So, GSM (Groupe Spécial Mobile) is the most widely-used standard for cellular communication. Wikipedia tells me that 80% of the cellular market uses this standard, representing about 4.3 billion people. And guess what? The encryption algorithm of this standard is completely broken-- according to this paper, anyway. And the *way* in which the paper goes about breaking the algorithm is itself beautiful, illustrating a number of common crypto flaws simultaneously.
This paper made a bit of a splash when it was first published last year. To quote the MSNBC article:
The stereotype of computer scientists as geeks who memorize Star Trek lines and never leave the lab may be driving women away from the field, a new study suggests. And women can be turned off by just the physical environment, say, of a computer-science classroom or office that's strewn with objects considered "masculine geeky," such as video games and science-fiction stuff.
I decided, however, to hold off blogging about it until I actually had the chance to read it. I'm glad I did, as it actually contains a little more nuance than makes it into the popular press.
Much to my surprise, I've actually finished my latest video game. (Much more common: that I play to the last boss-fight, decide that the fun parts of the game are all over, and put it aside to 'finish later'-- i.e., collect dust.) I also don't have a clue what I want to play next. Pray tell, gentle readers, any suggestions?
Pop quiz, gentle readers. What do the following books have in common?
Answer: the fact that I am the biggest dork evah.
If you are thinking of going to the IEEE Computer Security Foundations Symposium (CSF) this year, please be aware that you must register by TODAY if you want to have a print proceedings at the event itself. For various reasons (worthy of a blog-post in their own right) this year will not be like previous years. In previous years, you could register at any time and automatically receive a copy of the proceedings when you showed up. This year, on the other hand, is more complicated:
- If you register by June 10, 2010, and order a copy of the proceedings during registration, then you will get your copy when you show up at CSF.
- If you register after June 10, or register before then but don't order the proceedings, then you will have a chance to order a copy of the proceedings at CSF itself. It will be printed by a print-on-demand operation and shipped to any address you specify. Total cost: it depends, but probably on the order of $15 plus shipping. But you won't get it until after CSF ends.
- If you do not register for CSF, or do not order your copy at CSF itself, you can still order a copy from the IEEE. It will again be printed by a print-on-demand operation, and likely to be of very high quality. And it better be, for what they charge: ordering the 2009 CSF Proceedings this way will cost you about $100.
So, if you were thinking about attending CSF, let this give you the impetus to do so. It's a great conference, it's going to be co-located with a bunch of other great conferences (included in the registration-price) and it's in Edinburgh, Scotland. What more do you need?
It's good to be slapped upside the head with your own misconceptions every once in a while, even when it occurs within your own specialty. Now, I deal with other people's misconceptions about cryptography all the time. If people have heard of cryptography at all, they generally are left with the impression that
cryptography = secure = cryptography = secure = ...
This is very forgivable, but wrong.
No, really. I meant it. MIT Lincoln Lab (my employer) really, really, really wants to hire more computer-security experts. Lots more. All of them, frankly, if it could. See my previous post on the topic for general information on the Lab, and pointers to where you can find our detailed job-postings (which are not posted anywhere else on the web, as far as I know). But to whet your interest, here's some of the people we want:
- Cyber Testing PI/Analysis PhD/MS
- Cyber Testing Director PhD/MS
- ID testbed Developer MS/BS+
- Wireless Networking security+Analysis MS+/PhD
- Security Analysis MS+/PhD
- Security Architecture/Implementation BS+/MS
- Security Monitoring person 5yrs BS/MS+ TS//SI
- Malcode analyst MS/PhD
- Malcode Analyst BS+/MS
- Database Security Architect
- Database Security Implementer
But I should also add: if you have a MS or PhD in any form of computer-security, do not pass Go, do not collect $200. Ignore the job-postings. Send your CV right to me. For advanced degrees (especially PhDs) we pay more attention to the person than the position.
To return to a former topic: I've collected a number of interesting links regarding women in computer science, and while none have individually warranted a blog post on their own the aggregation is now large enough to post.
As 'publications' go, this is really scraping the bottom of the barrel. Internet Drafts (such as these) are considered works-in-progress, can be submitted by anybody and their grandmother, and expire in six months. They are really, really, not considered a big deal by anyone familiar with the process. But, they have one redeeming feature: one can blog about them very quickly.
So: please allow me to announce that for reasons I cannot explain, I have submitted two Internet Drafts to the IETF:
https://datatracker.ietf.org/doc/draft-herzog-setkey/
https://datatracker.ietf.org/doc/draft-herzog-static-ecdh/
That is all.
Though I can only wish that I had the energy to fully participate in this worthwhile celebration (things have been crazy-busy) I cannot let the day pass without noting that it is Ada Lovelace Day. I can get behind the concept: instead of talking even more about the women who are not in science and technology, let's celebrate the ones who are! But though I can think of a dozen women (easily) who deserve the honor, I have only the energy to point at the current list before collapsing.
I lie. I also take the opportunity to link to the best biography of Ada Lovelace ever written. (For those of you who are not computer scientists yourselves, take it from me: this is exactly what life is like as a computer scientist. Especially the end. Be sure to poke around that site for other Lovelace-related goodies.)
