Welcome to the European PKI Workshop 2011 (EuroPKI'11) Web Site. EuroPKI'11 will be the eighth event in the EuroPKI workshop series and will focus on all research aspects of Public Key Services, Applications and Infrastructures. Previous EuroPKI workshops were held in Samos (EuroPKI'04), Kent (EuroPKI'05), Torino (EuroPKI'06), Mallorca (EuroPKI'07), Trondheim (EuroPKI'08), Pisa (EuroPKI'09), and Athens (EuroPKI'10).

EuroPKI'11 will be co-located with ESORICS 2011 in Leuven, Belgium.

LSEC Event

We are pleased to announce that LSEC has accepted our invitation to organise a series of presentations and discussions on current business-related topics as part of the workshop. LSEC is an information security cluster with a broad membership base, including important players from industry and the government.

The main focus of the discussions will be the recent PKI-related security breaches, their aftermath, and lessons we shoud learn. The program of the LSEC event has now been integrated into the program of EuroPKI; however, as some speakers have been called to focus on the current situation, the program of the LSEC event remains tentative.

Keynotes

We are pleased to announce that the keynote speakers at the event will be:

• Chris J. Mitchell

Title: New architectures for identity management - unifying security infrastructures

Abstract: In recent years a large number of identity management systems have been proposed. Unfortunately, although these systems offer the possibility of significantly improving user security, they have not been widely adopted, typically because the cost of adoption is too high for the involved parties. One major problem is that each such system requires the establishment of its own supporting infrastructure (e.g. a PKI), and all participants must adopt the associated protocols to make use of this infrastructure. This creates major barriers to interoperation and adoption. In this talk we consider the problem of designing identity management systems which enable security infrastructures to be unified in a simple and low cost way, and which require minimal changes to the involved parties. This involves designing combinations of security protocols and client machine software architectures that support secure identity management protocols in ways that offer simple and low cost migration paths.



• Peter Gutmann

Title: PKI as Part of an Integrated Risk Management Strategy for Web Security

Abstract: In the real world, risk is never binary but always comes in shades of grey. When security systems treat risk as a purely boolean process, they're prone to failure because the quantisation that's required in order to produce a boolean result has to over- or under-estimate the actual risk. What's worse, if an all-or-nothing system like this fails, it fails completely, with no fallback position available to catch errors. Drawing on four decades of experience with security design for the built environment (buildings and houses) known as crime prevention through environmental design (CPTED), this talk looks at how CPTED is applied in practice and, using browser PKI as the best-known example of large-scale certificate use, examines certificates as part of a CPTED-style risk-mitigation system that isn't prone to all-or-nothing failures and that neatly integrates concepts like EV vs. DV vs. OV and OCSP vs. non-checked certificates into the risk-assessment process, as well as dealing with the too-big-to-fail problem of trusted browser CAs.



• Olivier Pereira

Title: Running Mixnet-Based Elections with Helios

Abstract: The Helios voting system is an open-audit web-based voting system that has been used by various institutions in real-stake elections during the last few years. While targeting the simplicity of the election workflow, the homomorphic tallying process used in Helios limits its suitability for many elections (large number of candidates, specific ballot filling rules, \dots). We present a variant of Helios that allows an efficient mixnet-based tallying procedure, and document the various choices we made in terms of election workflow and algorithm selection. In particular, we propose a modified version the TDH2 scheme of Shoup and Gennaro that we found particularly suitable for the encryption of the ballots. Our Helios variant has been tested during two multi-thousand voter elections. The lessons taken from the first of these elections motivated some changes into our procedure, which have been successfully experimented during the second election. This is joint work with Philippe Bulens and Damien Giry.

Important dates

• Submission of papers: June 10th, 2011June 24th, 2011
• Notification to authors: August 1st, 2011
• Camera-ready copies: August 20th, 2011