Call for Papers - Extended Deadline SSR 2016: 3rd International conference on Security Standardization Research 5th-6th December 2016, NIST, Gaithersburg, MD, USA http://csrc.nist.gov/groups/ST/ssr2016/ Over the last two decades a huge range of standards have been developed covering many different aspects of cyber security. These documents have been published by national and international formal standardization bodies, as well as by industry consortia. Many of these standards have become very widely used - to take just one example, the ISO/IEC 27000 series have become a commonly used basis for managing corporate information security. Despite their wide use, there will always be a need to revise existing security standards and to add new standards to cover new domains. The purpose of this conference is to discuss the many research problems deriving from studies of existing standards, the development of revisions to existing standards, and the exploration of completely new areas of standardization. Indeed, many security standards bodies are only beginning to address the issue of transparency, so that the process of selecting security techniques for standardization can be seen to be as scientific and unbiased as possible. This conference is intended to cover the full spectrum of research on security standardization, including, but not restricted to, work on cryptographic techniques (including ANSI, IEEE, IETF, ISO/IEC JTC 1/SC 27, ITU-T and NIST), security management, security evaluation criteria, network security, privacy and identity management, smart cards and RFID tags, biometrics, security modules, and industry-specific security standards (e.g. those produced by the payments, telecommunications and computing industries for such things as payment protocols, mobile telephony and trusted computing). Papers offering research contributions to the area of security standardization are solicited for submission to the SSR 2016 conference. Papers may present theory, applications or practical experience in the field of security standardization, including, but not necessarily limited to: * access control * biometrics * cloud computing * critical national infrastructure (CNI) protection * consistency and comparison of multiple standards * critiques of standards * cryptanalysis * cryptographic protocols * cryptographic techniques * evaluation criteria * formal analysis of standards * history of standardization * identity management * industrial control systems security * internet security * interoperability of standards * intrusion detection * key management and PKIs * management of the standardization process * mobile security * network security * open standards and open source * payment system security * privacy * regional and international standards * RFID tag security * risk analysis * security controls * security management * security protocols * security services * security tokens * smart cards * telecommunications security * trusted computing * web security Papers addressing the following more general topics are particularly welcome: * Do standards processes promote complexity that detracts from security? * Are there processes or approaches that can minimize complexity? * Are there technical areas in which standards are misaligned with the security models developed in research? Studies that show areas of misalignment are interesting, as is work that aims to improve alignment. * How long does it take for good ideas to propagate from research to standards to adoption and deployment? How long does it take for security problems in standards to be identified by the research community? How can we improve communication between these communities in order to expedite both of these processes? * What is the impact of nationally-driven security research on international security standards? * Are there cases in which a security standard was done well or done poorly? Studies that describe processes that should (or should not) be emulated are welcome. * Is Open Source replacing security standards development organizations, or changing the way that they operate? What are the implications on security standards? Submissions must be original and must not substantially duplicate work that any of the authors has published elsewhere or has submitted in parallel to any journal or to any other conference or workshop that has published proceedings. All accepted papers will be published in the conference proceedings and these proceedings will be published in the Lecture Notes in Computer Science (LNCS) series (www.springer.com/lncs), as has been the case for the two preceding conferences in the series. The proceedings will be available at the conference. Papers published in the LNCS series are indexed by both EI and ISTP. Authors of accepted papers must guarantee that their paper will be presented at the conference, and at least one author of every accepted paper must register for the conference. All submissions will be blind-reviewed. Papers must be anonymous, with no author names, affiliations, acknowledgements, or obvious references. A submitted paper should begin with a title, a short abstract, and a list of keywords. Clear instructions for the preparation of a final proceedings version will be sent to the authors of accepted papers. Authors are strongly recommended to submit their papers in the standard LNCS format (see http://www.springer.com/computer/lncs?SGWID=0-164-0-0-0 for details), with length at most 15 pages (excluding bibliography and appendices). Committee members are not required to review more pages than this, so papers should be intelligible within this length. Submissions not meeting these guidelines risk rejection without consideration of their merits. The conference will take place at the NIST headquarters in Gaithersburg, Maryland, USA. Papers must be submitted using the EasyChair conference management system at: https://easychair.org/conferences/?conf=ssr20160 Please send any enquiries to: ssr2016-0@easychair.org Key dates Deadline for submissions: Monday, 13 June 2016 (23:59 Hawaii) - firm Notifications to authors: Monday, 8 August 8 2016 Camera ready due: Monday, 19 September 2016 Opening of conference: Monday, 5 December 20 Conference organisation General Chair Lily Chen, NIST, USA Programme Committee Chair David McGrew, Cisco, USA Chris Mitchell, RHUL, UK Programme Committee: Colin Boyd, Norwegian University of Science and Technology (NTNU) Nancy Cam-Winget, Cisco Systems Liqun Chen, Hewlett Packard Labs Takeshi Chikazawa, IPA Cas Cremers, University of Oxford Riaal Domingues, DDSI ISD, South Africa Scott Fluhrer, Cisco Systems Aline Gouget, Gemalto Feng Hao, Newcastle University Jens Hermans, KU Leuven - ESAT/COSIC and iMinds Deukjo Hong, ETRI, Daejeon, Korea Dirk Kuhlmann Xuejia Lai, Shanghai Jiaotong University Pil Joong Lee, Postech Peter Lipp, Graz University of Technology Joseph Liu, Monash University Javier Lopez, University of Malaga Shin'ichiro Matsuo, University of Tokyo and MagicCube Inc. Catherine Meadows, NRL Jinghua Min, China Electronic Cyberspace Great Wall Co., Ltd. Atsuko Miyaji, Osaka University Valtteri Niemi, University of Helsinki Pascal Paillier, CryptoExperts Kenneth Paterson, Royal Holloway, University of London Sihan Qing, School of Software and Microelectronics, Peking University Kai Rannenberg, Goethe University Frankfurt Matt Robshaw, Impinj Christoph Ruland, University of Siegen Mark Ryan, University of Birmingham Kazue Sako, NEC Ben Smyth, Huawei Jacques Traore, Orange Labs Claire Vishik, Intel Corporation (UK) Debby Wallner, National Security Agency Michael Ward, MasterCard William Whyte, Security Innovation Yanjiang Yang, Huawei Singapore Research Center Jianying Zhou, Institute for Infocomm Research