[crypto] [lindac@dimacs.rutgers.edu: CFP: DIMACS Special Focus on Communication Security and Information Privacy]
R. Hirschfeld
ray@unipay.nl
Wed, 21 May 2003 14:29:27 +0200
------- Start of forwarded message -------
Date: Tue, 20 May 2003 11:36:20 -0400 (EDT)
From: Linda Casals <lindac@dimacs.rutgers.edu>
Subject: CFP: DIMACS Special Focus on Communication Security and Information Privacy
********************************************************************
* DIMACS *
* Center for Discrete Mathematics and Theoretical Computer Science *
* A National Science Foundation Science and Technology Center *
********************************************************************
CALL FOR PARTICIPATION
DIMACS
SPECIAL FOCUS ON COMMUNICATION SECURITY AND INFORMATION PRIVACY:
2003 - 2006
Vitally important aspects of our modern society have become dependent
on rapid and secure communication, which is increasingly
electronic. The new electronic age offers vast potential for new
services and applications, but gives rise to serious new
vulnerabilities and security threats. Moreover, many of the most
important new applications come at the price of threats to privacy. We
plan a 3-year ``special focus'' on Communication Security and
Information Privacy, beginning in summer 2003, that will explore the
new vulnerabilities and threats and new methods for dealing with them.
Within the last decade a tremendous transition has taken place in
communications networks. Previously, nearly all communication, whether
data, voice or other media, was carried over private networks. Anyone
who was not a customer of the network provider was not given physical
access to the network. Securing such networks was relatively
straightforward. While a great deal of data and media traffic still
run over circuit switched or packet switched ATM or Frame Relay
private networks, a huge amount and variety of data and media traffic
now run over the public Internet, so much so that Internet is now an
important national infrastructure whose integrity is vital to the
functioning of our economy, culture, and government. The migration of
communication services to the Internet is still very much in
progress. This migration brings with it new and complex challenges for
maintaining communication security.
There are many factors driving the migration to the Internet. One is
universal connectivity. The Internet protocol allows users with many
different types of local area network technologies (e.g., Ethernet,
and 802.11) to be integrated into a single large network. This allows
for a type of positive feedback often referred to as the ``network
effect.'' The network grows quickly because the number of users,
servers, and devices that are already reachable on the Internet make
it very valuable to any new IP device. A second factor is
unification. Unlike the circuit switched world for which signaling and
data/media were carried by two separate networks, signaling and
data/media can both be carried over the Internet. For network
providers, migrating their services onto an Internet backbone means
that they need only deploy, manage, and control a single network,
thereby reducing their cost of providing services. Finally, the
ultimate promise of the Internet is as a platform for integrating a
variety of services such as voice, instant messaging, mobile presence,
multimedia, Web and data services. While these are powerful factors
driving the migration to IP communications, they have serious security
repercussions. Indeed, securing an extremely large, shared services,
packet-based IP network with a large number of administrative domains
is a much more complex task than securing segregated/circuit switched
networks.
Furthermore, through the collection and dissemination of vast amounts
of data, the Internet allows users to take advantage of new
functionalities that inherently require new notions of security. For
example, new issues of privacy for Internet users and applications are
arising due to the multitude of data available online. This new
electronic reality and the vast potential for interaction between
users and computers give rise to new digital applications and services
once thought possibly only in the physical tangible world. This, in
turn, creates the need for the invention and implementation of new
security and cryptographic techniques. Enabling secure electronic
commerce and securing digital rights management are some central
examples of the new challenges faced in the security area.
Some of the most exciting progress in the fields of communication
security and information privacy has come because of the
interconections of practitioners in these fields with researchers
developing relevant methods of theoretical computer science and
mathematics. This project will explore these interconnections in order
to address some of the fundamental challenges to communication
security and information privacy posed by the rapid transition and
remarkable growth of new applications in today's communication
networks. The project will be carried out in the context of a
three-year ``special focus" at DIMACS, the Center for Discrete
Mathematics and Theoretical Computer Science. The project will be
centered around workshops and research ``working groups,'' with a
tutorial, visitor program, and graduate student program.
The Themes of the Special Focus Include:
* Studying protocol and host vulnerabilities related to Internet
communication. Among them are the weakness or total lack of source
authentication for the base protocols in the IP suite, lack of
admission control mechanisms, vulnerability of hosts to implementation
and configuration errors. What is more, protocol and host
vulnerabilities can be exploited in tandem to create serious attacks
such as distributed denial of service attacks.
* Securing the protocol layer. The special focus will analyze a
wide range of security issues related to newer technologies such as
wireless access at the lower layers of the protocol stack, or Web
services at the higher layer of the protocol stack, including issues
dealing with ad-hoc trust establishment, secure roaming between
overlay networks, the controlled execution of untrusted code, and
peer-to-peer connection in pervasive networking scenarios.
* Seamless data movement vs. privacy and property rights. The
power of service providers to automatically log and analyzinformation
on site visitors or customers for collection and dissemination is so
great that it must be properly managed or else there is a significant
potential for abuse. The special focus will examine both violation of
property rights and violation of privacy both in the general context
and in more specialized applications such as health care data and
electronic voting.
* Cryptography and secure protocols. As technology evolves,
cryptogrtaphy faces the task of developing new security models and
techniques such as developing a complete suite of solutions that can
handle the concurrency and asynchrony of the Internet and obtaining
information from multiple data sets while protecting privacy and
confidentiality.
Opportunities to Participate: The Special Focus will include:
* Workshops: A variety of workshops and mini-workshops
are being planned. Workshop topics being developed are:
- Large-scale Internet Attacks
- Electronic Voting -- Theory and Practice
- Intellectual Property Protection
- Security of Web Services and E-Commerce
- Cryptography: Theory Meets Practice
- Security Analysis of Protocols
- Mobile and Wireless Security
- Security and Trust Issues Associated with Ad-Hoc
Computing / Pervasive Networking
- Database Security: Query Authorization and Information Inference
* Working Groups: Interdisciplinary ``working groups'' will
explore special forcus research topics. Working Group topics
being developed are:
- Privacy / Confidentiality of Health Care Data
- Secure, Efficient Extraction of Joint Information
from Multiple Datasets
- On-Line Privacy: Threats and Tools
- Intrusion Detection and Network Security Management Systems
- Mobile Code Security
* Tutorial: A tutorial will provide background knowledge to those
who wish to participate in the special focus or just get an
introduction to some of the fundamental issues in the field.
Tutorials being developed are:
- Computer Security
* Seminar Series: There will be a mix of research talks and
practitioner presentations.
* Visitor Programs: Applications for research and graduate student
visits to the center are invited. Some funds are available for travel
and local support.
* Postdoctoral Positions: There is a possibility postdoctoral
positions will be offered in this area
* Graduate Student Support: Funds will be set aside for graduate
students interested in attending workshops. Students interested in
visiting DIMACS during the special focus are encouraged to apply to
the special focus organizers.
* Publications: We anticipate that a variety of publications,
including AMS-DIMACS volumes, technical reports, abstracts and notes
on the WWW, and DIMACS modules will result from the special focus.
The URL for the Special Focus web page is:
http://dimacs.rutgers.edu/SpecialYears/2003_CSIP/
***********************************************************************
------- End of forwarded message -------