Every day, organizations large and small fall victim to attacks on their data. Encryption provides a shield to help defend against intruders. Because of increasing pressure from government regulators, consumers, and the business community at large, the job descriptions of SQL DBAs and developers are expanding to include encryption. Expert SQL Server 2008 Encryption will show you how to efficiently implement SQL Server 2008 encryption functionality and features to secure your organizational data.Introduces encryption, guiding readers through its implementation in SQL Server Demonstrates advanced techniques such as the use of hardware security modules Covers all that a SQL Server database administrator needs to know about encryption What you'll learn Take advantage of hardware security modules via extensible key management Implement targeted encryption of individual columns Secure an entire database at once with Transparent Data Encryption Encrypt disk volumes using BitLocker encryption Effectively design and manage encryption as part of your total security solution Digitally sign documents stored in your database Who this book is for

The audience for this book includes SQL Server DBAs, SQL developers, and .NET developers who want to take advantage of the powerful encryption functionality available in SQL Server 2008. The features of SQL Server 2008 provide a powerful set of tools to secure your most sensitive data, helping protect it from theft. Table of Contents Introduction to Encryption Encryption Key Management Symmetric Encryption Asymmetric Encryption Extensible Key Management Transparent Data Encryption Hashing SQL CLR Cryptography Indexing Encrypted Data Encrypting Connections to SQL Server 2008 Regulatory Requirements

* Shows how to improve Windows desktop and server security by configuring default security before installing off-the-shelf security products* Educates readers about the most significant security threats, building the ultimate defense, operating system hardening, application security, and automating security* As a security consultant, the author has an impressive record-of his clients, not one who followed his recommendations has suffered a virus, worm, Trojan, or successful hacker attack in the past five years* The companion Web site includes author-created custom security templates and group policies that will automate advice given in the book

Praise for "Sarbanes-Oxley Guide for Finance and Information Technology Professionals"

"Effective SOX programs enlist the entire organization to build and monitor a compliant control environment. However, even the best SOX programs are inefficient at best, ineffective at worst, if there is a lack of informed, competent finance and IT personnel to support the effort. This book provides these important professionals a needed resource for and road map toward successfully implementing their SOX initiative."
--Scott Green Chief Administrative Officer, Weil, Gotshal & Manges LLP and author, "Sarbanes-Oxley and the Board of Directors"

"As a former CFO and CIO, I found this book to be an excellent synopsis of SOX, with impressive implementation summaries and checklists."
--Michael P. Cangemi CISA, Editor in Chief, "Information Systems Control Journal" and author, "Managing the Audit Function"

"An excellent introduction to the Sarbanes-Oxley Act from the perspective of the financial and IT professionals that are on the front lines of establishing compliance in their organizations. The author walks through many areas by asking 'what can go wrong' types of questions, and then outlines actions that should be taken as well as the consequences of noncompliance. This is a good book to add to one's professional library "
--Robert R. Moeller Author, "Sarbanes-Oxley and the New Internal Auditing Rules"

"Mr. Anand has compiled a solid overview of the control systems needed for not only accounting systems, but also the information technologies that support those systems. Among the Sarbanes books on the market, his coverage of both topics is unique."
--Steven M. Bragg Author, "Accounting Best Practices"

"An excellent overview of the compliance process. A must-read for anyone who needs to get up to speed quickly with Sarbanes-Oxley."
--Jack Martin Publisher, "Sarbanes-Oxley Compliance Journal"

"This book is the encyclopedia of phishing. It provides views from the payment, human, and technical perspectives. The material is remarkably readable--each chapter is contributed by an expert on that topic, but none require specialized background on the part of the reader. The text will be useful for any professional who seeks to understand phishing."
--Directors of the International Financial Cryptography Association (IFCA)

Phishing attacks, or the practice of deceiving people into revealing sensitive data on a computer system, continue to mount. Here is the information you need to understand how phishing works, how to detect it, and how to prevent it.

"Phishing and Countermeasures" begins with a technical introduction to the problem, setting forth the tools and techniques that phishers use, along with current security technology and countermeasures that are used to thwart them. Readers are not only introduced to current techniques of phishing, but also to emerging and future threats and the countermeasures that will be needed to stop them. The potential and limitations of all countermeasures presented in the text are explored in detail. In spite of the fact that phishing attacks constantly evolve, much of the material in this book will remain valid, given that the book covers the general principles as much as actual instances of phishing.

While delving into a myriad of countermeasures and defense strategies, the authors also focus on the role of the user in preventing phishing attacks. The authors assert that countermeasures often fail not for technical reasons, but rather because users are unable or unwilling to use them. In response, the authors present a number ofcountermeasures that are simple for users to implement, or that can be activated without a user's direct participation. Moreover, the authors propose strategies for educating users. The text concludes with a discussion of how researchers and security professionals can ethically and legally perform phishing experiments to test the effectiveness of their defense strategies against the strength of current and future attacks.

Each chapter of the book features an extensive bibliography to help readers explore individual topics in greater depth. With phishing becoming an ever-growing threat, the strategies presented in this text are vital for technical managers, engineers, and security professionals tasked with protecting users from unwittingly giving out sensitive data. It is also recommended as a textbook for students in computer science and informatics.

Archiving has become an increasingly complex process. The challenge is no longer how to store the data but how to store it intelligently, in order to exploit it over time, while maintaining its integrity and authenticity. Digital technologies bring about major transformations, not only in terms of the types of documents that are transferred to and stored in archives, in the behaviors and practices of the humanities and social sciences (digital humanities), but also in terms of the volume of data and the technological capacity for managing and preserving archives (Big Data). Archives in The Digital Age focuses on the impact of these various digital transformations on archives, and examines how the right to memory and the information of future generations is confronted with the right to be forgotten; a digital prerogative that guarantees individuals their private lives and freedoms.

This book constitutes the refereed proceedings of the 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2011, held in Tallinn, Estonia, in May 2011. The 31 papers, presented together with 2 invited talks, were carefully reviewed and selected from 167 submissions. The papers are organized in topical sections on lattice-base cryptography, implementation and side channels, homomorphic cryptography, signature schemes, information-theoretic cryptography, symmetric key cryptography, attacks and algorithms, secure computation, composability, key dependent message security, and public key encryption.

RSA is a public-key cryptographic system, and is the most famous and widely-used cryptographic system in today's digital world. Cryptanalytic Attacks on RSA, a professional book, covers almost all known cryptanalytic attacks and defenses of the RSA cryptographic system and its variants. Since RSA depends heavily on computational complexity theory and number theory, background information on complexity theory and number theory is presented first, followed by an account of the RSA cryptographic system and its variants.

This book is also suitable as a secondary text for advanced-level students in computer science and mathematics.

The RSA Conference is an annual event that attracts hundreds of vendors and thousands of participants from industry and academia. Since 2001, the conf- ence has included an academic Cryptographers'Track (CT-RSA). This year was the 10th anniversary of CT-RSA. Since its conception, the CT-RSA conference has become a major avenue for publishing high-quality research papers. The RSA conference was held in San Francisco, California, during March 1-5, 2010. This year we received94 submissions. Eachpaper gotassignedto three ref- ees. Papers submitted by the members of the Program Committee got assigned to?vereferees.Inthe?rststageofthereviewprocess, thesubmittedpaperswere read and evaluated by the ProgramCommittee members and then in the second stage, the papers were scrutinized during an extensive discussion. Finally, the Program Committee chose 25 papers to be included in the conference program. The authors of the accepted papers had two weeks for revision and preparation of ?nal versions.The revised papers were not subject to editorial review and the authors bear full responsibility for their contents. The submission and review process was supported by the iChair conference submission server. We thank Matthiew Finiasz and Thomas Baign eres for letting us use iChair. The conf- ence proceedings were published by Springer in this volume of Lecture Notes in Computer Science.

This book constitutes the refereed proceedings of the 12th IMA International Conference on Cryptography and Coding, held in Cirencester, UK in December 2009.

The 26 revised full papers presented together with 3 invited contributions were carefully reviewed and selected from 53 submissions. The papers are organized in topical sections on coding theory, symmetric cryptography, security protocols, asymmetric cryptography, Boolean functions and side channels and implementations.

Secure Computer and Network Systems

Modeling, Analysis and Design

Nong Ye, Arizona State University, USA

Computer and network systems have given us unlimited opportunities of reducing cost, improving efficiency, and increasing revenues, as demonstrated by an increasing number of computer and network applications. Yet, our dependence on computer and network systems has also exposed us to new risks, which threaten the security of, and present new challenges for protecting our assets and information on computer and network systems. The reliability of computer and network systems ultimately depends on security and quality of service (QoS) performance.

This book presents quantitative modeling and analysis techniques to address these numerous challenges in cyber attack prevention and detection for security and QoS, including:

the latest research on computer and network behavior under attack and normal use conditions;

new design principles and algorithms, which can be used by engineers and practitioners to build secure computer and network systems, enhance security practice and move to providing QoS assurance on the Internet;

mathematical and statistical methods for achieving the accuracy and timeliness of cyber attack detection with the lowest computational overhead;

guidance on managing admission control, scheduling, reservation and service of computer and network jobs to assure the service stability and end-to-end delay of those jobs even under Denial of Service attacks or abrupt demands.

"Secure Computer and Network Systems: Modeling, Analysis and Design" is an up-to-date resource for practising engineers and researchers involved in security, reliabilityand quality management of computer and network systems. It is also a must-read for postgraduate students developing advanced technologies for improving computer network dependability.

The 8th International Conference on Cryptology and Network Security (CANS 2009) was held at the Ishikawa Prefectural Museum of Art in Kanazawa, Japan, during December 12-14, 2009. The conference was jointly co-organized by the NationalInstituteofAdvancedIndustrialScienceandTechnology(AIST), Japan, and the Japan Advanced Institute of Science and Technology (JAIST). In ad- tion, the event was supported by the Special Interest Group on Computer Se- rity (CSEC), IPSJ, Japan, the Japan Technical Group on Information Security (ISEC), IEICE, the Japan Technical Committee on Information and Com- nication System Security(ICSS), IEICE, and the Society of Information Theory and its Applications (SITA), Japan, and co-sponsored by the National Ins- tute of Information and Communications Technology, Japan, ComWorth Co., LTD, Japan, Hitachi, Ltd., Hokuriku Telecommunication Network Co., Inc., and Internet Initiative Japan Inc. The conference received 109 submissions from 24 countries, out of which 32 were accepted for publication in these proceedings. At least three Program Committee (PC) members reviewed each submitted paper, while submissions co-authored by a PC member were submitted to the more stringent evaluation of ?ve PC members. In addition to the PC members, many external reviewers joinedthereviewprocessintheirparticularareasofexpertise. Wewerefortunate to have this energetic team of experts, and are deeply grateful to all of them for their hard work, which included a very active discussion phase-almost as long as the initial individual reviewing period. The paper submission, review and discussion processes were e?ectively and e?ciently made possible by the Web-based system iChair.

The 16th Workshop on Selected Areas in Cryptography (SAC 2009) was held at the University of Calgary,in Calgary, Alberta, Canada, during August 13-14, 2009. There were 74 participants from 19 countries. Previous workshops in this series were held at Queens University in Kingston (1994, 1996, 1998, 1999, and 2005), Carleton University in Ottawa (1995, 1997, and 2003), University of - terloo (2000 and 2004), Fields Institute in Toronto (2001), Memorial University of Newfoundland in St. Johns (2002), Concordia University in Montreal (2006), University of Ottawa (2007), and Mount Allison University in Sackville (2008). The themes for SAC 2009 were: 1. Design and analysis of symmetric key primitives and cryptosystems, incl- ing block and stream ciphers, hash functions, and MAC algorithms 2. E?cient implementations of symmetric and public key algorithms 3. Mathematical and algorithmic aspects of applied cryptology 4. Privacy enhancing cryptographic systems This included the traditional themes (the ?rst three) together with a special theme for 2009 workshop (fourth theme).

BUILDING SECURE CARS Explores how the automotive industry can address the increased risks of cyberattacks and incorporate security into the software development lifecycle While increased connectivity and advanced software-based automotive systems provide tremendous benefits and improved user experiences, they also make the modern vehicle highly susceptible to cybersecurity attacks. In response, the automotive industry is investing heavily in establishing cybersecurity engineering processes. Written by a seasoned automotive security expert with abundant international industry expertise, Building Secure Cars: Assuring the Automotive Software Development Lifecycle introduces readers to various types of cybersecurity activities, measures, and solutions that can be applied at each stage in the typical automotive development process. This book aims to assist auto industry insiders build more secure cars by incorporating key security measures into their software development lifecycle. Readers will learn to better understand common problems and pitfalls in the development process that lead to security vulnerabilities. To overcome such challenges, this book details how to apply and optimize various automated solutions, which allow software development and test teams to identify and fix vulnerabilities in their products quickly and efficiently. This book balances technical solutions with automotive technologies, making implementation practical. Building Secure Cars is: One of the first books to explain how the automotive industry can address the increased risks of cyberattacks, and how to incorporate security into the software development lifecycle An optimal resource to help improve software security with relevant organizational workflows and technical solutions A complete guide that covers introductory information to more advanced and practical topics Written by an established professional working at the heart of the automotive industry Fully illustrated with tables and visuals, plus real-life problems and suggested solutions to enhance the learning experience This book is written for software development process owners, security policy owners, software developers and engineers, and cybersecurity teams in the automotive industry. All readers will be empowered to improve their organizations' security postures by understanding and applying the practical technologies and solutions inside.

CRYPTO2010,the30thAnnualInternationalCryptologyConference,wassp- sored by the International Association for Cryptologic Research (IACR) in - operation with the IEEE Computer Society Technical Committee on Security and Privacy and the Computer Science Department of the University of C- ifornia at Santa Barbara. The conference was held in Santa Barbara, Calif- nia, during August 15-19, 2010, in conjunction with CHES 2010 (Workshop on Cryptographic Hardware and Embedded Systems). Zul?kar Ramzan served as the General Chair. The conference received 203 submissions. The quality of the submissions was very high, and the selection process was a challenging one. The Program C- mittee, aided by a 159 external reviewers,reviewed the submissions and after an intensive review period the committee accepted 41 of these submissions. Three submissions were merged into a single paper and two papers were merged into a single talk, yielding a total of 39 papers in the proceedings and 38 presen- tions at the conference. The revised versions of the 39 papers appearing in the proceedings were not subject to editorial review and the authors bear full - sponsibility for their contents. The best-paper award was awarded to the paper "Toward Basing Fully Homomorphic Encryption on Worst-Case Hardness" by Craig Gentry. The conference featured two invited presentations. This year we celebrated 25 years from the publication of the ground-breaking work of Sha? Goldwasser, Silvio Micali and Charles Racko? "The Knowledge Complexity of Interactive Proof-Systems.

The Joint Workshop on "Automated Reasoning for Security Protocol Analysis and Issues in the Theory of Security" (ARSPA-WITS 2009) was held in York, UK, March 28-29, 2009, in association with ETAPS 2009. ARSPA is a series of workshops on "Automated Reasoning for Security P- tocol Analysis," bringing together researchers and practitioners from both the security andthe formalmethods communities,from academiaand industry,who are working on developing and applying automated reasoning techniques and tools for the formal speci?cation and analysis of security protocols. The ?rst two ARSPA workshops were held as satellite events of the Second International JointConferenceon Automated Reasoning(IJCAR 2004)andof the 32nd Int- nationalColloquiumonAutomata,LanguagesandProgramming(ICALP2005), respectively. ARSPA then joined forces with the workshop FCS (Foundations of Computer Security): FCS-ARSPA 2006 was a?liated with LICS 2006, in the context of FLoC 2006,and FCS-ARSPA 2007 was a?liated with LICS 2007 and ICALP 2007. WITSistheo?cialannualworkshoporganizedbytheIFIP WG1.7on"T- oretical Foundations of Security Analysis and Design," established to promote the investigation on the theoretical foundations of security, discovering and p- moting new areas of application of theoretical techniques in computer security and supporting the systematic use of formal techniques in the development of security-related applications. This is the ninth meeting in the series. In 2008, ARSPA and WITS joined with the workshop on Foundations of Computer - curityFCSforajointworkshop,FCS-ARSPA-WITS2008,associatedwithLICS 2008 and CSF 21.

This volume contains the proceedings of the 13th International Conference on Financial Cryptography and Data Security, held at the Accra Beach Hotel and Resort, Barbados, February 23-26, 2009. Financial Cryptography and Data Security (FC) is a well-established int- national forum for research, advanced development, education, exploration and debate regarding information assurance in the context of ?nance and commerce. The conference covers all aspects of securing transactions and systems. The goal of FC is to bring security and cryptography researchers and pr- titioners together with economists, bankers, and policy makers. This year, we assembled a vibrant program featuring 21 peer-reviewed research paper pres- tations, two panels (on the economics of information security and on authen- cation), and a keynote address by David Dagon. Despite a proliferation of security and cryptography venues, FC continues to receive a large number of high-quality submissions. This year, we received 91 submissions(75full-lengthpapers,15shortpapersand1panel).Eachsubmission was reviewed by at least three reviewers. Following a rigorous selection, ranking and discussion process, the Program Committee accepted 20 full-length papers, 1 short paper and 1 panel. The overall acceptance rate was 24%.

The book in front of you contains the proceedings of SAC 2008, the 15th - nual Workshop on Selected Areas in Cryptography. SAC 2008 took place during August 14-15 at Mount Allison University, Sackville, New Brunswick, Canada. This was the ?rst time that SAC was hosted in New Brunswick, and the second time in an Atlantic Canadian province. Previous SAC workshops were held at Queen's University in Kingston (1994, 1996, 1998, 1999, and 2005), at Carleton University in Ottawa (1995, 1997, 2003), at the University of Waterloo (2000, 2004), at the Fields Institute in Toronto (2001), at Memorial University of N- foundland at St. John's (2002), at Concordia University in Montreal (2006) and at the University of Ottawa (2007). The intent ofthe workshopseriesis to provide a relaxedatmospherein which researchers in cryptography can present and discuss new work on selected areas of current interest. The SAC workshop series has ?rmly established itself as an international forum for intellectual exchange in cryptological research. Theresponsibilityforchoosingthe venueofeachSACworkshopandappoi- ingtheCo-chairslieswiththeSACOrganizingBoard.TheCo-chairsthenchoose the Program Committee in consultation with the Board. Hence, we would like to expressour gratitudeto the SAC OrganizingBoardfor giving usthe mandate to organize SAC 2008, and for their invaluable feedback while assembling the Program Committee.

The new emergingtechnologiesput new requirementsonsecurityanddata m- agement.Asdataareaccessibleanytimeanywhere,itbecomesmucheasiertoget unauthorized data access. Furthermore, the use of new technologies has brought some privacy concerns. It becomes simpler to collect, store, and search personal information thereby endangering people's privacy. Therefore, research in secure data management is gaining importance, attracting the attention of both the data management and the security research communities. The interesting pr- lems range from traditional topics, such as, access control and general database security, via privacy protection to new research directions, such as cryptogra- ically enforced access control and encrypted databases. This year, the call for papers attracted 24 papers both from universities and industry. For presentation at the workshop,the ProgramCommittee selected 10 full papers (41% acceptance rate). These papers are collected in this volume, which we hope will serve as a useful research and reference material. The papers in the proceeding are grouped into three sections. The ?rst s- tion focuses on database security which remains an important research area. The papers in this section address several interesting topics including query optimization in encrypted databases, database provenance, database intrusion detection, and con?dence policy compliant query evaluation. The second section changes the focal point to the topic of access control. The papers in this s- tion deal with provenance access control, access control model for collaborative editors, self-modifying access control policies, and enforcing access control on XML documents. The third section focuses on privacy protection addressing the privacy issues around location-based services and anonymity/diversity for the micro-data release problem.

CHES 2009, the 11th workshop on Cryptographic Hardware and Embedded Systems, was held in Lausanne, Switzerland, September 6-9, 2009. The wo- shop was sponsored by the International Association for Cryptologic Research (IACR). The workshop attracted a record number of 148 submissions from 29 co- tries, of which the Program Committee selected 29 for publication in the wo- shop proceedings, resulting in an acceptance rate of 19.6%, the lowest in the history of CHES. The review process followed strict standards: each paper - ceived at least four reviews, and some asmanyaseightreviews.Membersofthe Program Committee were restricted to co-authoring at most two submissions, and their papers were evaluated by an extended number of reviewers. The ProgramCommittee included 53 members representing 20 countries and ?ve continents. These members were carefully selected to represent academia, industry, and government, as well as to include world-class experts in various research ?elds of interest to CHES. The Program Committee was supported by 148 external reviewers. The total number of people contributing to the - view process, including Program Committee members, external reviewers, and Program Co-chairs, exceeded 200. The papers collected in this volume represent cutting-edge worldwide - search in the rapidly growing and evolving area of cryptographic engineering.

This volume contains the 12 papers presented at the WISTP 2009 conference, held in Brussels, Belgium in September 2009. WISTP 2009 was the third int- national workshop devoted to information security theory and practice. WISTP 2009 built on the successful WISTP 2007 and 2008 conferences, held in Heraklion, Crete, Greece and Seville, Spain in May 2007 and May 2008, - spectively. The proceedings of WISTP 2007 and WISTP 2008 were published as volumes 4462 and 5019 of the Lecture Notes in Computer Science series. This workshop received the following support: - Co-sponsored by IFIP WG 11. 2 Small System Security - Co-sponsored by VDE ITG - Technical sponsorship of the IEEE Systems, Man & Cybernetics Society - Supported by the Technical Committee on Systems Safety and Security - Organized in cooperation with the ACM SIGSAC - Supported by ENISA - Supported by the Institute for Systems and Technologies of Information, Control and Communication (INSTICC) These proceedings contain 12 original papers covering a range of theoretical and practical topics in information security. For the purposes of the organi- tion of the WISTP program, the papers were divided into four main categories, namely: - Mobility - Attacks and Secure Implementations - Performance and Security - Cryptography The12papersincludedherewereselectedfromatotalof27submissions. The refereeing process was rigorous,involving at least three (and mostly four or ?ve) independent reports being prepared for each submission.

These are the proceedings of Eurocrypt 2010, the 29th in the series of Eu- pean conferences on the Theory and Application of Cryptographic Techniques. The conference was sponsored by the International Association for Cryptologic Research and held on the French Riviera, May 30-June 3, 2010. A total of 191 papers were received of which 188 were retained as valid submissions. These were each assigned to at least three Program Committee members and a total of 606 review reports were produced. The printed record of the reviews and extensive online discussions that followed would be almost as voluminous as these proceedings. In the end 35 submissions were accepted with twosubmissionpairsbeingmergedtogive33paperspresentedattheconference. The ?nal papers in these proceedings were not subject to a second review before publication and the authors are responsible for their contents. The ProgramCommittee, listed on the next page, deservesparticular thanks for all their hard work, their outstanding expertise, and their constant c- mitment to all aspects of the evaluation process. These thanks are of course extended to the very many external reviewers who took the time to help out during the evaluation process.It was also a greatpleasure to honor and welcome Moti Yung who gave the 2010 IACR Distinguished Lecture.

th The 8 International Workshop on Digital Watermarking (IWDW 2009) was hosted by the University of Surrey, Guildford, Surrey, UK, during August 24 26, 2009.As with previous workshops, IWDW 2009 aimed to providea balanced program covering the latest state-of-the-art theoretical and practical devel- ments in digital watermarking, steganography and steganalysis, and the eme- ing area of image forensics. The selection of the program was a challenging task for the Technical Programme Committee members and reviewers, who ensured the highest quality and reputation of the workshop. From around 50 submissions received from authors in 14 countries, the c- mittee selected 26 regular papers (22 oral and 4 poster presentations). In - dition to the contributed papers, the workshop featured three keynote lectures on watermarking, cryptography and forensics kindly delivered by internati- ally renowned experts, Ingemar Cox, Fred Piper and Ed Delp, respectively. The regular papers and keynote lectures can be found in this proceedings volume. First of all, we would like to thank all the authors, speakers, reviewers and participants for their signi?cant contributions to the success of IWDW 2009."

Africacrypt 2010, the Third International Conference on Cryptology in Africa, took place May 3-6, 2010 in Stellenbosch, South Africa. The General Chairs, Riaal Domingues from the South African Communications and Security Agency and Christine Swart from the University of Cape Town, were always a pleasure to work with and did an outstanding job with the local arrangements. We are deeplythankfulthat theyagreedto hostAfricacrypt2010with onlyfour months notice after unanticipated events forced a change of location. The Africacrypt 2010 submission deadline was split into two. Authors s- mitting paperswererequiredto registertitles andabstractsby the ?rstdeadline, January 5. A total of 121 submissions had been received by this deadline, - though some were withdrawn before review. Authors were allowed to continue working on their papers until the second deadline, January 10. Submissions were evaluated in three phases over a period of nearly two months. The selection phase started on January 5: Program Committee m- bers began evaluating abstracts and volunteering to handle various papers. We assigned a team of people to each paper. The review phase started on January 11: Program Committee members were given access to the full papers and - gan in-depth reviews of 82 submissions. Most of the reviews were completed by February7, thebeginningofthediscussionphase.ProgramCommitteemembers were given access to other reviews and built consensus in their evaluations of the submissions. In the end the discussions included 285 full reports and 203 - ditional comments. The submissions, reviews, and subsequent discussions were handled smoothly by iChair

ACNS2009, the7thInternationalConferenceonAppliedCryptographyandN- work Security, was held in Paris-Rocquencourt, France, June 2-5, 2009. ACNS 2009 was organized by the Ecole Normale Sup erieure (ENS), the French - tional Center for Scienti?c Research (CNRS), and the French National Institute for Researchin Computer Science andControl(INRIA), in cooperationwith the InternationalAssociation for CryptologicResearch(IACR). The General Chairs of the conference were Pierre-Alain Fouque and Damien Vergnaud. Theconferencereceived150submissionsandeachsubmissionwasassignedto at least three committee members. Submissions co-authored by members of the Program Committee were assigned to at least four committee members. Due to thelargenumber ofhigh-qualitysubmissions, thereviewprocesswaschallenging andwearedeeplygratefulto the committeemembersandthe externalreviewers for their outstanding work. After meticulous deliberation, the Program C- mittee, which was chaired by Michel Abdalla and David Pointcheval, selected 32 submissions for presentation in the academic track and these are the articles that are included in this volume. Additionally, a few other submissions were selected for presentation in the non-archival industrial track. The best student paper was awarded to Ayman Jarrous for his paper "Secure Hamming Distance Based Computation and Its Applications," co-authoredwith Benny Pinkas. The review process was run using the iChair software, written by Thomas Baigneres and Matthieu Finiasz from EPFL, LASEC, Switzerland and we are indebted to them for letting us use their software. The programalso included four invited talks in addition to the academicand industrial tracks."

The biennial International Workshop on Coding and Cryptology (IWCC) aims to bring together many of the world's greatest minds in coding and crypt- ogy to share ideas and exchange knowledge related to advancements in c- ing and cryptology, amidst an informal setting conducive for interaction and collaboration. It is well known that fascinating connections exist between coding and cr- tology. Therefore this workshop series was organized to facilitate a fruitful - teraction and stimulating discourse among experts from these two areas. The inaugural IWCC was held at Wuyi Mountain, Fujian Province, China, during June 11-15, 2007 and attracted over 80 participants. Following this s- cess, the second IWCC was held June 1-5, 2009 at Zhangjiajie, Hunan Province, China. Zhangjiajie is one of the most scenic areas in China. The proceedings of this workshop consist of 21 technical papers, covering a wide range of topics in coding and cryptology, as well as related ?elds such as combinatorics. All papers, except one, are contributed by the invited speakers of the workshop and each paper has been carefully reviewed. We are grateful to the external reviewers for their help, which has greatly strengthened the quality of the proceedings. IWCC 2009 was co-organizedby the National University of Defense Techn- ogy (NUDT), China and Nanyang Technological University (NTU), Singapore. We acknowledge with gratitude the ?nancial support from NUDT. We wouldliketo expressourthanks to Springer formaking it possible forthe proceedings to be published in the Lecture Notes in Computer Science series.