This book constitutes the thoroughly refereed post-conference proceedings of the 10th IFIP WG 8.8/11.2 International Conference on Smart Card Research and Advanced Applications, CARDIS 2011, held in Leuven, Belgium, in September 2011. The 20 revised full papers presented were carefully reviewed and selected from 45 submissions. The papers are organized in topical sections on smart cards system security, invasive attacks, new algorithms and protocols, implementations and hardware security, non-invasive attacks, and Java card security.

This book constitutes the thoroughly refereed post-conference proceedings of the 7th European Workshop on Public Key Infrastructures, Services and Applications, EuroPKI 2010, held in Athens, Greece, in September 2010. The 14 revised full papers presented together with an invited article were carefully reviewed and selected from 41 submissions. The papers are organized in topical sections on authentication mechanisms; privacy preserving techniques; PKI & PKC applications; electronic signature schemes; identity management.

This book constitutes the proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection, RAID 2011, held in Menlo Park, CA, USA in September 2011. The 20 papers presented were carefully reviewed and selected from 87 submissions. The papers are organized in topical sections on application security; malware; anomaly detection; Web security and social networks; and sandboxing and embedded environments.

This book constitutes the refereed proceedings of the 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2011, held in Tallinn, Estonia, in May 2011. The 31 papers, presented together with 2 invited talks, were carefully reviewed and selected from 167 submissions. The papers are organized in topical sections on lattice-base cryptography, implementation and side channels, homomorphic cryptography, signature schemes, information-theoretic cryptography, symmetric key cryptography, attacks and algorithms, secure computation, composability, key dependent message security, and public key encryption.

This book presents a collection of 36 pieces of scientific work in the areas of complexity theory and foundations of cryptography: 20 research contributions, 13 survey articles, and 3 programmatic and reflective viewpoint statements. These so far formally unpublished pieces were written by Oded Goldreich, some in collaboration with other scientists.
The articles included in this book essentially reflect the topical scope of the scientific career of Oded Goldreich now spanning three decades. In particular the topics dealt with include average-case complexity, complexity of approximation, derandomization, expander graphs, hashing functions, locally testable codes, machines that take advice, NP-completeness, one-way functions, probabilistically checkable proofs, proofs of knowledge, property testing, pseudorandomness, randomness extractors, sampling, trapdoor permutations, zero-knowledge, and non-iterative zero-knowledge.
All in all, this potpourri of studies in complexity and cryptography constitutes a most valuable contribution to the field of theoretical computer science centered around the personal achievements and views of one of its outstanding representatives.

RSA is a public-key cryptographic system, and is the most famous and widely-used cryptographic system in today's digital world. Cryptanalytic Attacks on RSA, a professional book, covers almost all known cryptanalytic attacks and defenses of the RSA cryptographic system and its variants. Since RSA depends heavily on computational complexity theory and number theory, background information on complexity theory and number theory is presented first, followed by an account of the RSA cryptographic system and its variants.

This book is also suitable as a secondary text for advanced-level students in computer science and mathematics.

The RSA Conference is an annual event that attracts hundreds of vendors and thousands of participants from industry and academia. Since 2001, the conf- ence has included an academic Cryptographers'Track (CT-RSA). This year was the 10th anniversary of CT-RSA. Since its conception, the CT-RSA conference has become a major avenue for publishing high-quality research papers. The RSA conference was held in San Francisco, California, during March 1-5, 2010. This year we received94 submissions. Eachpaper gotassignedto three ref- ees. Papers submitted by the members of the Program Committee got assigned to?vereferees.Inthe?rststageofthereviewprocess, thesubmittedpaperswere read and evaluated by the ProgramCommittee members and then in the second stage, the papers were scrutinized during an extensive discussion. Finally, the Program Committee chose 25 papers to be included in the conference program. The authors of the accepted papers had two weeks for revision and preparation of ?nal versions.The revised papers were not subject to editorial review and the authors bear full responsibility for their contents. The submission and review process was supported by the iChair conference submission server. We thank Matthiew Finiasz and Thomas Baign eres for letting us use iChair. The conf- ence proceedings were published by Springer in this volume of Lecture Notes in Computer Science.

This book constitutes the refereed proceedings of the Third International Workshop on Coding and Cryptology, IWCC 2011, held in Qingdao, China, May 30-June 3, 2011. The 19 revised full technical papers are contributed by the invited speakers of the workshop. The papers were carefully reviewed and cover a broad range of foundational and methodological as well as applicative issues in coding and cryptology, as well as related areas such as combinatorics.

This book constitutes the thoroughly refereed proceedings of the 8th Theory of Cryptography Conference, TCC 2011, held in Providence, Rhode Island, USA, in March 2011. The 35 revised full papers are presented together with 2 invited talks and were carefully reviewed and selected from 108 submissions. The papers are organized in topical sections on hardness amplification, leakage resilience, tamper resilience, encryption, composable security, secure computation, privacy, coin tossing and pseudorandomness, black-box constructions and separations, and black box separations.

The 8th International Conference on Cryptology and Network Security (CANS 2009) was held at the Ishikawa Prefectural Museum of Art in Kanazawa, Japan, during December 12-14, 2009. The conference was jointly co-organized by the NationalInstituteofAdvancedIndustrialScienceandTechnology(AIST), Japan, and the Japan Advanced Institute of Science and Technology (JAIST). In ad- tion, the event was supported by the Special Interest Group on Computer Se- rity (CSEC), IPSJ, Japan, the Japan Technical Group on Information Security (ISEC), IEICE, the Japan Technical Committee on Information and Com- nication System Security(ICSS), IEICE, and the Society of Information Theory and its Applications (SITA), Japan, and co-sponsored by the National Ins- tute of Information and Communications Technology, Japan, ComWorth Co., LTD, Japan, Hitachi, Ltd., Hokuriku Telecommunication Network Co., Inc., and Internet Initiative Japan Inc. The conference received 109 submissions from 24 countries, out of which 32 were accepted for publication in these proceedings. At least three Program Committee (PC) members reviewed each submitted paper, while submissions co-authored by a PC member were submitted to the more stringent evaluation of ?ve PC members. In addition to the PC members, many external reviewers joinedthereviewprocessintheirparticularareasofexpertise. Wewerefortunate to have this energetic team of experts, and are deeply grateful to all of them for their hard work, which included a very active discussion phase-almost as long as the initial individual reviewing period. The paper submission, review and discussion processes were e?ectively and e?ciently made possible by the Web-based system iChair.

Every day, organizations large and small fall victim to attacks on their data. Encryption provides a shield to help defend against intruders. Because of increasing pressure from government regulators, consumers, and the business community at large, the job descriptions of SQL DBAs and developers are expanding to include encryption. Expert SQL Server 2008 Encryption will show you how to efficiently implement SQL Server 2008 encryption functionality and features to secure your organizational data.Introduces encryption, guiding readers through its implementation in SQL Server Demonstrates advanced techniques such as the use of hardware security modules Covers all that a SQL Server database administrator needs to know about encryption What you'll learn Take advantage of hardware security modules via extensible key management Implement targeted encryption of individual columns Secure an entire database at once with Transparent Data Encryption Encrypt disk volumes using BitLocker encryption Effectively design and manage encryption as part of your total security solution Digitally sign documents stored in your database Who this book is for

The audience for this book includes SQL Server DBAs, SQL developers, and .NET developers who want to take advantage of the powerful encryption functionality available in SQL Server 2008. The features of SQL Server 2008 provide a powerful set of tools to secure your most sensitive data, helping protect it from theft. Table of Contents Introduction to Encryption Encryption Key Management Symmetric Encryption Asymmetric Encryption Extensible Key Management Transparent Data Encryption Hashing SQL CLR Cryptography Indexing Encrypted Data Encrypting Connections to SQL Server 2008 Regulatory Requirements

The 16th Workshop on Selected Areas in Cryptography (SAC 2009) was held at the University of Calgary,in Calgary, Alberta, Canada, during August 13-14, 2009. There were 74 participants from 19 countries. Previous workshops in this series were held at Queens University in Kingston (1994, 1996, 1998, 1999, and 2005), Carleton University in Ottawa (1995, 1997, and 2003), University of - terloo (2000 and 2004), Fields Institute in Toronto (2001), Memorial University of Newfoundland in St. Johns (2002), Concordia University in Montreal (2006), University of Ottawa (2007), and Mount Allison University in Sackville (2008). The themes for SAC 2009 were: 1. Design and analysis of symmetric key primitives and cryptosystems, incl- ing block and stream ciphers, hash functions, and MAC algorithms 2. E?cient implementations of symmetric and public key algorithms 3. Mathematical and algorithmic aspects of applied cryptology 4. Privacy enhancing cryptographic systems This included the traditional themes (the ?rst three) together with a special theme for 2009 workshop (fourth theme).

Secure Computer and Network Systems

Modeling, Analysis and Design

Nong Ye, Arizona State University, USA

Computer and network systems have given us unlimited opportunities of reducing cost, improving efficiency, and increasing revenues, as demonstrated by an increasing number of computer and network applications. Yet, our dependence on computer and network systems has also exposed us to new risks, which threaten the security of, and present new challenges for protecting our assets and information on computer and network systems. The reliability of computer and network systems ultimately depends on security and quality of service (QoS) performance.

This book presents quantitative modeling and analysis techniques to address these numerous challenges in cyber attack prevention and detection for security and QoS, including:

the latest research on computer and network behavior under attack and normal use conditions;

new design principles and algorithms, which can be used by engineers and practitioners to build secure computer and network systems, enhance security practice and move to providing QoS assurance on the Internet;

mathematical and statistical methods for achieving the accuracy and timeliness of cyber attack detection with the lowest computational overhead;

guidance on managing admission control, scheduling, reservation and service of computer and network jobs to assure the service stability and end-to-end delay of those jobs even under Denial of Service attacks or abrupt demands.

"Secure Computer and Network Systems: Modeling, Analysis and Design" is an up-to-date resource for practising engineers and researchers involved in security, reliabilityand quality management of computer and network systems. It is also a must-read for postgraduate students developing advanced technologies for improving computer network dependability.

CRYPTO2010,the30thAnnualInternationalCryptologyConference,wassp- sored by the International Association for Cryptologic Research (IACR) in - operation with the IEEE Computer Society Technical Committee on Security and Privacy and the Computer Science Department of the University of C- ifornia at Santa Barbara. The conference was held in Santa Barbara, Calif- nia, during August 15-19, 2010, in conjunction with CHES 2010 (Workshop on Cryptographic Hardware and Embedded Systems). Zul?kar Ramzan served as the General Chair. The conference received 203 submissions. The quality of the submissions was very high, and the selection process was a challenging one. The Program C- mittee, aided by a 159 external reviewers,reviewed the submissions and after an intensive review period the committee accepted 41 of these submissions. Three submissions were merged into a single paper and two papers were merged into a single talk, yielding a total of 39 papers in the proceedings and 38 presen- tions at the conference. The revised versions of the 39 papers appearing in the proceedings were not subject to editorial review and the authors bear full - sponsibility for their contents. The best-paper award was awarded to the paper "Toward Basing Fully Homomorphic Encryption on Worst-Case Hardness" by Craig Gentry. The conference featured two invited presentations. This year we celebrated 25 years from the publication of the ground-breaking work of Sha? Goldwasser, Silvio Micali and Charles Racko? "The Knowledge Complexity of Interactive Proof-Systems.

The Joint Workshop on "Automated Reasoning for Security Protocol Analysis and Issues in the Theory of Security" (ARSPA-WITS 2009) was held in York, UK, March 28-29, 2009, in association with ETAPS 2009. ARSPA is a series of workshops on "Automated Reasoning for Security P- tocol Analysis," bringing together researchers and practitioners from both the security andthe formalmethods communities,from academiaand industry,who are working on developing and applying automated reasoning techniques and tools for the formal speci?cation and analysis of security protocols. The ?rst two ARSPA workshops were held as satellite events of the Second International JointConferenceon Automated Reasoning(IJCAR 2004)andof the 32nd Int- nationalColloquiumonAutomata,LanguagesandProgramming(ICALP2005), respectively. ARSPA then joined forces with the workshop FCS (Foundations of Computer Security): FCS-ARSPA 2006 was a?liated with LICS 2006, in the context of FLoC 2006,and FCS-ARSPA 2007 was a?liated with LICS 2007 and ICALP 2007. WITSistheo?cialannualworkshoporganizedbytheIFIP WG1.7on"T- oretical Foundations of Security Analysis and Design," established to promote the investigation on the theoretical foundations of security, discovering and p- moting new areas of application of theoretical techniques in computer security and supporting the systematic use of formal techniques in the development of security-related applications. This is the ninth meeting in the series. In 2008, ARSPA and WITS joined with the workshop on Foundations of Computer - curityFCSforajointworkshop,FCS-ARSPA-WITS2008,associatedwithLICS 2008 and CSF 21.

Archiving has become an increasingly complex process. The challenge is no longer how to store the data but how to store it intelligently, in order to exploit it over time, while maintaining its integrity and authenticity. Digital technologies bring about major transformations, not only in terms of the types of documents that are transferred to and stored in archives, in the behaviors and practices of the humanities and social sciences (digital humanities), but also in terms of the volume of data and the technological capacity for managing and preserving archives (Big Data). Archives in The Digital Age focuses on the impact of these various digital transformations on archives, and examines how the right to memory and the information of future generations is confronted with the right to be forgotten; a digital prerogative that guarantees individuals their private lives and freedoms.

This volume contains the proceedings of the 13th International Conference on Financial Cryptography and Data Security, held at the Accra Beach Hotel and Resort, Barbados, February 23-26, 2009. Financial Cryptography and Data Security (FC) is a well-established int- national forum for research, advanced development, education, exploration and debate regarding information assurance in the context of ?nance and commerce. The conference covers all aspects of securing transactions and systems. The goal of FC is to bring security and cryptography researchers and pr- titioners together with economists, bankers, and policy makers. This year, we assembled a vibrant program featuring 21 peer-reviewed research paper pres- tations, two panels (on the economics of information security and on authen- cation), and a keynote address by David Dagon. Despite a proliferation of security and cryptography venues, FC continues to receive a large number of high-quality submissions. This year, we received 91 submissions(75full-lengthpapers,15shortpapersand1panel).Eachsubmission was reviewed by at least three reviewers. Following a rigorous selection, ranking and discussion process, the Program Committee accepted 20 full-length papers, 1 short paper and 1 panel. The overall acceptance rate was 24%.

The new emergingtechnologiesput new requirementsonsecurityanddata m- agement.Asdataareaccessibleanytimeanywhere,itbecomesmucheasiertoget unauthorized data access. Furthermore, the use of new technologies has brought some privacy concerns. It becomes simpler to collect, store, and search personal information thereby endangering people's privacy. Therefore, research in secure data management is gaining importance, attracting the attention of both the data management and the security research communities. The interesting pr- lems range from traditional topics, such as, access control and general database security, via privacy protection to new research directions, such as cryptogra- ically enforced access control and encrypted databases. This year, the call for papers attracted 24 papers both from universities and industry. For presentation at the workshop,the ProgramCommittee selected 10 full papers (41% acceptance rate). These papers are collected in this volume, which we hope will serve as a useful research and reference material. The papers in the proceeding are grouped into three sections. The ?rst s- tion focuses on database security which remains an important research area. The papers in this section address several interesting topics including query optimization in encrypted databases, database provenance, database intrusion detection, and con?dence policy compliant query evaluation. The second section changes the focal point to the topic of access control. The papers in this s- tion deal with provenance access control, access control model for collaborative editors, self-modifying access control policies, and enforcing access control on XML documents. The third section focuses on privacy protection addressing the privacy issues around location-based services and anonymity/diversity for the micro-data release problem.

This volume contains the 12 papers presented at the WISTP 2009 conference, held in Brussels, Belgium in September 2009. WISTP 2009 was the third int- national workshop devoted to information security theory and practice. WISTP 2009 built on the successful WISTP 2007 and 2008 conferences, held in Heraklion, Crete, Greece and Seville, Spain in May 2007 and May 2008, - spectively. The proceedings of WISTP 2007 and WISTP 2008 were published as volumes 4462 and 5019 of the Lecture Notes in Computer Science series. This workshop received the following support: - Co-sponsored by IFIP WG 11. 2 Small System Security - Co-sponsored by VDE ITG - Technical sponsorship of the IEEE Systems, Man & Cybernetics Society - Supported by the Technical Committee on Systems Safety and Security - Organized in cooperation with the ACM SIGSAC - Supported by ENISA - Supported by the Institute for Systems and Technologies of Information, Control and Communication (INSTICC) These proceedings contain 12 original papers covering a range of theoretical and practical topics in information security. For the purposes of the organi- tion of the WISTP program, the papers were divided into four main categories, namely: - Mobility - Attacks and Secure Implementations - Performance and Security - Cryptography The12papersincludedherewereselectedfromatotalof27submissions. The refereeing process was rigorous,involving at least three (and mostly four or ?ve) independent reports being prepared for each submission.

These are the proceedings of Eurocrypt 2010, the 29th in the series of Eu- pean conferences on the Theory and Application of Cryptographic Techniques. The conference was sponsored by the International Association for Cryptologic Research and held on the French Riviera, May 30-June 3, 2010. A total of 191 papers were received of which 188 were retained as valid submissions. These were each assigned to at least three Program Committee members and a total of 606 review reports were produced. The printed record of the reviews and extensive online discussions that followed would be almost as voluminous as these proceedings. In the end 35 submissions were accepted with twosubmissionpairsbeingmergedtogive33paperspresentedattheconference. The ?nal papers in these proceedings were not subject to a second review before publication and the authors are responsible for their contents. The ProgramCommittee, listed on the next page, deservesparticular thanks for all their hard work, their outstanding expertise, and their constant c- mitment to all aspects of the evaluation process. These thanks are of course extended to the very many external reviewers who took the time to help out during the evaluation process.It was also a greatpleasure to honor and welcome Moti Yung who gave the 2010 IACR Distinguished Lecture.

th The 8 International Workshop on Digital Watermarking (IWDW 2009) was hosted by the University of Surrey, Guildford, Surrey, UK, during August 24 26, 2009.As with previous workshops, IWDW 2009 aimed to providea balanced program covering the latest state-of-the-art theoretical and practical devel- ments in digital watermarking, steganography and steganalysis, and the eme- ing area of image forensics. The selection of the program was a challenging task for the Technical Programme Committee members and reviewers, who ensured the highest quality and reputation of the workshop. From around 50 submissions received from authors in 14 countries, the c- mittee selected 26 regular papers (22 oral and 4 poster presentations). In - dition to the contributed papers, the workshop featured three keynote lectures on watermarking, cryptography and forensics kindly delivered by internati- ally renowned experts, Ingemar Cox, Fred Piper and Ed Delp, respectively. The regular papers and keynote lectures can be found in this proceedings volume. First of all, we would like to thank all the authors, speakers, reviewers and participants for their signi?cant contributions to the success of IWDW 2009."

Africacrypt 2010, the Third International Conference on Cryptology in Africa, took place May 3-6, 2010 in Stellenbosch, South Africa. The General Chairs, Riaal Domingues from the South African Communications and Security Agency and Christine Swart from the University of Cape Town, were always a pleasure to work with and did an outstanding job with the local arrangements. We are deeplythankfulthat theyagreedto hostAfricacrypt2010with onlyfour months notice after unanticipated events forced a change of location. The Africacrypt 2010 submission deadline was split into two. Authors s- mitting paperswererequiredto registertitles andabstractsby the ?rstdeadline, January 5. A total of 121 submissions had been received by this deadline, - though some were withdrawn before review. Authors were allowed to continue working on their papers until the second deadline, January 10. Submissions were evaluated in three phases over a period of nearly two months. The selection phase started on January 5: Program Committee m- bers began evaluating abstracts and volunteering to handle various papers. We assigned a team of people to each paper. The review phase started on January 11: Program Committee members were given access to the full papers and - gan in-depth reviews of 82 submissions. Most of the reviews were completed by February7, thebeginningofthediscussionphase.ProgramCommitteemembers were given access to other reviews and built consensus in their evaluations of the submissions. In the end the discussions included 285 full reports and 203 - ditional comments. The submissions, reviews, and subsequent discussions were handled smoothly by iChair

The biennial International Workshop on Coding and Cryptology (IWCC) aims to bring together many of the world's greatest minds in coding and crypt- ogy to share ideas and exchange knowledge related to advancements in c- ing and cryptology, amidst an informal setting conducive for interaction and collaboration. It is well known that fascinating connections exist between coding and cr- tology. Therefore this workshop series was organized to facilitate a fruitful - teraction and stimulating discourse among experts from these two areas. The inaugural IWCC was held at Wuyi Mountain, Fujian Province, China, during June 11-15, 2007 and attracted over 80 participants. Following this s- cess, the second IWCC was held June 1-5, 2009 at Zhangjiajie, Hunan Province, China. Zhangjiajie is one of the most scenic areas in China. The proceedings of this workshop consist of 21 technical papers, covering a wide range of topics in coding and cryptology, as well as related ?elds such as combinatorics. All papers, except one, are contributed by the invited speakers of the workshop and each paper has been carefully reviewed. We are grateful to the external reviewers for their help, which has greatly strengthened the quality of the proceedings. IWCC 2009 was co-organizedby the National University of Defense Techn- ogy (NUDT), China and Nanyang Technological University (NTU), Singapore. We acknowledge with gratitude the ?nancial support from NUDT. We wouldliketo expressourthanks to Springer formaking it possible forthe proceedings to be published in the Lecture Notes in Computer Science series.

This book constitutes the thoroughly refereed post-conference proceedings of the 4th International Conference on Information Security and Cryptology, Inscrypt 2008, held in Beijing, China, in December 2008.

The 28 revised full papers presented together with 3 invited talks were carefully reviewed and selected from 183 submissions. The papers are organized in topical sections on digital signature and signcryption schemes, privacy and anonymity, message authentication code and hash function, secure protocols, symmetric cryptography, certificateless cryptography, hardware implementation and side channel attack, wireless network security, public key and identity based cryptography, access control and network security, as well as trusted computing and applications.

Meet the world's top ethical hackers and explore the tools of the trade Hacking the Hacker takes you inside the world of cybersecurity to show you what goes on behind the scenes, and introduces you to the men and women on the front lines of this technological arms race. Twenty-six of the world's top white hat hackers, security researchers, writers, and leaders, describe what they do and why, with each profile preceded by a no-experience-necessary explanation of the relevant technology. Dorothy Denning discusses advanced persistent threats, Martin Hellman describes how he helped invent public key encryption, Bill Cheswick talks about firewalls, Dr. Charlie Miller talks about hacking cars, and other cybersecurity experts from around the world detail the threats, their defenses, and the tools and techniques they use to thwart the most advanced criminals history has ever seen. Light on jargon and heavy on intrigue, this book is designed to be an introduction to the field; final chapters include a guide for parents of young hackers, as well as the Code of Ethical Hacking to help you start your own journey to the top. Cybersecurity is becoming increasingly critical at all levels, from retail businesses all the way up to national security. This book drives to the heart of the field, introducing the people and practices that help keep our world secure. * Go deep into the world of white hat hacking to grasp just how critical cybersecurity is * Read the stories of some of the world's most renowned computer security experts * Learn how hackers do what they do no technical expertise necessary * Delve into social engineering, cryptography, penetration testing, network attacks, and more As a field, cybersecurity is large and multi-faceted yet not historically diverse. With a massive demand for qualified professional that is only going to grow, opportunities are endless. Hacking the Hacker shows you why you should give the field a closer look.