This book constitutes the refereed proceedings of the Fourth VLDB 2007 International Workshop on Secure Data Management, SDM 2007, held in Vienna, Austria, September 23-24, 2007 in conjunction with VLDB 2007.

The 11 revised full papers presented were carefully reviewed and selected from 29 submissions. The papers are organized in topical sections on Access Control, Database Security, Privacy Protection and Positon Papers.

Since the mid 1990s, data hiding has been proposed as an enabling technology for securing multimedia communication, and is now used in various applications including broadcast monitoring, movie fingerprinting, steganography, video indexing and retrieval, and image authentication. Data hiding and cryptographic techniques are often combined to complement each other, thus triggering the development of a new research field of multimedia security. Besides, two related disciplines, steganalysis and data forensics, are increasingly attracting researchers and becoming another new research field of multimedia security. This journal, LNCS Transactions on Data Hiding and Multimedia Security, aims to be a forum for all researchers in these emerging fields, publishing both original and archival research results.

This second issue contains five papers dealing with a wide range of topics related to multimedia security. The first paper introduces Fingercasting, which allows joint fingerprinting and decryption of broadcast messages. The second paper presents an estimation attack on content-based video fingerprinting. The third proposes a statistics and spatiality-based feature distance measure for error resilient image authentication. The fourth paper reports on LTSB steganalysis. Finally, the fifth paper surveys various blind and robust watermarking schemes for 3D shapes.

Negli ultimi decenni il rapido sviluppo delle tecnologie IT ha influito in maniera determinante nella vita dell'uomo, trasformando, spesso inconsapevolmente il suo lavoro, le sue abitudini, il suo modo di interagire con il mondo che lo circonda. Il fenomeno della "globalizzazione" dei mercati e solo una delle trasformazioni che l'intero pianeta sta attraversando. Anche se i vantaggi derivanti dall'utilizzo delle moderne tecnologie di comunicazione ci facilitano nel lavoro e nella attivita ludiche e personali, molte sono le perplessita e i dubbi che attanagliano tutti coloro che le utilizzano. Se l'Information Technology rappresenta il "combustibile" indispensabile per la sopravvivenza delle aziende e delle attivita dell'uomo, nel contempo puo generare problematicita di grande rilievo. Il testo tratta alcune delle problematiche che destano preoccupazioni rilevanti nel mondo intero come il consumo energetico dei sistemi informatici (incontrollabili e inquinanti), il problema della garanzia della privacy e dell'integrita dei dati su Internet, l'utilizzo della rete Internet come strumento di controllo delle masse, la possibile sparizione degli attuali sistemi operativi che potranno essere sostituiti dal sistema operativo Web Operating System."

This book constitutes the refereed proceedings of the 8th International Symposium on Recent Advances in Intrusion Detection held in September 2005. The 15 revised full papers and two practical experience reports were carefully reviewed and selected from 83 submissions. The papers are organized in topical sections on worm detection and containment, anomaly detection, intrusion prevention and response, intrusion detection based on system calls and network-based, as well as intrusion detection in mobile and wireless networks.

This book constitutes the refereed proceedings of the 10th International Conference on Practice and Theory in Public-Key Cryptography, PKC 2007, held in Beijing, China in April 2007.

The 29 revised full papers presented together with 2 invited lectures were carefully reviewed and selected from 118 submissions. The papers are organized in topical sections on signatures, cryptanalysis, protocols, multivariate cryptosystems, encryption, number theoretic techniques, and public-key infrastructure.

Asiacrypt, the annual conference of cryptology sponsored by IACR is now 11 years old. Asiacrypt 2005 was held during December 4-8, 2005, at Hotel Taj Coromandel, Chennai, India.This conferencewasorganizedby theInternational Association for Cryptologic Research (IACR) in cooperation with the Indian Institute of Technology (IIT), Chennai. Thisyearatotalof237papersweresubmittedtoAsiacrypt2005.Thesubm- sionscoveredallareasofcryptographicresearchrepresentingthecurrentstateof work in the crypto community worldwide. Each paper was blind reviewed by at least three members of the Program Committee and papers co-authored by the PC members were reviewed by at least six members. This ?rst phase of review by the PC members was followed by a detailed discussion on the papers. At the end of the reviewing process 37 papers were accepted and were presented at the conference. The proceedings contain the revised versionsof the accepted papers. In addition we were fortunate to have Prof. Andrew Yao and Prof. Bart Preneel as invited speakers. Based on a discussion and subsequent voting among the PC members, the Best Paper Award for this year's Asiacrypt was conferred to Pascal Paillier and Damien Vergnaud for the paper entitled "Discrete-Log-Based Signatures May Not Be Equivalent to Discrete Log." I would like to thank the following people. First, the General Chair, Prof.

The ?rst SKLOIS Conference on Information Security and Cryptography(CISC 2005) was organized by the State Key Laboratory of Information Security of the Chinese Academy of Sciences. It was held in Beijing, China, December 15-17,2005andwassponsoredbytheInstituteofSoftware, theChineseAcademy of Sciences, the Graduate School of the Chinese Academy of Sciences and the National Science Foundation of China. The conference proceedings, represe- ing invited and contributed papers, are published in this volume of Springer s Lecture Notes in Computer Science (LNCS) series. The area of research covered by CISC has been gaining importance in recent years, and a lot of fundamental, experimental and applied work has been done, advancing the state of the art. The program of CISC 2005 covered numerous ?elds of research within the general scope of the conference. The International Program Committee of the conference received a total of 196 submissions (from 21 countries). Thirty-three submissions were selected for presentation as regular papers and are part of this volume. In addition to this track, the conference also hosted a short-paper track of 32 presentations that were carefully selected as well. All submissions were reviewed by experts in the relevant areas and based on their ranking and strict selection criteria the papers were selected for the various tracks. We note that stricter criteria were applied to papers co-authored by program committee members. We further note that, obviously, no member took part in in?uencing the ranking of his or her own submissions."

Mycrypt 2005 was the inaugural international conference on cryptology hosted in Malaysia. The conference was co-organized by the Information Security - search Lab at Swinburne University of Technology (Sarawak Campus), NISER (National ICT Security and Emergency Response Centre) and INSPEM (Ins- tute for MathematicalResearch)at UPM (UniversityPutra Malaysia).Mycrypt 2005 was held in Kuala Lumpur, Malaysia during September 28-30 2005, in conjunction with the e-Secure Malaysia 2005 convention. Therewere90paper submissionsfrom23 countriescoveringall areasof cr- tologic research, from which 19 were accepted. We would like to extend our thanks to all authors who submitted papers to Mycrypt 2005. Each paper was sentanonymouslytoatleast3membersoftheInternationalProgramCommittee for reviews and comments. The review comments were then followed by disc- sions among the Program Committee. A recipient of the Best Paper Award was also selected after voting among Program Committee members. The winning paper was "Distinguishing Attacks on T-functions" by Simon Kunzli ] (FH A- gau, Swizerland), Pascal Junod (Nagravision SA, Switzerland) and Willi Meier (FH Aargau, Swizerland). These proceedings contain revised versions of all the accepted papers. The conference program included three keynote papers: Hideki Imai (Tokyo University)presenteda paper entitled "TrendsandChallenges forSecurer Cr- tography in Practice." Moti Yung (Columbia University) presented a paper entitled "E?cient Secure Group Signatures with Dynamic Joins and Keeping Anonymity Against Group Managers." Colin Boyd (QUT) presented a paper entitled "Security of Two-Party Identity-Based Key Agreement." We are extremely grateful for the time and e?ort of all the members of the Program Committee in the review process. Their names may be found overleaf."

This book constitutes the thoroughly refereed post-proceedings of the International Workshop on Coding and Cryptography, WCC 2005, held in Bergen, Norway, in March 2005. The 33 revised full papers were carefully reviewed and selected during two rounds of review. The papers address all aspects of coding theory, cryptography and related areas, theoretical or applied.

This volume comprises the proceedings of the 4th Conference on Advanced - cryption Standard, 'AES - State of the Crypto Analysis, ' which was held in Bonn, Germany, during 10-12 May 2004. The conference followed a series of events organized by the US National - stitute of Standards and Technology (NIST) in order to hold an international competition to decide on an algorithm to serve as the Advanced Encryption Standard (AES). In 1998, at the ?rst AES conference (AES 1), 15 di?erent al- rithmswerepresented, discussed, reviewedandveri?ed.Asecondconferencewas organizedinApril1999, andbyAugust1999only?vecandidateswerestillinthe running: MARS, RC6, Rijndael, Serpent and Two?sh. After a further conference devoted to veri?cation, testing and examination of the candidate algorithms in order to prove their performance and security, one winning algorithm remained. The encryption scheme Rijndael, designed by the Belgian cryptographers Joan Daemen and Vincent Rijmen, was selected in 2000 to become the successor to the famous DES (Data Encryption Standard) and it is now the Advanced - cryption Standard.

On behalf of the Program Committee, it is our pleasure to present to you the proceedings of the 2nd GI SIG SIDAR Conference on Detection of Intrusions & Malware, and Vulnerability Assessment (DIMVA). DIMVA is organized by the Special Interest Group Security - Intrusion Detection and Response (SIDAR) of the German Informatics Society (GI) as an annual conference that brings together experts from throughout the world to discuss the state of the art in the areas of intrusion detection, detection of malware, and assessment of vulnerabilities. TheDIMVA2005ProgramCommitteereceived51submissionsfrom18co- tries. This represents an increase of approximately 25% compared with the n- ber of submissions last year. All submissions were carefully reviewed by at least three Program Committee members or external experts according to the cri- ria of scienti?c novelty, importance to the ?eld, and technical quality. The ?nal selection took place at a meeting held on March 18, 2005, in Zurich, Switz- land. Fourteen full papers were selected for presentation and publication in the conference proceedings. In addition, three papers were selected for presentation in the industry track of the conference. The program featured both theoretical and practical research results, which were grouped into six sessions. Philip Att?eld from the Northwest Security Institute gave the opening keynote speech. The slides presented by the authors are available on the DIMVA 2005 Web site at http: //www.dimva.org/dimva2005 We sincerely thank all those who submitted papers as well as the Program Committee members and the external reviewers for their valuable contributions.

The Fast Software Encryption 2005 Workshop was the twelfth in a series of annual workshops on symmetric cryptography, sponsored for the fourth year by the International Association for Cryptologic Research (IACR). The workshop concentratedonallaspectsoffastprimitivesforsymmetriccryptology, including thedesign, cryptanalysisandimplementationofblockandstreamciphersaswell as hash functions and message authentication codes. The ?rst FSE workshop was held in Cambridge in 1993, followed by Leuven in 1994, Cambridge in 1996, Haifain1997, Parisin1998, Romein1999, NewYorkin2000, Yokohamain2001, Leuven in 2002, Lund in 2003, and New Delhi in 2004. This year, a total of 96 submissions were received. After an extensive review by the Program Committee, 30 submissions were accepted. Two of these s- missions were merged into a single paper, yielding a total of 29 papers accepted for presentation at the workshop. Also, we were very fortunate to have in the programan invited talk byXuejia Laion Attacks andProtection ofHash Fu- tions and a very entertaining rump session that Bart Preneel kindly accepted to chair. These proceedings contain the revised versions of the accepted papers; the revised versions were not subsequently checked for correctness."

The 2005 Australasian Conference on Information Security and Privacy was the tenth in the annual series that started in 1996.Over the yearsACISP has grown from a relativelysmallconferencewith a largeproportionof paperscoming from Australia into a truly international conference with an established reputation. ACISP 2005 was held at Queensland University of Technology in Brisbane, d- ing July 4-6, 2005. This year there were 185 paper submissions and from these 45 papers were accepted. Accepted papers came from 13 countries, with the largest proportions coming from Australia (12), China (8) and Japan (6). India and Korea both contributed 2 papers and one came from Singapore. There were also 11 papers from European countries and 3 from North America. We would like to extend our sincere thanks to all authors who submitted papers to ACISP 2005. The contributed papers were supplemented by four invited talks from e- nent researchers in information security. The father-and-son team of Prof. and Dr. Bob Blakley (Texas A&M University and IBM) gave a talk entitled "All Sail, No Anchor III," following up on a theme started at their ACISP 2000 - vited talk. Adrian McCullagh (Phillips Fox Lawyers and QUT) talked on the bene?t and perils of Internet banking. Ted Dunstone (Biometix) enlightened us on multimodal biometric systems. Yvo Desmedt (University College London) elucidated the growing gap between theory and practice in information security.

The 19th Annual IFIP Working Group 11.3 Working Conference on Data and Applications Security was held August 7-10, 2005 at the University of C- necticut in Storrs, Connecticut. The objectives of the working conference were to discuss in depth the current state of the researchand practice in data and - plicationsecurity, enableparticipantstobene?tfrompersonalcontactwithother researchers and expand their knowledge, support the activities of the Working Group, and disseminate the research results. This volume contains the 24 papers that were presented at the working c- ference. These papers, which had been selected from 54 submissions, were rig- ously reviewed by the Working Group members. The volume is o?ered both to document progressand to provideresearcherswith a broadperspective of recent developments in data and application security. A special note of thanks goes to the many volunteers whose e?orts made the working conference a success. We wish to thank Divesh Srivastava for agreeing to deliver the invited talk, Carl Landwehr and David Spooner for organizing the panel, the authors for their worthy contributions, and the referees for their time and e?ort in reviewing the papers. We are grateful to T. C. Ting for serving as the General Chair, Steven Demurjian and Charles E. Phillips, Jr. for their hard work as Local Arrangements Chairs, and Pierangela Samarati, Working Group Chair, for managing the IFIP approval process. We would also like to acknowledge Sabrina De Capitani di Vimercati for managing the conference's Web site.

These are the proceedings of the 24th Annual IACR Eurocrypt Conference. The conference was sponsored by the International Association for Cryptologic Research(IACR;seewww.iacr.org), thisyearincooperationwiththeComputer Science Department of the University of Aarhus, Denmark. As General Chair, Ivan Damg? ard was responsible for local organization. TheEurocrypt2005ProgramCommittee(PC)consistedof30internationally renowned experts. Their names and a?liations are listed on pages VII and VIII of these proceedings. By the November 15, 2004 submission deadline the PC had received a total of 190 submissions via the IACR Electronic Submission Server. The subsequent selection process was divided into two phases, as usual. In the review phase each submission was carefully scrutinized by at least three independent reviewers, and the review reports, often extensive, were committed to the IACR Web Review System. These were taken as the starting point for the PC-wideWeb-baseddiscussionphase.Duringthisphase, additionalreportswere provided as needed, and the PC eventually had some 700 reports at its disposal. In addition, the discussions generated more than 850 messages, all posted in the system. During the entire PC phase, which started in August 2003 with my earliest invitations to PC members and which continued until March 2005, more than 1000 email messages were communicated. Moreover, the PC received much appreciated assistance from a large body of external reviewers. Their names are listed on page VIII of these proceeding

This book constitutes the refereed proceedings of the 20th Annual Working Conference on Data and Applications Security held in Sophia Antipolis, France, in July/August 2006.

The 22 revised full papers presented were carefully reviewed and selected from 56 submissions. The papers present theory, technique, applications, and practical experience of data and application security covering a number of diverse research topics such as access control, privacy, and identity management.

This book constitutes the thoroughly refereed post-proceedings of the 13th International Workshop on Fast Software Encryption, FSE 2006, held in Graz, Austria in March 2006.

The 27 revised full papers presented were carefully reviewed and selected from more than 100 submissions. The papers address all current aspects of fast and secure primitives for symmetric cryptology and they are organized in topical sections on stream ciphers, block ciphers, hash functions, analysis, proposals, modes and models, as well as implementation and bounds.

We are happy to present to you the proceedings of the 3rd International Workshop on Digital Watermarking, IWDW 2004. Since its modern reappearance in the academic community in the early 1990s, great progress has been made in understanding both the capabilities and the weaknesses of digital watermarking. On the theoretical side, we all are now well aware of the fact that digital watermarking is best viewed as a form of communication using side information. In the case of digital watermarking the side information in question is the document to be watermarked. This insight has led to a better understanding of the limits of the capacity and robustness of digital watermarking algorithms. It has also led to new and improved watermarking algorithms, both in terms of capacity and imperceptibility. Similarly, the role of human perception, and models thereof, has been greatly enhanced in the study and design of digital watermarking algorithms and systems. On the practical side, applications of watermarking are not yet abundant. The original euphoria on the role of digital watermarking in copy protection and copyright protection has not resulted in widespread use in practical systems. With hindsight, a number of reasons can be given for this lack of practical applications.

The 25 revised full papers presented here together with 7 invited papers address subjects such as block codes; algebra and codes: rings, fields, and AG codes; cryptography; sequences; decoding algorithms; and algebra: constructions in algebra, Galois groups, differential algebra, and polynomials.

This book constitutes the refereed proceedings of the Cryptographers' Track at the RSA Conference 2006, CT-RSA 2006, held in San Jose, CA, USA in February 2006. The book presents 24 papers organized in topical sections on attacks on AES, identification, algebra, integrity, public key encryption, signatures, side-channel attacks, CCA encryption, message authentication, block ciphers, and multi-party computation.

This book constitutes the refereed proceedings of the Second International Information Security Practice and Experience Conference, ISPEC 2006, held in Hangzhou, China, in April 2006. The 35 revised full papers presented were carefully reviewed and selected from 307 submissions. The papers are organized in topical sections.

This book constitutes the thoroughly refereed post-proceedings of the Third International Workshop on Formal Aspects in Security and Trust, FAST 2005, held in Newcastle upon Tyne, UK in July 2005.

The 17 revised papers presented together with the extended abstract of 1 invited paper were carefully reviewed and selected from 37 submissions. The papers focus on formal aspects in security and trust policy models, security protocol design and analysis, formal models of trust and reputation, logics for security and trust, distributed trust management systems, trust-based reasoning, digital assets protection, data protection, privacy and ID issues, information flow analysis, language-based security, security and trust aspects in ubiquitous computing, validation/analysis tools, web service security/trust/privacy, GRID security, security risk assessment, and case studies.

It is an honor and great pleasure to write a preface for this postproceedings of the 6th International Workshop on Information Hiding. In the past 10 years, the field of data hiding has been maturing and expanding, gradually establishing its place as an active interdisciplinary research area uniquely combining information theory, cryptology, and signal processing. This year, the workshop was followed by the Privacy Enhancing Technologies workshop (PET) hosted at the same location. Delegates viewed this connection as fruitful as it gave both communities a convenient opportunity to interact. We would like to thank all authors who submitted their work for consideration. Out of the 70 submisions received by the program committee, 25 papers were accepted for publication based on their novelty, originality, and scientific merit. We strived to achieve a balanced exposition of papers that would represent many different aspects of information hiding. All papers were divided into eight sessions: digital media watermarking, steganalysis, digital forensics, steganography, software watermarking, security and privacy, anonymity, and data hiding in unusual content. This year, the workshop included a one-hour rump session that offered an opportunity to the delegates to share their work in progress and other brief but interesting contributions.

The 9th International Conference on Financial Cryptography and Data Security (FC 2005) was held in the Commonwealth of Dominica from February 28 to March 3, 2005. This conference, organized by the International Financial Cryptography Association (IFCA), continues to be the premier international forum for research, exploration, and debate regarding security in the context of finance and commerce. The conference title and scope was expanded this year to cover all aspects of securing transactions and systems. The goal is to build an interdisciplinary meeting, bringing together cryptographers, data-security specialists, business and economy researchers, as well as economists, IT professionals, implementers, and policy makers. We think that this goal was met this year. The conference received 90 submissions and 24 papers were accepted, 22 in the Research track and 2 in the Systems and Applications track. In addition, the conference featured two distinguished invited speakers, Bezalel Gavish and Lynne Coventry, and two interesting panel sessions, one on phishing and the other on economics and information security. Also, for the first time, some of the papers that were judged to be very strong but did not make the final program were selected for special invitation to our Works in Progress (Rump) Session that took place on Wednesday evening. Three papers were highlighted in this forum this year, and short versions of the papers are included here. As always, other conference attendees were also invited to make presentations during the rump session, and the evening lived up to its colorful reputation.

The inaugural Information Security Practice and Experience Conference (ISPEC) was held on April 11-14, 2005, in Singapore. As applications of information security technologies become pervasive, - sues pertaining to their deployment and operation are becoming increasingly important. ISPEC is intended to be an annual conference that brings together researchers and practitioners to provide a con?uence of new information se- rity technologies, their applications and their integration with IT systems in various vertical sectors. The Program Committee consisted of leading experts in the areas of information security, information systems, and domain experts in applications of IT in vertical business segments. The topics of the conference covered security applications and case studies, access control, network security, data security, secure architectures, and cryp- graphic techniques. Emphasis was placed on the application of security research to meet practical user requirements, both in the paper selection process and in the invited speeches. Acceptance into the conference proceedings was very competitive. The Call for Papers attracted more than 120 submissions, out of which the Program Committee selected only 35 papers for inclusion in the proceedings. Thisconferencewasmadepossibleonlythroughthecontributionsfrommany individuals and organizations. We would like to thank all the authors who s- mitted papers. We also gratefully acknowledge the members of the Program Committee and the external reviewers, for the time and e?ort they put into reviewing the submissions. Special thanks are due to Ying Qiu for managing the website for paper s- mission, reviewandnoti?cation.PatriciaLohwaskindenoughtoarrangeforthe conference venue, and took care of the administration in running the conference