This sixth volume in the series Integrity and Internal Control in Information Systems is a state-of-the-art collection of papers in the area of integrity within information systems and the relationship between integrity in information systems and the overall internal control systems that are established in organizations to support corporate governance codes. Integrity and Internal Control in Information Systems VI represents a continuation of the dialogue between information security specialists, internal control specialists and the business community. The objectives of this dialogue are: To present methods and techniques that will help business achieve the desired level of integrity in information systems and data; To present the results of research that may in future be used to increase the level of integrity or help management maintain the desired level of integrity; To investigate the shortcomings in the technologies presently in use, shortcomings that require attention in order to protect the integrity of systems in general.The book contains a collection of papers from the Sixth International Working Conference on Integrity and Internal Control in Information Systems (IICIS), sponsored by the International Federation for Information Processing (IFIP) and held in Lausanne, Switzerland in November 2003. It will be essential reading for academics and practitioners in computer science, information technology, business informatics, accountancy and IT-auditing.

This book constitutes the thoroughly refereed post-conference proceedings of the 15th International Conference on Information Security and Cryptology, ICISC 2012, held in Seoul, Korea, in November 2012. The 32 revised full papers presented together with 3 invited talks were carefully selected from 120 submissions during two rounds of reviewing. The papers provide the latest results in research, development, and applications in the field of information security and cryptology. They are organized in topical sections on attack and defense, software and Web security, cryptanalysis, cryptographic protocol, identity-based encryption, efficient implementation, cloud computing security, side channel analysis, digital signature, and privacy enhancement.

This book constitutes the refereed proceedings of the Second International Conference on Principles of Security and Trust, POST 2013, held as part of the European Joint Conference on Theory and Practice of Software, ETAPS 2013, in Rome, Italy, in March 2013. The 14 papers included in this volume were carefully reviewed and selected from 59 submissions. They deal with the theoretical and foundational aspects of security and trust such as new theoretical results, practical applications of existing foundational ideas, and innovative theoretical approaches stimulated by pressing practical problems.

The protection of sensitive information against unauthorized access or fraudulent changes has been of prime concern throughout the centuries. Modern communication techniques, using computers connected through networks, make all data even more vulnerable to these threats. In addition, new issues have surfaced that did not exist previously, e.g. adding a signature to an electronic document. Cryptology addresses the above issues - it is at the foundation of all information security. The techniques employed to this end have become increasingly mathematical in nature. Fundamentals of Cryptology serves as an introduction to modern cryptographic methods. After a brief survey of classical cryptosystems, it concentrates on three main areas. First, stream ciphers and block ciphers are discussed. These systems have extremely fast implementations, but sender and receiver must share a secret key. Second, the book presents public key cryptosystems, which make it possible to protect data without a prearranged key. Their security is based on intractable mathematical problems, such as the factorization of large numbers.The remaining chapters cover a variety of topics, including zero-knowledge proofs, secret sharing schemes and authentication codes. Two appendices explain all mathematical prerequisites in detail: one presents elementary number theory (Euclid's Algorithm, the Chinese Remainder Theorem, quadratic residues, inversion formulas, and continued fractions) and the other introduces finite fields and their algebraic structure. Fundamentals of Cryptology is an updated and improved version of An Introduction to Cryptology, originally published in 1988. Apart from a revision of the existing material, there are many new sections, and two new chapters on elliptic curves and authentication codes, respectively. Fundamentals of Cryptology will be of interest to computer scientists, mathematicians, and researchers, students, and practitioners in the area of cryptography.

This book constitutes the thoroughly refereed post-conference proceedings of the workshop on Usable Security, USEC 2013, and the third Workshop on Applied Homomorphic Cryptography, WAHC 2013, held in conjunction with the 17th International Conference on Financial Cryptology and Data Security, FC 2013, in Okinawa, Japan. The 16 revised full papers presented were carefully selected from numerous submissions and cover all aspects of data security. The goal of the USEC workshop was to engage on all aspects of human factors and usability in the context of security. The goal of the WAHC workshop was to bring together professionals, researchers and practitioners in the area of computer security and applied cryptography with an interest in practical applications of homomorphic encryption, secure function evaluation, private information retrieval or searchable encryption to present, discuss, and share the latest findings in the field, and to exchange ideas that address real-world problems with practical solutions using homomorphic cryptography.

This book constitutes the refereed proceedings of the 5th International Conference on Pairing-Based Cryptography, Pairing 2012, held in Cologne, Germany, in May 2012.
The 17 full papers for presentation at the academic track and 3 full papers for presentation at the industrial track were carefully reviewed and selected from 49 submissions. These papers are presented together with 6 invited talks. The contributions are organized in topical sections on: algorithms for pairing computation, security models for encryption, functional encryption, implementations in hardware and software, industry track, properties of pairings, and signature schemes and applications.

The 7th Annual Working Conference of ISMSSS (lnformation Security Management and Small Systems Security), jointly presented by WG 11.1 and WG 11.2 of the International Federation for Information Processing {IFIP), focuses on various state-of-art concepts in the two relevant fields. The conference focuses on technical, functional as well as managerial issues. This working conference brings together researchers and practitioners of different disciplines, organisations, and countries, to discuss the latest developments in (amongst others) secure techniques for smart card technology, information security management issues, risk analysis, intranets, electronic commerce protocols, certification and accreditation and biometrics authentication. W e are fortunate to have attracted at least six highly acclaimed international speakers to present invited lectures, which will set the platform for the reviewed papers. Invited speakers will talk on a broad spectrum of issues, all related to information security management and small system security issues. These talks cover new perspectives on secure smart card systems, the role of BS7799 in certification, electronic commerce and smart cards, iris biometrics and many more. AH papers presented at this conference were reviewed by a minimum of two international reviewers. W e wish to express our gratitude to all authors of papers and the international referee board. W e would also like to express our appreciation to the organising committee, chaired by Leon Strous, for aU their inputs and arrangements.

This book constitutes the thoroughly refereed proceedings of the 10th Theory of Cryptography Conference, TCC 2013, held in Tokyo, Japan, in March 2013. The 36 revised full papers presented were carefully reviewed and selected from 98 submissions. The papers cover topics such as study of known paradigms, approaches, and techniques, directed towards their better understanding and utilization; discovery of new paradigms, approaches and techniques that overcome limitations of the existing ones; formulation and treatment of new cryptographic problems; study of notions of security and relations among them; modeling and analysis of cryptographic algorithms; and study of the complexity assumptions used in cryptography.

This book constitutes the refereed proceedings of the 5th International Symposium on Engineering Secure Software and Systems, ESSoS 2013, held in Paris, France, in February/March 2013. The 13 revised full papers presented together with two idea papers were carefully reviewed and selected from 62 submissions. The papers are organized in topical sections on secure programming, policies, proving, formal methods, and analyzing.

The volume contains the papers presented at the fifth working conference on Communications and Multimedia Security (CMS 2001), held on May 21-22, 2001 at (and organized by) the GMD -German National Research Center for Information Technology GMD - Integrated Publication and Information Systems Institute IPSI, in Darmstadt, Germany. The conference is arranged jointly by the Technical Committees 11 and 6 of the International Federation of Information Processing (IFIP) The name "Communications and Multimedia Security" was first used in 1995, Reinhard Posch organized the first in this series of conferences in Graz, Austria, following up on the previously national (Austrian) "IT Sicherheit" conferences held in Klagenfurt (1993) and Vienna (1994). In 1996, the CMS took place in Essen, Germany; in 1997 the conference moved to Athens, Greece. The CMS 1999 was held in Leuven, Belgium. This conference provides a forum for presentations and discussions on issues which combine innovative research work with a highly promising application potential in the area of security for communication and multimedia security. State-of-the-art issues as well as practical experiences and new trends in the areas were topics of interest again, as it has already been the case at previous conferences. This year, the organizers wanted to focus the attention on watermarking and copyright protection for e commerce applications and multimedia data. We also encompass excellent work on recent advances in cryptography and their applications. In recent years, digital media data have enormously gained in importance.

Security and Privacy in the Age of Uncertainty covers issues related to security and privacy of information in a wide range of applications including: *Secure Networks and Distributed Systems; *Secure Multicast Communication and Secure Mobile Networks; *Intrusion Prevention and Detection; *Access Control Policies and Models; *Security Protocols; *Security and Control of IT in Society. This volume contains the papers selected for presentation at the 18th International Conference on Information Security (SEC2003) and at the associated workshops. The conference and workshops were sponsored by the International Federation for Information Processing (IFIP) and held in Athens, Greece in May 2003.

The focus of this monograph is on symmetry breaking problems in the message-passing model of distributed computing. In this model a communication network is represented by a n-vertex graph G = (V,E), whose vertices host autonomous processors. The processors communicate over the edges of G in discrete rounds. The goal is to devise algorithms that use as few rounds as possible. A typical symmetry-breaking problem is the problem of graph coloring. Denote by ? the maximum degree of G. While coloring G with ? + 1 colors is trivial in the centralized setting, the problem becomes much more challenging in the distributed one. One can also compromise on the number of colors, if this allows for more efficient algorithms. Other typical symmetry-breaking problems are the problems of computing a maximal independent set (MIS) and a maximal matching (MM). The study of these problems dates back to the very early days of distributed computing. The founding fathers of distributed computing laid firm foundations for the area of distributed symmetry breaking already in the eighties. In particular, they showed that all these problems can be solved in randomized logarithmic time. Also, Linial showed that an O(?2)-coloring can be solved very efficiently deterministically. However, fundamental questions were left open for decades. In particular, it is not known if the MIS or the (? + 1)-coloring can be solved in deterministic polylogarithmic time. Moreover, until recently it was not known if in deterministic polylogarithmic time one can color a graph with significantly fewer than ?2 colors. Additionally, it was open (and still open to some extent) if one can have sublogarithmic randomized algorithms for the symmetry breaking problems. Recently, significant progress was achieved in the study of these questions. More efficient deterministic and randomized (? + 1)-coloring algorithms were achieved. Deterministic ?1 + o(1)-coloring algorithms with polylogarithmic running time were devised. Improved (and often sublogarithmic-time) randomized algorithms were devised. Drastically improved lower bounds were given. Wide families of graphs in which these problems are solvable much faster than on general graphs were identified. The objective of our monograph is to cover most of these developments, and as a result to provide a treatise on theoretical foundations of distributed symmetry breaking in the message-passing model. We hope that our monograph will stimulate further progress in this exciting area.

This book constitutes the thoroughly refereed post-proceedings of the 17th International Workshop on Security Protocols, SP 2009, held in Cambridge, UK, in April 2009. The 17 revised full papers presented together with edited transcriptions of some of the discussions following the presentations have gone through multiple rounds of reviewing, revision, and selection. The theme of this workshop was "Brief Encounters". In the old days, security protocols were typically run first as preliminaries to, and later to maintain, relatively stable continuing relationships between relatively unchanging individual entities. Pervasive computing, e-bay and second life have shifted the ground: we now frequently desire a secure commitment to a particular community of entities, but relatively transient relationships with individual members of it, and we are often more interested in validating attributes than identity. The papers and discussions in this volume examine the theme from the standpoint of various different applications and adversaries.

This book constitutes the refereed proceedings of the International Conference on Information and Communication Technology, ICT-EurAsia 2013, and the collocation of AsiaARES 2013 as a special track on Availability, Reliability, and Security, held in Yogyakarta, Indonesia, in March 2013. The 62 revised full papers presented were carefully reviewed and selected from a numerous submissions. The papers are organized in topical sections on e-society, software engineering, security and privacy, cloud and internet computing, knowledge management, dependable systems and applications, cryptography, privacy and trust management, network analysis and security, and multimedia security.

This book constitutes the proceedings of the 15th International Workshop on Cryptographic Hardware and Embedded Systems, CHES 2013, held in Santa Barbara, CA, USA, in August 2013. The 27 papers presented were carefully reviewed and selected from 132 submissions. The papers are organized in the following topical sections: side-channel attacks; physical unclonable function; lightweight cryptography; hardware implementations and fault attacks; efficient and secure implementations; elliptic curve cryptography; masking; side-channel attacks and countermeasures.

This book constitutes the thoroughly refereed post-conference proceedings of the 19th International Conference on Selected Areas in Cryptography, SAC 2012, held in Windsor, Ontario, Canada, in August 2012. The 24 papers presented were carefully reviewed and selected from 87 submissions. They are organized in topical sections named: cryptanalysis, digital signatures, stream ciphers, implementations, block cipher cryptanalysis, lattices, hashfunctions, blockcipher constructions, and miscellaneous.

This book constitutes the refereed proceedings of the Cryptographers' Track at the RSA Conference 2013, CT-RSA 2013, held in San Francisco, CA, USA, in February/March 2013. The 25 revised full papers presented were carefully reviewed and selected from 89 submissions. The papers are grouped into topical sections covering: side channel attacks, digital signatures, public-key encryption, cryptographic protocols, secure implementation methods, symmetric key primitives, and identity-based encryption.

This book constitutes revised selected papers from the 7th Conference on Theory of Quantum Computation, Communication, and Cryptography, TQC 2012, held in Tokyo, Japan, in May 2012. The 12 papers presented were carefully reviewed and selected for inclusion in this book. They contain original research on the rapidly growing, interdisciplinary field of quantum computation, communication and cryptography. Topics addressed are such as quantum algorithms, quantum computation models, quantum complexity theory, simulation of quantum systems, quantum programming languages, quantum cryptography, quantum communication, quantum estimation, quantum measurement, quantum tomography, completely positive maps, decoherence, quantum noise, quantum coding theory, fault-tolerant quantum computing, entanglement theory, and quantum teleportation.

This book contains the thoroughly refereed post-conference proceedings of the 14th Information Hiding Conference, IH 2012, held in Berkeley, CA, USA, in May 2012. The 18 revised full papers presented were carefully reviewed and selected from numerous submissions. The papers are organized in topical sections on multimedia forensics and counter-forensics, steganalysis, data hiding in unusual content, steganography, covert channels, anonymity and privacy, watermarking, and fingerprinting.

Selected Areas in Cryptography brings together in one place important contributions and up-to-date research results in this fast moving area. Selected Areas in Cryptography serves as an excellent reference, providing insight into some of the most challenging research issues in the field.

This volume contains papers presented at the fourth working conference on Communications and Multimedia Security (CMS'99), held in Leuven, Belgium from September 20-21, 1999. The Conference, arrangedjointly by Technical Committees 11 and 6 of the International Federation of Information Processing (IFIP), was organized by the Department of Electrical Engineering of the Katholieke Universiteit Leuven. The name "Communications and Multimedia Security" was used for the first time in 1995, when Reinhard Posch organized the first in this series of conferences in Graz, Austria, following up on the previously national (Austrian) IT Sicherheit conferences held in Klagenfurt (1993) and Vienna (1994). In 1996, CMS took place in Essen, Germany; in 1997 the conference moved to Athens, Greece. The Conference aims to provide an international forum for presentations and discussions on protocols and techniques for providing secure information networks. The contributions in this volume review the state-of the-art in communications and multimedia security, and discuss practical of topics experiences and new developments. They cover a wide spectrum inc1uding network security, web security, protocols for entity authentication and key agreement, protocols for mobile environments, applied cryptology, watermarking, smart cards, and legal aspects of digital signatures.

Foreword by Pierangela Samarati

Privacy requirements have an increasing impact on the realization of modern applications. Commercial and legal regulations demand that privacy guarantees be provided whenever sensitive information is stored, processed, or communicated to external parties. Current approaches encrypt sensitive data, thus reducing query execution efficiency and preventing selective information release.

Preserving Privacy in Data Outsourcing presents a comprehensive approach for protecting highly sensitive information when it is stored on systems that are not under the data owner's control. The approach illustrated combines access control and encryption, enforcing access control via structured encryption. This solution, coupled with efficient algorithms for key derivation and distribution, provides efficient and secure authorization management on outsourced data; it allows the data owner to outsource not only the data but the security policy itself. The last section of this book investigates the problem of executing queries over possible data distributed at different servers. Case Studies will be provided.

About this book:

Exclusively focuses on addressing protection of confidential information in the emerging data outsourcing scenarios.

Presents relevant and critical novel problems and novel techniques, a precious reference point to students, researchers, and developers in this field.

Provides a comprehensive overview of the data protection problem in outsourcing scenarios, as well as a rigorous analysis and formalization of the problem and solutions to it.

Privacy, data mining, data protection, data outsourcing, electronic commerce, machine learning professionals and others working in these related fields will find this book a valuable asset, as well as primary associations such as ACM, IEEE and Management Science. This book is also suitable for advanced level students and researchers concentrating on computer science as a secondary text or reference book.

This book constitutes the thoroughly refereed joint post proceedings of two international workshops, the 7th International Workshop on Data Privacy Management, DPM 2012, and the 5th International Workshop on Autonomous and Spontaneous Security, SETOP 2012, held in Pisa, Italy, in September 2012. The volume contains 13 full papers selected out of 31 submissions and 3 keynote lectures from the DPM workshop and 10 papers selected among numerous submissions from the SETOP workshop. The contributions from DPM cover topics from location privacy, citizens' privacy, privacy, authentication with anonymity, privacy in distributed systems, privacy policies, and automated privacy enforcement. The SETOP contributions provide a unique view of ongoing security research work in a number of emerging environments that are becoming part of the global ICT infrastructure, from content-centric to mobile and wireless networks. Also, some of them cover the key role of run-time enforcement in process and service security. The topics of SETOP papers include: security policy deployment; distributed intrusion detection; autonomous and spontaneous response; privacy policies; secure localization; context aware and ubiquitous computing; identity management.

This book constitutes the thoroughly refereed post-workshop proceedings of the 20th International Workshop on Security Protocols, held in Cambridge, UK, in April 2012. Following the tradition of this workshop series, each paper war revised by the authors to incorporate ideas from the workshop, and is followed in these proceedings by an edited transcription of the presentation and ensuing discussion. The volume contains 14 papers with their transcriptions as well as an introduction, i.e. 29 contributions in total. The theme of the workshop was "Bringing protocols to life."