Althoughcryptographyandsecuritytechniqueshavebeenaroundfor quitesome time, emerging technologies such as ubiquitous computing and ambient intel- gence that exploit increasingly interconnected networks, mobility and pers- alization put new requirements on security with respect to data management. As data is accessible anytime anywhere, according to these new concepts, it - comes much easier to get unauthorized data access. Furthermore, it becomes simpler to collect, store, and search personal information and endanger people's privacy. Therefore, researchin the area of secure data management is of growing importance, attracting the attention of both the data management and security researchcommunities.Theinterestingproblemsrangefromtraditionalones, such as access control (with all variations, like dynamic, context-aware, role-based), database security (e.g., e?cient database encryption schemes, search over - crypted data, etc.), and privacy-preserving data mining to controlled sharing of data. In addition to the aforementioned subject, this year we also called for - pers devoted to secure data management in healthcare as a domain where data security and privacy issues are traditionally important. The call for papers - tracted 38 papers both from universities and industry. The ProgramCommittee selected 16 research papers for presentation at the workshop. These papers are also collected in this volume which we hope will serve you as a useful research and reference material.

This book constitutes the refereed proceedings of the Second SKLOIS Conference on Information Security and Cryptology, Inscrypt 2006, held in Beijing, China in November/December 2006. The 23 revised full papers cover digital signature schemes, sequences and stream ciphers, symmetric-key cryptography, cryptographic schemes, network security, access control, computer and applications security, as well as Web and media security.

This book constitutes the refereed proceedings of the 9th International Conference on Information Security and Cryptology, ICISC 2006, held in Busan, Korea in November/December 2006.

The 26 revised full papers presented together with two invited talks have gone through two rounds of reviewing and improvement and were selected from 129 submissions. The papers are organized in topical sections on hash functions, block and stream ciphers, efficient implementation and hardware, network security and access control, mobile communications security, forensics, copyright protection, biometrics, public key cryptosystems, and digital signatures.

This book constitutes the refereed proceedings of the 9th International Conference on Information Security, ISC 2006, held on Samos Island, Greece in August/September 2006.

The 38 revised full papers presented were carefully reviewed and selected from 188 submissions. The papers are organized in topical sections on software security, privacy and anonymity, block ciphers and hash functions, digital signatures, stream ciphers, encryption, pervasive computing, network security, watermarking and digital rights management, intrusion detection and worms, key exchange, security protocols and formal methods, and information systems security.

The 7th International Conference on Information Security and Cryptology was organized by the Korea Institute of Information Security and Cryptology (KIISC) and was sponsored by the Ministry of Information and Communi- tion of Korea. The conference received 194 submissions, and the Program Committee - lected 34 of these for presentation. The conference program included two invited lectures.MikeReiterspokeon"Securityby, andfor, ConvergedMobileDevices." And Frank Stajano spoke on "Security for Ubiquitous Computing." We would like to ?rst thank the many researchers from all over the world who subm- ted their work to this conference. An electronic submission process was ava- able. The submission review process had two phases. In the ?rst phase, Program Committeememberscompiledreports(assistedattheirdiscretionbysubreferees of their choice, but without interaction with other Program Committee m- bers) and entered them, via a Web interface, into the Web Review software. We would like to thank the developers, Bart Preneel, Wim Moreau, and Joris Claessens. Without the Web Review system, the whole review process would not have been possible. In the second phase, Program Committee members used the software to browse each other's reports, and discuss and update their own reports.WeareextremelygratefultotheProgramCommittee membersfortheir enormous investment of time, e?ort, and adrenaline in the di?cult and delicate process of review and selection.

The ?rst workshop in this series was held at the International Computer S- ence Institute in Berkeley and was published as LNCS 2009 under the name "Workshop on Design Issues in Anonymity and Unobservability." Subsequent Privacy Enhancing Technologies (PET) workshops met in San Francisco in 2002 (LNCS2482)andDresdenin2003(LNCS2760).Thisvolume, LNCS3424, holds the proceedings from PET 2004 in Toronto. Our 2005 meeting is scheduled for Dubrovnik, and we hope to keep ?nding new and interesting places to visit on both sides of the Atlantic - or beyond. An event like PET 2004 would be impossible without the work and dedi- tion of many people. First and foremost we thank the authors, who wrote and submitted 68 full papers or panel proposals, 21 of which appear herein. The Program Committee produced 163 reviews in total. Along the way, they were assisted in reviewing by Steven Bishop, Rainer Bohme, Sebastian Clauss, Claudia D ?az, Richard E. Newman, Ulrich Flegel, Elke Franz, Stefan Kopsell, Thomas Kriegelstein, Markus Kuhn, Stephen Lewis, Luc Longpre, Steven M- doch, Shishir Nagaraja, Thomas Nowey, Peter Palfrader, Lexi Pimenidis, Klaus Ploessl, Sivaramakrishnan Rajagopalan, Marc Rennhard, Leo Reyzin, Pankaj Rohatgi, Naouel Ben Salem, Sandra Steinbrecher, Mike Szydlo, Shabsi Wal?sh, Jie Wang, Brandon Wiley, and Shouhuai Xu."

This book constitutes the refereed proceedings of the International Workshop on Intelligence and Security Informatics, WISI 2006, held in Singapore in conjunction with the 10th Pacific-Asia Conference on Knowledge Discovery and Data Mining. The 32 papers presented together with the abstract of the keynote talk were carefully reviewed. The papers are organized in sections on Web and text mining for terrorism informatics, cybercrime analysis, network security, and crime data mining.

The 5th International Workshop on Information Security Applications (WISA 2004) was held in Jeju Island, Korea during August 23-25, 2004. The workshop was sponsored by the Korea Institute of Information Security and Cryptology (KIISC), the Electronics and Telecommunications Research Institute (ETRI) and the Ministry of Information and Communication (MIC). The aim of the workshop is to serve as a forum for new conceptual and - perimental research results in the area of information security applications from the academic community as well as from the industry. The workshop program covers a wide range of security aspects including cryptography, cryptanalysis, network/system security and implementation aspects. The programcommittee received169 papersfrom 22 countries, andaccepted 37 papers for a full presentation track and 30 papers for a short presentation track. Each paper was carefully evaluated through peer-review by at least three members of the programcommittee. This volume contains revised versions of 36 papers accepted and presented in the full presentation track. Short papers were only published in the WISA 2004 pre-proceedings as preliminary versions and are allowed to be published elsewhere as extended versions. In addition to the contributed papers, Professors Gene Tsudik and Ross Andersongaveinvitedtalks, entitledSecurityinOutsourcedDatabasesandWhat does 'Security' mean for Ubiquitous Applications?, respectively.

This volume contains a selection of refereed papers from participants of the workshop "Construction and Analysis of Safe, Secure and Interoperable Smart Devices" (CASSIS), held from the 10th to the 13th March 2004 in Marseille, France: http: //www-sop.inria.fr/everest/events/cassis04/ The workshop was organized by INRIA (Institut National de Recherche en InformatiqueetenAutomatique), Franceandthe UniversitydelaM editerran ee, Marseille, France. The workshop was attended by nearly 100 participants, who were invited for their contributions to relevant areas of computer science. Theaimoftheworkshopwastobringtogetherexpertsfromthesmartdevices industry and academic researchers, with a view to stimulate research on formal methods and security, and to encourage the smart device industry to adopt innovative solutions drawn from academic research. The next generation of smart devices holds the promise of providing the required infrastructure for the secure provision of multiple and personalized services. In order to deliver their promise, the smart device technology must however pursue the radical evolution that was initiated with the adoption of multi-application smartcards. Typical needs include: - The possibility for smart devices to feature extensible computational infr- tructures that may be enhanced to support increasingly complex appli- tions that may be installed post-issuance, and may require operating system functionalities that were not pre-installed. Such additional ?exibility must however not compromise security. - The possibility for smart devices to achieve a better integration with larger computersystems, throughimprovedconnectivity, genericity, aswellasint- operability."

Ad hoc and sensor networks are making their way from research to real-world deployments. Body and personal-area networks, intelligent homes, environmental monitoring or inter-vehicle communications: there is almost nothing left that is not going to be smart and networked. While a great amount of research has been devoted to the pure networking aspects, ad hoc and sensor networks will not be successfully deployed if security, dependability, and privacy issues are not addressed adequately.

As the first book devoted to the topic, this volume constitutes the thoroughly refereed post-proceedings of the First European Workshop on Security in Ad-hoc and Sensor Networks, ESAS, 2004, held in Heidelberg, Germany in August 2004. The 17 revised full papers were carefully reviewed and selected from 55 submissions. Among the key topics addressed are key distribution and management, authentication, energy-aware cryptographic primitives, anonymity and pseudonymity, secure diffusion, secure peer-to-peer overlays, and RFIDs.

The Seventh International Conference on Information and Communications - curity, ICICS2005, washeldinBeijing, China,10-13December2005. TheICICS conference series is an established forum for exchanging new research ideas and development results in the areas of information security and applied crypt- raphy. The ?rst event began here in Beijing in 1997. Since then the conference series has been interleaving its venues in China and the rest of the world: ICICS 1997 in Beijing, China; ICICS 1999 in Sydney, Australia; ICICS 2001 in Xi'an, China; ICICS 2002 in Singapore; ICICS 2003 in Hohhot City, China; and ICICS 2004 in Malaga, Spain. The conference proceedings of the past events have - ways been published by Springer in the Lecture Notes in Computer Science series, with volume numbers, respectively: LNCS 1334, LNCS 1726, LNCS 2229, LNCS 2513, LNCS 2836, and LNCS 3269. ICICS 2005 was sponsored by the Chinese Academy of Sciences (CAS); the Beijing Natural Science Foundation of China under Grant No. 4052016; the National Natural Science Foundation of China under Grants No. 60083007 and No. 60573042;the NationalGrandFundamentalResearch973ProgramofChina under Grant No. G1999035802, and Hewlett-Packard Laboratories, China. The conference was organized and hosted by the Engineering Research Center for Information Security Technology of the Chinese Academy of Sciences (ERCIST, CAS) in co-operation with the International Communications and Information Security Association (ICISA). The aim of the ICICS conference series has been to o?er the attendees the opportunity to discuss the latest developments in theoretical and practical - pects of information and communications security.

This book constitutes the refereed proceedings of the Third International Conference on Security in Pervasive Computing, SPC 2006, held in York, UK, in April 2006. The 16 revised papers presented together with the extended abstract of 1 invited talk were carefully reviewed and selected from 56 submissions. The papers are organized in topical sections on protocols, mechanisms, integrity, privacy and security, information flow and access control, and authentication.

This book constitutes the thoroughly refereed post-proceedings of the 12th International Workshop on Selected Areas in Cryptography, SAC 2005, held in Canada in August 2005. The 25 revised full papers presented were carefully reviewed and selected from 96 submissions for inclusion in the book. The papers are organized in topical sections.

This volume contains the proceedings of the 6th International Conference on Infor- tionandCommunicationsSecurity(ICICS2004),Torremolinos(Malaga), ' Spain,27-29 October 2004. The ?ve previous conferences were held in Beijing, Sydney, Xian, S- gapore and Huhehaote City, where we had an enthusiastic and well-attended event. The proceedings were released as volumes 1334, 1726, 2229, 2513 and 2836 of the LNCS series of Springer, respectively. During these last years the conference has placed equal emphasis on the theoretical and practical aspects of information and communications security and has established itself as a forum at which academic and industrial people meet and discuss emerging security challenges and solutions. We hope to uphold this tradition by offering you yet another successful meeting with a rich and interesting program. The responseto the Call for Paperswas overwhelming,245 papersubmissionswere received. Therefore, the paper selection process was very competitive and dif?cult - only 42 papers were accepted. The success of the conference depends on the quality of the program. Thus, we are indebted to our Program Committee members and the ext- nal refereesfor the great job they did. These proceedingscontainrevised versionsof the accepted papers.Revisions were not checked and the authorsbear full responsibilityfor the content of their papers.

This book constitutes the refereed proceedings of the Third Theory of Cryptography Conference, TCC 2006, held in New York, NY, USA in March 2006.

The 31 revised full papers presented were carefully reviewed and selected from 91 submissions. The papers are organized in topical sections on zero-knowledge, primitives, assumptions and models, the bounded-retrieval model, privacy, secret sharing and multi-party computation, universally-composible security, one-way functions and friends, and pseudo-random functions and encryption.

It is our pleasure to present in this volume the proceedings of the 7th Inter- tional Workshopon InformationHiding (IH 2005), held in Barcelona, Catalonia, Spain, during June 6-8, 2005. The workshop was organized by the Department of Computer Science and Multimedia, Universitat Oberta de Catalunya (UOC). Continuing the tradition of previous workshops, we sought a balanced p- gram, containing talks on various aspects of data hiding, anonymous commu- cation, steganalysis, and watermarking.Although the protection of digital int- lectual property has up to now motivated most of our research, there are many other upcoming ?elds of application. We were delighted to see that this year's workshop presented numerous new and unconventional approaches to infor- tion hiding. The selection of the program was a very challenging task. In total, we - ceived 90 submissions from 21 countries. At this point we want to thank all authors who submitted their latest work to IH 2005-and thus assured that the Information Hiding Workshop continues to be the top forum of our community.

The International Conference on Computational Intelligence and Security (CIS) is an annualinternationalconference that bringstogether researchers, engineers, developers and practitioners from both academia and industry to share expe- ence and exchange and cross-fertilize ideas on all areas of computational - telligence and information security. The conference serves as a forum for the dissemination of state-of-the-art research and the development, and implem- tationsof systems, technologiesandapplicationsinthese two broad, interrelated ?elds. This year CIS 2005 was co-organized by the IEEE (Hong Kong) Com- tational Intelligence Chapter and Xidian University, and co-sponsored by Hong Kong Baptist University, National Natural Science Foundation of China, Key Laboratory of Computer Networks and Information Security of the Ministry of EducationofChina, andGuangdongUniversityofTechnology. CIS2005received in total 1802 submissions from 41 countries and regions all over the world. All of them were strictly peer reviewed by the Program Committee and experts in the ?eld. Finally, 337 high-quality papers were accepted yielding an acc- tance rate of 18. 7%. Among them, 84 papers are the extended papers and 253 are the regular papers. The conference was greatly enriched by a wide range of topics covering all areas of computational intelligence and information security. Furthermore, tutorials and workshops were held for discussions of the proposed ideas. Such practice is extremely important for the e?ective development of the two ?elds and computer science in general. Wewouldliketothanktheorganizers: theIEEE(HongKong)Computational Intelligence Chapter and Xidian University for their great contributions and - forts in this big e

In this new reference, Greene addresses the long-neglected security needs of users in the home, company workstation and SOHO (Small Office/Home Office) categories, emphasizing client-side security, user privacy, Internet privacy and data hygiene.

On behalf of the Program Committee, it is our pleasure to present to you the proceedings of the 7th Symposium on Recent Advances in Intrusion Detection (RAID 2004), which took place in Sophia-Antipolis, French Riviera, France, September 15-17, 2004. The symposium brought together leading researchers and practitioners from academia, government and industry to discuss intrusion detection from research as well as commercial perspectives. We also encouraged discussions that - dressed issues that arise when studying intrusion detection, including infor- tion gathering and monitoring, from a wider perspective. Thus, we had sessions on detection of worms and viruses, attack analysis, and practical experience reports. The RAID 2004 Program Committee received 118 paper submissions from all over the world. All submissions were carefully reviewed by several members of the Program Committee and selection was made on the basis of scienti?c novelty, importance to the ?eld, and technical quality. Final selection took place at a meeting held May 24 in Paris, France. Fourteen papers and two practical experience reports were selected for presentation and publication in the conf- ence proceedings. In addition, a number of papers describing work in progress were selected for presentation at the symposium. The keynote addresswas given by Bruce Schneier of Counterpane Systems. H? akan Kvarnstrom ] of TeliaSonera gave an invited talk on the topic "Fighting Fraud in Telecom Environments. " A successful symposium is the result of the joint e?ort of many people."

ForewordfromtheProgramChairs These proceedings contain the papers selected for presentation at the 9th - ropean Symposium on Research in Computer Security (ESORICS), held during September 13 15, 2004 in Sophia Antipolis, France. In response to the call for papers 159 papers were submitted to the conference. These papers were evaluated on the basis of their signi?cance, novelty, and te- nicalquality. Eachpaper wasreviewedby at leastthree members of the program committee. The program committee meeting was held electronically; there was an intensive discussion over a period of two weeks. Of the papers submitted, 27 were selected for presentation at the conference, giving an acceptance rate lower than 17%. The conference program also included an invited talk. A workshop like this does not just happen; it depends on the volunteer e?orts of ahostofindividuals. Thereisalonglistofpeoplewhovolunteeredtheirtimeand energy to put together the workshopand who deserve special thanks. Thanks to all the members of the program committee, and the external reviewers, for all their hardwork in the paper evaluation. Due to the large number of submissions the program committee members were really required to work hard in a short time frame, and we are very thankful to them for the commitment they showed with their active participation in the electronic discussion."

Indocrypt began in the year 2000 under the leadership of Bimal Roy and - docrypt 2005 was the sixth conference in this series. This series has been well accepted by the international research community as a forum for presenting high-quality cryptography research. This year a total of 148 papers were s- mitted for consideration to the Program Committee and after a careful review process, 31 were accepted for presentation. We would like to thank the authors of all submitted papers, including those that were accepted and those which, unfortunately, could not be accommodated. ThereviewingprocessforIndocryptwasverystringentandtheschedulewas- tremelytight.TheProgramCommitteemembersdidanexcellentjobinreviewing andselectingthepapersforpresentation.Duringthereviewprocess, theProgram Committee members were communicating using a review software developed by BartPreneel, WimMoreauandJorisClaessens.Weacknowledgethemforprov- ingthesoftware.ThesoftwarewashostedatI2R, Singaporeandwearegratefulto Feng BaoandJianyingZhouforallowingthat.Thisyear'sconferencewasdeeply indebtedto QiuYingofI2R, Singapore, who tookthe responsibilityofmainta- ing the review softwareand the server.Without his great cooperationIndocrypt 2005could nothavebeen possible.Inthis regardI wouldliketo acknowledgethe supportofTanmoyKantiDas, DibyenduChakrabarti, MridulNandi, Deepak- mar Dalai, Sumanta Sarkar and Sourav Mukhopadhyay for handling important administrativeissuesinthesubmissionandreviewprocessesaswellasforputting togethertheseproceedingsintheir?nalform.WearealsogratefultoPalashSarkar forhiscooperationandguidanceinIndocrypt2005. The proceedings include the revised versions of the 31 selected papers. Re- sions were not checked by the ProgramCommittee and the authors bear the full responsibility for the contents of the respective papers. Our thanks go to all the Program members and the external reviewers (a list of them is included in the proceedings) who put in their valuable time and e?ort in providing important feedbackto the authors.We thank V. KumarMurty ofthe UniversityofToronto for kindly agreeing to present the invited talk. The talk has been included in the proceedin

2.1 Di?erential Power Analysis Di?erential Power Analysis (DPA) was introduced by Kocher, Ja?e and Jun in 1998 [13] and published in 1999 [14]. The basic idea is to make use of potential correlations between the data handled by the micro-controller and the electric consumption measured values. Since these correlations are often very low, s- tistical methods must be applied to deduce su?cient information from them. Theprinciple ofDPAattacksconsistsincomparingconsumptionvalues m- suredonthe real physical device (for instance a GSM chip or a smart card)with values computed in an hypothetical model of this device (the hypotheses being made among others on the nature of the implementation, and chie?y on a part of the secret key). By comparing these two sets of values, the attacker tries to recover all or part of the secret key. The initial target of DPA attacks was limited to symmetric algorithms. V- nerability of DES - ?rst shown by Kocher, Ja?e and Jun [13, 14]-wasfurther studied by Goubin and Patarin [11, 12], Messerges, Dabbish, Sloan [16]and Akkar, B' evan, Dischamp, Moyart [2]. Applications of these attacks were also largely taken into account during the AES selection process, notably by Biham, Shamir [4], Chari, Jutla, Rao, Rohatgi [5] and Daemen, Rijmen [8].

This book constitutes the refereed proceedings of the First European Public Key Infrastructure Workshop: Research and Applications, EuroPKI 2004, held on Samos Island, Greece in June 2004.

The 25 revised full papers and 5 revised short papers presented were carefully reviewed and selected from 73 submissions. The papers address all current issues in PKI, ranging from theoretical and foundational topics to applications and regulatory issues in various contexts.

Thesearetheproceedingsofthe7thWorkshoponCryptographic Hardwareand EmbeddedSystems(CHES2005)heldinEdinburgh, ScotlandfromAugust29to September1,2005.TheCHESworkshophasbeensponsoredbytheInternational Association for Cryptologic Research (IACR) for the last two years. We received a total of 108 paper submissions for CHES 2005. The doub- blindreviewprocessinvolveda27-memberprogramcommittee anda largen- ber of external sub-referees. The review process concluded with a two week d- cussion process which resulted in 32 papers being selected for presentation. We are grateful to the program committee members and the external sub-referees for carrying out such an enormous task. Unfortunately, there were many strong papers that could not be included in the program due to a lack of space. We would like to thank all our colleagues who submitted papers to CHES 2005. In addition to regular presentations, there were three excellent invited talks given by Ross Anderson (University of Cambridge) on "What Identity Systems Can and Cannot Do," by Thomas Wille (Philips Semiconductors Inc) on "- curity of Identi?cation Products: How to Manage," and by Jim Ward (Trusted Computing Groupand IBM)on"TrustedComputing inEmbedded Systems."It also included a rump session, chaired by Christof Paar, featuring informal talks on recent results.

Security is one of the most significant issues facing the owners and users of computer systems in the Internet age, and recent years have convincingly illustrated that the problem is increasing in both scale and cost.

Computer Insecurity: Risking the System approaches its topic from the perspective of vulnerability a" how can your system be attacked? Covering technical issues and human factors, the comprehensively researched text makes reference to numerous real-life security incidents, which help to provide persuasive practical evidence of the problems and the impacts that result.

Key issues covered include:

• the problem of computer insecurity
• the need to raise security awareness
• common failings that compromise protection
• the attack and exploitation of systems
• considerations in responding to the threats

Presented in clear and lucid terms, the discussion is invaluable reading for all business and computing professionals who wish for an overview of the issues rather than a shopping list of the security measures available.

a ~In todaya (TM)s connected world no-one can afford to ignore computer security, this book tells you why, and what you should do about it, in simple non-technical language.a (TM)

Dr Jeremy Ward, Director of Service Development, Symantec (UK) Ltd

a ~Computer Insecurity contains loads of practical advice supported by an abundance of real world examples and research. If you dona (TM)t understand what all the fuss concerning computer security is about then this book was written for you.a (TM)Jeff Crume, CISSP

Executive IT Security Architect, IBM and author of a ~Inside InternetSecurity a" What hackers dona (TM)t want you to knowa (TM)

a ~I have long been looking for a book that would give answers to why rather than how we cater for Information and Communication Systems Security ... I recommend it wholeheartedly to anyone that wishes to extend their knowledgea (TM)

Professor Sokratis K. Katsikas, University of the Aegean, Greece