This book constitutes the refereed proceedings of the 15th IFIP TC 6/TC 11 International Conference on Communications and Multimedia Security, CMS 2014, held in Aveiro, Portugal, in September 2014. The 4 revised full papers presented together with 6 short papers, 3 extended abstracts describing the posters that were discussed at the conference, and 2 keynote talks were carefully reviewed and selected from 22 submissions. The papers are organized in topical sections on vulnerabilities and threats, identification and authentification, applied security.

This book constitutes the refereed proceedings of the Third International Conference on Cryptography and Security Systems, CSS 2014, held in Lublin, Poland, in September 2014. The 17 revised full papers presented were carefully reviewed and selected from 43 submissions. 7 of those papers concern different areas of cryptography, while the remaining 10 deal with recent problems of cryptographic protocols.

In the 1970s researchers noticed that radioactive particles produced by elements naturally present in packaging material could cause bits to flip in sensitive areas of electronic chips. Research into the effect of cosmic rays on semiconductors, an area of particular interest in the aerospace industry, led to methods of hardening electronic devices designed for harsh environments. Ultimately various mechanisms for fault creation and propagation were discovered, and in particular it was noted that many cryptographic algorithms succumb to so-called fault attacks. Preventing fault attacks without sacrificing performance is nontrivial and this is the subject of this book. Part I deals with side-channel analysis and its relevance to fault attacks. The chapters in Part II cover fault analysis in secret key cryptography, with chapters on block ciphers, fault analysis of DES and AES, countermeasures for symmetric-key ciphers, and countermeasures against attacks on AES. Part III deals with fault analysis in public key cryptography, with chapters dedicated to classical RSA and RSA-CRT implementations, elliptic curve cryptosystems and countermeasures using fault detection, devices resilient to fault injection attacks, lattice-based fault attacks on signatures, and fault attacks on pairing-based cryptography. Part IV examines fault attacks on stream ciphers and how faults interact with countermeasures used to prevent power analysis attacks. Finally, Part V contains chapters that explain how fault attacks are implemented, with chapters on fault injection technologies for microprocessors, and fault injection and key retrieval experiments on a widely used evaluation board. This is the first book on this topic and will be of interest to researchers and practitioners engaged with cryptographic engineering.

This book constitutes the refereed proceedings of three workshops held at the 19th International Conference on Financial Cryptography and Data Security, FC 2015, in San Juan, Puerto Rico, in January 2015. The 22 full papers presented were carefully reviewed and selected from 39 submissions. They feature the outcome of the Second Workshop on Bitcoin Research, BITCOIN 2015, the Third Workshop on Encrypted Computing and Applied Homomorphic Cryptography, WAHC 2015, and the First Workshop on Wearable Security and Privacy, Wearable 2015.

This book constitutes the thoroughly refereed post-conference proceedings of the 22nd International Workshop on Fast Software Encryption, held in Istanbul, Turkey, March 8-11, 2015. The 28 revised full papers presented were carefully reviewed and selected from 71 initial submissions. The papers are organized in topical sections on block cipher cryptanalysis; understanding attacks; implementation issues; more block cipher cryptanalysis; cryptanalysis of authenticated encryption schemes; proofs; design; lightweight; cryptanalysis of hash functions and stream ciphers; and mass surveillance.

This SpringerBrief examines the technology of email privacy encryption from its origins to its theoretical and practical details. It explains the challenges in standardization, usability, and trust that interfere with the user experience for software protection. Chapters address the origins of email encryption and why email encryption is rarely used despite the myriad of its benefits -- benefits that cannot be obtained in any other way. The construction of a secure message and its entwining with public key technology are covered. Other chapters address both independent standards for secure email and how they work. The final chapters include a discussion of getting started with encrypted email and how to live with it. Written by an expert in software security and computer tools, Encrypted Email: The History and Technology of Message Privacy is designed for researchers and professionals working in email security and encryption. Advanced-level students interested in security and networks will also find the content valuable.

This SpringerBrief presents the concept of the smart grid architecture and investigates the security issues of the smart grid and the existing encrypted data query techniques. Unique characteristics of smart grid impose distinguished challenges on this investigation, such as multidimensional attributes in metering data and finer grained query on each dimension. Three kinds of queries are introduced, namely, equality query, conjunctive query and range query. For the equality query over encrypted metering data, an efficient searchable encryption scheme is introduced and can be applied for auction in emerging smart grid marketing. Later chapters examine the conjunctive query and range query over encrypted data. Different techniques are used, including the Public key Encryption with Keyword Search (PEKS) and Hidden Vector Encryption (HVE), to construct the comparison predicate and range query predicate. Their correctness is demonstrated in the book. Concise and practical, Encrypted Data Querying in Smart Grids is valuable for professionals and researchers involved in data privacy or encryption. It is also useful for graduate students interested in smart grid and related technologies.

From the authors of the fascinating The Age of Cryptocurrency, comes the definitive work on the Internet's next big thing: the blockchain. Many of the 'legacy systems' once designed to make our lives easier and our economy more efficient are no longer up to the task; big banks have grown more entrenched, privacy exists only until the next hack, and credit card fraud has become a fact of life. However, there is a way past all this a new kind of operating system with the potential to revolutionise our economy: the blockchain. In The Truth Machine, Michael J. Casey and Paul Vigna demystify the blockchain and explain why it can restore personal control over our data, assets, and identities; grant billions of excluded people access to the global economy; and shift the balance of power to revive society's faith in itself. They reveal the empowerment possible when self-interested middlemen give way to the transparency of the blockchain, while highlighting the job losses, assertion of special interests, and threat to social cohesion that will accompany this shift. With a balanced perspective, Casey and Vigna show why we all must care about the path that blockchain technology takes moving humanity forward, not backward.

Quantum cryptography (or quantum key distribution) is a state-of-the-art technique that exploits properties of quantum mechanics to guarantee the secure exchange of secret keys. This 2006 text introduces the principles and techniques of quantum cryptography, setting it in the wider context of cryptography and security, with specific focus on secret-key distillation. The book starts with an overview chapter, progressing to classical cryptography, information theory (classical and quantum), and applications of quantum cryptography. The discussion moves to secret-key distillation, privacy amplification and reconciliation techniques, concluding with the security principles of quantum cryptography. The author explains the physical implementation and security of these systems, enabling engineers to gauge the suitability of quantum cryptography for securing transmission in their particular application. With its blend of fundamental theory, implementation techniques, and details of recent protocols, this book will be of interest to graduate students, researchers, and practitioners in electrical engineering, physics, and computer science.

This book investigates tradeoff between security and usability in designing leakage resilient password systems (LRP) and introduces two practical LRP systems named Cover Pad and ShadowKey. It demonstrates that existing LRP systems are subject to both brute force attacks and statistical attacks and that these attacks cannot be effectively mitigated without sacrificing the usability of LRP systems. Quantitative analysis proves that a secure LRP system in practical settings imposes a considerable amount of cognitive workload unless certain secure channels are involved. The book introduces a secure and practical LRP system, named Cover Pad, for password entry on touch-screen mobile devices. Cover Pad leverages a temporary secure channel between a user and a touch screen which can be easily realized by placing a hand shielding gesture on the touch screen. The temporary secure channel is used to deliver a hidden message to the user for transforming each password symbol before entering it on the touch screen. A user study shows the impact of these testing conditions on the users' performance in practice. Finally, this book introduces a new LRP system named ShadowKey. Shadow Key is designed to achieve better usability for leakage resilient password entry. It leverages either a permanent secure channel, which naturally exists between a user and the display unit of certain mobile devices, or a temporary secure channel, which can be easily realized between a user and a touch screen with a hand-shielding gesture. The secure channel protects the mappings between original password symbols and associated random symbols. Unlike previous LRP system users, Shadow Key users do not need to remember anything except their passwords. Leakage Resilient Password Systems is designed for professionals working in the security industry. Advanced-level students studying computer science and electrical engineering will find this brief full of useful material.

The two-volume proceedings LNCS 9056 + 9057 constitutes the proceedings of the 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2015, held in Sofia, Bulgaria, in April 2015. The 57 full papers included in these volumes were carefully reviewed and selected from 194 submissions. The papers are organized in topical sections named: honorable mentions, random number generators, number field sieve, algorithmic cryptanalysis, symmetric cryptanalysis, hash functions, evaluation implementation, masking, fully homomorphic encryption, related-key attacks, fully monomorphic encryption, efficient two-party protocols, symmetric cryptanalysis, lattices, signatures, zero-knowledge proofs, leakage-resilient cryptography, garbled circuits, crypto currencies, secret sharing, outsourcing computations, obfuscation and e-voting, multi-party computations, encryption, resistant protocols, key exchange, quantum cryptography, and discrete logarithms.

The two-volume proceedings LNCS 9056 + 9057 constitutes the proceedings of the 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2015, held in Sofia, Bulgaria, in April 2015. The 57 full papers included in these volumes were carefully reviewed and selected from 194 submissions. The papers are organized in topical sections named: honorable mentions, random number generators, number field sieve, algorithmic cryptanalysis, symmetric cryptanalysis, hash functions, evaluation implementation, masking, fully homomorphic encryption, related-key attacks, fully monomorphic encryption, efficient two-party protocols, symmetric cryptanalysis, lattices, signatures, zero-knowledge proofs, leakage-resilient cryptography, garbled circuits, crypto currencies, secret sharing, outsourcing computations, obfuscation and e-voting, multi-party computations, encryption, resistant protocols, key exchange, quantum cryptography, and discrete logarithms.

This book constitutes the thoroughly refereed post-conference proceedings of the 21st International Workshop on Fast Software Encryption, held in London, UK, March 3-5, 2014. The 31 revised full papers presented were carefully reviewed and selected from 99 initial submissions. The papers are organized in topical sections on designs; cryptanalysis; authenticated encryption; foundations and theory; stream ciphers; hash functions; advanced constructions.

Practical Hadoop Security is an excellent resource for administrators planning a production Hadoop deployment who want to secure their Hadoop clusters. A detailed guide to the security options and configuration within Hadoop itself, author Bhushan Lakhe takes you through a comprehensive study of how to implement defined security within a Hadoop cluster in a hands-on way. You will start with a detailed overview of all the security options available for Hadoop, including popular extensions like Kerberos and OpenSSH, and then delve into a hands-on implementation of user security (with illustrated code samples) with both in-the-box features and with security extensions implemented by leading vendors. No security system is complete without a monitoring and tracing facility, so Practical Hadoop Security next steps you through audit logging and monitoring technologies for Hadoop, as well as ready to use implementation and configuration examples--again with illustrated code samples. The book concludes with the most important aspect of Hadoop security - encryption. Both types of encryptions, for data in transit and data at rest, are discussed at length with leading open source projects that integrate directly with Hadoop at no licensing cost. Practical Hadoop Security: Explains importance of security, auditing and encryption within a Hadoop installation Describes how the leading players have incorporated these features within their Hadoop distributions and provided extensions Demonstrates how to set up and use these features to your benefit and make your Hadoop installation secure without impacting performance or ease of use

A Practical Guide to TPM 2.0: Using the Trusted Platform Module in the New Age of Security is a straight-forward primer for developers. It shows security and TPM concepts, demonstrating their use in real applications that the reader can try out. Simply put, this book is designed to empower and excite the programming community to go out and do cool things with the TPM. The approach is to ramp the reader up quickly and keep their interest.A Practical Guide to TPM 2.0: Using the Trusted Platform Module in the New Age of Security explains security concepts, describes the TPM 2.0 architecture, and provides code and pseudo-code examples in parallel, from very simple concepts and code to highly complex concepts and pseudo-code. The book includes instructions for the available execution environments and real code examples to get readers up and talking to the TPM quickly. The authors then help the users expand on that with pseudo-code descriptions of useful applications using the TPM.

This brief considers the various stakeholders in today's mobile device ecosystem, and analyzes why widely-deployed hardware security primitives on mobile device platforms are inaccessible to application developers and end-users. Existing proposals are also evaluated for leveraging such primitives, and proves that they can indeed strengthen the security properties available to applications and users, without reducing the properties currently enjoyed by OEMs and network carriers. Finally, this brief makes recommendations for future research that may yield practical and deployable results.

This book constitutes the proceedings of the 21st International Conference on Selected Areas in Cryptography, SAC 2014, held in Montreal, QC, Canada, in August 2014. The 22 papers presented in this volume were carefully reviewed and selected from 103 submissions. There are four areas covered at each SAC conference. The three permanent areas are: design and analysis of symmetric key primitives and cryptosystems, including block and stream ciphers, hash function, MAC algorithms, cryptographic permutations, and authenticated encryption schemes; efficient implementations of symmetric and public key algorithms; mathematical and algorithmic aspects of applied cryptology. This year, the fourth area for SAC 2014 is: algorithms for cryptography, cryptanalysis and their complexity analysis.

The book deals with the management of information systems security and privacy, based on a model that covers technological, organizational and legal views. This is the basis for a focused and methodologically structured approach that presents "the big picture" of information systems security and privacy, while targeting managers and technical profiles. The book addresses principles in the background, regardless of a particular technology or organization. It enables a reader to suit these principles to an organization's needs and to implement them accordingly by using explicit procedures from the book. Additionally, the content is aligned with relevant standards and the latest trends. Scientists from social and technical sciences are supposed to find a framework for further research in this broad area, characterized by a complex interplay between human factors and technical issues.

This book constitutes the thoroughly refereed post-workshop proceedings of the 22nd International Workshop on Security Protocols, held in Cambridge, UK, in March 2014. After an introduction the volume presents 18 revised papers each followed by a revised transcript of the presentation and ensuing discussion at the event. The theme of this year's workshop is "Collaborating with the Enemy".

This book constitutes the refereed proceedings of the 6th International Conference on Trust and Trustworthy Computing, TRUST 2013, held in London, UK, in June 2013. There is a technical and a socio-economic track. The full papers presented, 14 and 5 respectively, were carefully reviewed from 39 in the technical track and 14 in the socio-economic track. Also included are 5 abstracts describing ongoing research. On the technical track the papers deal with issues such as key management, hypervisor usage, information flow analysis, trust in network measurement, random number generators, case studies that evaluate trust-based methods in practice, simulation environments for trusted platform modules, trust in applications running on mobile devices, trust across platform. Papers on the socio-economic track investigated, how trust is managed and perceived in online environments, and how the disclosure of personal data is perceived; and some papers probed trust issues across generations of users and for groups with special needs.

This book constitutes the refereed proceedings of the 5th International Workshop on Post-Quantum Cryptography, PQCrypto 2013, held in Limoges, France, in June 2013. The 17 revised full papers presented were carefully reviewed and selected from 24 submissions. The papers cover all technical aspects of cryptographic research related to the future world with large quantum computers such as code-based cryptography, lattice-based cryptography, multivariate cryptography, cryptanalysis or implementations.

This book constitutes the proceedings of the 32nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2013, held in Athens, Greece, in May 2013. The 41 full papers included in this volume were carefully reviewed and selected from 201 submissions. They deal with cryptanalysis of hash functions, side-channel attacks, number theory, lattices, public key encryption, digital signatures, homomorphic cryptography, quantum cryptography, storage, tools, and secure computation.

The two-volume set, LNCS 8712 and LNCS 8713 constitutes the refereed proceedings of the 19th European Symposium on Research in Computer Security, ESORICS 2014, held in Wroclaw, Poland, in September 2014 The 58 revised full papers presented were carefully reviewed and selected from 234 submissions. The papers address issues such as cryptography, formal methods and theory of security, security services, intrusion/anomaly detection and malware mitigation, security in hardware, systems security, network security, database and storage security, software and application security, human and societal aspects of security and privacy.

Research Directions in Data and Applications Security describes original research results and innovative practical developments, all focused on maintaining security and privacy in database systems and applications that pervade cyberspace. The areas of coverage include: -Role-Based Access Control; -Database Security; -XML Security; -Data Mining and Inference; -Multimedia System Security; -Network Security; -Public Key Infrastructure; -Formal Methods and Protocols; -Security and Privacy.

This book constitutes the refereed proceedings of the 16th International Conference on Practice and Theory in Public-Key Cryptography, PKC 2013, held in Nara, Japan, in February/March 2013. The 28 papers presented together with 2 invited talks were carefully reviewed and selected from numerous submissions. The papers are organized in the following topical sections: homomorphic encryption, primitives, functional encryption/signatures, RSA, IBE and IPE, key exchange, signature schemes, encryption, and protocols.