TELECOM Digest Fri, 8 Apr 94 14:55:00 CDT Volume 14 : Issue 173 Inside This Issue: Editor: Patrick A. Townson International Conference on Information Security IFIP SEC'94 (Willis Ware) Re: EDI Electronic Data Interchange (m19249@mwvm.mitre.org) Re: 900 and Other Premium Numbers (Tony Harminc) Contacting the FCC Using Email (Hans-Gabriel Ridder) TELECOM Digest is an electronic journal devoted mostly but not exclusively to telecommunications topics. It is circulated anywhere there is email, in addition to various telecom forums on a variety of public service systems and networks including Compuserve and GEnie. Subscriptions are available at no charge to qualified organizations and individual readers. Write and tell us how you qualify: * telecom-request@eecs.nwu.edu * The Digest is compilation-copyrighted by Patrick Townson Associates of Skokie, Illinois USA. We provide telecom consultation services and long distance resale services including calling cards and 800 numbers. To reach us: Post Office Box 1570, Chicago, IL 60690 or by phone at 708-329-0571 and fax at 708-329-0572. Email: ptownson@townson.com. ** Article submission address only: telecom@eecs.nwu.edu ** Our archives are located at lcs.mit.edu and are available by using anonymous ftp. The archives can also be accessed using our email information service. For a copy of a helpful file explaining how to use the information service, just ask. TELECOM Digest is gatewayed to Usenet where it appears as the moderated newsgroup comp.dcom.telecom. It has no connection with the unmoderated Usenet newsgroup comp.dcom.telecom.tech whose mailing list "Telecom-Tech Digest" shares archives resources at lcs.mit.edu for the convenience of users. Please *DO NOT* cross post articles between the groups. All opinions expressed herein are deemed to be those of the author. Any organizations listed are for identification purposes only and messages should not be considered any official expression by the organization. ---------------------------------------------------------------------- Subject: Tenth International Conference on Information Security IFIP SEC'94 Reply-To: willis@rand.org Date: Fri, 08 Apr 94 11:31:57 PDT From: "Willis H. Ware" The Tenth International Conference on Information Security - IFIP SEC'94 Organized by Technical Committee 11 of the International Federation for Information Processing, IFIP/TC 11 - in cooperation with the Special Interest Group on Information Security of the Dutch Computer Society - and hosted by the Caribbean Computer Society. I F I P S E C ' 9 4 M A Y 2 3 - 2 7 , 1 9 9 4 I T C P I S C A D E R A B A Y C U R A C A O D U T C H C A R I B B E A N I N T E R N A T I O N A L P R O G R A M ** Five days, multiple parallel tracks, over sixty refereed unique presentations, specially invited speakers, dedicated tutorials workshops, working group sessions, lively panel discussions, and much, much more...... Dynamic Views on Information Security in Progress ABOUT IFIP'S TECHNICAL COMMITTEE 11 The International Federation for Information Processing was established in 1960 under sponsorship of UNESCO. In 1984 the Technical Committee for Security and Protection in Information Processing Systems, Technical Committee 11, came into existence. Its aim is to increase the reliabil-ity and general confidence in information processing, as well as to act as a forum for security managers and others professionally active in the field of information processing security. Its scope encompasses the establishment of a frame of reference for security common to organizations, professionals and the public; and the promotion of security and protection as essential parts of information processing systems. Eight working groups: Information Security Management, Small Systems Security, Database Security, Network Security, Systems Integrity and Control, Security Legislation, Information Security Education and IT Related Crime Investigations, all chaired by seasoned international experts, cover a major part of the actual TC 11 workload. ABOUT THE TENTH INTERNATIONAL INFORMATION SECURITY CONFERENCE This event is the Tenth in a series of conferences on information security. Something to celebrate. The organizers have compiled a truly exceptional, unique, and especially upgraded conference in a setting suitable for celebrating its Tenth birthday. Over 75 sessions will cover just about all aspects of information security, on a senior and advanced level. The formal language of SEC'94 is English. The proceedings are published by Elsevier North Holland in its acclaimed series. There are evidently some astounding surprises within SEC'94. As key note's SEC'94 will feature major players. Ten invited speakers, doubt-less seasoned seniors in their field, will contribute with their vision of the future. Ranging from the legislative aspects of data privacy, to the international impact of the Clipper chip, and the dimensions of new cryptographic standards and applications. Global policy making and breaking in respect of the international harmonization efforts of information technology security evaluation criteria, and other most enticing issues are advocated during the various invited lectures. Within the framework of this conference a series of special lectures are built in, dedicated to one most important aspect. SEC'94 includes a UNIX system security workshop and a cryptology tutorial. Special sessions are devoted to information security in developing nations, and information security in the banking and financial industry. Two major full day mini conferences "IT Security Evaluation Criteria" and "Open Systems Network Security" are included in the program as well. SEC'94 offers a panel discussion of the editors of Elseviers Journal Computers and Security, IFIP TC 11's formal journal. ABOUT YOU Each of the past ten years you have shown IFIP and TC 11 in particular, your commitment to information security by attending the IFIP SEC conferences. The visitors and delegates to IFIP SEC are a broad audi-ence, from everywhere: The Pacific Rim, Europe, Africa, the North and Latin America's and the Far East. The level of authority/positions is as usual: within practical, management, legal and technical level, the delegate to IFIP SEC is considered the top grade. Anyone - directly and indirectly - involved and/or interested in information security, wherever she/or he may live, is IFIP SEC's audience. You certainly may not miss SEC'94! SOMETHING EXTRA The organizers wanted to do something extra for this Tenth event. Besides compiling a unique conference program, its length was extended to FIVE days, extra tracks are added, the delegate admission is reduced, special student admission rate are available, Worldwide rebated air travel and discounted hotel accommodation can be obtained, and those not yet being a member of the World's largest and most influential computer society are being offered a free of charge membership for 1994! And that's not all! Yet, some surprises are saved for the event itself. IFIP TC 11's SEC'94 welcomes you to Curacao, BONBINI ! A W A R D S Technical Committee 11 of IFIP presents during its 10th event two prestigeous awards. The Kristian Beckman Award and the Best Paper Award. The Kristian Beckman Award has been established by IFIP TC 11 to com-memorate the first chairman of the committee, Kristian Beckman from Sweden, who was also responsible for promoting its founding in 1983/84. This award is granted annually to a successful nominee and is presented at the annual IFIP Security Conference. The objective of the award is to publicly recognize an individual - not a group or organization - who has significantly contributed to the development of information security, especially achievements with an international perspective. To celebrate the tenth annual conference the organizers have decided also to present a Best Paper Award. The award will be presented to the individual with the most significant paper at SEC'94. The audience itself will be selecting this presentation/individual. P R O G R A M INVITED PRESENTATIONS Computer based cryptanalysis: man versus machine approach by Dr. N. Balasubramanian, former director of the Joint Cipher Bureau/Crypto- graphic Services of the Department of Defense of the Government of India. Establishing a CERT: Computer Emergency Response Team by Kenneth A. van Wyk, manager Assist team, Defense Information Security Agency of the Department of Defense, United States Privacy aspects of data travelling along the new 'highway' by Wayne Madsen, scientist Computer Science Corp., United States. Issues in designing and implementing a practical enterprise security architecture by Ross Paul, manager information security, the Worldbank, United States. (key note's and other invited speakers to be announced by special bulletin) IFIP TC 11 position paper in discussion: Security Evaluation Criteria by H. Schoone, Netherlands. Special TC 11 Working group sessions: 11.8 Computer Security Education, chair: Em. Prof. Dr. Harold Highland 11.1 IT Security Management, chair: Prof. S.H. von Solms (S. Africa) 11.5 System Integrity and Control, chair: William List (UK) Special Appearance: Information Warfare: waging and winning conflict in cyberspace by Winn Schwartau (US) Panel discussion: Panel discussion of the editors of Elseviers Journal Computers and Security chaired by John Meyer, Elsevier (UK), editor. Extended UNIX tutorial: Unix meets Novell Netware by Kevin H. Brady, Unix Systems Lab. (US). Extended virus tutorial: Technologically enabled crime: shifting paradigms for the year 2000 by Sara Gordon (US). Viruses: What can we really do? by Prof. Henry Wolfe (New Zealand). Future trends in virus writing by Vesselin V. Bontchev (Bulgaria/Germany). Viral Tidings by A. Padgett Peterson (US). Integrity checking for anti viral purposes by Yisrael Radai (Israel). Special appearance: *title to be announced* Prof. Eugene Spafford (US). REFEREED PRESENTATIONS Operations Security: the real solution to the problem - A. Don Temple (US). Security in virtual reality: virtual security - Amund Hunstad (Sweden). Prohibiting the exchange attack calls for hardware signature - Prof. Reinhard Posch/Wolfgang Mayerwieser (Austria). Towards secure open systems - Dr. Paul Overbeek (Netherlands). A security officer's workbench - Prof. Dennis Longley/Lam For Kwok (Australia/Hong Kong). An introduction to Citadel: a secure crypto co-processor for workstations - Dr. Elaine Palmer (US) On the calculation and its proof data for PI 10-9th - Shengli Cheng et al (P.R. of China). Securenet: a network oriented intelligent intrusion prevention and detection system - Assoc. Prof. Dimitris Gritzalis et al (Greece). A methodology for the design of security plans - Drs. Fred de Koning (Netherlands). An open architecture for security functions in workstations - Stefan Santesson (Sweden). Security systems based on exponentiation primitives, TESS - Prof. Thomas Beth (Germany). The structure and functioning of the COST privacy enhanced mail system - Prof. Sead Muftic, Nada Kapidzic, Alan Davidson (Sweden). The need for a new approach to information security - Dr. Jean Hitchings (UK). A Practical database encryption system - Prof. C. Chang/ Prof. D. Buehrer (Taiwan, ROC). Security analysis and strategy of computer networks - Jie Feng et al (P.R.o.China). Information Security: legal threats and opportunities - Dr. Ian Lloyd (Scotland). Secure communication in LAN's using a hybrid encryption scheme - Prof. Mahmoud El-Hadidi, Dr. Nadia Hegazi, Heba Aslan (Egypt). Secure Network Management - Bruno Studer (Switzerland). Ramex: a prototype expert system for computer security risk analysis and management - Prof. Peter Jarratt, Muninder Kailay (UK). The need for decentralization and privacy in mobile communications networks - D.I. Frank Stoll (Germany). Is lack of quality software a password to information security problems ? - Dr. Peter Fillery, Nicholas Chantler (Western Australia). Smart: Structured, multi-dimensional approach to risk taking for operational information systems - Ing. Paul van Dam, et al. (Netherlands). IT Audit: the scope, relevance and the impact in developing countries - Dr. K. Subramanian (India). Program structure for secure information flow - Dr. Jingsha He (US) Security, authentication and policy management in open distributed systems - Ralf Hauser, Stefano Zatti (Switzerland/Italy). A cost model for managing information security hazards - Love Ekenberg, Subhash Oberoi, Istvan Orci (Sweden). Corporate computer crime management: a research perspective - Dr. James Backhouse (UK). A high level security policy for health care establishments - Prof. Sokratis Katsikas, Ass. Prof. Dimitris Gritzalis, et al (Greece). Moss: a model for open system security - Prof. S.H. von Solms, Dr. P van Zyl, Dr. M. Olivier (South Africa). The risk-based information system design paradigm - Dr. Sharon Fletcher (US) Evaluation of policies, state of the art and future research direc-tions in database security - Dr. Guenther Pernul, Dr. A.M. Tjoa (Austria). Exploring minimal ban logic proofs of authentication protocols - Anish Maturia, et al (Australia). Security concepts for corporate networks - Prof. Rolf Oppliger, Prof. Dieter Hogrefe (Switzerland). The security process - Jeanette Ohlsson (Sweden). On the security of lucas function - Dr. C.S. Laih (Taiwan RoC). Security considerations of content and context based access controls - Donald Marks, Leonard Binns, Peter Sell, John Campbell (US). Anonymous and verifiable databases: towards a practical solution - Prof. Jennifer Seberry, Dr. Yuliang Zheng, Thomas Hardjono (Australia). A decentralized approach for authorization - Prof. Waltraud Gerhardt, Burkhard Lau (Netherlands). Applying security criteria to a distributed database example - Dr. Marshall Abrams, Michael Joyce (US). A comparison of international information security standards based on documentary micro-analysis - Prof. William Caelli, Em. Prof. John Carroll (Australia/Canada). Security in EDI between bank and its client - Pauli Vahtera, Heli Salmi (Finland). Secure information exchange in organizations - D.I. Ralph Holbein (Switzerland). A framework for information system security management - Helen James, Patrick Forde (Australia). The security of computer system management - Xia Ling et al (P.R.o.China). Development of security policies - Jon Olnes (Norway). Factors affecting the decision to report occurances of computer abuse - John Palmer (Western Australia). Secure manageable remote access for network and mobile users in an open on-line transaction processing environment - Dr. James Clark (Singapore). Session lay-out: Monday May 23: plenary only Tuesday May 24 - Thursday May 26: four parallel tracks Friday May 25: plenary only Registration: Sunday afternoon May 22 at the conference venue Monday morning May 23 at the conference venue Terms and conditions: The conference registration/admission fee amounts US $1,295 for regular registrations per individual. However, if you are a member of a national computer society you may be eligible for a discount. Late charges and cancellations: Registration received after May 1, 1994 are charged with an extra late charge of 10%. Substitutions may be made at any time, though please advise us of a change of name. If you find it necessary to cancel the place, please telephone the conference office immediately and ask for a cancellation number. Confirm in writing quoting the cancellation number. Provided written notice is received by May 1, 1994, a full refund will be given less a 15% administration charge. It is regretted that cancellations received after May 1, 1994 are liable for the full registration fee. Payment: the registration fees are immediately due upon registration, and all cheques should be made payable to the High Tech Port Curacao Foundation, accompanying the signed registration form. Alternatively registrations by fax and electronic mail are accepted, provided the payment for the full amount in US dollars is released by wire transfer in favor of the High Tech Port Curacao Foundation within one week after the registration. Fax and/or email registrations must be completed before May 1, 1994. If payment is not received within stated period the registration is automatically cancelled and voided. Forms not signed or correctly filled in are not valid registrations. Conference registration fees should be paid in US dollars only, to prevent excessive exchange charges. It is possible to pay by credit card, however a surcharge of 25% is levied due to local monetary restrictions and policies. Immediately after registration you will receive a confirmation by fax or email. Included in the conference fee is the admittance to all sessions of all tracks of the conference, the lunches during Tuesday, Wednesday, Thursday and Friday; coffee and tea during the intermissions, a welcome cocktail at your hotel, one admission ticket per delegate to the formal conference banquet, and a copy of the handout of the conference proceedings. Registrations made after May 1, 1994 are on space available basis only. If you apply for a discount the registration form and payment must be received before May 1, 1994. All other services ordered are separately billed, payable upon receipt of the respective order confirmation. --------------------- Curacao is a tourist destination in high demand. We advise you to make your flight and hotel accommodation reservations well in advance !!! FAX THE FORM BELOW TO: IFIP SEC'94 SECRETARIAT +599 9652828 OR AIRMAIL TO: IFIP SEC'94 SECRETARIAT POSTOFFICE BOX 4 0 6 6 WILLEMSTAD - CURACAO NETHERLANDS ANTILLES CARIBBEAN OR EMAIL TO: < TC11@IAIK.TU-GRAZ.AC.AT > IFIP TC 11 SEC'94 CONFERENCE REGISTRATION (one form per individual, copy for multiple registrations) Please register the following individual for IFIP SEC'94: Surname: First name: Title: Organization: Job title: Mail address: Post/zip code: Country: Telephone: Telefax: Email: If you are a member of a national computer society, use this priority registration by fax or email, and wiretransfer the applicable amount, you are entitled to a rebated admission rate. Instead of US $ 1,295, you pay only US $ 1,165. If you send this by fax to the Conference secretariat, a signature is necessary, here: I understand and agree to abide by the conditions as set out in the conference brochure, also printed elsewhere in this document. Date: If you send this form by email, a signature is not necessary. In that case the date of receipt of the wiretransfer of the applicable amount is the date of registration. CONFERENCE PAYMENT I will remit by wiretransfer US $ _________ in favor of the High Tech Port Curacao Foundation, bank account number 11.592652.5570.004 with CITco Bank NV, Curacao, Netherlands Antilles, immediately. Wiretransfer reference: IFIP SEC'94 ABA nr. of the CITco Bank (this is not the account number, but the banks' correspondents number): 021004823. US corresponding bank: Republic National Bank, New York. Upon receipt of the applicable amount by the High Tech Port Curacao Foundation I will receive within 24 hours by fax a confirmation and an invoice marked "fees paid". ADDITIONAL I apply for the 1994 free of charge membership of the ACM (valid only if you are not a member, yet) Mark yes > > < I have a special request: (insert your request here) HOTEL INFORMATION The Curacao Caribbean Hotel (tel: +599-9625000 fax: 599-9625846) as well as the Sonesta Hotel (tel: +599-9368800 fax: +599-9627502, in the US call tollfree 1.800.477.4556) are beach front hotels at walking distance of the conference center. Special roomrates start at US $ 112 per single room/night, including tax, services, full breakfast. Roomrates based on double, triple and quad are available. Various other hotels on request. AIR TRANSPORT There are daily non-stop flights from Miami operated by American Airlines, daily non-stop wide body flights from Amsterdam (Netherlands) operated by KLM, daily non-stop flights from Marquetia Aeropuerto Inter-nacional de Caracas (Venezuela), Santa Fe de Bogota (Colombia), and various Caribbean islands, all operated by regional carriers. Special promotional fares are by KLM, TAP Air Portugal, and American Airlines. Contact your travel agency for more information. * * * Curacao is tropical. Year-round an average temp. of 90 F/35 C. A constant tradewind makes it very pleasant. You do not need a jacket or coat! Make your flight and hotel reservation as soon as possible !!! * * * Come enjoy Dutch Caribbean hospitality soon ! SEC'94 also encompasses a great after hours social program, typical Caribbean style. ORGANIZING CHAIR: Dr. F. Bertil Fortrie (chairman SEC'94) ------------------------------ From: M19249@mwvm.mitre.org Subject: Re: EDI Electronic Data Interchange Date: Fri, 08 Apr 94 11:28:09 EDT Organization: The MITRE Corporation, McLean VA 22102 In article westmanj@scico1.chchp.ac.nz (Joakim Westman) writes: > I'm wondering if somebody knows what the concept of EDI -- Electronic > Data Interchange is al about. I've been trying to get information > about this, I believe quite new topic at least in NZ, with no luck. > Therfore I turn to you as a new news user. Think of all the possible business forms you can imagine. Now take the pieces of each on and break them apart. eg. name and address, shipping location, invoice info, bill of lading info, credit adjustment etc. Call each identifiable form a transaction set; call the reusable chunks segments; call the small pieces that make up segments data elements. Now agree on common definitions of the transaction sets, segments, and data elements and put them electronic format. That's what ANSI X12 in the US has done, similarly outside the US the standards are UN/EDIFACT. Since we now have electronic standards for business forms why don't I as a buyer use a clearinghouse to accept bids for products I want to retail from potential manufacturers. This is what many large retailers do. But why stop there, telephone bills, service order information, medical info., shipping info, ... can all adapt to or become new transaction sets. As for source info, try EDI World magazine, 2021 Coolidge St., Hollywood FL, 33020-2012, (305)925-5900. Several books are also available about EDI, two are: Electronic Data Interchange by Paul Kimberly, McGraw Hill, 1991 and EDI, A Total Management Guide, 2nd Ed, by Margaret Emmelhainz, Van Nostrand- Reinhold, 1993. As for the EDI standards, the Data Interchange Standards Assn, Alexandria VA, (703)548-7005 can get you the latest ANSI published standards. ANSI and EDIFACT EDI standards will converge on EDIFACT later in this decade according to current agreements. For us telecom types, there are industry standards bodies, ECSA/TBWG, that support EDI research and standards creation. DW ------------------------------ Date: Fri, 08 Apr 94 11:52:32 EDT From: Tony Harminc Subject: Re: 900 and Other Premium Numbers msb@sq.sq.com (Mark Brader) wrote: > Around here (Toronto) we have 900 and 976 numbers also, but it is the > 976's for which there are numerous late night advertisements featuring > scantily clad women. > As just about everyone reading this knows, in much (but not all) of > the US and Canada, long-distance numbers must be dialed differently > from local ones, so that you always know when you're dialing a toll > call. Such a rule applies here. And when someone dials a 976 number > here, *they must dial it as if it was long distance within their area > code*. There are doubtless several layers of politics involved here. Some years ago Bell Canada applied to the CRTC to drop 976- service entirely. The service providers objected strongly, and Bell was ordered to continue it. But shortly thereafter, toll dialing within NPA 416 went from 1 + seven to 1 + ten, and, doubtless to their satisfaction, Bell was able to make 976- numbers that much harder to dial and that much harder to advertise consistently. I notice that the late-night/scantily-clad-women ads often still list the numbers as 1 976-xxxx, and often speak them as 'one nine seven six x x x x', presumably to discourage callers from thinking about the 1 at the front. But then callers will get the recording telling them they must dial 1 plus the area code. It's not clear if the advertisers are being sneaky, or are just as stupid as those US companies who list their US-only 800 numbers in foreign publications. Tony Harminc ------------------------------ From: ridder@zowie.zso.dec.com (Hans) Subject: Contacting the FCC Using Email Date: 8 Apr 1994 16:36:36 GMT Organization: Digital Equipment Corporation - DECwest Engineering In article izzy@netaxs.com (Michael Israeli) writes: > Where can one write or e-mail to state an opinion on this to? > [TELECOM Digest Editor's Note: I suppose one can now contact the FCC > via their new online thing with the net which we have been hearing > about. Does anyone know if the mail can go both directions on that > or if pen and paper still required? :) PAT] Some of the documents list an e-mail address at the end, some do not (the one posted did not have one, just telephone a number.) I suppose if you send something, you might get a reply. As far as sending your comments to the FCC via e-mail, note the following (from ftp.fcc.gov:/pub/Public_Notices/Miscellaneous/pnmc4001.txt): APPLICATION OF EX PARTE RULES TO INTERNET E-MAIL The Commission's new computer system now affords members of the public access to decision-making personnel through delivery of Internet E-Mail. The purpose of this public notice is to remind the public that the ex parte rules (47 C.F.R. 1.1200 et seq.) that apply to written presentations to any Commission decision- making personnel also apply to Internet E-Mail presentations. In restricted proceedings (e.g., proceedings involving mutually exclusive applications, a formal complaint, or a formally opposed application), oral and written ex parte presentations are generally prohibited. See 47 C.F.R. 1.1208. Therefore, as with other written presentations, Internet E-Mail presentations to Commission decision-makers in restricted proceedings are prohibited unless they are served on all parties to the proceeding. In non-restricted proceedings (e.g., most informal rulemakings after issuance of a notice of proposed rulemaking), ex parte presentations are permissible (except during the Sunshine Period) but must be disclosed. See 47 C.F.R. 1.1206. Therefore, as with other written presentations, if an Internet E-Mail ex parte presentation in a non-restricted proceeding is transmitted to any decision-making personnel, two hard copies of that presentation should be provided to the Secretary. The presentation (as well as any transmittal letter) should indicate clearly on its face the docket number of the particular proceeding(s) to which it relates and the fact that two copies of it have been submitted to the Secretary. The presentation should be labeled or captioned as an ex parte presentation. See 47 C.F.R. 1.1206(a)(1). During the Sunshine Period (the period which commences when an item is placed on the Sunshine Agenda and ends when the item is released), unless specifically exempted, all presentations concerning an item on the Sunshine Agenda, ex parte or not, are prohibited. See 47 C.F.R. 1.1203. This prohibition applies whether the proceeding is restricted, non-restricted, or is exempt under the ex parte rules. Therefore, unless an exemption specifically applies (e.g., a presentation specifically requested by the Commission or staff or a presentation from Congress or another Federal Government agency, see 47 C.F.R. 1.1203(b)&(c)), no Internet E-Mail presentations should be transmitted during the Sunshine Period to decision-making personnel. See 47 C.F.R. 1.1203. Action by the General Counsel. For further information, contact Steve Bailey (202) 254-6530. ------------------ Hans-Gabriel Ridder DECwest Engineering, Bellevue, Washington, USA ------------------------------ End of TELECOM Digest V14 #173 ****************************** -------------------------------------------------------------------------------