On behalf of the Program Committee, it is our pleasure to present to you the proceedings of the Sixth Symposium on Recent Advances in Intrusion Detection (RAID 2003). Theprogramcommitteereceived44fullpapersubmissionsfrom10countries. All submissions were carefully reviewed by at least three program committee members or additional intrusion detection experts according to the criteria of scienti?c novelty, importance to the ?eld, and technical quality. The program committee meeting was held in Berkeley, USA on May 14 15. Thirteen papers were selected for presentation and publication in the conference proceedings. The conference technical program included both fundamental research and practical issues, and was shaped around the following topics: network infr- tructure, anomaly detection, correlation, modeling and speci?cation, and sensor technologies. The slides presented by the authors are available on the RAID 2003 web site, http: //www.raid-symposium.org/raid2003. We would like to thank the authors that submitted papers as well as the p- gram committee members and the additional reviewers who volunteered their time to create a quality program. In addition, we want to thank the Conf- ence General Chair, John McHugh, for organizing the conference in Pittsburgh, Joshua Haines for publicizing the conference, Don McGillen for ?nding support from our sponsors, and Christopher Kruegel for maintaining the RAID web site and preparing the conference proceedings. Special thanks go to our sponsors Cisco Systems and Symantec, who p- vided ?nancial support for student participation to the symposium, and to CERT/CMU for hosting the conference."

These are the proceedings of CHES 2003, the ?fth workshop on Cryptographic HardwareandEmbeddedSystems, heldinCologneonSeptember8-10,2003.As with every previous workshop, there was a record number of submissions despite themuchearlierdeadlineinthisyear'scallforpapers.Thisisaclearindication of the growing international importance of the scope of the conference and the relevance of the subject material to both industry and academia. The increasing competition for presenting at the conference has led to many excellent papers and a higher standard overall. From the 111 submissions, time constraintsmeantthatonly32couldbeaccepted.Theprogramcommitteewo- ed very hard to select the best. However, at the end of the review process there were a number of good papers - which it would like to have included but for which, sadly, there was insu?cient space. In addition to the accepted papers appearing in this volume, there were three invited presentations from Hans D- bertin (Ruhr-Universit] at Bochum, Germany), Adi Shamir (Weizmann Institute, Israel), and Frank Stajano (University of Cambridge, UK), and a panel d- cussion on the e?ectiveness of current hardware and software countermeasures against side channel leakage in embedded cryptosystems."

The 1st International Conference on "Applied Cryptography and Network Se- rity" (ACNS 2003) was sponsored and organized by ICISA (International C- munications and Information Security Association), in cooperation with MiAn Pte. Ltd. and the Kunming government. It was held in Kunming, China in - tober 2003. The conference proceedings was published as Volume 2846 of the Lecture Notes in Computer Science (LNCS) series of Springer-Verlag. The conference received 191 submissions, from 24 countries and regions; 32 of these papers were accepted, representing 15 countries and regions (acceptance rate of 16.75%). In this volume you will ?nd the revised versions of the - cepted papers that were presented at the conference. In addition to the main track of presentations of accepted papers, an additional track was held in the conference where presentations of an industrial and technical nature were given. These presentations were also carefully selected from a large set of presentation proposals. This new international conference series is the result of the vision of Dr. Yongfei Han. The conference concentrates on current developments that advance the - eas of applied cryptography and its application to systems and network security. The goal is to represent both academic research works and developments in - dustrial and technical frontiers. We thank Dr. Han for initiating this conference and for serving as its General Chair.

The 2003 Information Security Conference was the sixth in a series that started with the InformationSecurity Workshopin 1997.A distinct feature of this series is the wide coverage of topics with the aim of encouraging interaction between researchers in di?erent aspects of information security. This trend continued in the program of this year s conference. There were 133 paper submissions to ISC 2003. From these submissions the 31papersintheseproceedingswereselectedbytheprogramcommittee, covering a wide range of technical areas. These papers are supplemented by two invited papers;athirdinvitedtalkwaspresentedattheconferencebutisnotrepresented by a written paper. We would like to extend our sincere thanks to all the authors that submitted papers to ISC 2003, and we hope that those whose papers were declined will be able to ?nd an alternative forum for their work. We are also very grateful to the three eminent invited speakers at the conference: Paul van Oorschot (Carleton University, Canada), Ueli Maurer (ETH Zur ] ich, Switzerland), and Andy Clark (Inforenz Limited, UK). We were fortunate to have an energetic team of experts who took onthe task of the program committee. Their names may be found overleaf, and we thank them warmly for their considerable e?orts. This team was helped by an even larger number of individuals who reviewed papers in their particular areas of expertise. A list of these names is also provided, which we hope is complete."

The second International Conference on Applied Cryptography and Network Security (ACNS 2004) was sponsored and organized by ICISA (the International Communications and Information Security Association). It was held in Yellow Mountain, China, June 8-11, 2004. The conference proceedings, representing papers from the academic track, are published in this volume of the Lecture Notes in Computer Science (LNCS) of Springer-Verlag. The area of research that ACNS covers has been gaining importance in recent years due to the development of the Internet, which, in turn, implies global exposure of computing resources. Many ?elds of research were covered by the program of this track, presented in this proceedings volume. We feel that the papers herein indeed re?ect the state of the art in security and cryptography research, worldwide. The program committee of the conference received a total of 297 submissions from all over the world, of which 36 submissions were selected for presentation during the academic track. In addition to this track, the conference also hosted a technical/industrial track of presentations that were carefully selected as well. All submissions were reviewed by experts in the relevant areas.

Information Security Architecture, Second Edition incorporates the knowledge developed during the past decade that has pushed the information security life cycle from infancy to a more mature, understandable, and manageable state. It simplifies security by providing clear and organized methods and by guiding you to the most effective resources available. In addition to the components of a successful Information Security Architecture (ISA) detailed in the previous edition, this volume also discusses computer incident/emergency response. The book describes in detail every one of the eight ISA components. Each chapter provides an understanding of the component and details how it relates to the other components of the architecture. The text also outlines how to establish an effective plan to implement each piece of the ISA within an organization. The second edition has been modified to provide security novices with a primer on general security methods. It has also been expanded to provide veteran security professionals with an understanding of issues related to recent legislation, information assurance, and the latest technologies, vulnerabilities, and responses.

Like any new frontier, cyberspace offers both exhilarating possibilities and unforeseen hazards. As personal information about us travels the globe on high-speed networks, often with neither our knowledge nor our consent, a solid understanding of privacy and security issues is vital to the preservation of our rights and civil liberties. In reaping the benefits of the information age while safeguarding ourselves from its perils, the choices we make and the precedents we establish today will be central in defining the future of the electronic frontier.

Since 1991, the non-profit Electronic Frontier Foundation (EFF) has worked to protect freedoms and advocate responsibility in new media and the online world. In Protecting Yourself Online,  Robert Gelman has drawn on the collective insight and experience of EFF to present a comprehensive guide to self-protection in the electronic frontier. In accessible, clear-headed language, Protecting Yourself Online  addresses such issues as:

• avoiding spam [junk mail]
• spotting online scams and hoaxes
• protecting yourself from identity theft and fraud
• guarding your email privacy [and knowing when you can't]
• assessing the danger of viruses
• keeping the net free of censorship and safe for your children
• protecting your intellectual property

Produced by the leading civil libertarians of the digital age, and including a foreword by one of the most respected leaders in global business and the cyberworld, Esther Dyson, Protecting Yourself Online is an essential resource for new media newcomers and old Internet hands alike.

This book constitutes the thoroughly refereed postproceedings of the 10th Annual International Workshop on Selected Areas in Cryptography, SAC 2003, held in Ottawa, Canada, in August 2003.

The 25 revised full papers presented were carefully selected from 85 submissions during two rounds of reviewing and improvement. The papers are organized in topical sections on elliptic and hyperelliptic curves, side channel attacks, security protocols and applications, cryptanalysis, cryptographic primitives, stream ciphers, and efficient implementations.

The refereed proceedings of the 8th Australasian Conference on Information Security and Privacy, ACISP 2003, held in Wollongong, Australia, in July 2003. The 42 revised full papers presented together with 3 invited contributions were carefully reviewed and selected from 158 submissions. The papers are organized in topical sections on privacy and anonymity, elliptic curve cryptography, cryptanalysis, mobile and network security, digital signatures, cryptosystems, key management, and theory and hash functions.

Integrity and Internal Control in Information Systems V represents a continuation of the dialogue between researchers, information security specialists, internal control specialists and the business community. The objectives of this dialogue are:
-To present methods and techniques that will help business achieve the desired level of integrity in information systems and data;
-To present the results of research that may be used in the near future to increase the level of integrity or help management maintain the desired level of integrity;
-To investigate the shortcomings in the technologies presently in use, shortcomings that require attention in order to protect the integrity of systems in general.
The book contains a collection of papers from the Fifth International Working Conference on Integrity and Internal Control in Information Systems (IICIS), sponsored by the International Federation for Information Processing (IFIP) and held in Bonn, Germany in November 2002.

This book constitutes the refereed proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2003, held in Warsaw, Poland in May 2003. The 37 revised full papers presented together with two invited papers were carefully reviewed and selected from 156 submissions. The papers are organized in topical sections on cryptanalysis, secure multi-party communication, zero-knowledge protocols, foundations and complexity-theoretic security, public key encryption, new primitives, elliptic curve cryptography, digital signatures, information-theoretic cryptography, and group signatures.

This book constitutes the thoroughly refereed post-proceedings of the First International Workshop on Digital Watermarking, IWDW 2002, held in Seoul, Korea in November 2002. The 19 revised full papers presented together with two invited papers were carefully selected during two rounds of reviewing and improvement from 64 submissions. The papers are organized in topical sections on fundamentals, new algorithms, watermarking unusual content, fragile watermarking, robust watermarking, and adaptive watermarking.

This book constitutes the thoroughly refereed post-proceedings of the 6th International Conference on Financial Cryptography, FC 2002, held in Southampton, Bermuda, in March 2002. The 19 revised full papers presented were carefully selected during two rounds of reviewing and improvement. The papers are organized in topical sections on voting and recommending, auctions, cryptography, digital signature schemes, thresholds and secret sharing, and anonymity and digital payment systems.

Preface Formal Aspects of Security (FASec) was held at Royal Holloway, University of London, 18-20 December 2002. The occasion celebrated a Jubilee, namely the 25thanniversaryoftheestablishmentofBCS-FACS, theFormalAspectsofC- puting Science specialist group of the British Computer Society. FASec is one of a series of events organized by BCS-FACS to highlight the use of formal me- ods, emphasize their relevance to modern computing, and promote their wider application. As the architecture model of information systems evolves from - connected PCs, throughintranet (LAN) and internet (WAN), to mobile internet and grids, security becomes increasingly critical to all walks of society: c- merce, ?nance, health, transport, defence and science. It is no surprise therefore that security is one of the fastest-growing research areas in computer science. Theaudience ofFASec includes thosein the formalmethods community who have(orwouldliketodevelop)adeeper interestinsecurity, andthoseinsecurity who would like to understand how formal methods can make important cont- butions to some aspects of security. The scope of FASec is deliberately broad andcoverstopics that rangefrommodelling securityrequirementsthroughsp- i?cation, analysis, and veri?cations of cryptographic protocols to certi?ed code. The discussions at FASec 2002 encompassed many aspects of security: from theoretical foundations through support tools and on to applications. Formal methods has made a substantial contribution to this exciting ?eld in the pa

This book constitutes the refereed proceedings of the Cryptographers' Track at the RSA Conference 2003, CT-RSA 2003, held in San Francisco, CA, USA, in April 2003. The 26 revised full papers presented together with abstracts of 2 invited talks were carefully reviewed and selected from 97 submissions. The papers are organized in topical sections on key self-protection, message authentication, digital signatures, pairing based cryptography, multivariate and lattice problems, cryptographic architectures, new RSA-based cryptosystems, chosen-ciphertext security, broadcast encryption and PRF sharing, authentication structures, elliptic curves and pairings, threshold cryptography, and implementation issues.

This book constitutes the thoroughly refereed post-proceedings of the 4th International Workshop on Cryptographic Hardware and Embedded Systems, CHES 2002, held in Redwood Shores, California, USA in August 2002. The 41 revised full papers presented together with two invited contributions were carefully selected from 101 submissions during two rounds of reviewing and revision. The papers are organized in topical sections on attack strategies, finite field and modular arithmetic, elliptic curve cryptography, AES and AES candidates, tamper resistance, RSA implementation, random number generation, new primitives, hardware for cryptanalysis.

The ninth in the series of IMA Conferences on Cryptography and Coding was held (as ever) at the Royal Agricultural College, Cirencester, from 16-18 Dec- ber 2003. The conference's varied programme of 4 invited and 25 contributed papers is represented in this volume. The contributed papers were selected from the 49 submissions using a - reful refereeing process. The contributed and invited papers are grouped into 5 topics: coding and applications; applications of coding in cryptography; cryp- graphy; cryptanalysis; and network security and protocols. These topic headings represent the breadth of activity in the areas of coding, cryptography and c- munications, and the rich interplay between these areas. Assemblingtheconferenceprogrammeandthisproceedingsrequiredthehelp of many individuals. I would like to record my appreciation of them here. Firstly, I would like to thank the programme committee who aided me - mensely by evaluating the submissions, providing detailed written feedback for the authors of many of the papers, and advising me at many critical points - ring the process. Their help and cooperation was essential, especially in view of the short amount of time available to conduct the reviewing task. The c- mittee this year consisted of Mike Darnell, Mick Ganley, Bahram Honary, Chris Mitchell, Matthew Parker, Nigel Smart and Mike Walker.

Fast Software Encryption is now a 10-year-old workshop on symmetric crypt- raphy, including the design and cryptanalysis of block and stream ciphers, as well as hash functions. The ?rst FSE workshop was held in Cambridge in 1993, followed by Leuven in 1994, Cambridge in 1996, Haifa in 1997, Paris in 1998, Rome in 1999, New York in 2000, Yokohama in 2001, and Leuven in 2002. This Fast Software Encryption workshop, FSE 2003, was held February 24- 26, 2003 in Lund, Sweden. The workshop was sponsored by IACR (International Association for Cryptologic Research) and organized by the General Chair, Ben Smeets, in cooperation with the Department of Information Technology, Lund University. Thisyearatotalof71papersweresubmittedtoFSE2003.Afteratwo-month reviewing process, 27 papers were accepted for presentation at the workshop. In addition, we were fortunate to have in the program an invited talk by James L. Massey. The selection of papers was di?cult and challenging work. Each submission was refereed by at least three reviewers. I would like to thank the program c- mittee members, who all did an excellent job. In addition, I gratefully ackno- edge the help of a number of colleagues who provided reviews for the program committee. They are: Kazumaro Aoki, Alex Biryukov, Christophe De Canni' ere, Nicolas Courtois, Jean-Charles Faug' ere, Rob Johnson, Pascal Junod, Joseph Lano, Marine Minier, Elisabeth Oswald, H? avard Raddum, and Markku-Juhani O. Saarinen.

ESORICS, the European Symposium On Research In Computer Security, is the leading research-oriented conference on the theory and practice of computer - curity in Europe. The aim of ESORICS is to further the progress of research in computer security by establishing a European forum for bringing together - searchersinthisarea, bypromotingtheexchangeofideaswithsystemdevelopers and by encouraging links with researchers in related areas. ESORICS is coordinated by an independent steering committee. In the past it took place every two years at various locations throughout Europe. Starting this year, it will take place annually. ESORICS 2003 was organized by Gjovik University College, and took place in Gjovik, Norway, October 13-15, 2003. The program committee received 114 submissions, originating from 26 co- tries on all continents. Half the papers originated in Europe (57). The most dominant countries were: UK (16), USA (14), Germany (6), South Korea (6), Sweden (6), Italy (5), France (4) and Poland (4). Each submission was reviewed by at least three program committee members or other experts. The program committee chair and co-chair were not allowed to submit papers. The ?nal sel- tion of papers was made at a program committee meeting followed by a week of e-mail discussions. Out of the 114 papers received, only 19 got accepted (17%). In comparison, ESORICS 2000and 2002received 75and 83papersand accepted 19% and 16%, respectively. The program re?ected the full range of security research, including access control, cryptographic protocols, privacy enhancing technologies, security m- els, authentication, and intrusion detection."

This book constitutes the refereed proceedings of the 4th International Conference on Information and Communication Security, ICICS 2002, held in Singapore in December 2002. The 41 revised full papers presented were carefully reviewed and selected from a total of 161 submissions. The papers are organized in topical sections on system security, crypto systems, security protocols, fingerprinting and watermarking, efficient implementation of algorithms, access control, and cryptanalysis and cryptographic techniques.

This volume contains the papers presented at the International Workshop on Mathematical Methods, Models and Architectures for Computer Network Se- rity(MMM-ACNS2003)heldinSt.Petersburg, Russia, duringSeptember21 23, 2003.TheworkshopwasorganizedbytheSt.PetersburgInstituteforInformatics and Automation of the Russian Academy of Sciences (SPIIRAS) in cooperation with the Russian Foundation for Basic Research (RFBR), the US Air Force - search Laboratory/Information Directorate (AFRL/IF) and the Air Force O?ce of Scienti?c Research (AFOSR), the O?ce of Naval Research International Field O?ce (USA), and Binghamton University (SUNY, USA). The ?rst international workshop of this series, MMM-ACNS2001, May 21 23, 2001, St. Petersburg, Russia, hosted by the St. Petersburg Institute for - formatics and Automation, demonstrated the keen interest of the international researchcommunityinthetheoreticalaspectsofcomputernetworkandinfor- tion security and encouraged the establishment of an on-going series of brennial workshops. MMM-ACNS2003 provided an international forum for sharing original - search results and application experiences among specialists in fundamental and applied problems of computer network security. An important distinction of the workshop was its focus on mathematical aspects of information and computer networksecurityandtheroleofmathematicalissuesincontemporaryandfuture development of models of secure computing."

This book constitutes the refereed proceedings of the Third International Conference on Cryptology in India, INDOCRYPT 2002, held in Hyderabad, India in December 2002.The 31 revised full papers presented together with 2 invited papers were carefully reviewed and selected from 75 submissions. The papers are organized in topical sections on symmetric cyphers, new public-key schemes, foundations, public-key infrastructures, fingerprinting and watermarking, public-key protocols, Boolean functions, efficient and secure implementations, applications, anonymity, and secret sharing and oblivious transfer.  

This book constitutes the refereed proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2002, held in Singapore, in December 2002.The 34 revised full papers presented together with two invited contributions were carefully reviewed and selected from 173 submissions on the basis of 875 review reports. The papers are organized in topical sections on public key cryptography, authentication, theory, block ciphers, distributed cryptography, cryptanalysis, public key cryptanalysis, secret sharing, digital signatures, applications, Boolean functions, key management, and ID-based cryptography.

This book constitutes the refereed proceedings of the 7th European Symposium on Research in Computer Security, ESORICS 2002, held in Zurich, Switzerland, in October 2002.The 16 revised full papers presented were carefully reviewed and selected for inclusion in the proceedings. Among the topics addressed are confidentiality, probabilistic non-inference, auctions, inference control, authentication, attacks on cryptographic hardware, privacy protection, model checking protocols, mobile code, formal security analysis, access control, and fingerprints and intrusion detection.

The thoroughly refereed post-proceedings of the Second International Workshop on Digital Rights Management, DRM 2002, held in Washington, DC, USA, in November 2002, in conjunction with ACM CCS-9. The 13 revised full papers presented were carefully reviewed and selected for inclusion in the book. Among the topics addressed are DES implementation for DRM applications, cryptographic attacks, industrial challenges, public key broadcast encryption, fingerprinting, copy-prevention techniques, copyright limitations, content protection, watermarking systems, and theft-protected proprietary certificates.