IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
24 June 2016
Patrick Longa
ePrint ReportDavid Wong
ePrint Report22 June 2016
darmstadt, Germany, 18 July - 22 July 2016
Event CalendarTaipei Area, Taiwan, 19 December - 20 December 2016
Event CalendarSubmission deadline: 15 August 2016
Notification: 22 September 2016
University of Luxembourg
Job PostingAPSIA specializes in the mathematical foundations of information assurance: the mathematical modelling and analysis of information flows, the design and analysis of cryptographic primitives and protocols (both classical and quantum), secure verifiable voting systems, and anonymous marking systems and game-theoretic analysis of non-interference and coercion-resistance. The group has expertise in both the symbolic (formal methods) and the computational (“provable security”) styles of analysis and is investigating the links and synergies between them. The group has also established itself as a leading centre for the socio-technical aspects of security.
The topic lies both in Authenticated Key Exchange (AKE) and Quantum Key Distribution (QKD). Currently, complexity-theoretic definitions of security for AKEs are abundant but their relations are poorly understood, and the advent of QKD – in which both complexity theoretic and quantum mechanisms are intertwined - is further complicating matters. The research challenge is twofold: 1) to aid in finding fundamental definitions of security for AKE and 2) to develop a rigorous framework for reasoning about the composition of classical and quantum mechanisms, and in particular to examine to what extent definitions for AKE can be adapted to the QKD case.
Closing date for applications: 12 July 2016
Contact: Dr Jean Lancrenon, jean.lancrenon (at) uni.lu or Prof Dr Peter Y A Ryan peter.ryan (at) uni.lu
More information: http://emea3.mrted.ly/13lls
Graz University of Technology
Job Posting- Side-channel and fault attacks
- Operating system security
- Software isolation techniques
- Control-flow integrity
- Memory security
- Software testing
- Formal methods
- Code analysis and compilers
In case you are interested in joining our team, please send your application by email to Stefan Mangard.
Applications should include a curriculum vitae, a statement of motivation, a transcript of records as well as names and email addresses of two persons that can provide references. Please send all attachments as PDFs. We are looking forward to your application.
The open postions are available in the Secure Systems Group, which is a team of about 10 researches. In total, Graz University of Technology employs about 60 researchers in the area of information security. More information on our research topics and our team can be found at http://www.iaik.tugraz.at/sesys.
Closing date for applications: 31 August 2016
Contact: Stefan Mangard
More information: http://www.iaik.tugraz.at/content/research/sesys/jobs/
University of Twente, The Netherlands
Job Posting- Operating systems security and/or hardware security;
- Distributed systems security and/or cloud computing security;
- Mobile systems security and/or web security.
We offer a challenging full-time position in an inspiring multidisciplinary and international environment. The successful candidate will be employed for the duration of 3 years as an Assistant Professor at the chair of Services, Cyber Security, and Safety (SCS). The salary, depending on your experience and qualifications, will range from € 3.400,-- to € 4.654,-- gross per month. In addition, the University of Twente offers attractive employment conditions (for example 8% holiday allowance and 8,3% end-of-year bonus), excellent support for research and facilities for professional and personal development.
Applications should include a letter of motivation (including a short research and education statement), a detailed curriculum vitae, a list of publications and three references (including at least one international reference).
Closing date for applications: 5 August 2016
Contact: Questions regarding this position can be addressed to Prof. Dr. Roel Wieringa, chairman of Services, Cyber Security and Safety (r.j.wieringa (at) utwente.nl, +31 (0)53 489 4189), or to Dr. Andreas Peter, in the same group (a.peter (at) utwente.nl, +31 (0)53 489 2918).
More information: https://www.utwente.nl/en/organization/careers/vacancies/!/vacature/662159
21 June 2016
Utrecht, The Netherlands, 28 June 2016
Event CalendarDrexel University Cybersecurity Institute
Job PostingThe individual will be an integral part of the highly interdisciplinary team of more than fifteen tenure and tenure- track faculty across the Drexel University campus actively engaged in cybersecurity research. S/he will have the opportunity to work with leading scholars in areas such as i) malware detection, classification, and mitigation, ii) anomaly detection, iii) active user authentication, iv) wireless channel and wireless network security, v) media forensics and anti-?forensics, vi) privacy, anonymity, and stylometry, vii) hardware and electronic security, viii) social networking threat analysis, and others. The successful candidate will have a publication record in cybersecurity and related fields, and a demonstrated ability to lead the submission of interdisciplinary cybersecurity research proposals to government funding agencies, such as the National Science Foundation (NSF) or the various agencies of the Department of Defense (DoD).
Recent Ph.D. in Electrical and Computer Engineering or Computer Science or other closely related discipline. Strong background in any research area of cyber security. Experience in proposal authoring and capture of new business and research opportunities.
The researcher will conduct high quality research in cybersecurity, prepare and submit related grant proposals, and have the opportunity to teach in related areas.
Enter requisition # 7507 at DrexelJobs.com
Closing date for applications: 1 December 2016
Contact: Steven Weber, Ph.D.
Director
Drexel Cybersecurity Institute
More information: https://www.drexeljobs.com
Jesper Buus Nielsen, Samuel Ranellucci
ePrint ReportPierre-Alain Fouque, Pierre Karpman, Paul Kirchner, Brice Minaud
ePrint ReportPawel Swierczynski, Georg T. Becker, Amir Moradi, Christof Paar
ePrint ReportAsli Bay, Oguzhan Ersoy, Ferhat Karakoç
ePrint ReportQiang Tang, Balazs Pejo
ePrint ReportShoichi Hirose, Atsushi Yabumoto
ePrint ReportWenbin Zhang, Chik How Tan
ePrint ReportSaikrishna Badrinarayanan, Dakshita Khurana, Rafail Ostrovsky, Ivan Visconti
ePrint ReportFlorian Tramer, Fan Zhang, Huang Lin, Jean-Pierre Hubaux, Ari Juels, Elaine Shi
ePrint ReportWe propose, formalize, and explore a cryptographic primitive called a {\em Sealed-Glass Proof (SGP)} that captures computation possible in an isolated execution environment with *unbounded leakage*, and thus in the face of arbitrarily powerful side-channel attacks. A SGP specifically models the capabilities of trusted hardware that can attest to *correct execution* of a piece of code, but whose execution is *transparent*, meaning that an application's secrets and state are visible to other processes on the same host.
Despite this strong threat model, we show that a SGP can support a range of practical applications. Our key observation is that a SGP permits safe verifiable computing in zero-knowledge, as information leakage results only in the prover learning her own secrets. Among other applications, we describe the implementation of an end-to-end bug bounty (or zero-day solicitation) platform that couples a SGX-based SGP with a smart contract. This platform enables a marketplace that achieves fair exchange, protects against unfair bounty withdrawals, and resists denial-of-service attacks by dishonest sellers. We also consider a slight relaxation of the SGP model that permits black-box modules instantiating minimal, side-channel resistant primitives, yielding a still broader range of applications. Our work shows how trusted hardware systems such as SGX can support trustworthy applications even in the presence of side channels.
Weiran Liu, Jianwei Liu, Qianhong Wu, Bo Qin, David Naccache, Houda Ferradi
ePrint ReportLoi Luu, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, Aquinas Hobor
ePrint ReportIn this paper, we investigate the security of running Ethereum smart contracts in an open distributed network like those of cryptocurrencies. We introduce several new security problems in which an adversary can manipulate smart contract execution to gain profit. These bugs suggest subtle gaps in the understanding of the distributed semantics of the underlying platform. As a refinement, we propose ways to enhance the operational semantics of Ethereum to make contracts less vulnerable. For developers writing contracts for the existing Ethereum system, we build a symbolic execution tool called Oyente to find potential security bugs. Among $19,366$ existing Ethereum contracts, Oyente flags $8,519$ of them as vulnerable. We discuss the severity of attacks for several case studies which have source code available and confirm the attacks (which target only our accounts) in the main Ethereum network.