IWSSI/SPMU 2009

One of the cornerstones in Mark Weiser’s vision of ubiquitous computing is the potential for interacting with services, anywhere, anytime. Advances in mobile computing, ad hoc networks, context awareness, and human computer interaction now facilitate a seamless, spontaneous interaction between users, devices, and services. One example of the potential of this development is the spread of cell phones. Today, the mobile phone has become the most widely deployed computing platform in the world. Analysts predict some 2.6 billion mobile phones in regular use by 2009. For many people, the mobile phone is the ﬁrst computer they encounter, and certainly the only computer they carry with them most of their waking moments. Not surprisingly, it is increasingly used as the primary interface for such spontaneous interactions, e.g., for mobile payments schemes, ticketing, or mobile collaborative gaming.

Mobile devices in general, and mobile phones in particular, present unique challenges not only in terms of user interface, battery life, and form factor, but also in terms of ensuring their users’ privacy and security. Privacy and security are often in conﬂict with another and have been the topic of many research projects. Emerging mobile payment and ticketing solutions require the secure transmission and storage of ﬁnancial information, while electronic health records or access certiﬁcates/tokens might imply the use of highly sensitive personal information on such devices. Securing the potentially massive amount of interactions using mobile devices is diﬃcult, because typically there will be no a priori shared information such as passwords, addresses, or PIN codes between the phone, its user, and the service they want to use. Additionally, mobile devices often lack powerful user interfaces to support classical authentication methods.

An increasing number of approaches to securing spontaneous interactions and – at the same time – protecting users’ privacy have been suggested, and some of them have already been adopted for standardization. Some of these approaches were explicitly designed for use with mobile devices, while others can beneﬁt from user mobility. Many research challenges still remain as none of the known solutions is fully satisfactory with respect to security and privacy, on the one hand, and usability, on the other hand.

This joint workshop merges IWSSI 2007 and SPMU 2008, two prior workshops that were co-located with Ubicomp 2007 and Pervasive 2008, respectively. These workshops shared many topics of interest, and the trend to use mobile phones for spontaneous interaction with pervasive environments has recently become more pronounced. It is therefore desirable to discuss spontaneous interaction and security and privacy issues in mobile device use together. The joint workshop will accept topics of either research area to broaden the potential number of participants. IWSSI 2007 (http://www.comp.lancs.ac.uk/iwssi2007/) was highly successful in bringing together a research community working on se- curity for spontaneous interaction (which resulted in a special issue of IJSN, the International Journal on Security and Networks, presenting the most important approaches), and SPMU 2008 (http://www.vs.inf.ethz.ch/events/spmu08/) showed the need for a speciﬁc workshop on security and privacy research for mobile devices (with the result of a collaboratively assembled list of open research questions).

This workshop aims to bring together researchers working on these topics, to deﬁne open issues, clarify the used terminology, and foster cooperation between researchers in this area. One of the main issues is still the lack of common ground, although common protocol families have started to appear since IWSSI 2007. This includes both terminology and a shared understanding of the open research issues covering various aspects like user interaction, cryptographic primitives, and dealing with limited device resources, as well as legal, social, and cultural implications of increased mobile phone use for security- and privacy-relevant interactions. One speciﬁc focus question is how mobile devices in general (and mobile phones in particular) can assist their users in interacting with an increasingly pervasive environment of networked services – securely, protecting the users’ privacy, and usable to non-experts.

That is, how can mobile devices act as a trustworthy interface to the digital world?

The workshop will provide a forum for researchers to discuss these problem areas and to put forward an agenda for future research. An expected outcome of the workshop is increased cooperation between research groups and a special issue in a renowned international journal. As for IWSSI 2007, we plan to in- vite authors of other groundbraking papers to contribute to the special issue in addition to the best workshop papers. Topics of Interest

Speciﬁc topics of interest for this workshop include, but are not limited to, the following items as they appear in the context of spontaneous interaction and/or mobile device use:

*     Authentication protocols and methods for device pairing or user authentication *     Sensor-, context-, and location-based authentication methods *     Authorization, access control, and trust management *     Logging and auditing of spontaneous interactions with mobile devices *     Network and system models *     Security and privacy of mobile phone users *     Security and privacy issues in mobile phone networks *     Privacy and anonymous/pseudonymous interactions *     User interfaces and models for user interaction on mobile devices *     Making use of spontaneous interaction in applications *     Public perception of security and privacy issues of mobile phones *     Legal and social issues of security and privacy for mobile phones *     Options for lawful, auditable, and restricted tracking and surveillance using mobile phones in law enforcement

Submission Categories

There will be two separate categories for submission:

*     Full papers: We solicit novel contributions of up to 6 pages in IEEE conference proceedings style on any of the topics of interest or related areas. These papers must not signiﬁcantly overlap with other papers previously published or submitted for publication elsewhere. Accepted papers will be published in the Pervasive 2009 workshops proceedings (if a collected proceedings volume will be created, otherwise they will be published online). *     Position papers: Position papers should be no longer than 2 pages in IEEE style and may present already published work in the context of this workshop, work in progress, as well as ideas and concepts for future research.

We encourage authors to submit to both categories if deemed appropriate.

The workshop organizers, potentially assisted by a small team of expert reviewers, will select around 12-15 contributions. Authors of accepted full and position papers will be invited to give short presentations at the beginning of the workshop with brief discussion phases, followed by an open panel and more speciﬁc discussion groups to discuss common ground and open challenges. The open panel is also a forum for informally presenting demonstrators, which will be actively encouraged. Video and other supplementary material will be published on the workshop web page to provide further incentive for showing prototypes.

Discussion groups will be formed during the open panel based on attendee preferences, but a list of topics for the discussion groups will be suggested by the organizers based on accepted contributions. We intend presenters to moderate the discussion groups around their speciﬁc topic. The last session will wrap up the contributions and outcome of the open panel to set an agenda for advancing the research area. Proceedings

In addition to the Pervasive 2009 workshop proceedings, accepted contributions will be published on the workshop web page. Results in form of agreed terminology, recognized issues and research challenges, and potentially future research agendas will be added to the “SSI” Wiki (which was created for IWSSI 2007) where attendees can directly add content after the workshop. This Wiki will continue to act as an initial platform for a research community on security for spontaneous interaction, which will now be extended to the speciﬁc topics of mobile device and phone use.

Depending on the open panel and wrap-up sessions, we intend to organize a special issue of an international journal to present the current state of the art of the research area in a coherent manner. The special issue should include a summary description of the workshop results written by the workshop organizers, extended versions of some workshop full papers, and may include expanded versions of previous related publications by the attendees. Select authors will be invited to prepare articles for the special issue after the workshop, with an additional review phase by the workshop committee and journal editors. This approach has proven highly successful for IWSSI 2007, resulting in a high-quality special issue of IJSN. Workshop Organizers

*     Rene Mayrhofer (University of Vienna, Austria) *     Marc Langheinrich (Universita della Svizzera italiana/USI, Switzerland) *     Alexander De Luca (LMU Munich, Germany)

Program Committee

*     Alastair Beresford (University of Cambridge, UK) *     Srdjan Capkun (ETH Zurich, CH) *     Pieter Hartel (University of Twente, NL) *     Jaap-Henk Hoepman (NO and Radboud University Nijmegen, NL) *     John Krumm (Microsoft Research Redmond, US) *     Jonathan M. McCune (Carnegie Mellon University, US) *     Kaisa Nyberg (Helsinki University of Technology and NOKIA, FI) *     Frank Stajano (University of Cambridge, UK) *     Ersin Uzun (University of California, Irvine, US) *     Alexander Varshavsky (AT&T Labs, US) *     Ford-Long Wong (University of Cambridge, UK)

This CfP was obtained from WikiCFP