lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Sat, 11 Jul 2015 00:58:48 +0200
From: Per Thorsheim <>
Subject: [FD] CFP: Passwords 2015, Dec 7-9, Cambridge, UK

			    Passwords 2015
	    The 9th International Conference on Passwords
			7, 8, 9 December 2015
	       University of Cambridge, United Kingdom

The Passwords conference was launched in 2010 as a response to the
lack of robustness and usability of current personal authentication
practices and solutions. Annual participation has doubled over the
past three years. Since 2014, the conference accepts peer-reviewed


Important dates

Research papers and short papers
* Title and abstract submission: 2015-09-01
* Paper submission: 2015-09-07
* Notification of acceptance: 2015-11-02
* Camera-ready from authors: 2015-11-16

* Tutorial proposal submission: 2015-10-15
* Notification of acceptance: 2015-11-02


Conference Aim

More than half a billion user passwords have been compromised over the
last five years, including breaches at internet companies such as
Target, Adobe, Heartland, Forbes, LinkedIn, Yahoo, and
LivingSocial. Yet passwords, PIN codes, and similar remain the most
prevalent method of personal authentication. Clearly, we have a
systemic problem.

This conference gathers researchers, password crackers, and
enthusiastic experts from around the globe, aiming to better
understand the challenges surrounding the methods personal
authentication and passwords, and how to adequately solve these
problems. The Passwords conference series seek to provide a friendly
environment for participants with plenty opportunity to communicate
with the speakers before, during, and after their presentations.



We seek original contributions that present attacks, analyses,
designs, applications, protocols, systems, practical experiences, and
theory. Submitted papers may include, but are not limited to, the
following topics, all related to passwords and authentication:

Technical challenges and issues:
* Cryptanalytic attacks
* Cryptographic formal attack models
* Cryptographic protections
* Cryptographic protocols
* Dictionary attacks
* Digital forensics
* Online attacks
* Rate-limiting
* Side-channel attacks
* Physical access control systems

Administrative challenges:
* Account lifecycle management
* User identification
* Password resets
* Cross-domain and multi-enterprise system access
* Hardware token administration

Password “replacements”:
* 2FA and multifactor authentication
* Best practice reports
* Costs and economy
* Biometrics
* Continous authentication
* FIDO – U2F

The soft side of password security – humans:
* Best practices
* Social Engineering
* Security usability
* Design & UX
* Memorability
* Pattern predictability
* Gestures and graphical patterns
* Guessing attacks
* Psychology
* Statistics (languages, age, demographics…)


Instructions for authors

Papers must be submitted to Easychair at as PDF using the
Springer LNCS format for Latex. Abstract and title must be submitted
one week ahead of the paper deadline.

We seek submissions for review in the following three categories:
* Research Papers
* Short papers
* Tutorials (talks without academic papers attached)

RESEARCH PAPERS should describe novel, previously unpublished
technical contributions within the scope of the call. The papers will
be subjected to double-blind peer review by the program
committee. Paper length is limited to 16 pages (LNCS format) excluding
references and well-marked appendices. The paper submitted for review
must be anonymous, hence author names, affiliations, acknowledgements,
or obvious references must be temporarily edited out for the review
process. The program committee may reject non-anonymized papers
without reading them. The submitted paper (PDF or PostScript format)
must follow the template described by Springer at

SHORT PAPERS will also be subject to peer review, where the emphasis
will be put on work in progress, hacker achievements, industrial
experiences, and incidents explained, aiming at novelty and promising
directions. Short paper submissions should not be more than 6 pages in
standard LNCS format in total. A short paper must be labeled by the
subtitle "Short Paper". Accepted short paper submissions may be
included in the conference proceedings. Short papers do not need to be
anonymous. The program committee may accept full research papers as
short papers.

TUTORIALS are expected to explain new methods, techniques, tools,
systems, and services within the Passwords scope. Tutorial proposals
can be submitted in any format. They will be evaluated by a separate
subcommittee led by Per Thorsheim, according to different criteria
than those used for the refereed papers.

At least one of the authors of each accepted paper must register and
present the paper at the workshop. Papers without a full registration
will be withdrawn from the proceedings and from the workshop

Papers that pass the peer review process and that are presented at the
workshop will be included in the event proceedings, published by
Springer in the Lecture Notes in Computer Science (LNCS) series.

Papers must be unpublished and not being considered elsewhere for
publication. Plagiarism and self-plagiarism will be treated as a
serious offense.

Program committee members may submit papers but program chairs may

The time frame for each presentation will be either 30 or 45 minutes,
including Q&A. Publication will be by streaming, video and web.



Steering committee
* Per Thorsheim, God Praksis AS (N)
* Stig F. Mjolsnes, Norwegian University of Science and Technology (N)
* Frank Stajano, University of Cambridge (UK)

* General chair: Per Thorsheim, God Praksis AS (N)
* Program co-chair and host: Frank Stajano, University of Cambridge (UK)
* Program co-chair: Stig F. Mjolsnes, Norwegian University of Science
and Technology (N)
* Local arrangements chair: Graeme Jenkinson, University of Cambridge (UK)

Program committee
* Jean-Philippe Aumasson - Kudelski Security (CH)
* Lujo Bauer - Carnegie Mellon University (USA)
* Jeremiah Blocki - Microsoft Research (USA)
* Joseph Bonneau - Stanford University and EFF (USA)
* Lorrie Faith Cranor - Carnegie Mellon University (USA)
* Markus Dürmuth - Ruhr-University Bochum (D)
* Serge Egelman - ICSI and University of California at Berkeley (USA)
* Tor Helleseth - University of Bergen (N)
* Cormac Herley - Microsoft Research (USA)
* Markus Jakobsson - Qualcomm (USA)
* Graeme Jenkinson - University of Cambridge (UK)
* Stefan Lucks - Bauhaus-University Weimar (D)
* Paul van Oorschot - Carleton University (CA)
* Jeunese Payne - University of Cambridge (UK)
* Sören Preibusch - Google (USA)
* Angela Sasse - University College London (UK)

Submit your paper / proposal using EasyChair:

Sent through the Full Disclosure mailing list
Web Archives & RSS:

Powered by blists - more mailing lists