We are happy to present to you the proceedings of the 2nd International Workshop on Digital Watermarking, IWDW 2003. Since its modern re-appearance in the academic community in the early 1990s, great progress has been made in understanding both the capabilities and the weaknesses of digital watermarking. On the theoretical side, we all are now well aware of the fact that digital waterma- ing is best viewed as a form of communication using side information. In the case of digital watermarking the side information in question is the document to be wat- marked. This insight has led to a better understanding of the limits of the capacity and robustness of digital watermarking algorithms. It has also led to new and improved watermarking algorithms, both in terms of capacity and imperceptibility. Similarly, the role of human perception, and models thereof, has been greatly enhanced in the study and design of digital watermarking algorithms and systems. On the practical side, applications of watermarking are not yet abundant. The original euphoria on the role of digital watermarking in copy protection and copyright prot- tion has not resulted in widespread usage in practical systems. With hindsight, a n- ber of reasons can be given for this lack of practical applications.

This book constitutes the thoroughly refereed post-proceedings of the 6th International Conference on Information Security and Cryptology, ICISC 2003, held in Seoul, Korea, in November 2003.

The 32 revised full papers presented together with an invited paper were carefully selected from 163 submissions during two rounds of reviewing and improvement. The papers are organized in topical sections on digital signatures, primitives, fast implementations, computer security and mobile security, voting and auction protocols, watermarking, authentication and threshold protocols, and block ciphers and stream ciphers.

These are the proceedings of CHES 2004, the 6th Workshop on Cryptographic Hardware and Embedded Systems. For the ?rst time, the CHES Workshop was sponsored by the International Association for Cryptologic Research (IACR). This year, the number of submissions reached a new record. One hundred and twenty-?ve papers were submitted, of which 32 were selected for presen- tion. Each submitted paper was reviewed by at least 3 members of the program committee. We are very grateful to the program committee for their hard and e?cientworkinassemblingtheprogram.Wearealsogratefultothe108external referees who helped in the review process in their area of expertise. In addition to the submitted contributions, the program included three - vited talks, by Neil Gershenfeld (Center for Bits and Atoms, MIT) about "Ph- ical Information Security," by Isaac Chuang (Medialab, MIT) about "Quantum Cryptography," and by Paul Kocher (Cryptography Research) about "Phy- cal Attacks." It also included a rump session, chaired by Christof Paar, which featured informal talks on recent results. Asinthepreviousyears, theworkshopfocusedonallaspectsofcryptographic hardware and embedded system security. We sincerely hope that the CHES Workshop series will remain a premium forum for intellectual exchange in this area.

The4thWorkshoponInformationSecurityApplications(WISA2003)wassp- sored by the following Korean organizations and government bodies: the Korea Institute of Information Security and Cryptology (KIISC), the Electronics and TelecommunicationsResearchInstitute(ETRI), andtheMinistryofInformation and Communication (MIC). The workshop was held in Jeju Island, Korea - ring August 25-27, 2003. This international workshop provided ample technical sessions covering a large spectrum of information security applications. Subjects covered included network/mobile security, electronic commerce security, digital rights management, intrusion detection, secure systems and applications, bio- trics and human interfaces, public key cryptography, and applied cryptography. The program committee received 200 papers from 23 countries (representing most geographic areas where security and applied cryptography research is c- ductedthroughouttheworld).Eachsubmittedpaperwaspeer-reviewedbythree program committee members. This year, we had two tracks: long and short p- sentation tracks. We selected 36 papers for the long presentation track and 34 papers for the short presentation tracks. This volume contains revised versions of papers accepted for the long presentation track. We would like to note that getting accepted to both tracks was an achievement to be proud of, given the competitive nature of WISA this year. Papers in the short presentation track were only published in the WISA preproceedings as preliminary notes; ext- dedversionsofthesenotesmaybepublishedbyfutureconferencesorworkshops

Intended for database administrators, this book shows how to protect an Access database by making changes in the startup options, database options and attributes, menus and toolbars, workgroup security, and the Windows operating system itself. The Australian author discusses the AutoExec macro, data

PET 2003 was the 3rd Workshop on Privacy Enhancing Technologies. It all startedin2000withHannesFederrathorganizing"DesigningPrivacyEnhancing Technologies: Workshop on Design Issues in Anonymity and Unobservability," July 25-26, 2000, held at the Computer Science Institute (ICSI), Berkeley, CA (LNCS 2009). Roger Dingledine, Adam Shostack, and Paul Syverson continued in April 2002 in San Francisco (PET 2002, LNCS 2482). This year was Dresden, and as long as the new PET ?eld prospers, we intend to hold this workshop annually. The workshop focused on the design and realization of anonymity and an- censorship services for the Internet and other communication networks. Besides the excellent technical papers, we had four panels, led by Richard Clayton, - drei Serjantov, Marit Hansen, and Allan Friedman. This year we also extended our work-in-progress talk schedule, allowing 24 people from the audience to - troduce a variety of new technologies and perspectives. An event like PET 2003 cannot happen without the work and dedication of many individuals. First we thank the authors, who wrote and submitted 52 full papers. Next the program committee, who wrote 163 reviews and - lected14papersforpresentationandpublication, withadditionalreviewinghelp from Peter Berlich, Oliver Berthold, Steve Bishop, Jan Camenisch, Sebastian Clauss, Allison Clayton, George Danezis, Christian Friberg, Philippe Golle, Mike Gurski, Guenter Karjoth, Dogan Kesdogan, Stefan Kopsell, ] Thomas Kriegelstein, Heinrich Langos, Nick Mathewson, Richard E. Newman, Richard Owens, David Parkes, Peter Pietzuch, Sandra Steinbrecher, Nathalie Weiler, Matthew Wright, and Sheng Zhong."

TheINDOCRYPTconferenceseriesstartedin2000, andINDOCRYPT2003was the fourth one in this series. This series has been accepted by the international research community as a forum for presenting high-quality crypto research, as is evident from the 101 submissions this year, spread over 21 countries and all ?ve continents. The accepted papers were written by authors from 16 countries, covering four continents. A total of 101 papers were submitted for consideration to the program c- mittee, and after a careful reviewing process 30 were accepted for presentation. One of the conditionally accepted papers was withdrawn by the authors as they found an errorin the paper that could not be repairedin the short time between the noti?cation of the reviewand the ?nalversionsubmission.Thus the ?nal list contains29acceptedpapers.Wewouldliketo thanktheauthorsofallsubmitted papers, including both those that wereaccepted and those which, unfortunately, could not be accommodated. The reviewing process for INDOCRYPT was very stringent and the schedule was extremely tight. The program committee members did an excellent job in reviewing and selecting the papers for presentation. During the review process, theprogramcommitteememberscommunicatedusingareviewsoftwarepackage developed by Bart Preneel, Wim Moreau and Joris Claessens. We acknowledge them for providing this software. These proceedings include the revised versions of the 29 selected papers. Revisions were not checkedby the programcommittee and the authors bear the full responsibility for the contents of the respective papers. Our thanks go to all the program committee members and the external reviewers(alistofthem isincludedintheproceedings)whoputintheirvaluable time and e?ort in providing important feedback to the authors

ICICS 2003, the Fifth International Conference on Information and C- munication Security, was held in Huhehaote city, Inner Mongolia, China, 10 13 October 2003. Among the preceding conferences, ICICS 97 was held in B- jing, China, ICICS 99 in Sydney, Australia, ICICS 2001 in Xi an, China, and ICICS 2002, in Singapore.TheproceedingswerereleasedasVolumes1334,1726, 2229, and 2513 of the LNCS series of Springer-Verlag, respectively. ICICS 2003 was sponsored by the Chinese Academy of Sciences (CAS), the National Natural Science Foundation of China, and the China Computer F- eration. The conference was organized by the Engineering Research Center for Information Security Technology of the Chinese Academy of Sciences (ERCIST, CAS) in co-operation with the International Communications and Information Security Association (ICISA). The aim of the ICICS conferences has been to o?er the attendees the - portunity to discuss the state-of-the-art technology in theoretical and practical aspects of information and communications security. The response to the Call forPaperswassurprising.WhenwewerepreparingtheconferencebetweenApril and May, China, including the conference venue, Huhehaote City, was ?ghting against SARS. Despite this 176 papers were submitted to the conference from 22 countries and regions, and after a competitive selection process, 37 papers from 14 countries and regions were accepted to appear in the proceedings and be presented at ICICS 2003. We would like to take this opportunity to thank all those who submitted papers to ICICS 2003 for their valued contribution to the conference."

The Communications and Multimedia Security conference (CMS 2003) was - ganized in Torino, Italy, on October 2-3, 2003. CMS 2003 was the seventh IFIP working conference on communications and multimedia security since 1995. - search issues and practical experiences were the topics of interest, with a special focus on the security of advanced technologies, such as wireless and multimedia communications. The book "Advanced Communications and Multimedia Security" contains the 21 articles that were selected by the conference program committee for p- sentation at CMS 2003. The articles address new ideas and experimental eval- tion in several ?elds related to communications and multimedia security, such as cryptography, network security, multimedia data protection, application se- rity, trust management and user privacy. We think that they will be of interest not only to the conference attendees but also to the general public of researchers in the security ?eld. We wish to thank all the participants, organizers, and contributors of the CMS 2003 conference for having made it a success. October 2003 Antonio Lioy GeneralChairofCMS2003 Daniele Mazzocchi ProgramChairofCMS2003 VI Organization CMS 2003 was organized by the TORSEC Computer and Network Security Group of the Dipartimento di Automatica ed Informatica at the Politecnico di Torino, in cooperation with the Istituto Superiore Mario Boella.

On behalf of the Program Committee, it is our pleasure to present to you the proceedings of the Sixth Symposium on Recent Advances in Intrusion Detection (RAID 2003). Theprogramcommitteereceived44fullpapersubmissionsfrom10countries. All submissions were carefully reviewed by at least three program committee members or additional intrusion detection experts according to the criteria of scienti?c novelty, importance to the ?eld, and technical quality. The program committee meeting was held in Berkeley, USA on May 14 15. Thirteen papers were selected for presentation and publication in the conference proceedings. The conference technical program included both fundamental research and practical issues, and was shaped around the following topics: network infr- tructure, anomaly detection, correlation, modeling and speci?cation, and sensor technologies. The slides presented by the authors are available on the RAID 2003 web site, http: //www.raid-symposium.org/raid2003. We would like to thank the authors that submitted papers as well as the p- gram committee members and the additional reviewers who volunteered their time to create a quality program. In addition, we want to thank the Conf- ence General Chair, John McHugh, for organizing the conference in Pittsburgh, Joshua Haines for publicizing the conference, Don McGillen for ?nding support from our sponsors, and Christopher Kruegel for maintaining the RAID web site and preparing the conference proceedings. Special thanks go to our sponsors Cisco Systems and Symantec, who p- vided ?nancial support for student participation to the symposium, and to CERT/CMU for hosting the conference."

The 1st International Conference on "Applied Cryptography and Network Se- rity" (ACNS 2003) was sponsored and organized by ICISA (International C- munications and Information Security Association), in cooperation with MiAn Pte. Ltd. and the Kunming government. It was held in Kunming, China in - tober 2003. The conference proceedings was published as Volume 2846 of the Lecture Notes in Computer Science (LNCS) series of Springer-Verlag. The conference received 191 submissions, from 24 countries and regions; 32 of these papers were accepted, representing 15 countries and regions (acceptance rate of 16.75%). In this volume you will ?nd the revised versions of the - cepted papers that were presented at the conference. In addition to the main track of presentations of accepted papers, an additional track was held in the conference where presentations of an industrial and technical nature were given. These presentations were also carefully selected from a large set of presentation proposals. This new international conference series is the result of the vision of Dr. Yongfei Han. The conference concentrates on current developments that advance the - eas of applied cryptography and its application to systems and network security. The goal is to represent both academic research works and developments in - dustrial and technical frontiers. We thank Dr. Han for initiating this conference and for serving as its General Chair.

The 2003 Information Security Conference was the sixth in a series that started with the InformationSecurity Workshopin 1997.A distinct feature of this series is the wide coverage of topics with the aim of encouraging interaction between researchers in di?erent aspects of information security. This trend continued in the program of this year s conference. There were 133 paper submissions to ISC 2003. From these submissions the 31papersintheseproceedingswereselectedbytheprogramcommittee, covering a wide range of technical areas. These papers are supplemented by two invited papers;athirdinvitedtalkwaspresentedattheconferencebutisnotrepresented by a written paper. We would like to extend our sincere thanks to all the authors that submitted papers to ISC 2003, and we hope that those whose papers were declined will be able to ?nd an alternative forum for their work. We are also very grateful to the three eminent invited speakers at the conference: Paul van Oorschot (Carleton University, Canada), Ueli Maurer (ETH Zur ] ich, Switzerland), and Andy Clark (Inforenz Limited, UK). We were fortunate to have an energetic team of experts who took onthe task of the program committee. Their names may be found overleaf, and we thank them warmly for their considerable e?orts. This team was helped by an even larger number of individuals who reviewed papers in their particular areas of expertise. A list of these names is also provided, which we hope is complete."

Crypto 2003, the 23rd Annual Crypto Conference, was sponsored by the Int- national Association for Cryptologic Research (IACR) in cooperation with the IEEE Computer Society Technical Committee on Security and Privacy and the Computer Science Department of the University of California at Santa Barbara. The conference received 169 submissions, of which the program committee selected 34 for presentation. These proceedings contain the revised versions of the 34 submissions that were presented at the conference. These revisions have not been checked for correctness, and the authors bear full responsibility for the contents of their papers. Submissions to the conference represent cutti- edge research in the cryptographic community worldwide and cover all areas of cryptography. Many high-quality works could not be accepted. These works will surely be published elsewhere. The conference program included two invited lectures. Moni Naor spoke on cryptographic assumptions and challenges. Hugo Krawczyk spoke on the 'SI- and-MAc'approachtoauthenticatedDi?e-HellmananditsuseintheIKEpro- cols. The conference program also included the traditional rump session, chaired by Stuart Haber, featuring short, informal talks on late-breaking research news. Assembling the conference program requires the help of many many people. To all those who pitched in, I am forever in your debt. I would like to ?rst thank the many researchers from all over the world who submitted their work to this conference. Without them, Crypto could not exist. I thank Greg Rose, the general chair, for shielding me from innumerable logistical headaches, and showing great generosity in supporting my e?orts.

This volume contains the papers presented at the International Workshop on Mathematical Methods, Models and Architectures for Computer Network Se- rity(MMM-ACNS2003)heldinSt.Petersburg, Russia, duringSeptember21 23, 2003.TheworkshopwasorganizedbytheSt.PetersburgInstituteforInformatics and Automation of the Russian Academy of Sciences (SPIIRAS) in cooperation with the Russian Foundation for Basic Research (RFBR), the US Air Force - search Laboratory/Information Directorate (AFRL/IF) and the Air Force O?ce of Scienti?c Research (AFOSR), the O?ce of Naval Research International Field O?ce (USA), and Binghamton University (SUNY, USA). The ?rst international workshop of this series, MMM-ACNS2001, May 21 23, 2001, St. Petersburg, Russia, hosted by the St. Petersburg Institute for - formatics and Automation, demonstrated the keen interest of the international researchcommunityinthetheoreticalaspectsofcomputernetworkandinfor- tion security and encouraged the establishment of an on-going series of brennial workshops. MMM-ACNS2003 provided an international forum for sharing original - search results and application experiences among specialists in fundamental and applied problems of computer network security. An important distinction of the workshop was its focus on mathematical aspects of information and computer networksecurityandtheroleofmathematicalissuesincontemporaryandfuture development of models of secure computing."

These are the proceedings of CHES 2003, the ?fth workshop on Cryptographic HardwareandEmbeddedSystems, heldinCologneonSeptember8-10,2003.As with every previous workshop, there was a record number of submissions despite themuchearlierdeadlineinthisyear'scallforpapers.Thisisaclearindication of the growing international importance of the scope of the conference and the relevance of the subject material to both industry and academia. The increasing competition for presenting at the conference has led to many excellent papers and a higher standard overall. From the 111 submissions, time constraintsmeantthatonly32couldbeaccepted.Theprogramcommitteewo- ed very hard to select the best. However, at the end of the review process there were a number of good papers - which it would like to have included but for which, sadly, there was insu?cient space. In addition to the accepted papers appearing in this volume, there were three invited presentations from Hans D- bertin (Ruhr-Universit] at Bochum, Germany), Adi Shamir (Weizmann Institute, Israel), and Frank Stajano (University of Cambridge, UK), and a panel d- cussion on the e?ectiveness of current hardware and software countermeasures against side channel leakage in embedded cryptosystems."

The second International Conference on Applied Cryptography and Network Security (ACNS 2004) was sponsored and organized by ICISA (the International Communications and Information Security Association). It was held in Yellow Mountain, China, June 8-11, 2004. The conference proceedings, representing papers from the academic track, are published in this volume of the Lecture Notes in Computer Science (LNCS) of Springer-Verlag. The area of research that ACNS covers has been gaining importance in recent years due to the development of the Internet, which, in turn, implies global exposure of computing resources. Many ?elds of research were covered by the program of this track, presented in this proceedings volume. We feel that the papers herein indeed re?ect the state of the art in security and cryptography research, worldwide. The program committee of the conference received a total of 297 submissions from all over the world, of which 36 submissions were selected for presentation during the academic track. In addition to this track, the conference also hosted a technical/industrial track of presentations that were carefully selected as well. All submissions were reviewed by experts in the relevant areas.

The Cryptographers' Track (CT-RSA) is a research conference within the RSA conference, the largest, regularly staged computer security event. CT-RSA 2004 was the fourth year of the Cryptographers' Track, and it is now an established venue for presenting practical research results related to cryptography and data security. The conference received 77 submissions, and the program committee sel- ted 28 of these for presentation. The program committee worked very hard to evaluate the papers with respect to quality, originality, and relevance to cryp- graphy. Each paper was reviewed by at least three program committee members. Extended abstracts of the revised versions of these papers are in these proc- dings. The program also included two invited lectures by Dan Boneh and Silvio Micali. I am extremely grateful to the program committee members for their en- mous investment of time and e?ort in the di?cult and delicate process of review and selection. Many of them attended the program committee meeting during the Crypto 2003 conference at the University of California, Santa Barbara.

This book constitutes the thoroughly refereed postproceedings of the 10th Annual International Workshop on Selected Areas in Cryptography, SAC 2003, held in Ottawa, Canada, in August 2003.

The 25 revised full papers presented were carefully selected from 85 submissions during two rounds of reviewing and improvement. The papers are organized in topical sections on elliptic and hyperelliptic curves, side channel attacks, security protocols and applications, cryptanalysis, cryptographic primitives, stream ciphers, and efficient implementations.

This book covers a broader scope of Attribute-Based Encryption (ABE), from the background knowledge, to specific constructions, theoretic proofs, and applications. The goal is to provide in-depth knowledge usable for college students and researchers who want to have a comprehensive understanding of ABE schemes and novel ABE-enabled research and applications. The specific focus is to present the development of using new ABE features such as group-based access, ID-based revocation, and attributes management functions such as delegation, federation, and interoperability. These new capabilities can build a new ABE-based Attribute-Based Access Control (ABAC) solution that can incorporate data access policies and control into ciphertext. This book is also ideal for IT companies to provide them with the most recent technologies and research on how to implement data access control models for mobile and data-centric applications, where data access control does not need to rely on a fixed access control infrastructure. It's also of interested to those working in security, to enable them to have the most recent developments in data access control such as ICN and Blockchain technologies. Features Covers cryptographic background knowledge for ABE and ABAC Features various ABE constructions to achieve integrated access control capabilities Offers a comprehensive coverage of ABE-based ABAC Provides ABE applications with real-world examples Advances the ABE research to support new mobile and data-centric applications

The refereed proceedings of the 8th Australasian Conference on Information Security and Privacy, ACISP 2003, held in Wollongong, Australia, in July 2003. The 42 revised full papers presented together with 3 invited contributions were carefully reviewed and selected from 158 submissions. The papers are organized in topical sections on privacy and anonymity, elliptic curve cryptography, cryptanalysis, mobile and network security, digital signatures, cryptosystems, key management, and theory and hash functions.

Preface Formal Aspects of Security (FASec) was held at Royal Holloway, University of London, 18-20 December 2002. The occasion celebrated a Jubilee, namely the 25thanniversaryoftheestablishmentofBCS-FACS, theFormalAspectsofC- puting Science specialist group of the British Computer Society. FASec is one of a series of events organized by BCS-FACS to highlight the use of formal me- ods, emphasize their relevance to modern computing, and promote their wider application. As the architecture model of information systems evolves from - connected PCs, throughintranet (LAN) and internet (WAN), to mobile internet and grids, security becomes increasingly critical to all walks of society: c- merce, ?nance, health, transport, defence and science. It is no surprise therefore that security is one of the fastest-growing research areas in computer science. Theaudience ofFASec includes thosein the formalmethods community who have(orwouldliketodevelop)adeeper interestinsecurity, andthoseinsecurity who would like to understand how formal methods can make important cont- butions to some aspects of security. The scope of FASec is deliberately broad andcoverstopics that rangefrommodelling securityrequirementsthroughsp- i?cation, analysis, and veri?cations of cryptographic protocols to certi?ed code. The discussions at FASec 2002 encompassed many aspects of security: from theoretical foundations through support tools and on to applications. Formal methods has made a substantial contribution to this exciting ?eld in the pa

PKC2004wasthe7thInternationalWorkshoponPracticeandTheoryinPublic Key Cryptography and was sponsored by IACR, the International Association for Cryptologic Research (www. iacr. org). This year the workshop was organized 2 in cooperation with the Institute for Infocomm Research (I R), Singapore. There were 106 paper submissions from 19 countries to PKC 2004. That is the highest submission number in PKC history. Due to the large number of submissionsandthehighqualityofthe submittedpapers, notallthepapersthat contained new ideas were accepted. Of the 106 submissions, 32 were selected for the proceedings. Each paper was sent to at least 3 members of the Program Committee for comments. The revised versions of the accepted papers were not checked for correctness of their scienti?c aspects and the authors bear the full responsibility for the contents of their papers. Some authors will write ?nal versions of their papers for publication in refereed journals. I am very grateful to the members of the Program Committee for their hard work in the di?cult task of selecting fewer than 1 in 3 of the submitted papers, as well as the following external referees who helped the Program Committee: Nuttapong Attrapadung, RobertoMariaAvanzi, GildasAvoine, JoonsangBaek, Qingjun Cai, Jae Choon Cha, Chien-Ning Chen, Liqun Chen, Xiaofeng Chen, Koji Chida, Nicolas T. Courtois, Yang Cui, Jean-Franco, is Dhem, Louis Goubin, Louis Granboulan, Rob Granger, Jens Groth, Yumiko Hanaoka, Darrel Hank- son, Chao-ChihHsu, TetsutaroKobayashi, YuichiKomano, HidenoriKuwakado, TanjaLange, PeterLeadbitter, ByoungcheonLee, Chun-KoLee, HenryC. J. Lee, JohnMaloneLee, YongLi, Beno tLibert, Hsi-ChungLin, YiLu, JeanMonnerat, Anderson C. A. Nas

This book constitutes the refereed proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2003, held in Warsaw, Poland in May 2003. The 37 revised full papers presented together with two invited papers were carefully reviewed and selected from 156 submissions. The papers are organized in topical sections on cryptanalysis, secure multi-party communication, zero-knowledge protocols, foundations and complexity-theoretic security, public key encryption, new primitives, elliptic curve cryptography, digital signatures, information-theoretic cryptography, and group signatures.

Integrity and Internal Control in Information Systems V represents a continuation of the dialogue between researchers, information security specialists, internal control specialists and the business community. The objectives of this dialogue are:
-To present methods and techniques that will help business achieve the desired level of integrity in information systems and data;
-To present the results of research that may be used in the near future to increase the level of integrity or help management maintain the desired level of integrity;
-To investigate the shortcomings in the technologies presently in use, shortcomings that require attention in order to protect the integrity of systems in general.
The book contains a collection of papers from the Fifth International Working Conference on Integrity and Internal Control in Information Systems (IICIS), sponsored by the International Federation for Information Processing (IFIP) and held in Bonn, Germany in November 2002.

This book constitutes the refereed proceedings of the First NSF/NIJ Symposium on Intelligence and Security Informatics, ISI 2003, held in Tucson, AZ, USA in June 2003. The 24 revised full papers and 16 revised short papers presented were carefully reviewed and selected for inclusion in the book. The papers are organized in topical sections on data management and data mining, deception detection, analytical techniques, for crime detection, visualization, knowledge management and adoption, collaborative systems and methodologies, and monitoring and surveillance.