On behalf of the Program Committee, it is our pleasure to present to you the proceedings of the Sixth Symposium on Recent Advances in Intrusion Detection (RAID 2003). Theprogramcommitteereceived44fullpapersubmissionsfrom10countries. All submissions were carefully reviewed by at least three program committee members or additional intrusion detection experts according to the criteria of scienti?c novelty, importance to the ?eld, and technical quality. The program committee meeting was held in Berkeley, USA on May 14 15. Thirteen papers were selected for presentation and publication in the conference proceedings. The conference technical program included both fundamental research and practical issues, and was shaped around the following topics: network infr- tructure, anomaly detection, correlation, modeling and speci?cation, and sensor technologies. The slides presented by the authors are available on the RAID 2003 web site, http: //www.raid-symposium.org/raid2003. We would like to thank the authors that submitted papers as well as the p- gram committee members and the additional reviewers who volunteered their time to create a quality program. In addition, we want to thank the Conf- ence General Chair, John McHugh, for organizing the conference in Pittsburgh, Joshua Haines for publicizing the conference, Don McGillen for ?nding support from our sponsors, and Christopher Kruegel for maintaining the RAID web site and preparing the conference proceedings. Special thanks go to our sponsors Cisco Systems and Symantec, who p- vided ?nancial support for student participation to the symposium, and to CERT/CMU for hosting the conference."

The 1st International Conference on "Applied Cryptography and Network Se- rity" (ACNS 2003) was sponsored and organized by ICISA (International C- munications and Information Security Association), in cooperation with MiAn Pte. Ltd. and the Kunming government. It was held in Kunming, China in - tober 2003. The conference proceedings was published as Volume 2846 of the Lecture Notes in Computer Science (LNCS) series of Springer-Verlag. The conference received 191 submissions, from 24 countries and regions; 32 of these papers were accepted, representing 15 countries and regions (acceptance rate of 16.75%). In this volume you will ?nd the revised versions of the - cepted papers that were presented at the conference. In addition to the main track of presentations of accepted papers, an additional track was held in the conference where presentations of an industrial and technical nature were given. These presentations were also carefully selected from a large set of presentation proposals. This new international conference series is the result of the vision of Dr. Yongfei Han. The conference concentrates on current developments that advance the - eas of applied cryptography and its application to systems and network security. The goal is to represent both academic research works and developments in - dustrial and technical frontiers. We thank Dr. Han for initiating this conference and for serving as its General Chair.

The 2003 Information Security Conference was the sixth in a series that started with the InformationSecurity Workshopin 1997.A distinct feature of this series is the wide coverage of topics with the aim of encouraging interaction between researchers in di?erent aspects of information security. This trend continued in the program of this year s conference. There were 133 paper submissions to ISC 2003. From these submissions the 31papersintheseproceedingswereselectedbytheprogramcommittee, covering a wide range of technical areas. These papers are supplemented by two invited papers;athirdinvitedtalkwaspresentedattheconferencebutisnotrepresented by a written paper. We would like to extend our sincere thanks to all the authors that submitted papers to ISC 2003, and we hope that those whose papers were declined will be able to ?nd an alternative forum for their work. We are also very grateful to the three eminent invited speakers at the conference: Paul van Oorschot (Carleton University, Canada), Ueli Maurer (ETH Zur ] ich, Switzerland), and Andy Clark (Inforenz Limited, UK). We were fortunate to have an energetic team of experts who took onthe task of the program committee. Their names may be found overleaf, and we thank them warmly for their considerable e?orts. This team was helped by an even larger number of individuals who reviewed papers in their particular areas of expertise. A list of these names is also provided, which we hope is complete."

Crypto 2003, the 23rd Annual Crypto Conference, was sponsored by the Int- national Association for Cryptologic Research (IACR) in cooperation with the IEEE Computer Society Technical Committee on Security and Privacy and the Computer Science Department of the University of California at Santa Barbara. The conference received 169 submissions, of which the program committee selected 34 for presentation. These proceedings contain the revised versions of the 34 submissions that were presented at the conference. These revisions have not been checked for correctness, and the authors bear full responsibility for the contents of their papers. Submissions to the conference represent cutti- edge research in the cryptographic community worldwide and cover all areas of cryptography. Many high-quality works could not be accepted. These works will surely be published elsewhere. The conference program included two invited lectures. Moni Naor spoke on cryptographic assumptions and challenges. Hugo Krawczyk spoke on the 'SI- and-MAc'approachtoauthenticatedDi?e-HellmananditsuseintheIKEpro- cols. The conference program also included the traditional rump session, chaired by Stuart Haber, featuring short, informal talks on late-breaking research news. Assembling the conference program requires the help of many many people. To all those who pitched in, I am forever in your debt. I would like to ?rst thank the many researchers from all over the world who submitted their work to this conference. Without them, Crypto could not exist. I thank Greg Rose, the general chair, for shielding me from innumerable logistical headaches, and showing great generosity in supporting my e?orts.

The INDOCRYPT series of conferences started in 2000. INDOCRYPT 2004 was the ?fth one in this series. The popularity of this series is increasing every year. The number of papers submitted to INDOCRYPT 2004 was 181, out of which 147 papers conformed to the speci?cations in the call for papers and, therefore, were accepted to the review process. Those 147 submissions were spread over 22 countries. Only 30 papers were accepted to this proceedings. We should note that many of the papers that were not accepted were of good quality but only the top 30 papers were accepted. Each submission received at least three independent - views. The selection process also included a Web-based discussion phase. We made e?orts to compare the submissions with other ongoing conferences around the world in order to ensure detection of double-submissions, which were not - lowed by the call for papers. We wish to acknowledge the use of the Web-based review software developed by Bart Preneel, Wim Moreau, and Joris Claessens in conducting the review process electronically. The software greatly facilitated the Program Committee in completing the review process on time. We would like to thank C edric Lauradoux and the team at INRIA for their total support in c- ?guring and managing the Web-based submission and review softwares. We are unable to imagine the outcome of the review process without their participation. This year the invited talks were presented by Prof. Colin Boyd and Prof."

This volume contains the papers presented at the International Workshop on Mathematical Methods, Models and Architectures for Computer Network Se- rity(MMM-ACNS2003)heldinSt.Petersburg, Russia, duringSeptember21 23, 2003.TheworkshopwasorganizedbytheSt.PetersburgInstituteforInformatics and Automation of the Russian Academy of Sciences (SPIIRAS) in cooperation with the Russian Foundation for Basic Research (RFBR), the US Air Force - search Laboratory/Information Directorate (AFRL/IF) and the Air Force O?ce of Scienti?c Research (AFOSR), the O?ce of Naval Research International Field O?ce (USA), and Binghamton University (SUNY, USA). The ?rst international workshop of this series, MMM-ACNS2001, May 21 23, 2001, St. Petersburg, Russia, hosted by the St. Petersburg Institute for - formatics and Automation, demonstrated the keen interest of the international researchcommunityinthetheoreticalaspectsofcomputernetworkandinfor- tion security and encouraged the establishment of an on-going series of brennial workshops. MMM-ACNS2003 provided an international forum for sharing original - search results and application experiences among specialists in fundamental and applied problems of computer network security. An important distinction of the workshop was its focus on mathematical aspects of information and computer networksecurityandtheroleofmathematicalissuesincontemporaryandfuture development of models of secure computing."

* Only up to date book for the latest version of .NET * Concentrates on Web services not general .NET security * Describes the key aspects of Windows Operating System security, Internet Information Services security, and ASP.NET Security, laying the foundation for a complete discussion of Web Services security in the .NET Platform. * Shows how to use the WS-Security W3C specifications for industry - standard authentication, encryption, authorization, Xml signature, attachments and routing with Web Services. * Teaches the reader how to use the new WSE (Web Services Software Development Kit) from Microsoft. * Shows how to integrate Web Services security into the applications developers write with specific working code examples and explanations.

The second International Conference on Applied Cryptography and Network Security (ACNS 2004) was sponsored and organized by ICISA (the International Communications and Information Security Association). It was held in Yellow Mountain, China, June 8-11, 2004. The conference proceedings, representing papers from the academic track, are published in this volume of the Lecture Notes in Computer Science (LNCS) of Springer-Verlag. The area of research that ACNS covers has been gaining importance in recent years due to the development of the Internet, which, in turn, implies global exposure of computing resources. Many ?elds of research were covered by the program of this track, presented in this proceedings volume. We feel that the papers herein indeed re?ect the state of the art in security and cryptography research, worldwide. The program committee of the conference received a total of 297 submissions from all over the world, of which 36 submissions were selected for presentation during the academic track. In addition to this track, the conference also hosted a technical/industrial track of presentations that were carefully selected as well. All submissions were reviewed by experts in the relevant areas.

These are the proceedings of CHES 2003, the ?fth workshop on Cryptographic HardwareandEmbeddedSystems, heldinCologneonSeptember8-10,2003.As with every previous workshop, there was a record number of submissions despite themuchearlierdeadlineinthisyear'scallforpapers.Thisisaclearindication of the growing international importance of the scope of the conference and the relevance of the subject material to both industry and academia. The increasing competition for presenting at the conference has led to many excellent papers and a higher standard overall. From the 111 submissions, time constraintsmeantthatonly32couldbeaccepted.Theprogramcommitteewo- ed very hard to select the best. However, at the end of the review process there were a number of good papers - which it would like to have included but for which, sadly, there was insu?cient space. In addition to the accepted papers appearing in this volume, there were three invited presentations from Hans D- bertin (Ruhr-Universit] at Bochum, Germany), Adi Shamir (Weizmann Institute, Israel), and Frank Stajano (University of Cambridge, UK), and a panel d- cussion on the e?ectiveness of current hardware and software countermeasures against side channel leakage in embedded cryptosystems."

The Cryptographers' Track (CT-RSA) is a research conference within the RSA conference, the largest, regularly staged computer security event. CT-RSA 2004 was the fourth year of the Cryptographers' Track, and it is now an established venue for presenting practical research results related to cryptography and data security. The conference received 77 submissions, and the program committee sel- ted 28 of these for presentation. The program committee worked very hard to evaluate the papers with respect to quality, originality, and relevance to cryp- graphy. Each paper was reviewed by at least three program committee members. Extended abstracts of the revised versions of these papers are in these proc- dings. The program also included two invited lectures by Dan Boneh and Silvio Micali. I am extremely grateful to the program committee members for their en- mous investment of time and e?ort in the di?cult and delicate process of review and selection. Many of them attended the program committee meeting during the Crypto 2003 conference at the University of California, Santa Barbara.

This book constitutes the thoroughly refereed postproceedings of the 10th Annual International Workshop on Selected Areas in Cryptography, SAC 2003, held in Ottawa, Canada, in August 2003.

The 25 revised full papers presented were carefully selected from 85 submissions during two rounds of reviewing and improvement. The papers are organized in topical sections on elliptic and hyperelliptic curves, side channel attacks, security protocols and applications, cryptanalysis, cryptographic primitives, stream ciphers, and efficient implementations.

Information Security Architecture, Second Edition incorporates the knowledge developed during the past decade that has pushed the information security life cycle from infancy to a more mature, understandable, and manageable state. It simplifies security by providing clear and organized methods and by guiding you to the most effective resources available. In addition to the components of a successful Information Security Architecture (ISA) detailed in the previous edition, this volume also discusses computer incident/emergency response. The book describes in detail every one of the eight ISA components. Each chapter provides an understanding of the component and details how it relates to the other components of the architecture. The text also outlines how to establish an effective plan to implement each piece of the ISA within an organization. The second edition has been modified to provide security novices with a primer on general security methods. It has also been expanded to provide veteran security professionals with an understanding of issues related to recent legislation, information assurance, and the latest technologies, vulnerabilities, and responses.

Preface Formal Aspects of Security (FASec) was held at Royal Holloway, University of London, 18-20 December 2002. The occasion celebrated a Jubilee, namely the 25thanniversaryoftheestablishmentofBCS-FACS, theFormalAspectsofC- puting Science specialist group of the British Computer Society. FASec is one of a series of events organized by BCS-FACS to highlight the use of formal me- ods, emphasize their relevance to modern computing, and promote their wider application. As the architecture model of information systems evolves from - connected PCs, throughintranet (LAN) and internet (WAN), to mobile internet and grids, security becomes increasingly critical to all walks of society: c- merce, ?nance, health, transport, defence and science. It is no surprise therefore that security is one of the fastest-growing research areas in computer science. Theaudience ofFASec includes thosein the formalmethods community who have(orwouldliketodevelop)adeeper interestinsecurity, andthoseinsecurity who would like to understand how formal methods can make important cont- butions to some aspects of security. The scope of FASec is deliberately broad andcoverstopics that rangefrommodelling securityrequirementsthroughsp- i?cation, analysis, and veri?cations of cryptographic protocols to certi?ed code. The discussions at FASec 2002 encompassed many aspects of security: from theoretical foundations through support tools and on to applications. Formal methods has made a substantial contribution to this exciting ?eld in the pa

The refereed proceedings of the 8th Australasian Conference on Information Security and Privacy, ACISP 2003, held in Wollongong, Australia, in July 2003. The 42 revised full papers presented together with 3 invited contributions were carefully reviewed and selected from 158 submissions. The papers are organized in topical sections on privacy and anonymity, elliptic curve cryptography, cryptanalysis, mobile and network security, digital signatures, cryptosystems, key management, and theory and hash functions.

The 2004 Information Security Conference was the seventh in a series that started with the Information Security Workshop in 1997. A distinct feature of this series is the wide coverage of topics with the aim of encouraging interaction between researchers in di?erent aspects of information security. This trend c- tinuedintheprogramofthisyear sconference.Theprogramcommitteereceived 106 submissions, from which 36 were selected for presentation. Each submission was reviewed by at least three experts in the relevant research area. We would liketothankalltheauthorsfortakingtheirtimetopreparethesubmissions, and wehopethatthosewhosepapersweredeclinedwillbeableto?ndanalternative forum for their work. We were fortunate to have an energetic team of experts who took on the task of the program committee. Their names may be found overleaf, and we thank them warmly for their time and e?orts. This team was helped by an even larger number of external reviewers who reviewed papers in their particular areas of expertise. A list of these names is also provided, which we hope is complete. We would also like to thank the advisory committee for their advice and s- port.TheexcellentlocalarrangementswerehandledbyDirkBalfanzandJessica Staddon. We made use of the electronic submission and reviewing software s- plied by COSIC at the Katholieke Universiteit Leuven. Both the software and the ISC 2004 website were run on a server at UNC Charlotte, and were perfectly maintained by Seung-Hyun Im. We also appreciate assistance from Lawrence Teo in editing the proceedings."

PKC2004wasthe7thInternationalWorkshoponPracticeandTheoryinPublic Key Cryptography and was sponsored by IACR, the International Association for Cryptologic Research (www. iacr. org). This year the workshop was organized 2 in cooperation with the Institute for Infocomm Research (I R), Singapore. There were 106 paper submissions from 19 countries to PKC 2004. That is the highest submission number in PKC history. Due to the large number of submissionsandthehighqualityofthe submittedpapers, notallthepapersthat contained new ideas were accepted. Of the 106 submissions, 32 were selected for the proceedings. Each paper was sent to at least 3 members of the Program Committee for comments. The revised versions of the accepted papers were not checked for correctness of their scienti?c aspects and the authors bear the full responsibility for the contents of their papers. Some authors will write ?nal versions of their papers for publication in refereed journals. I am very grateful to the members of the Program Committee for their hard work in the di?cult task of selecting fewer than 1 in 3 of the submitted papers, as well as the following external referees who helped the Program Committee: Nuttapong Attrapadung, RobertoMariaAvanzi, GildasAvoine, JoonsangBaek, Qingjun Cai, Jae Choon Cha, Chien-Ning Chen, Liqun Chen, Xiaofeng Chen, Koji Chida, Nicolas T. Courtois, Yang Cui, Jean-Franco, is Dhem, Louis Goubin, Louis Granboulan, Rob Granger, Jens Groth, Yumiko Hanaoka, Darrel Hank- son, Chao-ChihHsu, TetsutaroKobayashi, YuichiKomano, HidenoriKuwakado, TanjaLange, PeterLeadbitter, ByoungcheonLee, Chun-KoLee, HenryC. J. Lee, JohnMaloneLee, YongLi, Beno tLibert, Hsi-ChungLin, YiLu, JeanMonnerat, Anderson C. A. Nas

This book constitutes the refereed proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2003, held in Warsaw, Poland in May 2003. The 37 revised full papers presented together with two invited papers were carefully reviewed and selected from 156 submissions. The papers are organized in topical sections on cryptanalysis, secure multi-party communication, zero-knowledge protocols, foundations and complexity-theoretic security, public key encryption, new primitives, elliptic curve cryptography, digital signatures, information-theoretic cryptography, and group signatures.

Integrity and Internal Control in Information Systems V represents a continuation of the dialogue between researchers, information security specialists, internal control specialists and the business community. The objectives of this dialogue are:
-To present methods and techniques that will help business achieve the desired level of integrity in information systems and data;
-To present the results of research that may be used in the near future to increase the level of integrity or help management maintain the desired level of integrity;
-To investigate the shortcomings in the technologies presently in use, shortcomings that require attention in order to protect the integrity of systems in general.
The book contains a collection of papers from the Fifth International Working Conference on Integrity and Internal Control in Information Systems (IICIS), sponsored by the International Federation for Information Processing (IFIP) and held in Bonn, Germany in November 2002.

Security is a rapidly growing area of computer science, with direct and increasing relevance to real-life applications, such as Internet transactions, e-commerce, information protection, network and systems security, etc. Foundations for the analysis and design of security features of such applications are badly needed in order to validate and prove their correctness.

This book presents thoroughly revised versions of six tutorial lectures given by leading researchers during two International Schools on Foundations of Security Analysis and Design, FOSAD 2001/2002, held in Bertinoro, Italy, in September 2001 and September 2002. The lectures are devoted to:

- Formal Approaches to Approximating Noninterference Properties

- The Key Establishment Problem

- Name-Passing Calculi and Cryptoprimitives

- Classification of Security Properties; Network Security

- Cryptographic Algorithms for Multimedia Traffic

- Security for Mobility

Crypto 2004, the 24th Annual Crypto Conference, was sponsored by the Int- national Association for Cryptologic Research (IACR) in cooperation with the IEEE Computer Society Technical Committee on Security and Privacy and the Computer Science Department of the University of California at Santa Barbara. The program committee accepted 33 papers for presentation at the conf- ence. These were selected from a total of 211 submissions. Each paper received at least three independent reviews. The selection process included a Web-based discussion phase, and a one-day program committee meeting at New York U- versity. These proceedings include updated versions of the 33 accepted papers. The authors had a few weeks to revise them, aided by comments from the reviewers. However, the revisions were not subjected to any editorial review. Theconferenceprogramincludedtwoinvitedlectures.VictorShoup'sinvited talk was a survey on chosen ciphertext security in public-key encryption. Susan Landau's invited talk was entitled "Security, Liberty, and Electronic Commu- cations." Her extended abstract is included in these proceedings. We continued the tradition of a Rump Session, chaired by Stuart Haber. Those presentations (always short, often serious) are not included here.

Like any new frontier, cyberspace offers both exhilarating possibilities and unforeseen hazards. As personal information about us travels the globe on high-speed networks, often with neither our knowledge nor our consent, a solid understanding of privacy and security issues is vital to the preservation of our rights and civil liberties. In reaping the benefits of the information age while safeguarding ourselves from its perils, the choices we make and the precedents we establish today will be central in defining the future of the electronic frontier.

Since 1991, the non-profit Electronic Frontier Foundation (EFF) has worked to protect freedoms and advocate responsibility in new media and the online world. In Protecting Yourself Online,  Robert Gelman has drawn on the collective insight and experience of EFF to present a comprehensive guide to self-protection in the electronic frontier. In accessible, clear-headed language, Protecting Yourself Online  addresses such issues as:

• avoiding spam [junk mail]
• spotting online scams and hoaxes
• protecting yourself from identity theft and fraud
• guarding your email privacy [and knowing when you can't]
• assessing the danger of viruses
• keeping the net free of censorship and safe for your children
• protecting your intellectual property

Produced by the leading civil libertarians of the digital age, and including a foreword by one of the most respected leaders in global business and the cyberworld, Esther Dyson, Protecting Yourself Online is an essential resource for new media newcomers and old Internet hands alike.

Fast Software Encryption is now a 10-year-old workshop on symmetric crypt- raphy, including the design and cryptanalysis of block and stream ciphers, as well as hash functions. The ?rst FSE workshop was held in Cambridge in 1993, followed by Leuven in 1994, Cambridge in 1996, Haifa in 1997, Paris in 1998, Rome in 1999, New York in 2000, Yokohama in 2001, and Leuven in 2002. This Fast Software Encryption workshop, FSE 2003, was held February 24- 26, 2003 in Lund, Sweden. The workshop was sponsored by IACR (International Association for Cryptologic Research) and organized by the General Chair, Ben Smeets, in cooperation with the Department of Information Technology, Lund University. Thisyearatotalof71papersweresubmittedtoFSE2003.Afteratwo-month reviewing process, 27 papers were accepted for presentation at the workshop. In addition, we were fortunate to have in the program an invited talk by James L. Massey. The selection of papers was di?cult and challenging work. Each submission was refereed by at least three reviewers. I would like to thank the program c- mittee members, who all did an excellent job. In addition, I gratefully ackno- edge the help of a number of colleagues who provided reviews for the program committee. They are: Kazumaro Aoki, Alex Biryukov, Christophe De Canni' ere, Nicolas Courtois, Jean-Charles Faug' ere, Rob Johnson, Pascal Junod, Joseph Lano, Marine Minier, Elisabeth Oswald, H? avard Raddum, and Markku-Juhani O. Saarinen.

This book constitutes the thoroughly refereed post-proceedings of the 6th International Conference on Financial Cryptography, FC 2002, held in Southampton, Bermuda, in March 2002. The 19 revised full papers presented were carefully selected during two rounds of reviewing and improvement. The papers are organized in topical sections on voting and recommending, auctions, cryptography, digital signature schemes, thresholds and secret sharing, and anonymity and digital payment systems.

The 9th Australasian Conference on Information Security and Privacy (ACISP 2004) was held in Sydney, 13-15 July, 2004. The conference was sponsored by the Centre for Advanced Computing - Algorithms and Cryptography (ACAC), Information and Networked Security Systems Research (INSS), Macquarie U- versity and the Australian Computer Society. Theaimsoftheconferencearetobringtogetherresearchersandpractitioners working in areas of information security and privacy from universities, industry and government sectors. The conference program covered a range of aspects including cryptography, cryptanalysis, systems and network security. The program committee accepted 41 papers from 195 submissions. The - viewing process took six weeks and each paper was carefully evaluated by at least three members of the program committee. We appreciate the hard work of the members of the program committee and external referees who gave many hours of their valuable time. Of the accepted papers, there were nine from Korea, six from Australia, ?ve each from Japan and the USA, three each from China and Singapore, two each from Canada and Switzerland, and one each from Belgium, France, Germany, Taiwan, The Netherlands and the UK. All the authors, whether or not their papers were accepted, made valued contributions to the conference. In addition to the contributed papers, Dr Arjen Lenstra gave an invited talk, entitled Likely and Unlikely Progress in Factoring. ThisyeartheprogramcommitteeintroducedtheBestStudentPaperAward. The winner of the prize for the Best Student Paper was Yan-Cheng Chang from Harvard University for his paper Single Database Private Information Retrieval with Logarithmic Communication.

This book constitutes the thoroughly refereed post-proceedings of the 4th International Workshop on Cryptographic Hardware and Embedded Systems, CHES 2002, held in Redwood Shores, California, USA in August 2002. The 41 revised full papers presented together with two invited contributions were carefully selected from 101 submissions during two rounds of reviewing and revision. The papers are organized in topical sections on attack strategies, finite field and modular arithmetic, elliptic curve cryptography, AES and AES candidates, tamper resistance, RSA implementation, random number generation, new primitives, hardware for cryptanalysis.