This book constitutes the refereed proceedings of the 10th International Workshop on Security and Trust Management, STM 2014, held in Wroclaw, Poland, in September 2014, in conjunction with the 19th European Symposium Research in Computer Security, ESORICS 2014. The 11 revised full papers were carefully reviewed and selected from 29 submissions and cover topics as access control, data protection, digital rights, security and trust policies, security and trust in social networks.

This book is an updated version of the information theory classic, first published in 1990. About one-third of the book is devoted to Shannon source and channel coding theorems; the remainder addresses sources, channels, and codes and on information and distortion measures and their properties. New in this edition: Expanded treatment of stationary or sliding-block codes and their relations to traditional block codes Expanded discussion of results from ergodic theory relevant to information theory Expanded treatment of B-processes -- processes formed by stationary coding memoryless sources New material on trading off information and distortion, including the Marton inequality New material on the properties of optimal and asymptotically optimal source codes New material on the relationships of source coding and rate-constrained simulation or modeling of random processes Significant material not covered in other information theory texts includes stationary/sliding-block codes, a geometric view of information theory provided by process distance measures, and general Shannon coding theorems for asymptotic mean stationary sources, which may be neither ergodic nor stationary, and d-bar continuous channels.

This book constitutes the refereed proceedings of the 9th International Workshop on Security, IWSEC 2014, held in Hirosaki, Japan, in August 2014. The 13 regular papers presented together with 8 short papers in this volume were carefully reviewed and selected from 55 submissions. The focus of the workshop was on the following topics: system security, threshold cryptography, hardware security, foundation, and encryption.

This book constitutes the refereed proceedings of the 11th International Conference on Trust and Privacy in Digital Business, TrustBus 2014, held in Munich, Germany, in September 2014 in conjunction with DEXA 2014. The 16 revised full papers presented were carefully reviewed and selected from numerous submissions. The papers are organized in the following topical sections: trust management; trust metrics and evaluation models; privacy and trust in cloud computing; security management; and security, trust, and privacy in mobile and pervasive environments.

This book constitutes the thoroughly refereed post-proceedings of the 12th International Workshop on Digital-Forensics and Watermarking, IWDW 2013, held in Auckland, New Zealand, during October 2013. The 24 full and 13 poster papers, presented together with 2 abstracts, were carefully reviewed and selected from 55 submissions. The papers are organized in topical sections on steganography and steganalysis; visual cryptography; reversible data hiding; forensics; watermarking; anonymizing and plate recognition.

The two volume-set, LNCS 8616 and LNCS 8617, constitutes the refereed proceedings of the 34th Annual International Cryptology Conference, CRYPTO 2014, held in Santa Barbara, CA, USA, in August 2014. The 60 revised full papers presented in LNCS 8616 and LNCS 8617 were carefully reviewed and selected from 227 submissions. The papers are organized in topical sections on symmetric encryption and PRFs; formal methods; hash functions; groups and maps; lattices; asymmetric encryption and signatures; side channels and leakage resilience; obfuscation; FHE; quantum cryptography; foundations of hardness; number-theoretic hardness; information-theoretic security; key exchange and secure communication; zero knowledge; composable security; secure computation - foundations; secure computation - implementations.

This book constitutes the thoroughly refereed post-conference proceedings of the 5th International Workshop, COSADE 2014, held in Paris, France, in April 2014. The 20 revised full papers presented together with two invited talks were carefully selected from 51 submissions and collect truly existing results in cryptographic engineering, from concepts to artifacts, from software to hardware, from attack to countermeasure.

In the 1970s researchers noticed that radioactive particles produced by elements naturally present in packaging material could cause bits to flip in sensitive areas of electronic chips. Research into the effect of cosmic rays on semiconductors, an area of particular interest in the aerospace industry, led to methods of hardening electronic devices designed for harsh environments. Ultimately various mechanisms for fault creation and propagation were discovered, and in particular it was noted that many cryptographic algorithms succumb to so-called fault attacks. Preventing fault attacks without sacrificing performance is nontrivial and this is the subject of this book. Part I deals with side-channel analysis and its relevance to fault attacks. The chapters in Part II cover fault analysis in secret key cryptography, with chapters on block ciphers, fault analysis of DES and AES, countermeasures for symmetric-key ciphers, and countermeasures against attacks on AES. Part III deals with fault analysis in public key cryptography, with chapters dedicated to classical RSA and RSA-CRT implementations, elliptic curve cryptosystems and countermeasures using fault detection, devices resilient to fault injection attacks, lattice-based fault attacks on signatures, and fault attacks on pairing-based cryptography. Part IV examines fault attacks on stream ciphers and how faults interact with countermeasures used to prevent power analysis attacks. Finally, Part V contains chapters that explain how fault attacks are implemented, with chapters on fault injection technologies for microprocessors, and fault injection and key retrieval experiments on a widely used evaluation board. This is the first book on this topic and will be of interest to researchers and practitioners engaged with cryptographic engineering.

This volume constitutes the refereed proceedings of the 8th IFIP WG 11.2 International Workshop on Information Security Theory and Practices, WISTP 2014, held in Heraklion, Crete, Greece, in June/July 2014. The 8 revised full papers and 6 short papers presented together with 2 keynote talks were carefully reviewed and selected from 33 submissions. The papers have been organized in topical sections on cryptography and cryptanalysis, smart cards and embedded devices, and privacy.

This book constitutes the refereed conference proceedings of the 19th Australasian Conference on Information Security and Privacy, ACISP 2014, held in Wollongong, NSW, Australia, in July 2014. The 26 revised full papers and 6 short papers presented in this volume were carefully selected from 91 submissions. The papers are organized in topical sections on cryptanalysis; cryptographic protocols; fine-grain cryptographic protocols; key exchange, fundamentals, lattices and homomorphic encryption, and applications.

This book constitutes the refereed proceedings of the 7th International Conference on Trust and Trustworthy Computing, TRUST 2014, held in Heraklion, Crete, Greece in June/July 2014. The 10 full papers and three short papers presented together with 9 poster abstracts were carefully reviewed and selected from 40 submissions. They are organized in topical sections such as TPM 2.0, trust in embedded and mobile systems; physical unclonable functions; trust in the web; trust and trustworthiness.

The cryptosystems based on the Integer Factorization Problem (IFP), the Discrete Logarithm Problem (DLP) and the Elliptic Curve Discrete Logarithm Problem (ECDLP) are essentially the only three types of practical public-key cryptosystems in use. The security of these cryptosystems relies heavily on these three infeasible problems, as no polynomial-time algorithms exist for them so far. However, polynomial-time quantum algorithms for IFP, DLP and ECDLP do exist, provided that a practical quantum computer exists. Quantum Attacks on Public-Key Cryptosystems presemts almost all known quantum computing based attacks on public-key cryptosystems, with an emphasis on quantum algorithms for IFP, DLP, and ECDLP. It also discusses some quantum resistant cryptosystems to replace the IFP, DLP and ECDLP based cryptosystems. This book is intended to be used either as a graduate text in computing, communications and mathematics, or as a basic reference in the field.

FOSAD has been one of the foremost educational events established with the goal of disseminating knowledge in the critical area of security in computer systems and networks. Over the years, both the summer school and the book series have represented a reference point for graduate students and young researchers from academia or industry, interested to approach the field, investigate open problems, and follow priority lines of research. This book presents thoroughly revised versions of nine tutorial lectures given by leading researchers during three International Schools on Foundations of Security Analysis and Design, FOSAD, held in Bertinoro, Italy, in September 2012 and 2013. The topics covered in this book include model-based security, automatic verification of secure applications, information flow analysis, cryptographic voting systems, encryption in the cloud, and privacy preservation.

This book constitutes the refereed proceedings of the 14th International Symposium on Privacy Enhancing Technologies, PETS 2014, held in Amsterdam, The Netherlands, in July 2014.The 16 full papers presented were carefully selected from 86 submissions. Topics addressed by the papers published in these proceedings include study of privacy erosion, designs of privacy-preserving systems, censorship resistance, social networks and location privacy."

The two volume-set, LNCS 8616 and LNCS 8617, constitutes the refereed proceedings of the 34th Annual International Cryptology Conference, CRYPTO 2014, held in Santa Barbara, CA, USA, in August 2014. The 60 revised full papers presented in LNCS 8616 and LNCS 8617 were carefully reviewed and selected from 227 submissions. The papers are organized in topical sections on symmetric encryption and PRFs; formal methods; hash functions; groups and maps; lattices; asymmetric encryption and signatures; side channels and leakage resilience; obfuscation; FHE; quantum cryptography; foundations of hardness; number-theoretic hardness; information-theoretic security; key exchange and secure communication; zero knowledge; composable security; secure computation - foundations; secure computation - implementations.

Healthcare IT is the growth industry right now, and the need for guidance in regard to privacy and security is huge. Why? With new federal incentives and penalties tied to the HITECH Act, HIPAA, and the implementation of Electronic Health Record (EHR) systems, medical practices and healthcare systems are implementing new software at breakneck speed. Yet privacy and security considerations are often an afterthought, putting healthcare organizations at risk of fines and damage to their reputations. Healthcare Information Privacy and Security: Regulatory Compliance and Data Security in the Age of Electronic Health Records outlines the new regulatory regime, and it also provides IT professionals with the processes and protocols, standards, and governance tools they need to maintain a secure and legal environment for data and records. It's a concrete resource that will help you understand the issues affecting the law and regulatory compliance, privacy, and security in the enterprise. As healthcare IT security expert Bernard Peter Robichau II shows, the success of a privacy and security initiative lies not just in proper planning but also in identifying who will own the implementation and maintain technologies and processes. From executive sponsors to system analysts and administrators, a properly designed security program requires that that the right people are assigned to the right tasks and have the tools they need. Robichau explains how to design and implement that program with an eye toward long-term success. Putting processes and systems in place is, of course, only the start. Robichau also shows how to manage your security program and maintain operational support including ongoing maintenance and policy updates. (Because regulations never sleep!) This book will help you devise solutions that include: Identity and access management systems Proper application design Physical and environmental safeguards Systemwide and client-based security configurations Safeguards for patient data Training and auditing procedures Governance and policy administration Healthcare Information Privacy and Security is the definitive guide to help you through the process of maintaining privacy and security in the healthcare industry. It will help you keep health information safe, and it will help keep your organization-whether local clinic or major hospital system-on the right side of the law.

This State-of-the-Art Survey contains a selection of papers representing state-of-the-art results in the engineering of secure software-based Future Internet services and systems, produced by the NESSoS project researchers. The engineering approach of the Network of Excellence NESSoS, funded by the European Commission, is based on the principle of addressing security concerns from the very beginning in all software development phases, thus contributing to reduce the amount of software vulnerabilities and enabling the systematic treatment of security needs through the engineering process. The 15 papers included in this volume deal with the main NESSoS research areas: security requirements for Future Internet services; creating secure service architectures and secure service design; supporting programming environments for secure and composable services; enabling security assurance and integrating former results in a risk-aware and cost-aware software life-cycle.

This book constitutes the refereed proceedings of the 12th International Conference on Applied Cryptography and Network Security, ACNS 2014, held in Lausanne, Switzerland, in June 2014. The 33 revised full papers included in this volume were carefully reviewed and selected from 147 submissions. They are organized in topical sections on key exchange; primitive construction; attacks (public-key cryptography); hashing; cryptanalysis and attacks (symmetric cryptography); network security; signatures; system security; and secure computation.

Financial identity theft is well understood with clear underlying motives. Medical identity theft is new and presents a growing problem. The solutions to both problems however, are less clear.

The Economics of Financial and Medical Identity Theft discusses how the digital networked environment is critically different from the world of paper, eyeballs and pens. Many of the effective identity protections are embedded behind the eyeballs, where the presumably passive observer is actually a fairly keen student of human behavior. The emergence of medical identity theft and the implications of medical data privacy are described in the second section of this book.

The Economics of Financial and Medical Identity Theft also presents an overview of the current technology for identity management. The book closes with a series of vignettes in the last chapter, looking at the risks we may see in the future and how these risks can be mitigated or avoided.

This book constitutes the proceedings of the 33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2014, held in Copenhagen, Denmark, in May 2014. The 38 full papers included in this volume were carefully reviewed and selected from 197 submissions. They deal with public key cryptanalysis, identity-based encryption, key derivation and quantum computing, secret-key analysis and implementations, obfuscation and multi linear maps, authenticated encryption, symmetric encryption, multi-party encryption, side-channel attacks, signatures and public-key encryption, functional encryption, foundations and multi-party computation.

This book constitutes the proceedings of the 10th International Conference on Information Security Practice and Experience, ISPEC 2014, held in Fuzhou, China, in May 2014. The 36 papers presented in this volume were carefully reviewed and selected from 158 submissions. In addition the book contains 5 invited papers. The regular papers are organized in topical sections named: network security; system security; security practice; security protocols; cloud security; digital signature; encryption and key agreement and theory.

There are two main approaches in the theory of network error correction coding. In this SpringerBrief, the authors summarize some of the most important contributions following the classic approach, which represents messages by sequences similar to algebraic coding, and also briefly discuss the main results following the other approach, that uses the theory of rank metric codes for network error correction of representing messages by subspaces. This book starts by establishing the basic linear network error correction (LNEC) model and then characterizes two equivalent descriptions. Distances and weights are defined in order to characterize the discrepancy of these two vectors and to measure the seriousness of errors. Similar to classical error-correcting codes, the authors also apply the minimum distance decoding principle to LNEC codes at each sink node, but use distinct distances. For this decoding principle, it is shown that the minimum distance of a LNEC code at each sink node can fully characterize its error-detecting, error-correcting and erasure-error-correcting capabilities with respect to the sink node. In addition, some important and useful coding bounds in classical coding theory are generalized to linear network error correction coding, including the Hamming bound, the Gilbert-Varshamov bound and the Singleton bound. Several constructive algorithms of LNEC codes are presented, particularly for LNEC MDS codes, along with an analysis of their performance. Random linear network error correction coding is feasible for noncoherent networks with errors. Its performance is investigated by estimating upper bounds on some failure probabilities by analyzing the information transmission and error correction. Finally, the basic theory of subspace codes is introduced including the encoding and decoding principle as well as the channel model, the bounds on subspace codes, code construction and decoding algorithms.

This book constitutes the thoroughly refereed proceedings of the 14th International Workshop on Information Security Applications, WISA 2013, held on Jeju Island, Korea, in August 2013. The 15 revised full papers and 2 short papers presented were carefully reviewed and selected from 39 submissions. The papers are organized in topical sections such as cryptography, social network security, mobile security, network security, future applications and privacy.

This book constitutes the thoroughly refereed post-conference proceedings of the 6th Conference on Theory of Quantum Computation, Communication, and Cryptography, TQC 2011, held in Madrid, Spain, in May 2011. The 14 revised papers presented were carefully selected from numerous submissions. The papers present new and original research and cover a large range of topics in quantum computation, communication and cryptography, a new and interdisciplinary field at the intersection of computer science, information theory and quantum mechanics.

This book constitutes the refereed proceedings of the Third International Conference on Principles of Security and Trust, POST 2014, held as part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2014, Grenoble, France, in April 2014. The 15 papers presented in this volume were carefully reviewed and selected from 55 submissions. They are organized in topical sections named: analysis of cryptographic protocols; quantitative aspects of information flow; information flow control in programming languages; cryptography in implementations and policies and attacks.