AWACS 2016 is a one-day workshop organized by CryptoExperts that will take place in Vienna, Austria, on Sunday 8th May 2016, in the same venue as Eurocrypt 2016.
On behalf of the ECRYPT CSA european initiative, CryptoExperts organizes a one-time workshop on cryptography and standards. AWACS (A Workshop About Cryptography Standards) will be held on Sunday May 8, in the same venue as Eurocrypt. The program intends to cover the following themes:
Trust in standardized cryptographic mechanisms is highly critical not only in Europe but across the globe, and has a direct impact on the security industry. This ECRYPT CSA workshop intends to provide a platform for the academic, industrial and gov-related cryptographers to foster discussion on standards within the cryptographic community.
The workshop will be composed of invited presentations as well as a discussion panel aiming at building a vision of the issues faced by standardization in cryptography and how to address them.
This workshop is part of the EU Horizon 2020 ECRYPT-CSA project.
Registration is mandatory.
Another ECRYPT-CSA workshop on cryptographic protocols for small devices will take place the day after Eurocrypt (Friday May 13, 2016).
Speaker & Panel Member
Speaker & Panel Member
Speaker & Panel Member
Speaker & Panel Member
The workshop will include four sessions with 25-minutes talks, and a panel hosted by Pascal Paillier (CryptoExperts).
Some Thoughts on Community, Responsibility, and Standards
In 1995 I vowed to myself that I would never again have anything to do with the nasty world of cryptographic standards. Happily, I didn’t quite keep that pledge. In this talk I’ll describe a few thoughts on the pitfalls, power, and promise of the standardization process.
The TLS 1.3 Protocol
Transport Layer Security (TLS) is used for securing everything from Web transactions (HTTPS) to voice and video calls (DTLS-SRTP). However, the basic design of TLS dates back to the mid 1990s and the protocol is starting to show its age: TLS contains a number of features which no longer seem desirable and recent analytic work has discovered a number of protocol vulnerabilities (Triple Handshake, Logjam, etc.). In addition, as cryptographic algorithms have gotten faster, handshake latency has become a higher priority and TLS's current handshake does not reflect the state of the art.
In order to address these issues, the IETF TLS Working Group is currently developing a major revision of TLS, dubbed "TLS 1.3". TLS 1.3 has four major objectives:
In this talk, we will cover the TLS 1.3 protocol and its design process, which has involved an unprecedented amount of collaboration between academia and the standards/implementation communities.
CFRG: What it is, how it works, and how to get involved
In this talk, I'll talk about the Crypto Forum Research Group (CFRG), a research group of the IRTF. CFRG is a forum for discussing and reviewing uses of cryptographic mechanisms, both for network security in general and for the IETF in particular. The CFRG serves as a bridge between theory and practice, bringing new cryptographic techniques to the Internet community and promoting an understanding of the use and applicability of these mechanisms via Informational RFCs. Our goal is to provide a forum for discussing and analyzing general cryptographic aspects of security protocols, and to offer guidance on the use of emerging mechanisms and new uses of existing mechanisms. IETF working groups developing protocols that include cryptographic elements are welcome to bring questions concerning the protocols to the CFRG for advice. In this talk, I'll outline how CFRG works and how researchers can get involved.
Standardising cryptography — Trust issues and industries’ reaction to them
Liqun Chen (ISO/IEC)
When a cryptographic scheme is published in a well reputed journal or presented at the prestigious conference, the life of this scheme has only just begun. In order to let the scheme to be used there are still many hurdles to overcome; the road to acceptance is a long one. There is an enormous difference between a theoretically well founded cryptographic scheme and a practical cryptographic solution. Standardisation is a vitally important bridge between theory and practice. In this talk, we discuss why standardization is important and how cryptographic schemes are standardized by ISO/IEC. We also discuss trust issues in standardizing cryptography and how industry reacts to these issues.
Small insight on ETSI
ETSI is the European Telecommunications Standards Institute, and SAGE is its Security Algorithms Group of Experts – which specifies all of the new crypto algorithms in the 3GPP mobile telephony standards (GSM, GPRS, UMTS, LTE), amongst other things. This talk explains how SAGE works – and also why SAGE was created in the first place, and how its work has changed hugely as the political treatment of cryptography has evolved.
Standardization for the black hat
Daniel J. Bernstein
Do you think that your opponent's data is encrypted or authenticated by a particular cryptographic system? Do you think that your goal is to attack that system? Think bigger! There is a huge ecosystem that designs, evaluates, standardizes, selects, implements, and deploys cryptographic systems. This ecosystem is a much broader attack target than any particular cryptographic system is. This talk will give a few examples of ways that you can exploit the ecosystem.
The importance of rigidity in cryptographic standards
This talk will discuss the concept of rigidity: what it is, and why it is an important factor to consider in cryptographic standards. We will provide several illustrations, based on real examples of existing or future standards, and discuss the strengths and weaknesses of each approach to rigidity.
The quantum threat to cryptography
Emerging quantum technologies will break currently deployed public-key cryptography which is one of the pillars of modern-day cybersecurity. Thus we need to migrate our systems and practices to ones that are quantum-safe before large-scale quantum computers are built.
There are viable options for quantum-proofing our cryptographic infrastructure, but the road ahead is neither easy nor fast. Impressive progress in developing the building blocks of a fault-tolerant scalable quantum computer indicates that the prospect of a large-scale quantum computer is a medium-term threat. I believe organizations will soon be distinguished by whether or not they have a well-articulated plan for mitigating this quantum risk.
I will discuss the quantum threat to cybersecurity and the process for mitigating the risk.
Standardization of Post-Quantum Cryptography
This presentation shares a NIST plan on developing post-quantum cryptography standards and discusses challenges, possible approaches and collaborations.
Standardization of post-quantum cryptography
This presentation will give a short overview of the different standardization efforts in the area of post-quantum cryptography. It will present the recommendations for long-term secure post-quantum systems issued by the PQCRYPTO project.
Wollzeile 27A, 1010 Wien, Austria.