This updated edition will help IT managers and assets protection professionals to assure the protection and availability of vital digital information and related information systems assets. It contains major updates and three new chapters. The book uniquely bridges the gap between information security, information systems security and information warfare. It re-examines why organizations need to take information assurance seriously.

The 7th International Conference on Information Security and Cryptology was organized by the Korea Institute of Information Security and Cryptology (KIISC) and was sponsored by the Ministry of Information and Communi- tion of Korea. The conference received 194 submissions, and the Program Committee - lected 34 of these for presentation. The conference program included two invited lectures.MikeReiterspokeon"Securityby, andfor, ConvergedMobileDevices." And Frank Stajano spoke on "Security for Ubiquitous Computing." We would like to ?rst thank the many researchers from all over the world who subm- ted their work to this conference. An electronic submission process was ava- able. The submission review process had two phases. In the ?rst phase, Program Committeememberscompiledreports(assistedattheirdiscretionbysubreferees of their choice, but without interaction with other Program Committee m- bers) and entered them, via a Web interface, into the Web Review software. We would like to thank the developers, Bart Preneel, Wim Moreau, and Joris Claessens. Without the Web Review system, the whole review process would not have been possible. In the second phase, Program Committee members used the software to browse each other's reports, and discuss and update their own reports.WeareextremelygratefultotheProgramCommittee membersfortheir enormous investment of time, e?ort, and adrenaline in the di?cult and delicate process of review and selection.

The ?rst workshop in this series was held at the International Computer S- ence Institute in Berkeley and was published as LNCS 2009 under the name "Workshop on Design Issues in Anonymity and Unobservability." Subsequent Privacy Enhancing Technologies (PET) workshops met in San Francisco in 2002 (LNCS2482)andDresdenin2003(LNCS2760).Thisvolume, LNCS3424, holds the proceedings from PET 2004 in Toronto. Our 2005 meeting is scheduled for Dubrovnik, and we hope to keep ?nding new and interesting places to visit on both sides of the Atlantic - or beyond. An event like PET 2004 would be impossible without the work and dedi- tion of many people. First and foremost we thank the authors, who wrote and submitted 68 full papers or panel proposals, 21 of which appear herein. The Program Committee produced 163 reviews in total. Along the way, they were assisted in reviewing by Steven Bishop, Rainer Bohme, Sebastian Clauss, Claudia D ?az, Richard E. Newman, Ulrich Flegel, Elke Franz, Stefan Kopsell, Thomas Kriegelstein, Markus Kuhn, Stephen Lewis, Luc Longpre, Steven M- doch, Shishir Nagaraja, Thomas Nowey, Peter Palfrader, Lexi Pimenidis, Klaus Ploessl, Sivaramakrishnan Rajagopalan, Marc Rennhard, Leo Reyzin, Pankaj Rohatgi, Naouel Ben Salem, Sandra Steinbrecher, Mike Szydlo, Shabsi Wal?sh, Jie Wang, Brandon Wiley, and Shouhuai Xu."

This book constitutes the refereed proceedings of the International Workshop on Intelligence and Security Informatics, WISI 2006, held in Singapore in conjunction with the 10th Pacific-Asia Conference on Knowledge Discovery and Data Mining. The 32 papers presented together with the abstract of the keynote talk were carefully reviewed. The papers are organized in sections on Web and text mining for terrorism informatics, cybercrime analysis, network security, and crime data mining.

It is our pleasure to present in this volume the proceedings of the 7th Inter- tional Workshopon InformationHiding (IH 2005), held in Barcelona, Catalonia, Spain, during June 6-8, 2005. The workshop was organized by the Department of Computer Science and Multimedia, Universitat Oberta de Catalunya (UOC). Continuing the tradition of previous workshops, we sought a balanced p- gram, containing talks on various aspects of data hiding, anonymous commu- cation, steganalysis, and watermarking.Although the protection of digital int- lectual property has up to now motivated most of our research, there are many other upcoming ?elds of application. We were delighted to see that this year's workshop presented numerous new and unconventional approaches to infor- tion hiding. The selection of the program was a very challenging task. In total, we - ceived 90 submissions from 21 countries. At this point we want to thank all authors who submitted their latest work to IH 2005-and thus assured that the Information Hiding Workshop continues to be the top forum of our community.

The 5th International Workshop on Information Security Applications (WISA 2004) was held in Jeju Island, Korea during August 23-25, 2004. The workshop was sponsored by the Korea Institute of Information Security and Cryptology (KIISC), the Electronics and Telecommunications Research Institute (ETRI) and the Ministry of Information and Communication (MIC). The aim of the workshop is to serve as a forum for new conceptual and - perimental research results in the area of information security applications from the academic community as well as from the industry. The workshop program covers a wide range of security aspects including cryptography, cryptanalysis, network/system security and implementation aspects. The programcommittee received169 papersfrom 22 countries, andaccepted 37 papers for a full presentation track and 30 papers for a short presentation track. Each paper was carefully evaluated through peer-review by at least three members of the programcommittee. This volume contains revised versions of 36 papers accepted and presented in the full presentation track. Short papers were only published in the WISA 2004 pre-proceedings as preliminary versions and are allowed to be published elsewhere as extended versions. In addition to the contributed papers, Professors Gene Tsudik and Ross Andersongaveinvitedtalks, entitledSecurityinOutsourcedDatabasesandWhat does 'Security' mean for Ubiquitous Applications?, respectively.

This volume contains a selection of refereed papers from participants of the workshop "Construction and Analysis of Safe, Secure and Interoperable Smart Devices" (CASSIS), held from the 10th to the 13th March 2004 in Marseille, France: http: //www-sop.inria.fr/everest/events/cassis04/ The workshop was organized by INRIA (Institut National de Recherche en InformatiqueetenAutomatique), Franceandthe UniversitydelaM editerran ee, Marseille, France. The workshop was attended by nearly 100 participants, who were invited for their contributions to relevant areas of computer science. Theaimoftheworkshopwastobringtogetherexpertsfromthesmartdevices industry and academic researchers, with a view to stimulate research on formal methods and security, and to encourage the smart device industry to adopt innovative solutions drawn from academic research. The next generation of smart devices holds the promise of providing the required infrastructure for the secure provision of multiple and personalized services. In order to deliver their promise, the smart device technology must however pursue the radical evolution that was initiated with the adoption of multi-application smartcards. Typical needs include: - The possibility for smart devices to feature extensible computational infr- tructures that may be enhanced to support increasingly complex appli- tions that may be installed post-issuance, and may require operating system functionalities that were not pre-installed. Such additional ?exibility must however not compromise security. - The possibility for smart devices to achieve a better integration with larger computersystems, throughimprovedconnectivity, genericity, aswellasint- operability."

Ad hoc and sensor networks are making their way from research to real-world deployments. Body and personal-area networks, intelligent homes, environmental monitoring or inter-vehicle communications: there is almost nothing left that is not going to be smart and networked. While a great amount of research has been devoted to the pure networking aspects, ad hoc and sensor networks will not be successfully deployed if security, dependability, and privacy issues are not addressed adequately.

As the first book devoted to the topic, this volume constitutes the thoroughly refereed post-proceedings of the First European Workshop on Security in Ad-hoc and Sensor Networks, ESAS, 2004, held in Heidelberg, Germany in August 2004. The 17 revised full papers were carefully reviewed and selected from 55 submissions. Among the key topics addressed are key distribution and management, authentication, energy-aware cryptographic primitives, anonymity and pseudonymity, secure diffusion, secure peer-to-peer overlays, and RFIDs.

The Seventh International Conference on Information and Communications - curity, ICICS2005, washeldinBeijing, China,10-13December2005. TheICICS conference series is an established forum for exchanging new research ideas and development results in the areas of information security and applied crypt- raphy. The ?rst event began here in Beijing in 1997. Since then the conference series has been interleaving its venues in China and the rest of the world: ICICS 1997 in Beijing, China; ICICS 1999 in Sydney, Australia; ICICS 2001 in Xi'an, China; ICICS 2002 in Singapore; ICICS 2003 in Hohhot City, China; and ICICS 2004 in Malaga, Spain. The conference proceedings of the past events have - ways been published by Springer in the Lecture Notes in Computer Science series, with volume numbers, respectively: LNCS 1334, LNCS 1726, LNCS 2229, LNCS 2513, LNCS 2836, and LNCS 3269. ICICS 2005 was sponsored by the Chinese Academy of Sciences (CAS); the Beijing Natural Science Foundation of China under Grant No. 4052016; the National Natural Science Foundation of China under Grants No. 60083007 and No. 60573042;the NationalGrandFundamentalResearch973ProgramofChina under Grant No. G1999035802, and Hewlett-Packard Laboratories, China. The conference was organized and hosted by the Engineering Research Center for Information Security Technology of the Chinese Academy of Sciences (ERCIST, CAS) in co-operation with the International Communications and Information Security Association (ICISA). The aim of the ICICS conference series has been to o?er the attendees the opportunity to discuss the latest developments in theoretical and practical - pects of information and communications security.

TCC 2005, the 2nd Annual Theory of Cryptography Conference, was held in Cambridge, Massachusetts, onFebruary10-12,2005.Theconferencereceived84 submissions, ofwhichtheprogramcommitteeselected32forpresentation.These proceedings contain the revised versions of the submissions that were presented at the conference. These revisions have not been checked for correctness, and the authors bear full responsibility for the contents of their papers. The conference program also included a panel discussion on the future of theoretical cryptography and its relationship to the real world (whatever that is). It also included the traditional "rump session," featuring short, informal talks on late-breaking research news. Much as hatters of old faced mercury-induced neurological damage as an occupational hazard, computer scientists will on rare occasion be a?icted with egocentrism, probably due to prolonged CRT exposure. Thus, you must view withpityandnotcontemptmyunalloyedelationathavingmynameonthefront cover of this LNCS volume, and my deep-seated conviction that I fully deserve the fame and riches that will surely come of it. However, having in recent years switched over to an LCD monitor, I would like to acknowledge some of the many who contributed to this conference. First thanks are due to the many researchers from all over the world who submitted their work to this conference. Lacking shrimp and chocolate-covered strawberries, TCC has to work hard to be a good conference. As a community, I think we have.

The RSA Conferenceis attended by over10,000securityprofessionalseach year. The Cryptographers' Track (CT-RSA), one of several parallel tracks at the c- ference, provides an excellent opportunity for cryptographers to showcase their research to a wide audience. CT-RSA 2005 was the ?fth year of the Cryptog- phers' Track. The selection process for the CT-RSA program is the same as for other cryptography research conferences. This year, the program committee selected 23 papers from 74submissions (two of whichwerelater withdrawn) that covered all aspects of cryptography. The program also included two invited talks by Cynthia Dwork and Moti Yung. These proceedings contain the revised versions of the selected papers. The revisions were not checked, and so the authors (and not the committee) bear full responsibility for the contents of their papers. I am very grateful to the program committee for their very conscientious e?orts to review each paper fairly and thoroughly. The initial review stage was followed by a tremendous amount of discussion which contributed to our high con?denceinour judgements.Thanks alsoto the manyexternalreviewerswhose names arelisted in the followingpages.My apologiesto thosewhose nameswere inadvertently omitted from this list. Thanks to Eddie Ng for maintaining the submission server and the Web reviewsystem.ThesubmissionsoftwarewaswrittenbyChanathipNamprempre, and the Web review software by Wim Moreau and Joris Claessens. Thanks to AlfredHofmannandhiscolleaguesatSpringerforthetimelyproductionofthese proceedings.Finally, it is my pleasureto acknowledgeAri Juels and MikeSzydlo of RSA Laboratories for their assistance and cooperation during the past seven months.

* Only up to date book for the latest version of .NET * Concentrates on Web services not general .NET security * Describes the key aspects of Windows Operating System security, Internet Information Services security, and ASP.NET Security, laying the foundation for a complete discussion of Web Services security in the .NET Platform. * Shows how to use the WS-Security W3C specifications for industry - standard authentication, encryption, authorization, Xml signature, attachments and routing with Web Services. * Teaches the reader how to use the new WSE (Web Services Software Development Kit) from Microsoft. * Shows how to integrate Web Services security into the applications developers write with specific working code examples and explanations.

The INDOCRYPT series of conferences started in 2000. INDOCRYPT 2004 was the ?fth one in this series. The popularity of this series is increasing every year. The number of papers submitted to INDOCRYPT 2004 was 181, out of which 147 papers conformed to the speci?cations in the call for papers and, therefore, were accepted to the review process. Those 147 submissions were spread over 22 countries. Only 30 papers were accepted to this proceedings. We should note that many of the papers that were not accepted were of good quality but only the top 30 papers were accepted. Each submission received at least three independent - views. The selection process also included a Web-based discussion phase. We made e?orts to compare the submissions with other ongoing conferences around the world in order to ensure detection of double-submissions, which were not - lowed by the call for papers. We wish to acknowledge the use of the Web-based review software developed by Bart Preneel, Wim Moreau, and Joris Claessens in conducting the review process electronically. The software greatly facilitated the Program Committee in completing the review process on time. We would like to thank C edric Lauradoux and the team at INRIA for their total support in c- ?guring and managing the Web-based submission and review softwares. We are unable to imagine the outcome of the review process without their participation. This year the invited talks were presented by Prof. Colin Boyd and Prof."

This volume contains the proceedings of the 6th International Conference on Infor- tionandCommunicationsSecurity(ICICS2004),Torremolinos(Malaga), ' Spain,27-29 October 2004. The ?ve previous conferences were held in Beijing, Sydney, Xian, S- gapore and Huhehaote City, where we had an enthusiastic and well-attended event. The proceedings were released as volumes 1334, 1726, 2229, 2513 and 2836 of the LNCS series of Springer, respectively. During these last years the conference has placed equal emphasis on the theoretical and practical aspects of information and communications security and has established itself as a forum at which academic and industrial people meet and discuss emerging security challenges and solutions. We hope to uphold this tradition by offering you yet another successful meeting with a rich and interesting program. The responseto the Call for Paperswas overwhelming,245 papersubmissionswere received. Therefore, the paper selection process was very competitive and dif?cult - only 42 papers were accepted. The success of the conference depends on the quality of the program. Thus, we are indebted to our Program Committee members and the ext- nal refereesfor the great job they did. These proceedingscontainrevised versionsof the accepted papers.Revisions were not checked and the authorsbear full responsibilityfor the content of their papers.

The 2004 Information Security Conference was the seventh in a series that started with the Information Security Workshop in 1997. A distinct feature of this series is the wide coverage of topics with the aim of encouraging interaction between researchers in di?erent aspects of information security. This trend c- tinuedintheprogramofthisyear sconference.Theprogramcommitteereceived 106 submissions, from which 36 were selected for presentation. Each submission was reviewed by at least three experts in the relevant research area. We would liketothankalltheauthorsfortakingtheirtimetopreparethesubmissions, and wehopethatthosewhosepapersweredeclinedwillbeableto?ndanalternative forum for their work. We were fortunate to have an energetic team of experts who took on the task of the program committee. Their names may be found overleaf, and we thank them warmly for their time and e?orts. This team was helped by an even larger number of external reviewers who reviewed papers in their particular areas of expertise. A list of these names is also provided, which we hope is complete. We would also like to thank the advisory committee for their advice and s- port.TheexcellentlocalarrangementswerehandledbyDirkBalfanzandJessica Staddon. We made use of the electronic submission and reviewing software s- plied by COSIC at the Katholieke Universiteit Leuven. Both the software and the ISC 2004 website were run on a server at UNC Charlotte, and were perfectly maintained by Seung-Hyun Im. We also appreciate assistance from Lawrence Teo in editing the proceedings."

In this new reference, Greene addresses the long-neglected security needs of users in the home, company workstation and SOHO (Small Office/Home Office) categories, emphasizing client-side security, user privacy, Internet privacy and data hygiene.

On behalf of the Program Committee, it is our pleasure to present to you the proceedings of the 7th Symposium on Recent Advances in Intrusion Detection (RAID 2004), which took place in Sophia-Antipolis, French Riviera, France, September 15-17, 2004. The symposium brought together leading researchers and practitioners from academia, government and industry to discuss intrusion detection from research as well as commercial perspectives. We also encouraged discussions that - dressed issues that arise when studying intrusion detection, including infor- tion gathering and monitoring, from a wider perspective. Thus, we had sessions on detection of worms and viruses, attack analysis, and practical experience reports. The RAID 2004 Program Committee received 118 paper submissions from all over the world. All submissions were carefully reviewed by several members of the Program Committee and selection was made on the basis of scienti?c novelty, importance to the ?eld, and technical quality. Final selection took place at a meeting held May 24 in Paris, France. Fourteen papers and two practical experience reports were selected for presentation and publication in the conf- ence proceedings. In addition, a number of papers describing work in progress were selected for presentation at the symposium. The keynote addresswas given by Bruce Schneier of Counterpane Systems. H? akan Kvarnstrom ] of TeliaSonera gave an invited talk on the topic "Fighting Fraud in Telecom Environments. " A successful symposium is the result of the joint e?ort of many people."

ForewordfromtheProgramChairs These proceedings contain the papers selected for presentation at the 9th - ropean Symposium on Research in Computer Security (ESORICS), held during September 13 15, 2004 in Sophia Antipolis, France. In response to the call for papers 159 papers were submitted to the conference. These papers were evaluated on the basis of their signi?cance, novelty, and te- nicalquality. Eachpaper wasreviewedby at leastthree members of the program committee. The program committee meeting was held electronically; there was an intensive discussion over a period of two weeks. Of the papers submitted, 27 were selected for presentation at the conference, giving an acceptance rate lower than 17%. The conference program also included an invited talk. A workshop like this does not just happen; it depends on the volunteer e?orts of ahostofindividuals. Thereisalonglistofpeoplewhovolunteeredtheirtimeand energy to put together the workshopand who deserve special thanks. Thanks to all the members of the program committee, and the external reviewers, for all their hardwork in the paper evaluation. Due to the large number of submissions the program committee members were really required to work hard in a short time frame, and we are very thankful to them for the commitment they showed with their active participation in the electronic discussion."

Crypto 2004, the 24th Annual Crypto Conference, was sponsored by the Int- national Association for Cryptologic Research (IACR) in cooperation with the IEEE Computer Society Technical Committee on Security and Privacy and the Computer Science Department of the University of California at Santa Barbara. The program committee accepted 33 papers for presentation at the conf- ence. These were selected from a total of 211 submissions. Each paper received at least three independent reviews. The selection process included a Web-based discussion phase, and a one-day program committee meeting at New York U- versity. These proceedings include updated versions of the 33 accepted papers. The authors had a few weeks to revise them, aided by comments from the reviewers. However, the revisions were not subjected to any editorial review. Theconferenceprogramincludedtwoinvitedlectures.VictorShoup'sinvited talk was a survey on chosen ciphertext security in public-key encryption. Susan Landau's invited talk was entitled "Security, Liberty, and Electronic Commu- cations." Her extended abstract is included in these proceedings. We continued the tradition of a Rump Session, chaired by Stuart Haber. Those presentations (always short, often serious) are not included here.

2.1 Di?erential Power Analysis Di?erential Power Analysis (DPA) was introduced by Kocher, Ja?e and Jun in 1998 [13] and published in 1999 [14]. The basic idea is to make use of potential correlations between the data handled by the micro-controller and the electric consumption measured values. Since these correlations are often very low, s- tistical methods must be applied to deduce su?cient information from them. Theprinciple ofDPAattacksconsistsincomparingconsumptionvalues m- suredonthe real physical device (for instance a GSM chip or a smart card)with values computed in an hypothetical model of this device (the hypotheses being made among others on the nature of the implementation, and chie?y on a part of the secret key). By comparing these two sets of values, the attacker tries to recover all or part of the secret key. The initial target of DPA attacks was limited to symmetric algorithms. V- nerability of DES - ?rst shown by Kocher, Ja?e and Jun [13, 14]-wasfurther studied by Goubin and Patarin [11, 12], Messerges, Dabbish, Sloan [16]and Akkar, B' evan, Dischamp, Moyart [2]. Applications of these attacks were also largely taken into account during the AES selection process, notably by Biham, Shamir [4], Chari, Jutla, Rao, Rohatgi [5] and Daemen, Rijmen [8].

This book constitutes the refereed proceedings of the First European Public Key Infrastructure Workshop: Research and Applications, EuroPKI 2004, held on Samos Island, Greece in June 2004.

The 25 revised full papers and 5 revised short papers presented were carefully reviewed and selected from 73 submissions. The papers address all current issues in PKI, ranging from theoretical and foundational topics to applications and regulatory issues in various contexts.

The 9th Australasian Conference on Information Security and Privacy (ACISP 2004) was held in Sydney, 13-15 July, 2004. The conference was sponsored by the Centre for Advanced Computing - Algorithms and Cryptography (ACAC), Information and Networked Security Systems Research (INSS), Macquarie U- versity and the Australian Computer Society. Theaimsoftheconferencearetobringtogetherresearchersandpractitioners working in areas of information security and privacy from universities, industry and government sectors. The conference program covered a range of aspects including cryptography, cryptanalysis, systems and network security. The program committee accepted 41 papers from 195 submissions. The - viewing process took six weeks and each paper was carefully evaluated by at least three members of the program committee. We appreciate the hard work of the members of the program committee and external referees who gave many hours of their valuable time. Of the accepted papers, there were nine from Korea, six from Australia, ?ve each from Japan and the USA, three each from China and Singapore, two each from Canada and Switzerland, and one each from Belgium, France, Germany, Taiwan, The Netherlands and the UK. All the authors, whether or not their papers were accepted, made valued contributions to the conference. In addition to the contributed papers, Dr Arjen Lenstra gave an invited talk, entitled Likely and Unlikely Progress in Factoring. ThisyeartheprogramcommitteeintroducedtheBestStudentPaperAward. The winner of the prize for the Best Student Paper was Yan-Cheng Chang from Harvard University for his paper Single Database Private Information Retrieval with Logarithmic Communication.

Privacy in statistical databases is about ?nding tradeo?s to the tension between the increasing societal and economical demand for accurate information and the legal and ethical obligation to protect the privacy of individuals and enterprises, which are the source of the statistical data. Statistical agencies cannot expect to collect accurate information from individual or corporate respondents unless these feel the privacy of their responses is guaranteed; also, recent surveys of Web users show that a majority of these are unwilling to provide data to a Web site unless they know that privacy protection measures are in place. "Privacy in Statistical Databases2004" (PSD2004) was the ?nal conference of the CASC project ("Computational Aspects of Statistical Con?dentiality", IST-2000-25069). PSD2004 is in the style of the following conferences: "Stat- tical Data Protection", held in Lisbon in 1998 and with proceedings published by the O?ce of O?cial Publications of the EC, and also the AMRADS project SDC Workshop, held in Luxemburg in 2001 and with proceedings published by Springer-Verlag, as LNCS Vol. 2316. The Program Committee accepted 29 papers out of 44 submissions from 15 di?erentcountriesonfourcontinents.Eachsubmittedpaperreceivedatleasttwo reviews. These proceedings contain the revised versions of the accepted papers. These papers cover the foundations and methods of tabular data protection, masking methods for the protection of individual data (microdata), synthetic data generation, disclosure risk analysis, and software/case studies.

The 4th International Conference on Security in Communication Networks 2004 (SCN2004)washeldatthe DioceseHall oftheArchdioceseofAmal?-Cavade Tirreni and the Armorial Bearings Hall of the Archbishop Palace in Amal?, Italy, on September 8 10, 2004. Previous conferences also took place in Amal? in 1996, 1999 and 2002. The conference aimed at bringing together researchers in the ?elds of cr- tography and security in communication networks to foster cooperation and the exchange of ideas. The main topics included all technical aspects of data security, including: anonymity, authentication, blockciphers, complexity-basedcryptography, cry- analysis, digital signatures, distributed cryptography, hash functions, identi?- tion, implementations, keydistribution, privacy, publickeyencryption, threshold cryptography, and zero knowledge. The Program Committee, consisting of 21 members, considered 79 papers and selected 26 for presentation; one of them was withdrawn by the authors. These papers were selected on the basis of originality, quality and relevance to cryptography and security in communication networks. Due to the high number of submissions, paper selection was a di?cult and challenging task, and many good submissions had to be rejected. Each subm- sion was refereed by at least three reviewers and some had four reports or more. We are very grateful to all the program committee members, who devoted much e?ort and valuable time to read and select the papers. In addition, we gratefully acknowledge the help of colleagues who reviewed submissions in their areas of expertise. They are all listed on page VII and we apologize for any inadvertent omissions. These proceedings include the revised versions of the 26 accepted papers andtheabstractoftheinvitedtalkbyBartPreneel(ECRYPT: theCryptographic Research Challenges for the Next Decade)."

SAC 2004 was the eleventh in a series of annual workshops on Selected Areas in Cryptography. This was the second time that the workshop was hosted by the University of Waterloo, Ontario, with previous workshops being held at Queen'sUniversityinKingston(1994,1996,1998and1999), CarletonUniversity in Ottawa (1995, 1997 and 2003), the Fields Institute in Toronto (2001) and Memorial University of Newfoundland in St. John's (2002). The primary intent of the workshop was to provide a relaxed atmosphere in which researchers in cryptography could present and discuss new work on selected areas of current interest. This year's themes for SAC were: - Design and analysis of symmetric key cryptosystems. - Primitives for symmetric key cryptography, including block and stream - phers, hash functions, and MAC algorithms. - E?cient implementation of cryptographic systems in public and symmetric key cryptography. - Cryptographic solutions for mobile (web) services. A record of 117 papers were submitted for consideration by the program committee. After an extensive review process, 25 papers were accepted for p- sentation at the workshop (two of these papers were merged). Unfortunately, many good papers could not be accommodated this year. These proceedings contain the revised versions of the 24 accepted papers. The revised versions were not subsequently checked for correctness. Also, we were very fortunate to have two invited speakers at SAC 2004. Eli Biham arranged for some breaking news in his talk on "New Results on SHA-0 and SHA-1." This talk was designated as the Sta?ord Tavares L- ture."