ANNOUNCEMENT & CALL FOR PAPERS : PASSWORDS^11

PASSWORDS^11 will be held at the University in Bergen (Norway), on June
7-8, 2011. The 2-day conference will be free and open for everyone to
attend. Primary audience will be academics and security professionals
with deep technical knowledge. Limited seats available. Passwords &
PINs, nothing else.

(Presentations as well as video recordings from most of the 
presentations at Passwords^10, Dec 2010, are still available at 
ftp://ftp.ii.uib.no/pub/passwords10/)


== DATES ==
March 9 - Public CFP
April 17 - CFP submission ends
April 24 - All notifications sent to speakers (accept / reject)
Registration opens at - TBA

== ABOUT THE CONFERENCE ==
The conference will be held at the University in Bergen (uib.no), with
help and participation from The Selmer Center (www.uib.no/rg/selmer) and
NISNet (www.nisnet.no). We'll start Tuesday at 09:00, ending Wednesday
17:00. We'll sleep somewhere in the middle. Like in December, we'll
probably only do a single track of talks, everybody get to attend all
presentations.

== CALL FOR PAPERS ==
We are looking for relevant content within ATTACKS, DEFENSE and
USABILITY towards passwords & PIN codes. Presentations will be either 1
hour (45-50 minutes + questions), or 2 hours including a break. We are
especially interested in:

Protecting against online attacks, such as detecting, rate-limiting and
blocking them, implementing hashing schemes such as PBKDF2, Bcrypt and
PBMAC, and attacks against passwords on mobile devices. If you mention
forensics or PCI-DSS somewhere in there as well, you just might be a
winner.

Cool Guy Challenge:
We'd like to see a presentation on the probability & feasibility of
*ever* getting rid of passwords. Business cases, even crazy ideas
suggesting that leaving passwords for something better could be a good
thing to do (faster, cheaper & better). (Blizzard protects their games
using 2-factor authentication, while many banks still uses usernames &
passwords only....)

ATTACKS include online and offline attacks against all types of
passwords and & PINs, where the purpose is to gain access to, circumvent
or recover a password in some form. (Mind reading is out of scope). New
& updated tools & techniques are most welcome.

DEFENSE includes ways to defend against online/offline attacks against
passwords, including IDS, logging, ciphers, policies, awareness etc.

USABILITY includes user interaction designs, password policies, security
awareness, password reset / recovery from a user perspective, statistics
and so on. 

 == HOW TO SUBMIT ==
Send your proposal to per@thorsheim.net. Submissions will be reviewed
by people from the Selmer Center and me (Per Thorsheim). Submissions
MUST include the following information:

1. Speaker(s) name
2. Bio (short, should include link to online profile, website, blog etc)
3. Title and short abstract of your presentation
4. List of facilities required beyond the usual equipment available
5. If you will allow materials, presentation and video to be made
available online after the conference

All papers and presentations must be in English. With free participation
and a very limited budget, we can't offer much more than the fun and
usability of talking to other experts in this area, as well as free
lunch both days. 

== IMPORTANT INFORMATION FOR SUBMISSIONS ==
No product marketing will be accepted. Materials presented should be
your own work. No limits to technical depth - expect well educated and
highly experienced security professionals in the audience. We will do
video recordings of all presentations and make them available for free
after the conference, unless you disagree. (We may even consider live
streaming!)

== ADDITIONAL INFORMATION ==
We will make arrangements for an official conference hotel, preferably
with a price discount available. We will also try to help those who
would like to see the fjords (see www.fjordnorway.com) before or after 
the conference. Of course we'll try to gather everyone for dinner on 
Monday evening (before we start), as well on Tuesday evening. There will
be plenty of sightseeing opportunities available at this time of year. 

If anyone would like to sponsor the conference in any way, please contact 
me ASAP, we're open to any suggestions you might have. We MAY be able to 
do limited travel reimbursements for 1-2 speakers, but only for people 
attending privately (not representing any commercial organization).

Questions and comments are welcome.

-- 
Best regards,
Per Thorsheim
CISA, CISM, CISSP-ISSAP
http://securitynirvana.blogspot.com/