# SSR 2016: Security Standardisation Research

Over the last two decades a very wide range of standards have been developed covering a wide range of aspects of cyber security. These documents have been published by national and international formal standardisation bodies, as well as by industry consortia. Many of these standards have become very widely used - to take just one example, the ISO/IEC 27000 series of standards has become the internationally adopted basis for managing corporate information security.Despite their wide use, there will always be a need to revise existing security standards and to add new standards to cover new domains. The purpose of this conference is to discuss the many research problems deriving from studies of existing standards, the development of revisions to existing standards, and the exploration of completely new areas of standardisation. Indeed, many security standards bodies are only beginning to address the issue of transparency, so that the process of selecting security techniques for standardisation can be seen to be as scientific and unbiased as possible.

This conference is intended to cover the full spectrum of research on security standardisation, including, but not restricted to, work on cryptographic techniques (including ANSI, IEEE, IETF, ISO/IEC JTC 1/SC 27, ITU-T and NIST), security management, security evaluation criteria, network security, privacy and identity management, smart cards and RFID tags, biometrics, security modules, and industry-specific security standards (e.g. those produced by the payments, telecommunications and computing industries for such things as payment protocols, mobile telephony and trusted computing).

As was the case for the proceedings of SSR 2014 and SSR 2015, the proceedings of SSR 2016 will be published by Springer in the Lecture Notes in Computer Science series.

##### Program     Presentations (zip file)      Call for Papers

Deadline for submissions: Monday, 30 May 2016 - Monday, 13 June 2016 (23:59 Hawaii) - FIRM

Notifications to authors: Monday, 8 August 8 2016

Camera ready due: Monday, 19 September 2016

Last Day to Reserve Room @ Group Rate: 14 November 2016

Last Day to Register for Conference: 28 November 2016

Opening of conference: Monday, 5 December 20

Security Analysis of the W3C Web Cryptography API
Kelsey Cairns, Harry Halpin and Graham Steel

Algorithm Agility - Discussion on TPM 2.0 ECC Functionalities
Liqun Chen and Rainer Urian

Extending the UML Standards to Model Tree-Structured Data and
their Access Control Requirements

Alberto De La Rosa Algarin and Steven Demurjian

Cross-Tool Semantics for Protocol Security Goals
Joshua Guttman, John Ramsdell and Paul Rowe

A Secure Multicast Group Management and Key Distribution in IEEE
802.21

Yoshikazu Hanatani, Naoki Ogura, Yoshihiro Ohba, Lily Chen and Subir Das

Analysis of a Proposed Hash-Based Signature Standard
Jonathan Katz

State Management for Hash-Based Signatures
David McGrew, Panos Kampanakis, Scott Fluhrer, Stefan-Lukas Gazdag, Denis Butin and Johannes Buchmann

NFC Payment Spy: A Privacy Attack on Contactless Payments
Maryam Mehrnezhad, Mohammed Aamir Ali, Feng Hao and Aad van Moorsel

Attribute-based Access Control Architectures with the eIDAS Protocols
Frank Morgner, Paul Bastian and Marc Fischlin

Reactive and Proactive Standardisation of TLS
Kenneth Paterson and Thyla van der Merwe

Cryptanalysis of GlobalPlatform Secure Channel Protocols
Mohamed Sabt and Jacques Traore

Analyzing and Fixing the QACCE security of QUIC
Hideki Sakurada, Kazuki Yoneyama, Yoshikazu Hanatani and Maki Yoshida

John Kelsey, Cryptographer, NIST

John Kelsey is a cryptographer at NIST.Â  His interests include random number generation, design and analysis of hash functions and block ciphers, electronic voting security, and practical applications of cryptography to solve real-world problems.Â  John has been working in cryptography for over 20 years.Â  He has worked on standards for logging, electronic voting, random number generation, and cryptographic hashing.

William Whyte, Chief Scientist, Security Innovation

William Whyte is responsible for the strategy and research behind the Security Innovation's activities in vehicular communications, security and cryptographic research.

Before joining Security Innovation, William was the Chief Technology Officer of NTRU Cryptosystems. He previously served as Senior Cryptographer with Baltimore Technologies in Dublin, Ireland.

William is chair of the IEEE 1363 Working Group for new standards in public key cryptography and has served as technical editor of two published IEEE standards, IEEE Std 1363.1-2008 and IEEE Std 1609.2-2006, as well as the ASC X9 standard X9.98.

William holds a PhD from Oxford University on Statistical Mechanics of Neural Networks and a B.A. from Trinity College.

Fun Fact: William's spends a lot of time at his local rink, watching his daughter play hockey - 5 nights a week to be exact! Hockey has made such a big impact on both of them that William has begun writing and illustrating stories all set in the world of girl's hockey.

#### Event Details

Starts: December 05, 2016 - 12:00 AM EST
Ends: December 06, 2016 - 12:00 AM EST

Format: In-person Type: Conference

Attendance Type: Open to public
NIST
Gaithersburg, MD