Digital Rights Management (DRM) is a topic of interest to a wide range of people from various backgrounds: engineers and technicians, legal academics and lawyers, economists and business practitioners. The two conferences on the issue held in 2000 and 2002 in Berlin, Germany, brought these people together for fruitful discussions. This book continues this process by providing insights into the three main areas that DRM in?uences and that DRM is influenced by: technology, economics, and law and politics. Looking at the first results of the two conferences we would like to emphasize three aspects. Firstly, DRM is a fairly young topic with many issues still - resolved. Secondly, there is still an acute lack of objective information about DRM and the consequences of using (or not using) DRM in our Information Society. And, finally, only open discussions amongst all the interested parties and people from different scientific and practical backgrounds can help to create a foundation on which DRM can actually become useful.

This book constitutes the thoroughly refereed post-proceedings of the Second International Workshop on Privacy Enhancing Technologies, PET 2002, held in San Francisco, CA, USA, in April 2002. The 17 revised full papers presented were carefully selected during two rounds of reviewing and improvement. Among the topics addressed are Internet security, private authentication, information theoretic anonymity, anonymity measuring, enterprise privacy practices, service architectures for privacy, intersection attacks, online trust negotiation, random data perturbation, Website fingerprinting, Web user privacy, TCP timestamps, private information retrieval, and unobservable Web surfing.

This book constitutes the refereed proceedings of the 6th International Workshop on Practice and Theory in Public Key Cryptosystems, PKC 2003, held in Miami, Florida, USA in January 2003.

The 26 revised full papers presented were carefully reviewed and selected from 105 submissions. The papers are organized in topical sections on Diffie-Hellman based schemes, threshold cryptography, reduction proofs, broadcast and tracing, digital signatures, specialized multiparty cryptography, cryptanalysis, elliptic curves: implementation attacks, implementation and hardware issues, new public key schemes, and elliptic curves: general issues.

This book constitutes the thoroughly refereed post-proceedings of the 6th International Conference on Information Security and Cryptology, ICISC 2003, held in Seoul, Korea, in November 2003.

The 32 revised full papers presented together with an invited paper were carefully selected from 163 submissions during two rounds of reviewing and improvement. The papers are organized in topical sections on digital signatures, primitives, fast implementations, computer security and mobile security, voting and auction protocols, watermarking, authentication and threshold protocols, and block ciphers and stream ciphers.

ESORICS, the European Symposium On Research In Computer Security, is the leading research-oriented conference on the theory and practice of computer - curity in Europe. The aim of ESORICS is to further the progress of research in computer security by establishing a European forum for bringing together - searchersinthisarea, bypromotingtheexchangeofideaswithsystemdevelopers and by encouraging links with researchers in related areas. ESORICS is coordinated by an independent steering committee. In the past it took place every two years at various locations throughout Europe. Starting this year, it will take place annually. ESORICS 2003 was organized by Gjovik University College, and took place in Gjovik, Norway, October 13-15, 2003. The program committee received 114 submissions, originating from 26 co- tries on all continents. Half the papers originated in Europe (57). The most dominant countries were: UK (16), USA (14), Germany (6), South Korea (6), Sweden (6), Italy (5), France (4) and Poland (4). Each submission was reviewed by at least three program committee members or other experts. The program committee chair and co-chair were not allowed to submit papers. The ?nal sel- tion of papers was made at a program committee meeting followed by a week of e-mail discussions. Out of the 114 papers received, only 19 got accepted (17%). In comparison, ESORICS 2000and 2002received 75and 83papersand accepted 19% and 16%, respectively. The program re?ected the full range of security research, including access control, cryptographic protocols, privacy enhancing technologies, security m- els, authentication, and intrusion detection."

This book constitutes the refereed proceedings of the 4th International Conference on Information and Communication Security, ICICS 2002, held in Singapore in December 2002. The 41 revised full papers presented were carefully reviewed and selected from a total of 161 submissions. The papers are organized in topical sections on system security, crypto systems, security protocols, fingerprinting and watermarking, efficient implementation of algorithms, access control, and cryptanalysis and cryptographic techniques.

This book constitutes the refereed proceedings of the Third International Conference on Cryptology in India, INDOCRYPT 2002, held in Hyderabad, India in December 2002.The 31 revised full papers presented together with 2 invited papers were carefully reviewed and selected from 75 submissions. The papers are organized in topical sections on symmetric cyphers, new public-key schemes, foundations, public-key infrastructures, fingerprinting and watermarking, public-key protocols, Boolean functions, efficient and secure implementations, applications, anonymity, and secret sharing and oblivious transfer.  

This book constitutes the refereed proceedings of the 7th European Symposium on Research in Computer Security, ESORICS 2002, held in Zurich, Switzerland, in October 2002.The 16 revised full papers presented were carefully reviewed and selected for inclusion in the proceedings. Among the topics addressed are confidentiality, probabilistic non-inference, auctions, inference control, authentication, attacks on cryptographic hardware, privacy protection, model checking protocols, mobile code, formal security analysis, access control, and fingerprints and intrusion detection.

This book constitutes the refereed proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2002, held in Singapore, in December 2002.The 34 revised full papers presented together with two invited contributions were carefully reviewed and selected from 173 submissions on the basis of 875 review reports. The papers are organized in topical sections on public key cryptography, authentication, theory, block ciphers, distributed cryptography, cryptanalysis, public key cryptanalysis, secret sharing, digital signatures, applications, Boolean functions, key management, and ID-based cryptography.

Once again we bring you the proceedings of the International Workshop on Security Protocols. It seems hard to believe that we have reached the tenth event in this annual series. This year our theme was "Discerning the Protocol Participants." Security protocols are usually described in terms of the active participants - Alice c- putes foo and sends it to Bob. However most security protocols also include o?-line participants, which are not synchronously involved in the exchange of messages: a bank may participate on behalf of a customer, and an arbiter may subsequently be asked to interpret the meaning of a run. These silent partners to the protocol have their own security policies, and assumptionsaboutidentity, authorizationandcapabilityneedtobere-examined when the agenda of a hidden participant may change. We hope that the position papers published here, which have been rewritten and rethought in the light of the discussions at the workshop, will be of interest, not just for the speci?c contributions they make but also for the deeper issues which they expose. In order to identify these issues more clearly, we include transcripts for some of the discussions which took place in Cambridge during the workshop. What would you have liked to add? Do let us know.

The thoroughly refereed post-proceedings of the Second International Workshop on Digital Rights Management, DRM 2002, held in Washington, DC, USA, in November 2002, in conjunction with ACM CCS-9. The 13 revised full papers presented were carefully reviewed and selected for inclusion in the book. Among the topics addressed are DES implementation for DRM applications, cryptographic attacks, industrial challenges, public key broadcast encryption, fingerprinting, copy-prevention techniques, copyright limitations, content protection, watermarking systems, and theft-protected proprietary certificates.

This book constitutes the refereed proceedings of the 5th International Conference on Information Security ISC 2002, held in Sao Paulo, Brazil, in September/October 2002.The 38 revised full papers presented were carefully reviewed and selected from 81 submissions. The papers are organized in topical sections on intrusion detection and tamper resistance, cryptographic algorithms and attack implementation, access control and trust management, authentication and privacy, e-commerce protocols, signature schemes, cryptography, key management, and security analysis.

TheINDOCRYPTconferenceseriesstartedin2000, andINDOCRYPT2003was the fourth one in this series. This series has been accepted by the international research community as a forum for presenting high-quality crypto research, as is evident from the 101 submissions this year, spread over 21 countries and all ?ve continents. The accepted papers were written by authors from 16 countries, covering four continents. A total of 101 papers were submitted for consideration to the program c- mittee, and after a careful reviewing process 30 were accepted for presentation. One of the conditionally accepted papers was withdrawn by the authors as they found an errorin the paper that could not be repairedin the short time between the noti?cation of the reviewand the ?nalversionsubmission.Thus the ?nal list contains29acceptedpapers.Wewouldliketo thanktheauthorsofallsubmitted papers, including both those that wereaccepted and those which, unfortunately, could not be accommodated. The reviewing process for INDOCRYPT was very stringent and the schedule was extremely tight. The program committee members did an excellent job in reviewing and selecting the papers for presentation. During the review process, theprogramcommitteememberscommunicatedusingareviewsoftwarepackage developed by Bart Preneel, Wim Moreau and Joris Claessens. We acknowledge them for providing this software. These proceedings include the revised versions of the 29 selected papers. Revisions were not checkedby the programcommittee and the authors bear the full responsibility for the contents of the respective papers. Our thanks go to all the program committee members and the external reviewers(alistofthem isincludedintheproceedings)whoputintheirvaluable time and e?ort in providing important feedback to the authors

 This book constitutes the thoroughly refereed post-proceedings of the 5th International Conference on Information Security and Cryptology, ICISC 2002, held in Seoul, Korea in November 2002. The 35 revised full papers presented together with an invited paper were carefully selected from 142 submissions during two rounds of reviewing and improvement. The papers are organized in topical sections on digital signatures, Internet security, block ciphers and stream ciphers, stream ciphers and other primitives, efficient implementations, side-channel attacks, cryptographic protocols and biometrics.

Aimed primarily at final year undergraduate courses and MSc courses on Information Systems, Management of Information Systems and Design of Information Systems, this textbook aims to provide answers to five questions;What is security? What are the security problems particular to an IT system? What can be done to reduce the security risks associated with such a system? In a given situation, what are the appropriate security countermeasures? How should one set about procuring an information system with security implications?It looks at the different goals organisations might have in employing security techniques (availability, integrity, confidentiality, exclusivity) and which technique is best suited to achieving each goal. With guidelines appropriate for the protection of both conventional commercial and military systems, An Information Security Handbook will be of interest to computer system managers and administrators in any commercial or government organisation.

This book constitutes the refereed proceedings of the 22nd International Cryptology Conference, CRYPTO 2002, held in Santa Barbara, CA, in August 2002.The 39 revised full papers presented were carefully reviewed and selected from a total of 175 submissions. The papers are organized in topical sections on block ciphers, multi-user oriented cryptosystems, foundations and methodology, security and practical protocols, secure multiparty computation, public key encryption, information theory and secret sharing, cipher design and analysis, elliptic curves and Abelian varieties, authentication, distributed cryptosystems, pseudorandomness, stream ciphers and Boolean functions, commitment schemes, and signature schemes.

This book constitutes the thoroughly refereed post-proceedings of the First International Workshop on Digital Watermarking, IWDW 2002, held in Seoul, Korea in November 2002. The 19 revised full papers presented together with two invited papers were carefully selected during two rounds of reviewing and improvement from 64 submissions. The papers are organized in topical sections on fundamentals, new algorithms, watermarking unusual content, fragile watermarking, robust watermarking, and adaptive watermarking.

This book constitutes the thoroughly refereed post-proceedings of the 8th International Workshop on Fast Software Encryption, FSE 2001, held in Yokohama, Japan in April 2001.The 27 revised full papers presented together with one invited paper were carefully reviewed and selected from 46 submissions. The papers are organized in topical sections on cryptanalysis of block ciphers, hash functions and Boolean functions, modes of operation, cryptanalysis of stream ciphers, pseudo-randomness, and design and evaluation.

For more than the last three decades, the security of software systems has been an important area of computer science, yet it is a rather recent general recognition that technologies for software security are highly needed. This book assesses the state of the art in software and systems security by presenting a carefully arranged selection of revised invited and reviewed papers. It covers basic aspects and recently developed topics such as security of pervasive computing, peer-to-peer systems and autonomous distributed agents, secure software circulation, compilers for fail-safe C language, construction of secure mail systems, type systems and multiset rewriting systems for security protocols, and privacy issues as well.

Inference control in statistical databases, also known as statistical disclosure limitation or statistical confidentiality, is about finding tradeoffs to the tension between the increasing societal need for accurate statistical data and the legal and ethical obligation to protect privacy of individuals and enterprises which are the source of data for producing statistics. Techniques used by intruders to make inferences compromising privacy increasingly draw on data mining, record linkage, knowledge discovery, and data analysis and thus statistical inference control becomes an integral part of computer science.This coherent state-of-the-art survey presents some of the most recent work in the field. The papers presented together with an introduction are organized in topical sections on tabular data protection, microdata protection, and software and user case studies.

This book constitutes the refereed proceedings of the International Conference on the Theory and Application of Cryptographic Techniques, EUROCRYPT 2002, held in Amsterdam, The Netherlands, in April/May 2002.The 33 revised full papers presented were carefully reviewed and selected from a total of 122 submissions. The papers are organized in topical sections on cryptanalysis, public-key encryption, information theory and new models, implementational analysis, stream ciphers, digital signatures, key exchange, modes of operation, traitor tracing and id-based encryption, multiparty and multicast, and symmetric cryptology.

This book constitutes the thoroughly refereed post-proceedings of the International Workshop on Security and Privacy in Digital Rights Management, DRM 2001, held during the ACM CCS-8 Conference in Philadelphia, PA, USA, in November 2001.The 14 revised full papers presented were carefully reviewed and selected from 50 submissions. The papers are organized in topical sections on renewability, fuzzy hashing, cryptographic techniques and fingerprinting, privacy and architectures, software tamper resistance, cryptanalysis, and economic and legal aspects.

This book constitutes the refereed proceedings of the 21st International Conference on Computer Safety, Reliability and Security, SAFECOMP 2002, held in Catania, Italy in September 2002.The 27 revised papers presented together with 3 keynote presentations were carefully reviewed and selected from 69 submissions. The papers are organized in topical sections on human-computer system dependability, human factors, security, dependability assessment, application of formal methods, reliability assessment, design for dependability, and safety assessment.

This volume continues the tradition established in 2001 of publishing the c- tributions presented at the Cryptographers' Track (CT-RSA) of the yearly RSA Security Conference in Springer-Verlag's Lecture Notes in Computer Science series. With 14 parallel tracks and many thousands of participants, the RSA - curity Conference is the largest e-security and cryptography conference. In this setting, the Cryptographers' Track presents the latest scienti?c developments. The program committee considered 49 papers and selected 20 for presen- tion. One paper was withdrawn by the authors. The program also included two invited talks by Ron Rivest ("Micropayments Revisited" - joint work with Silvio Micali) and by Victor Shoup ("The Bumpy Road from Cryptographic Theory to Practice"). Each paper was reviewed by at least three program committee members; paperswrittenbyprogramcommitteemembersreceivedsixreviews.Theauthors of accepted papers made a substantial e?ort to take into account the comments intheversionsubmittedtotheseproceedings.Inalimitednumberofcases, these revisions were checked by members of the program committee. I would like to thank the 20 members of the program committee who helped to maintain the rigorous scienti?c standards to which the Cryptographers' Track aims to adhere. They wrote thoughtful reviews and contributed to long disc- sions; more than 400 Kbyte of comments were accumulated. Many of them - tended the program committee meeting, while they could have been enjoying the sunny beaches of Santa Barbara.

This book constitutes the refereed proceedings of the First NSF/NIJ Symposium on Intelligence and Security Informatics, ISI 2003, held in Tucson, AZ, USA in June 2003. The 24 revised full papers and 16 revised short papers presented were carefully reviewed and selected for inclusion in the book. The papers are organized in topical sections on data management and data mining, deception detection, analytical techniques, for crime detection, visualization, knowledge management and adoption, collaborative systems and methodologies, and monitoring and surveillance.