ANNOUNCEMENT & CALL FOR PAPERS : PASSWORDS^11 PASSWORDS^11 will be held at the University in Bergen (Norway), on June 7-8, 2011. The 2-day conference will be free and open for everyone to attend. Primary audience will be academics and security professionals with deep technical knowledge. Limited seats available. Passwords & PINs, nothing else. (Presentations as well as video recordings from most of the presentations at Passwords^10, Dec 2010, are still available at ftp://ftp.ii.uib.no/pub/passwords10/) == DATES == March 9 - Public CFP April 17 - CFP submission ends April 24 - All notifications sent to speakers (accept / reject) Registration opens at - TBA == ABOUT THE CONFERENCE == The conference will be held at the University in Bergen (uib.no), with help and participation from The Selmer Center (www.uib.no/rg/selmer) and NISNet (www.nisnet.no). We'll start Tuesday at 09:00, ending Wednesday 17:00. We'll sleep somewhere in the middle. Like in December, we'll probably only do a single track of talks, everybody get to attend all presentations. == CALL FOR PAPERS == We are looking for relevant content within ATTACKS, DEFENSE and USABILITY towards passwords & PIN codes. Presentations will be either 1 hour (45-50 minutes + questions), or 2 hours including a break. We are especially interested in: Protecting against online attacks, such as detecting, rate-limiting and blocking them, implementing hashing schemes such as PBKDF2, Bcrypt and PBMAC, and attacks against passwords on mobile devices. If you mention forensics or PCI-DSS somewhere in there as well, you just might be a winner. Cool Guy Challenge: We'd like to see a presentation on the probability & feasibility of *ever* getting rid of passwords. Business cases, even crazy ideas suggesting that leaving passwords for something better could be a good thing to do (faster, cheaper & better). (Blizzard protects their games using 2-factor authentication, while many banks still uses usernames & passwords only....) ATTACKS include online and offline attacks against all types of passwords and & PINs, where the purpose is to gain access to, circumvent or recover a password in some form. (Mind reading is out of scope). New & updated tools & techniques are most welcome. DEFENSE includes ways to defend against online/offline attacks against passwords, including IDS, logging, ciphers, policies, awareness etc. USABILITY includes user interaction designs, password policies, security awareness, password reset / recovery from a user perspective, statistics and so on. == HOW TO SUBMIT == Send your proposal to per@thorsheim.net. Submissions will be reviewed by people from the Selmer Center and me (Per Thorsheim). Submissions MUST include the following information: 1. Speaker(s) name 2. Bio (short, should include link to online profile, website, blog etc) 3. Title and short abstract of your presentation 4. List of facilities required beyond the usual equipment available 5. If you will allow materials, presentation and video to be made available online after the conference All papers and presentations must be in English. With free participation and a very limited budget, we can't offer much more than the fun and usability of talking to other experts in this area, as well as free lunch both days. == IMPORTANT INFORMATION FOR SUBMISSIONS == No product marketing will be accepted. Materials presented should be your own work. No limits to technical depth - expect well educated and highly experienced security professionals in the audience. We will do video recordings of all presentations and make them available for free after the conference, unless you disagree. (We may even consider live streaming!) == ADDITIONAL INFORMATION == We will make arrangements for an official conference hotel, preferably with a price discount available. We will also try to help those who would like to see the fjords (see www.fjordnorway.com) before or after the conference. Of course we'll try to gather everyone for dinner on Monday evening (before we start), as well on Tuesday evening. There will be plenty of sightseeing opportunities available at this time of year. If anyone would like to sponsor the conference in any way, please contact me ASAP, we're open to any suggestions you might have. We MAY be able to do limited travel reimbursements for 1-2 speakers, but only for people attending privately (not representing any commercial organization). Questions and comments are welcome. -- Best regards, Per Thorsheim CISA, CISM, CISSP-ISSAP http://securitynirvana.blogspot.com/