RSA is a public-key cryptographic system, and is the most famous and widely-used cryptographic system in today's digital world. Cryptanalytic Attacks on RSA, a professional book, covers almost all known cryptanalytic attacks and defenses of the RSA cryptographic system and its variants. Since RSA depends heavily on computational complexity theory and number theory, background information on complexity theory and number theory is presented first, followed by an account of the RSA cryptographic system and its variants.

This book is also suitable as a secondary text for advanced-level students in computer science and mathematics.

This book constitutes the thoroughly refereed post-proceedings of the 17th Annual International Workshop on Selected Areas in Cryptography, SAC 2010, held in Waterloo, Ontario, Canada in August 2010. The 24 revised full papers presented together with 2 invited papers were carefully reviewed and selected from 90 submissions. The papers are organized in topical sections on hash functions, stream ciphers, efficient implementations, coding and combinatorics, block ciphers, side channel attacks, and mathematical aspects.

This book constitutes the refereed proceedings of the 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2011, held in Tallinn, Estonia, in May 2011. The 31 papers, presented together with 2 invited talks, were carefully reviewed and selected from 167 submissions. The papers are organized in topical sections on lattice-base cryptography, implementation and side channels, homomorphic cryptography, signature schemes, information-theoretic cryptography, symmetric key cryptography, attacks and algorithms, secure computation, composability, key dependent message security, and public key encryption.

This book constitutes the refereed proceedings of the 12th IMA International Conference on Cryptography and Coding, held in Cirencester, UK in December 2009.

The 26 revised full papers presented together with 3 invited contributions were carefully reviewed and selected from 53 submissions. The papers are organized in topical sections on coding theory, symmetric cryptography, security protocols, asymmetric cryptography, Boolean functions and side channels and implementations.

This book constitutes the thoroughly refereed proceedings of the 8th Theory of Cryptography Conference, TCC 2011, held in Providence, Rhode Island, USA, in March 2011. The 35 revised full papers are presented together with 2 invited talks and were carefully reviewed and selected from 108 submissions. The papers are organized in topical sections on hardness amplification, leakage resilience, tamper resilience, encryption, composable security, secure computation, privacy, coin tossing and pseudorandomness, black-box constructions and separations, and black box separations.

Industrial cyber-physical systems operate simultaneously in the physical and digital worlds of business and are now a cornerstone of the fourth industrial revolution. Increasingly, these systems are becoming the way forward for academics and industrialists alike. The very essence of these systems, however, is often misunderstood or misinterpreted. This book thus sheds light on the problem areas surrounding cyber-physical systems and provides the reader with the key principles for understanding and illustrating them. Presented using a pedagogical approach, with numerous examples of applications, this book is the culmination of more than ten years of study by the Intelligent Manufacturing and Services Systems (IMS2) French research group, part of the MACS (Modeling, Analysis and Control of Dynamic Systems) research group at the CNRS. It is intended both for engineers who are interested in emerging industrial developments and for master's level students wishing to learn about the industrial systems of the future.

Every day, organizations large and small fall victim to attacks on their data. Encryption provides a shield to help defend against intruders. Because of increasing pressure from government regulators, consumers, and the business community at large, the job descriptions of SQL DBAs and developers are expanding to include encryption. Expert SQL Server 2008 Encryption will show you how to efficiently implement SQL Server 2008 encryption functionality and features to secure your organizational data.Introduces encryption, guiding readers through its implementation in SQL Server Demonstrates advanced techniques such as the use of hardware security modules Covers all that a SQL Server database administrator needs to know about encryption What you'll learn Take advantage of hardware security modules via extensible key management Implement targeted encryption of individual columns Secure an entire database at once with Transparent Data Encryption Encrypt disk volumes using BitLocker encryption Effectively design and manage encryption as part of your total security solution Digitally sign documents stored in your database Who this book is for

The audience for this book includes SQL Server DBAs, SQL developers, and .NET developers who want to take advantage of the powerful encryption functionality available in SQL Server 2008. The features of SQL Server 2008 provide a powerful set of tools to secure your most sensitive data, helping protect it from theft. Table of Contents Introduction to Encryption Encryption Key Management Symmetric Encryption Asymmetric Encryption Extensible Key Management Transparent Data Encryption Hashing SQL CLR Cryptography Indexing Encrypted Data Encrypting Connections to SQL Server 2008 Regulatory Requirements

The Joint Workshop on "Automated Reasoning for Security Protocol Analysis and Issues in the Theory of Security" (ARSPA-WITS 2009) was held in York, UK, March 28-29, 2009, in association with ETAPS 2009. ARSPA is a series of workshops on "Automated Reasoning for Security P- tocol Analysis," bringing together researchers and practitioners from both the security andthe formalmethods communities,from academiaand industry,who are working on developing and applying automated reasoning techniques and tools for the formal speci?cation and analysis of security protocols. The ?rst two ARSPA workshops were held as satellite events of the Second International JointConferenceon Automated Reasoning(IJCAR 2004)andof the 32nd Int- nationalColloquiumonAutomata,LanguagesandProgramming(ICALP2005), respectively. ARSPA then joined forces with the workshop FCS (Foundations of Computer Security): FCS-ARSPA 2006 was a?liated with LICS 2006, in the context of FLoC 2006,and FCS-ARSPA 2007 was a?liated with LICS 2007 and ICALP 2007. WITSistheo?cialannualworkshoporganizedbytheIFIP WG1.7on"T- oretical Foundations of Security Analysis and Design," established to promote the investigation on the theoretical foundations of security, discovering and p- moting new areas of application of theoretical techniques in computer security and supporting the systematic use of formal techniques in the development of security-related applications. This is the ninth meeting in the series. In 2008, ARSPA and WITS joined with the workshop on Foundations of Computer - curityFCSforajointworkshop,FCS-ARSPA-WITS2008,associatedwithLICS 2008 and CSF 21.

This volume contains the proceedings of the 13th International Conference on Financial Cryptography and Data Security, held at the Accra Beach Hotel and Resort, Barbados, February 23-26, 2009. Financial Cryptography and Data Security (FC) is a well-established int- national forum for research, advanced development, education, exploration and debate regarding information assurance in the context of ?nance and commerce. The conference covers all aspects of securing transactions and systems. The goal of FC is to bring security and cryptography researchers and pr- titioners together with economists, bankers, and policy makers. This year, we assembled a vibrant program featuring 21 peer-reviewed research paper pres- tations, two panels (on the economics of information security and on authen- cation), and a keynote address by David Dagon. Despite a proliferation of security and cryptography venues, FC continues to receive a large number of high-quality submissions. This year, we received 91 submissions(75full-lengthpapers,15shortpapersand1panel).Eachsubmission was reviewed by at least three reviewers. Following a rigorous selection, ranking and discussion process, the Program Committee accepted 20 full-length papers, 1 short paper and 1 panel. The overall acceptance rate was 24%.

These are the proceedings of Eurocrypt 2010, the 29th in the series of Eu- pean conferences on the Theory and Application of Cryptographic Techniques. The conference was sponsored by the International Association for Cryptologic Research and held on the French Riviera, May 30-June 3, 2010. A total of 191 papers were received of which 188 were retained as valid submissions. These were each assigned to at least three Program Committee members and a total of 606 review reports were produced. The printed record of the reviews and extensive online discussions that followed would be almost as voluminous as these proceedings. In the end 35 submissions were accepted with twosubmissionpairsbeingmergedtogive33paperspresentedattheconference. The ?nal papers in these proceedings were not subject to a second review before publication and the authors are responsible for their contents. The ProgramCommittee, listed on the next page, deservesparticular thanks for all their hard work, their outstanding expertise, and their constant c- mitment to all aspects of the evaluation process. These thanks are of course extended to the very many external reviewers who took the time to help out during the evaluation process.It was also a greatpleasure to honor and welcome Moti Yung who gave the 2010 IACR Distinguished Lecture.

Africacrypt 2010, the Third International Conference on Cryptology in Africa, took place May 3-6, 2010 in Stellenbosch, South Africa. The General Chairs, Riaal Domingues from the South African Communications and Security Agency and Christine Swart from the University of Cape Town, were always a pleasure to work with and did an outstanding job with the local arrangements. We are deeplythankfulthat theyagreedto hostAfricacrypt2010with onlyfour months notice after unanticipated events forced a change of location. The Africacrypt 2010 submission deadline was split into two. Authors s- mitting paperswererequiredto registertitles andabstractsby the ?rstdeadline, January 5. A total of 121 submissions had been received by this deadline, - though some were withdrawn before review. Authors were allowed to continue working on their papers until the second deadline, January 10. Submissions were evaluated in three phases over a period of nearly two months. The selection phase started on January 5: Program Committee m- bers began evaluating abstracts and volunteering to handle various papers. We assigned a team of people to each paper. The review phase started on January 11: Program Committee members were given access to the full papers and - gan in-depth reviews of 82 submissions. Most of the reviews were completed by February7, thebeginningofthediscussionphase.ProgramCommitteemembers were given access to other reviews and built consensus in their evaluations of the submissions. In the end the discussions included 285 full reports and 203 - ditional comments. The submissions, reviews, and subsequent discussions were handled smoothly by iChair

ACNS2009, the7thInternationalConferenceonAppliedCryptographyandN- work Security, was held in Paris-Rocquencourt, France, June 2-5, 2009. ACNS 2009 was organized by the Ecole Normale Sup erieure (ENS), the French - tional Center for Scienti?c Research (CNRS), and the French National Institute for Researchin Computer Science andControl(INRIA), in cooperationwith the InternationalAssociation for CryptologicResearch(IACR). The General Chairs of the conference were Pierre-Alain Fouque and Damien Vergnaud. Theconferencereceived150submissionsandeachsubmissionwasassignedto at least three committee members. Submissions co-authored by members of the Program Committee were assigned to at least four committee members. Due to thelargenumber ofhigh-qualitysubmissions, thereviewprocesswaschallenging andwearedeeplygratefulto the committeemembersandthe externalreviewers for their outstanding work. After meticulous deliberation, the Program C- mittee, which was chaired by Michel Abdalla and David Pointcheval, selected 32 submissions for presentation in the academic track and these are the articles that are included in this volume. Additionally, a few other submissions were selected for presentation in the non-archival industrial track. The best student paper was awarded to Ayman Jarrous for his paper "Secure Hamming Distance Based Computation and Its Applications," co-authoredwith Benny Pinkas. The review process was run using the iChair software, written by Thomas Baigneres and Matthieu Finiasz from EPFL, LASEC, Switzerland and we are indebted to them for letting us use their software. The programalso included four invited talks in addition to the academicand industrial tracks."

CRYPTO2010,the30thAnnualInternationalCryptologyConference,wassp- sored by the International Association for Cryptologic Research (IACR) in - operation with the IEEE Computer Society Technical Committee on Security and Privacy and the Computer Science Department of the University of C- ifornia at Santa Barbara. The conference was held in Santa Barbara, Calif- nia, during August 15-19, 2010, in conjunction with CHES 2010 (Workshop on Cryptographic Hardware and Embedded Systems). Zul?kar Ramzan served as the General Chair. The conference received 203 submissions. The quality of the submissions was very high, and the selection process was a challenging one. The Program C- mittee, aided by a 159 external reviewers,reviewed the submissions and after an intensive review period the committee accepted 41 of these submissions. Three submissions were merged into a single paper and two papers were merged into a single talk, yielding a total of 39 papers in the proceedings and 38 presen- tions at the conference. The revised versions of the 39 papers appearing in the proceedings were not subject to editorial review and the authors bear full - sponsibility for their contents. The best-paper award was awarded to the paper "Toward Basing Fully Homomorphic Encryption on Worst-Case Hardness" by Craig Gentry. The conference featured two invited presentations. This year we celebrated 25 years from the publication of the ground-breaking work of Sha? Goldwasser, Silvio Micali and Charles Racko? "The Knowledge Complexity of Interactive Proof-Systems.

This book constitutes the proceedings of the Second International Conference on Cryptology in Africa, AFRICACRYPT 2009, held in Gammarth, Tunisia, on June 21-25, 2009.

The 25 papers presented together with one invited talk were carefully reviewed and selected from 70 submissions. The topics covered are hash functions, block ciphers, asymmetric encryption, digital signatures, asymmetric encryption and anonymity, key agreement protocols, cryptographic protocols, efficient implementations, and implementation attacks.

Secure Computer and Network Systems

Modeling, Analysis and Design

Nong Ye, Arizona State University, USA

Computer and network systems have given us unlimited opportunities of reducing cost, improving efficiency, and increasing revenues, as demonstrated by an increasing number of computer and network applications. Yet, our dependence on computer and network systems has also exposed us to new risks, which threaten the security of, and present new challenges for protecting our assets and information on computer and network systems. The reliability of computer and network systems ultimately depends on security and quality of service (QoS) performance.

This book presents quantitative modeling and analysis techniques to address these numerous challenges in cyber attack prevention and detection for security and QoS, including:

the latest research on computer and network behavior under attack and normal use conditions;

new design principles and algorithms, which can be used by engineers and practitioners to build secure computer and network systems, enhance security practice and move to providing QoS assurance on the Internet;

mathematical and statistical methods for achieving the accuracy and timeliness of cyber attack detection with the lowest computational overhead;

guidance on managing admission control, scheduling, reservation and service of computer and network jobs to assure the service stability and end-to-end delay of those jobs even under Denial of Service attacks or abrupt demands.

"Secure Computer and Network Systems: Modeling, Analysis and Design" is an up-to-date resource for practising engineers and researchers involved in security, reliabilityand quality management of computer and network systems. It is also a must-read for postgraduate students developing advanced technologies for improving computer network dependability.

TCC 2009, the 6th Theory of Cryptography Conference, was held in San Fr- cisco, CA, USA, March 15-17, 2009. TCC 2009 was sponsored by the Inter- tional Association for Cryptologic Research (IACR) and was organized in - operation with the Applied Crypto Group at Stanford University. The General Chair of the conference was Dan Boneh. The conference received 109 submissions, of which the Program Comm- tee selected 33 for presentation at the conference. These proceedings consist of revised versions of those 33 papers. The revisions were not reviewed, and the authors bear full responsibility for the contents of their papers. The conference program also included two invited talks: "The Di?erential Privacy Frontier," given by Cynthia Dwork and "Some Recent Progress in Lattice-Based Crypt- raphy," given by Chris Peikert. I thank the Steering Committee of TCC for entrusting me with the resp- sibility for the TCC 2009 program. I thank the authors of submitted papers for their contributions. The general impression of the Program Committee is that the submissions were of very high quality, and there were many more papers we wanted to accept than we could. The review process was therefore very - warding but the selection was very delicate and challenging. I am grateful for the dedication, thoroughness, and expertise ofthe ProgramCommittee. Obse- ing the way the members of the committee operated makes me as con?dent as possible of the outcome of our selection process.

This book constitutes the refereed proceedings of the 9th International Conference on Cryptology in India, INDOCRYPT 2008, held in Kharagpur, India, in December 2008.

The 33 revised full papers were carefully reviewed and selected from 111 submissions. The papers are organized in topical sections on stream ciphers, cryptographic hash functions, public-key cryptography, security protocols, hardware attacks, block ciphers, cryptographic hardware, elliptic curve cryptography, and threshold cryptography.

The new emergingtechnologiesput new requirementsonsecurityanddata m- agement.Asdataareaccessibleanytimeanywhere,itbecomesmucheasiertoget unauthorized data access. Furthermore, the use of new technologies has brought some privacy concerns. It becomes simpler to collect, store, and search personal information thereby endangering people's privacy. Therefore, research in secure data management is gaining importance, attracting the attention of both the data management and the security research communities. The interesting pr- lems range from traditional topics, such as, access control and general database security, via privacy protection to new research directions, such as cryptogra- ically enforced access control and encrypted databases. This year, the call for papers attracted 24 papers both from universities and industry. For presentation at the workshop,the ProgramCommittee selected 10 full papers (41% acceptance rate). These papers are collected in this volume, which we hope will serve as a useful research and reference material. The papers in the proceeding are grouped into three sections. The ?rst s- tion focuses on database security which remains an important research area. The papers in this section address several interesting topics including query optimization in encrypted databases, database provenance, database intrusion detection, and con?dence policy compliant query evaluation. The second section changes the focal point to the topic of access control. The papers in this s- tion deal with provenance access control, access control model for collaborative editors, self-modifying access control policies, and enforcing access control on XML documents. The third section focuses on privacy protection addressing the privacy issues around location-based services and anonymity/diversity for the micro-data release problem.

th The 8 International Workshop on Digital Watermarking (IWDW 2009) was hosted by the University of Surrey, Guildford, Surrey, UK, during August 24 26, 2009.As with previous workshops, IWDW 2009 aimed to providea balanced program covering the latest state-of-the-art theoretical and practical devel- ments in digital watermarking, steganography and steganalysis, and the eme- ing area of image forensics. The selection of the program was a challenging task for the Technical Programme Committee members and reviewers, who ensured the highest quality and reputation of the workshop. From around 50 submissions received from authors in 14 countries, the c- mittee selected 26 regular papers (22 oral and 4 poster presentations). In - dition to the contributed papers, the workshop featured three keynote lectures on watermarking, cryptography and forensics kindly delivered by internati- ally renowned experts, Ingemar Cox, Fred Piper and Ed Delp, respectively. The regular papers and keynote lectures can be found in this proceedings volume. First of all, we would like to thank all the authors, speakers, reviewers and participants for their signi?cant contributions to the success of IWDW 2009."

The 8th International Conference on Cryptology and Network Security (CANS 2009) was held at the Ishikawa Prefectural Museum of Art in Kanazawa, Japan, during December 12-14, 2009. The conference was jointly co-organized by the NationalInstituteofAdvancedIndustrialScienceandTechnology(AIST), Japan, and the Japan Advanced Institute of Science and Technology (JAIST). In ad- tion, the event was supported by the Special Interest Group on Computer Se- rity (CSEC), IPSJ, Japan, the Japan Technical Group on Information Security (ISEC), IEICE, the Japan Technical Committee on Information and Com- nication System Security(ICSS), IEICE, and the Society of Information Theory and its Applications (SITA), Japan, and co-sponsored by the National Ins- tute of Information and Communications Technology, Japan, ComWorth Co., LTD, Japan, Hitachi, Ltd., Hokuriku Telecommunication Network Co., Inc., and Internet Initiative Japan Inc. The conference received 109 submissions from 24 countries, out of which 32 were accepted for publication in these proceedings. At least three Program Committee (PC) members reviewed each submitted paper, while submissions co-authored by a PC member were submitted to the more stringent evaluation of ?ve PC members. In addition to the PC members, many external reviewers joinedthereviewprocessintheirparticularareasofexpertise. Wewerefortunate to have this energetic team of experts, and are deeply grateful to all of them for their hard work, which included a very active discussion phase-almost as long as the initial individual reviewing period. The paper submission, review and discussion processes were e?ectively and e?ciently made possible by the Web-based system iChair.

Meet the world's top ethical hackers and explore the tools of the trade Hacking the Hacker takes you inside the world of cybersecurity to show you what goes on behind the scenes, and introduces you to the men and women on the front lines of this technological arms race. Twenty-six of the world's top white hat hackers, security researchers, writers, and leaders, describe what they do and why, with each profile preceded by a no-experience-necessary explanation of the relevant technology. Dorothy Denning discusses advanced persistent threats, Martin Hellman describes how he helped invent public key encryption, Bill Cheswick talks about firewalls, Dr. Charlie Miller talks about hacking cars, and other cybersecurity experts from around the world detail the threats, their defenses, and the tools and techniques they use to thwart the most advanced criminals history has ever seen. Light on jargon and heavy on intrigue, this book is designed to be an introduction to the field; final chapters include a guide for parents of young hackers, as well as the Code of Ethical Hacking to help you start your own journey to the top. Cybersecurity is becoming increasingly critical at all levels, from retail businesses all the way up to national security. This book drives to the heart of the field, introducing the people and practices that help keep our world secure. * Go deep into the world of white hat hacking to grasp just how critical cybersecurity is * Read the stories of some of the world's most renowned computer security experts * Learn how hackers do what they do no technical expertise necessary * Delve into social engineering, cryptography, penetration testing, network attacks, and more As a field, cybersecurity is large and multi-faceted yet not historically diverse. With a massive demand for qualified professional that is only going to grow, opportunities are endless. Hacking the Hacker shows you why you should give the field a closer look.

This book constitutes the refereed proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2009, held in Tokyo, Japan, in December 2009.

The 41 revised full papers presented were carefully reviewed and selected from 298 submissions. The papers are organized in topical sections on block ciphers, quantum and post-quantum, hash functions I, encryption schemes, multi party computation, cryptographic protocols, hash funtions II, models and frameworks I, cryptoanalysis: square and quadratic, models and framework II, hash functions III, lattice-based, and side channels.

The 16th Workshop on Selected Areas in Cryptography (SAC 2009) was held at the University of Calgary,in Calgary, Alberta, Canada, during August 13-14, 2009. There were 74 participants from 19 countries. Previous workshops in this series were held at Queens University in Kingston (1994, 1996, 1998, 1999, and 2005), Carleton University in Ottawa (1995, 1997, and 2003), University of - terloo (2000 and 2004), Fields Institute in Toronto (2001), Memorial University of Newfoundland in St. Johns (2002), Concordia University in Montreal (2006), University of Ottawa (2007), and Mount Allison University in Sackville (2008). The themes for SAC 2009 were: 1. Design and analysis of symmetric key primitives and cryptosystems, incl- ing block and stream ciphers, hash functions, and MAC algorithms 2. E?cient implementations of symmetric and public key algorithms 3. Mathematical and algorithmic aspects of applied cryptology 4. Privacy enhancing cryptographic systems This included the traditional themes (the ?rst three) together with a special theme for 2009 workshop (fourth theme).

Since the mid 1990s, data hiding has been proposed as an enabling technology for securing multimedia communication, and is now used in various applications including broadcast monitoring, movie fingerprinting, steganography, video indexing and retrieval, and image authentication. Data hiding and cryptographic techniques are often combined to complement each other, thus triggering the development of a new research field of multimedia security. Besides, two related disciplines, steganalysis and data forensics, are increasingly attracting researchers and becoming another new research field of multimedia security. This journal, LNCS Transactions on Data Hiding and Multimedia Security, aims to be a forum for all researchers in these emerging fields, publishing both original and archival research results.

This third issue contains five contributions in the areas of steganography and digital watermarking. The first two papers deal with the security of steganographic systems; the third paper presents a novel image steganographic scheme. Finally, this volume includes two papers that focus on digital watermarking and data hiding. The fourth paper introduces and analyzes a new covert channel and the fifth contribution analyzes the performance of additive attacks against quantization-based data hiding methods.

CHES 2009, the 11th workshop on Cryptographic Hardware and Embedded Systems, was held in Lausanne, Switzerland, September 6-9, 2009. The wo- shop was sponsored by the International Association for Cryptologic Research (IACR). The workshop attracted a record number of 148 submissions from 29 co- tries, of which the Program Committee selected 29 for publication in the wo- shop proceedings, resulting in an acceptance rate of 19.6%, the lowest in the history of CHES. The review process followed strict standards: each paper - ceived at least four reviews, and some asmanyaseightreviews.Membersofthe Program Committee were restricted to co-authoring at most two submissions, and their papers were evaluated by an extended number of reviewers. The ProgramCommittee included 53 members representing 20 countries and ?ve continents. These members were carefully selected to represent academia, industry, and government, as well as to include world-class experts in various research ?elds of interest to CHES. The Program Committee was supported by 148 external reviewers. The total number of people contributing to the - view process, including Program Committee members, external reviewers, and Program Co-chairs, exceeded 200. The papers collected in this volume represent cutting-edge worldwide - search in the rapidly growing and evolving area of cryptographic engineering.