergey
coin" there were many voices accus- Ivancheglo, offered two conflicting ex- The 17th Annual Workshop on
ing the piece of being uncritical and planations for the vulnerability. The the Economics of Information Secu-
too rosy. first explanation was that the flaw rity (WEIS) will take place next year
was intentional - that it was meant in Innsbruck, Austria.
It certainly had a positive im- to serve as a form of ’copy protection.’
pact on the cryptocurrency mar- If anyone used this code in their own
kets, but less than a week later The submission deadline is
work, he said, the IOTA developers February 18, with a notification
Joichi Ito from the MIT Media Lab would be able to exploit the flaw and
published a very critical response of acceptance by March 31. Rainer
damage other systems that were using Böhme is the conference chair.
https://goo.gl/C2Ca9K. the hash function. However, later, he
offered a conflicting explanation that
he didn’t write the curl at all, but that
an AI wrote it. We do not find either
of these explanations convincing, even
in isolation. That they contradict each
other makes them even less so."
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 4
acceptance notification on May 11th, covering from 5G Networks to Infor-
2018. mation Hiding.
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 5
F EBRUARY 2018, N O 16
Cryptacus Newsletter
February 2018
Cryptacus Newsletter
Welcome to the February 2018 edition of the
monthly Cryptacus.eu newsletter, offering a glimpse
into recent developments in the cryptanalysis of
IoT & related areas. Send your contributions, com-
ments & feedback at cryptacus.newsletter@irisa.fr
News from the Chair ters for the book. ing on April 17th, and the Training
by G ILDAS AVOINE School from April 16th to April 20th.
It is worth noting that many pro-
posals are co-authored by researchers MC Members should attend the
from different COST countries, which MC Meeting, and they can attend the
points that a scientific network such workshop and the book session if rel-
as Cryptacus is definitely efficient to evant.
launch collaborations.
For the training school, registra-
The selection committee is cur- tion fees apply for all participants,
rently reviewing the received chapter but 37 grants are available for PhD
Dear Cryptacus Members, proposals. The acceptation deadline students.
will be slightly delayed, given that
With the approaching end of the several authors requested to post-
For your information, there is no
current grant period of your COST pone the submission deadline.
vacancy anymore in the hotel of the
Action, we received an impressive
event (Lince Azores Hotel). However,
high number of STSM applications. The selection committee will se-
many hotels are available around the
lect proposals, then it may invite ad-
venue. For example, several people
STSMs have never been as suc- ditional researchers to submit chap-
already booked in Hotel do Cole-
cessful as during this current grant ter proposals, if the topics covered
gio. Please check the accommodation
period (May 2017 - April 2018), and by the received proposals suffer from
page of the training school web site
this is the first time that Cryptacus gaps that should be filled in order to
for more details.
fully spends the budget assigned to make the book self-content and fully
STSMs. consistent.
The training School web site is
Next month, I will be able to pro- Following several questions that https://www.cryptacus.eu/en/
vide an accurate statement of the I received about our event in Sao events/training-school-2018/
accepted STSM applications. Miguel, I would like to remind and the workshop web site is https:
you that there is the workshop on //www.surrey.ac.uk/futuredb
I am also glad to announce that distance-bounding protocols on April
we received about 15 proposals after 14th and 15th, the book working Best regards,
the publication of the call for chap- session on April 16th, the MC Meet- Gildas Avoine
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 1
Recommended reading: the analyzed applications do not fol- line and traditional news media, such
Alarming state of mobile low best practices and disregard even as https://goo.gl/SNxUXU, https:
health applications legal obligations as imposed by con- //goo.gl/dc3HRQ, and even lead to
temporary data protection regula- the COST office to publish a media
tions (GDPR), thus jeopardizing the piece at https://goo.gl/p9HpLW.
privacy of tens of millions of users
across the World. Funding News
SMI2G Event
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 2
in collaboration with the European expertise in that year’s topic. The
Commission and Research Executive EIBURS topic for this year is "The
Agency. economic effects of a joint European
security and defence policy".
The EIB University Research The same employer is currently • Lecturer, Senior Lecturer, or
Sponsorship Programme (EIBURS) recruiting for a Senior Lecturer Reader in Cyber Security at
provides research grants of up to or Reader in Secure Systems, the University of Birmingham
e100,000 a year for a period of three this time with a deadline of School of Computer Science.
years, to interested university de- 23rd April. More info at https: Full-time, permanent positions,
partments or research centres with //goo.gl/unyTQp. with a closing deadline of 25th
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 3
February and a salary rang- 2018 at noon. More info at Blogs, posts and other
ing from £39,993 to £74,259. https://goo.gl/jq9Vrd recommended reads
They are particularly interested
Wyden’s letter
in those specialising in sys-
tems security or the inter-
section of security with arti-
ficial intelligence or human-
computer interaction. This is
a very interesting opportunity
to join an expanding group
which is rapidly becoming one
of the best groups in the UK. For other interesting positions all
More info at https://goo.gl/ across Europe, please check the re-
9VWs4h. cently revamped “Researchers in Mo- Ron Wyden is the Democratic
tion” portal at https://euraxess. Senator from Oregon.
ec.europa.eu/. It currently has close He’s an interesting and controversial
to 50 open positions in computer se- figure in the United States Senate,
curity and related areas, including and although after checking his vot-
in Poland, the UK, Finland, Slovenia, ing history one may disagree with the
Italy, Norway, Switzerland, and even timing or wisdom of some of his past
• Professor of Computer Science
in Spain! actions, it is difficult to argue against
at University College Cork -
School of Computer Science the fact that he is a strong advocate
and Information Technology. of civil liberties and (with the excep-
tion of assisted suicide) his views are
very liberal (in the best sense of the
This is an interesting position word, if any still exists) and closer to
in Ireland, at a prestigious in- these of NGOs such as the EFF.
stitution that wants to expand
its cyber security expertise. He has recently been again in the
spotlight because of his doubts about
They state in the ad that "The Proposals for STSMs a recent statement by the FBI Di-
School strategy is to expand its By now, you should be already rector, who claimed tech companies
research and teaching in the familiar with what Short Term Scien- can weaken their encryption without
area of cyber-security, and can- tific Missions (or STSMs, for short) harming cybersecurity.
didates with such expertise are are.
especially encouraged to apply. He, in a move that is nowadays
Applications from candidates Please make your willingness to sadly uncommon for politicians, seek
with expertise in other areas of receive STSMs proposals known by real expert’s advice.
computer science will also be sending me an email.
considered." As a result, he received a let-
Until I do not have any more, I’ll ter from Prof. Martin Hellman
This is a full-time and per- just publish mine: (signed also by Bellovin, Kocher and
manent position, with a rela- Schneier) saying this is simply not
tively high salary ranging from possible right now, at least not as
e109,129 to e140,962 de- stated by the FBI Director.
pending on experience.
It is interesting to note that the
FBI Director had claimed that "ex-
Note that, as it is becoming perts" had concluded these "excep-
increasingly common with cy- tional access" mechanisms were pos-
bersecurity positions, Garda sible without compromising security.
vetting or an international po- Senator’s Wyden call FBI’s bluff re-
lice clearance check may form • I will be very happy to receive questing them to name the experts
part of the selection process. anyone interested in investigat- who made such claim, and he has
ing randomness generation and not received an adequate answer to
The deadline for applica- testing, particularly on IoT de- date.
tions is Tuesday 6th March vices.
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 4
its, and 70% will go to the website
owner.
This is of course an awful practice
that, in the hands of criminals, can
be turned into something even worse
when they include said javascript on
hacked webpages, whose owners re-
main unaware of the events.
How to prevent attackers to com-
promise your web and plant code
that will abuse your visitors? In addi- Event calendar
tion to the usual security measures,
The 33rd IFIP TC-11 SEC 2018
there are some very specific ones
International Conference on Infor-
that are beautifully covered on a blog
mation Security and Privacy Pro-
https://goo.gl/iR5p6f by Scott
tection (SEC 2018) will take place
Helme.
in Poznan, Poland, from the 18
to the 20 September. Cryptacus’
Miroslaw Kutylowski is in the or-
ganisation. Deadline has passed, but
This is another twist on the ongo- this is a very nice event to reg-
ing war on crypto. ister and attend, with some very
high quality presentations. More
Looks particularly worrying if we info at http://ifipsec2018.pwr.
see it as part of the same effort that edu.pl/comittee.php
is desperately trying to push NSA’s
SPECK and SIMON for standardisa-
tion by ISO/IEC despite the strong
opposition of the German, Japanese This was in response to the dis-
and Israeli representatives. covery that more than 4,000 sites
were hosting mining scripts, many
Please don’t forget to contact your of these Government websites. This
national representative and ask him happened because a third party
or her to vote against these abu- provider (Text Help) was compro-
sive behaviour, from the authors of mised and their javascript library was
the beloved and heavily backdoored altered, introducing a crypto mining
script that was then subsequently in- The 17th Annual Workshop on
Dual-EC-DRBG.
cluded on thousands of websites. the Economics of Information Secu-
rity (WEIS) will take place next year
ALL YOUR MONERO ARE BE-
in Innsbruck, Austria.
LONG TO US Fortunately, this is easy to stop
with a tiny change to how the script
The notification of acceptance is
The latest pseudo-criminal trend is loaded in the code, adding the
on March 31. Rainer Böhme is the
is to turn your browser into a cryp- SRI Integrity Attribute that allows
conference chair.
tocurrency mining machine. the browser to determine if the file
There is even a legitimate (although has been modified, and reject it if
admittedly immoral) business model needed.
behind it, as for example proposed by
https://coinhive.com, that tries to Scott claims that to take this one
sell it as an alternative to online ads. step further and ensure absolute pro-
They basically provide you with tection, you can use Content Security
javascript that you can embed in Policy and the require-sri-for direc- The 23rd Australasian Conference
your webpages which will abuse your tive to make sure that no script is on Information Security and Privacy
visitor’s CPU to mine Monero, a cryp- allowed to load on the page without (ACISP 2018) will be held in Wollon-
tocurrency that can be mined for an SRI integrity attribute. On top of gong, Australia on July 11-13, 2018.
reasonable profit on normal CPUs that, you could be alerted to events
and that, conveniently, offers much like this happening on your site via It will, unsurprisingly, be orga-
more privacy than bitcoin. CSP Reporting. nized by the University of Wollon-
Coinhive will take 30% of the prof- gong. The submission deadline is
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 5
the 25 February 2018 at 11:59pm with a deadline on April 1st, and Of special interest to our audience is,
AEST and the notification will be on acceptance notification on May 11th, possibly, the 2nd International Work-
the 8th April. 2018. shop on Security and Forensics of IoT.
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 6
M ARCH 2018, N O 17
Cryptacus Newsletter
March 2018
Cryptacus Newsletter
Welcome to the March 2018 edition of the monthly
Cryptacus.eu newsletter, offering a glimpse into re-
cent developments in the cryptanalysis of IoT & re-
lated areas. Send your contributions, comments &
feedback at cryptacus.newsletter@irisa.fr
News from the Chair Many top-level researchers from this Matthias J. Kannwischer (UK to NL),
by G ILDAS AVOINE field accepted to give a talk. Esteban Armas Vega (ES to UK), Yu
The key idea is to make theoreticians Long Chen (BE to NL).
and practitioners discussing together.
The program has been prepared by In total, these STSMs represent
Ioana Boureanu, Stéphanie Delaune, 318 funded days. It is worth noting
and Cristina Onete, and the event that inclusiveness target countries
is co-funded by the ERC POPSTAR (ITC) are under-represented in spite
headed by Stéphanie. of our effort to promote this scientific
tool.
Dear Cryptacus Members, The Workshop web site is https:
//www.surrey.ac.uk/futuredb. Finally, I would like to stress
Our next Cyptacus event will be In this March newsletter, I would that the next Grant Period will
held in less than a month in São also like to recap the short-term sci- start on May 1st, 2018. Crypta-
Miguel. entific missions (STSMs) that were cus’ members will then be able
funded by Cryptacus during the cur- to apply again to STSM grants
I would like to remind you that rent Grant Period (May 2017 to April (https://www.cryptacus.eu/en/stsm/how-
the training school program is avail- 2018). to-apply/) and to ITC conference
able online and grants to attend the grants (check https://goo.gl/
event are still available for students. We indeed received many STSM qfNrmL).
applications during the last months,
Ricardo Chaves and his team did much more than usual, and Crypta- The Work & Budget Plan of the
a great job to make this event suc- cus has been able to fund all of next Grant Period has been recently
cessful, and I would already like to them after refilling the STSM bud- approved, and the last Cryptacus’
thank them for the organization. get. We so far funded: Sam Thomas events will be announced in the April
(UK to FR), Milena Djukanovic (ME newsletter.
The Training School web site to IT), Veelasha Moonsamy (NL to
is https://www.cryptacus.eu/en/ ES), Elena Pagnin (SE to FR), David
events/training-school-2018/). GÃl’rault (FR to UK), Hannes Gross In the meanwhile, have fun with
Jointly located with the training (AT to BE), Ioana Boureanu (UK to the March newsletter!
school, Cryptacus organizes a work- FR), Bogdan Dina (DE to FR), Ana Best regards,
shop on distance-bounding protocols. Lucila Sandoval Orozco (ES to UK), Gildas Avoine
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 1
Recommended reading: the course of 18 months. The event is organized by the
Predicting mergers via Network of Secure Societies National
aviation traffic Additionally, they illustrate the Contact Points - SEREN3, in collab-
ease with which one could analyze oration with the European Commis-
the behavior and relationships of sion. This information day and bro-
aviation users through the exam- kerage event gives details on the
ple of foreign governments visiting calls for proposals H2020-CIP 2018,
Europe. In an even more interest- H2020-SEC 2018 and H2020-DS-
ing and practical application of their 2018, published on 27 October 2017
findings, they exploit similar travel under the societal challenge Secure
date to predict potential merger and Societies - Protecting freedom and
acquisition (M&A) activities by 36 security of Europe and its citizens.
corporations listed on the US and
European stock markets. His findings These calls offer new research
This month we will be reporting could potentially lead to a very prof- funding opportunities to research
on particularly nice and insightful itable investing strategy, as they iden- institutions, universities, industries,
paper author by a security team at tify seven M&A cases, in all of which SMEs, civil society organizations and
Oxford and Armasuisse, which is a the buyer has used corporate aircraft other security stakeholders.
Swiss federal agency specialised on to visit the target prior to the official
the procurement of armament. announcement, on average 61 days Participation to the event is free
It is titled "The Real First Class? Infer- before. This period of time give am- of charge and the number of partici-
ring Confidential Corporate Mergers ple time to take financial positions to pants is limited due to the capacity of
and Government Relations from Air benefit from the information leakage. the rooms.
Traffic Communication".
Finally, they try to find solutions The main topics to be covered
Authors are Martin Strohmeier, to stop this massive information leak- are Critical Infrastructure Protection,
Matthew Smith, Vincent Lenders and age from occurring, quantifying their Disaster Resilience, Safeguarding and
Ivan Martinovic. This paper contin- popularity and effectiveness, and securing society, Fight Against Crime
ues the research from the Oxford finding them mostly ineffective. and Terrorism, Border Security and
team on aircraft security communica- External Security, General Matters on
tion. For a previous work on a closely This work has recently been ac- Security and Digital Security. There
related topic, you can watch the cepted for the 3rd IEEE European are many reasons to participate, in-
video of Matthew Smith on ACARS Symposium on Security and Privacy, cluding: receiving information about
insecurity titled "Modern jets, retro that is going to take place on April the calls, networking possibilities, to
ciphers: how monoalphabetic sub- 24-26, 2018 in London, United King- get answers to your questions linked
stitution ciphers are still in use" at dom. to call areas and to get details on the
this year’s Real World Crypto, acces- legal and procedural conditions.
sible at https://www.youtube.com/ Funding News
watch?v=hEqcITbBNh4. One of the great benefits of these
Warsaw Brockerage Event events is that you can present project
As stated in their abstract, this ideas briefly (you generally get 2 min
paper exploits publicly available air- for a lightning presentation) to all
craft meta data and unfiltered air participants and explicitly seek col-
traffic communication gathered from laboration from organisations with a
a global collaborative sensor net- given set of skills. There will be also
work to study the privacy impact of face to face meetings that you can
large-scale aircraft tracking on gov- ask for on the web of the event. Ping
ernments and public corporations. me if you plan to attend, as I will be
there.
They track travel data from 542
aircraft used by 113 different gov- The registration is open until 1
ernments to identify events and re- April 2018. The event venue is the
lationships in ’the real world’. They Copernicus Science Centre in War-
develop a spatio-temporal clustering There is an interesting Info Day saw.
method which returns 47 public and and Brokerage Event on the Horizon
18 non-public meetings attended by 2020 Secure Societies call. You can register at https://goo.
dedicated government aircraft over gl/vogvYw
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 2
This is an interesting position learning, risk management
in one of the growing cyberse- and threat modelling, trusted
curity teams in the UK systems, verification, and dis-
tributed systems.
It is a full time, permanent po- The deadline for applications is
sition with a starting salary of the 23rd April 2018.
between £37,706 and £47,722 More info available at https:
per annum. The deadline for //goo.gl/fgg22s.
submission of candidatures is
the 18th April.
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 3
Proposals for STSMs Purdue University researchers of a number of weaknesses in the de-
By now, you should be already have developed a way to protect vice have shocked its customer base.
familiar with what Short Term Scien- against wipers. Their idea is to anal- All the technical details and a video
tific Missions (or STSMs, for short) yse write buffers before they reach showing the hack can be accessed at
are. Please make your willingness to storage, and decide whether the https://goo.gl/BT6JVa, but to cut
receive STSMs proposals known by intended write is destructive, and a long story short, it seems all Ledger
sending me an email. Until I do not stop it if so. Wipers cause substan- hardware wallets are vulnerable to a
have any more, I’ll just publish mine: tial damage by overwriting critical relatively simple man in the middle
digital assets on compromised ma- attack.
chines, denying users access to com-
puting resources. They interpose an
inspection step in the Virtual Machine
Monitor (VMM) through a technique
known as Virtual Machine Introspec-
tion (VMI). This has the benefit that
it does not rely on the entire OS as a
root of trust. The prototype seems to
be effective (99.8%) against malware
such as Shamoon and Stonedrill, and
• I will be very happy to receive
some other secure delete tools. The
anyone interested in investigat-
authors acknowledge that the perfor-
ing randomness generation and
mance of their tool needs to be in-
testing, particularly on IoT de-
vestigated further, but the approach
vices.
seems quite promising. More info at
https://goo.gl/pnJEDC.
Blogs, posts and other
recommended reads Low-cost hacking of a road
Irresponsible disclosure speed radar :-)
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 4
The 21st Information Security
Conference (ISC 2018), will take
place in London (Guildford), from
September 9 to September 12, 2018.
The submission deadline is 16
April, with notification on the 18
June. The General Chair will be Steve
Schneider.
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 5
M AY 2018, N O 18
Cryptacus Newsletter
April-May 2018
Cryptacus Newsletter
Welcome to the April-May 2018 edition of the
monthly Cryptacus.eu newsletter, offering a glimpse
into recent developments in the cryptanalysis of
IoT & related areas. Send your contributions, com-
ments & feedback at cryptacus.newsletter@irisa.fr
News from the Chair I would like to use this opportu- The last period may, consequently,
by G ILDAS AVOINE nity to kindly thank the organizers, be more competitive for applicants.
including Ricardo’s colleagues and
students, who greatly contributed to Last grant period also means
make this event successful. we are now working on the or-
ganisation of the last conference.
It will be held in Rennes (France)
on September 18th-20th, 2018. The
website is already up (https://www.
cryptacus.eu/en/conference/)
but programme and traveling infor-
Dear Cryptacus Members, mation are not available yet. MC
Members will likely receive their offi-
April has been an important cial invitation in May.
month for the Cryptacus community.
Mainly because of the organiza- The list of speakers is not com-
tion of two important events in pleted yet, but promises to be stellar.
São Miguel, namely the Cryptacus Looking now to the future, I can I can announce the confirmed ones:
training school organized by Ricardo announce that the new Grant Period Lejla Batina, Milena Djukanovik,
Chaves (PT), and a workshop on will start on time, namely on May Orr Dunkelman, Aurélien Francil-
distance-bounding protocols (Crypta- 1st, 2018. lon, Kevin Fu, Flavio Garcia, Daniel
cus COST Action & Popstar ERC Gruss, Claudio Orlandi, Bart Preneel,
Grant) mostly organized by Ioana You can already apply for STSMs and Ingrid Verbauwhede.
Boureanu (UK) and Stéphanie De- and ITC Grants, to be held between
laune (FR). May 1st and December 11th, which The full list will be provided in the
is unfortunately already the end of next newsletter.
More than 70 people have been our COST Action.
funded to attend the events, which
have been amazingly successful ac- The number of applications we
cording to the feedback and com- receive roughly doubled from one Best regards,
ments I received from the attendees. grant period to another one.
Gildas Avoine
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 1
Recommended reading: • Chair in Computer Science at
Practical Fault Injection on the University of Liverpool’s
Deterministic Signatures: Department of Computer Sci-
ence. A permanent and full
The Case of EdDSA
time position at the highest
level. They mention in the ad
The recommending reading of
security as one of their pri-
the month is a joint work by Niels
ority topics. The closing date
Samwel and Lejla Batina from Rad-
for applications is the 11 May
boud University, Nijmegen.
2018. More info at http://
www.jobs.ac.uk/job/BIS200/
It is particularly timely after re- chair-in-computer-science/
cent vulnerabilities of popular im-
plementations of deterministic signa-
tures schemes such as EdDSA have
been attacked, showing that the se-
cure deployment of these algorithms
will require more countermeasures They conclude that, as only a • A position as (full) profes-
than originally though. single successful fault is needed to sor of Computer Science is
fully recover the key, this kind of im- available as soon as possible
plementation is a particularly easy at the Department of Com-
The paper shows, in addition, puter Science, Aarhus Univer-
target for the attackers.
that the realistic implementation of sity (www.cs.au.dk). The de-
these additional countermeasures is partment has research groups
far from trivial as the authors pro- within ’Algorithms and Data
posed certain checks as a counter- Structures’, ’Data-Intensive Sys-
measure but the implementation un- tems’, ’Cryptography and Secu-
der analysis remained vulnerable to rity’, ’Mathematical Computer
fault injection attacks. Science’, ’Logic and Semantics’,
’Ubiquitous Computing and In-
The authors present simple at-
teraction’, ’Computer-Mediated
tacks against the EdDSA implementa-
Activity’, ’Use, Design and Inno-
tion in the lightweight cryptographic
vation’, and ’Programming Lan-
library WolfSSL on a 32-bit micro-
guages’. Moreover, they wish
controller, achieving success rates of
to build competencies within
almost 100% by voltage glitching and
Machine Learning and Sys-
electromagnetic fault injection.
tems Security. The deadline is
03.05.2018. More information
at https://goo.gl/rnJYSh.
Open Positions
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 2
cross-disciplinary research in- • I will be very happy to receive of the malware under observation.
stitute in Security and Protec- anyone interested in investigat- A myriad of techniques have devel-
tion Science. ing randomness generation and oped in this interesting area, but the
testing, particularly on IoT de- recent GravityRAT seems to be vari-
Security Lancaster is one of vices. ous steps ahead of most current mal-
four flagship Lancaster Re- ware in spotting VMs. It uses no
search Institutes and amongst Blogs, posts and other fewer than 7 different techniques to
the current 14 Academic Cen- recommended reads accomplish this. These include com-
tres of Excellence in Cyber Se- The End of the Road for SIMON mon techniques such as looking for
curity Research (ACE-CSRs) and SPECK? traces of the hypervisor left on the
recognised by the UK govern- virtual machine, checking the com-
ment. Well done Tomer and Orr! puter name, and checking the num-
ber of CPU cores.
But it also uses a novel tech-
nique where it requests the CPU tem-
perature, a feature not commonly
supported by hypervisors. These will
then respond "not supported" thus re-
For other interesting positions all vealing that the malware is probably
across Europe, please check the re- not being run on a real machine.
cently revamped “Researchers in Mo- More info at https://goo.gl/
tion” portal at https://euraxess. 15TN6x, with the complete analyis by
ec.europa.eu/. It currently has close For more info, please check this Cisco Talos researchers Warren Mer-
to 60 open positions in computer se- aptly titled piece "ISO blocks NSA’s cer and Paul Rascagnères.
curity and related areas, including latest IoT encryption systems amid
in Poland, the UK, Finland, Slovenia, murky tales of backdoors and bully-
Italy, Norway, Switzerland, and even ing" at https://goo.gl/PkYcTD.
in Spain!
Other news
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 3
info at https://ssr2018.net/. The ’IoT Autentication 2018’ Con- their applications.
ference will take place in Melbourne,
Australia on November 28-30, 2018. Paper submissions close on Au-
gust 14.
It will feature invited presenta-
tions from Auto-ID Labs, IoT Alliance
Australia, IoT (Internet of Things)
Security, Prof. Michael Sheng, Prof.
Margreta Kuijper, Dr. Omid Kava-
hei, Prof. Seng Loke,and Prof. Lejla
One of my preferred events in the Batina.
European cybersecurity calendar is
Nordsec. The Keynote speaker is Dr.
Veena Pureswaran from IBM. If FDTC 2018 is the Fourteenth
It is one of the oldest events you want to attend, check http: Workshop on Fault Diagnosis and
running, and although participants //www.authiot2018.conferences. Tolerance in Cryptography, and will
mostly come from European coun- academy/. be held on the 13 of September 2018
tries north of the 60th parallel, it in Amsterdam, co-located with CHES.
is a magnificent event open to all.
this year it runs its 23rd edition in It is held in cooperation with the
Oslo, Norway, from the 28 to the 30 IACR and is interested in all aspects
November. of fault injection.
The proceedings consist of peer- The submission deadline is
reviewed articles and are published May 25, and Joan Daemen, now
in the Springer Lecture Notes in Com- with Radboud University, is one of
puter Science series. the Chairs. For more info, check
www.fdtc-workshop.eu.
Some Cryptacus members are in-
volved in the organisation or the
program committee, such as Billy
Brumley from Tampere University of
Technology and Aikaterini Mitrokotsa The 14th International Confer-
from Chalmers University of Technol- ence on Information Security and
ogy. Cryptology (Inscrypt) will be held in
Fuzhou, Fujian, from December 14 to
Prof. Audun Jøsang from UiO 16. Organized by the Fujian Provin-
Norway is the General Chair this year. cial Key Laboratory of Network Secu-
rity and Cryptology of Fujian Normal
The deadline for paper submis- University.
sion is the 10th August.
It is an annual conference target-
ing the top research results in the
related area. See you all back in June!
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 4
J ULY 2018, N O 19
Cryptacus Newsletter
June-July 2018
Cryptacus Newsletter
Welcome to the June-July 2018 edition of the
monthly Cryptacus.eu newsletter, offering a glimpse
into recent developments in the cryptanalysis of
IoT & related areas. Send your contributions, com-
ments & feedback at cryptacus.newsletter@irisa.fr
You still have time to apply for The website of the confer- Gildas Avoine
a STSM Grant or an ITC Conference ence is up, and available at
Grant. http://www.cryptacus.eu/en/conference/
Open Positions
We will be very happy to receive We will organize a social event at
your applications Mont-Saint-Michel, a famous rocky
tidal island located in Normandy.
Given that the final period is
shorter than the previous ones, the Do not hesitate to spread the URL
budget is shorter as well, but we can in your labs.
still fund around 4 or 5 STSM Grants.
The other running task is the
As usual, the procedure to Cryptacus book, to be published by
apply is described on our web- Springer.
site, www.cryptacus.eu and very Please send us any employment
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 1
opportunities you may want to publi- sensor-rich environments; in-
cize in the newsletter. teractive and smart spaces;
new interaction paradigms;
Internet of Things; mobile
• Professor of Cybersecurity (in- and context-aware computing;
cludes a Lectureship appoint- awareness and privacy; and
ment) at the Department of tangible, situated and embod-
Computer Science, University ied interaction." Salary starts
of York. This is an excellent op- at e70K. For more info, check • I will be very happy to receive
portunity to lead a small but https://goo.gl/5FUzSt anyone interested in investigat-
growing cybersecurity group at ing randomness generation and
York, that comes with the in- testing, particularly on IoT de-
frequent possibility for the suc- • Tenure Track Assis- vices.
cessful candidate to almost im- tant/Associate/Full Professor
mediately recruit a Lecturer. Innovative Computer Architec-
York is one of the UK’s best tures at The Faculty of Science
Universities, and one of the and Engineering of Gronin-
best places to live. Both posi- gen University. You may ap-
tions are permanent and full ply for this position until 14
time. The salary starts around August 23:59h. More info at
£65,585 but can be higher https://goo.gl/CFVqvP
based on experience. The only
caveat is the very short dead-
line on the 5th of July, which
For other interesting positions all
has been extended from the Event calendar
across Europe, please check the re-
original 24th June. More info at
cently revamped “Researchers in Mo- CARDIS 2018 will take place on
https://goo.gl/hkwyb3.
tion” portal at https://euraxess. November 12-14th in Montpelier,
• Senior Research Fellow of In- ec.europa.eu/. It currently has close France. The submission deadline
formation Security and Privacy to 60 open positions in computer se- is July 13, 23:59:59 Anywhere on
at the University of Tartu. With curity and related areas, including Earth (AoE). More info at https:
a salary of e3-3.5K per month, in Poland, the UK, Finland, Slovenia, //cardis2018.sciencesconf.org.
depending on qualification and Italy, Norway, Switzerland, and even
experience. Deadline for ap- in Spain!
plications is the 2nd August.
More info on the post and in-
strictions on how to apply at
https://goo.gl/ibfjin.I was The Sixth International Workshop
recently in Tartu, for Nord- on Lightweight Cryptography for Se-
Sec’17, and liked the city a curity & Privacy (LightSec 2018, In
lot, it seemed like a very nice, Cooperation with IACR) will take
calm and relatively inexpensive place on September 10-12, in Cardiff,
place to live. together with the 11th International
Conference On Security Of Informa-
Proposals for STSMs
tion and Networks. The submission
• Full Professor of Ubiquitous By now, you should be already deadline is the 20th July. The gen-
Computing at TU Wien (Vienna familiar with what Short Term Scien- eral chair is Atilla Elci and the PC
University of Technology). For a tific Missions (or STSMs, for short) chair is Koray Karabina. For more
start in October 2019, and with are. Please make your willingness info, check http://www.sinconf.
a deadline of 22 October 2018, to receive STSMs proposals known org/sin2018/lightsec.php.
this is an excellent opportunity by sending me an email. Take into
at the Faculty of Informatics. account that STSMs will be more Indocrypt 2018 will take place
They want somebody working competitive in this last period of the on 9-12 December in New Delhi.
on "next generation ubiquitous Action. The submission deadline is 25 Au-
computing systems and their gust 2018, 11:59 AM, GMT. Tutorials
application in authentic real Until I do not have any more, I’ll will take place on the 9 December
world settings. Particular re- just publish mine: and the conference properly on 10-
search topics of interest include 12 December. It’s the 19th edition
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 2
of the event. More info at https: is a magnificent event open to all.
//www.isical.ac.in/~indocrypt/ this year it runs its 23rd edition in
Oslo, Norway, from the 28 to the 30
November.
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 3
S EPTEMBER 2018, N O 21
Cryptacus Newsletter
September-October 2018
Cryptacus Newsletter
Welcome to the September-October 2018 edition of
the Cryptacus.eu newsletter, offering a glimpse into
recent developments in the cryptanalysis of IoT &
related areas. Send your comments & feedback at
cryptacus.newsletter@irisa.fr
News from the Chair As you may know, Cryptacus will There is still budget for STSMs,
by G ILDAS AVOINE finish in December 2018, after four but do not wait too much, and apply
years of exciting collaborations. soon on the Cryptacus’ website!
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 1
multiple libraries that will force de-
velopers to seriously reconsider their
implementations to defend against
this adversarial attacks.
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 2
Group, that has arrived late to
cybersecurity research and has
been unsuccessful for a while
despite its best efforts, to hire
• Lecturer (for the Smart Card anybody for leading its new
and IoT Security Centre), at and coming group. This may be
the very prestigious Informa- a good opportunity, again if you
tion Security Group of Royal are Brexit-neutral and like De-
Holloway, University of Lon- von. Deadline for applications • I will be very happy to re-
don. The position is based at is the 30th September. ceive anyone interested in in-
Egham and the starting salary vestigating randomness gener-
is £42,926 to £50,811 per an- ation and testing, particularly
num - including London al- on constrained, embedded, IoT
lowance. This position is also devices.
full-time and permanent. Dead-
line for applications is the 30th
September.
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 3
The organisers helpfully added Van Assche are organizing a one-
"If this seems too bizarre to make day workshop on Advances in
sense of, then just pretend the paper permutation-based cryptography in
submission deadline is Sep 21, 2018, the center of Milano.
and you’ll be fine."
In the last decade it has become
clear that permutation-based crypto
is highly competitive in terms of per-
formance and resource usage when
compared to classical block ciphers
and their modes.
Cryptacus Newsletter
m Cryptacus.eu B cryptacus.newsletter@irisa.fr Page 4