This book constitutes the refereed proceedings of the 21st International Conference on Computer Safety, Reliability and Security, SAFECOMP 2002, held in Catania, Italy in September 2002.The 27 revised papers presented together with 3 keynote presentations were carefully reviewed and selected from 69 submissions. The papers are organized in topical sections on human-computer system dependability, human factors, security, dependability assessment, application of formal methods, reliability assessment, design for dependability, and safety assessment.

From the highly acclaimed author of WAYS OF BEING. We live in times of increasing inscrutability. Our news feeds are filled with unverified, unverifiable speculation, much of it automatically generated by anonymous software. As a result, we no longer understand what is happening around us. Underlying all of these trends is a single idea: the belief that quantitative data can provide a coherent model of the world, and the efficacy of computable information to provide us with ways of acting within it. Yet the sheer volume of information available to us today reveals less than we hope. Rather, it heralds a new Dark Age: a world of ever-increasing incomprehension. In his brilliant new work, leading artist and writer James Bridle offers us a warning against the future in which the contemporary promise of a new technologically assisted Enlightenment may just deliver its opposite: an age of complex uncertainty, predictive algorithms, surveillance, and the hollowing out of empathy. Surveying the history of art, technology and information systems he reveals the dark clouds that gather over discussions of the digital sublime.

This open access book provides researchers and professionals with a foundational understanding of online privacy as well as insight into the socio-technical privacy issues that are most pertinent to modern information systems, covering several modern topics (e.g., privacy in social media, IoT) and underexplored areas (e.g., privacy accessibility, privacy for vulnerable populations, cross-cultural privacy). The book is structured in four parts, which follow after an introduction to privacy on both a technical and social level: Privacy Theory and Methods covers a range of theoretical lenses through which one can view the concept of privacy. The chapters in this part relate to modern privacy phenomena, thus emphasizing its relevance to our digital, networked lives. Next, Domains covers a number of areas in which privacy concerns and implications are particularly salient, including among others social media, healthcare, smart cities, wearable IT, and trackers. The Audiences section then highlights audiences that have traditionally been ignored when creating privacy-preserving experiences: people from other (non-Western) cultures, people with accessibility needs, adolescents, and people who are underrepresented in terms of their race, class, gender or sexual identity, religion or some combination. Finally, the chapters in Moving Forward outline approaches to privacy that move beyond one-size-fits-all solutions, explore ethical considerations, and describe the regulatory landscape that governs privacy through laws and policies. Perhaps even more so than the other chapters in this book, these chapters are forward-looking by using current personalized, ethical and legal approaches as a starting point for re-conceptualizations of privacy to serve the modern technological landscape. The book's primary goal is to inform IT students, researchers, and professionals about both the fundamentals of online privacy and the issues that are most pertinent to modern information systems. Lecturers or teachers can assign (parts of) the book for a "professional issues" course. IT professionals may select chapters covering domains and audiences relevant to their field of work, as well as the Moving Forward chapters that cover ethical and legal aspects. Academics who are interested in studying privacy or privacy-related topics will find a broad introduction in both technical and social aspects.

The Cambridge International Workshop on Security Protocols has now run for eight years. Each year we set a theme, focusing upon a speci?c aspect of security protocols, and invite position papers. Anybody is welcome to send us a position paper (yes, you are invited) and we don t insist they relate to the current theme in an obvious way. In our experience, the emergence of the theme as a unifying threadtakesplaceduringthediscussionsattheworkshopitself.Theonlyground rule is that position papers should formulate an approach to some unresolved issues, rather than being a description of a ?nished piece of work. Whentheparticipantsmeet, wetrytofocusthediscussionsupontheconc- tual issues which emerge. Security protocols link naturally to many other areas of Computer Science, and deep water can be reached very quickly. Afterwards, we invite participants to re-draft their position papers in a way which exposes the emergent issues but leaves open the way to their further development. We also prepare written transcripts of the recorded discussions. These are edited (in some cases very heavily) to illustrate the way in which the di?erent arguments and perspectives have interacted. We publish these proceedings as an invitation to the research community. Although many interesting results ?rst see the light of day in a volume of our proceedings, laying claim to these is not our primary purpose of publication. Rather, we bring our discussions and insights to a wider audience in order to suggest new lines of investigation which the community may fruitfully pursue."

This book constitutes the refereed proceedings of the Fourth International Workshop on Recent Advances in Intrusion Detection, RAID 2001, held in Davis, CA, USA, in October 2001.The 12 revised full papers presented were carefully reviewed and selected from a total of 55 submissions. The papers are organized in sections on logging, cooperation, anomaly detection, intrusion tolerance, legal aspects and specification-based IDS.

This book constitutes the refereed proceedings of the Second International Conference on Research in Smart Cards, E-smart 2001, held in Cannes, France, in September 2001. The 20 revised full papers presented were carefully reviewed and selected from 38 submissions. Among the topics addressed are biometrics, cryptography and electronic signatures on smart card security, formal methods for smart card evaluation and certification, architectures for multi-applications and secure open platforms, and middleware for smart cards and novel applications of smart cards.

ACISP2001,theSixthAustralasianConferenceonInformationSecurityandP- vacy,washeldinSydney,Australia. TheconferencewassponsoredbyInfor- tionandNetworkedSystemSecurityResearch(INSSR),MacquarieUniversity, theAustralianComputerSociety,andtheUniversityofWesternSydney. Iam gratefultoalltheseorganizationsfortheirsupportoftheconference. Theaimofthisconferencewastodrawtogetherresearchers,designers,and usersofinformationsecuritysystemsandtechnologies. Theconferenceprogram addressedarangeofaspectsfromsystemandnetworksecuritytosecureInternet applicationstocryptographyandcryptanalysis. Thisyeartheprogramcomm- teeinvitedtwointernationalkeynotespeakersDr. YacovYacobifromMicrosoft Research (USA) and Dr. Cli?ord Neumann from the University of Southern California(USA). Dr. Yacobi'stalkaddressedtheissuesoftrust,privacy,and anti-piracyinelectroniccommerce. Dr. Neumann'ACISP2001,theSixthAustralasianConferenceonInformationSecurityandP- vacy,washeldinSydney,Australia. TheconferencewassponsoredbyInfor- tionandNetworkedSystemSecurityResearch(INSSR),MacquarieUniversity, theAustralianComputerSociety,andtheUniversityofWesternSydney. Iam gratefultoalltheseorganizationsfortheirsupportoftheconference. Theaimofthisconferencewastodrawtogetherresearchers,designers,and usersofinformationsecuritysystemsandtechnologies. Theconferenceprogram addressedarangeofaspectsfromsystemandnetworksecuritytosecureInternet applicationstocryptographyandcryptanalysis. Thisyeartheprogramcomm- teeinvitedtwointernationalkeynotespeakersDr. YacovYacobifromMicrosoft Research (USA) and Dr. Cli?ord Neumann from the University of Southern California(USA). Dr. Yacobi'stalkaddressedtheissuesoftrust,privacy,and anti-piracyinelectroniccommerce. Dr. Neumann'saddresswasconcernedwith authorizationpolicyissuesandtheirenforcementinapplications. Theconferencereceived91papersfromAmerica,Asia,Australia,and- rope. The program committee accepted 38 papers and these were presented insome9sessionscoveringsystemsecurity,networksecurity,trustandaccess control,Authentication,cryptography,cryptanalysis,DigitalSignatures,Elliptic CurveBasedTechniques,andSecretSharingandThresholdSchemes. Thisyear theacceptedpaperscamefromarangeofcountries,including7fromAustralia, 8fromKorea,7fromJapan,3fromUK,3fromGermany,3fromUSA,2from Singapore,2fromCanadaand1fromBelgium,Estonia,andTaiwan. Organizingaconferencesuchasthisoneisatime-consumingtaskandIwould liketothankallthepeoplewhoworkedhardtomakethisconferenceasuccess. Inparticular,IwouldliketothankProgramCo-chairYiMuforhistirelesswork andthemembersoftheprogramcommitteeforputtingtogetheranexcellent program,andallthesessionchairsandspeakersfortheirtimeande?ort. Special thanks to Yi Mu, Laura Olsen, Rajan Shankaran, and Michael Hitchens for theirhelpwithlocalorganizationdetails. Finally,Iwouldliketothankallthe authorswhosubmittedpapersandalltheparticipantsofACISP2001. Ihope thattheprofessionalcontactsmadeatthisconference,thepresentations,and theproceedingshaveo?eredyouinsightsandideasthatyoucanapplytoyour owne?ortsinsecurityandprivacy. July2001 VijayVaradharajan AUSTRALASIANCONFERENCEON INFORMATIONSECURITYANDPRIVACY ACISP2001 Sponsoredby MacquarieUniversity AustralianComputerSociety General Chair: VijayVaradharajan MacquarieUniversity,Australia Program Chairs: VijayVaradharajan MacquarieUniversity,Australia YiMu MacquarieUniversity,Australia Program Committee: RossAnderson CambridgeUniversity,UK ColinBoyd QueenslandUniversityofTechnology,Australia EdDawson QueenslandUniversityofTechnology,Australia YvoDesmedt FloridaStateUniversity,USA PaulEngland Microsoft YairFrankel ColumbiaUniversity,USA AjoyGhosh UNISYS,Australia DieterGollman Microsoft JohnGordon ConceptLabs,UK KwangjoKim ICU,Korea ChuchangLiu DSTO,Australia MasahiroMambo TohokuUniversity,Japan WenboMao Hewlett-PackardLab. ,UK ChrisMitchell LondonUniversity,UK EijiOkamoto UniversityofWisconsin,USA JoePato Hewlett-PackardLab. ,USA JosefPieprzyk MacquarieUniversity,Australia BartPreneel KatholiekeUniversity,Belgium SteveRoberts WithamPtyLtd,Australia QingSihan AcademyofScience,China ReiSafavi-Naini UniversityofWollongong,Australia JenniferSeberry UniversityofWollongong,Australia YuliangZheng MonashUniversity,Australia TableofContents AFewThoughtsonE-Commerce...1 YacovYacobi NewCBC-MACForgeryAttacks...3 KarlBrincat,ChrisJ. Mitchell CryptanalysisofaPublicKeyCryptosystemProposedatACISP2000...15 AmrYoussef,GuangGong ImprovedCryptanalysisoftheSelf-ShrinkingGenerator ...21 ErikZenner,MatthiasKrause,StefanLucks AttacksBasedonSmallFactorsinVariousGroupStructures ...36 ChrisPavlovski,ColinBoyd OnClassifyingConferenceKeyDistributionProtocols...51 ShahrokhSaeednia,ReiSafavi-Naini,WillySusilo PseudorandomnessofMISTY-TypeTransformationsandtheBlockCipher KASUMI ...60 Ju-SungKang,OkyeonYi,DowonHong,HyunsookCho NewPublic-KeyCryptosystemUsingDivisorClassGroups...74 HwankooKim,SangJaeMoon FirstImplementationofCryptographicProtocolsBasedonAlgebraic NumberFields...84 AndreasMeyer,StefanNeis,ThomasPfahler PracticalKeyRecoverySchemes...104 Sung-MingYen Non-deterministicProcessors...115 DavidMay,HenkL. Muller,NigelP. Smart PersonalSecureBooting...130 NaomaruItoi,WilliamA. Arbaugh,SamuelaJ. Pollack, DanielM. Reeves EvaluationofTamper-ResistantSoftwareDeviatingfromStructured ProgrammingRules...145 HideakiGoto,MasahiroMambo,HirokiShizuya,YasuyoshiWatanabe AStrategyforMLSWork?ow...1 59 VladIngarWietrzyk,MakotoTakizawa,VijayVaradharajan X TableofContents Condition-DrivenIntegrationofSecurityServices ...176 Cli?ordNeumann SKETHIC:SecureKernelExtensionagainstTrojanHorseswith Information-CarryingCodes...177 Eun-SunCho,SunhoHong,SechangOh,Hong-JinYeh,ManpyoHong, Cheol-WonLee,HyundongPark,Chun-SikPark SecureandPrivateDistributionofOnlineVideoandSomeRelated CryptographicIssues...190 FengBao,RobertDeng,PeirongFeng,YanGuo,HongjunWu PrivateInformationRetrievalBasedontheSubgroupMembership Problem...206 AkihiroYamamura,TaiichiSaito APracticalEnglishAuctionwithOne-TimeRegistration ...221 KazumasaOmote,AtsukoMiyaji AUserAuthenticationSchemewithIdentityandLocationPrivacy...235 ShouichiHirose,SusumuYoshida AnEnd-to-EndAuthenticationProtocolinWirelessApplicationProtocol. 247 Jong-PhilYang,WeonShin,Kyung-HyuneRhee ErrorDetectionandAuthenticationinQuantumKeyDistribution ...260 AkihiroYamamura,HirokazuIshizuka AnAxiomaticBasisforReasoningaboutTrustinPKIs...274 ChuchangLiu,MarisOzols,TonyCant AKnowledge-BasedApproachtoInternetAuthorizations...292 AlongLin ApplicationsofTrustedReviewtoInformationSecurity...3 05 JohnYesberg,MarieHenderson NetworkSecurityModelingandCyberAttackSimulationMethodology...320 Sung-DoChi,JongSouPark,Ki-ChanJung,Jang-SeLee CryptographicSalt:ACountermeasureagainstDenial-of-ServiceAttacks. . 334 DongGookPark,JungJoonKim,ColinBoyd,EdDawson EnhancedModesofOperationfortheEncryptioninHigh-SpeedNetworks andTheirImpactonQoS...

This unique text deals with the most important legal areas for e-commerce related business in most of the member states in Europe as well as the USA. In doing so the text takes into consideration the national law of the following countries: Belgium, France, Germany, Great Britain, Italy, Netherlands, Norway, Spain, Switzerland, and the USA. Topics that are dealt with include: contract law, consumer protection, intellectual property law, unfair competition, antitrust law, liability of providers, money transactions, privacy and data protection. The country-specific contributions follow a questionnaire which can be found in the beginning. The uniform structure of each contribution enables the reader to quickly find an answer to a legal question. All contributions have been written by experts from each member state.

Invasion of privacy and misuse of personal data are among the most obvious negative effects of today's information and communication technologies. Besides technical issues from a variety of fields, privacy legislation, depending on national activities and often lacking behind technical progress, plays an important role in designing, implementing, and using privacy-enhancing systems.Taking into account technical aspects from IT security, this book presents in detail a formal task-based privacy model which can be used to technically enforce legal privacy requirements. Furthermore, the author specifies how the privacy model policy has been implemented together with other security policies in accordance with the Generalized Framework for Access Control (GFAC).This book will appeal equally to R&D professionals and practitioners active in IT security and privacy, advanced students, and IT managers.

Alan Charles Raul The devastating and reprehensible acts of terrorism committed against the 11, 2001 have greatly affected our lives, our United States on September livelihoods, and perhaps our way of living. The system of government embodied in our Constitution and Bill of Rights was designed to inhibit excessively efficient government. By imposing checks and balances against over-reaching governmental power, the Founders intended to promote the rule of laws, not men - and to protect the prerogatives of citizens over and above their rulers. No faction was to become so powerful that the rights and interests of any other groups or individuals could be easily trampled. Specifically, the Framers of our constitutional structure prohibited the government from suppressing speech, inhibiting the right of free association, of people, conducting unreasonable preventing (peaceful) assemblies searches and seizures, or acting without observing the dictates of due process and fair play. After September 11, there is a risk that the philosophical protections of the Constitution could appear more than a trifle "academic. " Indeed, our tradional notions of "fair play" will be sorely tested in the context of our compelling requirements for effective self-defense against brutal, evil killers who hate the very idea of America. Now that we witness the grave physical dangers that confront our families, friends, neighbors, and businesses, our commitment to limited government and robust individual liberties will of our inevitably - and understandably - be challenged.

The current debate over privacy presents some of the most complex policy-making challenges we have seen in some time. While data on consumers have long been used for marketing purposes, the Internet has substantially increased the flow of personal information. This has produced great benefits, but it also has raised concerns on the part of individuals about what information is being collected, how it is being used and who has access to it. These concerns, in turn, have led to calls for new government regulation. This study focuses on the market for personal information used for advertising and marketing purposes, which is the market affected by most of the regulatory and legislative proposals now under consideration. Unfortunately, there has been little careful analysis of these proposals and their likely consequences. This book attempts to fill this gap by addressing the following basic questions: Are there failures' in the market for personal information? If market failures exist, how do they adversely affect consumers? Can such failures be remedied by government regulation? Would the benefits of government regulation exceed the costs? A/LISTA The authors find that the commercial market for information appears to be working well and is responding to consumers' privacy concerns. They conclude that regulation imposed on a medium like the Internet that is changing so rapidly would have unpredictable and costly consequences. This study is a product of The Progress & Freedom Foundation's project on Regulating Personal Information: Balancing Benefits and Costs. The Progress & Freedom Foundation studies the impact of the digital revolution and its implications for public policy. It conductsresearch in fields such as electronic commerce, telecommunications and the impact of the Internet on government, society and economic growth. It also studies issues such as the need to reform government regulation, especially in technology-intensive fields such as medical innovation, energy and environmental regulation.

Since 1998, RAID has established its reputation as the main event in research on intrusion detection, both in Europe and the United States. Every year, RAID gathers researchers, security vendors and security practitioners to listen to the most recent research results in the area as well as experiments and deployment issues. This year, RAID has grown one step further to establish itself as a well-known event in the security community, with the publication of hardcopy proceedings. RAID 2000 received 26 paper submissions from 10 countries and 3 continents. The program committee selected 14 papers for publication and examined 6 of them for presentation. In addition RAID 2000 received 30 extended abstracts proposals; 15 of these extended abstracts were accepted for presentation. - tended abstracts are available on the website of the RAID symposium series, http: //www.raid-symposium.org/. We would like to thank the technical p- gram committee for the help we received in reviewing the papers, as well as all the authors for their participation and submissions, even for those rejected. As in previous RAID symposiums, the program alternates between fun- mental research issues, such as newtechnologies for intrusion detection, and more practical issues linked to the deployment and operation of intrusion det- tion systems in a real environment. Five sessions have been devoted to intrusion detection technology, including modeling, data mining and advanced techniques

Today the vast majority of the world's information resides in, is derived from, and is exchanged among multiple automated systems. Critical decisions are made, and critical action is taken based on information from these systems. Therefore, the information must be accurate, correct, and timely, and be manipulated, stored, retrieved, and exchanged safely, reliably, and securely. In a time when information is considered the latest commodity, information security should be top priority.
A Practical Guide to Security Engineering and Information Assurance gives you an engineering approach to information security and information assurance (IA). The book examines the impact of accidental and malicious intentional action and inaction on information security and IA. Innovative long-term vendor, technology, and application-independent strategies show you how to protect your critical systems and data from accidental and intentional action and inaction that could lead to system failure or compromise.
The author presents step-by-step, in-depth processes for defining information security and assurance goals, performing vulnerability and threat analysis, implementing and verifying the effectiveness of threat control measures, and conducting accident and incident investigations. She explores real-world strategies applicable to all systems, from small systems supporting a home-based business to those of a multinational corporation, government agency, or critical infrastructure system.
The information revolution has brought its share of risks. Exploring the synergy between security, safety, and reliability engineering, A Practical Guide to Security Engineering and Information Assurance consolidates and organizes current thinking about information security/IA techniques, approaches, and best practices. As this book will show you, there is considerably more to information security/IA than firewalls, encryption, and virus protection.

ICICS 99, the Second International Conference on Information and C- munication Security, was held in Sydney, Australia, 9-11 November 1999. The conference was sponsored by the Distributed System and Network Security - search Unit, University of Western Sydney, Nepean, the Australian Computer Society, IEEE Computer Chapter (NSW), and Harvey World Travel. I am g- teful to all these organizations for their support of the conference. The conference brought together researchers, designers, implementors and users of information security systems and technologies. A range of aspects was addressed from security theory and modeling to system and protocol designs and implementations to applications and management. The conference con- sted of a series of refereed technical papers and invited technical presentations. The program committee invited two distinguished key note speakers. The ?rst keynote speech by Doug McGowan, a Senior Manager from Hewlett-Packard, USA, discussed cryptography in an international setting. Doug described the current status of international cryptography and explored possible future trends and new technologies. The second keynote speech was delivered by Sushil Ja- dia of George Mason University, USA. Sushil s talk addressed the protection of critical information systems. He discussed issues and methods for survivability of systems under malicious attacks and proposed a fault-tolerance based - proach. The conference also hosted a panel on the currently much debated topic of Internet censorship. The panel addressed the issue of censorship from various viewpoints namely legal, industrial, governmental and technical."

The4thAustralasianConferenceonInformationSecurityandPrivacywasheld attheUniversityofWollongong, Australia. Theconferencewassponsoredby theCentreforComputerSecurityResearch, UniversityofWollongong, andthe AustralianComputerSociety. Theaimoftheconferencewastobringtogether peopleworkingindi erentareasofcomputer, communication, andinformation securityfromuniversities, industry, andgovernmentinstitutions. Theconference gavetheparticipantsanopportunitytodiscussthelatestdevelopmentsinthe quicklygrowingareaofinformationsecurityandprivacy. Theprogramcommitteeaccepted26papersfrom53submitted. Fromthose accepted, thirteen papers were from Australia, two each from Belgium and China, andoneeachfromAustria, Belarus, France, India, Japan, Korea, Sin- pore, theUSA, andYugoslavia. Conferencesessionscoveredthefollowingtopics: accesscontrolandsecuritymodels, networksecurity, Booleanfunctions, group communication, cryptanalysis, keymanagementsystems, electroniccommerce, signatureschemes, RSAcryptosystems, andoddsandends. We would like to thank the members of the program committee who - nerouslyspenttheirtimereadingandevaluatingthepapers. Wewouldalsolike tothankmembersoftheorganisingcommitteeand, inparticular, ChrisCh- nes, HosseinGhodosi, MarcGysin, Tiang-BingXia, Cheng-XinQu, SanYeow Lee, YejingWang, Hua-XiongWang, Chih-HungLi, WillySusilo, ChintanShah, Je reyHorton, andGhulamRasoolChaudhryfortheircontinuousandtireless e ortinorganisingtheconference. Finally, wewouldliketothanktheauthorsof allthesubmittedpapers, especiallytheacceptedones, andalltheparticipants whomadetheconferenceasuccessfulevent. February1999 JosefPieprzyk ReiSafavi-Naini JenniferSeberry FOURTHAUSTRALASIANCONFERENCE ONINFORMATIONSECURITY ANDPRIVACY ACISP 99 Sponsoredby CenterforComputerSecurityResearch UniversityofWollongong, Australia and AustralianComputerSociety GeneralChair: JenniferSeberry UniversityofWollongong ProgramCo-Chairs: JosefPieprzyk UniversityofWollongong ReiSafavi-Naini UniversityofWollongong ProgramCommittee: ColinBoyd QueenslandUniversityofTechnology, Australia LawrieBrown AustralianDefenceForceAcademy, Australia BillCaelli QueenslandUniversityofTechnology, Australia EdDawson QueenslandUniversityofTechnology, Australia CunshengDing NationalUniversityofSingapore, Singapore DieterGollmann MicrosoftResearch, UK YongfeiHan Gemplus, Singapore ThomasHardjono BayNetworks, US ErlandJonsson ChalmersUniversity, Sweden SveinKnapskog UniversityofTrondheim, Norway KeithMartin KatholiekeUniversiteitLeuven, Belgium CathyMeadows NavalResearchLaboratory, US KaisaNyberg NokiaResearchCenter, Finland Choon-SikPark ElectronicsandTelecommunicationResearchInstitute, Korea DingyiPei AcademiaSinica, China SteveRoberts WithamPtyLtd, Australia ConferenceOrganization VII GregRose Qualcomm, Australia RaviSandhu GeorgeMasonUniversity, US Sta ordTavares Queen sUniversity, Canada VijayVaradharajan WesternSydneyUniversity, Australia YuliangZheng MonashUniversity, Australia Referees N. Asokan ZhangJiang DingyiPei YunBai ErlandJonsson JosefPieprzyk SimonBlackburn SveinKnapskog VincentRijmen ColinBoyd HuLei SteveRoberts LawrieBrown LeszekMaciaszek GregRose BillCaelli KeithMartin ReiSafavi-Naini EdDawson CathyMeadows RaviSandhu CunshengDing BillMillan RajanShankaran GaryGaskell QiMing Sta ordTavares JanuszGetta Sang-JaeMoon VijayVaradharajan DieterGollmann YiMu Kapaleeswaran MarcGysin KennyNguyen Viswanathan YongfeiHan KaisaNyberg ChuanWu ThomasHardjono Choon-SikPark YuliangZheng. TableofContents BooleanFunctions BooleanFunctionDesignUsingHillClimbingMethods WilliamMillan, AndrewClark, andEdDawson. . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 EnumerationofCorrelationImmuneBooleanFunctions SubhamoyMaitraandPalashSarkar. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 OntheSymmetricPropertyofHomogeneousBooleanFunctions ChengxinQu, JenniferSeberry, andJosefPieprzyk. . . . . . . . . . . . . . . . . . . . . . . . 26 KeyManagement PubliclyVeri ableKeyEscrowwithLimitedTimeSpan KapaliViswanathan, ColinBoyd, andEdDawson. . . . . . . . . . . . . . . . . . . . . . . . . 36 AcceleratingKeyEstablishmentProtocolsforMobileCommunication SeungwonLee, Seong-MinHong, HyunsooYoon, andYookunCho. . . . . . . . . 51 ConferenceKeyAgreementfromSecretSharing Chih-HungLiandJosefPieprzyk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Cryptanalysis Onm-PermutationProtectionSchemeAgainstModi cationAttack W. W. FungandJ. W. Gray, III. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 InversionAttackandBranching JovanDj. Golic, AndrewClark, andEdDawson . . . . . . . . . . . . . . . . . . . . . . . . . . 88 Signatures Fail-StopThresholdSignatureSchemesBasedonEllipticCurves WillySusilo, ReiSafavi-Naini, andJosefPieprzyk. . . . . . . . . . . . . . . . . . . . . . . 103 DivertibleZero-KnowledgeProofofPolynomialRelationsand BlindGroupSignature KhanhQuocNguyen, YiMu, andVijayVaradharajan. . . . . . . . . . . . . . . . . . . . 117 RepudiationofCheatingandNon-repudiationof Zhang sProxySignatureSchemes HosseinGhodosiandJosefPieprzyk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 X TableofContents RSACryptosystems OntheSecurityofanRSABasedEncryptionScheme SigunaMul ]ler . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135 GeneralisedCyclingAttacksonRSAandStrongRSAPrimes MarcGysinandJenniferSeberry. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 RSAAccelerationwithFieldProgrammableGateArrays AlexanderTiountchikandElenaTrichina. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164 GroupCryptography ChangingThresholdsintheAbsenceofSecureChannels KeithM. Martin, JosefPieprzyk, ReiSafavi-Naini, andHuaxiongWang . 177 ASelf-Certi edGroup-OrientedCryptosystemWithoutaCombiner ShahrokhSaeedniaandHosseinGhodosi . . . . . . . . . . . . . . . . . . . .

The Department of Electrical Engineering-ESAT at the Katholieke Universiteit Leuven regularly runs a course on the state of the art and evolution of computer security and industrial cryptography. The rst course took place in 1983, the second in 1989, and since then the course has been a biennial event. The course is intended for both researchers and practitioners from industry and government. It covers the basic principles as well as the most recent - velopments. Our own interests mean that the course emphasizes cryptography, but we also ensure that the most important topics in computer security are covered. We try to strike a good balance between basic theory and real-life - plications, between mathematical background and judicial aspects, and between recent technical developments and standardization issues. Perhaps the greatest strength of the course is the creation of an environment that enables dialogue between people from diverse professions and backgrounds. In 1993, we published the formal proceedings of the course in the Lecture Notes in Computer Science series (Volume 741). Since the el d of cryptography has advanced considerably during the interim period, there is a clear need to publish a new edition. Since 1993, several excellent textbooks and handbooks on cryptology have been published and the need for introductory-level papers has decreased. The growth of the main conferences in cryptology (Eurocrypt, Crypto, and Asiacrypt) shows that interest in the eld is increasing

This book constitutes the thoroughly revised post-conference proceedings of the Second International Conference on Financial Cryptography, FC '98, held in Anguilla, British West Indies, in February 1998.
The 28 revised papers presented were carefully selected and improved beyond the versions presented at the meeting. The book presents the state of the art in research and development in financial cryptography and addresses all current topics such as electronic payment systems, digital cash, electronic commerce, digital signatures, payment transactions, revocation and validation, WWW commerce, trust management systems, and watermarking.

ASIACRYPT'98, the international conference covering all aspects of theory and application of cryptology and information security, is being held at Beijing Friendship Hotel from October 18 to 22. This is the fourth of the Asiacrypt conferences. ASIACRYPT'98 is sponsored by the State Key Laboratory of Information Security (SKLOIS), University of Science and Technology of China (USTC), and the Asiacrypt Steering Committee (ASC), in cooperation with the International Association for Cryptology Research (IACR). The 16-member Program Committee organized the scientific program and considered 118 submissions. Of these, 32 were accepted for presentation. The authors' affiliations of the 118 submissions and the 32 accepted papers range over 18 and 13 countries or regions, respectively. The submitted version of each paper was sent to all members of the Program Committee and was extensively examined by at least three committee members and/or outside experts. The review process was rigorously blinded and the anonymity of each submission are maintained until the selection was completed. We followed the traditional policy that each member of the Program Committee could be an author of at most one accepted paper. These proceedings contain the revised versions of the 32 contributed talks as well as a short note written by one invited speaker. Comments from the Program Committee were taken into account in the revisions. However, the authors (not the committee) bear full responsibility for the contents of their papers.

This book constitutes the refereed proceedings of the 18th Annual International Cryptology Conference, CRYPTO'98, held in Santa Barbara, California, USA, in August 1998. The book presents 33 revised full papers selected from a total of 144 submissions received. Also included are two invited presentations. The papers are organized in topical sections on chosen ciphertext security, cryptanalysis of hash functions and block ciphers, distributed cryptography, zero knowledge, and implementation.

This book constitutes the refereed proceedings of the Third Australasian Conference on Information Security and Privacy, ACISP'98, held in Brisbane, Australia, in Kuly 1998.
The volume presents 35 revised full papers selected from a total of 66 submissions; also included are two invited contributions. The book is divided in sections on network security, block ciphers, stream ciphers, authorization codes and Boolean functions, software security and electronic commerce, public key cryptography, hardware, access control, protocols, secret sharing, and digital signatures.

Fast Software Encryption (FSE) is an annual research workshop devoted to the promotion of research on classical encryption algorithms and related cryp- graphic primitives such as hash functions. When public key cryptography started to receive wide attention in the 1980s, the much older and more basic art of secret key cryptography was sidelined at many research conferences. This motivated Ross Anderson to organise the rst FSE in Cambridge, England in December 1993; subsequent workshops followed at Leuven, Belgium (December 1994), Cambridge again (February 1996), and Haifa, Israel (January 1997). These proceedings contain the papers due to be presented at the fth FSE workshop in March 1998 at the Hotel du Louvre in Paris. This event is organized by the Ecole Normale Superieure and the Centre National pour la Recherche S- enti que (CNRS) in cooperation with the International Association for Cryp- logic Research (IACR), and has attracted the kind support of Gemplus and Microsoft, the world leaders in smart cards and software { two domains very closely connected to our research concerns.

This book constitutes the strictly refereed post-workshop proceedings of the First International Workshop on Information Security, ISW'98, held in Tatsunokuchi, Ishikawa, Japan, in September 1997. The volume presents six invited surveys together with 25 thoroughly revised full papers selected from 39 submissions. Among the topics covered are public-key cryptosystems, cryptoanalysis, digital signatures, hardware/software implementation, key management, key sharing, security management, electronic commerce, and quantum cryptology.

This book constitutes the strictly refereed post-workshop proceedings of the 5th International Workshop on Security Protocols, held in Paris, France, in April 1997. The 17 revised full papers presented address all current aspects of security protocols. Among the topics covered are secure distribution of knowledge, electronic voting systems, secure Internet transactions, digital signatures, key exchange, cryprographic protocols, authentication, threshold systems, secret sharing, ect.

This book constitutes the refereed proceedings of the 6th International Conference on Cryptography and Coding held at the Institute of Mathematics and its Applications (IMA) in Cirencester, UK, in December 1997. The 35 revised full papers presented emphasize the links and commonality between the underlying mathematical bases and algorithmic foundations of cryptography, error control coding and digital signal processing devices available today. Besides classical crypto topics, other issues concerning information transmission and processing are addressed, such as multiple-access coding, image processing, synchronization and sequence design.

Privacy-Preserving Machine Learning is a practical guide to keeping ML data anonymous and secure. You'll learn the core principles behind different privacy preservation technologies, and how to put theory into practice for your own machine learning. Complex privacy-enhancing technologies are demystified through real world use cases forfacial recognition, cloud data storage, and more. Alongside skills for technical implementation, you'll learn about current and future machine learning privacy challenges and how to adapt technologies to your specific needs. By the time you're done, you'll be able to create machine learning systems that preserve user privacy without sacrificing data quality and model performance. Large-scale scandals such as the Facebook Cambridge Analytic a data breach have made many users wary of sharing sensitive and personal information. Demand has surged among machine learning engineers for privacy-preserving techniques that can keep users private details secure without adversely affecting the performance of models.