Tuesday, March 08, 2011

Call for Papers: Passwords^11


"Passwords^10 is probably the best security conference I have ever attended"
- Note on evaluation form after Passwords^10, Dec 8-9, 2010

After a fantastic conference with 38 participants (!) in December last year, we have received many many requests from participants as well as others world-wide to do another conference on passwords only. So with the same close-to-zero budget as last year, I am happy to announce our Passwords^11 : Call for Papers!


ANNOUNCEMENT & CALL FOR PAPERS : PASSWORDS^11

PASSWORDS^11 will be held at the University in Bergen (Norway), on June 7-8, 2011. The 2-day conference will be free and open for everyone to attend. Primary audience will be academics and security professionals with deep technical knowledge. Limited seats available. Passwords & PINs, nothing else.

== DATES ==
March 9 - Public CFP
April 17 - CFP submission ends
April 24 - All notifications sent to speakers (accept / reject)
Registration opens at - TBA

== ABOUT THE CONFERENCE ==
The conference will be held at the University in Bergen (uib.no), with help and participation from The Selmer Center (www.uib.no/rg/selmer) and NISNet (www.nisnet.no). We'll start tuesday at 09:00, ending wednesday 17:00. We'll sleep somewhere in the middle. Like in December, we'll probably only do a single track of talks, everybody get to attend all presentations.

== CALL FOR PAPERS ==
We are looking for relevant content within ATTACKS, DEFENCE and USABILITY towards passwords & PIN codes. Presentations will be either 1 hour (45-50 minutes + questions), or 2 hours including a break. 
We are especially interested in:

Protecting against online attacks, such as detecting, rate-limiting and blocking them, implementing hashing schemes such as PBKDF2, Bcrypt and PBMAC, and attacks against passwords on mobile devices. If you mention forensics or PCI-DSS somewhere in there as well, you just might be a winner.

Cool Guy Challenge:
We'd like to see a presentation on the probability & feasibility of *ever* getting rid of passwords.
Business cases, even crazy ideas suggesting that leaving passwords for something better could be a good thing to do (faster, cheaper & better). (Blizzard protects their games using 2-factor authentication, while many banks still uses usernames & passwords only....)

ATTACKS include online and offline attacks against all types of passwords and & PINs, where the purpose is to gain access to, circumvent or recover a password in some form. (Mind reading is out of scope). New & updated tools & techniques are most welcome.

DEFENCE includes ways to defend against online/offline attacks against passwords, including IDS, logging, ciphers, policies, awareness etc.

USABILITY includes user interaction designs, password policies, security awareness, password reset / recovery from a user perspective, statistics and so on. 

 == HOW TO SUBMIT ==
Send your suggestions to per@thorsheim.net. Submissions will be reviewed by people from the Selmer Center and me (Per Thorsheim). Submissions MUST include the following information:

1. Speaker(s) name
2. Bio (short, should include link to online profile, website, blog etc)
3. Title and short abstract of your presentation
4. List of facilities required beyond the usual equipment available
5. If you will allow materials, presentation and video to be made available online after the conference

All papers and presentations must be in English. With free participation and a very limited budget, we can't offer much more than the fun and usability of talking to other experts in this area, as well as free lunch both days. 

== IMPORTANT INFORMATION FOR SUBMISSIONS ==
No product marketing will be accepted. Materials presented should be your own work. No limits to technical depth - expect well educated and highly experienced security professionals in the audience. We will do video recordings of all presentations and make them available for free after the conference, unless you disagree. (We may even consider live streaming!)

== ADDITIONAL INFORMATION ==
We will make arrangements for an official conference hotel, preferably with a price discount available. We will also try to help those who would like to see the fjords before or after the conference. Of course we'll try to gather everyone for dinner on monday evening (before we start), as well on tuesday evening. There will be plenty of sightseeing opportunities available at this time of year. If anyone would like to sponsor the conference in any way, please contact me ASAP, we're open to any suggestions you might have. We MAY be able to do limited travel reimbursements for 1-2 speakers, but only for people attending privately (not representing any commercial organisation)

Questions and comments are of course most welcome.

Best regards,
Per Thorsheim
CISA, CISM, CISSP-ISSAP

No comments:

Post a Comment

All comments will be moderated, primarily for spam. You are welcome to disagree with my posts of course.