SEPTEMBER 2016, NO 1 Cryptacus Newsletter

First Cryptacus.eu Newsletter Welcome to this first edition of the monthly Crypta- cus Newsletter, bringing you a quick glimpse into the latest developments in the IoT cryptanalysis area. There are not a lot of contributors to this first edition of the newsletter, for obvious reasons, but we’d love you to send us your contributions for in- coming issues, comments and feedback to [email protected]

News from the Chair Castro accepted to be the editor of This month we recommend to by GILDAS AVOINE this newsletter. Thanks, Julio! I hope read the paper Lock It and Still Lose you will keep this newsletter excit- It - On the (In)Security of Automo- ing by regularly sending your news to tive Remote Keyless Entry Systems, Julio. published in the 25th USENIX Se- During Haifa’s meeting, we also curity Symposium (USENIX Security discussed the third grand period. 2016). Cryptacus encountered several diffi- This brilliant piece of work, by culties to launch the third grant pe- our colleague and WG4 leader riod, but this issue should be fixed Flavio Garcia (with David Os- soon. Note that the scientific commit- wald, Timo Kasper and Pierre tee, chaired by Bart Preneel, will pro- Pavlidès) which you can enjoy at pose in the coming days the location http://goo.gl/nkeDB5, has been all Cryptacus’ Management Committee of the next meeting. Right after, the over the news recently, being covered Meeting organised in Haifa, Israel, MC will vote on the grant agreement, at news sites such as The Guardian, was really interesting and useful which is a mandatory step before the Daiy Mail, WIRED, The Register, Busi- (Thanks, Orr!) for the current and next period starts. Short-term scien- ness Insider, Daily Tech, Ars Tech- future activities of our COST Ac- tific missions will then be able to be nica, etc. showing once more why tion. The Management Committee organised again. the work we do can potentially have (MC) decided there to make collab- an enormous societal impact. Con- orations in Cryptacus’ even stronger, gratulations Flavio et al., nice work! Funding News and to spread the information bet- Recommended reading ter among the members of the Ac- tion, and more generally in the sci- entific community. Among the dis- cussed issues, the MC decided to pub- lish a monthly newsletter that in- cludes recent activities of the Action, as well as news from the field (call for papers, open positions, significant publications, etc.). Julio Hernandez- There are a number of interesting

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 1 European calls for H2020 projects Lectureship in the Founda- in our (or closely related) areas in • tion of Pervasive Data Sci- DS-08-2017 explicitly mentions 2017. We will cover in more detail ence at Lancaster University. • Privacy Enhancing Technolo- in future editions of this newsletter They mention areas such as gies in its description, ’to pro- some of these opportunities, but for ’Internet of Things, smart vide users with the functional- now let’s list the most obvious ones: cities/spaces and pervasive ity they require without expos- computing’. It helps of you ing any more information than have interest or, preferably, necessary, and without losing DS-06-2017 has a deadline of a track record as a data sci- • control over their data, to any 25 April 2017 and its topic entist. Salaries from £33,574 third parties.’ but also requests (Cryptography) is spot on. The to £46,414. Permanent posi- contributions in the area of ’Se- call is open to proposals ad- tion. Call closing on the 18th cure Digital Identities’. More vancing in areas such as ho- September 2016. More info info at http://goo.gl/rFofmC momorphic encryption, data at http://goo.gl/ysa0HI. The leakage, authenticated encryp- same folks at Lancaster offer tion, post-quantum, automated There are other interesting calls an additional position as a Lec- proofs for crypto protocols, etc. we will mention in future issues, turer in Cybersecurity (closing But they also explicitly request where we will also provide with more on the 30th September 2016) proposals dealing with the ’In- details on the ones briefly shown ternet of Things, implantable above. We will try to encourage Research Associate or Senior medical devices and sensor and support consortia build-up from • Research Associate in Cryp- nodes that harvest energy from within Cryptacus, involving as many tography at Bristol. This is a the environment’ acknowledg- MC members as possible. Incoming rolling call with only a nominal ing that ’there is a need for MC and WG meetings will include deadline of 18th of December. ultra-lightweight cryptology’ opportunities to create consortia and They’re interested in hiring for and that ’additional means exchange know-how to competitively their prestigious Cryptography to protect privacy in these apply to H2020 calls. applications (e.g. anonymity group in Multi-Party Compu- tation, the evaluation of the in communications) should Open Positions be developed.’ More info at security of cryptographic im- http://goo.gl/Ir8ekC. plementations, cryptography resiliency against real world attacks, design and implemen- DS-07-2017 belongs to the tation tools, etc. Salaries from • group of EU call with an un- £31,656 to £40,082. More info godly deadline in August. I at http://goo.gl/TErYvr imagine many of you have suf- fered this in the past, and how badly it can impact your hol- Proposals for STSMs We would like to include in future idays and relations. For this newsletters open positions related to and the next, the deadline is our are of interest, so please send 24 August 2017. The topic cov- us any employment opportunity you ered is closer to cybersecurity, want to publicize. For the time being, in particular Addressing Ad- we have these: vanced Cyber Security Threats and Threat Actors, and they seek the ’development of novel Lecturer/Associate Professor at approaches for providing or- • the University of Southamp- ganizations the appropriate ton. They explicitly mention situational awareness in rela- Internet of Things as one of tion to cyber security threats’ the areas of expertise they’ll with solutions including ’tech- be happy to appoint a candi- By now, you should be already niques such as anomaly de- date. Call closes on the 20th familiar with what Short Term Scien- tection, visualization tools, big September 2016. Salaries from tific Missions (or STSMs, for Short) data analysis, threat analysis, £36,672 to £60,081 per year. are, but we have a healthy budget for deep-packet inspection, proto- Permanent position. More info them within the Cryptacus project col analysis, etc’. More details at http://goo.gl/uEYSxk and not enough demand. at http://goo.gl/FPs4CD

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 2 This section could be used by any http://bristolcrypto.blogspot.be/, We surely have to mention the of our readers to encourage visitors where you can find multiple blog imminent deadline of RFIDSec2016 to their group or lab. For that, please entries with description of their ac- (venue will be Hong Kong) on 12 send us a very brief description of tivities, and a variety of other inter- September (http://rfidsec2016.org/) your profile and that of the intended esting topics, from their musings to as one of the yearly highlights for visitor, and we’ll publicize it in here their live blogging of some of the our community, but the Mycrypt (on to foster international cooperation main events in the Crypto calendar. the 15th) and Eurocrypt (on Octo- within the COST project. ber 1st), together with ASIACCS (on Event calendar November 1st), Finantial Cryptogra- Blogs and posts to read phy (4th of November) and the FSE (23rd of November) will make for a busy end of the year for most of us.

This month, I will highly recom- mend you to actively follow the blog of Bristol Crypto Group at

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 3 OCTOBER 2016, NO 2 Cryptacus Newsletter

October’16 Cryptacus Newsletter Welcome to the second edition of the monthly Cryptacus.eu Newsletter, bringing you a quick glimpse into the latest developments in the IoT cryptanalysis area. We’d love you to send us your own contributions for incoming issues, comments and feedback to [email protected]

News from the Chair mittee will soon receive an official in- This month we have two items on by GILDAS AVOINE vitation. Any other researcher inter- our list of recommended readings. ested by the cryptanalysis of ubiqui- One of them is an academic paper, tous computing systems is welcome for which we have to thank Han- to participate in these meetings. The dan Kilinç, the other a series of news program will be available on the web- posts describing from different an- site soon. gles the recent massive DDoS attack The Action will then organize a work- suffered by Brian Krebs and others shop, early in 2017. The Action is which apparently exploited a very looking for organizers for this work- large network of compromised IoT shop. If you are interested in organiz- devices. ing this event in your country, please contact Gildas Avoine or Bart Pre- Cryptacus’ management committee neel. 1. Efficient Public-Key Distance approved in September 2016 the Finally, I would like to thank those Bounding Protocol. Consid- yearly work and budget plan. I am who sent information to crypta- ering that products which use glad to inform Cryptacus’ members [email protected] to feed Octo- Distance Bounding protocols that the third grant period is conse- ber’s newsletter. Do not hesitate to tend to be quite computation- quently open. Researchers interested use this information channel to an- ally constrained, the authors on short-term scientific missions can nounce news about your own work constructed the most efficient apply for a grant, following the pro- and spread important information for public-key DB protocol (Eff- cedure described on the website of the community. pkDB) which is secure against the Action, www.cryptacus.eu. All Recommended reading distance fraud, mafia fraud and valid applications have been granted distance hijacking. It can be so far, so do not hesitate to apply. also converted to a strong pri- Two major events will be organized vate variant efficiently using during the third grant period. First a IND-CCA secure encryption of all, the Action will organize its scheme. The two protocols are scientific meetings on November 6th the most efficient ones when and 7th, 2016, in Sophia-Antipolis compared with other protocols (France). offering the same security level. Members of the management com- Handan Kilinç and Serge Vau-

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 1 denay. Efficient Public-Key Dis- The call draft specifically men- we have these: tance Bounding Protocol. In Asi- tions security and privacy within its acrypt, 2016 scope: ‘Advanced concepts for end- Faculty Position in Distributed to-end security in highly distributed, • heterogeneous and dynamic IoT envi- and Secure Hardware Systems. 2. A gargantuan DDoS attack (up ronments. Approaches must be holis- Ecole Polytechnique Federale to 620Gbps) directed towards tic and include identification and de Lausanne - EPFL - School of journalist Brian Krebs’ web- authentication, data protection and Engineering. Permanent, Full site was apparently based on a th prevention against cyber-attacks at Time Position. Deadline is 30 million-device-strong IoT bot- the device and system levels. They October 2016. More info at net, including security cameras should address relevant security and https://goo.gl/XhF7hf. and the like. Akamai had prob- privacy elements such as confiden- lems defending Krebs’ site so tiality, user data awareness and con- he took it down. This seems Professor in Department of trol, integrity, resilience and authori- • as a revenge for his recent Computing The Hong Kong sation.’ journalistic efforts unmasking Polytechnic University. Prior- DDoS gangs. More info here ity will be given to candidates Further good news: ‘The Commis- https://goo.gl/joEHDh. Part with expertise in big data ana- sion considers that proposals request- of the problem seems to be lytics, human-centered comput- ing a contribution from the EU of related to ’the sheer difficulty ing and security. Recruitment between EUR 3 and 5 million would of patching and updating IoT will continue until the position allow this specific challenge to be ad- devices to take advantage of is filled. More info at https: dressed appropriately.’ More info on the latest vulnerability plugs’. //goo.gl/dK9mz6. There are this particularly tempting call can be Food for though and a poten- other positions at the same found at /urlhttps://goo.gl/66XM3Y. tially very interesting research institution at the associate area for some of you. Addi- and assistant professor level There are many other interesting tional info on this and related (https://goo.gl/zI8s9w). calls that we will mention in future security events can be read at issues. If you are interested in par- https://goo.gl/iGQ56r and ticipating in one call and want us to Lecturer in Computer Security. https://goo.gl/bfgV4J. • highlight it in the newsletter, and to University of Birmingham. If help build a consortium, don’t hesi- you want to join the prestigious Funding News tate to contact us. Birmingham research group in a full time permanent posi- We will encourage and sup- tion, hurry up and apply before port consortia build-up from within the 9th October. More info at Cryptacus, involving as many MC https://goo.gl/k78cFz. members as possible. If you don’t have your CV at Incoming MC and WG meetings • the ready, you can try Lough- will include opportunities to create borough University, that of- consortia and exchange know-how to fers a similar position (https: competitively apply to H2020 calls. //goo.gl/paKkxv) with a deadline on the 14th. Open Positions

There are a number of interesting If the Brexit woes are giv- European calls for H2020 projects, • ing you sleepless nights, this but the one we cover this month is full-time permanent position at possibly the most obvious one, as its the National College of Ireland topic is ‘R&I on IoT integration and could be a good option. Offer- platforms’. ing more generous salaries in general than in the UK, this In particular, we focus this month We would like to include in future has a deadline of 18th Oc- on the call IoT-03-2017 which is a newsletters open positions related to tober and a remuneration of Research and Innovation action with our are of interest, so please send up to e78k/year. More info at a deadline of 25 April 2017. us any employment opportunity you https://goo.gl/MUtA0r. want to publicize. For the time being,

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 2 Proposals for STSMs restore the DNS root keys, Dan is the American representative.

Dan is presently working on de- veloping systems to reduce the cost and complexity of securing critical in- frastructure. He also tweets actively at @dakami. By now, you should be already familiar with what Short Term Scien- Event calendar tific Missions (or STSMs, for Short) are, but we have a healthy budget for them within the Cryptacus project and not enough demand.

Aurélien Francillon was nice enough to send us a proposal for STSMs to Eurecom, that we added below: ‘At Eurecom we are ac- tively working on analyzing em- bedded devices software and build- This month, I will highly recom- ing methodologies and tools for mend you to actively follow the RFIDSec2016 (venue is Hong Kong) this. An example of that is our blog of Dan Kaminsky at https: is on the middle of the review period open source Avatar Framework (see //dankaminsky.com/. and promises to be a very exciting http://rfidsec2016.org/ http://s3.eurecom.fr/tools/avatar/) event . which is desired to reverse engineer Dan is a security researcher and devices and search for vulnerabili- his blog features interesting posts Cardis will be co-located with the ties. We are happy to receive visitors with plenty of insightful views on Lightsec Crypto Workshop in Cannes interested in the topic, for example current security issues. from 7–10 October (see https: to get help to start using the Avatar //2016.cardis.org/ and https: framework on a given device.’ Dan is best known for his work //www.cosic.esat.kuleuven.be/ finding critical flaws in the Internet events/lightcrypt. Thanks a lot Aurélien for this, and Domain Name System (DNS), and please keep these bits encouraging for leading what became the largest Last but not least, the Cryptacus visitors to your institutions coming! synchronized fix to the Internet in- MC and WG meetings will also take frastructure of all time. place on the same place and dates. Blogs and posts to read Registrations are open. See you all Of the seven Recovery Key Share- very soon! holders who possess the ability to

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 3 NOVEMBER 2016, NO 3 Cryptacus Newsletter

November’16 Cryptacus Newsletter

Welcome to the latest edition of the monthly Cryptacus.eu newsletter, bringing you a glimpse into the latest developments in the IoT cryptanalysis area. We’d love to receive your contributions, com- ments & feedback to [email protected]

News from the Chair Monday November 7th: [email protected] to feed • 9 – 11: WG4 meeting November’s newsletter. Do not hesi- by GILDAS AVOINE tate to use this information channel Attending Cryptacus’ meetings is to announce news about your own an opportunity to also attend the work and spread important informa- closely located conference Cardis tion for the community. (Nov. 7-9, 2016) and the Ecrypt Recommended reading LightCrypto Workshop (Nov 9-10, 2016). Both are organized in Cannes. Another important event related to ubiquitous computing systems is RFIDsec, whose 2016’s edition will be organized in Hong Kong on Nov. 30th - Dec 2nd, 2016. The very promising November is quite an exciting month program is now available online at: for security in ubiquitous comput- http://rfidsec2016.org/program.html ing systems, because several events Cryptacus expects to organize a will be organized this month. First workshop early in 2017 and the of all, Cryptacus’ meetings are in Management Committee is currently less than a week. The meetings will looking for candidates to organize it. take place at EURECOM in Sophia- The event will be a 2-day or 3-day Antipolis (France) on November 6th workshop with invited and submitted and 7th. I would like to use this op- talks. The Management Meeting will portunity to thank Aurélien Francil- be colocated with the workshop to re- This month there are just two lon who is the local organizer. The duce travel expenses. items on our list of recommended event is scheduled as follows: So, if you are interested in orga- readings. An academic paper and an nizing this workshop, please contact invited presentation. The paper is by Sunday November 6th: Gildas Avoine or Bart Preneel. The se- Thomas Gougeon, Morgan Barbier, • 8:30 – 9:45: MC meeting lection of the candidate will highly Patrick Lacharme, Gildas Avoine, and 10:15 – 12:15: WG1 meeting likely be done in November. Christophe Rosenberger. It is called 01:45 – 03:45: WG2 meeting Finally, I would like to thank "Memory Carving in Embedded De- 04:15 – 06:15: WG3 meeting those who sent information to vices: Separate the Wheat from the

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 1 Chaff" and was published in the In- in our area of interest or closely re- https://goo.gl/bL8Q3m. ternational Conference on Applied lated ones. We will try, from within Cryptography and Network Security, Cryptacus, to facilitate the build up 2016. of consortia to successfully apply to Proposals for STSMs I find particularly fascinating how several of these opportunities. they try and finally manage to distin- As you may have noticed, the sched- guish random data from other mean- ule for the Sophia-Antipolis meeting ingful information. You can find it is very tight, but we will try to ar- here https://goo.gl/Yx8T5F range for a H2020 informal meeting to exchange ideas and encourage members to participate in these com- petitive but highly rewarding bids. By now, you should be already familiar with what Short Term Scien- Open Positions tific Missions (or STSMs, for short) are, but we have a healthy budget for them within the Cryptacus project and not enough demand.

We will repeat the offer of Au- The invited presentation goes by the rélien Francillon from last month: quite funny title "Breaking Band: ‘At Eurecom we are actively work- Reverse engineering and exploit- ing on analyzing embedded devices Please send us any employment op- ing Samsung’s baseband" and is by software and building methodologies portunity you want to publicize. Daniel Komaromy, who works at and tools for this. An example of that There are 2 open positions at Eure- Comsecuris. It continues in the good is our open source Avatar Framework com in the security domain, at assis- old tradition of breaking Qualcomm (see http://s3.eurecom.fr/tools/ tant professor level, and a number of basebands, following some prelim- avatar/) which is aimed to reverse other positions at lesser institutions inary works on the topic presented engineer devices and search for vul- at the wrong side of the Channel: at the 28C3 and other events ear- nerabilities. We are happy to receive lier this year. It will be presented System and software security: visitors interested in the topic, for at Nordsec, which this year is or- • More info at https://goo.gl/ example to get help to start using the ganised by our friends at Oulu, in WpW8cG Avatar framework on a given device.’ Finland. You can find more info at https://goo.gl/BqN8JM. Security and privacy for cloud • computing: More info at Please send your contributions https://goo.gl/KqNmuq and suggestions for future issues of Professor of Telecommuni- this newsletter. • cation Networks. Birming- ham City University. Dead- Funding News line is 20th November 2016. Salary in the range £51,559 to £56,042 per year. Full time, I will be happy to receive any- permanent position. More info one interested in investigating the at https://goo.gl/LcxVnd. many limitations and pitfalls of the There are other positions at the PRNGs and, no pun intended, the same institution at associate TRNGs currently in use on IoT de- and assistant professor level vices. If you want to see what kind (https://goo.gl/iTMKOI). of work I’ll be interested in carrying out, check my paper at RFIDSec’16 or the preliminary presentation at Professor/Associate Professor • the WG4 meeting. Contact me at in Computer and Information [email protected] if interested or for Sciences at Northumbria Uni- further info. versity - Department of Com- As we have shown in the last issues of puter and Information Sci- Blogs and posts to read this newsletter, there is no shortage ences/Faculty of Engineering of European calls for H2020 projects and Environment. More info at

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 2 In addition, I will recommend Event calendar to read again the blog of Pen- I hope to meet many of you, either Test Partners, and in particular this in Sophia-Antipolis, Cannes or Hong https://goo.gl/ZisRhi which is Kong later this month, as we have the entry in which they report on a number of very important events their demo at Def Con 24 where they with very appealing programmes al- demonstrated how easy it was to cre- ready available. ate ransomware for IoT devices. RFIDSec2016 (Hong Kong) has They chose a smart thermostat, partly just published its list of accepted because of the scary/amusing conse- papers http://rfidsec2016.org/ quences of IoT vendor security com- program.html and many talks look placency. They describe in detail how This month, I will recommend you really interesting. they created a fully functioning ran- to check the blog of the IoT Security The Cardis programme is also somware to take control of a smart Foundation, that is a unknown organ- available https://2016.cardis. thermostat and lock the user out un- isation for me, but seems legit having org/program.html. It will be co- til they paid up. between his members heavyweights located with the Lightsec Crypto The sad but very familiar conclusion such as Ross Anderson and Kenny Workshop in Cannes that also has an is that, as they put it, "Simple se- Patterson, between others. It is at outstanding list of speakers https: curity controls would have stopped https://iotsecurityfoundation. //www.cosic.esat.kuleuven.be/ this hack working, yet they were not org/blog/. They have just celebrated events/lightcrypto/timeline/, so present." their first year. no excuses not to attend.

See you all very soon!

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 3 DECEMBER 2016, NO 4 Cryptacus Newsletter

December’16 Cryptacus Newsletter Welcome to the latest edition of the monthly Cryptacus.eu newsletter, bringing you a glimpse into recent developments in the IoT cryptanalysis area. We’d love to receive your contributions, com- ments & feedback at [email protected]

News from the Chair Cryptanalysis of protocols and primi- mation channel to announce news tives). about your own work and spread by GILDAS AVOINE important information for the com- The Management Committee munity, including relevant call for meeting was organized jointly with papers, job opportunities, etc. the Working Groups meetings. Recommended reading An important point discussed dur- ing the meeting was about the orga- nization of a workshop around March 2017. Cryptacus organized its bian- nual meeting on November 6th-7th The workshop will cover the top- in Sophia-Antipolis, in the French ics considered in Cryptacus, and will Riviera. consist of talks given by researchers who are not necessarily members of More than 35 people attended the COST Action. the working group meetings. Very exciting talks were arranged by the A call for presentations will be WG leaders, including the ones by published soon. Speakers of selected This month we will start and end the two invited speakers: Takanori presentations will be invited to the our recommended reading section Isobe (SONY Corporation), who workshop and fully financially sup- with a paper that perhaps many of spoke about "Security of Block Ci- ported by the COST Action. you have already read titled ”Dif- phers Beyond Blackbox Model", and ferential Computation Analysis: Hid- Cristiano Giuffrida (Vrije Universiteit The location of the workshop will ing Your White-Box Designs is Not Amsterdam) whose talk was entitled be announced in December 2016. Enough‘’, by Joppe W. Bos, Charles "Imagine a World without Software Hubain, Wil Michiels and the great Bugs". Finally, I would like to thank Philippe Teuwen. those who sent information to crypta- An interesting and very active [email protected] to feed De- It was published at the last CHES discussion about the concept of cember’s newsletter. conference, and it received the best "lightweight cryptography" was also paper award. initiated by Working Group 2 (WG2: Do not hesitate to use this infor-

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 1 You can access it and, more inter- Open Positions Proposals for STSMs estingly, a video of their presentation, at http://iacr.org/cryptodb/ data/paper.php?pubkey=27856.

Please send your contributions and suggestions for future issues of this newsletter. Please send us any employment op- By now, you should be already Funding News portunity you want to publicize in the newsletter. familiar with what Short Term Scien- tific Missions (or STSMs, for short) There are still 2 open positions at are, but we have a healthy budget for Eurecom in the security domain, at them within the Cryptacus project assistant professor level: and not enough demand. We will repeat the STSM offer of System and software security: Aurélien Francillon from last month: • More info at https://goo.gl/ WpW8cG ‘At Eurecom we are actively work- As we have shown in the last issues of Security and privacy for cloud ing on analyzing embedded devices this newsletter, there is no shortage • computing: More info at software and building methodologies of European calls for H2020 projects https://goo.gl/KqNmuq The and tools for this. in our area of interest or closely re- screening will start on Novem- An example of that is our open lated ones. We will try, from within ber 1st, and applications will source Avatar Framework (see http: Cryptacus, to facilitate the build up be accepted until the position is //s3.eurecom.fr/tools/avatar/) of consortia to successfully apply to filled. which is aimed to reverse engineer several of these opportunities. devices and search for vulnerabilities. Other interesting positions are: One additional opportunity we Lecturer/Senior Lecturer in We are happy to receive visitors would like to highlight and will prob- • Cyber-Physical Systems, Uni- interested in the topic, for example ably discussed in more detail over versity of Cambridge. Deadline to get help to start using the Avatar future issues is the Marie Curie Indi- is 10th January 2017. Salary in framework on a given device.’ vidual Fellowship scheme. the range £39,324 to £55,998 per year. Full time, perma- It is a prestigious and highly com- nent position. More info at petitive scheme that basically allow https://goo.gl/oQMRZo. They you to bring to your University or explicitly mention Internet-of- Research Center a foreign researcher Things/IoT, wearable technolo- (not necessarily an EU citizen) for up gies and security & privacy. to three years.

This is a golden opportunity to Lecturer/SL/Reader/Professor convince like-minded colleagues in • in Secure Information Tech- I will be happy to receive anyone other countries to come and stay nologies. Queen’s University interested in investigating the many working with you for one to three Belfast - Global Research In- limitations and pitfalls of the PRNGs years, with all expenses covered stitute of Electronics, Com- and the TRNGs currently in use on by the scheme. Particularly recom- munications and Information IoT devices. mended for early career researchers Technology (ECIT). https: that want to establish their careers //goo.gl/sbVPsm. £34,956 If you want to see what kind of on firmer ground. to £63,008 per annum. Full work I’ll be interested in carrying out, time, permanent positions. check my paper at RFIDSec’16 or the It is frequently the case, at least in They explicitly mention in the preliminary presentation at the WG4 the UK, that many of the Marie Curie job description ”security of meeting. Fellows are offered a Lectureship at Smart Cities and the Internet the end of it, if everything has gone of Things‘’. Deadline is 12th De- Contact me at [email protected] according to plan. Much more info at cember. if interested and/or for further info. https://goo.gl/WHrwCU.

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 2 Blogs and posts to read the industry is doing in IoT security, Event calendar but there are many promising start- As I finish this newsletter many of ups popping around and it’s easy not you will probably be in Hong Kong, to know what type of technologies attending RFIDSec. For those who they are working on. The selection is missed it, there are still some inter- heavily based towards USA compa- esting events on the horizon to keep nies, but still useful. It is curious to us happy and hopeful! see so many small companies work- ing on automotive IoT security. For those who need an urgent excuse to escape to New York, the Lastly, there is another potentially Real World Crypto Conference can’t interesting piece discussing the usage be bested. They have just pub- of blockchain to help in securing the lished a very interesting program IoT. I’m not fully convinced by all the at http://www.realworldcrypto. proposed ideas, but in any case they com/rwc2017/program that contains, In https://goo.gl/gtwHgm we are worth knowing, and could even find a very popular piece of news that for example, some very promising be inspiring for some of you to de- presentations on embedded security. fits perfectly within the Cryptacus velop new applications. More info at remit: A security researcher (@Er- https://goo.gl/39AMbQ rataRob) plugs (with caution, he’s If you want to learn a lot and fast a paranoid security researcher after on privacy, you can’t get it much bet- th all) his newly acquired smart cam- ter than attending the 7 BIU Win- era into his WiFi network at home ter School on Cryptography, which and checks that all is nice and sound, is devoted this year to “Differential only to witness how just 98 seconds Privacy: From Theory to Practice”. later it gets compromised by a vari- Over five days, and with an excel- ant of the infamous Mirai malware lent team of lecturers, you will have (again recently in the news due to the opportunity to learn everything crippling internet access for nearly there is about privacy in Tel-Aviv 1 million home users in Germany). at Bar-Ilan University. More info at Admittedly, the camera is a cheap http://cyber.biu.ac.il/event/ model https://goo.gl/L91jZJ with the-7th-biu-winter-school/. a default username/password of root/xmhdipc. This is the sorrow Euro S&P is this year in Paris, And now for something com- state of affairs right now. By the 26-28 April. A must! More at pletely different https://goo.gl/ way, the blog of this researcher, http://www.ieee-security.org/ mn6qsS, as good old John Cleese used Robert Graham, is highly recom- TC/EuroSP2017/index.php to say. I couldn’t help but add the fi- mended, and you can find it at nal position of the last game of the http://blog.erratasec.com/. Last but not least, the summer Carlsen-Karjakin match for the World school on real-world crypto and pri- Chess Championship that just fin- vacy organised by Lejla will take ished moments ago while yours truly place in Sibenik (Croatia), June 5 was writing this newsletter. It is an to 9. Highly recommended, for all extremely beautiful and not so com- ages! Registration will open early mon mate pattern that I’m sure many February 2017. More relevant info of you will appreciate. Congrats to at http://summerschool-croatia. Magnus for retaining the title on his cs.ru.nl/2017/. birthday! See you all soon!

Another non-academic but still interesting reading can be found at https://goo.gl/KwiPHT were the author comments on “19 Internet of Things IoT Security Startups”. It is relevant to be familiar with what

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 3 JANUARY 2017, NO 5 Cryptacus Newsletter

January’17 Cryptacus Newsletter Welcome to the latest edition of the monthly Cryptacus.eu newsletter, bringing you a glimpse into recent developments in the IoT cryptanalysis area. We’d love to receive your contributions, com- ments & feedback at [email protected]

News from the Chair Apart from this event, I also Once again, have a happy new encourage you to submit propos- year! by GILDAS AVOINE als for Short-term Scientific Mis- Gildas sions. STSMs are a great opportu- nity for researchers to do a 1-week Recommended reading to 3-month stay in a foreign coun- try. If you are interested in ben- efiting from such an opportunity, please have a look at this page: https://www.cryptacus.eu/en/stsm/

Happy new year to everyone, and Note that there is still plenty of happy Cryptacus 2017! money for funding STSMs. Given that We will start 2017 by highlight a This year will be highly important the current Grant Period will be com- paper that has received a fair share for Cryptacus, especially with the pleted at the end of April 2017, your of media attention and is specially organization of a workshop at Suto- STSM must finish before the end of dear to our hearts, as it benefited more, in Montenegro, on March 14th April, or start after the beginning of from a STSM within Cryptacus. Its ti- and 15th. This workshop is open to May. tle is “On the (in)security of the Latest everyone - not only Cryptacus mem- If you are interested to set up a Generation Implantable Cardiac De- bers - and a call for presentations will consortium for a H2020 proposal, do fibrillators and How to Secure Them”, be published very soon. Researchers not hesitate to send an email to Julio, and is authored by Eduard Marin, interested in presenting their work who can spread this information in Dave Singelée, Flavio D. Garcia, Tom will be invited to submit a one-page the newsletter, or you can send your- Chothia, Rik Willems, and Bart Pre- abstract describing their presenta- self an email to the mailing list of the neel. It appeared in the Proceedings tion. Selected speakers will be fully Management Committee. of the 32nd Annual Conference on reimbursed by Cryptacus, including Computer Security Applications, pp. travel, hotel, and meals. More in- Finally, if you are interested in 226–236. ACM, 2016. You can read formation will be published in the organizing a Cryptacus event in 2017 it at https://goo.gl/MKPJ69 coming days on the mailing list of or 2018, please contact me. The Man- The findings presented in the paper the Action, including information for agement Committee will soon discuss were discussed in Security Week, The the submission and for booking the about the activities of the next Grant Register, the Inquirer and The Sun, hotel. Period that will start in May 2017. to mention only some of the many media outlets that reflected on this

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 1 interesting research. too early, a defect that had lead at the Open Positions time to at least 2 deaths. You can read 2016 was not a good time to be more about this catastrophic devel- a major manufacturer of Implantable opment at https://goo.gl/cn5cSg. Cardiac Defibrillators, and the fu- Curiously enough the short-selling ture looks even bleaker. Apart from following the MW report this time the above paper, which is clearly bad would have not generated massive news for business in general, the con- profits, as the stock price of STJ was troversial Muddy Waters Capital pub- $81.88 when the report was pub- Please send us any employment op- lished in August a very strong short lished and never fall below $77.82 portunity you want to publicize in recommendation on St. Jude Medi- despite all the evidence against their the newsletter. There are 2 open po- cal, Inc. https://goo.gl/noGpyQ. products. All in all, a good case for sitions at Kent in the security do- research impact and, interestingly, an main, at assistant professor level, full It claimed their pacemakers, example that major security weak- time and permanent. Salary range is ICDs, and CRTs should be recalled nesses can be a good predictor of £32,958 to £46,924. Deadline is 6th immediately. These devices collec- other, even more egregious, technical February. More info at https://goo. tively generated 46% of their 2015 shortcomings. gl/tHulul revenue, and they seemed to suffer Other interesting positions are: from serious product safety issues Please send your contributions Lecturer/Senior Lecturer in leading to unnecessary health risks. and suggestions for future issues of • They continued describing two types this newsletter. Cyber-Physical Systems, Uni- versity of Cambridge. Deadline of attacks against the devices: a crash th attack that causes Cardiac Devices to Funding News is 10 January 2017. Salary in malfunction, including by apparently the range £39,324 to £55,998 pacing at a potentially dangerous per year. Full time, perma- rate; and a battery drain attack that nent position. More info at could be particularly harmful to de- https://goo.gl/oQMRZo. They vice dependent users. explicitly mention Internet-of- Things/IoT, wearable technolo- gies and security & privacy.

Chair in Computer Science, • As we have shown in the last is- at the University of Edin- sues of this newsletter, there is no burgh. This professorship is shortage of European calls for H2020 full-time, permanent. Some of projects in our area of interest or the topics they’re interested closely related ones. in are: algorithmic founda- tions of data privacy, algorith- We will arrange, in the next mic aspects of security and Cryptacus meeting in Montenegro, cryptography, and quantum al- a 2 hours H2020 session in which gorithms/complexity. The clos- we will discuss some of these calls in ing date is 31 January 2017. detail and will plan ahead for them, More info at https://goo.gl/ focusing particularly on the August Z7C8cg They concluded: “STJ’s apparent calls. Our aim is to facilitate the build Lecturer/SL/Reader in Cyber lack of device security is egregious, up of consortia to successfully apply • Security at the School of Com- and in our view, likely a product to several of these opportunities. puting Science, University of of years of neglect”. Predictably, St. Glasgow. Another full time, per- Jude Medical sued Muddy Waters If you are interested in partici- manent position with a salary over their hacking claims, and this pating in this session, and particu- range between £33,943 and lead to an interesting legal battle larly if you want to briefly present a £55,998 per annum. Deadline in which MW produced even more project idea to get feedback and po- is the 3rd of February. More info evidence of hacks and showed addi- tentially start building-up a consor- at https://goo.gl/ioChFq. tional vulnerabilities. tium, please contact me for booking To top it all, in October the FDA is- a slot. In addition, we will discuss Lectureship/Senior Lectureship sued an urgent warning after STJ de- Marie Curie mobility grants as well. • in Computer Systems and Se- vices ’ran out of battery’ three months curity at the Department of

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 2 Computing of Imperial College limitations and pitfalls of the PRNGs London. The position is again and the TRNGs currently in use on full-time, permanent. Deadline IoT devices. is the 24th January. They men- tion in their areas of interests If you want to see what kind of network security, applied cryp- work I’ll be interested in carrying out, tography, crypto-currencies and check my paper at RFIDSec’16 or the blockchain technologies. preliminary presentation at the WG4 meeting. Event calendar For other interesting positions Contact me at [email protected] Of course, the main dish in our all across Europe, please check the if interested and/or for further info. recently revamped ’Researchers in event calendar is the next Cryptacus Management Committee & Working Motion’ portal https://euraxess. Blogs and posts to read ec.europa.eu/. Groups Meeting in March, 14-15th, in Sutomore, Montenegro. It will be Proposals for STSMs organised by Milena Djukanovic. Another quite interesting event is the Early Symmetric Crypto (ESC), that will take place 16-20 Jan- uary in Canach, Luxembourg. Or- ganised by Alex Biryukov it will cover, as one of their Special Top- ics, Lightweight Cryptography for the IoT. The aim of the workshop is to By now, you should be already bring together leading experts and familiar with what Short Term Scien- talented junior researchers, and to tific Missions (or STSMs, for short) Chris Brook has recently pub- let them exchange ideas, and discuss are, but we have a healthy budget for lished an interesting piece called open problems in an informal atmo- them within the Cryptacus project ‘2016: The Year in IoT Insecurity’ at sphere. More info at https://goo. and not enough demand. https://goo.gl/As1laR where he gl/EeoWw7. makes a recap of some of the biggest Euro S&P is this year in Paris, We will repeat the STSM offer of stories of the past year in IoT security. 26-28 April. A must! More at https: Aurélien Francillon from last month: //goo.gl/fvjBVN Another interesting read is ‘17 for “At Eurecom we are actively work- 17’, a series of Q&A with leading Mi- The summer school on real-world ing on analyzing embedded devices crosoft researchers across the World crypto and privacy organised by Lejla software and building methodologies and across disciplines, where they will take place in Sibenik (Croatia), and tools for this. An example of that share their general prediction for June 5 to 9. Highly recommended, is our open source Avatar Framework 2017 to 2027 on a number of Com- for all ages! Registration will open (see http://s3.eurecom.fr/tools/ puter Science related topics, where early February 2017. More relevant avatar/) which is aimed to reverse computer security and IoT are cov- info at https://goo.gl/cSCcUZ. engineer devices and search for vul- ered directly or in passing in many nerabilities. We are happy to receive of the answers. Truly though provok- Last but not least, Agusti Solanas visitors interested in the topic, for ing and inspiring reading at https: is editing an Special Issue in the example to get help to start using the //goo.gl/bSrcQM International Journal of RF Tech- Avatar framework on a given device.” nologies Research and Applications (ISSN: 1754-5730) on ‘Advances in RFID for Smart Cities’ with a dead- line of 17th March and a publica- tion date in September. More info at https://goo.gl/YbjggH

If you want to check with another See you all very soon! doctor, TechRepublic has also pub- lished a list of predictions, this time Best, I will be happy to receive anyone more focused on IoT, at https:// Julio Hernandez-Castro interested in investigating the many goo.gl/7DJIH8

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 3 FEBRUARY 2017, NO 6 Cryptacus Newsletter

February’17 Cryptacus Newsletter Welcome to the latest edition of the monthly Cryptacus.eu newsletter, bringing you a glimpse into recent developments in the IoT cryptanal- ysis area. We’d love to receive more of your contributions, comments & feedback at crypta- [email protected]

News from the Chair PhD Students and Postdocs are es- do not hesitate to directly contact pecially (but not exclusively) invited Milena. by GILDAS AVOINE to submit a presentation proposal. Gildas Note that, for each selected pre- sentation, the travel and accommo- Recommended reading dation expenses of the speaker will be fully reimbursed. This is an op- portunity for young researchers to present their work and share ideas with researchers from the scientific Dear Cryptacus Members, community.

I would like to start this newslet- Last but not least, the submission ter by thanking Milena Djukanovic, process is very lightweight, given that We will briefly cover in this is- the organizer of the Cryptacus work- only a 1-page abstract is required by sue two papers co-authored by the shop that will take place next month the program committee for the selec- legendary Adi Shamir, investigating in Montenegro, on March 14th-15th. tion of the presentations. Smart Lights in quite some depth.

Milena already did a great job so Whether or not you plan to sub- The first is “Extended Functional- far to set up the workshop in a very mit a presentation, you can regis- ity Attacks on IoT Devices: The Case short time. I am sure we will have ter to the workshop using this link: of Smart Lights”, and is authored by a great and enjoyable event in Suto- https://goo.gl/P5eCgN. Eyal Ronen and Adi Shamir, both more next month. from the Weizmann Institute of Sci- Note that booking in the hotel ence. A call for presentations was re- of the workshop is particularly con- cently distributed around. It can venient, because Milena Djukanovic They showed how the intended be downloaded from the Cryptacus negociated that the room rate will functionality of smart lights can be website, at https://goo.gl/n8iyLB. include the transportation from/to abused to build a covert LIFI com- May I ask you to distribute this call the airport and the lunches. munication system to exfiltrate data, to relevant mailing lists? even from highly secure environ- If you have other questions, ments. They implemented the attack

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 1 and were able to read the leaked data This research has been covered in a but most of them apparently are go- from a distance of over 100 meters number of major generalist newspa- ing for the straightforward topics using only cheap and readily avail- pers and news sites such as the New of homomorphic encryption, ultra- able equipment. Particularly funny York Times, Forbes, Motherboard, PC lightweight crypto, physical crypt- was the fact that, as a receiver, they Magazine, The Register, Computer- analysis, quantum and automated used a 12in Meade LX200 telescope. World, etc. proof techniques. This was an Invited paper to IEEE S&P Europe 2016. These brilliant papers will defi- It is possible, however, that there You can read it at https://goo.gl/ nitely contribute to validate Shamir’s will be room for a proposal targeting LJCM0A 15 predictions for the next 15 years, the challenge defined by ’Authenti- as presented in his anniversary cated encrypted token research for keynote "Financial Cryptography: mobile payment solutions and re- Past, Present, and Future" at Fi- lated applications’. If you have ex- nancial Cryptography 2016 (check perience in H2020, are willing to https://goo.gl/ifBptN) particu- coordinate a proposal and have ideas larly prediction #1 (Cybersecurity is for seriously contributing to this chal- terrible, and will get worse) and #2 lenge, please do not hesitate to con- (The Internet of Things will be a se- tact me at [email protected] to fur- curity disaster). ther discuss a joint bid.

Alex Biryukov’s team (Cryptolux, at University of Luxembourg) is also The second extremely interesting looking for partners in Crypto, Cy- paper, on a closely related topic, is berSecurity and FinTech areas for “IoT Goes Nuclear: Creating a ZigBee this April call, but also for some Chain Reaction”, also authored by of the later August ones. We will Eyal Ronen and Adi Shamir, this time be targeting DS-07-2017 on ’Ad- with the help of Colin O’Flynn and dressing Advanced Cyber Security Achi-Or Weingarten. Threats and Threat Actors’ https: //goo.gl/V0Qqmd, so please drop me I was fortunate enough to at- a line if you think you can signifi- tend Shamir’s fantastic presenta- cantly contribute to a proposal on tion of this work at ESC’17 in that topic. Canach, Luxembourg. You can read more about it at https://eprint. Of course, we will arrange in the iacr.org/2016/1047 but I would next Cryptacus meeting in Montene- highly recommend you to in ad- gro for a slot to discuss some of these dition visit the awesome site de- calls in detail and will plan ahead voted to this line of research by Eyal Funding News for them, focusing particularly on the at http://iotworm.eyalro.net/ August calls as by them the April one where you can find videos of them will be too close. Our aim is to fa- War-driving and attacking lights in- cilitate the build up of consortia to stalled in the Weizmann, or flying a successfully apply to several of these drone over a high-security building opportunities. in Beer Sheva (hosting the Israeli CERT) and immediately compromis- If you are interested in partici- ing all installed lights. pating in this session, and particu- larly if you want to briefly present a This is extremely fun to watch, project idea to get feedback and po- true, but also extremely concerning, tentially start building-up a consor- particularly taking into account the During the recent ESC 2017, tium, please contact me for booking very real possibility of creating a there was much talk about EU fund- a slot. worm that will automatically spread ing. There seems to be a number unnoticed and could possibly infect of good consortia building up to In addition, we will discuss Marie all buildings in a large city if only target (good news, Switzerland is Curie mobility grants as well. the density of smart lights is over a back in!) the April call on Cryp- threshold. tography https://goo.gl/6SRvF3 Open Positions

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 2 permanent position. Deadline is most attractive position in this 23rd February 2017. More info February list, as Durham is a at https://goo.gl/aiqfxq. small and beautiful city and the university is one of the best Associate/Assistant Professor in in the UK. The initial salary • Formal Methods Technical Uni- Please send us any employment op- will be circa £85,000 and may versity of Denmark - DTU Com- portunity you want to publicize in rise significantly higher, typi- pute. Deadline is 5th February the newsletter. cally around £120,000 depend- 2017. Full time, permanent po- ing on experience and achieved sition. For further info or to There are still 2 open posi- targets. apply, check https://goo.gl/ tions at Kent in the security do- 3CHl2z. main, at assistant professor level, full For other interesting positions time and permanent. Salary range Lecturer or Senior Lecturer or all across Europe, please check the is £32,958 to £46,924. Deadline is • Reader in Systems for the In- recently revamped ’Researchers in 6th February, so hurry up! Please ternet of Things at the Uni- Motion’ portal https://euraxess. come to join an expanding team with versity of Edinburgh - School ec.europa.eu/. many funding successes in Cyberse- of Informatics. Closes on the curity! More info at https://goo. 15th February 2017. Another Proposals for STSMs gl/tHulul. Also, there is now an full time, permanent position. open position for a fully funded 3- Salary range is £39,324 to years long PhD studentship with me, £55,998. Edinburgh is one of so if you want to apply, please check the nicest places to leave in https://goo.gl/YxDzTt. the UK, its university is ex- Other interesting positions are: tremely prestigious and the cost of living and accommodation Chair in Cyber-Secure Engi- • is reasonably low. Also, they’re neering Systems and Processes very welcoming of foreigners, By now, you should be already at Cranfield University - School much more than their neigh- familiar with what Short Term Scien- of Aerospace, Transport and bors to the South, and there’s tific Missions (or STSMs, for short) Manufacturing (SATM). This the off-chance possibility that are, but we have a healthy budget for professorship is full-time, per- they might not Brexit as they them within the Cryptacus project manent. One of the topics voted against and they current and not enough demand. they’re interested in is ’Secu- leaders are strongly opposed to rity of Internet of Things (IoT) it. Or maybe they will do, later We will repeat the STSM offer of devices and systems within in- claim independence and try to Aurélien Francillon from last month: dustrial settings’. The closing re-enter the EU. For more info, th date is 9 February 2017. Ini- visit https://goo.gl/KNB9QD. “At Eurecom we are actively work- tial salary is £66,366. More info ing on analyzing embedded devices Lecturer- Internet of Things, at at https://goo.gl/aZczjS • software and building methodologies University of Essex - School and tools for this. An example of that Lecturer/SL/Reader in Cyber of Computer Science and Elec- is our open source Avatar Framework • Security at the School of Com- tronic Engineering. Full time, (see http://s3.eurecom.fr/tools/ puting Science, University of permanent position, with a avatar/) which is aimed to reverse Glasgow. Another full time, per- th deadline on the 7 February engineer devices and search for vul- manent position with a salary 2017. The position is based nerabilities. We are happy to receive range between £33,943 and in Colchester, one of the most visitors interested in the topic, for £55,998 per annum. Deadline beautiful and greenest cam- example to get help to start using the is the 3rd of February. More info puses in the UK, and its salary Avatar framework on a given device.” at https://goo.gl/ioChFq. range is £39,324 to £46,924. More details at https://goo. Lecturer or Senior Lecturer gl/cSXjXP. • in Internet of Things (IoT) and Cyber security at Liverpool Professor in Department of John Moores University - Com- • Computer Science (with sub- puter Science and Electron- sequent Department Headship) ics and Electrical Engineering. at Durham University - Depart- Starting salary is in the range ment of Computer Science. This £39,324 to £48,327. Full time, is in my opinion one of the

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 3 I will be happy to receive anyone guess. And as long as the ransom The summer school on real-world interested in investigating the many price isn’t too onerous, people will crypto and privacy organised by Lejla limitations and pitfalls of the PRNGs pay.’ You can read more, and many in- will take place in Sibenik (Croatia), and the TRNGs currently in use on teresting comments from readers, at June 5 to 9. Highly recommended, IoT devices. https://goo.gl/sc92MA. for all ages! Registration will open Another interesting reading can early February 2017. More relevant Blogs and posts to read be found in the article ’How the info at https://goo.gl/cSCcUZ. Internet of Things will affect secu- rity & privacy’ by Andrew Meola for Esorics is this year in beautiful Business Insider at https://goo.gl/ Oslo, from 11-15 September. Submis- He3tCE. sion deadline is April 19th. Hope to see many of you there!

Last but not least, Agusti Solanas On his blog ’Schneier on Security’, is editing an Special Issue in the Bruce covers the IoT Ransomware at- International Journal of RF Tech- tack against a Luxury Austrian Hotel, nologies Research and Applications with links to a New York times ar- Event calendar (ISSN: 1754-5730) on ‘Advances in ticle and one on the local Austrian Of course, the main dish in our RFID for Smart Cities’ with a dead- press. He disputes some of the most event calendar is the next Crypta- line of 17th March and a publica- alarming elements of the story, but cus Management Committee & Work- tion date in September. More info at offers a very worrying and probably shop in March, 14-15th, in Sutomore, https://goo.gl/YbjggH prophetic personal opinion: ’I expect Montenegro. It will be organised by IoT ransomware to become a major Milena Djukanovic. See you all very soon! area of crime in the next few years. Euro S&P is this year in Paris, How long before we see this tac- 26-28 April. A must! More at https: Best, tic used against cars? Against home //goo.gl/fvjBVN Julio Hernandez-Castro thermostats? Within the year is my

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 4 MARCH 2017, NO 6 Cryptacus Newsletter

March’17 Cryptacus Newsletter Welcome to the latest edition of the monthly Cryptacus.eu newsletter, bringing you a glimpse into recent developments in the IoT cryptanal- ysis area. We’d love to receive more of your contributions, comments & feedback at crypta- [email protected]

News from the Chair Constantinos Patsakis already apply for research stays start- • by GILDAS AVOINE ing in June. Thomas Gougeon • The Management Committee will Ziya Alper Genc • also have a meeting in Montenegro in order to define the activities that will Eleni Isa • be organized during the next Grant Period. Pietro Monsurro • Nicola Tuveri If you have ideas, wishes, or if • you want to organize an event, do Dear Cryptacus Members, Miodrag Mihaljevic not hesitate to contact either the MC • Chair or the Vice-chair, Gildas Avoine We will have in March the first and Julio Hernandez-Castro, respec- Cryptacus’ workshop, which will take If not done yet, you can still reg- tively, or any Working Group leader place in Sutomore, Montenegro, on ister in the workshop using this link: or vice-leader. March 14-15th. https://goo.gl/XRMOVH See you in Sutomore! A call for presentations was pub- Note that booking in the hotel lished, and 14 presentation proposals of the workshop is convenient be- were accepted. This is the list of ac- cause the organise negociated that Gildas cepted speakers: the room rate will include both the costs of transportation from/to the Recommended reading airport and the lunches. If you have David Gerault questions, do not hesitate to directly • contact Milena. Orhun Kara • Sinisa Tomovic The end of the Grant Period is also • coming soon, i.e., at the end of April. Darren Hurley-Smith • As usual, Short-Term Scientific Mis- There is no way that you have Cesar Garcia sions (STSM) can not be organized not heard of the news that a first • over two Grant Periods. However, SHA-1 collision has been found, but Davide Bellizia candidates interested by STSMs can we have to honor here the important •

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 1 news and the relevance of the find- for security practitioners to migrate It’s the Horizon 2020 Secure So- ing, that although totally expected to safer cryptographic hashes such cieties European Info Day and Bro- has still considerable impact. as SHA-256 and SHA-3. Following kerage Event, that will take place in Google’s vulnerability disclosure pol- Brussels on 6 - 7 March at the Radis- The new was announced at the icy, we will wait 90 days before re- son Blu Royal Hotel. Google Security Blog on the 23rd leasing code that allows anyone to of February (at https://goo.gl/ create a pair of PDFs that hash to the The event is “organized by the B4v3aO). It was a nice joint effort same SHA-1 sum given two distinct Network of Secure Societies National by a team of CWI researchers (Marc images with some pre-conditions.” Contact Points - SEREN3, in collab- Stevens, Pierre Karpman) and Google oration with the European Commis- engineers (Elie Bursztein, Ange Al- More info in 90 days, and at sion. This information day and bro- bertini, Yarik Markov, Alex Petit, https://shattered.io/ kerage event gives details on the Clement Baisse). calls for proposals H2020-CIP 2017, Funding News H2020-SEC 2017 and H2020-DS- They spent a compu- 2017” and is highly recommended. tation effort equivalent to 263.1 SHA-1 compressions (see There will be at least 265 partic- https://eprint.iacr.org/2017/190). ipants, and there is the possibility to arrange short meetings with up to 6 As the authors write, the com- of them to discuss ideas and consor- putation took “approximately 6,500 tium building. CPU years and 100 GPU years. As a result while the computational If it’s too late for you to register, power spent on this collision is keep an eye for similar events later larger than other public cryptanalytic this year. We will inform you of them computations, it is still more than We will arrange in the next in here. 100,000 times faster than a brute Cryptacus meeting in Montenegro force search.” for a slot to discuss some of these More info at https://www. calls in detail and will plan ahead b2match.eu/seren3brussels2017 Despite the undeniably impor- for them, focusing particularly on the tance of the result, it created some August calls as by them the April one Open Positions funny responses on different social will be too close. Our aim is to fa- networks, such as: cilitate the build up of consortia to successfully apply to several of these opportunities.

If you are interested in partici- pating in this session, and particu- Please send us any employment op- larly if you want to briefly present a portunity you want to publicize in project idea to get feedback and po- the newsletter. tentially start building-up a consor- tium, please contact me for booking There are plenty of interesting a slot. open positions, such as:

I haven’t been contacted by any- Professor in Cryptology at one so far, so please hurry up if you • Aalto University. Deadline is want to contribute to this. the 01/04/2017. More info at https://goo.gl/7hy5GL In addition, but only if anyone shows interest, we will discuss Marie Professorship in Computer Net- Curie mobility grants as well. • works and Communication Sys- tems at Brandenburg Univer- Last but not least, though it may sity of Technology (BTU). They be a little late for most of you reading mention their interest in the ar- the newsletter, there is an interesting eas of “the internet of things” The authors added: “Moving for- event in coming up very soon. and “security in computer net- ward, it’s more urgent than ever works”. The application dead-

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 2 line is the 06/04/2017. Ger- smaller security group but they man and English fluency re- have some very talented peo- quired. More info at https:// ple and have recently recruited www.b-tu.de/fakultaet1/. very well and continue to at- tract talent. Also one of the very Assistant Professor in Advanced • top security groups in the UK. Computer Science at Uni- For applying, check https:// versiteit Leiden. Deadline is goo.gl/yDLQS9. 12/03/2017. The want to ap- point one assistant professor Lecturer in Cyber Security, at I will be happy to receive any- • • in the area of Security and an- the University of Southamp- one interested in investigating other in the field of Correctness ton. Application deadline is the the many limitations and pit- th & Automated testing. Salary 13 March, and salary range is falls of the PRNGs and the range from e3,427 e5,330 £37,075 to £46,924. Full-time, TRNGs currently in use on IoT gross per month. More info permanent position, more info devices. at https://goo.gl/1GbhN6. at https://goo.gl/gvl0qo. For other interesting positions Blogs and posts to read In addition, a good number of all across Europe, please check the positions in the other side of the recently revamped “Researchers in channel have recently opened Motion” portal https://euraxess. or are about to close: ec.europa.eu/.

Lecturer/SL/Reader in Cyber Proposals for STSMs • Security at the School of Com- puting Science, University of Glasgow. Another full time, per- manent position with a salary range between £33,943 and £55,998 per annum. Deadline is the 3rd of February. More info at https://goo.gl/ioChFq. By now, you should be already familiar with what Short Term Scien- This month, to continue with the Lecturer in Information Secu- SHA-1 theme, we will recommend • tific Missions (or STSMs, for short) rity at the Information Secu- are, but we have a healthy budget for the read of a blog post that can be rity Group of Royal Holloway, them within the Cryptacus project found at https://goo.gl/gk5AJZ University of London. Dead- and not enough demand. and is title “Lessons From The His- line is the 9th of April, and tory Of Attacks On Secure Hash Func- the salary £41,458 to £49,059 Until somebody sends more pro- tions” where the people of z-cash per annum. Needless to say, posals, we will repeat the STSM of- write very authoritatively about the this is the largest informa- fers of the past, including that of history if hash functions. tion security group in the UK, Aurélien Francillon and mine. and one of the most presti- In particular, they summarize gious. More info at https:// “The main result is that there is a “At Eurecom we are actively goo.gl/0YZzp2. They also of- big gap between the history of col- • working on analyzing em- fer https://goo.gl/hWCgvY a lision attacks and pre-image attacks. bedded devices software and more teaching-focused position Almost all older secure hash func- building methodologies and at the same Lecturer level. tions have fallen to collision attacks. tools for this. An example of Almost none have ever fallen to pre- Lecturer in Computer Security that is ourvopen source Avatar image attacks. • at the School of Computer Sci- Framework (see http://s3. ence, within the College of eurecom.fr/tools/avatar/) Secondarily, no new secure hash Engineering and Physical Sci- which is aimed to reverse en- functions (designed after approxi- ences of the University of Birm- gineer devices and search for mately the year 2000) have so far ingham. Deadline for applica- vulnerabilities. We are happy succumbed to collision attacks, ei- tions is the 2nd of April. Salary to receive visitors interested in ther.” range is £39,324 to £52,793, the topic, for example to get for a full time, permanent po- help to start using the Avatar Good read, very insightful though sition. Birmingham has a much framework on a given device.” controversial at times.

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 3 info at https://goo.gl/cSCcUZ. Last but not least, Agusti Solanas is editing an Special Issue in the Even earlier on, we have (thanks International Journal of RF Tech- Stefan!) the first spring school on se- nologies Research and Applications curity and correctness in IoT, which (ISSN: 1754-5730) on ‘Advances in takes place May 8-12 in Graz, Aus- RFID for Smart Cities’ with a dead- tria. Topics range from software ex- line of 17th March and a publica- ploits and hardware side-channels to tion date in September. More info at formal methods for security verifica- https://goo.gl/YbjggH tion. Standard registration is open Event calendar until April 16. More info at http: Agusti is also organising a spe- Of course, the main dish in our //springschool.iaik.tugraz.at/. cial session in a IEEE Conference on event calendar is the next Cryptacus Smart Health with many topics of Management Committee & Work- The program is very interesting, interest for Cryptacus members, in- shop in March, 14-15th, in Sutomore, and brings in some of the best in cluding: Security, privacy and trust Montenegro. It will be organised by the area (including many Cryptacus management for Smart Healthcare Milena Djukanovic. people) and lots of practical labs. In services/applications, Lightweight addition, they offer a limited number cryptography for Smart Healthcare Euro S&P is this year in Paris, of student stipends to cover registra- devices and systems and Cryptanal- 26-28 April. A must! More at https: tion. ysis of protocols for Smart Health- //goo.gl/fvjBVN care devices. More info at http: ESORICS is this year in beautiful //rtsi2017.ieeesezioneitalia. The summer school on real-world Oslo, from 11-15 September. Submis- it/tech_sessSH.html th crypto and privacy organised by Lejla sion deadline is April 19 . Hope to See you all very soon! will take place in Sibenik (Croatia), see many of you there! June 5 to 9. Highly recommended, Best, for all ages! Registration will open Julio Hernandez-Castro early February 2017. More relevant

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 4 APRIL 2017, NO 7 Cryptacus Newsletter

April’17 Cryptacus Newsletter Welcome to the latest edition of the monthly Cryptacus.eu newsletter, offering a glimpse into recent developments in the IoT cryptanalysis area. We’d love to receive more of your con- tributions, comments & feedback at crypta- [email protected]

News from the Chair speakers who participated in the re- newsletter. cent Montenegro’s workshop. They by GILDAS AVOINE came from Finland, France, Greece, In addition, Cryptacus is look- Italy, Luxembourg, Serbia, Turkey, ing for a volunteer to manage the and the United Kingdom. website. Pascal Junod has been the website manager for two years but Another workshop will likely be he got a new position and he decided organized in Fall 2017, and a training to resign from Cryptacus. school in Spring 2018. More infor- Pascal did a great job during two mation will be provided in the next years to set up and manage the web- newsletter. site. Dear Cryptacus Members, Cryptacus is consequently now look- ing for a volunteer to replace Pascal. April 30th is the end of the current Now that the website site is launched, yearly grant period. During this pe- the task is pretty lightweight. Pascal riod, Cryptacus organized a meeting said he will ensure the transition. at Sophia-Antipolis in France, and Please contact me if you want to vol- a recent workshop at Sutomore in unteer. Montenegro. It was a great success and an enjoyable experience, in a All the best. big part due to the excellent organ- In the meanwhile, Cryptacus’ isation my Milena Djukanovic, and members are invited to collaborate Gildas it even got some coverage by Mon- on their own. Several initiatives have tenegro’s Ministry of Research (see also been launched: a H2020 project Recommended reading https://goo.gl/ug1GpF). proposal (see the email sent by Billy Brumley), a collaborative book about We also funded 6 grants for short- cryptanalysis in ubiquitous comput- term scientific missions from, or to, ing systems (Julio Hernandez-Castro the following countries: Belgium, will provide us with more details in Finland, Greece, Italy, Israel, Nether- the coming weeks), and also do not lands, Spain, Sweden, and Switzer- forget to promote STSMs, open fac- This month we will start with a land. Cryptacus also funded the 14 ulty positions, and PhD theses in the paper on Grouping Proofs by Denis

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 1 Tr˘cek. It was published in the Journal per annum. Needless to say, Sensors in 2016, number 16, volume this is the largest informa- 1. Its title is Wireless Sensors Grouping tion security group in the UK, Proofs for Medical Care and Ambient and one of the most presti- Assisted-Living Deployment, and you gious. More info at https:// can read it at http://www.mdpi. Please send us any employment op- goo.gl/0YZzp2. They also of- com/1424-8220/16/1/33. portunity you want to publicize in fer https://goo.gl/hWCgvY a the newsletter. more teaching-focused position The paper provides a lengthy at the same Lecturer level. and detailed review of the grouping There are plenty of interesting Lecturer in Computer Security proofs literature, detailing the many open positions, such as: • at the School of Computer Sci- security issues encountered and tries ence, within the College of to extract lessons and prudent engi- A PhD Scholarship is open for Engineering and Physical Sci- neering practices from them. It offers • a thesis on forensics in em- ences of the University of Birm- a new lightweight grouping proof bedded systems in the research ingham. Deadline for applica- with privacy provisioning, and with group of Prof. Gildas Avoine in tions is the 2nd of April. Salary a formal security proof in HLPSL for Rennes (France). The PhD the- range is £39,324 to £52,793, AVISPA. sis will start in Fall 2017. Ap- for a full time, permanent po- plications must be sent before sition. Birmingham has a much April 20th, 2017. More informa- Funding News smaller security group but they tion at http://www.avoine. have some very talented peo- net/forensics_avoine.pdf ple and have recently recruited Prof. Milutinovic wants us very well and continue to at- • to announce this position tract talent. Also one of the very with Maxeler CyberSecu- top security groups in the UK. rity https://www.maxeler. For applying, check https:// com/about-us/careers/ goo.gl/yDLQS9. opportunities/#cyber_sec For other interesting positions all across Europe, please check the Professor in Cryptology at recently revamped “Researchers in • Aalto University. Deadline is Motion” portal https://euraxess. the 01/04/2017. More info at Following our H2020 Opportu- ec.europa.eu/. nities presentation in Montenegro, https://goo.gl/7hy5GL we are happy that both Miodrag Mi- Professorship in Computer Net- Proposals for STSMs haljevic and Billy Brumley gave it a • works and Communication Sys- try to mount consortia and propos- tems at Brandenburg Univer- als for the Crypto call. Good luck to sity of Technology (BTU). They both and thanks for moving things mention their interest in the ar- forward! I am sure that many great eas of “the internet of things” things will come in the future when and “security in computer net- we target other calls with more time. works”. The application dead- This is why we will continue to ar- line is the 06/04/2017. Ger- By now, you should be already range another H2020 session on the man and English fluency re- familiar with what Short Term Scien- next Cryptacus meeting. It will be a quired. More info at https:// tific Missions (or STSMs, for short) good opportunity to discuss some of www.b-tu.de/fakultaet1/. are, but we have a healthy budget for the most relevant future calls in de- them within the Cryptacus project tail, and plan well ahead of them to In addition, a good number of and not enough demand. increase your success chances. positions in the other side of the If you are interested in participating channel have recently opened Until somebody sends more pro- in this session, and particularly if you or are about to close: posals, we will repeat the STSM of- want to briefly present a project idea fers of the past, including that of Lecturer in Information Secu- to get feedback and potentially start • Aurélien Francillon and mine. building-up a consortium, please con- rity at the Information Secu- tact me for booking a slot. rity Group of Royal Holloway, University of London. Dead- “At Eurecom we are actively th • Open Positions line is the 9 of April, and working on analyzing em- the salary £41,458 to £49,059 bedded devices software and

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 2 building methodologies and people) and lots of practical labs. In tools for this. An example of addition, they offer a limited number that is ourvopen source Avatar of student stipends to cover registra- Framework (see http://s3. tion. eurecom.fr/tools/avatar/) which is aimed to reverse en- The summer school on real-world gineer devices and search for crypto and privacy organised by Lejla vulnerabilities. We are happy will take place in Sibenik (Croatia), to receive visitors interested in June 5 to 9. Highly recommended, Another interesting news item is the topic, for example to get for all ages! Registration will open the development of a new Metas- help to start using the Avatar early February 2017. More relevant ploit extension for testing the secu- framework on a given device.” info at https://goo.gl/cSCcUZ. rity of IoT devices. This extension is called RFTransceiver and will let ESORICS is this year in beautiful us detect and scan wireless devices Oslo, from 11-15 September. Submis- operating outside the 802.11 spec. sion deadline is April 19th. Hope to This could be very useful for pen- see many of you there! testers and researchers finding vul- nerabilities, for example, in smart lighting systems using the Zigbee communication protocol, network- I will be happy to receive any- enabled alarms, surveillance and • one interested in investigating door control systems, etc. More info Indocrypt is this year in Chennai, the many limitations and pit- at https://goo.gl/RuXDEV. This is with a paper submission deadline of falls of the PRNGs and the an useful addition to their IoT- August 20th and notification on the TRNGs currently in use on IoT seeker free tool for finding connected 5th of October. The conference will be devices. IoT devices and checking for de- from 10-13 December. fault passwords, that can be down- Blogs and posts to read loaded from https://information. rapid7.com/iotseeker.

Agusti Solanas is organising a special session in a IEEE Conference on Smart Health with many topics of interest for Cryptacus members, including: Security, privacy and trust Event calendar management for Smart Healthcare The first spring school (thanks services/applications, Lightweight Stefan!) on security and correctness cryptography for Smart Healthcare in IoT, takes place May 8-12 in Graz, devices and systems and Cryptanal- Austria. Topics range from software ysis of protocols for Smart Health- exploits and hardware side-channels care devices. More info at http: This month, we can recom- to formal methods for security verifi- //rtsi2017.ieeesezioneitalia. mend a short piece on PKI for cation. Standard registration is open it/tech_sessSH.html IoT by Jeremy Rowley on Issue until April 16. More info at http: 53 of the Insecure Magazine by //springschool.iaik.tugraz.at/. See you all very soon! HelpNetSecurity.com at https: //www.helpnetsecurity.com/ The program is very interesting, Best, insecuremag/issue-53-march-2017/ and brings in some of the best in Julio Hernandez-Castro the area (including many Cryptacus

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 3 MAY 2017, NO 8 Cryptacus Newsletter

May’17 Cryptacus Newsletter Welcome to the latest edition of the monthly Cryptacus.eu newsletter, offering a glimpse into recent developments in the IoT cryptanalysis area. We’d love to receive more of your con- tributions, comments & feedback at crypta- [email protected]

News from the Chair As you will be able to read in this newsletter, many faculty positions in by GILDAS AVOINE Recommended reading the field of computer security are cur- rently open. If you have such open positions in your institution, or Phd/Postdoc op- portunities, do not hesitate to contact Julio ([email protected]) who will advertise them in the next newsletter.

Dear Cryptacus Members, For young researchers (i.e., early career investigators according to The last Grant Period ended on COST’s terminology) applying for April 30th, 2017. an STSM is an opportunity to visit an institute and promote yourself in The new one should start soon. case a position would be opened in Following the official procedure, the your field. This month we will briefly cover work and budget plan has been an important paper titled Exploring submitted to the COST Office and Finally, I would like to encour- Potential 6LoWPAN Traffic Side Chan- Cryptacus’ Management Committee age Cryptacus’ members to attend nels by Yan Yan, Elisabeth Oswald will then be requested to approve it. and send their students to the two and Theo Tryfonas from the Bristol summer schools mentioned in this Security Group. You can read a pre- Two events have been suggested newsletter, namely the summer liminary version of it at https:// in the work and budget plan, namely schools on "security and correctness eprint.iacr.org/2017/316.pdf. 6 a workshop in November, and a train- in the IoT" in Austria, and about "real- LoWPAN is the name for IPv6 over ing school in April 2018. Locations world crypto and privacy" in Croatia. Low power Wireless Personal Area and organizers will be publicly an- Both are highly recommended. Networks, massively used in IoT envi- nounced after the official validation ronments, and the paper raises some of the plan, likely before the end of All the best. serious security and privacy issues. May. They study side channel information Gildas on the protocol level that can ex-

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 1 ist despite the correct use of cryp- More info at https://goo.gl/ tography. Concretely, they investigate m35w5A the potential for using packet length Senior Lecturer / Associate Pro- and timing information extract valu- • able information from a device. Ex- fessor in Security at The Uni- versity of Sydney - School of ploiting this, they can distinguish Please send us any employment op- Information Technologies, Fac- (fingerprint) between devices, know portunity you want to publicize in ulty of Engineering and Infor- which different programs are running the newsletter. on the same device, including which mation Technologies. Appar- ently housing prices in Sydney sensor is accessed. They also distin- Interesting opportunities are are astronomical, but the salary guish between different ICMP mes- lately arising in computer security for the position, ranging from sage types despite the use of encryp- with the transparent aim to attract £88,332.30 to £117,175.50 tion. talent willing to leave the UK af- may be good enough to cover ter Brexit. New Zealand, Australia, They finish their work by provid- for that. Deadline for applica- Canada and Ireland are some of the ing a set of recommendations to ef- tions is the 14th May. More info firsts moving in this direction, as ficiently mitigate these side channels at https://goo.gl/tT0U0X. in the IoT context, notably padding shown in the list below. When will and using time-constant code. France, the Netherlands and Ger- In addition, a good number of The paper is very practical, with ex- many follow? Asking for a friend... positions on the wrong side amples over two extremely popular of the channel have recently devices running on an open source Lecturer in Digital Security. opened: • University of Auckland, New OS (Contiki) with a typical stack of Assistant/Associate Professor in protocols. Zealand - Faculty of Science, • Department of Computer Sci- Computer Science at Durham ence. Deadline of 25th May University. Deadline is the 30th Funding News 2017. They are particularly in- May, salary up to £55,998. terested in experts on digital They mention in the job de- forensics, security testing, or scription both computer secu- software obfuscation, security rity and cryptographic analysis, or privacy for mobile devices, whatever that may be. Apply at cyber-physical systems (esp. In- https://goo.gl/pTPqwC. ternet of Things), machine-to- Last but not least, a couple of machine systems, and big data • new positions at the University systems. More information at of Kent, my current institution, https://goo.gl/Zb1tLJ . at the Senior Lecturer and the Senior Lecturer in Secure Sys- Lecturer level. Deadline is the • tems University of Surrey - 5th of June, applications and Department of Computer Sci- further info at https://goo. ence. Deadline is the 25th gl/7AjKg2. We will continue to arrange an- May. Salary is from £39,324 to For other interesting positions other H2020 session on the next £57,674 per year. Two priority Cryptacus meeting. It will be a good all across Europe, please check the areas are security through hard- recently revamped “Researchers in opportunity to discuss some of the ware and applied cryptography most relevant future calls in detail, Motion” portal https://euraxess. and secure systems and applica- ec.europa.eu/. and plan well ahead of them to in- tions https://goo.gl/HUWh5F. crease your success chances. There is a similar position at the Proposals for STSMs Lecturer level in the same in- If you are interested in partici- stitution with the same dead- pating in this session, and particu- line, you can get more info at larly if you want to briefly present a https://goo.gl/xAaDbA. project idea to get feedback and po- tentially start building-up a consor- Professor in Cryptology at Aalto • tium, please contact me for booking University. This post has been a slot. around for a while. The dead- line for applications has been By now, you should be already Open Positions moved forward from the 1st familiar with what Short Term Scien- April to the 3rd of May. tific Missions (or STSMs, for short)

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 2 are, but we have a healthy budget for âAIJphlashing⢠A˘˙I. PDoS are attacks them within the Cryptacus project that damage systems so badly that and not enough demand. they require replacement or reinstal- lation of hardware.

Until somebody sends more pro- By exploiting security flaws or posals, we will repeat the STSM of- misconfigurations, in this case match- fers of the past, including that of ing the devices targeted by Mirai, this Aurélien Francillon and mine. type of cyber attack can destroy the firmware and/or basic functions of system. In the figure above (by Rad- ware) you can observe the actual command sequence used by Bricker- “At Eurecom we are actively Bot.1 to compromise IoT devices and • working on analyzing em- corrupt their storage, disrupt Internet bedded devices software and connectivity, performance, and wipe building methodologies and all files on the device. tools for this. An example of This month, we start by seriously that is ourvopen source Avatar recommending a brilliant piece of The BrickerBot author was later Framework (see http://s3. ongoing work by a well-known col- interviewed in https://goo.gl/ eurecom.fr/tools/avatar/) league. It is a book called Serious NgzUVY and claimed to have bricked which is aimed to reverse en- Cryptography by Jean-Philippe Au- 2 million IoT devices. The hacker gineer devices and search for masson. also claims that the malware first vulnerabilities. We are happy Aumasson is now a Principal Re- attempts to secure the units with- to receive visitors interested in search Engineer at Kudelski after out damaging them and only bricks the topic, for example to get being an academic for many years. them as a last resort. He or she goes help to start using the Avatar He has authored many important by the very appropriate handle of framework on a given device.” crypto papers and primitives such as Janit0r, who claims his work was just BLAKE2 and SipHash. an attempt to make the creation of He regularly speaks at some of the million-device botnets more difficult, best-known InfoSec conferences. The and raise awareness. book will be published by the pres- tigious No Starch Press, and you Janit0r may have half a point, but can get a better idea of its con- I rather deal with the approach use tents and download Chapter 4 for by Hajime https://goo.gl/vQfe6E free at https://www.nostarch.com/ or Wifatch https://goo.gl/YpLfSS seriouscrypto. that seem to try to harden compro- I am really looking forward to read mised devices. his Chapter 2, on Randomness. This looks like a really good book for both In any case, interesting times teaching and refreshing your crypto ahead! knowledge, and I appreciate the use- ful Python examples that populate its pages.

I will be happy to receive any- • one interested in investigating the many limitations and pit- falls of the PRNGs and the TRNGs currently in use on IoT devices.

Another interesting news item is Brickertbot, one of the first Perma- Event calendar Blogs, posts and other nent Denial of Service (PDoS) IoT The first spring school (thanks threats https://goo.gl/O72mpE. Stefan!) on security and correct- good reads This techniques is also known as ness in IoT, takes place May 8-12

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 3 in Graz, Austria. Topics range from LatinCrypt is this year in La Ha- software exploits and hardware side- bana, Cuba, running immediately af- channels to formal methods for se- ter the Advanced School on Cryptol- curity verification. Standard registra- ogy and Information Security in Latin tion was open until April 16. More America (ASCrypto 2017), in cooper- info at http://springschool.iaik. ation with IACR. The school will take Indocrypt is this year in Chennai, tugraz.at/. place from the 17-19 September, and with a paper submission deadline of the LatinCrypt conference from the August 20th and notification on the The program is very interesting, 20-22. Deadline for paper submission 5th of October. The conference will be and brings in some of the best in is the 8th May at 2pm GMT. from 10-13 December. the area (including many Cryptacus people) and lots of practical labs. In addition, they offer a limited number of student stipends to cover registra- tion.

The summer school on real-world crypto and privacy organised by Lejla will take place in Sibenik (Croatia), The 17th Smart Card Research June 5 to 9. Highly recommended, and Advanced Application (CARDIS) See you all very soon! for all ages! Registration will open Conference will be held in Lugano, early February 2017. More relevant Switzerland, from November 13th to Best, info at https://goo.gl/cSCcUZ. 15th 2017. The deadline is the 21st Julio Hernandez-Castro of July.

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 4 JUNE 2017, NO 9 Cryptacus Newsletter

June’17 Cryptacus Newsletter Welcome to the latest edition of the monthly Cryptacus.eu newsletter, offering a glimpse into re- cent developments in the IoT cryptanalysis and related areas. We’d love to receive more of your contributions, comments & feedback at crypta- [email protected]

News from the Chair A Management Committee meet- research results. ing will also take place jointly with by GILDAS AVOINE these two events. Best regards, Gildas A web page will be set up soon to provide information about Ni- Recommended reading jmegen’s workshop. Each Manage- ment Committee member will re- ceive his/her official invitation letter before the summer break.

Dear Cryptacus Members, It is worth noting that the Ni- jmegen’s event will be a 3-day work- This month we will briefly cover I am glad to tell you that the new shop instead of the 2-day workshops an important paper just uploaded yearly Grant Period is now open, and we ran in the past. We aim to provide to e-print titled State of the Art in STSMs can consequently be carried more free time to Cryptacus’ partici- Lightweight Symmetric Cryptography out again. pants for collaboration. by Alex Biryukov and Leo Perrin from the Luxembourg Security Group. Cryptacus’ Management Com- Activities to encourage and fa- mittee approved the organization cilitate collaboration will be set up. You can read a preliminary ver- of two events during this Grant Pe- Do not hesitate to contact me if you sion of it at https://eprint.iacr. riod, namely a workshop on Nov. would like to share thoughts about org/2017/511.pdf. 16-18, 2017 in Nijmegen (Nether- such activities. lands) organized by Lejla Batina, The authors present an extensive and a training school on April 16-20, As we did in Sutomore (Montene- survey of all lightweight symmetric 2018 (tentative dates that might be gro), the workshop will mostly (but primitives they could get their hands modified) in Sao Miguel Island (Por- not only) consist of submitted pre- on, including designs from the aca- tugal) organized by Ricardo Chaves. sentations. The expenditures of the demic community, government agen- selected speakers will be fully reim- cies and even proprietary algorithms Thanks to both of them for their bursed, which is a great opportunity which were reverse-engineered or involvement in Cryptacus. - especially for young researchers - to leaked. attend a workshop and present their

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 1 More controversially, they argue Although off-putting in size, these Zealand - Faculty of Science, that lightweight cryptography is too documents outline all the calls, bud- Department of Computer Sci- large a field that should be split into gets and deadlines for the next three ence. Deadline of 25th May two related but distinct areas: ultra- years: 2018-2021 (with the exception 2017. They are particularly in- lightweight and IoT cryptography. of the ERC that publishes annually). terested in experts on digital forensics, security testing, or They propose the former to deal We cannot share these documents software obfuscation, security only with the smallest of devices, publicly, but will be happy to answer or privacy for mobile devices, for which a lower security level may your questions on particular calls if cyber-physical systems (esp. In- be justified by the very harsh design you send them to me by email. ternet of Things), machine-to- constraints. They envision the lat- machine systems, and big data ter to focus on low-power embedded Use this opportunity to check calls systems. More information at processors for which the AES and in your area of interest and buy your- https://goo.gl/Zb1tLJ. modern hash function are too costly self months of extra time before the Senior Lecturer in Secure Sys- but which have nevertheless to pro- calls are published later in the year • vide a high level of security due to or in coming years. tems University of Surrey - their greater connectivity. Department of Computer Sci- As a brief taster, the areas most ence. Deadline is the 25th Perhaps not all readers will agree relevant to the Cryptacus aims are May. Salary is from £39,324 to with this proposal, but their division perhaps those covered in the Se- £57,674 per year. Two priority makes sense and provides good food cure Societies. in particular we want areas are security through hard- for though. to highlight the following calls: SU- ware and applied cryptography INFRA02-2019 on ’Security for Smart and secure systems and applica- As the authors say ’connecting a Cities and soft targets in Smart cities’. tions https://goo.gl/HUWh5F. family of devices to a global network Interestingly, subtopic 3 on ’Under- There is a similar position at the and protecting them with an 80-bit standing the drivers of cybercriminal- Lecturer level in the same in- key is not a desirable situation, and ity and new methods to prevent, in- stitution with the same dead- yet it is what may happen if an ultra- vestigate and mitigate cybercriminal line, you can get more info at lightweight algorithm is used where behaviour’ has a description around https://goo.gl/xAaDbA. IoT and how it is an increasingly in- an IoT one is needed’. Indeed. Hamilton Professorships in terested target for cybercriminals. • Computer Science at Maynooth Funding News University. The areas of interest Open Positions cover, between others, Cyber- security and Privacy. Plenty of time to decide whether to ap- ply, with a deadline on Friday 20th of October. Salary could be e110,060 to e139,501 p.a. for Professor A and e80,650 Please send us any employment op- to e106,655 p.a. for the Pro- portunity you want to publicize in fessor B range. More info at the newsletter. https://goo.gl/LSvKhM.

Interesting opportunities are Senior Lecturer / Associate Pro- • We have been given early access lately arising in computer security fessor in Security at The Uni- to the next set of EU Horizon2020 with the transparent aim to attract versity of Sydney - School of draft work programmes. talent willing to leave the UK af- Information Technologies, Fac- ter Brexit. New Zealand, Australia, ulty of Engineering and Infor- These are important documents - Canada, China and Ireland are some mation Technologies. Appar- describing all the EU research fund- of the firsts moving in this direction, ently housing prices in Sydney ing calls that will happen between as shown in the list below. When will are astronomical, but the salary 2018 and 2021. France, the Netherlands and Ger- for the position, ranging from many follow? Asking for a friend... £88,332.30 to £117,175.50 This is a great opportunity to get may be good enough to cover ahead of the game, plan early and for that. Deadline for applica- start talking to collaborators. Lecturer in Digital Security. tions is the 14th May. More info • University of Auckland, New at https://goo.gl/tT0U0X.

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 2 There is also an exceptional and not enough demand. All over the news in recent times • opportunity at the increasingly here in the UK has been a study active and prestigious secu- Until somebody sends more pro- by University of Twente that claims rity group at the Vrije Univer- posals, we will repeat the STSM of- that smart meters are producing in siteit Amsterdam. The post is fers of the past, including that of some case readings that wrongly try for an Assistant or Associate Aurélien Francillon and mine. to charge customers up to six times Professor position in Systems their right consumption. Security, with a salary from e3605 to e6438. More info at “At Eurecom we are actively • An example of this, covered https://goo.gl/5bWHl8. working on analyzing em- in The Telegraph, is at https: bedded devices software and //goo.gl/RtDXL1. This is, of course, building methodologies and In addition, there are a good not great for smart meter adoption tools for this. An example of number of positions on the and by extension also could affect that is ourvopen source Avatar wrong side of the channel: other smart devices. Framework (see http://s3. eurecom.fr/tools/avatar/) This is particularly worrisome in Assistant/Associate Professor in which is aimed to reverse en- the uK, as the government is push- • Computer Science at Durham gineer devices and search for ing for putting smart meters in every University. Deadline is the 30th vulnerabilities. We are happy household by 2020, claiming it will May, salary up to £55,998. to receive visitors interested in improve the accuracy of people’s en- They mention in the job de- the topic, for example to get ergy bills. scription both computer secu- help to start using the Avatar rity and cryptographic analysis, framework on a given device.” The study points this is not always whatever that may be. Apply at the case, and gives conspiracy theo- https://goo.gl/pTPqwC. rists too worried about their privacy impact https://goo.gl/mqoQVB fur- Lecturer/Senior Lecturer in Cy- • ther fuel to vigorously oppose these ber Security at De Montfort measures. University - Faculty of Technol- ogy. De Montfort is recruiting Apparently the main culprits are heavily in recent times, and ’green devices such as energy saving clearly is trying to attract talent light bulbs, heaters, LED bulbs and and build a good cybersecurity I will be happy to receive any- dimmers that change the shape of team. Deadline for applications • one interested in investigating electric currents which can result in is the 2nd of July. More info at the many limitations and pit- a distorted reading’. Interesting but https://goo.gl/0tK1AX falls of the PRNGs and the very troubling. TRNGs currently in use on IoT devices. For other interesting positions all across Europe, please check the Blogs, posts and other recently revamped “Researchers in good reads Motion” portal https://euraxess. ec.europa.eu/.

Proposals for STSMs

Another interesting piece of news is the publication of a very damming By now, you should be already report by F-Secure regarding Chinese familiar with what Short Term Scien- manufacturer Foscam. tific Missions (or STSMs, for short) are, but we have a healthy budget for The security cameras produced by them within the Cryptacus project Foscam are so plagued with security

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 3 issues that they can be easily com- promised remotely so that attackers can get total control over them and heir video feeds.

Even worse, they responsibly dis- closed their findings to the manufac- The 16th IMA International Con- turer months ago and they basically ference on Cryptography and Coding sit on them. More worrying, these Event calendar will take place in St Catherine’s Col- serious vulnerabilities seem to exist lege, University of Oxford from 12- in many other camera models man- The 17th Smart Card Research 14 December. The deadline for sub- ufactured by Foscam for other makes. and Advanced Application (CARDIS) mission is the 14th of July. This is a Conference will be held in Lugano, prestigious and venerable conference Switzerland, from November 13th to with an excellent Program Commit- 15th 2017. The deadline is the 21st tee. More info at https://goo.gl/ Hard-coded passwords that can’t of July. KejTXB. be changed by the user are just one of many issues. Foscam manufactures cameras for, between many others, Chacon, Thomson, 7links, Opticam, Netis, Turbox, Novodio, Ambientcam, Nexxt, etc.

Indocrypt is this year in Chennai, See you all very soon! with a paper submission deadline of More info here https://goo.gl/ August 20th and notification on the Best, YveuS2. 5th of October. The conference will be Julio Hernandez-Castro from 10-13 December.

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 4 JULY 2017, NO 10 Cryptacus Newsletter

July’17 Cryptacus Newsletter Welcome to the July edition of the monthly Crypta- cus.eu newsletter, offering a glimpse into recent de- velopments in the IoT cryptanalysis and related areas. We’d love to receive many more of your contributions, comments & feedback at crypta- [email protected]

News from the Chair will also be sent soon. You can read a preliminary by GILDAS AVOINE version of it at https://goo.gl/ Another major action that will ih2MTG. be launched soon, is the writing of a book on the topics addressed in The authors present their report Cryptacus. on a research project commissioned the EU on the future of safety reg- This idea comes from Montene- ulations once computers IoT is ev- gro’s meeting, and Julio and I cur- erywhere. Authors reason that the rently work on the organization of EU already regulates many aspects Dear Cryptacus Members, this collaborative work. Cryptacus’ of the safety of vehicles, medical de- members will receive an email soon vices, electrical equipment, domestic The summer break is coming about this work. appliances and even toys and that soon, and this newsletter is the last as these devices become ’smart’ their one of the current academic year. I am sure many of you will be vol- vulnerabilities may be remotely ex- unteers to work on this issue, possibly ploited, with consequent risks. The next one will be in Septem- with some of your PhD Students. ber. I hope you will enjoy your sum- These systems are certified under mer break and come back well rested Have a great Summer! a disparate range of European, na- in September. tional, industry and other schemes so in their work they describe the Gildas On November 16-18, 2017 in Ni- problems and outline the opportu- nities for governments, industry and jmegen (Netherlands) Lejla Batina Recommended reading will organize Cryptacus’ workshop. researchers. You can already motivate your PhD This month we will briefly cover students and colleague to submit a an important paper just uploaded to The controversially state:’The EU presentation. the WEIS 2017 program webpage ti- is already the world’s main privacy tled Standardisation and Certification regulator, as Washington doesn’t care A call for presentation will be of the ’Internet of Things’ by Eireann and nobody else is big enough to published during the summer. As I Leverett, Richard Clayton and Ross matter.’ told you in the last newsletter, the in- Anderson. vitation letters for the MC members This will generate huge oppor-

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 1 tunities and challenges, and change ity and new methods to prevent, in- and secure systems and applica- the environment as we see it now. vestigate and mitigate cybercriminal tions https://goo.gl/HUWh5F. For example, they claim that safety behaviour’ has a description around There is a similar position at the and security are merging: safety en- IoT and how it is an increasingly in- Lecturer level in the same in- gineers are going to have to learn all terested target for cybercriminals. stitution with the same dead- about security, and vice versa. line, you can get more info at Open Positions https://goo.gl/xAaDbA. Interesting food for though. Hamilton Professorships in Funding News • Computer Science at Maynooth University. The areas of interest cover, between others, Cyber- security and Privacy. Plenty of time to decide whether to ap- ply, with a deadline on Friday 20th of October. Salary could be e110,060 to e139,501 p.a. for Professor A and e80,650 Please send us any employment op- e We have been given early access to 106,655 p.a. for the Pro- portunity you want to publicize in fessor B range. More info at to the next set of EU Horizon2020 the newsletter. draft work programmes. https://goo.gl/LSvKhM. Interesting opportunities are Senior Lecturer / Associate Pro- These are important documents - lately arising in computer security • fessor in Security at The Uni- describing all the EU research fund- with the transparent aim to attract versity of Sydney - School of ing calls that will happen between talent willing to leave the UK af- Information Technologies, Fac- 2018 and 2021. ter Brexit. New Zealand, Australia, ulty of Engineering and Infor- Canada, China and Ireland are some mation Technologies. Appar- This is a great opportunity to get of the firsts moving in this direction, ently housing prices in Sydney ahead of the game, plan early and as shown in the list below. When will are astronomical, but the salary start talking to collaborators. France, the Netherlands and Ger- for the position, ranging from many follow? Asking for a friend... £88,332.30 to £117,175.50 Although off-putting in size, these may be good enough to cover documents outline all the calls, bud- for that. Deadline for applica- gets and deadlines for the next three Lecturer in Digital Security. tions is the 14th May. More info years: 2018-2021 (with the exception • University of Auckland, New at https://goo.gl/tT0U0X. of the ERC that publishes annually). Zealand - Faculty of Science, Department of Computer Sci- There is also an exceptional We cannot share these documents ence. Deadline of 25th May • opportunity at the increasingly publicly, but will be happy to answer 2017. They are particularly in- active and prestigious secu- your questions on particular calls if terested in experts on digital rity group at the Vrije Univer- you send them to me by email. forensics, security testing, or siteit Amsterdam. The post is software obfuscation, security for an Assistant or Associate Use this opportunity to check calls or privacy for mobile devices, Professor position in Systems in your area of interest and buy your- cyber-physical systems (esp. In- Security, with a salary from self months of extra time before the ternet of Things), machine-to- e3605 to e6438. More info at calls are published later in the year machine systems, and big data https://goo.gl/5bWHl8. or in coming years. systems. More information at https://goo.gl/Zb1tLJ. As a brief taster, the areas most In addition, there are a good relevant to the Cryptacus aims are Senior Lecturer in Secure Sys- number of positions on the • perhaps those covered in the Se- tems University of Surrey - wrong side of the channel: cure Societies. in particular we want Department of Computer Sci- to highlight the following calls: SU- ence. Deadline is the 25th INFRA02-2019 on ’Security for Smart May. Salary is from £39,324 to Assistant/Associate Professor in Cities and soft targets in Smart cities’. £57,674 per year. Two priority • Computer Science at Durham Interestingly, subtopic 3 on ’Under- areas are security through hard- University. Deadline is the 30th standing the drivers of cybercriminal- ware and applied cryptography May, salary up to £55,998.

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 2 They mention in the job de- publishing here. Until I do not have scription both computer secu- any more, I’ll just publish mine. rity and cryptographic analysis, whatever that may be. Apply at https://goo.gl/pTPqwC. Lecturer/Senior Lecturer in Cy- • ber Security at De Montfort University - Faculty of Technol- ogy. De Montfort is recruiting heavily in recent times, and clearly is trying to attract talent A funny piece of news was the and build a good cybersecurity revelation that a number of CIA con- team. Deadline for applications tractors were fired for stealing from I will be happy to receive any- is the 2nd of July. More info at a smart vendor machine. The inves- • one interested in investigating https://goo.gl/0tK1AX tigation, unveiled by BuzzFeed after the many limitations and pit- requesting a FoIA, showed that the falls of the PRNGs and the total amount of snack stolen was of TRNGs currently in use on IoT $3,314. devices. They used some sort of manipu- Blogs, posts and other lates payment cards after unplugging a cable connecting the machines to good reads their electronic payment system. New Fund for investing on IoT They were caught after surveil- Last, but not least, our CRYPTA- start-ups lance cameras at several vending CUS colleague Billy Brum- locations recorded their moves. ley (you can contact him at Trend Micro, the well known billy.brumley@tut.fi) sent us security company, has recently They admitted to the thefts. All this position at his institution: launched a $100 million fund to in- surrendered their CIA badges, were vest in promising start-ups in the area Tenure Track at Assistant Pro- escorted from the building by se- of IoT security. • fessor or Associate Professor curity, and fired by their respective level, with a focus on software contract employers. security, hardware security, crit- The company current value is ical systems security or network around $7.5 billion, and it is present The Department of Justice de- security at Tampere University in over 50 countries, with over 5,000 clined to press charges. More info of Technology. The deadline is staff, and is best known for IT secu- here https://goo.gl/9wY5bw. 28 Aug. More information at rity products that include threat de- https://goo.gl/9UCn16 tection and antivirus. A spokesperson said:’Working with these investments For other interesting positions will uncover insights into emerging all across Europe, please check the ecosystem opportunities, disruptive recently revamped “Researchers in business models, market gaps and Motion” portal https://euraxess. skillset shortages. ec.europa.eu/. These learnings will influence Proposals for STSMs Trend Micro’s cybersecurity solu- By now, you should be already tion planning across the company’. Hypponen’s Bleak Forecast familiar with what Short Term Scien- The form is looking at making 15-20 tific Missions (or STSMs, for short) investments per year. If you’re inter- Mikko Hypponen, the chief re- are, but we have a healthy budget for ested in this initiative, please check search officer at F-Secure, gave a them within the Cryptacus project https://goo.gl/6pacxQ. very interesting but arguably pes- and not enough demand. simistic interview to The Reg (more Not so smart, robbing smart at https://goo.gl/cwn1aj) dis- Please send your willingness to vending machines cussing IoT security. receive STSMs proposal to me for

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 3 Hypponen says IoT is unavoid- A very interesting piece pub- Indocrypt is this year in Chennai, able. "If it uses electricity, it will be- lished in WIRED recently (https: with a paper submission deadline of come a computer. If it uses electricity, //goo.gl/cCAsuT) showing yet an- August 20th and notification on the it will be online. In future, you will other potential hacking target that 5th of October. The conference will be only buy IoT appliances, whether you no-one though of previously, wind- from 10-13 December. like it or not, whether you know it or farms. For two years researchers at not." the University of Tulsa have been He added: "Home appliance manu- pen-testing wind farms around the facturers will be adding connectivity United States and found some glar- to every device, no matter how mun- ing vulnerabilities. They will present dane, because the price of adding it some of the technical details at Black will be marginal. Those devices will Hat. After bypassing the physical se- not be going online to benefit the curity put in place (which seems to consumer, they will be going online be exceedingly easy, most are just to benefit the vendor." protected by a PIN or a lock) and The 16th IMA International Con- If this was not worrying enough, he planting a Raspberry Pi in a single ference on Cryptography and Coding affirmed "They want analytics. In 10 turbine, they managed to compro- will take place in St Catherine’s Col- or 15 years, they will add this 2-cent mise all the ones in the windfarm lege, University of Oxford from 12- chip on every toaster. Now they know and mount attacks able of stopping 14 December. The deadline for sub- where their customers are, on which then, repeatedly and suddenly trig- mission is the 14th of July. This is a side of the city, how often do they gering their brakes to damage them, prestigious and venerable conference toast, at what time of day, with what and relaying false feedback to oper- with an excellent Program Commit- kind of bread, how often there are ators to prevent the sabotage from tee. More info at https://goo.gl/ failures. We can’t avoid the IoT revo- being detected. As Prof. Staggs, the KejTXB. lution by refusing to play part." leader researcher, said "Once you "Consumer appliance vendors which have access to one of the turbines, are serious about [security] are very it’s game over." hard to find," said Hypponen, "be- Quite interesting stuff and a new cause cybersecurity is not a selling critical domain in desperate need for point for washing machines. Price security. is the most important selling point. This means we are setting ourselves up for failure." See you all back in September! Interesting thoughts that, if true, guarantee hard work for us Crypta- Best, cus people for many years to come. Julio Hernandez-Castro

Gone with the wind

Event calendar The 17th Smart Card Research and Advanced Application (CARDIS) Conference will be held in Lugano, Switzerland, from November 13th to 15th 2017. The deadline is the 21st of July.

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 4 SEPTEMBER 2017, NO 11 Cryptacus Newsletter

September 2017 Cryptacus Newsletter Welcome to the September edition of the monthly Cryptacus.eu newsletter, offering a glimpse into re- cent developments in the cryptanalysis of IoT & re- lated areas. Send more of your contributions, com- ments & feedback at [email protected]

News from the Chair looking forward to work with her. the scientific agenda of the work- by GILDAS AVOINE shop. Following the last Cryptacus event, Milena Djukanovik concate- Please, note that a call for pre- nated the abstracts received from the sentations will also be published next speakers in order to issue a booklet. week. You can already write - or It will be available on the Cryptacus invite your PhD students, Postdocs, website very soon. colleagues, etc. to write - a short pro- posal for a presentation, as done in About the website: I already told Montenegro. Dear Cryptacus Members, you that Pascal Junod (Switzerland) left Cryptacus, given he got a new Finally, as already announced be- I hope your all enjoyed your sum- position in a private company. Pascal fore the summer, the MC decided mer break. The Cryptacus’ newsletter was our website manager, and he has that the Action should issue a book is back, and I am pleased to announce been replaced by Ludovic Perret from about the cryptanalysis in ubiquitous many good news. France. I would like to kindly thank computing systems. The book should Ludovic for accepting to take care of be published before the end of the First of all, the COST Association this new role. Action, namely December 2018. A announced this summer that it has draft of call for chapters has been been granted extra budget (EUR 6.67 As you know, the next Crypta- drafted and it will soon discussed by million) from the European Commis- cus event will be in Nijmegen (The the working group leaders and vice- sion. This has mainly been used to Netherlands) on November 16th- leaders. We expect to release the fi- increase the budget of running COST 18th. A website has been created nal call for chapters to the Cryptacus Actions, including Cryptacus. by Lejla Batina and Veelasha Moon- community by the end of September. samy and it is now publicly available Another news from the COST As- : at https://cryptacus.cs.ru.nl/ As promised, many good news sociation is that Karina Marcus is the index.shtml in this letter, and many forthcom- new science officer in charge of our ing scientific activities. Have a great action, replacing Luule Mizera. It was The official invitations will be sent September! a great pleasure to work with Luule to the MC Members in the coming since February 2015. I would now days, and I will send to this mailing Gildas like to welcome Karina, and I am list, next week, more details about

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 1 Opportunities ENISA Call for IoT Experts weak crypto, serious firmware update ISO SC 27 WG2 call for contri- The European Union Agency for problems, and lots of privacy issues butions Network and Information Security steaming from a variety of undocu- We thank Orr Dunkelman for point- (ENISA) has launched a Call for Par- mented features. ing us towards a call for contributions ticipation to invite experts in security by ISO SC 27 WG2. This is the ISO of Internet of Things into its expert work group that deals with Crypto group. The creation of the ENISA IoT (it is aptly named ’Cryptography and SECurity (IoTSEC) Experts Group security mechanisms’), and the dis- aims at gathering experts in the do- cussion seems to be of relevance to mains of the entire spectrum of In- the CRYPTACUS action. The deadline ternet of Things to exchange view- for the contributions is the 15th of points and ideas on cyber security September. threats, challenges and solutions. I This request has to do with a highly recommend you to read more first move to study the possibility about the IoTSEC group at https: //resilience.enisa.europa.eu/ Hacking robots could have a num- of standardising tweakable block ci- ber of undesirable impacts, depen- phers and permutations. In this vein, iot-security-experts-group-1 and join it by filling the form at dent on the environment they are they want your views on the follow- used on. For example, the authors ing questions: https://goo.gl/tzEJkC. It will be great to have a more significant pres- mention that at home they mostly lead to privacy issues, with a minor 1. What advantages or disad- ence from Cryptacus members in a possibility of human and property vantages do tweakable block group that will likely influence Euro- damage. The compromise of robots ciphers have over conven- pean Security policies regarding IoT in use on business and industry en- tional block ciphers and crypto- for years to come. vironments lead naturally to espi- graphic permutations? Recommended reading onage, human and property damage 2. What advantages or disadvan- and to the compromise of corporate tages do cryptographic permu- and business networks. It is in a tations have over conventional healthcare or military context where block ciphers and tweakable successful attacks can be more dan- block ciphers? gerous, according to the authors, as these will lead to direct threats to hu- 3. Are there any tweakable block man lives. ciphers or cryptographic per- They highlighted that finding mutations that are worth con- robots in large networks is easer than sidering for standardization? expected, thanks to mDNS (multi- This month we will cover a paper 4. Are there any modes of opera- cast DNS) and the fact they tend to called ’Hacking Robots Before Skynet’ use only a small range of hostnames tion for tweakable block ciphers by Cesar Cerrudo (@cesarcer) who or cryptographic permutations such as nao.local or ur.local and serial is the CTO of IOActive Labs and Lu- numbers such as 011303P0017.local. that should be considered as cas Apa (@lucasapa) that is a Se- well? nior Security Consultant. Their work 5. Similar to cryptographic per- was presented at the HITB GSEC mutations and tweakable block Conference in Singapore. The or- ciphers, are there other mature ganisers have uploaded all contri- symmetric-key primitives that butions to https://gsec.hitb.org/ should be considered for stan- materials/sg2017/. dardization? The authors presented an exten- sive piece of work investigating a va- You can get more info at riety of robots, from home robots to the webpage of the committee industrial ones, and found a wor- http://isotc.iso.org/livelink/ rying number of security issues. A I was particularly interested in livelink/open/jtc1sc27wg2. non-exhaustive list of the problems their analysis of robots as dan- Please send your contributions to included insecure communications, gerous insider threats, mentioning Atul Luykx or Tomer Ashur, both at memory corruption issues, remote that they come frequently equipped KU Leuven, Who are the rapporteur code execution vulnerabilities, file with multiple microphones, HD and and co-rapporteur, respectively. integrity and authentication issues, sometimes even 3D cameras that lack of authorisation, the use of can be turned into spy cams, and

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 2 loaded with privacy-relevant algo- lesser known area that shares many Furthermore, there are a series of rithms such as in-built face recogni- characteristics with IoT. national events planned, check with tion software. This landscape make your National Contact Point for fur- the ideal targets to gain extremely Funding News ther info at this stage. valuable intelligence from inside a company and of course the bunch of Open Positions robots they examined offered little to none security protections against these attacks. They have produced an hilarious video, in which a hacked UBTech Al- pha 2 goes ’Chucky’ https://youtu. be/9A4ZQgzfl0Y that I highly recom- The European Commission will mend you. organise a number of information days in Brussels on the upcoming 2018-2020 calls for proposals in the last Work Programme of Horizon 2020 (to be published in October). These events will provide infor- Please send us any employment op- mation on the content of the calls portunity you want to publicize in and will often be combined with ded- the newsletter. icated brokerage events to support Asking for a friend when oh when there will be a more serious and A somewhat less impressive but prospective applicants with finding concerted effort from Europe to highly educational video showing partners for projects. attract talent willing to leave the SoftBank’s NAO and Pepper robot The following events are planned UK after the disastrous Brexit. Fine being used as an espionage tool in the coming months. countries such as New Zealand, Aus- can be seen at https://youtu.be/ 3-4 October 2017 - Industrial tralia, Canada, China and Ireland are DSSTUvqMB3M. • Innovation Information Days unashamedly moving in this direc- Even worse than all their findings 2017 -Registration is already tion. When will France, the Nether- (they are many more than the ref- open. lands and Germany follow? erenced here, I strongly recommend you to read their paper) was the ven- 23-25 October 2017 - Energy • dor’s response after they responsibly Challenge Information Days - disclosed they vulnerabilities found. Registration opens in Septem- Optus Cyber Chair at La Trobe Most of them reacted quite positively ber. • University in Melbourne - Aus- to the findings, and in some cases tralia. Full time, permanent po- 26-27 October 2017 - ’Cities they even promised a quick patch or sition. The Optus Cyber Chair is • of the Future 2017’ Interna- firmware update but unfortunately 3 anticipated to be a prominent tional Brokerage Event - Save months later many haven’t produced appointment of academic lead- the date. or deployed any solutions. ership at the level of profes- The researchers found manu- 8-9 November 2017 - Climate sor (Level E) and is a continu- facturers were way more focused • Societal Challenge Information ing role at La Trobe. Candidates and more ready to invest in mar- Day and Brokerage Event - Reg- must have academic experience keting than in security. The au- istration opens in September. and performance together with thors found that too many research an international profile consis- 9-10 November 2017 - ICT Pro- projects moved into production with- • tent with the expectations of out adding security, and that the very posers’ Day 2017 in Budapest - appointment as a full profes- basic human safety protections they Registration is already open. sor at La Trobe. The incum- come with can be easily and remotely 14-17 November 2017 - Food bent is expected to conduct and disabled so that robots can kill and • Security Societal Challenge 2 lead innovative and high im- hurt people, and also damage prop- Infoweek - Registration opens pact research at an interna- erty. Something needs to be done to in late September. tionally distinguished level and address these threats, and very ur- produce high quality publica- gently. 8 December 2017 (TBC) - tions resulting from that re- A very nice piece of practical re- • Health Societal Challenge In- search. More info at https:// search that brings to our attention formation Day - Save the date. goo.gl/Teo81S. Deadline is the multiple security issues in a relatively Registration opens in October. 18th September.

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 3 Professor/Chair in Cyber Se- in Cyber Security at Lancaster Mirai-based malware vaccine • curity at the Victoria Univer- University, Department of Com- could protect insecure IoT devices sity of Wellington in Welling- puting and Communications. ton, New Zealand. Another in- These are two full time and A white worm derived from the Mirai teresting position from down permanent positions at one of botnet aims to protect the most inse- under. A perfect fit for lovers of the few prestigious GCHQ ac- cure IoT devices. The idea is not to- The Lord of the Rings, The Hob- credited Centers of Excellence tally original, we discussed a similar bit, The Chronicles of Narnia in Cybersecurity Research. The concept in a past newsletter, and not and/or earthquakes and sheep. people at Lancaster are build- free of legal or ethical implications Another full time, permanent ing one of the largest and most either: to abuse the vulnerability of position. Bad jokes aside, the visible cybersecurity groups in these devices to inject a worm that University is ranked in the top the UK and this investment is patches them. Its creators argue that 2% world-wide and Welling- starting to bore fruit. The com- it is ’similar to the epidemiological ton has been rated in 2017 as mon deadline for these posi- approach that creates immunity with the World’s best city for qual- tions is the 3rd of November. a vaccine by exposing the immune ity of life. They state in the ad The Lecturer position https: system to a weakened form of the that they have a very strong //goo.gl/G2NtmG has a salary disease.’ link with Carnegie-Mellon, and range of £34,520 to £47,722 There still remain many issues: look to, in collaboration with and the Senior Lecturer posi- for example, some devices cannot be an industry partner, host a tion https://goo.gl/bRQdpu fixed because they have hard-coded CSIRT. Deadline for applica- goes from £50,618 to £56,950. passwords or back doors. Others have tions is the 19th of Septem- software or firmware vulnerabilities ber. Additional info at https: For other interesting positions that are very hard to patch because //goo.gl/JebwLx all across Europe, please check the of a lack of a software update mech- anism. Professor in the Department of recently revamped “Researchers in • Computer Science at Durham Motion” portal https://euraxess. The idea was presented and de- University - Department of ec.europa.eu/. veloped in a paper called ’AntibIoTic: Computer Science. This posi- Protecting IoT Devices Against DDoS tion in one of Britain’s finest Proposals for STSMs Attacks’. This worm also tries to no- universities is not particularly By now, you should be already tify the owner or remedy the prob- earmarked for cybersecurity, familiar with what Short Term Scien- lem on the owner’s behalf by chang- but they seem to be open to tific Missions (or STSMs, for short) ing credentials, patching software or any outstanding candidate and are, but we have a healthy budget for updating firmware if at all possible. to the best of my knowledge them within the Cryptacus project You can read a preprint in https: there is no-one working on cy- and not enough demand. //goo.gl/x1rMpF. ber at Durham and there’s ap- AntibIoTic crosses many legal and petite for these skills. The dead- Please send your willingness to ethical lines, and I am for one sur- line is on the 22nd of Septem- receive STSMs proposal to me for prised academics have proposed this ber, salary starts at £61K, and publishing here. Until I do not have approach without including a deeper there is more info at https:// any more, I’ll just publish mine. legal analysis. goo.gl/a31Tmx.

Hamilton Professorships in • Computer Science at Maynooth University. The areas of interest cover, between others, Cyber- security and Privacy. Plenty of time to decide whether to ap- ply, with a deadline on Friday 20th of October. Salary could I will be very happy to receive • be e110,060 to e139,501 p.a. anyone interested in investigat- for Professor A and e80,650 ing randomness generation and to e106,655 p.a. for the Pro- testing, particularly on IoT de- fessor B range. More info at vices. https://goo.gl/LSvKhM. More than 33,000 telnet cre- Blogs, posts and other dentials from IoT devices exposed Lecturer and Senior Lecturer good reads •

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 4 could close one or both doors, trap- Event calendar ping passengers inside. To keep pas- Eurocrypt 2018 will take place in sengers in the vehicle, a hacker could Tel Aviv, Israel, from April 29 to May command the car wash to blast wa- 3. The submission deadline is the 19 ter constantly at the vehicle, making September, with notification on the it a challenge to open its doors. If a 15 January. Orr Dunkelman is the driver attempts to escape the hacked General Chair. device while the car wash’s door is open, the hacker could command a door to open and close repeatedly to strike when passengers exit the ve- hicle. Or the attacker could hit the Financial Cryptography and Data car or passengers with a mechanical Security 2018 (FC18) is taking place, Not much to say about this: More arm within the car wash. The hack as usual, in an exotic location. This than 33,000 telnet passwords of dif- was relatively simple, bypassing the time in Nieuwpoort in Curacao, from ferent IoT devices were exposed pub- authentication mechanism and en- February 26 to March 2. The submis- licly on pastebin for all to see and abling them to manipulate a variety sion deadline is the 15 September, download before the admins deleted of functions. and the good news will arrive on the them. Right now they will form part At the core of the hack is the fact 17 November. of the arsenal of all your future at- that the entire platform for the wash- tackers, so please get them and test ing machine operates Windows CE, none of your devices is open to these which Microsoft killed off in 2013. credentials, and that none of your IPs Sadly, manufacturers are still build- is listed. ing futuristic devices like an Internet- connected car washing machine on Death in the Car Wash top of a dead platform. While not all of the car wash mod- els are connected to the Internet, at least 150 are according to the Shodan The 2018 edition of the new kid search engine which catalogs IoT de- on the block, a.k.a. Real World Crypto vices connected to the public-facing will take place in Zurich, Switzer- Internet. Who would have thought land, from January 10-12, 2018. The five years ago that car washes could submission deadline is 5 October, be Internet connected, or that the with a quick notification on the 4 De- simple act of going to a car wash cember. At Black Hat 2017, one of the could possibly be life-threatening? most interesting hacks was that of You can read the rest of the article a car wash, surprisingly with life- at https://goo.gl/S35y1o. threatening consequences for passen- gers. ”We’ve written an exploit to cause a car wash system to physi- cally attack; it will strike anyone in the car wash” one of the authors said. ”We think this is the first exploit that causes a connected device to attack See you all back in October! someone." They showed how a LaserWash Best, car wash system, from manufacturer Julio Hernandez-Castro PDQ, could be breached. An attacker

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 5 OCTOBER 2017, NO 12 Cryptacus Newsletter

October 2017 Cryptacus Newsletter Welcome to the October edition of the monthly Cryptacus.eu newsletter, offering a glimpse into re- cent developments in the cryptanalysis of IoT & re- lated areas. Send more of your contributions, com- ments & feedback at [email protected]

News from the Chair Lejla Batina. Opportunities by GILDAS AVOINE ENISA Call for IoT Experts Another important point I would like to speak about in this newsletter The European Union Agency for is a specific budget to allow mem- Network and Information Security bers of Inclusiveness Target Coun- (ENISA) has launched a Call for Par- tries (ITC) to attend conferences if ticipation to invite experts in security they give a talk or present a poster. of Internet of Things into its expert group. This is a new tool provided by Dear Cryptacus Members, COST, and a significant budget for it has been allocated by the COST Of- The creation of the ENISA IoT SE- Curity (IoTSEC) Experts Group aims The program of our Cryptacus’ fice. at gathering experts in the domains workshop in Nijmegen (Nov. 16th- The requirements to get the grant of the entire spectrum of Internet of 18th, 2017) is currently under prepa- are: (i) the application must be sub- Things to exchange viewpoints and ration. You still have time to submit a mitted at least 45 days before the ideas on cyber security threats, chal- short abstract to give a presentation, conference start date, (ii) the appli- lenges and solutions. until October 15th, 2017. cant must be engaged in an official research programme as a PhD Stu- If you are interested in giving dent or postdoctoral fellow (iii) the I highly recommend you to read a talk, please submit a short ab- applicant must give a talk or present more about the IoTSEC group at stract, according to the instruc- a poster during the conference. https://goo.gl/uS1o4S and/or tions provided on the web page As for STSMs, the application pro- join it by filling the form at https: https://cryptacus.cs.ru.nl/ cedure is lightweight and processed //goo.gl/tzEJkC. submission.shtml through the e-cost online appli- cation. Do not hesitate to apply! It will be great to have a more sig- Speakers will be reimbursed even The guide for applicants is avail- nificant presence of Cryptacus mem- if they are not MC Members. Note able at http://www.cost.eu/ITC_ bers in a group that will likely in- also that a demo session about hard- conferencegrants_userguide. fluence European Security policies ware and software tools will be or- Best regards, regarding IoT for years to come. ganized. If you are interested in pre- senting such a tool, please contact Gildas Avoine The first meeting is taking place

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 1 in the Europol Headquarters in the All in all, an awesome and very Hague later this month. informative piece of work.

Recommended reading Funding News

There is a second video, in which an otherwise unremarkable camera is leaking a password and an access pin that could be aimed at facilitating anybody to break and enter the build- The European Commission has ing without triggering any alarms. pre-published the draft 2018-2020 work programme part for the Marie Sklodowska-Curie Actions (MSCA). You can find it here https:// goo.gl/ngkbES. It contains many changes, mostly improvements in my This month we will cover a great opinion, over the past rules for Marie paper titled ’aIR-Jumper: Covert Air- Curie Actions. Gap Exfiltration/Infiltration via Se- curity Cameras & Infrared (IR)’ that The European Commission has you can find at https://arxiv.org/ pre-published the draft 2018-2020 abs/1709.05742. work programme part for Societal Challenge 6 - "Europe in a changing Its authors are Mordechai Guri, The researchers in addition dis- world - Inclusive, innovative and re- Dima Bykhovsky, Yuval Elovici, from cuss interesting technical details, flective societies”. You can access it the Ben-Gurion University of the such as the maximum distance at at https://goo.gl/jk91TS. Negev and the Shamoon College of which reliable communication is pos- Engineering in Israel. sible and the maximum bit rate. The European Commission re- cently published its tenth progress Of course, this depends of the report ’Towards an effective and gen- It deals with two of my favourite particular camera used, but rates of uine Security Union’, which discusses topics: data exfiltration and IoT se- around 15bits/s for exfiltrating data progress over the last years and curity. In this case, they propose to and 120bits/s for infiltrating seems planned actions to improve security, bypass air gapped systems by infect- achievable, together with effective including systematic checks and a re- ing infrared cameras and prove it is distances that, in the case of direct vamping of the EU entry/exit system, possible to both send and receive in- line of sight between the devices can the establishment of an ’European formation to/from them without any be from ten to hundreds of meters Travel Information and Authorisation human noticing because, of course, for exfiltration to up to kilometers for System (ETIAS)’, reinforce Europol, infrared light is invisible to humans. infiltration. approving a new directive on combat- ing terrorism and firearms traffick- They added a couple of videos The method can also work when ing, as well as explosives-precursors showing their ideas and associated no direct line of sight exists, and the to combat home-made explosives, tools. This one https://goo.gl/ signals are reflected, which makes etc. It’s a good read, that you can nPP1pq is particularly impressive, the attack even more threatening. access at https://goo.gl/Heb5de. with a car in a car park far away from the targeted building, and in Finally, the authors propose a se- The European Commission, and the upper limit of the infected cam- ries of countermeasures, which are in particular the DG for Research & era vision, transmitting data (com- not popular nowadays, not trivial to Innovation has launched a prize on mands) in an operation which not implement nor cheap, so probably online security as part of H2020 In- even security personnel surrounding this threat will be with us for some dustrial Leadership pillar. This Hori- the building would be able to notice. time. zon prize aims to significantly im- prove citizen’s overall experience

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 2 on online authentication, looking the UK and this investment is Blogs, posts and other for a solution enabling citizens to starting to bore fruit. The com- good reads seamless authenticate across a wide mon deadline for these posi- range of applications and devices. tions is the 3rd of November. The ultimate objective is to foster the The Lecturer position https: widespread adoption of services and //goo.gl/G2NtmG has a salary products provided within the Digi- range of £34,520 to £47,722 tal Single Market of the European and the Senior Lecturer posi- Union. The call is a single stage and tion https://goo.gl/bRQdpu has an estimated budget of 4 Mil- goes from £50,618 to £56,950. lion EUR. The deadline for the sub- mission of proposals is 27 Septem- Lecturer or Senior Lecturer at ber 2018. You can get more info at • the University of Cambridge - https://goo.gl/JWr1h9. NSA botched attempt at star- Department of Computer Sci- dardisation in the news ence and Technology. This is Open Positions It is not frequent that cryptogra- a full time and permanent po- phy gets in the news. This piece sitions located at Aston. The by news agency Reuters https: deadline is the 10th January //goo.gl/nwhsiV was later repro- 2018. The Lecturer position duced in many other media, much https://goo.gl/zDhzhk has to the chagrin of the NSA team that a salary range of £53,691 to is attempting to make Simon and £56,950. Interviews will be Speck into ISO standards. Our own held on 19-20th March 2018. Orr Dunkelman had a memorable contribution to the piece, and was quoted saying ”I don’t trust the de- For other interesting positions signers. There are quite a lot of peo- all across Europe, please check the Please send us any employment op- ple in NSA who think their job is to recently revamped “Researchers in portunity you want to publicize in subvert standards. My job is to se- Motion” portal https://euraxess. the newsletter. cure standards.” This is not a won ec.europa.eu/. battle yet, and if you want to know how you can contribute to stop this Hamilton Professorships in Proposals for STSMs from happening, please contact your • Computer Science at Maynooth By now, you should be already country representatives on the ISO University. The areas of interest familiar with what Short Term Scien- Committee and let them know. cover, between others, Cyber- tific Missions (or STSMs, for short) security and Privacy. Plenty of are, but we have a healthy budget for time to decide whether to ap- them within the Cryptacus project ply, with a deadline on Friday and not enough demand. 20th of October. Salary could be e110,060 to e139,501 p.a. Please send your willingness to for Professor A and e80,650 receive STSMs proposal to me for to e106,655 p.a. for the Pro- publishing here. Until I do not have fessor B range. More info at any more, I’ll just publish mine. https://goo.gl/LSvKhM.

Lecturer and Senior Lecturer • in Cyber Security at Lancaster University, Department of Com- puting and Communications. Pray for every minute this is These are two full time and just a comic situation and not a permanent positions at one of reality, for it will be. the few prestigious GCHQ ac- credited Centers of Excellence I will be very happy to receive Or, as a more rational alternative in Cybersecurity Research. The • anyone interested in investigat- to prayer, which by the way doesn’t people at Lancaster are build- ing randomness generation and work as Sir Francis Galton showed ing one of the largest and most testing, particularly on IoT de- 145 years ago in his ’Statistical In- visible cybersecurity groups in vices. quiries into the Efficacy of Prayer’

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 3 https://goo.gl/wwLpXr, let’s fo- cus on this threat and work to fight against it, right now.

The creepiest webcam: Hola Senorita!

Not a great deal of technical nov- elty, but loads of nightmarish possi- The 23rd Australasian Conference bilities in this piece of news: A lady Event calendar on Information Security and Privacy in the Netherlands bought a camera (ACISP 2018) will be held in Wollon- to check on her dog while away, and Eurocrypt 2018 will take place in gong, Australia on July 11-13, 2018. after two months it started to behave Tel Aviv, Israel, from April 29 to May It will be organized by the Univer- strangely (the camera). 3. The notification on the 15 January. sity of Wollongong. The submission Orr Dunkelman is the General Chair. deadline is the 25 February 2018 at At the beginning it followed her 11:59pm AEST and the notification movements across the apartment will be on the 8th April. (the camera, this is normal for a dog) which should have been more Financial Cryptography and Data than enough to throw it (the cam- Security 2018 (FC18) is taking place, era, not the dog) over the window, as usual, in an exotic location. This but it was not until it (the camera) time in Nieuwpoort in Curacao, from started producing strange noises that February 26 to March 2. The notifica- she worried. tion will arrive on the 17 November.

Things went even worse when it (the camera) started speaking to her in a variety of languages (but The 3rd International Workshop mostly French) and asked her to on Boolean Functions and their Ap- engage in sexual activities of the plications (BFA) is organized by the type described in Chapter IX of the Selmer Center of the University of Kama Sutra. Probably has happened Bergen. hundreds of times, but this time she The 2018 edition of the new kid captured the whole scene on video on the block, a.k.a. Real World Crypto https://goo.gl/VBVfrw. will take place in Zurich, Switzer- It will take place at the Alexan- land, from January 10-12, 2018. The dra Hotel, Loen, in Norway during submission deadline was 5 October, June 17-22, 2018. The deadline for It is curious how she shouts at with a quick notification on Decem- submission is April 1st, 2018 (no kid- the hacker multiples times to ’Get ber the 4th. ding) and the notification will be one the f*** out’ as if that were a tech- week later, on April 7th. nique with any possibility of working. I hope she has taken more drastic measures against it (the camera) by now.

The 10th International Confer- ence on Cryptology, AFRICACRYPT See you all back in November! 2018 will take place in Marrakesh, Morocco from the 7-9 May. The sub- Best, mission deadline is on January 7 and Julio Hernandez-Castro the notification on February 20th.

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 4 NOVEMBER 2017, NO 13 Cryptacus Newsletter

November 2017 Cryptacus Newsletter Welcome to the November edition of the monthly Cryptacus.eu newsletter, offering a glimpse into re- cent developments in the cryptanalysis of IoT & re- lated areas. Send more of your contributions, com- ments & feedback at [email protected]

News from the Chair small scientific and informal meet- for a couple of volunteers to partici- ings/brainstormings (in parallel) pate to the selection committee. by GILDAS AVOINE about any topic you are interested Last but not least, if not already in. done, please register to our Ni- Please, think about topics you would jmegen’s workshop at crypta- like to work on with other people. We cus.cs.ru.nl/registration.shtml in or- will install a white board such that der to make the life of the organizers everyone will be able to suggest top- easier. Many thanks. ics and people will be able to register to any topic. See you there! We will also allow you to present Dear Cryptacus Members, your topic(s) during a couple of min- Gildas Avoine utes on Wednesday. You can so pre- Next week, we will meet in Ni- pare 1 or 2 slides. This activity will jmegen, the Netherlands, for our be fruitful only if we are proactive in Opportunities biannual event. suggesting topics. Private lounges are The scientific program is now avail- also possible if you want to pursue ENISA Call for IoT Experts able on the web site at https: an ongoing collaboration. //cryptacus.cs.ru.nl/. Lejla Batina, Veelasha Moonsamy, During our event in Nijmegen, and Irma Haerkens, the local orga- we will also take time to discuss nizers, did a great job to prepare this about the book we plan to write on event. the cryptanalysis in ubiquitous com- We will have 29 talks, including an puting systems. The call for chap- introduction by our COST Science ters, prepared with the collabora- Officer, Karina Marcus, and 4 invited tion of the working group leaders, is talks by Clémentine Maurice, Johann now online on Cryptacus’ website at: I had the opportunity to attend Heyszl, Francesco Regazzoni, and www.cryptacus.eu the ENISA/Europol IoT Security Con- Léo Perrin. Julio Hernandez-Castro will organize ference and expert meeting group in It is worth noting that Thurs- a session on Thursday afternoon for the Hague in October 18-20 at Eu- day afternoon will be devoted to members who are interested in sub- ropol Headquarters. It was a very collaborations. We will organize mitting a chapter. We will also look lively event, with lots of interesting

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 1 presentations by some of the major and other secure hardware chips Funding News actors and vendors in the discipline. manufactured by Infineon. At the expert meeting there was a The attacker can compute the pri- notable lack of representatives from vate part of an RSA key with sig- academia, which in my view is very nificant less effort than the theo- problematic. The group discussed a retical/expected one making the at- draft tentatively titled ’Baseline Secu- tack feasible for commonly used key rity Measures for IoT’ that is expected lengths, such as 512 bits but also to be published and made publicly for 1024 and in some cases 2048 available before the end of the year. bits. For example, for some 512 bit We will report on it in future newslet- keys just 2 CPU hours at a cost of ters. $0.06 will suffice, or 97 CPU days The European Commission has (costing $40-$80) for some 1024 bit pre-published the draft 2018-2020 RSA keys. The authors provided a se- work programme part for the Marie ries of tools to verify online whether Sklodowska-Curie Actions (MSCA). keys in use where affected. Major You can find it here https:// vendors including Microsoft, Google, goo.gl/ngkbES. It contains many HP, Lenovo, Fujitsu etc. have released changes, mostly improvements in my software updates and guidelines for opinion, over the past rules for Marie mitigation. In the meantime, please seriously Curie Actions. The authors stated that the cur- consider to at least try to join the rently confirmed number of vulnera- group, as there will be more meet- The European Commission has ble keys found is about 760,000 and ings in the near future and more pre-published the draft 2018-2020 the vulnerable chips are pervasive joint work on standardisation and work programme part for Societal and not necessarily sold directly by IoT security that may have a pro- Challenge 6 - "Europe in a changing Infineon, as the chips can be embed- found effect on the security of Eu- world - Inclusive, innovative and re- ded inside devices by other manufac- rope. Read more about the IoTSEC flective societies”. You can access it turers. group at https://goo.gl/uS1o4S at https://goo.gl/jk91TS. Estonia abruptly canceled roughly and join it by filling the form at half its national ID cards used for https://goo.gl/tzEJkC. The European Commission re- voting, filing taxes, and encrypting cently published its tenth progress sensitive documents as a direct re- Recommended reading report ’Towards an effective and gen- sult of the discovery. These results are uine Security Union’, which discusses particularly relevant for IoT aficiona- progress over the last years and dos, and affected electronic iden- planned actions to improve security, tity documents across Europe, includ- including systematic checks and a re- ing ePassports, eDriving licenses, na- vamping of the EU entry/exit system, tional ID cards, etc. Problems have the establishment of an ’European been reported with some of the ID Travel Information and Authorisation documents in Estonia and Slovakia System (ETIAS)’, reinforce Europol, but rumors abound that other coun- approving a new directive on combat- In a month with no shortage of tries might be affected too. You can ing terrorism and firearms traffick- new vulnerabilities, I have to confess read more about this issue at https: ing, as well as explosives-precursors that on a personal level my favorite //goo.gl/RMYU6L. to combat home-made explosives, one is the ROCA Attack. etc. It’s a good read, that you can The associated paper title is ’The access at https://goo.gl/Heb5de. Return of Coppersmith’s Attack: Prac- tical Factorization of Widely Used The European Commission, and RSA Moduli’. This work by Matus Ne- in particular the DG for Research & mec, Marek Sys, Petr Svenda, Du- Innovation has launched a prize on san Klinec and Vashek Matyas was online security as part of H2020 In- accepted and presented a ACM CCS All in all, an awesome piece of dustrial Leadership pillar. This Hori- 2017, in Dallas, and describes a se- work that will probably continue to zon prize aims to significantly im- rious vulnerability in generation of be relevant for years to come, as sim- prove citizen’s overall experience RSA keys as implemented in a soft- ilar vulnerabilities will most likely on online authentication, looking ware library widely adopted in cryp- crop up in other products. for a solution enabling citizens to tographic smartcards, security tokens seamless authenticate across a wide

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 2 range of applications and devices. the Assistant Professor (tenure- Proposals for STSMs The ultimate objective is to foster the track) and Associate Professor By now, you should be already widespread adoption of services and level. This is part of an am- familiar with what Short Term Scien- products provided within the Digi- bitious expansion program, so tific Missions (or STSMs, for short) tal Single Market of the European there will probably be more job are, but we have a healthy budget for Union. The call is a single stage and opportunities in the future. them within the Cryptacus project has an estimated budget of 4 Mil- Applicants within all areas and not enough demand. lion EUR. The deadline for the sub- of computer science are wel- mission of proposals is 27 Septem- come, but they are strong on Please send your willingness to ber 2018. You can get more info at crypto and computer secu- receive STSMs proposal to me for https://goo.gl/JWr1h9 . rity and candidates in these publishing here. Until I do not have areas will likely be particu- any more, I’ll just publish mine. Open Positions larly welcomed. The deadline for applications is the 5th of January, 2018. More informa- tion at http://www.au.dk/en/ about/vacant-positions/ scientific-positions/ stillinger/Vacancy/show/ 934877/5283/ I will be very happy to receive • anyone interested in investigat- ing randomness generation and Please send us any employment op- testing, particularly on IoT de- portunity you want to publicize in vices. the newsletter. Blogs, posts and other good reads What in the UK is called ’the Lecturer or Senior Lecturer at • other UCL’, that is, Univer- • the University of Cambridge - site catholique de Louvain, is Department of Computer Sci- searching for a full-time pro- ence and Technology. This is fessor in Software Security. If a full time and permanent po- you are interested in this per- sitions located at Aston. The manent position, you have to deadline is the 10th January hurry up because the deadline 2018. The Lecturer position for submitting applications in https://goo.gl/zDhzhk has the 15th of November. You can a salary range of £53,691 to New and potentially more dan- get more information and even £56,950. Interviews will be gerous IoT botnet start your application at https: held on 19-20th March 2018. News of a new botnet, more sophis- //goo.gl/nMwzAY. ticated than the infamous Mirai, are making the rounds. The new mal- ware goes by the name of Reaper, and is way more powerful than the already quite damaging Mirai which limited itself to try a list of frequent usernames and passwords and pri- marily victimised IP cameras and routers. Reaper, on the other hand, is capable of exploiting known vul- nerbilities in the targets it encoun- For other interesting positions all ters,hacking its way in with an array across Europe, please check the re- of tools and spreading itself further. cently revamped “Researchers in Mo- If Mirai was capable of causing such tion” portal https://euraxess.ec. havoc by imply abusing default cre- Aarhus University, in Denmark europa.eu/. dentials, researchers fear what can • is also offering positions at happen with Reaper and its bag of

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 3 nine exploits targeting products from 3. The notification is on the 15 Jan- The 3rd International Workshop D-Link, Netgear, Linksys, Vacron, uary. Orr Dunkelman is the General on Boolean Functions and their Ap- GoAhead, and AVTech. While many Chair. plications (BFA) is organized by the of the targeted products have patches Selmer Center of the University of available, unfortunately a significant Bergen. number of users are not commonly applying those. This is another pal- It will take place at the Alexan- pable example of the need for better Financial Cryptography and Data dra Hotel, Loen, in Norway during solutions regarding updating policies Security 2018 (FC18) is taking place, June 17-22, 2018. The deadline for in the IoT ecosystem, as Reaper is for as usual, in an exotic location. This submission is April 1st, 2018 (no kid- sure not the last malware taking ad- time in Nieuwpoort in Curacao, from ding) and the notification will be one vantage of the current limitations in February 26 to March 2. The notifica- week later, on April 7th. this area. Some researchers estimate tion will arrive on the 17 November. Mirai controlled, at its peak, 2.5m devices and the latest estimates for Reaper are around 10 million. Even more worryingly, CheckPoint has no- ticed worm capabilites in Reaper, as infected devices contribute to spread the threat to new targets. Although This workshop occurs immedi- not DDoS activity has been noticed at ately after a related one called the time of this writing, it seems its The 10th International Confer- WAIFI (International Workshop on authors are still adding machines to ence on Cryptology, AFRICACRYPT the Arithmetic of Finite Fields 2018) the botnet and that any attack target 2018, will take place in Marrakesh, in Bergen, which is on June 14-16, will really have a bad time defend- Morocco on 7-9 May. The submission with a deadline on April 1st, and ac- ing itself from For more info, check deadline is on January 7, and the no- ceptance notification on May 11th, https://goo.gl/eDYKWq or the very tification on February 20th. 2018. More info at http://waifi. interesting study by CheckPoint at org. https://goo.gl/qRPvfx or, alter- natively, an in-depth analysis by F- Secure at https://goo.gl/XjWt2g.

The 23rd Australasian Conference The 18th Central European Con- on Information Security and Privacy ference on Cryptology will take place (ACISP 2018) will be held in Wollon- from June 6 to 8, 2018 in Smolenice, gong, Australia on July 11-13, 2018. Slovakia. The venue will be the It will be organized by the Univer- Smolenice Castle. Submission dead- sity of Wollongong. The submission line is March 31st and notification is deadline is the 25 February 2018 at on Apr 30th. 11:59pm AEST and the notification will be on the 8th April.

See you all back in December!

Event calendar Best, Eurocrypt 2018 will take place in Julio Hernandez-Castro Tel Aviv, Israel, from April 29 to May

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 4 DECEMBER 2017, NO 14 Cryptacus Newsletter

December 2017 Cryptacus Newsletter Welcome to the December edition of the monthly Cryptacus.eu newsletter, offering a glimpse into re- cent developments in the cryptanalysis of IoT & re- lated areas. Send more of your contributions, com- ments & feedback at [email protected]

News from the Chair end of the year. You still have time to apply for by GILDAS AVOINE In the meanwhile, we will an STSM or an Inclusiveness Target progress on the book that we plan Countries (ITC) Conference Grant. to publish on the cryptanalysis in ubiquitous computing systems. In a few words, this tool allows PhD Students and Early Career Inves- We indeed recently announced tigators from ITCs to attend confer- the call for chapters (available at: ences, if they give a talk (or present www.cryptacus.eu), which you can a poster). distribute to colleagues involved in Dear Cryptacus Members, our research field. Best regards,

I would like to start this newslet- You should also have received a Gildas Avoine ter by thanking Lejla Batina, Veelasha few days ago my email containing the Moonsamy, and Irma Haerkens for minutes of the book-related working the organization of our workshop in session we organized in Nijmegen. Recommended reading Nijmegen last month. Again, if you know that you will It was a very successful workshop, submit a proposal, please send us a and greatly organized. mail of intent without waiting for the deadline, so we will be able to early The slides of the presentations detect gaps in the covered topics. will be available on the Cryptacus’ website soon. Please, use the address crypta- [email protected] to contact Julio The next event will be at São and myself about matters regarding Miguel Island, in the Portuguese the book. archipelago of the Azores, in April. Finally, I would like to remind you This month we are going to focus Precise venue, dates, and pro- that the current grant period will end on a paper by Jeroen Delvaux, from gram will be communicated by the on April 30th, 2018. KU Leuven, that presents a string of

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 1 attacks against popular PUF-based The original paper can be ac- Artificial intelligence, block authentication schemes. cessed at https://eprint.iacr. • chain technology and bitcoin org/2017/1134.pdf Dematerialised borders The work is titled "Attacks on • Three PUF-Based Authentication Pro- Funding News The recommendations from the tocols: PolyPUF, RPUF and PUF-FSM". audience were: Ensure that the defence re- The author presents efficient im- • search programme and activi- personation attacks based on the use ties of the European Defence of machine learning that exploit the Agency do not undermine each poor diffusion and confusion proper- other. ties of many PUF-based protocols. Improve dissemination and ex- • In fact, this work is a continuation ploitation; make better use of of the author’s recent PhD Thesis, end-user networks; allow for A recent workshop on the future where he analyzed the security of 21 greater flexibility to face urgent of security research in Europe, organ- PUF-based authentication protocols end-users’ needs ised by the German Federal Ministry and found numerous issues to the of Education and Research (BMBF), Standardise and harmonise to extent that only 6 proposals survived • highlighted a number of priority poli- overcome market fragmenta- this cryptanalysis effort. cies, and stressed that security and tion defence research is still a priority It is particularly relevant that the Combine digital and physical area in Framework Programme 9 • 3 protocols broken in this work have security research (FP9). been designed to be resistant to ma- Security has both technological chine learning attacks by using some • The participants agreed that a and societal challenges, cover obfuscation logic, admittedly not coordinated approach is needed in them all in future calls very strong because it ought to be response to recent security events lightweight. Ensure that key agencies are across Europe and that, while de- • engaged - Interpol, Europol, fence and civil security research ac- That makes feasible that, by using border agencies, police force, tivities have different objectives and fire and rescue services, etc. a relatively low number of challenge- stakeholders, the required solutions response pairs, one can establish a will often be very similar if not the The Commission is planning to relatively accurate model of the PUF same. hold a public hearing in December and predict its response to unseen 2017 before the adoption of the Mul- challenges employing artificial neural It seemed clear that civil security tiannual Financial Framework (MFF) networks or support vector machines, research and defence research should in May 2018. The Commission’s pro- to mention just a couple of machine continue to be funded from separate posal for the ninth framework pro- learning approaches that generally pots and not be merged into a single gramme is to be published in early produce good results. strand. Also, there was apparent the summer 2018. need to better engage with industry I particularly like the author’s and to promote, disseminate and ex- MSCA: 2018 RISE Call Open analysis presented in the Aftermath ploit the results in Europe. section, where he discusses the un- On the 23 November, the Euro- derlying reasons for the vulnerabili- The participants at the workshop pean Commission opened the call for ties found, and makes suggestions to made a number of recommendations proposals for the Marie Sklodowska- avoid similar attacks that everybody for FP9, and stressed the importance Curie Actions (MSCA) European Re- working in this area should consider of covering, in the security calls of the search and Innovation Staff Ex- and implement in future proposals. following two years, the topics be- change (RISE). low: The deadline is 21 March 2018. A very interesting work by a very The available budget is 80 million, promising early career researcher Consider elections as critical in- and the call-related documents, in- • that casts a serious doubt on the secu- frastructure, and protect them cluding the guide for applicants, and rity of many of the existing, including accordingly the link to the online submission are some very recent, PUF-based authen- available on the Participant Portal. Fight against fake news tication protocols. A must-read for • Many national contact points are anybody working in the field. Fight against the fragmentation holding events for organisations in- • of societies terested in applying to the call in

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 2 early January. Contact the one in and closely related areas, in- held on 19-20th March 2018. your country for further details. cluding positions that are open to recruit at the Reader, Se- Open Positions nior Lecturer or Lecturer level. The earliest closing date for these positions is 5th January 2018. More information at https://www.sheffield.ac. uk/dcs/jobs/index

For other interesting positions all across Europe, please check the re- cently revamped “Researchers in Mo- Please send us any employment op- tion” portal https://euraxess.ec. portunity you want to publicize in europa.eu/. the newsletter. Aarhus University, in Denmark • is also offering positions at the Assistant Professor (tenure- track) and Associate Professor If you want to join the excel- Proposals for STSMs • lent team at Birmingham Uni- level. This is part of an am- versity, with such strong re- bitious expansion program, so By now, you should be already searchers as Flavio Garcia and there will probably be more job familiar with what Short Term Scien- David Oswald, there is an in- opportunities in the future. tific Missions (or STSMs, for short) teresting opening right now for Applicants within all areas are, but we have a healthy budget for a Research Fellow in Cyber Se- of computer science are wel- them within the Cryptacus project curity, with a Hardware fo- come, but they are strong on and not enough demand. cus. The deadline for applica- crypto and computer secu- tions is January 3rd, 2018 and rity and candidates in these Please send your willingness to the contract is for 48 months, areas will likely be particu- receive STSMs proposal to me for in the context of the EPSRC larly welcomed. The deadline publishing here. Until I do not have project ’User-controlled hard- for applications is the 5th of any more, I’ll just publish mine. ware security anchors: evalua- January, 2018. More informa- tion and designs’. In addition tion at http://www.au.dk/en/ to a relevant PhD, applicants about/vacant-positions/ should have expertise in one or scientific-positions/ more of the following: crypto- stillinger/Vacancy/show/ graphic protocols; side-channel 934877/5283/ and fault attacks; implemen- tation of cryptographic proto- cols using hardware features. More information on this highly I will be very happy to receive • recommended opportunity at anyone interested in investigat- https://goo.gl/vzQWJA. ing randomness generation and testing, particularly on IoT de- vices. Lecturer or Senior Lecturer at • the University of Cambridge - Blogs, posts and other Department of Computer Sci- good reads ence and Technology. This is a full time and permanent po- Sheffield is another prestigious sitions located at Aston. The • UK university avidly recruit- deadline is the 10th January ing in Cyber Security, trying 2018. The Lecturer position to create a top group in the https://goo.gl/zDhzhk has near future. They are offering a salary range of £53,691 to 6 positions in cyber security £56,950. Interviews will be

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 3 IOTA the white paper, at https://iota. The 3rd International Workshop org/IOTA_Whitepaper.pdf. on Boolean Functions and their Ap- At the end of a very good year plications (BFA) is organized by the for crypto currencies, where bitcoin Selmer Center of the University of has had a prominent presence even Bergen. in generalist media and many early players have multiplied their invest- It will take place at the Alexan- ments ten-fold or more, there is a dra Hotel, Loen, in Norway during curious project that has attracted June 17-22, 2018. The deadline for massive support in the community submission is April 1st, 2018 (no kid- and is IoT related, hence my cover- ding) and the notification will be one age here. week later, on April 7th.

For full disclosure, I have to say I Event calendar have not invested in this project and, The 17th Annual Workshop on to be perfectly frank, I don’t have the Economics of Information Secu- it in very high regard. So my opin- rity (WEIS) will take place next year ions below could be wrong but are at in Innsbruck, Austria. The submission least not aimed to make a quick buck. deadline is February 18, with a noti- fication of acceptance by March 31. Rainer Böhme is the conference chair. This workshop occurs immedi- ately after a related one called WAIFI (International Workshop on the Arithmetic of Finite Fields 2018) in Bergen, which is on June 14-16, with a deadline on April 1st, and ac- ceptance notification on May 11th, The 10th International Confer- 2018. More info at http://waifi. ence on Cryptology, AFRICACRYPT org. There are possibly two reasons 2018, will take place in Marrakesh, for this surprising success, one is Morocco on 7-9 May. The submission that IOTA is not based on a classi- deadline is on January 7, and the no- cal blockchain but on an alternaive tification on February 20th. structure called ’The Tangle’. Iota is created to be as lightweight as possi- ble, for connected IoT devices to be able to automatically pay minuscule amounts to one another (micropay- st ments) in a frictionless manner with- The 21 Information Security out having to compromise on prod- Conference (ISC 2018), will take uct design by introducing additional place in London (Guildford), from The 23rd Australasian Conference hardware. September 9 to September 12, 2018. on Information Security and Privacy The tangle is an Directed Acyclic The submission deadline is 16 April, (ACISP 2018) will be held in Wollon- Graph (DAG) linking devices with with notification on the 18 June. The gong, Australia on July 11-13, 2018. each other, that solves some of the General Chair will be Steve Schnei- It will be organized by the Univer- perceived issues with blockchains, in der. sity of Wollongong. The submission particular the centralization of con- deadline is the 25 February 2018 at trol, inability to conduct micropay- 11:59pm AEST and the notification ments and their scalability limits. will be on the 8th April. All that is good, but what really changed the appreciation towards this project, and increased its value as a cryptocurrency, was the recent See you all back in January! announcement that Microsoft, Sam- sung and Volkswagen will launch a Best, secure data marketplace based on Julio Hernandez-Castro the IOTA technology. For more info, check https://goo.gl/BaCcXx or

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 4 JANUARY 2018, NO 15 Cryptacus Newsletter

January 2018 Cryptacus Newsletter Welcome to the January 2018 edition of the monthly Cryptacus.eu newsletter, offering a glimpse into recent developments in the cryptanalysis of IoT & related areas. Send your contributions, com- ments & feedback at [email protected]

News from the Chair tocols (co-organization by COST Ac- available for trainees (e.g. PhD stu- by GILDAS AVOINE tion CRYPTACUS & ERC POPSTAR). dents, ECIs, etc.).

The workshop is free and open to More information is available on every one. Both theory and practice the websites of the respective events: of distance-bounding protocols will be considered. - Workshop on Distance Bound- ing Protocols (co-organization Several great speakers already CRYPTACUS & ERC POPSTAR): accepted the invitation, including http://surrey.ac.uk/futureDB. Please Dear Cryptacus Members, S. Capkun (ETHZ, Switzerland), G. contact Gildas ([email protected]), Hancke (University of Hong Kong), Ioana ([email protected]), Let me first of all wish you a and M. Kuhn (University of Cam- Stephanie ([email protected]), happy new year 2018! bridge, UK), just to name a few. or Cristina ([email protected])

The year 2018 will actually be *** Monday 16th: Working ses- - Training School (also in- important for Cryptacus, with two sion on the CRYPTACUS’ book. This formation on Book session and major events, in April and Septem- session is free, open to everyone MC Meeting): https://goo.gl/ ber, respectively. although mostly dedicated to peo- w52ThM. Contact Ricardo Chaves ple who submitted a chapter to the ([email protected]) Also, we are on the home stretch CRYPTACUS’ book (if you plan to now, given that Cryptacus will finish submit, but not done yet, let me Finally, I would like to remind in December 2018. know asap). Please, check the Crypta- you that the current grant period will cus website if you are not aware of finish on April 30th, 2018. In the meanwhile, let’s meet in the call for chapters. Sao Miguel island, Azores (Portugal) in April, where several Cryptacus’ *** Tuesday 17th: MC Meeting You still have time to apply for events are colocated. This is a brief (8:30–10:00 am). For MC Members an STSM but you should send your schedule: only. request very soon.

*** Saturday 14th / Sunday 15th: *** From Monday 16th to Friday Best regards, Workshop on Distance Bounding Pro- 20th: Training School. Grants are Gildas Avoine

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 1 Recommended reading: above, that includes the very rele- Funding News On the dangers of specu- vant disclosure process and some SMI2G lation other interesting queries.

Meltdown and Spectre are cer- tainly the vulnerabilities of the year so far, and can easily become those of the decade.

They have been widely reported I was lucky enough to attend the on the media. Real World Crypto in Zurich, Switzer- land on January 10-12, 2018. They exploit critical vulnerabili- ties in modern processors, allowing This highly recommended event malicious programs to steal data that The Security Mission Information took place in an amazing venue, the should be beyond their reach. & Innovation Group (SMI2G) is or- Volkshaus Zurich, which is normally ganising a two-day event in Brussels a concert venue. This allows to get hold of secrets to exchange information on the 2018 stored in the memory of other run- Secure Societies calls and to stimu- RWC2018 has been, by far, the ning programs including passwords late networking for the creation of largest event ever organised by the stored in a password manager or potential ideas and consortia. IACR, with more than 600 partici- browser, photos, emails, or business- pants despite having a very average critical documents. This will take place on the 1st and 36 presentation slots. 2nd of February 2018 at the Central It is particularly damaging that Auditorium (Pierre Lacroix), of the Meltdown and Spectre affect per- Universite Catholique de Louvain sonal computers, mobile devices, and (UCL) in Brussels. cloud servers, allowing an attacker to steal data from other cloud cus- This is heavily recommended to tomers. make contacts, meet colleagues, and start discussing ideas and building An additional worry is that the consortia for the security calls of available patches as of writing seem this summer. More info at https: to seriously degrade the processor’s //www.tno.nl/smi2g/. performance. If you plan to attend, drop me an More info about the at- email to meet there! tacks can be found at https: There was a lot of buzz in twit- //meltdownattack.com/. Open Positions ter, most of it under the hashtag #realworldcrypto, including a nice It is really a pity that this event effort by @durumcrustulum to live will only come to Europe every third tweet the event. year, as it alternates between Eu- rope/East and West USA. I enjoyed the event enormously, despite having been allocated only I have not run a proper poll on 5 minutes for my presentation, and the topic, but my impression (though some illness during day 2. I may be suffering from confirmation bias) is that an increasingly large One of the cherries on the top number of security researchers are was the invited talk by Jann Horn reluctant to travel to the USA under Please send us any employment of Project Zero on the Meltdown the current political climate. opportunities you may want to publi- and Specter bugs, that is recorded at cize in the newsletter. https://goo.gl/1PPqTp. In addition, a TSA encounter of the third kind is not featured promi- Particularly interesting is the Q&A nently in our bucket lits. Professor in Secure Systems session, also accessible in the link • at the University of Surrey,

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 2 Department of Computer Sci- ence. Salary from £67,970 to £91,001 per annum. Dead- line for applications is the 5th March.

Suitable areas of expertise that Lecturer or Senior Lec- complement current strengths • turer/Professor positions in of the group include (but are Cyber Security at the Queen’s For other interesting positions all not limited to): anti-malware University Belfast Centre for across Europe, please check the re- security, adversarial machine Secure Information Technolo- cently revamped “Researchers in Mo- learning, risk management gies (CSIT). tion” portal at https://euraxess. and threat modelling, trusted ec.europa.eu/. It currently has close systems, verification, and dis- to 60 open positions in computer se- tributed systems. These positions are based in curity and related areas, including Belfast, with a salary of be- in Poland, the UK, Finland, Slovenia, tween £35,550 to £64,079 per This is a full time, permanent Italy, Norway, Switzerland, and even annum. job offer. For more info, visit the in Spain! ad at https://goo.gl/SGDf64. The same employer is currently The deadline for submitting recruiting for a Senior Lecturer your application is 29th Jan- Proposals for STSMs or Reader in Secure Systems, uary. Their priority areas are By now, you should be already this time with a deadline of Hardware Security, Software familiar with what Short Term Scien- 23rd April. More info at https: Security, and Embedded Sys- tific Missions (or STSMs, for short) //goo.gl/unyTQp. tems Security. More info at are. https://goo.gl/1enATh. Please make your willingness to receive STSMs proposals known by sending me an email. Until I do not have any more, I’ll just publish mine:

Associate or Assistant Professor • in Cyber Security at the Techni- cal University of Denmark.

The submission deadline is the Lecturer in Computer Science 1st February. This is a full time, • (with a specialization in Secu- permanent position based in rity) at King’s College London - Lyngby. Department of Informatics. I will be very happy to receive • anyone interested in investigat- Topics of interest include access ing randomness generation and This posts is based in London, control, authentication and testing, particularly on IoT de- with a salary of £41,212 to identity management systems, vices. £49,149 plus an annual Lon- blockchains and distributed don allowance of £2,923. ledger technologies, malware Blogs, posts and other analysis, digital forensics, and recommended reads ethical hacking, privacy and The deadline for application privacy enhancing technolo- is 17th March. This is a full- gies, and security in pervasive time, permanent position. The computing systems. successful candidate will be appointed to the Cyberse- More info at https://goo.gl/ curity (CYS). More info at Spu76V. https://goo.gl/dXPP7X

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 3 IOTA: Wouldn’t touch with a analysed the total unconvincing an- barge-pole swers to the security issues publicly reported. Very interesting developments around IOTA over the past weeks. This last point regarding security After a highly positive report on is possibly the most enlightening, so the cryptocurrency published on the we will reproduce it in full: 14th of December by the influen- tial MIT Technology Review, titled "A "Once the Digital Currency Ini- Cryptocurrency Without a Blockchain tiative published the break in IOTA’s Event calendar Has Been Built to Outperform Bit- curl hash function, its author, Sergey coin" there were many voices accus- Ivancheglo, offered two conflicting ex- The 17th Annual Workshop on ing the piece of being uncritical and planations for the vulnerability. The the Economics of Information Secu- too rosy. first explanation was that the flaw rity (WEIS) will take place next year was intentional - that it was meant in Innsbruck, Austria. It certainly had a positive im- to serve as a form of ’copy protection.’ pact on the cryptocurrency mar- If anyone used this code in their own kets, but less than a week later The submission deadline is work, he said, the IOTA developers February 18, with a notification Joichi Ito from the MIT Media Lab would be able to exploit the flaw and published a very critical response of acceptance by March 31. Rainer damage other systems that were using Böhme is the conference chair. https://goo.gl/C2Ca9K. the hash function. However, later, he offered a conflicting explanation that he didn’t write the curl at all, but that an AI wrote it. We do not find either of these explanations convincing, even in isolation. That they contradict each other makes them even less so."

We agree with this view. The 16th International Confer- ence on Applied Cryptography and Network Security (ACNS 2018) will Despite all this, at the time of take place in Leuven, Belgium from This response was critical of both writing IOTA is the 11th cryptocur- July 2 until July 4. the currency and the previous bland rency for market capitalization, with article. a worth of 8.2 billion dollars. The submission deadline is Jan 26, 2018 AOE (Anytime on Earth). It was an inspired and well doc- umented rebuttal of many of the If I were you, I will keep a safe assertions published as facts when distance from this project. I won’t in reality they were simply reflecting be surprised if it collapses as it re- without much analysis on claims by cently did another cryptocurrency the IOTA developers. scam called BitConnect, which was a classical Ponzi scheme in a thin dis- guise. This response highlighted a num- ber of serious issues with the project, The 23rd Australasian Conference on Information Security and Privacy notably that the much publicized For further reading, I would (ACISP 2018) will be held in Wollon- IOTA relationships with top-tier com- recommend the early (Sept 2017) gong, Australia on July 11-13, 2018. panies such as Microsoft and Fujitsu post titled "Why I find IOTA deeply were nebulous at best if not straight alarming" by Nick Johnson (an lies. Ethereum core developer) at https: It will, unsurprisingly, be orga- //goo.gl/HYyTtp. nized by the University of Wollon- Also, it reasoned that it is not a gong. The submission deadline is fully decentralized project, and has the 25 February 2018 at 11:59pm suffered from availability issues as Be careful out there! AEST and the notification will be on a result of this. More importantly, it the 8th April.

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 4 acceptance notification on May 11th, covering from 5G Networks to Infor- 2018. mation Hiding.

More info at http://waifi.org. Of special interest to our audience is, possibly, the 2nd International Workshop on Security and Forensics of IoT.

The 3rd International Workshop on Boolean Functions and their Ap- plications (BFA) is organized by the The 21st Information Security Selmer Center of the University of Conference (ISC 2018), will take Bergen. place in London (Guildford), from September 9 to September 12, 2018. It will take place at the Alexandra SecureComm 2018, the 14th EAI Hotel, Loen, in Norway during June The submission deadline is 16 International Conference on Security 17-22, 2018. April, with notification on the 18 and Privacy in Communication Net- June. The General Chair will be Steve works is taking place in Singapore, The deadline for submission is Schneider. from August 8-10, 2018. Deadline April 1st, 2018 (no kidding) and the for submissions is 16 February. notification will be one week later, on April 7th.

The 13th International Confer- ence on Availability, Reliability and Security (ARES 2018), will be held from August 27 to August 30, 2018 at the University of Hamburg, Germany. This workshop occurs imme- diately after a related one called The submission deadline is See you all back in February! WAIFI (International Workshop on March 16, 2018. This conference is the Arithmetic of Finite Fields 2018) quickly becoming one of the largest Best, in Bergen, which is on June 14-16, security gatherings in Europe, with Julio Hernandez-Castro with a deadline on April 1st, and more than 12 associated workshops

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 5 FEBRUARY 2018, NO 16 Cryptacus Newsletter

February 2018 Cryptacus Newsletter Welcome to the February 2018 edition of the monthly Cryptacus.eu newsletter, offering a glimpse into recent developments in the cryptanalysis of IoT & related areas. Send your contributions, com- ments & feedback at [email protected]

News from the Chair ters for the book. ing on April 17th, and the Training School from April 16th to April 20th. by GILDAS AVOINE It is worth noting that many pro- posals are co-authored by researchers MC Members should attend the from different COST countries, which MC Meeting, and they can attend the points that a scientific network such workshop and the book session if rel- as Cryptacus is definitely efficient to evant. launch collaborations. For the training school, registra- The selection committee is cur- tion fees apply for all participants, rently reviewing the received chapter but 37 grants are available for PhD Dear Cryptacus Members, proposals. The acceptation deadline students. will be slightly delayed, given that With the approaching end of the several authors requested to post- For your information, there is no current grant period of your COST pone the submission deadline. vacancy anymore in the hotel of the Action, we received an impressive event (Lince Azores Hotel). However, high number of STSM applications. The selection committee will se- many hotels are available around the lect proposals, then it may invite ad- venue. For example, several people STSMs have never been as suc- ditional researchers to submit chap- already booked in Hotel do Cole- cessful as during this current grant ter proposals, if the topics covered gio. Please check the accommodation period (May 2017 - April 2018), and by the received proposals suffer from page of the training school web site this is the first time that Cryptacus gaps that should be filled in order to for more details. fully spends the budget assigned to make the book self-content and fully STSMs. consistent. The training School web site is https://www.cryptacus.eu/en/ Next month, I will be able to pro- Following several questions that events/training-school-2018/ vide an accurate statement of the I received about our event in Sao https: accepted STSM applications. Miguel, I would like to remind and the workshop web site is //www.surrey.ac.uk/futuredb you that there is the workshop on I am also glad to announce that distance-bounding protocols on April we received about 15 proposals after 14th and 15th, the book working Best regards, the publication of the call for chap- session on April 16th, the MC Meet- Gildas Avoine

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 1 Recommended reading: the analyzed applications do not fol- line and traditional news media, such Alarming state of mobile low best practices and disregard even as https://goo.gl/SNxUXU, https: health applications legal obligations as imposed by con- //goo.gl/dc3HRQ, and even lead to temporary data protection regula- the COST office to publish a media tions (GDPR), thus jeopardizing the piece at https://goo.gl/p9HpLW. privacy of tens of millions of users across the World. Funding News SMI2G Event

The Security Mission Information & Innovation Group (SMI2G) has or- ganised a two-day event in Brussels to exchange information on the 2018 Secure Societies calls and to stimu- This month we will be report- late networking for the creation of ing on a piece by our Cryptacus potential ideas and consortia. colleagues Agusti Solanas and Con- stantinos Patsakis, together with Uni- I could only attend the second versity of Piraeus’ Achilleas Papa- As revealed by the European day, on the 2nd of February, at the georgiou, Michael Strigkos, Eugenia Commission’s 2014 m-Health Green Central Auditorium (Pierre Lacroix) Politou and Efthimios Alepis. Paper, European citizens do not trust of the Universite Catholique de Lou- m-Health apps since 67% of the sur- vain (UCL) in Brussels. This work analyses the security of veyed said they would never use health applications for smartphones, them. It was a well-attended event, with particularly the most relevant ones 459 participants from 31 countries. A in terms of popularity (number of This work totally justifies this lack good opportunity to make contacts, downloads) and user acceptance of trust, and highlights that there is a meet colleagues, and start discussing (high feedback). major gap in the security and privacy ideas and building consortia for the of these popular applications, and security calls of this summer. These collect users health-related that not even the proximity of an ex- information to help them better fol- tremely important regulation hasn’t All the presentations given dur- low their health status and promote motivated their authors to improve ing the SMI2G 2018 event have been a healthy lifestyle. their security and privacy features. published on the SEREN3 project of- Enforcing the new European laws ficial website. All the files are now But this information is extremely will probably be difficult in global available through this link https: sensitive, and it should be a top pri- markets such as Google Play or the //cloud.rosa-rc.ro/index.php/ ority of these apps to offer adequate Apple Store. s/SlMP48yiFHOSQMD/authenticate protection, if only to comply with the (password: smi2g2018). new regulatory frameworks in Eu- The paper has been accepted rope. for publication in IEEE Access, A similar event is taking place, and can be read (Open Access) again in Brussels, on 12 and 13 Unfortunately, and after an in- at http://ieeexplore.ieee.org/ March. It is the Horizon 2020 Se- depth security and privacy analysis document/8272037/. cure Societies European Info Day and of some of the most popular free- Brokerage Event, organised by the ware mobile health applications, the This work got a lot of media atten- Network of H2020 Secure Societies authors found that the majority of tion, with coverage in radio and on- National Contact Points - SEREN3,

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 2 in collaboration with the European expertise in that year’s topic. The Commission and Research Executive EIBURS topic for this year is "The Agency. economic effects of a joint European security and defence policy".

The deadline for submission of proposals is 15 April 2018. Lecturer in Computer Science • (with a specialization in Secu- Further information on this call rity) at King’s College London - can be found at the European Jour- Department of Informatics. nal, C60 (16.02.18) This posts is based in London, Open Positions with a salary of £41,212 to The event will take place at Ho- £49,149 plus an annual Lon- tel Le Plaza, and will give details don allowance of £2,923. of the calls for proposals H2020-CIP 2018, H2020-SEC 2018 and H2020- The deadline for application DS-2018. The event will help partici- is 17th March. This is a full- pants to prepare their proposal by of- time, permanent position. The fering: successful candidate will be appointed to the Cybersecu- Detailed information about the rity (CYS) Group. More info at • calls https://goo.gl/dXPP7X Please send us any employment Networking possibilities, opportunities you may want to publi- • through project idea presen- cize in the newsletter. In addition to this post, King’s tation & bilateral meetings ses- College has just published an sions opening for a Chair in Cy- Professor in Secure Systems bersecurity (Security and Sys- Answers to any questions raised • tems). They are currently re- • linked to call areas at the University of Surrey, Department of Computer Sci- cruiting heavily in the Com- Details on the legal and proce- ence. Salary from £67,970 to puter Science/Informatics de- • dural conditions £91,001 per annum. Dead- partment and seem keen to line for applications is the 5th create a strong Cyber security The programme and all informa- March. group. More info at https: tion are available on the event web //goo.gl/M83hc7. Deadline on the 28th February. Salary starts site https://seren3brussels2018. Suitable areas of expertise that at £66,084 plus £2,923 of Lon- b2match.io. complement current strengths don allowance, but can easily of the group include (but are reach two times this amount Registration for the event is not limited to): anti-malware depending on experience. free but obligatory, and available security, adversarial machine at https://seren3brussels2018. learning, risk management b2match.io/signup and threat modelling, trusted systems, verification, and dis- EIBURS Call for Proposals tributed systems.

The European Investment Bank Institute has just launched a new This is a full time, permanent EIBURS sponsorship under its knowl- job offer. For more info, visit the edge programme. ad at https://goo.gl/SGDf64.

The EIB University Research The same employer is currently Lecturer, Senior Lecturer, or Sponsorship Programme (EIBURS) recruiting for a Senior Lecturer • Reader in Cyber Security at provides research grants of up to or Reader in Secure Systems, the University of Birmingham e100,000 a year for a period of three this time with a deadline of School of Computer Science. years, to interested university de- 23rd April. More info at https: Full-time, permanent positions, partments or research centres with //goo.gl/unyTQp. with a closing deadline of 25th

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 3 February and a salary rang- 2018 at noon. More info at Blogs, posts and other ing from £39,993 to £74,259. https://goo.gl/jq9Vrd recommended reads They are particularly interested Wyden’s letter in those specialising in sys- tems security or the inter- section of security with arti- ficial intelligence or human- computer interaction. This is a very interesting opportunity to join an expanding group which is rapidly becoming one of the best groups in the UK. For other interesting positions all More info at https://goo.gl/ across Europe, please check the re- 9VWs4h. cently revamped “Researchers in Mo- Ron Wyden is the Democratic tion” portal at https://euraxess. Senator from Oregon. ec.europa.eu/. It currently has close He’s an interesting and controversial to 50 open positions in computer se- figure in the United States Senate, curity and related areas, including and although after checking his vot- in Poland, the UK, Finland, Slovenia, ing history one may disagree with the Italy, Norway, Switzerland, and even Professor of Computer Science timing or wisdom of some of his past in Spain! • at University College Cork - actions, it is difficult to argue against School of Computer Science the fact that he is a strong advocate and Information Technology. of civil liberties and (with the excep- tion of assisted suicide) his views are very liberal (in the best sense of the This is an interesting position word, if any still exists) and closer to in Ireland, at a prestigious in- these of NGOs such as the EFF. stitution that wants to expand its cyber security expertise. He has recently been again in the spotlight because of his doubts about They state in the ad that "The Proposals for STSMs a recent statement by the FBI Di- School strategy is to expand its By now, you should be already rector, who claimed tech companies research and teaching in the familiar with what Short Term Scien- can weaken their encryption without area of cyber-security, and can- tific Missions (or STSMs, for short) harming cybersecurity. didates with such expertise are are. especially encouraged to apply. He, in a move that is nowadays Applications from candidates Please make your willingness to sadly uncommon for politicians, seek with expertise in other areas of receive STSMs proposals known by real expert’s advice. computer science will also be sending me an email. considered." As a result, he received a let- Until I do not have any more, I’ll ter from Prof. Martin Hellman This is a full-time and per- just publish mine: (signed also by Bellovin, Kocher and manent position, with a rela- Schneier) saying this is simply not tively high salary ranging from possible right now, at least not as e109,129 to e140,962 de- stated by the FBI Director. pending on experience. It is interesting to note that the FBI Director had claimed that "ex- Note that, as it is becoming perts" had concluded these "excep- increasingly common with cy- tional access" mechanisms were pos- bersecurity positions, Garda sible without compromising security. vetting or an international po- Senator’s Wyden call FBI’s bluff re- lice clearance check may form I will be very happy to receive questing them to name the experts part of the selection process. • anyone interested in investigat- who made such claim, and he has ing randomness generation and not received an adequate answer to The deadline for applica- testing, particularly on IoT de- date. tions is Tuesday 6th March vices.

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 4 its, and 70% will go to the website owner. This is of course an awful practice that, in the hands of criminals, can be turned into something even worse when they include said javascript on hacked webpages, whose owners re- main unaware of the events. How to prevent attackers to com- promise your web and plant code that will abuse your visitors? In addi- Event calendar tion to the usual security measures, The 33rd IFIP TC-11 SEC 2018 there are some very specific ones International Conference on Infor- that are beautifully covered on a blog mation Security and Privacy Pro- https://goo.gl/iR5p6f by Scott tection (SEC 2018) will take place Helme. in Poznan, Poland, from the 18 to the 20 September. Cryptacus’ Miroslaw Kutylowski is in the or- ganisation. Deadline has passed, but This is another twist on the ongo- this is a very nice event to reg- ing war on crypto. ister and attend, with some very high quality presentations. More Looks particularly worrying if we info at http://ifipsec2018.pwr. see it as part of the same effort that edu.pl/comittee.php is desperately trying to push NSA’s SPECK and SIMON for standardisa- tion by ISO/IEC despite the strong opposition of the German, Japanese This was in response to the dis- and Israeli representatives. covery that more than 4,000 sites were hosting mining scripts, many Please don’t forget to contact your of these Government websites. This national representative and ask him happened because a third party or her to vote against these abu- provider (Text Help) was compro- sive behaviour, from the authors of mised and their javascript library was the beloved and heavily backdoored altered, introducing a crypto mining The 17th Annual Workshop on Dual-EC-DRBG. script that was then subsequently in- cluded on thousands of websites. the Economics of Information Secu- rity (WEIS) will take place next year ALL YOUR MONERO ARE BE- in Innsbruck, Austria. LONG TO US Fortunately, this is easy to stop with a tiny change to how the script The notification of acceptance is The latest pseudo-criminal trend is loaded in the code, adding the on March 31. Rainer Böhme is the is to turn your browser into a cryp- SRI Integrity Attribute that allows conference chair. tocurrency mining machine. the browser to determine if the file There is even a legitimate (although has been modified, and reject it if admittedly immoral) business model needed. behind it, as for example proposed by https://coinhive.com, that tries to Scott claims that to take this one sell it as an alternative to online ads. step further and ensure absolute pro- They basically provide you with tection, you can use Content Security javascript that you can embed in Policy and the require-sri-for direc- The 23rd Australasian Conference your webpages which will abuse your tive to make sure that no script is on Information Security and Privacy visitor’s CPU to mine Monero, a cryp- allowed to load on the page without (ACISP 2018) will be held in Wollon- tocurrency that can be mined for an SRI integrity attribute. On top of gong, Australia on July 11-13, 2018. reasonable profit on normal CPUs that, you could be alerted to events and that, conveniently, offers much like this happening on your site via It will, unsurprisingly, be orga- more privacy than bitcoin. CSP Reporting. nized by the University of Wollon- Coinhive will take 30% of the prof- gong. The submission deadline is

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 5 the 25 February 2018 at 11:59pm with a deadline on April 1st, and Of special interest to our audience is, AEST and the notification will be on acceptance notification on May 11th, possibly, the 2nd International Work- the 8th April. 2018. shop on Security and Forensics of IoT.

More info at http://waifi.org.

Last but not least, the (tem- porary) travel information for Asi- The 3rd International Workshop The 21st Information Security aCrypt2018 have attracted some un- on Boolean Functions and their Ap- Conference (ISC 2018), will take expected attention due to their good plications (BFA) is organized by the place in London (Guildford), from sense of humor. As of this writing, Selmer Center of the University of September 9 to September 12, 2018. they (partly) read "The conference will Bergen. The submission deadline is 16 be held in Brisbane, Australia, which April, with notification on the 18 is located approximately 7,136 miles It will take place at the Alexandra June. The General Chair will be Steve from the Santa Barbara airport, mak- Hotel, Loen, in Norway during June Schneider. ing that perhaps the least desirable air- 17-22, 2018. port to arrive at. All major rental car agencies are available in the immedi- The deadline for submission is ate area. AMTRAK also definitely does April 1st, 2018 (no kidding) and the not offer rail connections to Brisbane, notification will be one week later, on Australia, but if you’re in good shape, you might be able to swim here. Watch April 7th. The 13th International Confer- out for sharks." ence on Availability, Reliability and Security (ARES 2018), will be held from August 27 to August 30, 2018 at the University of Hamburg, Germany.

The submission deadline is March 16, 2018. This conference is This workshop occurs imme- quickly becoming one of the largest See you all back in March! diately after a related one called security gatherings in Europe, with WAIFI (International Workshop on more than 12 associated workshops Best, the Arithmetic of Finite Fields 2018) covering from 5G Networks to Infor- Julio Hernandez-Castro in Bergen, which is on June 14-16, mation Hiding.

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 6 MARCH 2018, NO 17 Cryptacus Newsletter

March 2018 Cryptacus Newsletter Welcome to the March 2018 edition of the monthly Cryptacus.eu newsletter, offering a glimpse into re- cent developments in the cryptanalysis of IoT & re- lated areas. Send your contributions, comments & feedback at [email protected]

News from the Chair Many top-level researchers from this Matthias J. Kannwischer (UK to NL), by GILDAS AVOINE field accepted to give a talk. Esteban Armas Vega (ES to UK), Yu The key idea is to make theoreticians Long Chen (BE to NL). and practitioners discussing together. The program has been prepared by In total, these STSMs represent Ioana Boureanu, Stéphanie Delaune, 318 funded days. It is worth noting and Cristina Onete, and the event that inclusiveness target countries is co-funded by the ERC POPSTAR (ITC) are under-represented in spite headed by Stéphanie. of our effort to promote this scientific tool. Dear Cryptacus Members, The Workshop web site is https: //www.surrey.ac.uk/futuredb. Finally, I would like to stress Our next Cyptacus event will be In this March newsletter, I would that the next Grant Period will held in less than a month in São also like to recap the short-term sci- start on May 1st, 2018. Crypta- Miguel. entific missions (STSMs) that were cus’ members will then be able funded by Cryptacus during the cur- to apply again to STSM grants I would like to remind you that rent Grant Period (May 2017 to April (https://www.cryptacus.eu/en/stsm/how- the training school program is avail- 2018). to-apply/) and to ITC conference able online and grants to attend the grants (check https://goo.gl/ event are still available for students. We indeed received many STSM qfNrmL). applications during the last months, Ricardo Chaves and his team did much more than usual, and Crypta- The Work & Budget Plan of the a great job to make this event suc- cus has been able to fund all of next Grant Period has been recently cessful, and I would already like to them after refilling the STSM bud- approved, and the last Cryptacus’ thank them for the organization. get. We so far funded: Sam Thomas events will be announced in the April (UK to FR), Milena Djukanovic (ME newsletter. The Training School web site to IT), Veelasha Moonsamy (NL to is https://www.cryptacus.eu/en/ ES), Elena Pagnin (SE to FR), David events/training-school-2018/). GÃl’rault (FR to UK), Hannes Gross In the meanwhile, have fun with Jointly located with the training (AT to BE), Ioana Boureanu (UK to the March newsletter! school, Cryptacus organizes a work- FR), Bogdan Dina (DE to FR), Ana Best regards, shop on distance-bounding protocols. Lucila Sandoval Orozco (ES to UK), Gildas Avoine

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 1 Recommended reading: the course of 18 months. The event is organized by the Predicting mergers via Network of Secure Societies National aviation traffic Additionally, they illustrate the Contact Points - SEREN3, in collab- ease with which one could analyze oration with the European Commis- the behavior and relationships of sion. This information day and bro- aviation users through the exam- kerage event gives details on the ple of foreign governments visiting calls for proposals H2020-CIP 2018, Europe. In an even more interest- H2020-SEC 2018 and H2020-DS- ing and practical application of their 2018, published on 27 October 2017 findings, they exploit similar travel under the societal challenge Secure date to predict potential merger and Societies - Protecting freedom and acquisition (M&A) activities by 36 security of Europe and its citizens. corporations listed on the US and European stock markets. His findings These calls offer new research This month we will be reporting could potentially lead to a very prof- funding opportunities to research on particularly nice and insightful itable investing strategy, as they iden- institutions, universities, industries, paper author by a security team at tify seven M&A cases, in all of which SMEs, civil society organizations and Oxford and Armasuisse, which is a the buyer has used corporate aircraft other security stakeholders. Swiss federal agency specialised on to visit the target prior to the official the procurement of armament. announcement, on average 61 days Participation to the event is free It is titled "The Real First Class? Infer- before. This period of time give am- of charge and the number of partici- ring Confidential Corporate Mergers ple time to take financial positions to pants is limited due to the capacity of and Government Relations from Air benefit from the information leakage. the rooms. Traffic Communication". Finally, they try to find solutions The main topics to be covered Authors are Martin Strohmeier, to stop this massive information leak- are Critical Infrastructure Protection, Matthew Smith, Vincent Lenders and age from occurring, quantifying their Disaster Resilience, Safeguarding and Ivan Martinovic. This paper contin- popularity and effectiveness, and securing society, Fight Against Crime ues the research from the Oxford finding them mostly ineffective. and Terrorism, Border Security and team on aircraft security communica- External Security, General Matters on tion. For a previous work on a closely This work has recently been ac- Security and Digital Security. There related topic, you can watch the cepted for the 3rd IEEE European are many reasons to participate, in- video of Matthew Smith on ACARS Symposium on Security and Privacy, cluding: receiving information about insecurity titled "Modern jets, retro that is going to take place on April the calls, networking possibilities, to ciphers: how monoalphabetic sub- 24-26, 2018 in London, United King- get answers to your questions linked stitution ciphers are still in use" at dom. to call areas and to get details on the this year’s Real World Crypto, acces- legal and procedural conditions. sible at https://www.youtube.com/ Funding News watch?v=hEqcITbBNh4. One of the great benefits of these Warsaw Brockerage Event events is that you can present project As stated in their abstract, this ideas briefly (you generally get 2 min paper exploits publicly available air- for a lightning presentation) to all craft meta data and unfiltered air participants and explicitly seek col- traffic communication gathered from laboration from organisations with a a global collaborative sensor net- given set of skills. There will be also work to study the privacy impact of face to face meetings that you can large-scale aircraft tracking on gov- ask for on the web of the event. Ping ernments and public corporations. me if you plan to attend, as I will be there. They track travel data from 542 aircraft used by 113 different gov- The registration is open until 1 ernments to identify events and re- April 2018. The event venue is the lationships in ’the real world’. They Copernicus Science Centre in War- develop a spatio-temporal clustering There is an interesting Info Day saw. method which returns 47 public and and Brokerage Event on the Horizon 18 non-public meetings attended by 2020 Secure Societies call. You can register at https://goo. dedicated government aircraft over gl/vogvYw

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 2 This is an interesting position learning, risk management in one of the growing cyberse- and threat modelling, trusted curity teams in the UK systems, verification, and dis- tributed systems. It is a full time, permanent po- The deadline for applications is sition with a starting salary of the 23rd April 2018. between £37,706 and £47,722 More info available at https: per annum. The deadline for //goo.gl/fgg22s. submission of candidatures is the 18th April.

They are looking for scholars EIBURS Call for Proposals in the broad area of cyber se- curity, covering science and en- The European Investment Bank gineering of cyber security and A position as (full) profes- Institute has just launched a new information assurance. Specific • sor of Computer Science is EIBURS sponsorship under its knowl- topics of interest include the se- available as soon as possible edge programme. curity and privacy of emerging at the Department of Com- applications of the internet-of- puter Science, Aarhus Univer- The EIB University Research things and cloud computing, sity (www.cs.au.dk). The de- Sponsorship Programme (EIBURS) the protection of cyber-physical partment has research groups provides research grants of up to systems, system and network within ’Algorithms and Data e100,000 a year for a period of three security, computer forensics, Structures’, ’Data-Intensive Sys- years, to interested university de- intrusion detection, authenti- tems’, ’Cryptography and Secu- partments or research centres with cation systems, cyber risk and rity’, ’Mathematical Computer expertise in that year’s topic. The economics, usability and hu- Science’, ’Logic and Semantics’, EIBURS topic for this year is "The man aspects of cyber security. ’Ubiquitous Computing and In- economic effects of a joint European teraction’, ’Computer-Mediated security and defence policy". More info at https://goo.gl/ Activity’, ’Use, Design and Inno- tgKdH6 vation’, and ’Programming Lan- The deadline for submission of guages’. Moreover, they wish proposals is 15 April 2018. to build competencies within Machine Learning and Sys- Further information on this call tems Security. The deadline is can be found at the European Jour- 03.05.2018. More information nal, C60 (16.02.18) at https://goo.gl/rnJYSh.

Open Positions Senior Lecturer or Reader in Se- • cure Systems at the University of Surrey, Department of Com- puter Science. Surrey is a good For other interesting positions all UK university not far from Lon- across Europe, please check the re- don, which has international cently revamped “Researchers in Mo- visibility in Cybersecurity and tion” portal at https://euraxess. is consistently growing and in- ec.europa.eu/. It currently has close vesting in the area. to 60 open positions in computer se- This position would be located curity and related areas, including in Guildford, with a salary of in Poland, the UK, Finland, Slovenia, Please send us any employment £49,149 to £69,984 per an- Italy, Norway, Switzerland, and even opportunities you may want to publi- num. This is, of course, a full in Spain! cize in the newsletter. time permanent position. Suit- able areas of expertise that complement current strengths Lecturer in Cyber Security at of the group include (but are • the University of Southampton not limited to): antimalware security, adversarial machine

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 3 Proposals for STSMs Purdue University researchers of a number of weaknesses in the de- By now, you should be already have developed a way to protect vice have shocked its customer base. familiar with what Short Term Scien- against wipers. Their idea is to anal- All the technical details and a video tific Missions (or STSMs, for short) yse write buffers before they reach showing the hack can be accessed at are. Please make your willingness to storage, and decide whether the https://goo.gl/BT6JVa, but to cut receive STSMs proposals known by intended write is destructive, and a long story short, it seems all Ledger sending me an email. Until I do not stop it if so. Wipers cause substan- hardware wallets are vulnerable to a have any more, I’ll just publish mine: tial damage by overwriting critical relatively simple man in the middle digital assets on compromised ma- attack. chines, denying users access to com- puting resources. They interpose an inspection step in the Virtual Machine Monitor (VMM) through a technique known as Virtual Machine Introspec- tion (VMI). This has the benefit that it does not rely on the entire OS as a root of trust. The prototype seems to be effective (99.8%) against malware such as Shamoon and Stonedrill, and I will be very happy to receive some other secure delete tools. The • anyone interested in investigat- authors acknowledge that the perfor- ing randomness generation and mance of their tool needs to be in- testing, particularly on IoT de- vestigated further, but the approach vices. seems quite promising. More info at Blogs, posts and other https://goo.gl/pnJEDC. recommended reads Low-cost hacking of a road Irresponsible disclosure speed radar :-)

More info at https://goo.gl/ Event calendar Dvyy7w SSR 2018, The 4th Conference ’R2D2’ stops disk-wipe malware on Security Standards Research, will before it executes evil commands take place in Darmstadt Germany, Ledger security problems on 3-4 December 2018. The pur- pose of this conference is to discuss The Ledger Nano is quite possi- the many research problems deriving bly, the most popular hardware wal- from studies of existing standards, let in the market. It’s manufactured the development of revisions to exist- in France and has sold more than ing standards, and the exploration of 1,000,000 copies. Hardware wallets completely new areas of standardisa- are used by cryptocurrency holders to tion. The deadline for submissions is keep their coins off the markets, se- 22 June 2018 (3pm UTC). The Gen- curely stored in an off-line device for eral Chair is Marc Fischlin. More info extra security. So news of the finding at https://ssr2018.net/.

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 4 The 21st Information Security Conference (ISC 2018), will take place in London (Guildford), from September 9 to September 12, 2018. The submission deadline is 16 April, with notification on the 18 June. The General Chair will be Steve Schneider.

The 3rd International Workshop The 23rd European Symposium on Boolean Functions and their Ap- on Research in Computer Secu- plications (BFA) is organized by the rity (ESORICS) will be held in Selmer Center of the University of Barcelona, at the Universitat Politec- Bergen. nica de Catalunya - BarcelonaTech, The ’IoT Autentication 2018’ on September 3-7 2018. Several co- It will take place at the Alexandra Conference will take place in Mel- located workshops will be held in Hotel, Loen, in Norway during June bourne, Australia on November 28- conjunction with the Symposium. 17-22, 2018. 30, 2018. It will feature invited The submission deadline is April 18, presentations from Auto-ID Labs, 2018 (11:59 p.m. American Samoa The deadline for submission is IoT Alliance Australia, IoT (Inter- time). General Chair is Miguel Sori- April 1st, 2018 (no kidding) and the net of Things) Security, Prof. Michael ano. notification will be one week later, on Sheng, Prof. Margreta Kuijper, Dr. April 7th. Omid Kavahei, Prof. Seng Loke,and Prof. Lejla Batina. The Keynote speaker is Dr. Veena Pureswaran from IBM. If you want to attend, check http://www.authiot2018. conferences.academy/.

This workshop occurs imme- diately after a related one called WAIFI (International Workshop on the Arithmetic of Finite Fields 2018) in Bergen, which is on June 14-16, with a deadline on April 1st, and acceptance notification on May 11th, 2018.

More info at http://waifi.org. The 2nd IMA Conference on The- oretical and Computational Discrete Mathematics accepts abstracts of up See you all back in April! to 500 words to be submitted for ei- ther oral or poster presentation via Best, https://my.ima.org.uk by Friday Julio Hernandez-Castro 13 April 2018.

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 5 MAY 2018, NO 18 Cryptacus Newsletter

April-May 2018 Cryptacus Newsletter Welcome to the April-May 2018 edition of the monthly Cryptacus.eu newsletter, offering a glimpse into recent developments in the cryptanalysis of IoT & related areas. Send your contributions, com- ments & feedback at [email protected]

News from the Chair I would like to use this opportu- The last period may, consequently, nity to kindly thank the organizers, be more competitive for applicants. by GILDAS AVOINE including Ricardo’s colleagues and students, who greatly contributed to Last grant period also means make this event successful. we are now working on the or- ganisation of the last conference. It will be held in Rennes (France) on September 18th-20th, 2018. The website is already up (https://www. cryptacus.eu/en/conference/) but programme and traveling infor- Dear Cryptacus Members, mation are not available yet. MC Members will likely receive their offi- April has been an important cial invitation in May. month for the Cryptacus community. Mainly because of the organiza- The list of speakers is not com- tion of two important events in pleted yet, but promises to be stellar. São Miguel, namely the Cryptacus Looking now to the future, I can I can announce the confirmed ones: training school organized by Ricardo announce that the new Grant Period Lejla Batina, Milena Djukanovik, Chaves (PT), and a workshop on will start on time, namely on May Orr Dunkelman, Aurélien Francil- distance-bounding protocols (Crypta- 1st, 2018. lon, Kevin Fu, Flavio Garcia, Daniel cus COST Action & Popstar ERC Gruss, Claudio Orlandi, Bart Preneel, Grant) mostly organized by Ioana You can already apply for STSMs and Ingrid Verbauwhede. Boureanu (UK) and Stéphanie De- and ITC Grants, to be held between laune (FR). May 1st and December 11th, which The full list will be provided in the is unfortunately already the end of next newsletter. More than 70 people have been our COST Action. funded to attend the events, which have been amazingly successful ac- The number of applications we cording to the feedback and com- receive roughly doubled from one Best regards, ments I received from the attendees. grant period to another one. Gildas Avoine

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 1 Recommended reading: Chair in Computer Science at Practical Fault Injection on • the University of Liverpool’s Deterministic Signatures: Department of Computer Sci- The Case of EdDSA ence. A permanent and full time position at the highest level. They mention in the ad The recommending reading of security as one of their pri- the month is a joint work by Niels ority topics. The closing date Samwel and Lejla Batina from Rad- for applications is the 11 May boud University, Nijmegen. 2018. More info at http:// www.jobs.ac.uk/job/BIS200/ It is particularly timely after re- chair-in-computer-science/ cent vulnerabilities of popular im- plementations of deterministic signa- tures schemes such as EdDSA have been attacked, showing that the se- cure deployment of these algorithms will require more countermeasures A position as (full) profes- They conclude that, as only a • than originally though. single successful fault is needed to sor of Computer Science is fully recover the key, this kind of im- available as soon as possible plementation is a particularly easy at the Department of Com- The paper shows, in addition, target for the attackers. puter Science, Aarhus Univer- that the realistic implementation of sity (www.cs.au.dk). The de- these additional countermeasures is partment has research groups far from trivial as the authors pro- within ’Algorithms and Data posed certain checks as a counter- Structures’, ’Data-Intensive Sys- measure but the implementation un- tems’, ’Cryptography and Secu- der analysis remained vulnerable to rity’, ’Mathematical Computer fault injection attacks. Science’, ’Logic and Semantics’, ’Ubiquitous Computing and In- The authors present simple at- teraction’, ’Computer-Mediated tacks against the EdDSA implementa- Activity’, ’Use, Design and Inno- tion in the lightweight cryptographic vation’, and ’Programming Lan- library WolfSSL on a 32-bit micro- guages’. Moreover, they wish controller, achieving success rates of to build competencies within almost 100% by voltage glitching and Machine Learning and Sys- electromagnetic fault injection. tems Security. The deadline is 03.05.2018. More information at https://goo.gl/rnJYSh.

Open Positions

50th Anniversary Readership • (Associate Professor) in Cyber Security at the Lancaster Uni- versity School of Computing & Communications.

With a salary range of £50,618 to £56,950 this is a permanent The paper was accepted to Please send us any employment and full time job offer, closing Africacrypt 2018, and can be opportunities you may want to publi- on the 31st May 2018. This accessed here https://goo.gl/ cize in the newsletter. is with the renowned Secu- 4ZPacb. rity Lancaster, the University’s

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 2 cross-disciplinary research in- I will be very happy to receive of the malware under observation. stitute in Security and Protec- • anyone interested in investigat- A myriad of techniques have devel- tion Science. ing randomness generation and oped in this interesting area, but the testing, particularly on IoT de- recent GravityRAT seems to be vari- Security Lancaster is one of vices. ous steps ahead of most current mal- four flagship Lancaster Re- ware in spotting VMs. It uses no search Institutes and amongst Blogs, posts and other fewer than 7 different techniques to the current 14 Academic Cen- recommended reads accomplish this. These include com- tres of Excellence in Cyber Se- The End of the Road for SIMON mon techniques such as looking for curity Research (ACE-CSRs) and SPECK? traces of the hypervisor left on the recognised by the UK govern- virtual machine, checking the com- ment. Well done Tomer and Orr! puter name, and checking the num- ber of CPU cores. But it also uses a novel tech- nique where it requests the CPU tem- perature, a feature not commonly supported by hypervisors. These will then respond "not supported" thus re- For other interesting positions all vealing that the malware is probably across Europe, please check the re- not being run on a real machine. cently revamped “Researchers in Mo- More info at https://goo.gl/ tion” portal at https://euraxess. 15TN6x, with the complete analyis by ec.europa.eu/. It currently has close For more info, please check this Cisco Talos researchers Warren Mer- to 60 open positions in computer se- aptly titled piece "ISO blocks NSA’s cer and Paul Rascagnères. curity and related areas, including latest IoT encryption systems amid in Poland, the UK, Finland, Slovenia, murky tales of backdoors and bully- Italy, Norway, Switzerland, and even ing" at https://goo.gl/PkYcTD. in Spain!

Other news

Proposals for STSMs By now, you should be already familiar with what Short Term Scien- tific Missions (or STSMs, for short) Event calendar are. Please make your willingness GravityRAT, state of the art in to receive STSMs proposals known VM detection SSR 2018, The 4th Conference by sending me an email. Take into on Security Standards Research, will account that STSMs will be more There is a continuous arms race take place in Darmstadt Germany, on competitive in this last period of the between malware developers and an- 3-4 December 2018. Action. alysts to detect (or, alternatively, Until I do not have any more, I’ll just hide) that a piece of malware is be- The purpose of this conference is publish mine: ing run in a Virtual Machine. It is to discuss the many research prob- in the best interests of attackers to lems deriving from studies of existing recognised when this is the case, so standards, the development of revi- that they can stop their malware from sions to existing standards, and the running and hence being dynamically exploration of completely new areas analysed by security experts. On the of standardisation. other hand, malware analysts want their VMs to replicate as accurately The deadline for submissions as possible real environments so that is 22 June 2018 (3pm UTC). The they can fully observe the behaviour General Chair is Marc Fischlin. More

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 3 info at https://ssr2018.net/. The ’IoT Autentication 2018’ Con- their applications. ference will take place in Melbourne, Australia on November 28-30, 2018. Paper submissions close on Au- gust 14. It will feature invited presenta- tions from Auto-ID Labs, IoT Alliance Australia, IoT (Internet of Things) Security, Prof. Michael Sheng, Prof. Margreta Kuijper, Dr. Omid Kava- hei, Prof. Seng Loke,and Prof. Lejla One of my preferred events in the Batina. European cybersecurity calendar is Nordsec. The Keynote speaker is Dr. Veena Pureswaran from IBM. If FDTC 2018 is the Fourteenth It is one of the oldest events you want to attend, check http: Workshop on Fault Diagnosis and running, and although participants //www.authiot2018.conferences. Tolerance in Cryptography, and will mostly come from European coun- academy/. be held on the 13 of September 2018 tries north of the 60th parallel, it in Amsterdam, co-located with CHES. is a magnificent event open to all. this year it runs its 23rd edition in It is held in cooperation with the Oslo, Norway, from the 28 to the 30 IACR and is interested in all aspects November. of fault injection.

The proceedings consist of peer- The submission deadline is reviewed articles and are published May 25, and Joan Daemen, now in the Springer Lecture Notes in Com- with Radboud University, is one of puter Science series. the Chairs. For more info, check www.fdtc-workshop.eu. Some Cryptacus members are in- volved in the organisation or the program committee, such as Billy Brumley from Tampere University of Technology and Aikaterini Mitrokotsa The 14th International Confer- from Chalmers University of Technol- ence on Information Security and ogy. Cryptology (Inscrypt) will be held in Fuzhou, Fujian, from December 14 to Prof. Audun Jøsang from UiO 16. Organized by the Fujian Provin- Norway is the General Chair this year. cial Key Laboratory of Network Secu- rity and Cryptology of Fujian Normal The deadline for paper submis- University. sion is the 10th August. It is an annual conference target- ing the top research results in the related area. See you all back in June!

Topics of interest encompass re- Best, search advances in ALL areas of in- Julio Hernandez-Castro formation security, cryptology, and

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 4 JULY 2018, NO 19 Cryptacus Newsletter

June-July 2018 Cryptacus Newsletter Welcome to the June-July 2018 edition of the monthly Cryptacus.eu newsletter, offering a glimpse into recent developments in the cryptanalysis of IoT & related areas. Send your contributions, com- ments & feedback at [email protected]

News from the Chair lightweight. Everything goes well so far. by GILDAS AVOINE Our major event during this fi- A call for chapters was published nal grant period is, of course, the in 2017, and additional authors were conference in Rennes (France) on lated invited to fill thematic gaps. September 18-20, 2018. The chapters have been received The program consists of 16 in- by the editors, and the cross-review vited speakers for 45-minute talks, step started last week. The book will and 13 speakers who will present likely be sent to the publisher in Oc- their book chapter in 5 minutes. tober 2018, aiming for a publication Dear Cryptacus Members, date in early 2019. These short talks will be recorded, The final grant period of Crypta- and made available on the cryptacus Have a great summer break! cus is now running, and it will finish website and possibly as well in the on December 14th. Springer book web. Best regards,

You still have time to apply for The website of the confer- Gildas Avoine a STSM Grant or an ITC Conference ence is up, and available at Grant. http://www.cryptacus.eu/en/conference/ Open Positions We will be very happy to receive We will organize a social event at your applications Mont-Saint-Michel, a famous rocky tidal island located in Normandy. Given that the final period is shorter than the previous ones, the Do not hesitate to spread the URL budget is shorter as well, but we can in your labs. still fund around 4 or 5 STSM Grants. The other running task is the As usual, the procedure to Cryptacus book, to be published by apply is described on our web- Springer. site, www.cryptacus.eu and very Please send us any employment

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 1 opportunities you may want to publi- sensor-rich environments; in- cize in the newsletter. teractive and smart spaces; new interaction paradigms; Internet of Things; mobile Professor of Cybersecurity (in- and context-aware computing; • cludes a Lectureship appoint- awareness and privacy; and ment) at the Department of tangible, situated and embod- Computer Science, University ied interaction." Salary starts of York. This is an excellent op- at e70K. For more info, check I will be very happy to receive portunity to lead a small but https://goo.gl/5FUzSt • anyone interested in investigat- growing cybersecurity group at ing randomness generation and York, that comes with the in- testing, particularly on IoT de- frequent possibility for the suc- Tenure Track Assis- vices. cessful candidate to almost im- • tant/Associate/Full Professor mediately recruit a Lecturer. Innovative Computer Architec- York is one of the UK’s best tures at The Faculty of Science Universities, and one of the and Engineering of Gronin- best places to live. Both posi- gen University. You may ap- tions are permanent and full ply for this position until 14 time. The salary starts around August 23:59h. More info at £65,585 but can be higher https://goo.gl/CFVqvP based on experience. The only caveat is the very short dead- line on the 5th of July, which For other interesting positions all has been extended from the across Europe, please check the re- Event calendar original 24th June. More info at cently revamped “Researchers in Mo- https://goo.gl/hkwyb3. CARDIS 2018 will take place on tion” portal at https://euraxess. November 12-14th in Montpelier, Senior Research Fellow of In- ec.europa.eu/. It currently has close France. The submission deadline • formation Security and Privacy to 60 open positions in computer se- is July 13, 23:59:59 Anywhere on at the University of Tartu. With curity and related areas, including Earth (AoE). More info at https: a salary of e3-3.5K per month, in Poland, the UK, Finland, Slovenia, //cardis2018.sciencesconf.org. depending on qualification and Italy, Norway, Switzerland, and even experience. Deadline for ap- in Spain! plications is the 2nd August. More info on the post and in- strictions on how to apply at https://goo.gl/ibfjin.I was The Sixth International Workshop recently in Tartu, for Nord- on Lightweight Cryptography for Se- Sec’17, and liked the city a curity & Privacy (LightSec 2018, In lot, it seemed like a very nice, Cooperation with IACR) will take calm and relatively inexpensive place on September 10-12, in Cardiff, place to live. together with the 11th International Proposals for STSMs Conference On Security Of Informa- tion and Networks. The submission Full Professor of Ubiquitous By now, you should be already deadline is the 20th July. The gen- • Computing at TU Wien (Vienna familiar with what Short Term Scien- eral chair is Atilla Elci and the PC University of Technology). For a tific Missions (or STSMs, for short) chair is Koray Karabina. For more start in October 2019, and with are. Please make your willingness info, check http://www.sinconf. a deadline of 22 October 2018, to receive STSMs proposals known org/sin2018/lightsec.php. this is an excellent opportunity by sending me an email. Take into at the Faculty of Informatics. account that STSMs will be more Indocrypt 2018 will take place They want somebody working competitive in this last period of the on 9-12 December in New Delhi. on "next generation ubiquitous Action. The submission deadline is 25 Au- computing systems and their gust 2018, 11:59 AM, GMT. Tutorials application in authentic real Until I do not have any more, I’ll will take place on the 9 December world settings. Particular re- just publish mine: and the conference properly on 10- search topics of interest include 12 December. It’s the 19th edition

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 2 of the event. More info at https: is a magnificent event open to all. //www.isical.ac.in/~indocrypt/ this year it runs its 23rd edition in Oslo, Norway, from the 28 to the 30 November.

The proceedings consist of peer- reviewed articles and are published in the Springer Lecture Notes in Com- puter Science series.

Some Cryptacus members are in- volved in the organisation or the program committee, such as Billy SSR 2018, The 4th Conference Brumley from Tampere University of The 14th International Confer- on Security Standards Research, will Technology and Aikaterini Mitrokotsa ence on Information Security and take place in Darmstadt Germany, on from Chalmers University of Technol- Cryptology (Inscrypt) will be held in 3-4 December 2018. ogy. Fuzhou, Fujian, from December 14 to 16. Organized by the Fujian Provin- The purpose of this conference is Prof. Audun Jøsang from UiO cial Key Laboratory of Network Secu- to discuss the many research prob- Norway is the General Chair this year. rity and Cryptology of Fujian Normal lems deriving from studies of existing University. standards, the development of revi- The deadline for paper submis- sions to existing standards, and the sion is the 10th August. It is an annual conference target- exploration of completely new areas ing the top research results in the of standardisation. related area.

The deadline for submissions Topics of interest encompass re- th has been postponed to the 6 July search advances in ALL areas of in- (3pm UTC), so hurry up!. The Gen- formation security, cryptology, and eral Chair is Marc Fischlin. More info their applications. at https://ssr2018.net/. The ’IoT Autentication 2018’ Con- ference will take place in Melbourne, Paper submissions close on Au- Australia on November 28-30, 2018. gust 14.

It will feature invited presenta- tions from Auto-ID Labs, IoT Alliance Australia, IoT (Internet of Things) Security, Prof. Michael Sheng, Prof. Margreta Kuijper, Dr. Omid Kava- hei, Prof. Seng Loke,and Prof. Lejla One of my preferred events in the Batina. European cybersecurity calendar is Nordsec. The Keynote speaker is Dr. Veena Pureswaran from IBM. If See you all back in September! It is one of the oldest events you want to attend, check http: running, and although participants //www.authiot2018.conferences. Best, mostly come from European coun- academy/. Julio Hernandez-Castro tries north of the 60th parallel, it

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 3 SEPTEMBER 2018, NO 21 Cryptacus Newsletter

September-October 2018 Cryptacus Newsletter Welcome to the September-October 2018 edition of the Cryptacus.eu newsletter, offering a glimpse into recent developments in the cryptanalysis of IoT & related areas. Send your comments & feedback at [email protected]

News from the Chair As you may know, Cryptacus will There is still budget for STSMs, by GILDAS AVOINE finish in December 2018, after four but do not wait too much, and apply years of exciting collaborations. soon on the Cryptacus’ website!

The final conference will be I’m looking forward to see you in hold on September 18-20, 2018, in Rennes. Rennes, France, with a great pro- gram that includes prestigious speak- Gildas Avoine ers. The website of the conference is available here: www.cryptacus.eu/ Dear Cryptacus Members, en/conference Recommended Reading: Welcome back everyone after About 50 MC Members and In- Prime and Prejudice: Pri- the summer break. I hope you en- vited Speakers will join the confer- mality Testing Under Ad- joyed your holidays and you are well ence. versarial Conditions and rested. the latest Tesla hack Also, a social event will be or- First of all, the ERC published in ganized in Mont Saint Michel on Our first piece of recommended July 2018 the list of awarded starting September 19th. reading this month is Prime and Prej- grant applicants. udice: Primality Testing Under Adver- This conference will also be an sarial Conditions by Martin R. Al- Among them, several Cryptacus’ opportunity to present the Crypta- brecht, Jake Massimo, Kenneth G. MC Members. I would so like to cus’ book, which will be published by Paterson and Juraj Somorovsky. kindly congratulate Billy Brumley the end of the year by Springer: the from Tampere University of Tech- chapter authors will have a 5-minute This work has been accepted to nology (Finland), Claudio Orlandi slot to present their chapter. CCS2018, and a preprint is avail- from Aarhus University (Denmark), able at https://eprint.iacr.org/ and Peter Schwabe from Radboud Finally, you still have time to ap- 2018/749. Universiteit Nijmegen (The Nether- ply for an STSM, which must be fin- lands), who are laureates of ERC ished by December 11th, i.e., the last They provide a groundbreaking Starting Grants. Congrats! day of the Action. set of new results against the primal- ity testing schemes implemented by

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 1 multiple libraries that will force de- velopers to seriously reconsider their implementations to defend against this adversarial attacks.

Some highlights are that they are able to construct 2048-bit compos- ites classified as prime with probabil- ity 1/16 by OpenSSL’s in its default configuration or 1024-bit composites The authors first publicly pre- that always pass the primality test of sented their findings during the GNU GMP. CHES 2018 rump session, in Ams- Tesla has recently been short of terdam. In addition, they can create ad- good news, after a series of twitter versarial composites that always pass tirades and some odd behaviour by the primality tests of libraries such Elon Musk has sent the stock value Open Positions as Cryptlib, LibTomCrypt, JavaScript down repeatedly. Big Number, and WolfSSL. This piece of news will not con- tribute to Musk well known sleeping problems, but at least the seemed to have been more serious and respon- sive in their reaction to the discovery that other car manufacturers.

The KU Leuven team behind this work has received $10,000 as part of Please send us any employment Tesla’s bounty program. opportunities you may want to publi- These are fantastic and very sur- cize in the newsletter. prising results that should radically change how we approach and imple- ment primality testing from now on. Lecturer or Senior Lecturer in • Cyber Security (2 positions), at It’s impressive that one of the the Department of Computer most basic requisites for modern Science, Electrical and Elec- cryptography can be fooled in such a tronic Engineering and Engi- brutal way. neering Maths of the Univer- sity of Bristol. Salary: £36,613- Fortunately, the authors offer a £41,212 (Grade J), £42,418- glimmer of hope in the form of the £47,722 (Grade K), or £50,618- Baillie-PSW primality test, which At the core of this SNAFU is the £56,950 (Grade L). These are they conjecture to be robust against use of an old, small and insecure full-time, permanent positions adversarial attacks like the ones they proprietary cipher called DST40 that in a very prestigious UK Uni- present in here and, at the same time, was already broken pretty badly in versity that is hiring new staff efficient. 2005. and reinventing itself after the departure of Nigel Smart. A Our second piece of recom- Currently, the only available good destination if Brexit is not mended reading is titled Fast, Furious countermeasure for Tesla S owners a concern for you, for some and Insecure: Passive Keyless Entry is to disable passive entry and enable obscure reason. Deadline for and Start In Modern Supercars, and the pin to drive feature. applications is the 31st Octo- has been covered in news media all ber. Candidates are particularly across the World as the latest Tesla We were fortunately enough to sought in the areas of Security hack, although it may affect other capture the very moment Elon Musk of cyber-physical systems, Hu- companies as well such as McLaren, decided in favour of using the DST40 man factors in cyber security Karma and Triumph. cipher to protect Tesla cars. and Software security.

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 2 Group, that has arrived late to cybersecurity research and has been unsuccessful for a while despite its best efforts, to hire Lecturer (for the Smart Card anybody for leading its new • and IoT Security Centre), at and coming group. This may be the very prestigious Informa- a good opportunity, again if you tion Security Group of Royal are Brexit-neutral and like De- Holloway, University of Lon- von. Deadline for applications I will be very happy to re- • don. The position is based at is the 30th September. ceive anyone interested in in- Egham and the starting salary vestigating randomness gener- is £42,926 to £50,811 per an- ation and testing, particularly num - including London al- on constrained, embedded, IoT lowance. This position is also devices. full-time and permanent. Dead- line for applications is the 30th September.

For other interesting positions all across Europe, please check the re- cently revamped “Researchers in Mo- tion” portal at https://euraxess. ec.europa.eu/. Full Professor of Ubiquitous • Computing at TU Wien (Vienna It currently has close to 80 open Event calendar University of Technology). For a positions in computer security and The always exotic Financial Cryp- start in October 2019, and with related areas, including in Poland, tography Conference will take place a deadline of 22 October 2018, the UK, Finland, Slovenia, Italy, Nor- this year in St. Kitts. this is an excellent opportunity way, Switzerland, and even in Spain! at the Faculty of Informatics. The deadline for paper submis- They want somebody working sion has created some controversy, on "next generation ubiquitous particularly within the numerous computing systems and their members of the crypto community application in authentic real that have developed uncontrollable world settings. Particular re- allergic reactions and/or spams to search topics of interest include the word ’blockchain’ as it will de- sensor-rich environments; in- pend on the value of a block on the teractive and smart spaces; bitcoin blockchain. new interaction paradigms; Internet of Things; mobile and context-aware computing; Proposals for STSMs awareness and privacy; and By now, you should be already tangible, situated and embod- familiar with what Short Term Scien- ied interaction." Salary starts tific Missions (or STSMs, for short) at e70K. For more info, check are. https://goo.gl/5FUzSt Please make your willingness to Professor of Cybersecurity at receive STSMs proposals known by • the College of Engineering, sending me an email. Take into ac- Mathematics and Physical Sci- count that STSMs will be more com- ences of the University of Ex- petitive in this last period of the Ac- For now the only thing I can say is eter. Full time and permanent tion. that it will be sometime between the position, stating at around 21st and 25th of September, with the £65,000. Until I do not have any more, I’ll probability severely skewed in favour Exeter is a very good UK Uni- just publish mine: of the 24th or 25th. versity, belonging to the Russell

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 3 The organisers helpfully added Van Assche are organizing a one- "If this seems too bizarre to make day workshop on Advances in sense of, then just pretend the paper permutation-based cryptography in submission deadline is Sep 21, 2018, the center of Milano. and you’ll be fine." In the last decade it has become clear that permutation-based crypto is highly competitive in terms of per- formance and resource usage when compared to classical block ciphers and their modes.

Eurocrypt 2019 is the 38th An- nual International Conference on the Theory and Applications of Crypto- graphic Techniques.

Eurocrypt is one of the three flag- ship conferences of the International Association for Cryptologic Research (IACR). The ’IoT Autentication 2018’ Con- The workshop is intended to pro- ference will take place in Melbourne, vide an introduction to the subject Australia on November 28-30, 2018. for academics (PhD students, Post- Docs and Professors) as well as peo- It will feature invited presenta- ple from industry and will address tions from Auto-ID Labs, IoT Alliance cryptanalysis, modes, protocols and Australia, IoT (Internet of Things) Eurocrypt 2019 will take place in implementations in a sequence of Security, Prof. Michael Sheng, Prof. Darmstadt, Germany on May 19-23 talks by top researchers in the do- Margreta Kuijper, Dr. Omid Kava- 2019. main. hei, Prof. Seng Loke,and Prof. Lejla Batina. It is organized by the Cryptoplex- Visit the workshop web at http: ity group of TU Darmstadt and its //permutationbasedcrypto.org for deadline is the 4th of October. the program and the practical details. The Keynote speaker is Dr. Veena Pureswaran from IBM. If Last but not least, another truly See you all back in November! you want to attend, check http: interesting event this autumn, on Oc- //www.authiot2018.conferences. tober 10 in Milano. Best, academy/. Joan Daemen, together with Stelvio Julio Hernandez-Castro Cimato, Silvia Mella, and Gilles

Cryptacus Newsletter m Cryptacus.eu B [email protected] Page 4