This book constitutes the thoroughly refereed post-conference proceedings of the 5th International ICST Conference, SecureComm 2009, held in September 2009 in Athens, Greece.

The 19 revised full papers and 7 revised short papers were carefully reviewed and selected from 76 submissions.

The papers cover various topics such as wireless network security, network intrusion detection, security and privacy for the general internet, malware and misbehavior, sensor networks, key management, credentials and authentications, as well as secure multicast and emerging technologies.

This book constitutes the refereed proceedings of the 12th International Conference on Information Security Conference, ISC 2009, held in Pisa, Italy, September 7-9, 2009.

The 29 revised full papers and 9 revised short papers presented were carefully reviewed and selected from 105 submissions. The papers are organized in topical sections on analysis techniques, hash functions, database security and biometrics, algebraic attacks and proxy re-encryption, distributed system security, identity management and authentication, applied cryptography, access control, MAC and nonces, and P2P and Web services.

This book constitutes the refereed proceedings of the 9th International Conference on Next Generation Teletraffic and Wired/Wireless Advanced Networking, NEW2AN 2009, held in conjunction with the Second Conference on Smart Spaces, ruSMART 2009 in St. Petersburg, Russia, in September 2009.

The 32 revised full papers presented were carefully reviewed and selected from a total of 82 submissions. The NEW2AN papers are organized in topical sections on teletraffic issues; traffic measurements, modeling, and control; peer-to-peer systems; security issues; wireless networks: ad hoc and mesh; and wireless networks: capacity and mobility. The ruSMART papers start with an invited talk followed by 10 papers on smart spaces.

Biometrics is a rapidly evolving field with applications ranging from accessing one 's computer to gaining entry into a country. The deployment of large-scale biometric systems in both commercial and government applications has increased public awareness of this technology. Recent years have seen significant growth in biometric research resulting in the development of innovative sensors, new algorithms, enhanced test methodologies and novel applications. This book addresses this void by inviting some of the prominent researchers in Biometrics to contribute chapters describing the fundamentals as well as the latest innovations in their respective areas of expertise.

Privacy, Security and Trust within the Context of Pervasive Computing is an edited volume based on a post workshop at the second international conference on Pervasive Computing. The workshop was held April18-23, 2004, in Vienna, Austria.

The goal of the workshop was not to focus on specific, even novel mechanisms, but rather on the interfaces between mechanisms in different technical and social problem spaces. An investigation of the interfaces between the notions of context, privacy, security, and trust will result in a deeper understanding of the "atomic" problems, leading to a more complete understanding of the social and technical issues in pervasive computing.

The NordSec workshops were started in 1996 with the aim of bringing together - searchers and practitioners within computer security in the Nordic countries - thereby establishing a forum for discussions and co-operation between universities, industry and computer societies. Since then, the workshop has developed into a fully fledged inter- tional information security conference, held in the Nordic countries on a round robin basis. The 14th Nordic Conference on Secure IT Systems was held in Oslo on 14-16 October 2009. Under the theme Identity and Privacy in the Internet Age, this year's conference explored policies, strategies and technologies for protecting identities and the growing flow of personal information passing through the Internet and mobile n- works under an increasingly serious threat picture. Among the contemporary security issues discussed were security services modeling, Petri nets, attack graphs, electronic voting schemes, anonymous payment schemes, mobile ID-protocols, SIM cards, n- work embedded systems, trust, wireless sensor networks, privacy, privacy disclosure regulations, financial cryptography, PIN verification, temporal access control, random number generators, and some more. As a pre-cursor to the conference proper, the Nordic Security Day on Wednesday 14 October hosted talks by leading representatives from industry, academia and the g- ernment sector, and a press conference was given.

In recent years there has been growing scientific interest in the triangular relationship between knowledge. complexity and innovation systems. The concept of'innovation systems' carries the idea that innovations do not originate as isolated discrete phenomena, but are generated through the interaction of a number of actors or agents. This set of actors and interactions possess certain specific characteristics that tend to remain over time. Such characteristics are also shared by national, regional, sectoral and technological interaction systems. They can all be represented as sets of institutional] actors and interactions, whose ultimate goal is the production and diffusion of knowledge. The major theoretical and policy problem posed by these systems is that knowledge is generated not only by individuals and organisations, but also by the often complex pattern of interaction between them. To understand how organisations create new products, new production techniques and new organisational forms is important. An even more fundamental need is to understand how organisations create new knowledge if this knowledge creation lies in the mobilisation and conversion of tacit knowledge. Although much has been written about the importance of knowledge in management, little attention has been paid to how knowledge is created and how the knowledge creation process is managed. The third component of the research triangle concerns complexity."

FastSoftwareEncryption2009wasthe16thin a seriesofworkshopsonsymm- ric key cryptography. Starting from 2002, it is sponsored by the International Association for Cryptologic Research (IACR). FSE 2009 was held in Leuven, Belgium, after previous venues held in Cambridge, UK (1993, 1996), Leuven, Belgium (1994, 2002), Haifa, Israel (1997), Paris, France (1998, 2005), Rome, Italy (1999), New York, USA (2000), Yokohama, Japan (2001), Lund, Sweden (2003), New Delhi, India (2004), Graz, Austria (2006), Luxembourg, Lux- bourg (2007), and Lausanne, Switzerland (2008). The workshop's main topic is symmetric key cryptography, including the designoffast andsecuresymmetrickeyprimitives,suchas block ciphers,stream ciphers, hash functions, message authentication codes, modes of operation and iteration, as well as the theoretical foundations of these primitives. This year, 76 papers were submitted to FSE including a large portion of papers on hash functions, following the NIST SHA-3 competition, whose wo- shop was held just after FSE in the same location. From the 76 papers, 24 were accepted for presentation. It is my pleasure to thank all the authors of all s- missions for the high-quality research, which is the base for the scienti?c value of the workshop. The review process was thorough (each submission received the attention of at least three reviewers), and at the end, besides the accepted papers, the Committee decided that the merits of the paper "Blockcipher-Based Hashing Revisited" entitled the authors to receive the best paper award. I wish to thank all Committee members and the referees for their hard and dedicated work.

As e-learning increases in popularity and reach, more people are taking online courses and need to understand the relevant security issues. This book discusses typical threats to e-learning projects, introducing how they have been and should be addressed.

This book provides a good introduction to the classical elementary number theory and the modern algorithmic number theory, and their applications in computing and information technology, including computer systems design, cryptography and network security. In this second edition proofs of many theorems have been provided, further additions and corrections were made.

As cyberspace continues to rapidly expand, its infrastructure is now an in- gral part of the world's economy and social structure. Given this increasing int- connectivity and interdependence, what progress has been made in developing an ecosystem of safety and security? This study is the second phase of an initial - tempt to survey and catalog the multitude of emerging organizations promoting global initiatives to secure cyberspace. The authors provide a breakdown and analysis of organizations by type, - cluding international, regional, private-public, and non-governmental organi- tions. Concluding with a discussion of the progress made in recent years, the study explores current trends regarding the effectiveness and scope of coverage provided by these organizations and addresses several questions concerning the overall state of international cyber security. The authors would like to thank Mr. Anthony Rutkowski for generously p- viding his time, guidance, and support. The authors would also like to thank the International Telecommunication Union (ITU) Telecommunication Development Sector (ITU-D) and the United States National Science Foundation (NSF Grant R3772) for partially supporting the research conducted in this study. In addition, the authors would like to thank the Georgia Institute of Technology's Center for International Strategy, Technology, and Policy (CISTP) for assistance in hosting the Cyber Security Organization Catalog, and the Georgia Tech Information Se- rity Center (GTISC) for cooperation and promotion of this study. Table of Contents 1 The International Landscape of Cyber Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 2 A Brief History of Global Responses to Cyber Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Computer security - the protection of data and computer systems from intentional, malicious intervention - is attracting increasing attention. Much work has gone into development of tools to detect ongoing or already perpetrated attacks, but a key shortfall in current intrusion detection systems is the high number of false alarms they produce. This book analyzes the false alarm problem, then applies results from the field of information visualization to the problem of intrusion detection. Four different visualization approaches are presented, mainly applied to data from web server access logs.

The theory of algebraic function fields over finite fields has its origins in number theory. However, after Goppas discovery of algebraic geometry codes around 1980, many applications of function fields were found in different areas of mathematics and information theory. This book presents survey articles on some of these new developments. The topics focus on material which has not yet been presented in other books or survey articles.

Critical Infrastructure Protection II describes original research results and innovative applications in the interdisciplinary field of critical infrastructure protection. Also, it highlights the importance of weaving science, technology and policy in crafting sophisticated solutions that will help secure information, computer and network assets in the various critical infrastructure sectors.

This book is the second volume in the annual series produced by the International Federation for Information Processing (IFIP) Working Group 11.10 on Critical Infrastructure Protection, an international community of scientists, engineers, practitioners and policy makers dedicated to advancing research, development and implementation efforts focused on infrastructure protection. The book contains a selection of twenty edited papers from the Second Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection held at George Mason University, Arlington, Virginia, USA in the spring of 2008.

This is the first joint working conference between the IFIP Working Groups 11. 1 and 11. 5. We hope this joint conference will promote collaboration among researchers who focus on the security management issues and those who are interested in integrity and control of information systems. Indeed, as management at any level may be increasingly held answerable for the reliable and secure operation of the information systems and services in their respective organizations in the same manner as they are for financial aspects of the enterprise, there is an increasing need for ensuring proper standards of integrity and control in information systems in order to ensure that data, software and, ultimately, the business processes are complete, adequate and valid for intended functionality and expectations of the owner (i. e. the user organization). As organizers, we would like to thank the members of the international program committee for their review work during the paper selection process. We would also like to thank the authors of the invited papers, who added valuable contribution to this first joint working conference. Paul Dowland X. Sean Wang December 2005 Contents Preface vii Session 1 - Security Standards Information Security Standards: Adoption Drivers (Invited Paper) 1 JEAN-NOEL EZINGEARD AND DAVID BIRCHALL Data Quality Dimensions for Information Systems Security: A Theorectical Exposition (Invited Paper) 21 GURVIRENDER TEJAY, GURPREET DHILLON, AND AMITA GOYAL CHIN From XML to RDF: Syntax, Semantics, Security, and Integrity (Invited Paper) 41 C. FARKAS, V. GowADiA, A. JAIN, AND D.

This book gathers concepts of information across diverse fields -physics, electrical engineering and computational science - surveying current theories, discussing underlying notions of symmetry, and showing how the capacity of a system to distinguish itself relates to information. The author develops a formal methodology using group theory, leading to the application of Burnside's Lemma to count distinguishable states. This provides a tool to quantify complexity and information capacity in any physical system.

The development of net-centric approaches for intelligence and national security applications has become a major concern in many areas such as defense, intelligence and national and international law enforcement agencies. In this volume we consider the web architectures and recent developments that make n- centric approaches for intelligence and national security possible. These include developments in information integration and recent advances in web services including the concept of the semantic web. Discovery, analysis and management of web-available data pose a number of interesting challenges for research in w- based management systems. Intelligent agents and data mining are some of the techniques that can be employed. A number of specific systems that are net-centric based in various areas of military applications, intelligence and law enforcement are presented that utilize one or more of such techniques The opening chapter overviews the concepts related to ontologies which now form much of the basis of the possibility of sharing of information in the Semantic Web. In the next chapter an overview of Web Services and examples of the use of Web Services for net-centric operations as applied to meteorological and oceanographic (MetOc) data is presented and issues related to the Navy's use of MetOc Web Services are discussed. The third chapter focuses on metadata as conceived to support the concepts of a service-oriented architecture and, in particular, as it relates to the DoD Net-Centric Data Strategy and the NCES core services.

Effective response to misuse or abusive activity in IT systems requires the capability to detect and understand improper activity. Intrusion Detection Systems observe IT activity, record these observations in audit data, and analyze the collected audit data to detect misuse. Privacy-Respecting Intrusion Detection introduces the concept of technical purpose binding, which restricts the linkability of pseudonyms in audit data to the amount necessary for misuse detection. Also, it limits the recovery of personal data to pseudonyms involved in a detected misuse scenario. The book includes case studies demonstrating this theory, and solutions that are constructively validated by providing algorithms.

To defend against computer and network attacks, multiple, complementary security devices such as intrusion detection systems (IDSs), and firewalls are widely deployed to monitor networks and hosts. These various IDSs will flag alerts when suspicious events are observed. This book is an edited volume by world class leaders within computer network and information security presented in an easy-to-follow style. It introduces defense alert systems against computer and network attacks. It also covers integrating intrusion alerts within security policy framework for intrusion response, related case studies and much more.

The Annual (ICGS) International Conference is an established platform in which se- rity, safety and sustainability issues can be examined from several global perspectives through dialogue between academics, students, government representatives, chief executives, security professionals, and research scientists from the United Kingdom and from around the globe. The 2009 two-day conference focused on the challenges of complexity, rapid pace of change and risk/opportunity issues associated with modern products, systems, s- cial events and infrastructures. The importance of adopting systematic and systemic approaches to the assurance of these systems was emphasized within a special stream focused on strategic frameworks, architectures and human factors. The conference provided an opportunity for systems scientists, assurance researchers, owners, ope- tors and maintainers of large, complex and advanced systems and infrastructures to update their knowledge with the state of best practice in these challenging domains while networking with the leading researchers and solution providers. ICGS3 2009 received paper submissions from more than 20 different countries around the world. Only 28 papers were selected and were presented as full papers. The program also included three keynote lectures by leading researchers, security professionals and government representatives. June 2009 Hamid Jahankhani Ali Hessami Feng Hsu

Over the last decade a number of research areas have contributed to the concept of advanced intelligent environments, these include ubiquitous computing, pervasive computing, embedded intelligence, intelligent user interfaces, human factors, intelligent buildings, mobile communications, domestic robots, intelligent sensors, artistic and architectural design and ambient intelligence. Undeniably, multimodal spoken language dialogue interaction is a key factor in ensuring natural interaction and therefore of particular interest for advanced intelligent environments. It will therefore represent one focus of the proposed book. The book will cover all key topics in the field of intelligent environments from a variety of leading researchers. It will bring together several perspectives in research and development in the area.

During the past two decades, many communication techniques have been developed to achieve various goals such as higher data rate, more robust link quality, andmoreusercapacityinmorerigorouschannelconditions.Themost well known are, for instance, CDMA, OFDM, MIMO, multiuser OFDM, and UWB systems.All these systems havetheir ownunique superioritywhile they also induce other drawbacks that limit the system performance. Conventional way to overcome the drawback is to impose most of the computational e?ort in the receiver side and let the transmitter design much simpler than receiver. The fact is that, however, by leveraging reasonable computational e?ort to the transmitter, the receiver design can be greatly simpli?ed. For instance, multiaccess interference (MAI) has long been considered to limit the perf- mance of multiuser systems. Popular solutions to mitigate MAI issue include multiuser detection (MUD) or sophisticated signal processing for interference cancellation such as PIC or SIC. However, those solutions impose great b- den in the receiver. In this case, precoding o?er good solutions to achieve simple transceiver designs as we will mention later in this book. This book is intended to provide a comprehensive review of precoding techniques for digital communications systems from a signal processing p- spective. The variety of selected precoding techniques and their applications makes this book quite di?erent from other texts about precoding techniques in digital communication engineering

A Classical Introduction to Cryptography: Applications for Communications Security introduces fundamentals of information and communication security by providing appropriate mathematical concepts to prove or break the security of cryptographic schemes.

This advanced-level textbook covers conventional cryptographic primitives and cryptanalysis of these primitives; basic algebra and number theory for cryptologists; public key cryptography and cryptanalysis of these schemes; and other cryptographic protocols, e.g. secret sharing, zero-knowledge proofs and undeniable signature schemes.

A Classical Introduction to Cryptography: Applications for Communications Security is designed for upper-level undergraduate and graduate-level students in computer science. This book is also suitable for researchers and practitioners in industry. A separate exercise/solution booklet is available as well, please go to www.springeronline.com under author: Vaudenay for additional details on how to purchase this booklet.

This essential resource for professionals and advanced students in security programming and system design introduces the foundations of programming systems security and the theory behind access control models, and addresses emerging access control mechanisms.

Information and Its Role in Nature presents an in-depth interdisciplinary discussion of the concept of information and its role in the control of natural processes. After a brief review of classical and quantum information theory, the author addresses numerous central questions, including: Is information reducible to the laws of physics and chemistry? Does the Universe, in its evolution, constantly generate new information? Or are information and information-processing exclusive attributes of living systems, related to the very definition of life? If so, what is the role of information in classical and quantum physics? In what ways does information-processing in the human brain bring about self-consciousness? Accessible to graduate students and professionals from all scientific disciplines, this stimulating book will help to shed light on many controversial issues at the heart of modern science.