Fake Security Conferences
Turns out there are two different conferences with the title International Conference on Cyber Security (ICCS 2016), one real and one fake. Richard Clayton has the story.
Page 3 of 4
Turns out there are two different conferences with the title International Conference on Cyber Security (ICCS 2016), one real and one fake. Richard Clayton has the story.
Ross Anderson has liveblogged the 24th International Workshop on Security Protocols in Brno, Czech Republic.
Last month, the Cato Institute held its Second Annual Cato Surveillance Conference. It was an excellent event, with many interesting talks and panels. But their was one standout: a panel by victims of surveillance. Titled “The Feeling of Being Watched,” it consisted of Assia Boundaoui, Faisal Gill, and Jumana Musa. It was very powerful and moving to hear them talk about what it’s like to live under the constant threat of surveillance.
Watch the video or listen to the audio.
The NSA recently declassified a report on the Eurocrypt ’92 conference. Honestly, I share some of the writer’s opinions on the more theoretical stuff. I know it’s important, but it’s not something I care all that much about.
There was a conference on deception earlier this month. Sophie Van Der Zee has a summary of the sessions.
I’m at SHB 2014: the Seventh Annual Interdisciplinary Workshop on Security and Human Behavior. This is a small invitational gathering of people studying various aspects of the human side of security. The fifty people in the room include psychologists, computer security researchers, sociologists, behavioral economists, philosophers, political scientists, lawyers, anthropologists, business school professors, neuroscientists, and a smattering of others. It’s not just an interdisciplinary event; most of the people here are individually interdisciplinary.
I call this the most intellectually stimulating two days of my years. The goal is discussion amongst the group. We do that by putting everyone on panels, but only letting each person talk for 5-7 minutes The rest of the 90-minute panel is left for discussion.
The conference is organized by Alessandro Acquisti, Ross Anderson, and me. This year we’re at Cambridge University, in the UK.
The conference website contains a schedule and a list of participants, which includes links to writings by each of them. Ross Anderson is liveblogging the event. It’s also being recorded; I’ll post the link when it goes live.
Here are my posts on the first, second, third, fourth, fifth, and sixth SHB workshops. Follow those links to find summaries, papers, and audio recordings of the workshops. It’s hard to believe we’ve been doing this for seven years.
Ross Anderson liveblogged Financial Cryptography 2014. Interesting stuff.
Co3 Systems is going to be at the RSA Conference. We don’t have our own booth on the show floor, but there are four ways you can find us. Monday, we’re at the Innovation Sandbox: 1:00–5:00 in Moscone North. At the conference, we’re in the RSA Security booth. Go to the SecOps section of the booth and ask about us. We’ll be happy to show you our incident response coordination system. We’re hosting an Incident Response Forum on Tuesday night with partners HP, CSC, and iSight Partners for select companies and individuals. We also have a demo suite in the St. Regis Hotel. E-mail me if you want to get on the schedule for either of those two.
There was a presentation at Black Hat last month warning us of a “factoring cryptopocalypse”: a moment when factoring numbers and solving the discrete log problem become easy, and both RSA and DH break. This presentation was provocative, and has generated a lot of commentary, but I don’t see any reason to worry.
Yes, breaking modern public-key cryptosystems has gotten easier over the years. This has been true for a few decades now. Back in 1999, I wrote this about factoring:
Factoring has been getting easier. It’s been getting easier faster than anyone has anticipated. I see four reasons why this is so:
- Computers are getting faster.
- Computers are better networked.
- The factoring algorithms are getting more efficient.
- Fundamental advances in mathematics are giving us better factoring algorithms.
I could have said the same thing about the discrete log problem. And, in fact, advances in solving one problem tend to mirror advances in solving the other.
The reasons are arrayed in order of unpredictability. The first two—advances in computing and networking speed—basically follow Moore’s Law (and others), year after year. The third comes in regularly, but in fits and starts: a 2x improvement here, a 10x improvement there. It’s the fourth that’s the big worry. Fundamental mathematical advances only come once in a while, but when they do come, the effects can be huge. If factoring ever becomes “easy” such that RSA is no longer a viable cryptographic algorithm, it will be because of this sort of advance.
The authors base their current warning on some recent fundamental advances in solving the discrete log problem, but the work doesn’t generalize to the types of numbers used for cryptography. And they’re not going to generalize; the result is simply specialized.
This isn’t to say that solving these problems won’t continue to get easier, but so far it has been trivially easy to increase key lengths to stay ahead of the advances. I expect this to remain true for the foreseeable future.
The 2013 Cryptologic History Symposium, sponsored by the NSA, will be held at Johns Hopkins University this October.
Sidebar photo of Bruce Schneier by Joe MacInnis.