This book constitutes the refereed proceedings of the International Workshop on Intelligence and Security Informatics, WISI 2006, held in Singapore in conjunction with the 10th Pacific-Asia Conference on Knowledge Discovery and Data Mining. The 32 papers presented together with the abstract of the keynote talk were carefully reviewed. The papers are organized in sections on Web and text mining for terrorism informatics, cybercrime analysis, network security, and crime data mining.

The 5th International Workshop on Information Security Applications (WISA 2004) was held in Jeju Island, Korea during August 23-25, 2004. The workshop was sponsored by the Korea Institute of Information Security and Cryptology (KIISC), the Electronics and Telecommunications Research Institute (ETRI) and the Ministry of Information and Communication (MIC). The aim of the workshop is to serve as a forum for new conceptual and - perimental research results in the area of information security applications from the academic community as well as from the industry. The workshop program covers a wide range of security aspects including cryptography, cryptanalysis, network/system security and implementation aspects. The programcommittee received169 papersfrom 22 countries, andaccepted 37 papers for a full presentation track and 30 papers for a short presentation track. Each paper was carefully evaluated through peer-review by at least three members of the programcommittee. This volume contains revised versions of 36 papers accepted and presented in the full presentation track. Short papers were only published in the WISA 2004 pre-proceedings as preliminary versions and are allowed to be published elsewhere as extended versions. In addition to the contributed papers, Professors Gene Tsudik and Ross Andersongaveinvitedtalks, entitledSecurityinOutsourcedDatabasesandWhat does 'Security' mean for Ubiquitous Applications?, respectively.

This volume contains a selection of refereed papers from participants of the workshop "Construction and Analysis of Safe, Secure and Interoperable Smart Devices" (CASSIS), held from the 10th to the 13th March 2004 in Marseille, France: http: //www-sop.inria.fr/everest/events/cassis04/ The workshop was organized by INRIA (Institut National de Recherche en InformatiqueetenAutomatique), Franceandthe UniversitydelaM editerran ee, Marseille, France. The workshop was attended by nearly 100 participants, who were invited for their contributions to relevant areas of computer science. Theaimoftheworkshopwastobringtogetherexpertsfromthesmartdevices industry and academic researchers, with a view to stimulate research on formal methods and security, and to encourage the smart device industry to adopt innovative solutions drawn from academic research. The next generation of smart devices holds the promise of providing the required infrastructure for the secure provision of multiple and personalized services. In order to deliver their promise, the smart device technology must however pursue the radical evolution that was initiated with the adoption of multi-application smartcards. Typical needs include: - The possibility for smart devices to feature extensible computational infr- tructures that may be enhanced to support increasingly complex appli- tions that may be installed post-issuance, and may require operating system functionalities that were not pre-installed. Such additional ?exibility must however not compromise security. - The possibility for smart devices to achieve a better integration with larger computersystems, throughimprovedconnectivity, genericity, aswellasint- operability."

Ad hoc and sensor networks are making their way from research to real-world deployments. Body and personal-area networks, intelligent homes, environmental monitoring or inter-vehicle communications: there is almost nothing left that is not going to be smart and networked. While a great amount of research has been devoted to the pure networking aspects, ad hoc and sensor networks will not be successfully deployed if security, dependability, and privacy issues are not addressed adequately.

As the first book devoted to the topic, this volume constitutes the thoroughly refereed post-proceedings of the First European Workshop on Security in Ad-hoc and Sensor Networks, ESAS, 2004, held in Heidelberg, Germany in August 2004. The 17 revised full papers were carefully reviewed and selected from 55 submissions. Among the key topics addressed are key distribution and management, authentication, energy-aware cryptographic primitives, anonymity and pseudonymity, secure diffusion, secure peer-to-peer overlays, and RFIDs.

The Seventh International Conference on Information and Communications - curity, ICICS2005, washeldinBeijing, China,10-13December2005. TheICICS conference series is an established forum for exchanging new research ideas and development results in the areas of information security and applied crypt- raphy. The ?rst event began here in Beijing in 1997. Since then the conference series has been interleaving its venues in China and the rest of the world: ICICS 1997 in Beijing, China; ICICS 1999 in Sydney, Australia; ICICS 2001 in Xi'an, China; ICICS 2002 in Singapore; ICICS 2003 in Hohhot City, China; and ICICS 2004 in Malaga, Spain. The conference proceedings of the past events have - ways been published by Springer in the Lecture Notes in Computer Science series, with volume numbers, respectively: LNCS 1334, LNCS 1726, LNCS 2229, LNCS 2513, LNCS 2836, and LNCS 3269. ICICS 2005 was sponsored by the Chinese Academy of Sciences (CAS); the Beijing Natural Science Foundation of China under Grant No. 4052016; the National Natural Science Foundation of China under Grants No. 60083007 and No. 60573042;the NationalGrandFundamentalResearch973ProgramofChina under Grant No. G1999035802, and Hewlett-Packard Laboratories, China. The conference was organized and hosted by the Engineering Research Center for Information Security Technology of the Chinese Academy of Sciences (ERCIST, CAS) in co-operation with the International Communications and Information Security Association (ICISA). The aim of the ICICS conference series has been to o?er the attendees the opportunity to discuss the latest developments in theoretical and practical - pects of information and communications security.

This book constitutes the refereed proceedings of the Third International Conference on Security in Pervasive Computing, SPC 2006, held in York, UK, in April 2006. The 16 revised papers presented together with the extended abstract of 1 invited talk were carefully reviewed and selected from 56 submissions. The papers are organized in topical sections on protocols, mechanisms, integrity, privacy and security, information flow and access control, and authentication.

This book constitutes the thoroughly refereed post-proceedings of the 12th International Workshop on Selected Areas in Cryptography, SAC 2005, held in Canada in August 2005. The 25 revised full papers presented were carefully reviewed and selected from 96 submissions for inclusion in the book. The papers are organized in topical sections.

This volume contains the proceedings of the 6th International Conference on Infor- tionandCommunicationsSecurity(ICICS2004),Torremolinos(Malaga), ' Spain,27-29 October 2004. The ?ve previous conferences were held in Beijing, Sydney, Xian, S- gapore and Huhehaote City, where we had an enthusiastic and well-attended event. The proceedings were released as volumes 1334, 1726, 2229, 2513 and 2836 of the LNCS series of Springer, respectively. During these last years the conference has placed equal emphasis on the theoretical and practical aspects of information and communications security and has established itself as a forum at which academic and industrial people meet and discuss emerging security challenges and solutions. We hope to uphold this tradition by offering you yet another successful meeting with a rich and interesting program. The responseto the Call for Paperswas overwhelming,245 papersubmissionswere received. Therefore, the paper selection process was very competitive and dif?cult - only 42 papers were accepted. The success of the conference depends on the quality of the program. Thus, we are indebted to our Program Committee members and the ext- nal refereesfor the great job they did. These proceedingscontainrevised versionsof the accepted papers.Revisions were not checked and the authorsbear full responsibilityfor the content of their papers.

This book constitutes the refereed proceedings of the Third Theory of Cryptography Conference, TCC 2006, held in New York, NY, USA in March 2006.

The 31 revised full papers presented were carefully reviewed and selected from 91 submissions. The papers are organized in topical sections on zero-knowledge, primitives, assumptions and models, the bounded-retrieval model, privacy, secret sharing and multi-party computation, universally-composible security, one-way functions and friends, and pseudo-random functions and encryption.

It is our pleasure to present in this volume the proceedings of the 7th Inter- tional Workshopon InformationHiding (IH 2005), held in Barcelona, Catalonia, Spain, during June 6-8, 2005. The workshop was organized by the Department of Computer Science and Multimedia, Universitat Oberta de Catalunya (UOC). Continuing the tradition of previous workshops, we sought a balanced p- gram, containing talks on various aspects of data hiding, anonymous commu- cation, steganalysis, and watermarking.Although the protection of digital int- lectual property has up to now motivated most of our research, there are many other upcoming ?elds of application. We were delighted to see that this year's workshop presented numerous new and unconventional approaches to infor- tion hiding. The selection of the program was a very challenging task. In total, we - ceived 90 submissions from 21 countries. At this point we want to thank all authors who submitted their latest work to IH 2005-and thus assured that the Information Hiding Workshop continues to be the top forum of our community.

The International Conference on Computational Intelligence and Security (CIS) is an annualinternationalconference that bringstogether researchers, engineers, developers and practitioners from both academia and industry to share expe- ence and exchange and cross-fertilize ideas on all areas of computational - telligence and information security. The conference serves as a forum for the dissemination of state-of-the-art research and the development, and implem- tationsof systems, technologiesandapplicationsinthese two broad, interrelated ?elds. This year CIS 2005 was co-organized by the IEEE (Hong Kong) Com- tational Intelligence Chapter and Xidian University, and co-sponsored by Hong Kong Baptist University, National Natural Science Foundation of China, Key Laboratory of Computer Networks and Information Security of the Ministry of EducationofChina, andGuangdongUniversityofTechnology. CIS2005received in total 1802 submissions from 41 countries and regions all over the world. All of them were strictly peer reviewed by the Program Committee and experts in the ?eld. Finally, 337 high-quality papers were accepted yielding an acc- tance rate of 18. 7%. Among them, 84 papers are the extended papers and 253 are the regular papers. The conference was greatly enriched by a wide range of topics covering all areas of computational intelligence and information security. Furthermore, tutorials and workshops were held for discussions of the proposed ideas. Such practice is extremely important for the e?ective development of the two ?elds and computer science in general. Wewouldliketothanktheorganizers: theIEEE(HongKong)Computational Intelligence Chapter and Xidian University for their great contributions and - forts in this big e

In this new reference, Greene addresses the long-neglected security needs of users in the home, company workstation and SOHO (Small Office/Home Office) categories, emphasizing client-side security, user privacy, Internet privacy and data hygiene.

On behalf of the Program Committee, it is our pleasure to present to you the proceedings of the 7th Symposium on Recent Advances in Intrusion Detection (RAID 2004), which took place in Sophia-Antipolis, French Riviera, France, September 15-17, 2004. The symposium brought together leading researchers and practitioners from academia, government and industry to discuss intrusion detection from research as well as commercial perspectives. We also encouraged discussions that - dressed issues that arise when studying intrusion detection, including infor- tion gathering and monitoring, from a wider perspective. Thus, we had sessions on detection of worms and viruses, attack analysis, and practical experience reports. The RAID 2004 Program Committee received 118 paper submissions from all over the world. All submissions were carefully reviewed by several members of the Program Committee and selection was made on the basis of scienti?c novelty, importance to the ?eld, and technical quality. Final selection took place at a meeting held May 24 in Paris, France. Fourteen papers and two practical experience reports were selected for presentation and publication in the conf- ence proceedings. In addition, a number of papers describing work in progress were selected for presentation at the symposium. The keynote addresswas given by Bruce Schneier of Counterpane Systems. H? akan Kvarnstrom ] of TeliaSonera gave an invited talk on the topic "Fighting Fraud in Telecom Environments. " A successful symposium is the result of the joint e?ort of many people."

ForewordfromtheProgramChairs These proceedings contain the papers selected for presentation at the 9th - ropean Symposium on Research in Computer Security (ESORICS), held during September 13 15, 2004 in Sophia Antipolis, France. In response to the call for papers 159 papers were submitted to the conference. These papers were evaluated on the basis of their signi?cance, novelty, and te- nicalquality. Eachpaper wasreviewedby at leastthree members of the program committee. The program committee meeting was held electronically; there was an intensive discussion over a period of two weeks. Of the papers submitted, 27 were selected for presentation at the conference, giving an acceptance rate lower than 17%. The conference program also included an invited talk. A workshop like this does not just happen; it depends on the volunteer e?orts of ahostofindividuals. Thereisalonglistofpeoplewhovolunteeredtheirtimeand energy to put together the workshopand who deserve special thanks. Thanks to all the members of the program committee, and the external reviewers, for all their hardwork in the paper evaluation. Due to the large number of submissions the program committee members were really required to work hard in a short time frame, and we are very thankful to them for the commitment they showed with their active participation in the electronic discussion."

Indocrypt began in the year 2000 under the leadership of Bimal Roy and - docrypt 2005 was the sixth conference in this series. This series has been well accepted by the international research community as a forum for presenting high-quality cryptography research. This year a total of 148 papers were s- mitted for consideration to the Program Committee and after a careful review process, 31 were accepted for presentation. We would like to thank the authors of all submitted papers, including those that were accepted and those which, unfortunately, could not be accommodated. ThereviewingprocessforIndocryptwasverystringentandtheschedulewas- tremelytight.TheProgramCommitteemembersdidanexcellentjobinreviewing andselectingthepapersforpresentation.Duringthereviewprocess, theProgram Committee members were communicating using a review software developed by BartPreneel, WimMoreauandJorisClaessens.Weacknowledgethemforprov- ingthesoftware.ThesoftwarewashostedatI2R, Singaporeandwearegratefulto Feng BaoandJianyingZhouforallowingthat.Thisyear'sconferencewasdeeply indebtedto QiuYingofI2R, Singapore, who tookthe responsibilityofmainta- ing the review softwareand the server.Without his great cooperationIndocrypt 2005could nothavebeen possible.Inthis regardI wouldliketo acknowledgethe supportofTanmoyKantiDas, DibyenduChakrabarti, MridulNandi, Deepak- mar Dalai, Sumanta Sarkar and Sourav Mukhopadhyay for handling important administrativeissuesinthesubmissionandreviewprocessesaswellasforputting togethertheseproceedingsintheir?nalform.WearealsogratefultoPalashSarkar forhiscooperationandguidanceinIndocrypt2005. The proceedings include the revised versions of the 31 selected papers. Re- sions were not checked by the ProgramCommittee and the authors bear the full responsibility for the contents of the respective papers. Our thanks go to all the Program members and the external reviewers (a list of them is included in the proceedings) who put in their valuable time and e?ort in providing important feedbackto the authors.We thank V. KumarMurty ofthe UniversityofToronto for kindly agreeing to present the invited talk. The talk has been included in the proceedin

2.1 Di?erential Power Analysis Di?erential Power Analysis (DPA) was introduced by Kocher, Ja?e and Jun in 1998 [13] and published in 1999 [14]. The basic idea is to make use of potential correlations between the data handled by the micro-controller and the electric consumption measured values. Since these correlations are often very low, s- tistical methods must be applied to deduce su?cient information from them. Theprinciple ofDPAattacksconsistsincomparingconsumptionvalues m- suredonthe real physical device (for instance a GSM chip or a smart card)with values computed in an hypothetical model of this device (the hypotheses being made among others on the nature of the implementation, and chie?y on a part of the secret key). By comparing these two sets of values, the attacker tries to recover all or part of the secret key. The initial target of DPA attacks was limited to symmetric algorithms. V- nerability of DES - ?rst shown by Kocher, Ja?e and Jun [13, 14]-wasfurther studied by Goubin and Patarin [11, 12], Messerges, Dabbish, Sloan [16]and Akkar, B' evan, Dischamp, Moyart [2]. Applications of these attacks were also largely taken into account during the AES selection process, notably by Biham, Shamir [4], Chari, Jutla, Rao, Rohatgi [5] and Daemen, Rijmen [8].

This book constitutes the refereed proceedings of the First European Public Key Infrastructure Workshop: Research and Applications, EuroPKI 2004, held on Samos Island, Greece in June 2004.

The 25 revised full papers and 5 revised short papers presented were carefully reviewed and selected from 73 submissions. The papers address all current issues in PKI, ranging from theoretical and foundational topics to applications and regulatory issues in various contexts.

Thesearetheproceedingsofthe7thWorkshoponCryptographic Hardwareand EmbeddedSystems(CHES2005)heldinEdinburgh, ScotlandfromAugust29to September1,2005.TheCHESworkshophasbeensponsoredbytheInternational Association for Cryptologic Research (IACR) for the last two years. We received a total of 108 paper submissions for CHES 2005. The doub- blindreviewprocessinvolveda27-memberprogramcommittee anda largen- ber of external sub-referees. The review process concluded with a two week d- cussion process which resulted in 32 papers being selected for presentation. We are grateful to the program committee members and the external sub-referees for carrying out such an enormous task. Unfortunately, there were many strong papers that could not be included in the program due to a lack of space. We would like to thank all our colleagues who submitted papers to CHES 2005. In addition to regular presentations, there were three excellent invited talks given by Ross Anderson (University of Cambridge) on "What Identity Systems Can and Cannot Do," by Thomas Wille (Philips Semiconductors Inc) on "- curity of Identi?cation Products: How to Manage," and by Jim Ward (Trusted Computing Groupand IBM)on"TrustedComputing inEmbedded Systems."It also included a rump session, chaired by Christof Paar, featuring informal talks on recent results.

Security is one of the most significant issues facing the owners and users of computer systems in the Internet age, and recent years have convincingly illustrated that the problem is increasing in both scale and cost.

Computer Insecurity: Risking the System approaches its topic from the perspective of vulnerability a" how can your system be attacked? Covering technical issues and human factors, the comprehensively researched text makes reference to numerous real-life security incidents, which help to provide persuasive practical evidence of the problems and the impacts that result.

Key issues covered include:

• the problem of computer insecurity
• the need to raise security awareness
• common failings that compromise protection
• the attack and exploitation of systems
• considerations in responding to the threats

Presented in clear and lucid terms, the discussion is invaluable reading for all business and computing professionals who wish for an overview of the issues rather than a shopping list of the security measures available.

a ~In todaya (TM)s connected world no-one can afford to ignore computer security, this book tells you why, and what you should do about it, in simple non-technical language.a (TM)

Dr Jeremy Ward, Director of Service Development, Symantec (UK) Ltd

a ~Computer Insecurity contains loads of practical advice supported by an abundance of real world examples and research. If you dona (TM)t understand what all the fuss concerning computer security is about then this book was written for you.a (TM)Jeff Crume, CISSP

Executive IT Security Architect, IBM and author of a ~Inside InternetSecurity a" What hackers dona (TM)t want you to knowa (TM)

a ~I have long been looking for a book that would give answers to why rather than how we cater for Information and Communication Systems Security ... I recommend it wholeheartedly to anyone that wishes to extend their knowledgea (TM)

Professor Sokratis K. Katsikas, University of the Aegean, Greece

Foreword from the Program Chairs These proceedings contain the papers selected for presentation at the 10th - ropean Symposium on Research in Computer Security (ESORICS), held S- tember 12 14, 2005 in Milan, Italy. In response to the call for papers 159 papers were submitted to the conf- ence. These paperswere evaluated on the basis of their signi?cance, novelty, and technical quality. Each paper was reviewed by at least three members of the program committee. The program committee meeting was held electronically, holding intensive discussion over a period of two weeks. Of the papers subm- ted, 27 were selected for presentation at the conference, giving an acceptance rate of about 16%. The conference program also includes an invited talk by Barbara Simons. There is a long list of people who volunteered their time and energy to put together the symposiom and who deserve acknowledgment. Thanks to all the members of the program committee, and the external reviewers, for all their hard work in evaluating and discussing papers. We are also very grateful to all those people whose work ensured a smooth organizational process: Pierangela Samarati, who served as General Chair, Claudio Ardagna, who served as P- licity Chair, Dieter Gollmann who served as Publication Chair and collated this volume, and Emilia Rosti and Olga Scotti for helping with local arrangements. Last, but certainly not least, our thanks go to all the authors who submitted papers and all the attendees. We hope you ?nd the program stimulating."

It is our great pleasure to present the proceedings of the 9th IFIP TC-6 TC-11 Conference on Communications and Multimedia Security (CMS 2005), which washeld in Salzburg on September 19-21,2005.Continuing the tradition of p- vious CMS conferences, we sought a balanced program containing presentations on various aspects of secure communication and multimedia systems. Special emphasis was laid on papers with direct practical relevance for the construction of secure communication systems. The selection of the program was a challenging task. In total, we received 143 submissions, from which 28 were selected for presentation as full papers. In addition to these regular presentations, the CMS conference featured for the ?rst time a "work in progress track" that enabled authors to report preliminary results and ongoing work. These papers were presented in the form of a poster sessionduringtheconference;anextendedabstractofthepostersappearsinthis proceedings volume. From all papers submitted to the CMS conference, the p- gramcommitteechose13 submissionsfor inclusionin theworkinprogresstrack. In addition to regular presentations, CMS 2005 featured a special session on XMLsecurity, containingbothcontributedandinvitedtalks.Thisspecialsession was jointly organized by Rudig ] er Grimm (TU Ilmenau, Germany) and J] org Schwenk (Ruhr-Universit] at Bochum, Germany). Their assistance in organizing CMS 2005 was greatly appreciated."

Privacy in statistical databases is about ?nding tradeo?s to the tension between the increasing societal and economical demand for accurate information and the legal and ethical obligation to protect the privacy of individuals and enterprises, which are the source of the statistical data. Statistical agencies cannot expect to collect accurate information from individual or corporate respondents unless these feel the privacy of their responses is guaranteed; also, recent surveys of Web users show that a majority of these are unwilling to provide data to a Web site unless they know that privacy protection measures are in place. "Privacy in Statistical Databases2004" (PSD2004) was the ?nal conference of the CASC project ("Computational Aspects of Statistical Con?dentiality", IST-2000-25069). PSD2004 is in the style of the following conferences: "Stat- tical Data Protection", held in Lisbon in 1998 and with proceedings published by the O?ce of O?cial Publications of the EC, and also the AMRADS project SDC Workshop, held in Luxemburg in 2001 and with proceedings published by Springer-Verlag, as LNCS Vol. 2316. The Program Committee accepted 29 papers out of 44 submissions from 15 di?erentcountriesonfourcontinents.Eachsubmittedpaperreceivedatleasttwo reviews. These proceedings contain the revised versions of the accepted papers. These papers cover the foundations and methods of tabular data protection, masking methods for the protection of individual data (microdata), synthetic data generation, disclosure risk analysis, and software/case studies.

We are delighted to welcome the attendees of the Fourth International Wo- shop on Digital Watermarking (IWDW). Watermarking continues to generate strong academic interest. Commercialization of the technology is proceeding at a steadypace. We haveseen watermarkingadoptedfor DVD audio.Fingerpri- ing technology was successfully used to determine the source of pirated video material. Furthermore, a number of companies are using watermarking as an enabling technology for broadcast monitoring services. Watermarking of digital cinema contentis anticipated. Future applications may also come from areas- related to digital rights management. For example, the use of watermarking to enhance legacy broadcast and communication systems is now being considered. IWDW 2005 o?ers an opportunity to re?ect upon the state of the art in digital watermarking as well as discuss directions for future research and applications. This year we accepted 31 papers from 74 submissions. This 42% acceptance rate indicates our commitment to ensuring a very high quality conference. We thankthemembersoftheTechnicalProgramCommitteeformakingthispossible by their timely and insightful reviews. Thanks to their hard work this is the ?rst IWDW at which the ?nal proceedings are available to the participants at the time of the workshop as a Springer LNCS publication.

The 4th International Conference on Security in Communication Networks 2004 (SCN2004)washeldatthe DioceseHall oftheArchdioceseofAmal?-Cavade Tirreni and the Armorial Bearings Hall of the Archbishop Palace in Amal?, Italy, on September 8 10, 2004. Previous conferences also took place in Amal? in 1996, 1999 and 2002. The conference aimed at bringing together researchers in the ?elds of cr- tography and security in communication networks to foster cooperation and the exchange of ideas. The main topics included all technical aspects of data security, including: anonymity, authentication, blockciphers, complexity-basedcryptography, cry- analysis, digital signatures, distributed cryptography, hash functions, identi?- tion, implementations, keydistribution, privacy, publickeyencryption, threshold cryptography, and zero knowledge. The Program Committee, consisting of 21 members, considered 79 papers and selected 26 for presentation; one of them was withdrawn by the authors. These papers were selected on the basis of originality, quality and relevance to cryptography and security in communication networks. Due to the high number of submissions, paper selection was a di?cult and challenging task, and many good submissions had to be rejected. Each subm- sion was refereed by at least three reviewers and some had four reports or more. We are very grateful to all the program committee members, who devoted much e?ort and valuable time to read and select the papers. In addition, we gratefully acknowledge the help of colleagues who reviewed submissions in their areas of expertise. They are all listed on page VII and we apologize for any inadvertent omissions. These proceedings include the revised versions of the 26 accepted papers andtheabstractoftheinvitedtalkbyBartPreneel(ECRYPT: theCryptographic Research Challenges for the Next Decade)."

SAC 2004 was the eleventh in a series of annual workshops on Selected Areas in Cryptography. This was the second time that the workshop was hosted by the University of Waterloo, Ontario, with previous workshops being held at Queen'sUniversityinKingston(1994,1996,1998and1999), CarletonUniversity in Ottawa (1995, 1997 and 2003), the Fields Institute in Toronto (2001) and Memorial University of Newfoundland in St. John's (2002). The primary intent of the workshop was to provide a relaxed atmosphere in which researchers in cryptography could present and discuss new work on selected areas of current interest. This year's themes for SAC were: - Design and analysis of symmetric key cryptosystems. - Primitives for symmetric key cryptography, including block and stream - phers, hash functions, and MAC algorithms. - E?cient implementation of cryptographic systems in public and symmetric key cryptography. - Cryptographic solutions for mobile (web) services. A record of 117 papers were submitted for consideration by the program committee. After an extensive review process, 25 papers were accepted for p- sentation at the workshop (two of these papers were merged). Unfortunately, many good papers could not be accommodated this year. These proceedings contain the revised versions of the 24 accepted papers. The revised versions were not subsequently checked for correctness. Also, we were very fortunate to have two invited speakers at SAC 2004. Eli Biham arranged for some breaking news in his talk on "New Results on SHA-0 and SHA-1." This talk was designated as the Sta?ord Tavares L- ture."