ForewordfromtheProgramChairs These proceedings contain the papers selected for presentation at the 9th - ropean Symposium on Research in Computer Security (ESORICS), held during September 13 15, 2004 in Sophia Antipolis, France. In response to the call for papers 159 papers were submitted to the conference. These papers were evaluated on the basis of their signi?cance, novelty, and te- nicalquality. Eachpaper wasreviewedby at leastthree members of the program committee. The program committee meeting was held electronically; there was an intensive discussion over a period of two weeks. Of the papers submitted, 27 were selected for presentation at the conference, giving an acceptance rate lower than 17%. The conference program also included an invited talk. A workshop like this does not just happen; it depends on the volunteer e?orts of ahostofindividuals. Thereisalonglistofpeoplewhovolunteeredtheirtimeand energy to put together the workshopand who deserve special thanks. Thanks to all the members of the program committee, and the external reviewers, for all their hardwork in the paper evaluation. Due to the large number of submissions the program committee members were really required to work hard in a short time frame, and we are very thankful to them for the commitment they showed with their active participation in the electronic discussion."

Indocrypt began in the year 2000 under the leadership of Bimal Roy and - docrypt 2005 was the sixth conference in this series. This series has been well accepted by the international research community as a forum for presenting high-quality cryptography research. This year a total of 148 papers were s- mitted for consideration to the Program Committee and after a careful review process, 31 were accepted for presentation. We would like to thank the authors of all submitted papers, including those that were accepted and those which, unfortunately, could not be accommodated. ThereviewingprocessforIndocryptwasverystringentandtheschedulewas- tremelytight.TheProgramCommitteemembersdidanexcellentjobinreviewing andselectingthepapersforpresentation.Duringthereviewprocess, theProgram Committee members were communicating using a review software developed by BartPreneel, WimMoreauandJorisClaessens.Weacknowledgethemforprov- ingthesoftware.ThesoftwarewashostedatI2R, Singaporeandwearegratefulto Feng BaoandJianyingZhouforallowingthat.Thisyear'sconferencewasdeeply indebtedto QiuYingofI2R, Singapore, who tookthe responsibilityofmainta- ing the review softwareand the server.Without his great cooperationIndocrypt 2005could nothavebeen possible.Inthis regardI wouldliketo acknowledgethe supportofTanmoyKantiDas, DibyenduChakrabarti, MridulNandi, Deepak- mar Dalai, Sumanta Sarkar and Sourav Mukhopadhyay for handling important administrativeissuesinthesubmissionandreviewprocessesaswellasforputting togethertheseproceedingsintheir?nalform.WearealsogratefultoPalashSarkar forhiscooperationandguidanceinIndocrypt2005. The proceedings include the revised versions of the 31 selected papers. Re- sions were not checked by the ProgramCommittee and the authors bear the full responsibility for the contents of the respective papers. Our thanks go to all the Program members and the external reviewers (a list of them is included in the proceedings) who put in their valuable time and e?ort in providing important feedbackto the authors.We thank V. KumarMurty ofthe UniversityofToronto for kindly agreeing to present the invited talk. The talk has been included in the proceedin

2.1 Di?erential Power Analysis Di?erential Power Analysis (DPA) was introduced by Kocher, Ja?e and Jun in 1998 [13] and published in 1999 [14]. The basic idea is to make use of potential correlations between the data handled by the micro-controller and the electric consumption measured values. Since these correlations are often very low, s- tistical methods must be applied to deduce su?cient information from them. Theprinciple ofDPAattacksconsistsincomparingconsumptionvalues m- suredonthe real physical device (for instance a GSM chip or a smart card)with values computed in an hypothetical model of this device (the hypotheses being made among others on the nature of the implementation, and chie?y on a part of the secret key). By comparing these two sets of values, the attacker tries to recover all or part of the secret key. The initial target of DPA attacks was limited to symmetric algorithms. V- nerability of DES - ?rst shown by Kocher, Ja?e and Jun [13, 14]-wasfurther studied by Goubin and Patarin [11, 12], Messerges, Dabbish, Sloan [16]and Akkar, B' evan, Dischamp, Moyart [2]. Applications of these attacks were also largely taken into account during the AES selection process, notably by Biham, Shamir [4], Chari, Jutla, Rao, Rohatgi [5] and Daemen, Rijmen [8].

This book constitutes the refereed proceedings of the First European Public Key Infrastructure Workshop: Research and Applications, EuroPKI 2004, held on Samos Island, Greece in June 2004.

The 25 revised full papers and 5 revised short papers presented were carefully reviewed and selected from 73 submissions. The papers address all current issues in PKI, ranging from theoretical and foundational topics to applications and regulatory issues in various contexts.

Thesearetheproceedingsofthe7thWorkshoponCryptographic Hardwareand EmbeddedSystems(CHES2005)heldinEdinburgh, ScotlandfromAugust29to September1,2005.TheCHESworkshophasbeensponsoredbytheInternational Association for Cryptologic Research (IACR) for the last two years. We received a total of 108 paper submissions for CHES 2005. The doub- blindreviewprocessinvolveda27-memberprogramcommittee anda largen- ber of external sub-referees. The review process concluded with a two week d- cussion process which resulted in 32 papers being selected for presentation. We are grateful to the program committee members and the external sub-referees for carrying out such an enormous task. Unfortunately, there were many strong papers that could not be included in the program due to a lack of space. We would like to thank all our colleagues who submitted papers to CHES 2005. In addition to regular presentations, there were three excellent invited talks given by Ross Anderson (University of Cambridge) on "What Identity Systems Can and Cannot Do," by Thomas Wille (Philips Semiconductors Inc) on "- curity of Identi?cation Products: How to Manage," and by Jim Ward (Trusted Computing Groupand IBM)on"TrustedComputing inEmbedded Systems."It also included a rump session, chaired by Christof Paar, featuring informal talks on recent results.

Security is one of the most significant issues facing the owners and users of computer systems in the Internet age, and recent years have convincingly illustrated that the problem is increasing in both scale and cost.

Computer Insecurity: Risking the System approaches its topic from the perspective of vulnerability a" how can your system be attacked? Covering technical issues and human factors, the comprehensively researched text makes reference to numerous real-life security incidents, which help to provide persuasive practical evidence of the problems and the impacts that result.

Key issues covered include:

• the problem of computer insecurity
• the need to raise security awareness
• common failings that compromise protection
• the attack and exploitation of systems
• considerations in responding to the threats

Presented in clear and lucid terms, the discussion is invaluable reading for all business and computing professionals who wish for an overview of the issues rather than a shopping list of the security measures available.

a ~In todaya (TM)s connected world no-one can afford to ignore computer security, this book tells you why, and what you should do about it, in simple non-technical language.a (TM)

Dr Jeremy Ward, Director of Service Development, Symantec (UK) Ltd

a ~Computer Insecurity contains loads of practical advice supported by an abundance of real world examples and research. If you dona (TM)t understand what all the fuss concerning computer security is about then this book was written for you.a (TM)Jeff Crume, CISSP

Executive IT Security Architect, IBM and author of a ~Inside InternetSecurity a" What hackers dona (TM)t want you to knowa (TM)

a ~I have long been looking for a book that would give answers to why rather than how we cater for Information and Communication Systems Security ... I recommend it wholeheartedly to anyone that wishes to extend their knowledgea (TM)

Professor Sokratis K. Katsikas, University of the Aegean, Greece

Foreword from the Program Chairs These proceedings contain the papers selected for presentation at the 10th - ropean Symposium on Research in Computer Security (ESORICS), held S- tember 12 14, 2005 in Milan, Italy. In response to the call for papers 159 papers were submitted to the conf- ence. These paperswere evaluated on the basis of their signi?cance, novelty, and technical quality. Each paper was reviewed by at least three members of the program committee. The program committee meeting was held electronically, holding intensive discussion over a period of two weeks. Of the papers subm- ted, 27 were selected for presentation at the conference, giving an acceptance rate of about 16%. The conference program also includes an invited talk by Barbara Simons. There is a long list of people who volunteered their time and energy to put together the symposiom and who deserve acknowledgment. Thanks to all the members of the program committee, and the external reviewers, for all their hard work in evaluating and discussing papers. We are also very grateful to all those people whose work ensured a smooth organizational process: Pierangela Samarati, who served as General Chair, Claudio Ardagna, who served as P- licity Chair, Dieter Gollmann who served as Publication Chair and collated this volume, and Emilia Rosti and Olga Scotti for helping with local arrangements. Last, but certainly not least, our thanks go to all the authors who submitted papers and all the attendees. We hope you ?nd the program stimulating."

It is our great pleasure to present the proceedings of the 9th IFIP TC-6 TC-11 Conference on Communications and Multimedia Security (CMS 2005), which washeld in Salzburg on September 19-21,2005.Continuing the tradition of p- vious CMS conferences, we sought a balanced program containing presentations on various aspects of secure communication and multimedia systems. Special emphasis was laid on papers with direct practical relevance for the construction of secure communication systems. The selection of the program was a challenging task. In total, we received 143 submissions, from which 28 were selected for presentation as full papers. In addition to these regular presentations, the CMS conference featured for the ?rst time a "work in progress track" that enabled authors to report preliminary results and ongoing work. These papers were presented in the form of a poster sessionduringtheconference;anextendedabstractofthepostersappearsinthis proceedings volume. From all papers submitted to the CMS conference, the p- gramcommitteechose13 submissionsfor inclusionin theworkinprogresstrack. In addition to regular presentations, CMS 2005 featured a special session on XMLsecurity, containingbothcontributedandinvitedtalks.Thisspecialsession was jointly organized by Rudig ] er Grimm (TU Ilmenau, Germany) and J] org Schwenk (Ruhr-Universit] at Bochum, Germany). Their assistance in organizing CMS 2005 was greatly appreciated."

Privacy in statistical databases is about ?nding tradeo?s to the tension between the increasing societal and economical demand for accurate information and the legal and ethical obligation to protect the privacy of individuals and enterprises, which are the source of the statistical data. Statistical agencies cannot expect to collect accurate information from individual or corporate respondents unless these feel the privacy of their responses is guaranteed; also, recent surveys of Web users show that a majority of these are unwilling to provide data to a Web site unless they know that privacy protection measures are in place. "Privacy in Statistical Databases2004" (PSD2004) was the ?nal conference of the CASC project ("Computational Aspects of Statistical Con?dentiality", IST-2000-25069). PSD2004 is in the style of the following conferences: "Stat- tical Data Protection", held in Lisbon in 1998 and with proceedings published by the O?ce of O?cial Publications of the EC, and also the AMRADS project SDC Workshop, held in Luxemburg in 2001 and with proceedings published by Springer-Verlag, as LNCS Vol. 2316. The Program Committee accepted 29 papers out of 44 submissions from 15 di?erentcountriesonfourcontinents.Eachsubmittedpaperreceivedatleasttwo reviews. These proceedings contain the revised versions of the accepted papers. These papers cover the foundations and methods of tabular data protection, masking methods for the protection of individual data (microdata), synthetic data generation, disclosure risk analysis, and software/case studies.

We are delighted to welcome the attendees of the Fourth International Wo- shop on Digital Watermarking (IWDW). Watermarking continues to generate strong academic interest. Commercialization of the technology is proceeding at a steadypace. We haveseen watermarkingadoptedfor DVD audio.Fingerpri- ing technology was successfully used to determine the source of pirated video material. Furthermore, a number of companies are using watermarking as an enabling technology for broadcast monitoring services. Watermarking of digital cinema contentis anticipated. Future applications may also come from areas- related to digital rights management. For example, the use of watermarking to enhance legacy broadcast and communication systems is now being considered. IWDW 2005 o?ers an opportunity to re?ect upon the state of the art in digital watermarking as well as discuss directions for future research and applications. This year we accepted 31 papers from 74 submissions. This 42% acceptance rate indicates our commitment to ensuring a very high quality conference. We thankthemembersoftheTechnicalProgramCommitteeformakingthispossible by their timely and insightful reviews. Thanks to their hard work this is the ?rst IWDW at which the ?nal proceedings are available to the participants at the time of the workshop as a Springer LNCS publication.

The 4th International Conference on Security in Communication Networks 2004 (SCN2004)washeldatthe DioceseHall oftheArchdioceseofAmal?-Cavade Tirreni and the Armorial Bearings Hall of the Archbishop Palace in Amal?, Italy, on September 8 10, 2004. Previous conferences also took place in Amal? in 1996, 1999 and 2002. The conference aimed at bringing together researchers in the ?elds of cr- tography and security in communication networks to foster cooperation and the exchange of ideas. The main topics included all technical aspects of data security, including: anonymity, authentication, blockciphers, complexity-basedcryptography, cry- analysis, digital signatures, distributed cryptography, hash functions, identi?- tion, implementations, keydistribution, privacy, publickeyencryption, threshold cryptography, and zero knowledge. The Program Committee, consisting of 21 members, considered 79 papers and selected 26 for presentation; one of them was withdrawn by the authors. These papers were selected on the basis of originality, quality and relevance to cryptography and security in communication networks. Due to the high number of submissions, paper selection was a di?cult and challenging task, and many good submissions had to be rejected. Each subm- sion was refereed by at least three reviewers and some had four reports or more. We are very grateful to all the program committee members, who devoted much e?ort and valuable time to read and select the papers. In addition, we gratefully acknowledge the help of colleagues who reviewed submissions in their areas of expertise. They are all listed on page VII and we apologize for any inadvertent omissions. These proceedings include the revised versions of the 26 accepted papers andtheabstractoftheinvitedtalkbyBartPreneel(ECRYPT: theCryptographic Research Challenges for the Next Decade)."

SAC 2004 was the eleventh in a series of annual workshops on Selected Areas in Cryptography. This was the second time that the workshop was hosted by the University of Waterloo, Ontario, with previous workshops being held at Queen'sUniversityinKingston(1994,1996,1998and1999), CarletonUniversity in Ottawa (1995, 1997 and 2003), the Fields Institute in Toronto (2001) and Memorial University of Newfoundland in St. John's (2002). The primary intent of the workshop was to provide a relaxed atmosphere in which researchers in cryptography could present and discuss new work on selected areas of current interest. This year's themes for SAC were: - Design and analysis of symmetric key cryptosystems. - Primitives for symmetric key cryptography, including block and stream - phers, hash functions, and MAC algorithms. - E?cient implementation of cryptographic systems in public and symmetric key cryptography. - Cryptographic solutions for mobile (web) services. A record of 117 papers were submitted for consideration by the program committee. After an extensive review process, 25 papers were accepted for p- sentation at the workshop (two of these papers were merged). Unfortunately, many good papers could not be accommodated this year. These proceedings contain the revised versions of the 24 accepted papers. The revised versions were not subsequently checked for correctness. Also, we were very fortunate to have two invited speakers at SAC 2004. Eli Biham arranged for some breaking news in his talk on "New Results on SHA-0 and SHA-1." This talk was designated as the Sta?ord Tavares L- ture."

We are happy to present to you the proceedings of the 2nd International Workshop on Digital Watermarking, IWDW 2003. Since its modern re-appearance in the academic community in the early 1990s, great progress has been made in understanding both the capabilities and the weaknesses of digital watermarking. On the theoretical side, we all are now well aware of the fact that digital waterma- ing is best viewed as a form of communication using side information. In the case of digital watermarking the side information in question is the document to be wat- marked. This insight has led to a better understanding of the limits of the capacity and robustness of digital watermarking algorithms. It has also led to new and improved watermarking algorithms, both in terms of capacity and imperceptibility. Similarly, the role of human perception, and models thereof, has been greatly enhanced in the study and design of digital watermarking algorithms and systems. On the practical side, applications of watermarking are not yet abundant. The original euphoria on the role of digital watermarking in copy protection and copyright prot- tion has not resulted in widespread usage in practical systems. With hindsight, a n- ber of reasons can be given for this lack of practical applications.

These are the proceedings of CHES 2004, the 6th Workshop on Cryptographic Hardware and Embedded Systems. For the ?rst time, the CHES Workshop was sponsored by the International Association for Cryptologic Research (IACR). This year, the number of submissions reached a new record. One hundred and twenty-?ve papers were submitted, of which 32 were selected for presen- tion. Each submitted paper was reviewed by at least 3 members of the program committee. We are very grateful to the program committee for their hard and e?cientworkinassemblingtheprogram.Wearealsogratefultothe108external referees who helped in the review process in their area of expertise. In addition to the submitted contributions, the program included three - vited talks, by Neil Gershenfeld (Center for Bits and Atoms, MIT) about "Ph- ical Information Security," by Isaac Chuang (Medialab, MIT) about "Quantum Cryptography," and by Paul Kocher (Cryptography Research) about "Phy- cal Attacks." It also included a rump session, chaired by Christof Paar, which featured informal talks on recent results. Asinthepreviousyears, theworkshopfocusedonallaspectsofcryptographic hardware and embedded system security. We sincerely hope that the CHES Workshop series will remain a premium forum for intellectual exchange in this area.

The4thWorkshoponInformationSecurityApplications(WISA2003)wassp- sored by the following Korean organizations and government bodies: the Korea Institute of Information Security and Cryptology (KIISC), the Electronics and TelecommunicationsResearchInstitute(ETRI), andtheMinistryofInformation and Communication (MIC). The workshop was held in Jeju Island, Korea - ring August 25-27, 2003. This international workshop provided ample technical sessions covering a large spectrum of information security applications. Subjects covered included network/mobile security, electronic commerce security, digital rights management, intrusion detection, secure systems and applications, bio- trics and human interfaces, public key cryptography, and applied cryptography. The program committee received 200 papers from 23 countries (representing most geographic areas where security and applied cryptography research is c- ductedthroughouttheworld).Eachsubmittedpaperwaspeer-reviewedbythree program committee members. This year, we had two tracks: long and short p- sentation tracks. We selected 36 papers for the long presentation track and 34 papers for the short presentation tracks. This volume contains revised versions of papers accepted for the long presentation track. We would like to note that getting accepted to both tracks was an achievement to be proud of, given the competitive nature of WISA this year. Papers in the short presentation track were only published in the WISA preproceedings as preliminary notes; ext- dedversionsofthesenotesmaybepublishedbyfutureconferencesorworkshops

Intended for database administrators, this book shows how to protect an Access database by making changes in the startup options, database options and attributes, menus and toolbars, workgroup security, and the Windows operating system itself. The Australian author discusses the AutoExec macro, data

PET 2003 was the 3rd Workshop on Privacy Enhancing Technologies. It all startedin2000withHannesFederrathorganizing"DesigningPrivacyEnhancing Technologies: Workshop on Design Issues in Anonymity and Unobservability," July 25-26, 2000, held at the Computer Science Institute (ICSI), Berkeley, CA (LNCS 2009). Roger Dingledine, Adam Shostack, and Paul Syverson continued in April 2002 in San Francisco (PET 2002, LNCS 2482). This year was Dresden, and as long as the new PET ?eld prospers, we intend to hold this workshop annually. The workshop focused on the design and realization of anonymity and an- censorship services for the Internet and other communication networks. Besides the excellent technical papers, we had four panels, led by Richard Clayton, - drei Serjantov, Marit Hansen, and Allan Friedman. This year we also extended our work-in-progress talk schedule, allowing 24 people from the audience to - troduce a variety of new technologies and perspectives. An event like PET 2003 cannot happen without the work and dedication of many individuals. First we thank the authors, who wrote and submitted 52 full papers. Next the program committee, who wrote 163 reviews and - lected14papersforpresentationandpublication, withadditionalreviewinghelp from Peter Berlich, Oliver Berthold, Steve Bishop, Jan Camenisch, Sebastian Clauss, Allison Clayton, George Danezis, Christian Friberg, Philippe Golle, Mike Gurski, Guenter Karjoth, Dogan Kesdogan, Stefan Kopsell, ] Thomas Kriegelstein, Heinrich Langos, Nick Mathewson, Richard E. Newman, Richard Owens, David Parkes, Peter Pietzuch, Sandra Steinbrecher, Nathalie Weiler, Matthew Wright, and Sheng Zhong."

ICICS 2003, the Fifth International Conference on Information and C- munication Security, was held in Huhehaote city, Inner Mongolia, China, 10 13 October 2003. Among the preceding conferences, ICICS 97 was held in B- jing, China, ICICS 99 in Sydney, Australia, ICICS 2001 in Xi an, China, and ICICS 2002, in Singapore.TheproceedingswerereleasedasVolumes1334,1726, 2229, and 2513 of the LNCS series of Springer-Verlag, respectively. ICICS 2003 was sponsored by the Chinese Academy of Sciences (CAS), the National Natural Science Foundation of China, and the China Computer F- eration. The conference was organized by the Engineering Research Center for Information Security Technology of the Chinese Academy of Sciences (ERCIST, CAS) in co-operation with the International Communications and Information Security Association (ICISA). The aim of the ICICS conferences has been to o?er the attendees the - portunity to discuss the state-of-the-art technology in theoretical and practical aspects of information and communications security. The response to the Call forPaperswassurprising.WhenwewerepreparingtheconferencebetweenApril and May, China, including the conference venue, Huhehaote City, was ?ghting against SARS. Despite this 176 papers were submitted to the conference from 22 countries and regions, and after a competitive selection process, 37 papers from 14 countries and regions were accepted to appear in the proceedings and be presented at ICICS 2003. We would like to take this opportunity to thank all those who submitted papers to ICICS 2003 for their valued contribution to the conference."

The Communications and Multimedia Security conference (CMS 2003) was - ganized in Torino, Italy, on October 2-3, 2003. CMS 2003 was the seventh IFIP working conference on communications and multimedia security since 1995. - search issues and practical experiences were the topics of interest, with a special focus on the security of advanced technologies, such as wireless and multimedia communications. The book "Advanced Communications and Multimedia Security" contains the 21 articles that were selected by the conference program committee for p- sentation at CMS 2003. The articles address new ideas and experimental eval- tion in several ?elds related to communications and multimedia security, such as cryptography, network security, multimedia data protection, application se- rity, trust management and user privacy. We think that they will be of interest not only to the conference attendees but also to the general public of researchers in the security ?eld. We wish to thank all the participants, organizers, and contributors of the CMS 2003 conference for having made it a success. October 2003 Antonio Lioy GeneralChairofCMS2003 Daniele Mazzocchi ProgramChairofCMS2003 VI Organization CMS 2003 was organized by the TORSEC Computer and Network Security Group of the Dipartimento di Automatica ed Informatica at the Politecnico di Torino, in cooperation with the Istituto Superiore Mario Boella.

TCC 2005, the 2nd Annual Theory of Cryptography Conference, was held in Cambridge, Massachusetts, onFebruary10-12,2005.Theconferencereceived84 submissions, ofwhichtheprogramcommitteeselected32forpresentation.These proceedings contain the revised versions of the submissions that were presented at the conference. These revisions have not been checked for correctness, and the authors bear full responsibility for the contents of their papers. The conference program also included a panel discussion on the future of theoretical cryptography and its relationship to the real world (whatever that is). It also included the traditional "rump session," featuring short, informal talks on late-breaking research news. Much as hatters of old faced mercury-induced neurological damage as an occupational hazard, computer scientists will on rare occasion be a?icted with egocentrism, probably due to prolonged CRT exposure. Thus, you must view withpityandnotcontemptmyunalloyedelationathavingmynameonthefront cover of this LNCS volume, and my deep-seated conviction that I fully deserve the fame and riches that will surely come of it. However, having in recent years switched over to an LCD monitor, I would like to acknowledge some of the many who contributed to this conference. First thanks are due to the many researchers from all over the world who submitted their work to this conference. Lacking shrimp and chocolate-covered strawberries, TCC has to work hard to be a good conference. As a community, I think we have.

The RSA Conferenceis attended by over10,000securityprofessionalseach year. The Cryptographers' Track (CT-RSA), one of several parallel tracks at the c- ference, provides an excellent opportunity for cryptographers to showcase their research to a wide audience. CT-RSA 2005 was the ?fth year of the Cryptog- phers' Track. The selection process for the CT-RSA program is the same as for other cryptography research conferences. This year, the program committee selected 23 papers from 74submissions (two of whichwerelater withdrawn) that covered all aspects of cryptography. The program also included two invited talks by Cynthia Dwork and Moti Yung. These proceedings contain the revised versions of the selected papers. The revisions were not checked, and so the authors (and not the committee) bear full responsibility for the contents of their papers. I am very grateful to the program committee for their very conscientious e?orts to review each paper fairly and thoroughly. The initial review stage was followed by a tremendous amount of discussion which contributed to our high con?denceinour judgements.Thanks alsoto the manyexternalreviewerswhose names arelisted in the followingpages.My apologiesto thosewhose nameswere inadvertently omitted from this list. Thanks to Eddie Ng for maintaining the submission server and the Web reviewsystem.ThesubmissionsoftwarewaswrittenbyChanathipNamprempre, and the Web review software by Wim Moreau and Joris Claessens. Thanks to AlfredHofmannandhiscolleaguesatSpringerforthetimelyproductionofthese proceedings.Finally, it is my pleasureto acknowledgeAri Juels and MikeSzydlo of RSA Laboratories for their assistance and cooperation during the past seven months.

On behalf of the Program Committee, it is our pleasure to present to you the proceedings of the Sixth Symposium on Recent Advances in Intrusion Detection (RAID 2003). Theprogramcommitteereceived44fullpapersubmissionsfrom10countries. All submissions were carefully reviewed by at least three program committee members or additional intrusion detection experts according to the criteria of scienti?c novelty, importance to the ?eld, and technical quality. The program committee meeting was held in Berkeley, USA on May 14 15. Thirteen papers were selected for presentation and publication in the conference proceedings. The conference technical program included both fundamental research and practical issues, and was shaped around the following topics: network infr- tructure, anomaly detection, correlation, modeling and speci?cation, and sensor technologies. The slides presented by the authors are available on the RAID 2003 web site, http: //www.raid-symposium.org/raid2003. We would like to thank the authors that submitted papers as well as the p- gram committee members and the additional reviewers who volunteered their time to create a quality program. In addition, we want to thank the Conf- ence General Chair, John McHugh, for organizing the conference in Pittsburgh, Joshua Haines for publicizing the conference, Don McGillen for ?nding support from our sponsors, and Christopher Kruegel for maintaining the RAID web site and preparing the conference proceedings. Special thanks go to our sponsors Cisco Systems and Symantec, who p- vided ?nancial support for student participation to the symposium, and to CERT/CMU for hosting the conference."

The 1st International Conference on "Applied Cryptography and Network Se- rity" (ACNS 2003) was sponsored and organized by ICISA (International C- munications and Information Security Association), in cooperation with MiAn Pte. Ltd. and the Kunming government. It was held in Kunming, China in - tober 2003. The conference proceedings was published as Volume 2846 of the Lecture Notes in Computer Science (LNCS) series of Springer-Verlag. The conference received 191 submissions, from 24 countries and regions; 32 of these papers were accepted, representing 15 countries and regions (acceptance rate of 16.75%). In this volume you will ?nd the revised versions of the - cepted papers that were presented at the conference. In addition to the main track of presentations of accepted papers, an additional track was held in the conference where presentations of an industrial and technical nature were given. These presentations were also carefully selected from a large set of presentation proposals. This new international conference series is the result of the vision of Dr. Yongfei Han. The conference concentrates on current developments that advance the - eas of applied cryptography and its application to systems and network security. The goal is to represent both academic research works and developments in - dustrial and technical frontiers. We thank Dr. Han for initiating this conference and for serving as its General Chair.

The 2003 Information Security Conference was the sixth in a series that started with the InformationSecurity Workshopin 1997.A distinct feature of this series is the wide coverage of topics with the aim of encouraging interaction between researchers in di?erent aspects of information security. This trend continued in the program of this year s conference. There were 133 paper submissions to ISC 2003. From these submissions the 31papersintheseproceedingswereselectedbytheprogramcommittee, covering a wide range of technical areas. These papers are supplemented by two invited papers;athirdinvitedtalkwaspresentedattheconferencebutisnotrepresented by a written paper. We would like to extend our sincere thanks to all the authors that submitted papers to ISC 2003, and we hope that those whose papers were declined will be able to ?nd an alternative forum for their work. We are also very grateful to the three eminent invited speakers at the conference: Paul van Oorschot (Carleton University, Canada), Ueli Maurer (ETH Zur ] ich, Switzerland), and Andy Clark (Inforenz Limited, UK). We were fortunate to have an energetic team of experts who took onthe task of the program committee. Their names may be found overleaf, and we thank them warmly for their considerable e?orts. This team was helped by an even larger number of individuals who reviewed papers in their particular areas of expertise. A list of these names is also provided, which we hope is complete."

Crypto 2003, the 23rd Annual Crypto Conference, was sponsored by the Int- national Association for Cryptologic Research (IACR) in cooperation with the IEEE Computer Society Technical Committee on Security and Privacy and the Computer Science Department of the University of California at Santa Barbara. The conference received 169 submissions, of which the program committee selected 34 for presentation. These proceedings contain the revised versions of the 34 submissions that were presented at the conference. These revisions have not been checked for correctness, and the authors bear full responsibility for the contents of their papers. Submissions to the conference represent cutti- edge research in the cryptographic community worldwide and cover all areas of cryptography. Many high-quality works could not be accepted. These works will surely be published elsewhere. The conference program included two invited lectures. Moni Naor spoke on cryptographic assumptions and challenges. Hugo Krawczyk spoke on the 'SI- and-MAc'approachtoauthenticatedDi?e-HellmananditsuseintheIKEpro- cols. The conference program also included the traditional rump session, chaired by Stuart Haber, featuring short, informal talks on late-breaking research news. Assembling the conference program requires the help of many many people. To all those who pitched in, I am forever in your debt. I would like to ?rst thank the many researchers from all over the world who submitted their work to this conference. Without them, Crypto could not exist. I thank Greg Rose, the general chair, for shielding me from innumerable logistical headaches, and showing great generosity in supporting my e?orts.