ICICS 2003, the Fifth International Conference on Information and C- munication Security, was held in Huhehaote city, Inner Mongolia, China, 10 13 October 2003. Among the preceding conferences, ICICS 97 was held in B- jing, China, ICICS 99 in Sydney, Australia, ICICS 2001 in Xi an, China, and ICICS 2002, in Singapore.TheproceedingswerereleasedasVolumes1334,1726, 2229, and 2513 of the LNCS series of Springer-Verlag, respectively. ICICS 2003 was sponsored by the Chinese Academy of Sciences (CAS), the National Natural Science Foundation of China, and the China Computer F- eration. The conference was organized by the Engineering Research Center for Information Security Technology of the Chinese Academy of Sciences (ERCIST, CAS) in co-operation with the International Communications and Information Security Association (ICISA). The aim of the ICICS conferences has been to o?er the attendees the - portunity to discuss the state-of-the-art technology in theoretical and practical aspects of information and communications security. The response to the Call forPaperswassurprising.WhenwewerepreparingtheconferencebetweenApril and May, China, including the conference venue, Huhehaote City, was ?ghting against SARS. Despite this 176 papers were submitted to the conference from 22 countries and regions, and after a competitive selection process, 37 papers from 14 countries and regions were accepted to appear in the proceedings and be presented at ICICS 2003. We would like to take this opportunity to thank all those who submitted papers to ICICS 2003 for their valued contribution to the conference."

The Communications and Multimedia Security conference (CMS 2003) was - ganized in Torino, Italy, on October 2-3, 2003. CMS 2003 was the seventh IFIP working conference on communications and multimedia security since 1995. - search issues and practical experiences were the topics of interest, with a special focus on the security of advanced technologies, such as wireless and multimedia communications. The book "Advanced Communications and Multimedia Security" contains the 21 articles that were selected by the conference program committee for p- sentation at CMS 2003. The articles address new ideas and experimental eval- tion in several ?elds related to communications and multimedia security, such as cryptography, network security, multimedia data protection, application se- rity, trust management and user privacy. We think that they will be of interest not only to the conference attendees but also to the general public of researchers in the security ?eld. We wish to thank all the participants, organizers, and contributors of the CMS 2003 conference for having made it a success. October 2003 Antonio Lioy GeneralChairofCMS2003 Daniele Mazzocchi ProgramChairofCMS2003 VI Organization CMS 2003 was organized by the TORSEC Computer and Network Security Group of the Dipartimento di Automatica ed Informatica at the Politecnico di Torino, in cooperation with the Istituto Superiore Mario Boella.

This volume contains the papers presented at the International Workshop on Mathematical Methods, Models and Architectures for Computer Network Se- rity(MMM-ACNS2003)heldinSt.Petersburg, Russia, duringSeptember21 23, 2003.TheworkshopwasorganizedbytheSt.PetersburgInstituteforInformatics and Automation of the Russian Academy of Sciences (SPIIRAS) in cooperation with the Russian Foundation for Basic Research (RFBR), the US Air Force - search Laboratory/Information Directorate (AFRL/IF) and the Air Force O?ce of Scienti?c Research (AFOSR), the O?ce of Naval Research International Field O?ce (USA), and Binghamton University (SUNY, USA). The ?rst international workshop of this series, MMM-ACNS2001, May 21 23, 2001, St. Petersburg, Russia, hosted by the St. Petersburg Institute for - formatics and Automation, demonstrated the keen interest of the international researchcommunityinthetheoreticalaspectsofcomputernetworkandinfor- tion security and encouraged the establishment of an on-going series of brennial workshops. MMM-ACNS2003 provided an international forum for sharing original - search results and application experiences among specialists in fundamental and applied problems of computer network security. An important distinction of the workshop was its focus on mathematical aspects of information and computer networksecurityandtheroleofmathematicalissuesincontemporaryandfuture development of models of secure computing."

Fast Software Encryption is now a 10-year-old workshop on symmetric crypt- raphy, including the design and cryptanalysis of block and stream ciphers, as well as hash functions. The ?rst FSE workshop was held in Cambridge in 1993, followed by Leuven in 1994, Cambridge in 1996, Haifa in 1997, Paris in 1998, Rome in 1999, New York in 2000, Yokohama in 2001, and Leuven in 2002. This Fast Software Encryption workshop, FSE 2003, was held February 24- 26, 2003 in Lund, Sweden. The workshop was sponsored by IACR (International Association for Cryptologic Research) and organized by the General Chair, Ben Smeets, in cooperation with the Department of Information Technology, Lund University. Thisyearatotalof71papersweresubmittedtoFSE2003.Afteratwo-month reviewing process, 27 papers were accepted for presentation at the workshop. In addition, we were fortunate to have in the program an invited talk by James L. Massey. The selection of papers was di?cult and challenging work. Each submission was refereed by at least three reviewers. I would like to thank the program c- mittee members, who all did an excellent job. In addition, I gratefully ackno- edge the help of a number of colleagues who provided reviews for the program committee. They are: Kazumaro Aoki, Alex Biryukov, Christophe De Canni' ere, Nicolas Courtois, Jean-Charles Faug' ere, Rob Johnson, Pascal Junod, Joseph Lano, Marine Minier, Elisabeth Oswald, H? avard Raddum, and Markku-Juhani O. Saarinen.

These are the proceedings of CHES 2003, the ?fth workshop on Cryptographic HardwareandEmbeddedSystems, heldinCologneonSeptember8-10,2003.As with every previous workshop, there was a record number of submissions despite themuchearlierdeadlineinthisyear'scallforpapers.Thisisaclearindication of the growing international importance of the scope of the conference and the relevance of the subject material to both industry and academia. The increasing competition for presenting at the conference has led to many excellent papers and a higher standard overall. From the 111 submissions, time constraintsmeantthatonly32couldbeaccepted.Theprogramcommitteewo- ed very hard to select the best. However, at the end of the review process there were a number of good papers - which it would like to have included but for which, sadly, there was insu?cient space. In addition to the accepted papers appearing in this volume, there were three invited presentations from Hans D- bertin (Ruhr-Universit] at Bochum, Germany), Adi Shamir (Weizmann Institute, Israel), and Frank Stajano (University of Cambridge, UK), and a panel d- cussion on the e?ectiveness of current hardware and software countermeasures against side channel leakage in embedded cryptosystems."

On behalf of the Program Committee, it is our pleasure to present to you the proceedings of the Sixth Symposium on Recent Advances in Intrusion Detection (RAID 2003). Theprogramcommitteereceived44fullpapersubmissionsfrom10countries. All submissions were carefully reviewed by at least three program committee members or additional intrusion detection experts according to the criteria of scienti?c novelty, importance to the ?eld, and technical quality. The program committee meeting was held in Berkeley, USA on May 14 15. Thirteen papers were selected for presentation and publication in the conference proceedings. The conference technical program included both fundamental research and practical issues, and was shaped around the following topics: network infr- tructure, anomaly detection, correlation, modeling and speci?cation, and sensor technologies. The slides presented by the authors are available on the RAID 2003 web site, http: //www.raid-symposium.org/raid2003. We would like to thank the authors that submitted papers as well as the p- gram committee members and the additional reviewers who volunteered their time to create a quality program. In addition, we want to thank the Conf- ence General Chair, John McHugh, for organizing the conference in Pittsburgh, Joshua Haines for publicizing the conference, Don McGillen for ?nding support from our sponsors, and Christopher Kruegel for maintaining the RAID web site and preparing the conference proceedings. Special thanks go to our sponsors Cisco Systems and Symantec, who p- vided ?nancial support for student participation to the symposium, and to CERT/CMU for hosting the conference."

The 1st International Conference on "Applied Cryptography and Network Se- rity" (ACNS 2003) was sponsored and organized by ICISA (International C- munications and Information Security Association), in cooperation with MiAn Pte. Ltd. and the Kunming government. It was held in Kunming, China in - tober 2003. The conference proceedings was published as Volume 2846 of the Lecture Notes in Computer Science (LNCS) series of Springer-Verlag. The conference received 191 submissions, from 24 countries and regions; 32 of these papers were accepted, representing 15 countries and regions (acceptance rate of 16.75%). In this volume you will ?nd the revised versions of the - cepted papers that were presented at the conference. In addition to the main track of presentations of accepted papers, an additional track was held in the conference where presentations of an industrial and technical nature were given. These presentations were also carefully selected from a large set of presentation proposals. This new international conference series is the result of the vision of Dr. Yongfei Han. The conference concentrates on current developments that advance the - eas of applied cryptography and its application to systems and network security. The goal is to represent both academic research works and developments in - dustrial and technical frontiers. We thank Dr. Han for initiating this conference and for serving as its General Chair.

The 2003 Information Security Conference was the sixth in a series that started with the InformationSecurity Workshopin 1997.A distinct feature of this series is the wide coverage of topics with the aim of encouraging interaction between researchers in di?erent aspects of information security. This trend continued in the program of this year s conference. There were 133 paper submissions to ISC 2003. From these submissions the 31papersintheseproceedingswereselectedbytheprogramcommittee, covering a wide range of technical areas. These papers are supplemented by two invited papers;athirdinvitedtalkwaspresentedattheconferencebutisnotrepresented by a written paper. We would like to extend our sincere thanks to all the authors that submitted papers to ISC 2003, and we hope that those whose papers were declined will be able to ?nd an alternative forum for their work. We are also very grateful to the three eminent invited speakers at the conference: Paul van Oorschot (Carleton University, Canada), Ueli Maurer (ETH Zur ] ich, Switzerland), and Andy Clark (Inforenz Limited, UK). We were fortunate to have an energetic team of experts who took onthe task of the program committee. Their names may be found overleaf, and we thank them warmly for their considerable e?orts. This team was helped by an even larger number of individuals who reviewed papers in their particular areas of expertise. A list of these names is also provided, which we hope is complete."

Crypto 2003, the 23rd Annual Crypto Conference, was sponsored by the Int- national Association for Cryptologic Research (IACR) in cooperation with the IEEE Computer Society Technical Committee on Security and Privacy and the Computer Science Department of the University of California at Santa Barbara. The conference received 169 submissions, of which the program committee selected 34 for presentation. These proceedings contain the revised versions of the 34 submissions that were presented at the conference. These revisions have not been checked for correctness, and the authors bear full responsibility for the contents of their papers. Submissions to the conference represent cutti- edge research in the cryptographic community worldwide and cover all areas of cryptography. Many high-quality works could not be accepted. These works will surely be published elsewhere. The conference program included two invited lectures. Moni Naor spoke on cryptographic assumptions and challenges. Hugo Krawczyk spoke on the 'SI- and-MAc'approachtoauthenticatedDi?e-HellmananditsuseintheIKEpro- cols. The conference program also included the traditional rump session, chaired by Stuart Haber, featuring short, informal talks on late-breaking research news. Assembling the conference program requires the help of many many people. To all those who pitched in, I am forever in your debt. I would like to ?rst thank the many researchers from all over the world who submitted their work to this conference. Without them, Crypto could not exist. I thank Greg Rose, the general chair, for shielding me from innumerable logistical headaches, and showing great generosity in supporting my e?orts.

The thoroughly refereed post-proceedings of the Second International Workshop on Digital Rights Management, DRM 2002, held in Washington, DC, USA, in November 2002, in conjunction with ACM CCS-9. The 13 revised full papers presented were carefully reviewed and selected for inclusion in the book. Among the topics addressed are DES implementation for DRM applications, cryptographic attacks, industrial challenges, public key broadcast encryption, fingerprinting, copy-prevention techniques, copyright limitations, content protection, watermarking systems, and theft-protected proprietary certificates.

The refereed proceedings of the 8th Australasian Conference on Information Security and Privacy, ACISP 2003, held in Wollongong, Australia, in July 2003. The 42 revised full papers presented together with 3 invited contributions were carefully reviewed and selected from 158 submissions. The papers are organized in topical sections on privacy and anonymity, elliptic curve cryptography, cryptanalysis, mobile and network security, digital signatures, cryptosystems, key management, and theory and hash functions.

Integrity and Internal Control in Information Systems V represents a continuation of the dialogue between researchers, information security specialists, internal control specialists and the business community. The objectives of this dialogue are:
-To present methods and techniques that will help business achieve the desired level of integrity in information systems and data;
-To present the results of research that may be used in the near future to increase the level of integrity or help management maintain the desired level of integrity;
-To investigate the shortcomings in the technologies presently in use, shortcomings that require attention in order to protect the integrity of systems in general.
The book contains a collection of papers from the Fifth International Working Conference on Integrity and Internal Control in Information Systems (IICIS), sponsored by the International Federation for Information Processing (IFIP) and held in Bonn, Germany in November 2002.

This book constitutes the refereed proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2003, held in Warsaw, Poland in May 2003. The 37 revised full papers presented together with two invited papers were carefully reviewed and selected from 156 submissions. The papers are organized in topical sections on cryptanalysis, secure multi-party communication, zero-knowledge protocols, foundations and complexity-theoretic security, public key encryption, new primitives, elliptic curve cryptography, digital signatures, information-theoretic cryptography, and group signatures.

This book constitutes the refereed proceedings of the First NSF/NIJ Symposium on Intelligence and Security Informatics, ISI 2003, held in Tucson, AZ, USA in June 2003. The 24 revised full papers and 16 revised short papers presented were carefully reviewed and selected for inclusion in the book. The papers are organized in topical sections on data management and data mining, deception detection, analytical techniques, for crime detection, visualization, knowledge management and adoption, collaborative systems and methodologies, and monitoring and surveillance.

This book constitutes the thoroughly refereed post-proceedings of the First International Workshop on Digital Watermarking, IWDW 2002, held in Seoul, Korea in November 2002. The 19 revised full papers presented together with two invited papers were carefully selected during two rounds of reviewing and improvement from 64 submissions. The papers are organized in topical sections on fundamentals, new algorithms, watermarking unusual content, fragile watermarking, robust watermarking, and adaptive watermarking.

This book constitutes the thoroughly refereed post-proceedings of the 6th International Conference on Financial Cryptography, FC 2002, held in Southampton, Bermuda, in March 2002. The 19 revised full papers presented were carefully selected during two rounds of reviewing and improvement. The papers are organized in topical sections on voting and recommending, auctions, cryptography, digital signature schemes, thresholds and secret sharing, and anonymity and digital payment systems.

This book constitutes the refereed proceedings of the Cryptographers' Track at the RSA Conference 2003, CT-RSA 2003, held in San Francisco, CA, USA, in April 2003. The 26 revised full papers presented together with abstracts of 2 invited talks were carefully reviewed and selected from 97 submissions. The papers are organized in topical sections on key self-protection, message authentication, digital signatures, pairing based cryptography, multivariate and lattice problems, cryptographic architectures, new RSA-based cryptosystems, chosen-ciphertext security, broadcast encryption and PRF sharing, authentication structures, elliptic curves and pairings, threshold cryptography, and implementation issues.

This book constitutes the thoroughly refereed post-proceedings of the 4th International Workshop on Cryptographic Hardware and Embedded Systems, CHES 2002, held in Redwood Shores, California, USA in August 2002. The 41 revised full papers presented together with two invited contributions were carefully selected from 101 submissions during two rounds of reviewing and revision. The papers are organized in topical sections on attack strategies, finite field and modular arithmetic, elliptic curve cryptography, AES and AES candidates, tamper resistance, RSA implementation, random number generation, new primitives, hardware for cryptanalysis.

 This book constitutes the thoroughly refereed post-proceedings of the 5th International Conference on Information Security and Cryptology, ICISC 2002, held in Seoul, Korea in November 2002. The 35 revised full papers presented together with an invited paper were carefully selected from 142 submissions during two rounds of reviewing and improvement. The papers are organized in topical sections on digital signatures, Internet security, block ciphers and stream ciphers, stream ciphers and other primitives, efficient implementations, side-channel attacks, cryptographic protocols and biometrics.

For more than the last three decades, the security of software systems has been an important area of computer science, yet it is a rather recent general recognition that technologies for software security are highly needed. This book assesses the state of the art in software and systems security by presenting a carefully arranged selection of revised invited and reviewed papers. It covers basic aspects and recently developed topics such as security of pervasive computing, peer-to-peer systems and autonomous distributed agents, secure software circulation, compilers for fail-safe C language, construction of secure mail systems, type systems and multiset rewriting systems for security protocols, and privacy issues as well.

This book constitutes the thoroughly refereed post-proceedings of the Second International Workshop on Privacy Enhancing Technologies, PET 2002, held in San Francisco, CA, USA, in April 2002. The 17 revised full papers presented were carefully selected during two rounds of reviewing and improvement. Among the topics addressed are Internet security, private authentication, information theoretic anonymity, anonymity measuring, enterprise privacy practices, service architectures for privacy, intersection attacks, online trust negotiation, random data perturbation, Website fingerprinting, Web user privacy, TCP timestamps, private information retrieval, and unobservable Web surfing.

This book constitutes the refereed proceedings of the 6th International Workshop on Practice and Theory in Public Key Cryptosystems, PKC 2003, held in Miami, Florida, USA in January 2003.

The 26 revised full papers presented were carefully reviewed and selected from 105 submissions. The papers are organized in topical sections on Diffie-Hellman based schemes, threshold cryptography, reduction proofs, broadcast and tracing, digital signatures, specialized multiparty cryptography, cryptanalysis, elliptic curves: implementation attacks, implementation and hardware issues, new public key schemes, and elliptic curves: general issues.

This book constitutes the refereed proceedings of the 4th International Conference on Information and Communication Security, ICICS 2002, held in Singapore in December 2002. The 41 revised full papers presented were carefully reviewed and selected from a total of 161 submissions. The papers are organized in topical sections on system security, crypto systems, security protocols, fingerprinting and watermarking, efficient implementation of algorithms, access control, and cryptanalysis and cryptographic techniques.

Kovacich and Halibozek offer you the benefit of more than 55 years of combined experience in government and corporate security. Throughout the book, the authors use a fictional global corporation as a model to provide continual real-world challenges and solutions. New and experienced managers alike will find a wealth of information and practical advice to help you develop strategic and tactical plans and manage your daily operations.
* Contains real case examples to illustrate practical application of concepts
* Thoroughly covers the integration of physical, computer and information security goals for complete security awareness
* A handy reference for managers to quickly find and implement the security solutions they need

This book constitutes the refereed proceedings of the Third International Conference on Cryptology in India, INDOCRYPT 2002, held in Hyderabad, India in December 2002.The 31 revised full papers presented together with 2 invited papers were carefully reviewed and selected from 75 submissions. The papers are organized in topical sections on symmetric cyphers, new public-key schemes, foundations, public-key infrastructures, fingerprinting and watermarking, public-key protocols, Boolean functions, efficient and secure implementations, applications, anonymity, and secret sharing and oblivious transfer.