This volume contains the proceedings of the 13th International Conference on Financial Cryptography and Data Security, held at the Accra Beach Hotel and Resort, Barbados, February 23-26, 2009. Financial Cryptography and Data Security (FC) is a well-established int- national forum for research, advanced development, education, exploration and debate regarding information assurance in the context of ?nance and commerce. The conference covers all aspects of securing transactions and systems. The goal of FC is to bring security and cryptography researchers and pr- titioners together with economists, bankers, and policy makers. This year, we assembled a vibrant program featuring 21 peer-reviewed research paper pres- tations, two panels (on the economics of information security and on authen- cation), and a keynote address by David Dagon. Despite a proliferation of security and cryptography venues, FC continues to receive a large number of high-quality submissions. This year, we received 91 submissions(75full-lengthpapers,15shortpapersand1panel).Eachsubmission was reviewed by at least three reviewers. Following a rigorous selection, ranking and discussion process, the Program Committee accepted 20 full-length papers, 1 short paper and 1 panel. The overall acceptance rate was 24%.

Using the quantum properties of single photons to exchange binary keys between two partners for subsequent encryption of secret data is an absolutely novel technology. Only a few years ago quantum cryptography or better: quantum key distribution (QKD) was the domain of basic research laboratories at universities. But during the last few years things changed. QKD left the laboratories and was picked up by more practical oriented teams that worked hard to develop a practically applicable technology out of the astonishing results of basic research.

One major milestone towards a QKD technology was a large research and development project funded by the European Commission that aimed at combining quantum physics with complementary technologies that are necessary to create a technical solution: electronics, software, and network components were added within the project SECOQC (Development of a Global Network for Secure Communication based on Quantum Cryptography) that teamed up all expertise on European level to get a technology for future encryption.

The practical application of QKD in a standard optical fibre network was demonstrated October 2008 in Vienna, giving a glimpse of the future of secure communication. Although many steps have still to be done in order to achieve a real mature technology, the corner stone for future secure communication is already laid.

QKD will not be the Holy Grail of security, it will not be able to solve all problems for evermore. But QKD has the potential to replace one of the weakest parts of symmetric encryption: the exchange of the key. It can be proven that the key exchange process cannot be corrupted and that keys that are generated and exchanged quantum cryptographically will be secure for ever (as long as some additional conditions are kept).

This book will show the state of the art of Quantum Cryptography and it will sketch how it can be implemented in standard communication infrastructure. The growing vulnerability of sensitive data requires new concepts and QKD will be a possible solution to overcome some of today s limitations."

This book constitutes the proceedings of the Second International Conference on Cryptology in Africa, AFRICACRYPT 2009, held in Gammarth, Tunisia, on June 21-25, 2009.

The 25 papers presented together with one invited talk were carefully reviewed and selected from 70 submissions. The topics covered are hash functions, block ciphers, asymmetric encryption, digital signatures, asymmetric encryption and anonymity, key agreement protocols, cryptographic protocols, efficient implementations, and implementation attacks.

This book explains how to plan and build a Virtual Private Network (VPN), a collection of technologies that creates secure connections or "tunnels" over regular Internet lines. It discusses costs, configuration, and how to install and use VPN technologies that are available for Windows NT and Unix, such as PPTP and L2TP, Altavista Tunnel, Cisco PIX, and the secure shell (SSH). New features in the second edition include SSH and an expanded description of the IPSec standard.

ACNS2009, the7thInternationalConferenceonAppliedCryptographyandN- work Security, was held in Paris-Rocquencourt, France, June 2-5, 2009. ACNS 2009 was organized by the Ecole Normale Sup erieure (ENS), the French - tional Center for Scienti?c Research (CNRS), and the French National Institute for Researchin Computer Science andControl(INRIA), in cooperationwith the InternationalAssociation for CryptologicResearch(IACR). The General Chairs of the conference were Pierre-Alain Fouque and Damien Vergnaud. Theconferencereceived150submissionsandeachsubmissionwasassignedto at least three committee members. Submissions co-authored by members of the Program Committee were assigned to at least four committee members. Due to thelargenumber ofhigh-qualitysubmissions, thereviewprocesswaschallenging andwearedeeplygratefulto the committeemembersandthe externalreviewers for their outstanding work. After meticulous deliberation, the Program C- mittee, which was chaired by Michel Abdalla and David Pointcheval, selected 32 submissions for presentation in the academic track and these are the articles that are included in this volume. Additionally, a few other submissions were selected for presentation in the non-archival industrial track. The best student paper was awarded to Ayman Jarrous for his paper "Secure Hamming Distance Based Computation and Its Applications," co-authoredwith Benny Pinkas. The review process was run using the iChair software, written by Thomas Baigneres and Matthieu Finiasz from EPFL, LASEC, Switzerland and we are indebted to them for letting us use their software. The programalso included four invited talks in addition to the academicand industrial tracks."

The biennial International Workshop on Coding and Cryptology (IWCC) aims to bring together many of the world's greatest minds in coding and crypt- ogy to share ideas and exchange knowledge related to advancements in c- ing and cryptology, amidst an informal setting conducive for interaction and collaboration. It is well known that fascinating connections exist between coding and cr- tology. Therefore this workshop series was organized to facilitate a fruitful - teraction and stimulating discourse among experts from these two areas. The inaugural IWCC was held at Wuyi Mountain, Fujian Province, China, during June 11-15, 2007 and attracted over 80 participants. Following this s- cess, the second IWCC was held June 1-5, 2009 at Zhangjiajie, Hunan Province, China. Zhangjiajie is one of the most scenic areas in China. The proceedings of this workshop consist of 21 technical papers, covering a wide range of topics in coding and cryptology, as well as related ?elds such as combinatorics. All papers, except one, are contributed by the invited speakers of the workshop and each paper has been carefully reviewed. We are grateful to the external reviewers for their help, which has greatly strengthened the quality of the proceedings. IWCC 2009 was co-organizedby the National University of Defense Techn- ogy (NUDT), China and Nanyang Technological University (NTU), Singapore. We acknowledge with gratitude the ?nancial support from NUDT. We wouldliketo expressourthanks to Springer formaking it possible forthe proceedings to be published in the Lecture Notes in Computer Science series.

This book constitutes the refereed proceedings of the Cryptographers' Track at the RSA Conference 2009, CT-RSA 2009, held in San Francisco, CA, USA in April 2009.

The 31 revised full papers presented were carefully reviewed and selected from 93 submissions. The papers are organized in topical sections on identity-based encryption, protocol analysis, two-party protocols, more than signatures, collisions for hash functions, cryptanalysis, alternative encryption, privacy and anonymity, efficiency improvements, multi-party protocols, security of encryption schemes as well as countermeasures and faults.

This book constitutes the refereed proceedings of the 11th International Conference on Information Security and Cryptology, ICISC 2008, held in Seoul, Korea, during December 3-5, 2008.

The 26 revised full papers presented have gone through two rounds of reviewing and improvement and were carefully selected from 131 submissions. The papers are organized in topical sections on public key encryption, key management and secret sharing, privacy and digital rights, digital signature and voting, side channel attack, hash and mac, primitives and foundations, as well as block and stream ciphers.

In the age of increasing reliance on data and the importance of sensitive information, applications and technologies have arisen to appropriately deal with assuring the security of medical informatics and healthcare administration functions. In order for technology to progress, new systems are being installed globally to address this issue. Governance of Picture Archiving and Communications Systems: Data Security and Quality Management of Filmless Radiology examines information security management systems for the facilitation of picture archiving and communication systems (PACS). This valuable contribution to data security and quality management literature provides a comprehensive guide for all aspects of the implementation of PACS for the enhancement of modern practices in radiology.

TCC 2009, the 6th Theory of Cryptography Conference, was held in San Fr- cisco, CA, USA, March 15-17, 2009. TCC 2009 was sponsored by the Inter- tional Association for Cryptologic Research (IACR) and was organized in - operation with the Applied Crypto Group at Stanford University. The General Chair of the conference was Dan Boneh. The conference received 109 submissions, of which the Program Comm- tee selected 33 for presentation at the conference. These proceedings consist of revised versions of those 33 papers. The revisions were not reviewed, and the authors bear full responsibility for the contents of their papers. The conference program also included two invited talks: "The Di?erential Privacy Frontier," given by Cynthia Dwork and "Some Recent Progress in Lattice-Based Crypt- raphy," given by Chris Peikert. I thank the Steering Committee of TCC for entrusting me with the resp- sibility for the TCC 2009 program. I thank the authors of submitted papers for their contributions. The general impression of the Program Committee is that the submissions were of very high quality, and there were many more papers we wanted to accept than we could. The review process was therefore very - warding but the selection was very delicate and challenging. I am grateful for the dedication, thoroughness, and expertise ofthe ProgramCommittee. Obse- ing the way the members of the committee operated makes me as con?dent as possible of the outcome of our selection process.

The intersection of politics, law, privacy, and security in the context of computer technology is both sensitive and complex. Computer viruses, worms, Trojan horses, spyware, computer exploits, poorly designed software, inadequate technology laws, politics and terrorism - all of these have a profound effect on our daily computing operations and habits, with major political and social implications.""Computer Security, Privacy and Politics"" connects privacy and politics, offering a point-in-time review of recent developments of computer security, with a special focus on the relevance and implications of global privacy, law, and politics for society, individuals, and corporations. An estimable addition to any library collection, this Premier Reference Source compiles high quality, timely content on such cutting-edge topics as reverse engineering of software, understanding emerging computer exploits, emerging lawsuits and cases, global and societal implications, and protection from attacks on privacy.

As information technology is rapidly progressing, an enormous amount of media can be easily exchanged through Internet and other communication networks. Increasing amounts of digital image, video, and music have created numerous information security issues and is now taken as one of the top research and development agendas for researchers, organizations, and governments worldwide. ""Multimedia Forensics and Security"" provides an in-depth treatment of advancements in the emerging field of multimedia forensics and security by tackling challenging issues such as digital watermarking for copyright protection, digital fingerprinting for transaction tracking, and digital camera source identification.

This book constitutes the thoroughly refereed post-conference proceedings of the 4th International Conference on Information Security and Cryptology, Inscrypt 2008, held in Beijing, China, in December 2008.

The 28 revised full papers presented together with 3 invited talks were carefully reviewed and selected from 183 submissions. The papers are organized in topical sections on digital signature and signcryption schemes, privacy and anonymity, message authentication code and hash function, secure protocols, symmetric cryptography, certificateless cryptography, hardware implementation and side channel attack, wireless network security, public key and identity based cryptography, access control and network security, as well as trusted computing and applications.

The volume provides state-of-the-art in non-repudiation protocols and gives insight of its applicability to e-commerce applications. This professional book organizes the existing scant literature regarding non-repudiation protocols with multiple entities participation. It provides the reader with sufficient grounds to understand the non-repudiation property and its applicability to real applications. This book is essential for professional audiences with in-depth knowledge of information security and a basic knowledge of applied cryptography. The book is also suitable as an advanced-level text or reference book for students in computer science.

This book constitutes the refereed proceedings of the 9th International Conference on Cryptology in India, INDOCRYPT 2008, held in Kharagpur, India, in December 2008.

The 33 revised full papers were carefully reviewed and selected from 111 submissions. The papers are organized in topical sections on stream ciphers, cryptographic hash functions, public-key cryptography, security protocols, hardware attacks, block ciphers, cryptographic hardware, elliptic curve cryptography, and threshold cryptography.

Today's information technology and security networks demand increasingly complex algorithms and cryptographic systems. Individuals implementing security policies for their companies must utilize technical skill and information technology knowledge to implement these security mechanisms. Cryptography & Security Devices: Mechanisms & Applications addresses cryptography from the perspective of the security services and mechanisms available to implement these services: discussing issues such as e-mail security, public-key architecture, virtual private networks, Web services security, wireless security, and the confidentiality and integrity of security services. This book provides scholars and practitioners in the field of information assurance working knowledge of fundamental encryption algorithms and systems supported in information technology and secure communication networks.

This monograph on Security in Computing Systems: Challenges, Approaches and Solutions aims at introducing, surveying and assessing the fundamentals of se- rity with respect to computing. Here, "computing" refers to all activities which individuals or groups directly or indirectly perform by means of computing s- tems, i. e. , by means of computers and networks of them built on telecommuni- tion. We all are such individuals, whether enthusiastic or just bowed to the inevitable. So, as part of the ''information society'', we are challenged to maintain our values, to pursue our goals and to enforce our interests, by consciously desi- ing a ''global information infrastructure'' on a large scale as well as by approp- ately configuring our personal computers on a small scale. As a result, we hope to achieve secure computing: Roughly speaking, computer-assisted activities of in- viduals and computer-mediated cooperation between individuals should happen as required by each party involved, and nothing else which might be harmful to any party should occur. The notion of security circumscribes many aspects, ranging from human qua- ties to technical enforcement. First of all, in considering the explicit security requirements of users, administrators and other persons concerned, we hope that usually all persons will follow the stated rules, but we also have to face the pos- bility that some persons might deviate from the wanted behavior, whether ac- dently or maliciously.

While emerging information and internet ubiquitous technologies provide tremendous positive opportunities, there are still numerous vulnerabilities associated with technology. Attacks on computer systems are increasing in sophistication and potential devastation more than ever before. As such, organizations need to stay abreast of the latest protective measures and services to prevent cyber attacks.""The Handbook of Research on Information Security and Assurance"" offers comprehensive definitions and explanations on topics such as firewalls, information warfare, encryption standards, and social and ethical concerns in enterprise security. Edited by scholars in information science, this reference provides tools to combat the growing risk associated with technology.

The growing popularity of Service Oriented Architectures is mainly due to business and technology trendsthat have crystallized over thepast decade. On the business side, companies struggle to survive in a competitive - vironment that pushes them towards a tighter integration into an industry's value chain, to outsource non core business operations or to constantly- engineer business processes. These challenges boosted the demand for sc- able IT-solutions, with e?orts ultimately resulting in a ?exible architectural paradigm - Service Oriented Architectures. On the technical side, middleware standards, technologies and archit- turesbasedonXMLand Webservicesaswellastheirsecurityextensionshave matured to a sound technology base that guarantees interoperability across enterprise and application boundaries - a prerequisite to inter-organizational applications and work?ows. While the principles and concepts of Service Oriented Architectures may lookevidentandcogentfromaconceptualperspective, therealizationofint- organizational work?ows and applications based on the paradigm "Service Oriented Architecture" remains a complex task, and, all the more when it comes to security, the implementation is still bound to low-level technical knowledgeandhence error-prone. The number of books and publications o?ering implementation-level c- erageofthetechnologies, standardsandspeci?cationsasrequiredbytechnical developers lookingfor guidance on how to"add"security to service oriented solutions based on Web services and XML technology is already considerable and ever growing. The present book sets a di?erent focus. Based on the p- adigmof Model Driven Security, it shows how to systematically designand realize security-critical applications for Service Oriented Architectures.

The ISO/IEC 27000 is a critical series of information security technology standards, and ISO/IEC 27001 is the newest release of this series. Authored by a recognized expert in the field, this authoritative and clear guide explores the ISO/IEC 27000 security standards and their implementation, focusing on the recent ISO/IEC 27001.

'Securing Web Services' investigates the security-related specifications that encompass message level security, transactions, and identity management.

In our world of ever-increasing Internet connectivity, there is an on-going threat of intrusion, denial of service attacks, or countless other abuses of computer and network resources. In particular, these threats continue to persist due to the flaws of current commercial intrusion detection systems (IDSs). Intrusion Detection Systems is an edited volume by world class leaders in this field. This edited volume sheds new light on defense alert systems against computer and network intrusions. It also covers integrating intrusion alerts within security policy framework for intrusion response, related case studies and much more. This volume is presented in an easy-to-follow style while including a rigorous treatment of the issues, solutions, and technologies tied to the field. Intrusion Detection Systems is designed for a professional audience composed of researchers and practitioners within the computer network and information security industry. It is also suitable as a reference or secondary textbook for advanced-level students in computer science.

Cybercafes, which are places where Internet access is provided for free, provide the opportunity for people without access to the Internet, or who are traveling, to access Web mail and instant messages, read newspapers, and explore other resources of the Internet. Due to the important role Internet cafes play in facilitating access to information, there is a need for their systems to have well-installed software in order to ensure smooth service delivery. Security and Software for Cybercafes provides relevant theoretical frameworks and current empirical research findings on the security measures and software necessary for cybercafes, offering information technology professionals, scholars, researchers, and educators detailed knowledge and understanding of this innovative and leading-edge issue, both in industrialized and developing countries.

Advances in hardware technology have increased the capability to store and record personal data about consumers and individuals. This has caused concerns that personal data may be used for a variety of intrusive or malicious purposes. Privacy Preserving Data Mining: Models and Algorithms proposes a number of techniques to perform the data mining tasks in a privacy-preserving way. These techniques generally fall into the following categories: data modification techniques, cryptographic methods and protocols for data sharing, statistical techniques for disclosure and inference control, query auditing methods, randomization and perturbation-based techniques. This edited volume contains surveys by distinguished researchers in the privacy field. Each survey includes the key research content as well as future research directions of a particular topic in privacy. Privacy Preserving Data Mining: Models and Algorithms is designed for researchers, professors, and advanced-level students in computer science. This book is also suitable for practitioners in industry.

This book constitutes the refereed proceedings of the three international workshops PAISI 2008, PACCF 2008, and SOCO 2008, held as satellite events of the IEEE International Conference on Intelligence and Security Informatics, ISI 2008, in Taipei, Taiwan, in June 2008.

The 55 revised full papers presented were carefully reviewed and selected from the presentations at the workshops. The 21 papers of the Pacific Asia Workshop on Intelligence and Security Informatics (PAISI 2008) cover topics such as information retrieval and event detection, internet security and cybercrime, currency and data protection, cryptography, image and video analysis, privacy issues, social networks, modeling and visualization, and network intrusion detection. The Pacific Asia Workshop on Cybercrime and Computer Forensics (PACCF 2008) furnishes 10 papers about forensic information management, forensic technologies, and forensic principles and tools. The 24 papers of the Workshop on Social Computing (SOCO 2008) are organized in topical sections on social web and social information management, social networks and agent-based modeling, as well as social opinions, e-commerce, security and privacy considerations.