This book constitutes the thoroughly refereed post-proceedings of the 8th International Workshop on Selected Areas in Cryptology, SAC 2001, held in Toronto, Ontario, Canada in August 2001.The 25 revised full papers presented together with the abstracts of two invited talks were carefully reviewed and selected during two rounds of refereeing and revision. The papers are organized in topical sections on cryptanalysis, Boolean functions, Rijndael, elliptic curves and efficient implementation, public key systems, and protocols and MAC.

This book constitutes the refereed proceedings of the 8th International IMA Conference on Cryptography and Coding held in Cirencester, UK in December 2001. The 33 revised full papers presented together with four invited papers were carefully reviewed and selected from numerous submissions. Among the topics covered are mathematical bounds, statistical decoding schemes for error-correcting codes, multifunctional and multiple access communication systems, low density parity check codes, iterative coding, authentication, key recovery attacks, stream cipher design, analysis of ECIES algorithms, and lattice bases attacks on IP based protocols.

This book constitutes the refereed proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2001, held in Gold Coast, Australia in December 2001.The 33 revised full papers presented together with an invited paper were carefully reviewed and selected from 153 submissions. The papers are organized in topical sections on lattice based cryptography, human identification, practical public key cryptography, cryptography based on coding theory, block ciphers, provable security, threshold cryptography, two-party protocols, zero knowledge, cryptographic building blocks, elliptic curve cryptography, and anonymity.

The world's most infamous hacker offers an insider's view of the low-tech threats to high-tech security
Kevin Mitnick's exploits as a cyber-desperado and fugitive form one of the most exhaustive FBI manhunts in history and have spawned dozens of articles, books, films, and documentaries. Since his release from federal prison, in 1998, Mitnick has turned his life around and established himself as one of the most sought-after computer security experts worldwide. Now, in The Art of Deception, the world's most notorious hacker gives new meaning to the old adage, "It takes a thief to catch a thief."
Focusing on the human factors involved with information security, Mitnick explains why all the firewalls and encryption protocols in the world will never be enough to stop a savvy grifter intent on rifling a corporate database or an irate employee determined to crash a system. With the help of many fascinating true stories of successful attacks on business and government, he illustrates just how susceptible even the most locked-down information systems are to a slick con artist impersonating an IRS agent. Narrating from the points of view of both the attacker and the victims, he explains why each attack was so successful and how it could have been prevented in an engaging and highly readable style reminiscent of a true-crime novel. And, perhaps most importantly, Mitnick offers advice for preventing these types of social engineering hacks through security protocols, training programs, and manuals that address the human element of security.

This book constitutes the thoroughly refereed post-proceedings of the 4th International Information Hiding Workshop, IHW 2001, held in Pittsburgh, PA, USA, in April 2001.The 29 revised full papers presented were carefully selected during two rounds of reviewing and revision. All current issues in information hiding are addressed including watermarking and fingerprinting of digitial audio, still image and video; anonymous communications; steganography and subliminal channels; covert channels; and database inference channels.

This book constitutes the refereed proceedings of the Cryptographers' Track at the RSA Conference 2003, CT-RSA 2003, held in San Francisco, CA, USA, in April 2003. The 26 revised full papers presented together with abstracts of 2 invited talks were carefully reviewed and selected from 97 submissions. The papers are organized in topical sections on key self-protection, message authentication, digital signatures, pairing based cryptography, multivariate and lattice problems, cryptographic architectures, new RSA-based cryptosystems, chosen-ciphertext security, broadcast encryption and PRF sharing, authentication structures, elliptic curves and pairings, threshold cryptography, and implementation issues.

This book constitutes the thoroughly refereed post-proceedings of the 9th International Workshop on Fast Software Encryption, FSE 2002, held in Leuven, Belgium in February 2002.The 21 revised full papers presented were carefully reviewed and selected from 70 submissions. The papers are organized in topical sections on blook cipher cryptoanalysis, integral cryptoanalysis, block cipher theory, stream cipher design, stream cipher cryptanalysis, and odds and ends.

The Cambridge International Workshop on Security Protocols has now run for eight years. Each year we set a theme, focusing upon a speci?c aspect of security protocols, and invite position papers. Anybody is welcome to send us a position paper (yes, you are invited) and we don t insist they relate to the current theme in an obvious way. In our experience, the emergence of the theme as a unifying threadtakesplaceduringthediscussionsattheworkshopitself.Theonlyground rule is that position papers should formulate an approach to some unresolved issues, rather than being a description of a ?nished piece of work. Whentheparticipantsmeet, wetrytofocusthediscussionsupontheconc- tual issues which emerge. Security protocols link naturally to many other areas of Computer Science, and deep water can be reached very quickly. Afterwards, we invite participants to re-draft their position papers in a way which exposes the emergent issues but leaves open the way to their further development. We also prepare written transcripts of the recorded discussions. These are edited (in some cases very heavily) to illustrate the way in which the di?erent arguments and perspectives have interacted. We publish these proceedings as an invitation to the research community. Although many interesting results ?rst see the light of day in a volume of our proceedings, laying claim to these is not our primary purpose of publication. Rather, we bring our discussions and insights to a wider audience in order to suggest new lines of investigation which the community may fruitfully pursue."

This book constitutes the thoroughly refereed post-proceedings of the 4th International Conference on Financial Cryptography, FC 2000, held in Anguilla, British West Indies, in February 2000.The 21 revised full papers presented together with two invited papers and two tool summaries were carefully reviewed and selected from 68 submissions. The papers are organized in topical sections on digitial rights management, payment systems, finanical cryptography tools, electronic postcards, abusers of systems, financial cryptopolicies and issues, anonymity, and systems architecture.

This book constitutes the refereed proceedings of the 21st Annual International Cryptology Conference, CRYPTO 2001, held in Santa Barbara, CA, USA in August 2001. The 33 revised full papers presented were carefully reviewed and selected from a total of 156 submissions. The papers are organized in topical sections on foundations, traitor tracing, multi-party computation, two-party computation, elliptic curves, OAEP, encryption and authentication, signature schemes, protocols, cryptanalysis, applications of group theory and coding theory, broadcast and secret sharing, and soundness and zero-knowledge.

This book constitutes the refereed proceedings of the Second International Conference on Research in Smart Cards, E-smart 2001, held in Cannes, France, in September 2001. The 20 revised full papers presented were carefully reviewed and selected from 38 submissions. Among the topics addressed are biometrics, cryptography and electronic signatures on smart card security, formal methods for smart card evaluation and certification, architectures for multi-applications and secure open platforms, and middleware for smart cards and novel applications of smart cards.

ACISP2001,theSixthAustralasianConferenceonInformationSecurityandP- vacy,washeldinSydney,Australia. TheconferencewassponsoredbyInfor- tionandNetworkedSystemSecurityResearch(INSSR),MacquarieUniversity, theAustralianComputerSociety,andtheUniversityofWesternSydney. Iam gratefultoalltheseorganizationsfortheirsupportoftheconference. Theaimofthisconferencewastodrawtogetherresearchers,designers,and usersofinformationsecuritysystemsandtechnologies. Theconferenceprogram addressedarangeofaspectsfromsystemandnetworksecuritytosecureInternet applicationstocryptographyandcryptanalysis. Thisyeartheprogramcomm- teeinvitedtwointernationalkeynotespeakersDr. YacovYacobifromMicrosoft Research (USA) and Dr. Cli?ord Neumann from the University of Southern California(USA). Dr. Yacobi'stalkaddressedtheissuesoftrust,privacy,and anti-piracyinelectroniccommerce. Dr. Neumann'ACISP2001,theSixthAustralasianConferenceonInformationSecurityandP- vacy,washeldinSydney,Australia. TheconferencewassponsoredbyInfor- tionandNetworkedSystemSecurityResearch(INSSR),MacquarieUniversity, theAustralianComputerSociety,andtheUniversityofWesternSydney. Iam gratefultoalltheseorganizationsfortheirsupportoftheconference. Theaimofthisconferencewastodrawtogetherresearchers,designers,and usersofinformationsecuritysystemsandtechnologies. Theconferenceprogram addressedarangeofaspectsfromsystemandnetworksecuritytosecureInternet applicationstocryptographyandcryptanalysis. Thisyeartheprogramcomm- teeinvitedtwointernationalkeynotespeakersDr. YacovYacobifromMicrosoft Research (USA) and Dr. Cli?ord Neumann from the University of Southern California(USA). Dr. Yacobi'stalkaddressedtheissuesoftrust,privacy,and anti-piracyinelectroniccommerce. Dr. Neumann'saddresswasconcernedwith authorizationpolicyissuesandtheirenforcementinapplications. Theconferencereceived91papersfromAmerica,Asia,Australia,and- rope. The program committee accepted 38 papers and these were presented insome9sessionscoveringsystemsecurity,networksecurity,trustandaccess control,Authentication,cryptography,cryptanalysis,DigitalSignatures,Elliptic CurveBasedTechniques,andSecretSharingandThresholdSchemes. Thisyear theacceptedpaperscamefromarangeofcountries,including7fromAustralia, 8fromKorea,7fromJapan,3fromUK,3fromGermany,3fromUSA,2from Singapore,2fromCanadaand1fromBelgium,Estonia,andTaiwan. Organizingaconferencesuchasthisoneisatime-consumingtaskandIwould liketothankallthepeoplewhoworkedhardtomakethisconferenceasuccess. Inparticular,IwouldliketothankProgramCo-chairYiMuforhistirelesswork andthemembersoftheprogramcommitteeforputtingtogetheranexcellent program,andallthesessionchairsandspeakersfortheirtimeande?ort. Special thanks to Yi Mu, Laura Olsen, Rajan Shankaran, and Michael Hitchens for theirhelpwithlocalorganizationdetails. Finally,Iwouldliketothankallthe authorswhosubmittedpapersandalltheparticipantsofACISP2001. Ihope thattheprofessionalcontactsmadeatthisconference,thepresentations,and theproceedingshaveo?eredyouinsightsandideasthatyoucanapplytoyour owne?ortsinsecurityandprivacy. July2001 VijayVaradharajan AUSTRALASIANCONFERENCEON INFORMATIONSECURITYANDPRIVACY ACISP2001 Sponsoredby MacquarieUniversity AustralianComputerSociety General Chair: VijayVaradharajan MacquarieUniversity,Australia Program Chairs: VijayVaradharajan MacquarieUniversity,Australia YiMu MacquarieUniversity,Australia Program Committee: RossAnderson CambridgeUniversity,UK ColinBoyd QueenslandUniversityofTechnology,Australia EdDawson QueenslandUniversityofTechnology,Australia YvoDesmedt FloridaStateUniversity,USA PaulEngland Microsoft YairFrankel ColumbiaUniversity,USA AjoyGhosh UNISYS,Australia DieterGollman Microsoft JohnGordon ConceptLabs,UK KwangjoKim ICU,Korea ChuchangLiu DSTO,Australia MasahiroMambo TohokuUniversity,Japan WenboMao Hewlett-PackardLab. ,UK ChrisMitchell LondonUniversity,UK EijiOkamoto UniversityofWisconsin,USA JoePato Hewlett-PackardLab. ,USA JosefPieprzyk MacquarieUniversity,Australia BartPreneel KatholiekeUniversity,Belgium SteveRoberts WithamPtyLtd,Australia QingSihan AcademyofScience,China ReiSafavi-Naini UniversityofWollongong,Australia JenniferSeberry UniversityofWollongong,Australia YuliangZheng MonashUniversity,Australia TableofContents AFewThoughtsonE-Commerce...1 YacovYacobi NewCBC-MACForgeryAttacks...3 KarlBrincat,ChrisJ. Mitchell CryptanalysisofaPublicKeyCryptosystemProposedatACISP2000...15 AmrYoussef,GuangGong ImprovedCryptanalysisoftheSelf-ShrinkingGenerator ...21 ErikZenner,MatthiasKrause,StefanLucks AttacksBasedonSmallFactorsinVariousGroupStructures ...36 ChrisPavlovski,ColinBoyd OnClassifyingConferenceKeyDistributionProtocols...51 ShahrokhSaeednia,ReiSafavi-Naini,WillySusilo PseudorandomnessofMISTY-TypeTransformationsandtheBlockCipher KASUMI ...60 Ju-SungKang,OkyeonYi,DowonHong,HyunsookCho NewPublic-KeyCryptosystemUsingDivisorClassGroups...74 HwankooKim,SangJaeMoon FirstImplementationofCryptographicProtocolsBasedonAlgebraic NumberFields...84 AndreasMeyer,StefanNeis,ThomasPfahler PracticalKeyRecoverySchemes...104 Sung-MingYen Non-deterministicProcessors...115 DavidMay,HenkL. Muller,NigelP. Smart PersonalSecureBooting...130 NaomaruItoi,WilliamA. Arbaugh,SamuelaJ. Pollack, DanielM. Reeves EvaluationofTamper-ResistantSoftwareDeviatingfromStructured ProgrammingRules...145 HideakiGoto,MasahiroMambo,HirokiShizuya,YasuyoshiWatanabe AStrategyforMLSWork?ow...1 59 VladIngarWietrzyk,MakotoTakizawa,VijayVaradharajan X TableofContents Condition-DrivenIntegrationofSecurityServices ...176 Cli?ordNeumann SKETHIC:SecureKernelExtensionagainstTrojanHorseswith Information-CarryingCodes...177 Eun-SunCho,SunhoHong,SechangOh,Hong-JinYeh,ManpyoHong, Cheol-WonLee,HyundongPark,Chun-SikPark SecureandPrivateDistributionofOnlineVideoandSomeRelated CryptographicIssues...190 FengBao,RobertDeng,PeirongFeng,YanGuo,HongjunWu PrivateInformationRetrievalBasedontheSubgroupMembership Problem...206 AkihiroYamamura,TaiichiSaito APracticalEnglishAuctionwithOne-TimeRegistration ...221 KazumasaOmote,AtsukoMiyaji AUserAuthenticationSchemewithIdentityandLocationPrivacy...235 ShouichiHirose,SusumuYoshida AnEnd-to-EndAuthenticationProtocolinWirelessApplicationProtocol. 247 Jong-PhilYang,WeonShin,Kyung-HyuneRhee ErrorDetectionandAuthenticationinQuantumKeyDistribution ...260 AkihiroYamamura,HirokazuIshizuka AnAxiomaticBasisforReasoningaboutTrustinPKIs...274 ChuchangLiu,MarisOzols,TonyCant AKnowledge-BasedApproachtoInternetAuthorizations...292 AlongLin ApplicationsofTrustedReviewtoInformationSecurity...3 05 JohnYesberg,MarieHenderson NetworkSecurityModelingandCyberAttackSimulationMethodology...320 Sung-DoChi,JongSouPark,Ki-ChanJung,Jang-SeLee CryptographicSalt:ACountermeasureagainstDenial-of-ServiceAttacks. . 334 DongGookPark,JungJoonKim,ColinBoyd,EdDawson EnhancedModesofOperationfortheEncryptioninHigh-SpeedNetworks andTheirImpactonQoS...

This book constitutes the thoroughly refereed post-proceedings of the 9th International Workshop on Security Protocols held in Cambridge, UK in April 2001.The 13 revised full papers presented together with transcriptions of the discussions following the presentations have gone through two rounds of reviewing, revision, and selection. Also included are abstracts and transcriptions of invited presentations and topically focused discussions. Among the topics addressed are mobile computing and security, denial of service, authentication, Internet protocols, timing attacks, PIM security, security engineering, non-repudiation, trust management, access control policies, and Bluetooth security.

Invasion of privacy and misuse of personal data are among the most obvious negative effects of today's information and communication technologies. Besides technical issues from a variety of fields, privacy legislation, depending on national activities and often lacking behind technical progress, plays an important role in designing, implementing, and using privacy-enhancing systems.Taking into account technical aspects from IT security, this book presents in detail a formal task-based privacy model which can be used to technically enforce legal privacy requirements. Furthermore, the author specifies how the privacy model policy has been implemented together with other security policies in accordance with the Generalized Framework for Access Control (GFAC).This book will appeal equally to R&D professionals and practitioners active in IT security and privacy, advanced students, and IT managers.

EUROCRYPT 2001, the 20th annual Eurocrypt conference, was sponsored by the IACR, the International Association for Cryptologic Research, see http://www. iacr. org/, this year in cooperation with the Austrian Computer - ciety (OCG). The General Chair, Reinhard Posch, was responsible for local or- nization, and registration was handled by the IACR Secretariat at the University of California, Santa Barbara. In addition to the papers contained in these proceedings, we were pleased that the conference program also included a presentation by the 2001 IACR d- tinguished lecturer, Andrew Odlyzko, on "Economics and Cryptography" and an invited talk by Silvio Micali, "Zero Knowledge Has Come of Age. " Furthermore, there was the rump session for presentations of recent results and other (p- sibly satirical) topics of interest to the crypto community, which Jean-Jacques Quisquater kindly agreed to run. The Program Committee received 155 submissions and selected 33 papers for presentation; one of them was withdrawn by the authors. The review process was therefore a delicate and challenging task for the committee members, and I wish to thank them for all the e?ort they spent on it. Each committee member was responsible for the review of at least 20 submissions, so each paper was carefully evaluated by at least three reviewers, and submissions with a program committee member as a (co-)author by at least six.

TheInternationalWorkshoponPracticeandTheoryinPublicKeyCryptog- phyPKC2002washeldattheMaisondelaChimie,situatedintheverycenter ofParis,FrancefromFebruary12to14,2002. ThePKCseriesofconferences yearlyrepresentsinternationalresearchandthelatestachievementsinthearea ofpublickeycryptography,coveringawidespectrumoftopics,fromcryptos- temstoprotocols,implementationtechniquesorcryptanalysis. Afterbeingheld infoursuccessiveyearsinpaci?c-asiancountries,PKC2002experiencedforthe ?rsttimeaEuropeanlocation,thusshowingitsabilitytoreachaneverwider audiencefromboththeindustrialcommunityandacademia. Weareverygratefultothe19membersoftheProgramCommitteefortheir hardande?cientworkinproducingsuchahighqualityprogram. Inresponseto thecallforpapersofPKC2002,69paperswereelectronicallyreceivedfrom13 di?erentcountriesthroughoutEurope,America,andtheFarEast. Allsubm- sionswerereviewedbyatleastthreemembersoftheprogramcommittee,who eventuallyselectedthe26papersthatappearintheseproceedings. Inaddition to this program, we were honored to welcome Prof. Bart Preneel who kindly acceptedtogivethisyear'sinvitedtalk. Theprogramcommitteegratefully- knowledgesthehelpofalargenumberofcolleagueswhoreviewedsubmissionsin theirareaofexpertise:MasayukiAbe,SeigoArita,OlivierBaudron,MihirB- lare,EmmanuelBresson,EricBrier,MathieuCiet,AlessandroCon?itti,Jean- S'ebastienCoron,RogerFischlin,Pierre-AlainFouque,MattFranklin,Rosario Genarro,MarcGirault,LouisGranboulan,GoichiroHanaoka,DarrelHank- son, Eliane Jaulmes, Ari Juels, Jinho Kim, Marcos Kiwi, Kazukuni Kobara, Francois Koeune, Byoungcheon Lee, A. K. Lenstra, Pierre Loidreau, Wenbo Mao, Gwenaelle Martinet, Yi Mu, Phong Nguyen, Satoshi Obana, Guillaume Poupard,YasuyukiSakai,HideoShimizu,TomShrimpton,RonSteinfeld,K- suyukiTakashima,HuaxiongWang,andYujiWatanabe. JulienBrouchier- servesspecialthanksforskillfullymaintainingtheprogramcommittee'swebsite andpatientlyhelpingoutduringtherefereeingprocess. Finally,wewishtothankalltheauthorswhocommittedtheirtimebys- mitting papers (including those whose submissions were not successful), thus makingthisconferencepossible,aswellastheparticipants,organizers,andc- tributorsfromaroundtheworldfortheirkindsupport. December2001 DavidNaccache,PascalPaillier PKC2002 FifthInternationalWorkshop onPracticeandTheory inPublicKeyCryptography MaisondelaChimie,Paris,France February12-14,2002 ProgramCommittee DavidNaccache(ProgramChair)...Gemplus,France DanielBleichenbacher...BellLabs,LucentTechnologies,USA YvoDesmedt ...FloridaStateUniversity,USA MarcFischlin...Goethe-UniversityofFrankfurt,Germany ShaiHalevi...IBMT. J. WatsonResearchCenter,USA MarkusJakobsson ...RSALaboratories,USA AntoineJoux...DCSSI,France BurtKaliski ...RSALaboratories,USA KwangjoKim ...InformationandCommunicationsUniversity,Korea EyalKushilevitz...Technion,Israel PascalPaillier...Gemplus,France ' DavidPointcheval ...EcoleNormaleSup'erieure,France Jean-JacquesQuisquater...Universit'eCatholiquedeLouvain,Belgium PhillipRogaway ...UCDavis,USA KazueSako...NECCorporation,Japan BruceSchneier...CounterpaneInternetSecurity,USA JunjiShikata...UniversityofTokyo,Japan IgorShparlinski ...MacquarieUniversity,Australia MotiYung ...Certco,USA JianyingZhou...OracleCorporation,USA TableofContents EncryptionSchemes NewSemanticallySecurePublic-KeyCryptosystemsfromtheRSA-Primitive 1 KouichiSakurai(KyushuUniversity,Japan),TsuyoshiTakagi (TechnischeUniversit. atDarmstadt,Germany) OptimalChosen-CiphertextSecureEncryption ofArbitrary-LengthMessages...17 Jean-S' ebastien Coron (Gemplus, France), Helena Handschuh (Gemplus,France),MarcJoye(Gemplus,France),PascalPaillier ' (Gemplus,France),DavidPointcheval(EcoleNormaleSup' erieure,France), ChristopheTymen(Gemplus,France) OnSu?cientRandomnessforSecurePublic-KeyCryptosystems...34 Takeshi Koshiba (Fujitsu Laboratories Ltd, Japan) Multi-recipientPublic-KeyEncryptionwithShortenedCiphertext...48 Kaoru Kurosawa (Ibaraki University, Japan) SignatureSchemes E?cientandUnconditionallySecureDigitalSignatures andaSecurityAnalysisofaMultireceiverAuthenticationCode...64 GoichiroHanaoka(UniversityofTokyo,Japan),JunjiShikata (University of Tokyo, Japan), Yuliang Zheng (UNC Charlotte, USA), HidekiImai(UniversityofTokyo,Japan) FormalProofsfortheSecurityofSigncryption...80 JoonsangBaek(MonashUniversity,Australia),RonSteinfeld(Monash University,Australia),YuliangZheng(UNCCharlotte,USA) AProvablySecureRestrictivePartiallyBlindSignatureScheme...99 GregMaitland(QueenslandUniversityofTechnology,Australia), ColinBoyd(QueenslandUniversityofTechnology,Australia) ProtocolsI M+1-stPriceAuctionUsingHomomorphicEncryption...1 15 Masayuki Abe (NTT ISP Labs, Japan), Koutarou Suzuki (NTT ISP Labs,Japan) Client/ServerTradeo?sforOnlineElections...125 Ivan Damg? ard (Aarhus University, Denmark), Mads Jurik (Aarhus University,Denmark) X TableofContents Self-tallyingElectionsandPerfectBallotSecrecy...141 AggelosKiayias(GraduateCenter,CUNY,USA),MotiYung(CertCo, USA) ProtocolsII E?cient1-Out-nObliviousTransferSchemes...159 Wen-GueyTzeng(NationalChiaoTungUniversity,Taiwan) LinearCodeImpliesPublic-KeyTraitorTracing...

This book constitutes the thoroughly refereed post-proceedings of the 7th Annual International Workshop on Selected Areas in Cryptography, SAC 2000, held in Waterloo, Ontario, Canada, in August 2000.The 24 revised full papers presented were selected from 41 submissions and have gone through two rounds of reviewing and revision. The papers are organized in topical sections on cryptanalysis, block ciphers: new designs, elliptic curves and efficient implementations, security protocols and applications, block ciphers and hash functions, Boolean functions and stream ciphers, and public key systems.

Anonymity and unobservability have become key issues in the context of securing privacy on the Internet and in other communication networks. Services that provide anonymous and unobservable access to the Internet are important for electronic commerce applications as well as for services where users want to remain anonymous.This book is devoted to the design and realization of anonymity services for the Internet and other communcation networks. The book offers topical sections on: attacks on systems, anonymous publishing, mix systems, identity management, pseudonyms and remailers. Besides nine technical papers, an introduction clarifying the terminology for this emerging area is presented as well as a survey article introducing the topic to a broader audience interested in security issues.

This book constitutes the refereed proceedings of the 7th Australasian Conference on Information Security and Privacy, ACISP 2002, held in Melbourne, Australia, in July 2002.The 36 revised full papers presented together with one invited paper were carefully reviewed and selected from 94 submissions. The papers are organized in topical sections on key handling, trust and secret sharing, fast computation, cryptanalysis, elliptic curves, advanced encryption standard AES, security management, authentication, oblivious transfer, and dealing with adversaries.

This book constitutes the thoroughly refereed post-proceedings of the 7th International Workshop on Fast Software Encryption, FSE 2000, held in New York City, USA in April 2000.The 21 revised full papers presented were carefully reviewed and selected from a total of 53 submissions. The volume presents topical sections on stream-cipher cryptanalysis, new ciphers, AES cryptanalysis, block-cipher cryptanalysis, and theoretical work.

The Information Security Conference 2001 brought together individuals involved in multiple disciplines of information security to foster the exchange of ideas. The conference, an outgrowth of the Information Security Workshop (ISW) series, was held in Malaga, Spain, on October 1 3, 2001. Previous workshops were ISW '97 at Ishikawa, Japan; ISW '99 at Kuala Lumpur, Malaysia; and ISW 2000 at Wollongong, Australia. The General Co chairs, Javier Lopez and Eiji Okamoto, oversaw the local organization, registration, and performed many other tasks. Many individuals deserve thanks for their contribution to the success of the conference. Jose M. Troya was the Conference Chair. The General Co chairs were assisted with local arrangements by Antonio Mana, Carlos Maraval, Juan J. Ortega, Jose M. Sierra, and Miguel Soriano. This was the first year that the conference accepted electronic submissions. Many thanks to Dawn Gibson for assisting in developing and maintaining the electronic submission servers. The conference received 98 submissions of which 37 papers were accepted for presentation. These proceedings contain revised versions of the accepted papers. Revisions were not checked and the authors bear full responsibility for the contents of their papers. The Program Committee consisted of Elisa Bertino, Universita di Milano; G. R."

The third International Workshop on Information Security was held at the U- versity of Wollongong, Australia. The conference was sponsored by the Centre for Computer Security Research, University of Wollongong. The main themes of the conference were the newly emerging issues of Information Security. Mul- media copyright protection and security aspects of e-commerce were two topics that clearly re?ect the focus of the conference. Protection of the copyright of electronic documents seems to be driven by strong practical demand from the industry for new, e cient and secure solutions. Although e-commerce is already booming, it has not reached its full potential in terms of new, e cient and secure e-commerce protocols with added properties. There were 63 papers submitted to the conference. The program committee accepted 23. Of those accepted, six papers were from Australia, ve from Japan, two each from Spain, Germany and the USA, and one each from Finland and Sweden. Four papers were co-authored by international teams from Canada and China, Korea and Australia, Taiwan and Australia, and Belgium, France and Germany, respectively. Final versions of the accepted papers were gathered using computing and other resources of the Institute of Mathematics, Polish Academy of Sciences, Warsaw, Poland. We are especially grateful to Jerzy Urbanowicz and Andrzej Pokrzywa for their help during preparation of the proceedings.

WelcometoRotterdamandtotheInternationalConferenceSafecomp2000,on thereliability,safetyandsecurityofcriticalcomputerapplications. Thisalready marksthe19thyearoftheconference,showingtheundiminishedinterestthe topicelicitsfrombothacademiaandindustry. Safecomphasproventobean excellentplacetomeetandhavediscussions,andwehopethistrendcontinues thisyear. Peopleandorganisationsdependmoreandmoreonthefunctioningofc- puters. Whetherinhouseholdequipment,telecommunicationsystems,o?ce- plications,banking,peoplemovers,processcontrolormedicalsystems,theoft- embeddedcomputersubsystemsaremeanttoletthehostingsystemrealiseits intendedfunctions. Theassuranceofproperfunctioningofcomputersin- pendableapplicationsisfarfromobvious. Themillenniumstartedwiththebug andthefullendorsementoftheframeworkstandardIEC61508. Thevariety ofdependablecomputerapplicationsincreasesdaily,andsodoesthevarietyof risksrelatedtotheseapplications. Theassessmentoftheserisksthereforeneeds re?ectionandpossiblynewapproaches. Thisyear'sSafecompprovidesabroad mixofpapersontheseissues,onprogressmadeindi?erentapplicationdomains andonemergingchallenges. Oneofthespecialtopicsthisyearistransportandinfrastructure. Onewould behardpressedto?ndabetterplacetodiscussthisthaninRotterdam. The reliability,safetyandsecurityofcomputersisofprominentimportancetoRott- dam,asafewexamplesillustrate. Itsharbourdependsonthereliablefunctioning ofcontainerhandlingsystems,onthesafefunctioningofitsradarsystems,and, asofrecently,onthesafeandreliablefunctioningoftheenormousstormsurge barrieratHoekvanHolland. AnewtopicforSafecompis medicalsystems. Theseprogressivelydepend on-embedded-programmableelectronicsystems. Experienceshowsthatthe medicalworldlacksthemethodsforapplyingthesesystemssafelyandreliably. Wewelcomeagroupofpeoplereadytodiscussthistopic,andhope,bydoing so,tocontributetothis?eldofapplicationsofsafe,reliableandsecuresystems. SoftwareprocessimprovementalsorepresentsaspecialtopicofSafecomp 2000. Itprovedtobethemostfruitfulofthethreeintermsofsubmittedpapers. Thereweremanycontributionsfromahostofcountries,whichhadtobespread amongstdi?erentsessiontopics. WewishtothanktheInternationalProgramCommittee'smembers,41in total,fortheire?ortsinreviewingthepapersandfortheirvaluableadvicein organisingthisconference. Wearealsogratefulfortheircontributiontod- tributingcallsforpapersandannouncements. Withouttheirhelptheburdenof organisingthisconferencewouldhavebeenmuchgreater. VI Preface Finally,letusonceagainwelcomeyoutoRotterdam,atrulyinternational cityandhometopeopleofmanynationalities. Wehopeyoutakethetimenot onlytoenjoythisconference,butalsoto?ndyourwayaroundthecity,sinceit surelyhasmuchtoo?er. FloorKoornneef MeinevanderMeulen Table of Contents InvitedPaper TheTenMostPowerfulPrinciplesforQualityin(Softwareand) SoftwareOrganizationsforDependableSystems...1 TomGilb Veri?cationandValidation EmpiricalAssessmentofSoftwareOn-LineDiagnostics UsingFaultInjection...14 JohnNapier,JohnMayandGordonHughes Speeding-UpFaultInjectionCampaignsinVHDLModels...27 B. Parrotta,M. Rebaudengo,M. SonzaReordaandM. Violante Speci?cationandVeri?cationofaSafetyShellwithStatechartsand ExtendedTimedGraphs...37 JanvanKatwijk,HansToetenel,Abd-El-KaderSahraoui,EricAnderson andJanuszZalewski ValidationofControlSystemSpeci?cationswithAbstractPlantModels...53 WenhuiZhang AConstantPerturbationMethodforEvaluation ofStructuralDiversityinMultiversionSoftware...63 LupingChen,JohnMayandGordonHughes ExpertError:TheCaseofTrouble-ShootinginElectronics...74 DenisBesnard TheSafetyManagementofData-DrivenSafety-RelatedSystems ...86 A. G. Faulkner,P. A. Bennett,R. H. Pierce,I. H. A. Johnston andN. Storey SoftwareSupportforIncidentReportingSystems inSafety-CriticalApplications...96 ChrisJohnson SoftwareProcessImprovement ADependability-ExplicitModelfortheDevelopment ofComputingSystems...107 MohamedKaan iche,Jean-ClaudeLaprieandJean-PaulBlanquart VIII Table ofContents DerivingQuanti?edSafetyRequirementsinComplexSystems ...117 PeterA. Lindsay,JohnA. McDermidandDavidJ. Tombs ImprovingSoftwareDevelopmentbyUsing SafeObjectOrientedDevelopment:OTCD...131 XavierM'ehautandPierreMor'ere ASafetyLicensablePESforSIL4Applications...141 WolfgangA. Halang,PeterVogrinandMatja?zColnari?c SafetyandSecurityIssuesinElectricPowerIndustry ...151 ? Zdzis lawZurakowski DependabilityofComputerControlSystemsinPowerPlants ...165 Cl'audiaAlmeida,AlbertoArazo,YvesCrouzetandKaramaKanoun AMethodofAnalysisofFaultTreeswithTimeDependencies ...176 JanMagottandPawe lSkrobanek Formal Methods AFormalMethodsCaseStudy:UsingLight-WeightVDM fortheDevelopmentofaSecuritySystemModule...187 GeorgDroschl,WalterKuhn,GeraldSonneckandMichaelThuswald FormalMethods:TheProblemIsEducation...198 ThierryScheurer FormalMethodsDi?usion:PastLessonsandFutureProspects...211 R. Bloom?eld,D. Craigen,F. Koob,M. UllmannandS. Wittmann InvitedPaper SafeTech:AControlOrientedViewpoint...227 MaartenSteinbuch SafetyGuidelines,StandardsandCerti?cation DerivationofSafetyTargetsfortheRandomFailure ofProgrammableVehicleBasedSystems...240 RichardEvansandJonathanMo?ett IEC61508-ASuitableBasisfortheCerti?cation ofSafety-CriticalTransport-InfrastructureSystems??...250 DerekFowlerandPhilBennett Table of Contents IX HardwareAspects AnApproachtoSoftwareAssistedRecovery fromHardwareTransientFaultsforRealTimeSystems...264 D. BasuandR. Paramasivam ProgrammableElectronicSystemDesign&Veri?cationUtilizingDFM...275 MichelHoutermans,GeorgeApostolakis,AarnoutBrombacher andDimitriosKarydas SIMATICS7-400F/FH:Safety-RelatedProgrammableLogicController...286 AndreasSchenk SafetyAssessmentI AssessmentoftheReliabilityofFault-TolerantSoftware: ABayesianApproach...294 BevLittlewood,PeterPopovandLorenzoStrigini EstimatingDependabilityofProgrammableSystemsUsingBBNs...309 BjornAxelGran,GustavDahll,SiegfriedEisinger,EivindJ. Lund, JanGerhardNorstrom,PeterStrockaandBrittJ. Ystanes DesignforSafety ImprovementsinProcessControlDependability throughInternetSecurityTechnology...321 FerdinandJ. Dafelmair ASurveyonSafety-CriticalMulticastNetworking ...333 JamesS. PascoeandR. J. Loader InvitedPaper CausalReasoningaboutAircraftAccidents...344 PeterB. Ladkin Transport&Infrastructure ControllingRequirementsEvolution:AnAvionicsCaseStudy...361 StuartAndersonandMassimoFelici HAZOPAnalysisofFormalModels ofSafety-CriticalInteractiveSystems...

I would like to welcome all the participants to the 3rd International Conference on Information Security and Cryptology (ICISC 2000). It is sponsored by the Korea Institute of Information Security and Cryptology (KIISC) and is being held at Dongguk University in Seoul, Korea from December 8 to 9, 2000. This conference aims at providing a forum for the presentation of new results in research, development, and application in information security and cryptology. This is also intended to be a place where research information can be exchanged. The Call for Papers brought 56 papers from 15 countries and 20 papers will be presented in ve sessions. As was the case last year the review process was totally blind and the anonymity of each submission was maintained. The 22 TPC members nally selected 20 top-quality papers for presentation at ICISC 2000. I am very grateful to the TPC members who devoted much e ort and time to reading and selecting the papers. We also thank the experts who assisted the TPC in evaluating various papers and apologize for not including their names here. Moreover, I would like to thank all the authors who submitted papers to ICISC 2000 and the authors of accepted papers for their preparation of came- ready manuscripts. Last but not least, I thank my student, Joonsuk Yu, who helped me during the whole process of preparation for the conference. I look forward to your participation and hope you will nd ICISC 2000 a truly rewarding experience.

This book covers a broader scope of Attribute-Based Encryption (ABE), from the background knowledge, to specific constructions, theoretic proofs, and applications. The goal is to provide in-depth knowledge usable for college students and researchers who want to have a comprehensive understanding of ABE schemes and novel ABE-enabled research and applications. The specific focus is to present the development of using new ABE features such as group-based access, ID-based revocation, and attributes management functions such as delegation, federation, and interoperability. These new capabilities can build a new ABE-based Attribute-Based Access Control (ABAC) solution that can incorporate data access policies and control into ciphertext. This book is also ideal for IT companies to provide them with the most recent technologies and research on how to implement data access control models for mobile and data-centric applications, where data access control does not need to rely on a fixed access control infrastructure. It's also of interested to those working in security, to enable them to have the most recent developments in data access control such as ICN and Blockchain technologies. Features Covers cryptographic background knowledge for ABE and ABAC Features various ABE constructions to achieve integrated access control capabilities Offers a comprehensive coverage of ABE-based ABAC Provides ABE applications with real-world examples Advances the ABE research to support new mobile and data-centric applications