========================================================================= Passwords 2015 The 9th International Conference on Passwords 7, 8, 9 December 2015 University of Cambridge, United Kingdom http://www.cl.cam.ac.uk/events/passwords2015/ https://passwordscon.org/ ========================================================================= The Passwords conference was launched in 2010 as a response to the lack of robustness and usability of current personal authentication practices and solutions. Annual participation has doubled over the past three years. Since 2014, the conference accepts peer-reviewed papers. --------------------------------------------------------- Important dates Research papers and short papers * Title and abstract submission: 2015-09-01 * Paper submission: 2015-09-07 * Notification of acceptance: 2015-11-02 * Camera-ready from authors: 2015-11-16 Tutorials * Tutorial proposal submission: 2015-10-15 * Notification of acceptance: 2015-11-02 --------------------------------------------------------- Conference Aim More than half a billion user passwords have been compromised over the last five years, including breaches at internet companies such as Target, Adobe, Heartland, Forbes, LinkedIn, Yahoo, and LivingSocial. Yet passwords, PIN codes, and similar remain the most prevalent method of personal authentication. Clearly, we have a systemic problem. This conference gathers researchers, password crackers, and enthusiastic experts from around the globe, aiming to better understand the challenges surrounding the methods personal authentication and passwords, and how to adequately solve these problems. The Passwords conference series seek to provide a friendly environment for participants with plenty opportunity to communicate with the speakers before, during, and after their presentations. --------------------------------------------------------- Scope We seek original contributions that present attacks, analyses, designs, applications, protocols, systems, practical experiences, and theory. Submitted papers may include, but are not limited to, the following topics, all related to passwords and authentication: Technical challenges and issues: * Cryptanalytic attacks * Cryptographic formal attack models * Cryptographic protections * Cryptographic protocols * Dictionary attacks * Digital forensics * Online attacks * Rate-limiting * Side-channel attacks * Physical access control systems Administrative challenges: * Account lifecycle management * User identification * Password resets * Cross-domain and multi-enterprise system access * Hardware token administration Password “replacements”: * 2FA and multifactor authentication * Best practice reports * Costs and economy * Biometrics * Continous authentication * FIDO – U2F The soft side of password security – humans: * Best practices * Social Engineering * Security usability * Design & UX * Memorability * Pattern predictability * Gestures and graphical patterns * Guessing attacks * Psychology * Statistics (languages, age, demographics…) --------------------------------------------------------- Instructions for authors Papers must be submitted to Easychair at https://easychair.org/conferences/?conf=passwords15 as PDF using the Springer LNCS format for Latex. Abstract and title must be submitted one week ahead of the paper deadline. We seek submissions for review in the following three categories: * Research Papers * Short papers * Tutorials (talks without academic papers attached) RESEARCH PAPERS should describe novel, previously unpublished technical contributions within the scope of the call. The papers will be subjected to double-blind peer review by the program committee. Paper length is limited to 16 pages (LNCS format) excluding references and well-marked appendices. The paper submitted for review must be anonymous, hence author names, affiliations, acknowledgements, or obvious references must be temporarily edited out for the review process. The program committee may reject non-anonymized papers without reading them. The submitted paper (PDF or PostScript format) must follow the template described by Springer at http://www.springer.de/comp/lncs/authors.html. SHORT PAPERS will also be subject to peer review, where the emphasis will be put on work in progress, hacker achievements, industrial experiences, and incidents explained, aiming at novelty and promising directions. Short paper submissions should not be more than 6 pages in standard LNCS format in total. A short paper must be labeled by the subtitle "Short Paper". Accepted short paper submissions may be included in the conference proceedings. Short papers do not need to be anonymous. The program committee may accept full research papers as short papers. TUTORIALS are expected to explain new methods, techniques, tools, systems, and services within the Passwords scope. Tutorial proposals can be submitted in any format. They will be evaluated by a separate subcommittee led by Per Thorsheim, according to different criteria than those used for the refereed papers. At least one of the authors of each accepted paper must register and present the paper at the workshop. Papers without a full registration will be withdrawn from the proceedings and from the workshop programme. Papers that pass the peer review process and that are presented at the workshop will be included in the event proceedings, published by Springer in the Lecture Notes in Computer Science (LNCS) series. Papers must be unpublished and not being considered elsewhere for publication. Plagiarism and self-plagiarism will be treated as a serious offense. Program committee members may submit papers but program chairs may not. The time frame for each presentation will be either 30 or 45 minutes, including Q&A. Publication will be by streaming, video and web. --------------------------------------------------------- Organization Steering committee * Per Thorsheim, God Praksis AS (N) * Stig F. Mjolsnes, Norwegian University of Science and Technology (N) * Frank Stajano, University of Cambridge (UK) Organizers * General chair: Per Thorsheim, God Praksis AS (N) * Program co-chair and host: Frank Stajano, University of Cambridge (UK) * Program co-chair: Stig F. Mjolsnes, Norwegian University of Science and Technology (N) * Local arrangements chair: Graeme Jenkinson, University of Cambridge (UK) Program committee * Jean-Philippe Aumasson - Kudelski Security (CH) * Lujo Bauer - Carnegie Mellon University (USA) * Jeremiah Blocki - Microsoft Research (USA) * Joseph Bonneau - Stanford University and EFF (USA) * Lorrie Faith Cranor - Carnegie Mellon University (USA) * Markus Dürmuth - Ruhr-University Bochum (D) * Serge Egelman - ICSI and University of California at Berkeley (USA) * Tor Helleseth - University of Bergen (N) * Cormac Herley - Microsoft Research (USA) * Markus Jakobsson - Qualcomm (USA) * Graeme Jenkinson - University of Cambridge (UK) * Stefan Lucks - Bauhaus-University Weimar (D) * Paul van Oorschot - Carleton University (CA) * Jeunese Payne - University of Cambridge (UK) * Sören Preibusch - Google (USA) * Angela Sasse - University College London (UK) Submit your paper / proposal using EasyChair: https://easychair.org/conferences/?conf=passwords15