The CRYPTO '94 conference is sponsored by the International Association for Cryptologic Research (IACR), in co-operation with the IEEE Computer Society Technical Committee on Security and Privacy. It has taken place at the Univ- sity of California, Santa Barbara, from August 21-25,1994. This is the fourteenth annual CRYPTO conference, all of which have been held at UCSB. This is the first time that proceedings are available at the conference. The General Chair, Jimmy R. Upton has been responsible for local organization, registration, etc. There were 114 submitted papers which were considered by the Program Committee. Of these, 1 was withdrawn and 38 were selected for the proce- ings. There are also 3 invited talks. Two of these are on aspects of cryptog- phy in the commercial world. The one on hardware aspects will be presented by David Maher (AT&T), the one on software aspects by Joseph Pato (Hewlett- Packard). There will also be a panel discussion on "Securing an Electronic World: Are We Ready?" The panel members will be: Ross Anderson, Bob Blakley, Matt Blaze, George Davida, Yvo Desmedt (moderator), Whitfield Diffie, Joan Feig- baum, Blake Greenlee, Martin Hellman, David Maher, Miles Smid. The topic of the panel will be introduced by the invited talk of Whitfield Diffie on "Securing the Information Highway. " These proceedings contain revised versions of the 38 contributed talks. Each i paper was sent to at least 3 members of the program committee for comments.

This volume comprises a collection of papers presented at the Workshop on Information Protection, held in Moscow, Russia in December 1993. The 16 thoroughly refereed papers by internationally known scientists selected for this volume offer an exciting perspective on error control coding, cryptology, and speech compression. In the former Soviet Union, research related to information protection was often shielded from the international scientific community. Therefore, the results presented by Russian researchers and engineers at this first international workshop on this topic are of particular interest; their work defines the cutting edge of research in many areas of error control, cryptology, and speech recognition.

Are you serious about network security? Then check out SSH, the Secure Shell, which provides key-based authentication and transparent encryption for your network connections. It's reliable, robust, and reasonably easy to use, and both free and commercial implementations are widely available for most operating systems. While it doesn't solve every privacy and security problem, SSH eliminates several of them very effectively.

Everything you want to know about SSH is in our second edition of "SSH, The Secure Shell: The Definitive Guide," This updated book thoroughly covers the latest SSH-2 protocol for system administrators and end users interested in using this increasingly popular TCP/IP-based solution.

How does it work? Whenever data is sent to the network, SSH automatically encrypts it. When data reaches its intended recipient, SSH decrypts it. The result is "transparent" encryption-users can work normally, unaware that their communications are already encrypted. SSH supports secure file transfer between computers, secure remote logins, and a unique "tunneling" capability that adds encryption to otherwise insecure network applications. With SSH, users can freely navigate the Internet, and system administrators can secure their networks or perform remote administration.

Written for a wide, technical audience, "SSH, The Secure Shell: The Definitive Guide" covers several implementations of SSH for different operating systems and computing environments. Whether you're an individual running Linux machines at home, a corporate network administrator with thousands of users, or a PC/Mac owner who just wants a secure way to telnet or transfer files between machines, ourindispensable guide has you covered. It starts with simple installation and use of SSH, and works its way to in-depth case studies on large, sensitive computer networks.

No matter where or how you're shipping information, "SSH, The Secure Shell: The Definitive Guide" will show you how to do it securely.

This volume contains papers from the OOPSLA-93 Conference Workshop on Security for Object-Oriented Systems, held in Washington DC, USA, on 26 September 1993. The workshop addressed the issue of how to introduce an acceptable level of security into object-oriented systems, as the use of such systems becomes increasingly widespread. The topic is approached from two different, but complementary, viewpoints: the incorporation of security into object-oriented systems, and the use of object-oriented design and modelling techniques for designing secure applications. The papers cover a variety of issues, relating to both mandatory and discretionary security, including security facilities of PCTE, information flow control, the design of multilevel secure data models, and secure database interoperation via role translation. The resulting volume provides a comprehensive overview of current work in this important area of research.

This volume contains the refereed papers presented at the International Workshop on Software Encryption Algorithms, held at Cambridge University, U.K. in December 1993.
The collection of papers by representatives of all relevant research centers gives a thorough state-of-the-art report on all theoretical aspects of encryption algorithms and takes into account the new demands from new applications, as for example from the data-intensive multimedia applications. The 26 papers are organized in sections on block ciphers, stream ciphers, software performance, cryptanalysis, hash functions and hybrid ciphers, and randomness and nonlinearity.

This volume contains a selection of refereed papers from the 1993 Canadian Workshop on Information Theory, held in Rockland, Ontario, May 30 - June 2.
The workshop provided a forum for Canadian and international researchers to gather and discuss new results in the areas of information theory, algebraic coding, digital communications, and networks.
A number of novel approaches to research problems are presented, and seminal works by several renowned experts are included in the volume.
The papers have been loosely grouped into four parts: coding and cryptography, coding and modulation of fading channels, decoding techniques, and networks and information theory.

The CRYPTO '93 conference was sponsored by the International Association for Cryptologic Research (IACR) and Bell-Northern Research (a subsidiary of Northern Telecom), in co-operation with the IEEE Computer Society Technical Committee. It took place at the University of California, Santa Barbara, from August 22-26, 1993. This was the thirteenth annual CRYPTO conference, all of which have been held at UCSB. The conference was very enjoyable and ran very of the General Chair, Paul Van Oorschot. smoothly, largely due to the efforts It was a pleasure working with Paul throughout the months leading up to the conference. There were 136 submitted papers which were considered by the Program Committee. Of these, 38 were selected for presentation at the conference. There was also one invited talk at the conference, presented by Miles Smid, the title of which was "A Status Report On the Federal Government Key Escrow System." The conference also included the customary Rump Session, which was presided over by Whit Diffie in his usual inimitable fashion. Thanks again to Whit for organizing and running the Rump session. This year, the Rump Session included an interesting and lively panel discussion on issues pertaining to key escrowing. Those taking part were W. Diffie, J. Gilmore, S. Goldwasser, M. Hellman, A. Herzberg, S. Micali, R. Rueppel, G. Simmons and D. Weitzner.

The programme for the Second Safety-critical Systems Symposium was planned to examine the various aspects of technology currently employed in the design of safety-critical systems, as well as to emphasise the importance of safety and risk management in their design and operation. assessment There is an even balance of contributions from academia and industry. Thus, industry is given the opportunity to express its views of the safety-critical domain and at the same time offered a glimpse of the technologies which are currently under development and which, if successful, will be available in the medium-term future. In the field of technology, a subject whose importance is increasingly being recognised is human factors, and there are papers on this from the University of Hertfordshire and Rolls-Royce. Increasingly, PLCs are being employed in safety-critical applications, and this domain is represented by contributions from Nuclear Electric and August Computers. Then there are papers on maintainability, Ada, reverse engineering, social issues, formal methods, and medical systems, all in the context of safety. And, of course, it is not possible to keep the 'new' technologies out of the safety-critical domain: there are papers on neural networks from the University of Exeter and knowledge-based systems from ERA Technology.

Eurocrypt is a series of open workshops on the theory and application of cryptographic techniques. These meetings have taken place in Europe every year since 1982 and are sponsored by the International Association for Cryptologic Research. Eurocrypt '93 was held in the village of Lofthus in Norway in May 1993. The call for papers resulted in 117 submissions with authors representing 27 different countries. The 36 accepted papers were selected by the program committee after a blind refereeing process. The papers are grouped into parts on authentication, public key, block ciphers, secret sharing, stream ciphers, digital signatures, protocols, hash functions, payment systems, and cryptanalysis. The volume includes 6 further rump session papers.

Crypto'92 took place on August 16-20, 1992. It was the twelfth in the series of annual cryptology conferences held on the beautiful campus of the University of California, Santa Barbara. Once again, it was sponsored by the International Association for Cryptologic Research, in cooperation with the IEEE Computer Society Technical Committee on Security and Privacy. The conference ran smoothly, due to the diligent efforts of the g- eral chair, Spyros Magliveras of the University of Nebraska. One of the measures of the success of this series of conferences is represented by the ever increasing number of papers submitted. This year, there were 135 submissions to the c- ference, which represents a new record. Following the practice of recent program comm- tees, the papers received anonymous review. The program committee accepted 38 papers for presentation. In addition, there were two invited presentations, one by Miles Smid on the Digital Signature Standard, and one by Mike Fellows on presenting the concepts of cryptology to elementary-age students. These proceedings contains these 40 papers plus 3 papers that were presented at the Rump Session. I would like to thank all of the authors of the submitted papers and all of the speakers who presented papers. I would like to express my sincere appreciation to the work of the program committee: Ivan Damgard (Aarhus University, Denmark), Odd Goldreich (Technion, Israel), Burt Kaliski (RSA Data Security, USA), Joe Kilian (NEC, USA).

The safe operation of computer systems continues to be a key issue in many applications where people, environment, investment, or goodwill can be at risk. Such applications include medical, railways, power generation and distribution, road transportation, aerospace, process industries, mining, military and many others. This book represents the proceedings of the 12th International Conference on Computer Safety, Reliability and Security, held in Poznan, Poland, 27-29 October 1993. The conference reviews the state of the art, experiences and new trends in the areas of computer safety, reliability and security. It forms a platform for technology transfer between academia, industry and research institutions. In an expanding world-wide market for safe, secure and reliable computer systems SAFECOMP'93 provides an opportunity for technical developers, users, and legislators to exchange and review the experience, to consider the best technologies now available and to identify the skills and technologies required for the future. The papers were carefully selected by the International Program Com mittee of the Conference. The authors of the papers come from 16 different countries. The subjects covered include formal methods and models, safety assessment and analysis, verification and validation, testing, reliability issues and dependable software tech nology, computer languages for safety related systems, reactive systems technology, security and safety related applications. As to its wide international coverage, unique way of combining partici pants from academia, research and industry and topical coverage, SAFECOMP is outstanding among the other related events in the field."

This volume contains the proceedings of ASIACRYPT '91, the first international conference on the theory and application of cryptology to be held in the Asian area. It was held at Fujiyoshida, near Mount Fuji in Japan, in November 1991. The conference was modeled after the very successful CRYTO and EUROCRYPT series of conferences sponsored by the International Association for Cryptologic Research (IACR). The IACR and the Institute of Electronics, Information and Communication Engineers were sponsors for ASIACRYPT '91. The papers from the conference were improved and corrected for inclusion in this volume. The papers are grouped into parts on: differential cryptanalysis and DES-like cryptosystems; hashing and signature schemes; secret sharing, threshold, and authenticationcodes; block ciphers - foundations and analysis; cryptanalysis and new ciphers; proof systems and interactive protocols; public key ciphers - foundations and analysis. Also included are four invited lectures and impromptu talks from the rump session.

This volume is based on a course held several times, and again in 1993, at the ESAT Laboratorium of the Department of Electrical Engineering at the Katholieke Universiteit Leuven in Belgium. These courses are intended for both researchers in computer security and cryptography and for practitioners in industry and government. The contributors of the 1991 course were invited to submit revised and updated versions of their papers for inclusion in a book. This volume is the final result; it is well- balanced between basic theory and real life applications, between mathematical background and juridical aspects, and between technical developments and standardization issues. Some of the topics are public key cryptography, hash functions, secure protocols, digital signatures, security architectures, network security, and data encryption standards (DES).

This book contains the proceedings of AUSCRYPT '92, an international conference on cryptologic research held on the Gold Coast, Australia, in December 1992. This is the third conference held outside the series of CRYPTO meetings held in Santa Barbara, California, each August and EUROCRYPT meetings held in European countries each northern spring. The first two were AUSCRYPT '90, held in Australia, and ASIACRYPT '91, held in Japan. The volume contains three invited papers and 44 contributed papers selected from 77 submissions. The articles cover all main topics in modern computer and communications security research.These include: - authentication - secret sharing - digital signatures - one-way hashing functions - design of block ciphers - cryptanalysis - cryptographic protocols - pseudo-random sequences and functions - public key cryptography.

A series of workshops devoted to modern cryptography began in Santa Barbara,California in 1981 and was followed in 1982 by a European counterpart in Burg Feuerstein, Germany. The series has been maintained with summer meetings in Santa Barbara and spring meetings somewhere in Europe. At the 1983 meeting in Santa Barbara the International Association for Cryptologic Research was launched and it now sponsors all the meetings of the series. This volume presents the proceedings of Eurocrypt '92, held in Hungary. The papers are organized into the following parts: Secret sharing, Hash functions, Block ciphers, Stream ciphers, Public key I, Factoring, Trapdoor primes and moduli (panel report), Public key II, Pseudo-random permutation generators, Complexity theory and cryptography I, Zero-knowledge, Digital knowledge and electronic cash, Complexity theory andcryptography II, Applications, and selected papers from the rump session. Following the tradition of the series, the authors produced full papers after the meeting, in some cases with revisions.

0 e This is the proceedings of the first annual symposium of the Safety-critical Systems Club (The Watershed Media Centre, Bristol, 9-11 February 1993), which provided a forum for exploring and discussing ways of achieving safety in computer systems to be used in safety-critical industrial applications. The book is divided into three parts, which correspond with the themes of the three days of the symposium. The first - "Experience from Around Europe" - brings together information on developments in safety-critical systems outside the UK. The second - "Current" "Research" - consists of papers on large projects within the UK, which involve collaboration between academia and industry, providing techniques and methods to enhance safety. The final part - "Achieving and Evaluating Safety" - explores how methods already in use in other domains may be applied to safety, and examines the relationships between safety and other attributes such as quality and security. The papers identify the current problems and issues of interest in the field of safety-critical software-based systems, and provide valuable up-to-date material for those in both academia and industry. The academic will benefit from information about current research complimentary to his own, and the industrialist will learn of the technologies which will soon be available and where to find them.

This volume presents the proceedings of the second European Symposium on Research in Computer Security (ESORICS 92), held in Toulouse in November 1992. The aim of this symposium is to further the progress of research in computer security by bringing together researchers in this area, by promoting the exchange of ideas with system developers, and by encouraging links with researchers in areas related to computer science, informationtheory, and artificial intelligence. The volume contains 24 papers organizedinto sections on access control, formal methods, authentication, distributed systems, database security, system architectures, and applications. ESORICS 92 was organized by AFCET (Association francaise des sciences et technologies de l'information et des syst mes) in cooperation with a large number of national and international societies and institutes.

Many commercial and defense applications require a database system that protects data of different sensitivities while still allowing users of different clearances to access the system. This book is a collection of papers covering aspects of the emerging security technology for multilevel database systems. It contains reports on such landmark systems as SeaView, LDV, ASD, Secure Sybase, the UNISYS secure distributed system, and the secure entity-relationship system GTERM. Much of the research is concerned with the relational model, although security for the entity-relationship and object-oriented models of data are also discussed. Because the field is so new, it has been extremely difficult to learn about the research going on in this area, until now. This book will be invaluable to researchers and system designers in database systems and computer security. It will also be of interest to data users and custodians who are concerned with the security of their information. This book can also be used as a text for an advanced topics course on computer security in a computer science curriculum.

This report on the state of the art and future directions of public-key cryptography is published in accordance with the terms of reference of the European Institute for System Security (EISS). The EISS was founded in 1988 by cabinet resolution of the state government of Baden-W}rttemberg and its basic task is scientific research and knowledge transfer in the field of security in telecommunications and computer and information systems. This report gives the results of an EISS workshop on public-keycryptography and contains seven chapters: an introduction, the scope of the workshop, the topics chosen, classification and description of the most prominent public-key systems, the dependence of public-key cryptography on computational number theory, mistakes and problems with public-key systems, and a projection of needs and requirements for public-key systems. It is addressed to all members of the computer science community: systems developers, researchers, decision makers, standardization committees, patent offices, and users and customers of secure computer systems.

Secure message transmission is of extreme importance in today's information-based society. Stream encryption is a practically important means to this end. This monograph is devoted to a new aspect of stream ciphers, namely the stability theory of stream ciphers, with the purpose of developing bounds on complexity which can form part of the basis for a general theory of data security and of stabilizing stream-cipher systems. The approach adopted in this monograph is new. The topic is treated by introducing measure indexes on the security of stream ciphers, developing lower bounds on these indexes, and establishing connections among them. The treatment involves the stability of boolean functions, the stability of linear complexity of key streams, the period stability of key streams, and the stability of source codes. Misleading ideas about stream ciphers are exposed and new viewpoints presented. The numerous measure indexes and bounds on them that are introduced here, the approach based on spectrum techniques, andthe ten open problems presented will all be useful to the reader concerned with analyzing and designing stream ciphers for securing data.

The 1980's saw the advent of widespread (and potentially damaging) computer virus infection of both personal computer and mainframe systems. The computer security field has been comparatively slow to react to this emerging situation. It is only over the last two years that a significant body of knowledge on the operation, likely evolution and prevention of computer viruses has developed. A Pathology of Computer Viruses gives a detailed overview of the history of the computer virus and an in-depth technical review of the principles of computer virus and worm operation under DOS, Mac, UNIX and DEC operating systems. David Ferbrache considers the possible extension of the threat to the mainframe systems environment and suggests how the threat can be effectively combatted using an antiviral management plan. The author addresses the latest developments in "stealth" virus operations, specifically the trend for virus authors to adopt extensive camouflage and concealment techniques, which allow viruses to evade both existing anti-viral software and to avoid detection by direct observation of machine behaviour. A Pathology of Computer Viruses addresses a distinct need - that of the computer specialist and professional who needs a source reference work detailing all aspects of the computer virus threat.

This title discusses theoretical frameworks, recent research findings and practical applications which will benefit researchers and students in electrical engineering and information technology, as well as professionals working in digital audio.

During a short visit to Bremen in December 1989 John Rosenberg had several discussions with me about computer architecture. Although we had previously worked together for more than a decade in Australia we had not seen each other for over a year, following my move to Bremen in 1988. Meanwhile John was spending a year on study leave at the University of St. Andrews in Scotland with Professor Ron Morrison and his persistent programming research group. From our conversations it was quite clear that John was having a most fruitful time in St. Andrews and was gaining valuable new insights into the world of persistent programming. He was very keen to explore the significance of these insights for the MONADS Project, which we had been jOintly directing since the early 1980s. MONADS was not about persistent programming. In fact it had quite different origins, in the areas of software engineering and information protection. In an earlier stage of the project our ideas on these themes had led us into the world of computer architecture and even hardware deSign, in our attempts to provide an efficient base machine for our software ideas. The most important practical result of this phase of the project had been the development of the MONADS-PC, a mini computer which would be better compared with say a V tv< 11/750 than with a personal computer, despite its unfortunate name.

The general problem studied by information theory is the reliable transmission of information through unreliable channels. Channels can be unreliable either because they are disturbed by noise or because unauthorized receivers intercept the information transmitted. In the first case, the theory of error-control codes provides techniques for correcting at least part of the errors caused by noise. In the second case cryptography offers the most suitable methods for coping with the many problems linked with secrecy and authentication. Now, both error-control and cryptography schemes can be studied, to a large extent, by suitable geometric models, belonging to the important field of finite geometries. This book provides an update survey of the state of the art of finite geometries and their applications to channel coding against noise and deliberate tampering. The book is divided into two sections, "Geometries and Codes" and "Geometries and Cryptography." The first part covers such topics as Galois geometries, Steiner systems, Circle geometry and applications to algebraic coding theory. The second part deals with unconditional secrecy and authentication, geometric threshold schemes and applications of finite geometry to cryptography. This volume recommends itself to engineers dealing with communication problems, to mathematicians and to research workers in the fields of algebraic coding theory, cryptography and information theory.