The Internet Age has created vast and ubiquitous databases of personal information in universities, corporations, government agencies, and doctors' offices. Every week, stories of databases being compromised appear in the news. Yet, despite the fact that lost laptops and insecure computer servers jeopardize our privacy, privacy and security are typically considered in isolation. Advocates of privacy have sought to protect individuals from snooping corporations, while advocates of security have sought to protect corporations from snooping individuals. Securing Privacy in the Internet Age aims to merge the discussion of these two goals. The book brings together many of the world's leading academics, litigators, and public policy advocates to work towards enhancing privacy and security. While the traditional adversary of privacy advocates has been the government, in what they see as the role of the Orwellian Big Brother, the principal focus of this book is the fraternity of Little Brothers-the corporations and individuals who seek to profit from gathering personal information about others.

Vast amounts of data are collected by service providers and system administ- tors, and are available in public information systems. Data mining technologies provide an ideal framework to assist in analyzing such collections for computer security and surveillance-related endeavors. For instance, system administrators can apply data mining to summarize activity patterns in access logs so that potential malicious incidents can be further investigated. Beyond computer - curity, data mining technology supports intelligence gathering and summari- tion for homeland security. For years, and most recently fueled by events such as September 11, 2001, government agencies have focused on developing and applying data mining technologies to monitor terrorist behaviors in public and private data collections. Theapplicationof data mining to person-speci?cdata raisesseriousconcerns regarding data con?dentiality and citizens' privacy rights. These concerns have led to the adoption of various legislation and policy controls. In 2005, the - ropean Union passed a data-retention directive that requires all telephone and Internetservice providersto store data ontheir consumers for up to two yearsto assist in the prevention of terrorismand organized crime. Similar data-retention regulationproposalsareunderheateddebateintheUnitedStatesCongress. Yet, the debate often focuses on ethical or policy aspects of the problem, such that resolutions have polarized consequences; e. g. , an organization can either share data for data mining purposes or it can not. Fortunately, computer scientists, and data mining researchers in particular, have recognized that technology can beconstructedtosupportlesspolarizedsolutions. Computerscientistsaredev- oping technologies that enable data mining goals without sacri?cing the privacy and security of the individuals to whom the data correspond.

This book highlights recent advances in smart cities technologies, with a focus on new technologies such as biometrics, blockchains, data encryption, data mining, machine learning, deep learning, cloud security, and mobile security. During the past five years, digital cities have been emerging as a technology reality that will come to dominate the usual life of people, in either developed or developing countries. Particularly, with big data issues from smart cities, privacy and security have been a widely concerned matter due to its relevance and sensitivity extensively present in cybersecurity, healthcare, medical service, e-commercial, e-governance, mobile banking, e-finance, digital twins, and so on. These new topics rises up with the era of smart cities and mostly associate with public sectors, which are vital to the modern life of people. This volume summarizes the recent advances in addressing the challenges on big data privacy and security in smart cities and points out the future research direction around this new challenging topic.

This book provides emergent knowledge relating to physical, cyber, and human risk mitigation in a practical and readable approach for the corporate environment. It presents and discusses practical applications of risk management techniques along with useable practical policy change options. This practical organizational security management approach examines multiple aspects of security to protect against physical, cyber, and human risk. A practical more tactical focus includes managing vulnerabilities and applying countermeasures. The book guides readers to a greater depth of understanding and action-oriented options.

The Book presents an overview of newly developed watermarking techniques in various independent and hybrid domains Covers the basics of digital watermarking, its types, domain in which it is implemented and the application of machine learning algorithms onto digital watermarking Reviews hardware implementation of watermarking Discusses optimization problems and solutions in watermarking with a special focus on bio-inspired algorithms Includes a case study along with its MATLAB code and simulation results

The Internet of Things (IoT), with its technological advancements and massive innovations, is building the idea of inter-connectivity among everyday life objects. With an explosive growth in the number of Internet-connected devices, the implications of the idea of IoT on enterprises, individuals, and society are huge. IoT is getting attention from both academia and industry due to its powerful real-time applications that raise demands to understand the entire spectrum of the field. However, due to increasing security issues, safeguarding the IoT ecosystem has become an important concern. With devices and information becoming more exposed and leading to increased attack possibilities, adequate security measures are required to leverage the benefits of this emerging concept. Internet of Things Security: Principles, Applications, Attacks, and Countermeasures is an extensive source that aims at establishing an understanding of the core concepts of IoT among its readers and the challenges and corresponding countermeasures in the field. Key features: Containment of theoretical aspects, as well as recent empirical findings associated with the underlying technologies Exploration of various challenges and trade-offs associated with the field and approaches to ensure security, privacy, safety, and trust across its key elements Vision of exciting areas for future research in the field to enhance the overall productivity This book is suitable for industrial professionals and practitioners, researchers, faculty members, and students across universities who aim to carry out research and development in the field of IoT security.

A brand-new edition of the popular introductory textbook that explores how computer hardware, software, and networks work Computers are everywhere. Some are highly visible, in laptops, tablets, cell phones, and smart watches. But most are invisible, like those in appliances, cars, medical equipment, transportation systems, power grids, and weapons. We never see the myriad computers that quietly collect, share, and sometimes leak personal data about us. Governments and companies increasingly use computers to monitor what we do. Social networks and advertisers know more about us than we should be comfortable with. Criminals have all-too-easy access to our data. Do we truly understand the power of computers in our world? In this updated edition of Understanding the Digital World, Brian Kernighan explains how computer hardware, software, and networks work. Topics include how computers are built and how they compute; what programming is; how the Internet and web operate; and how all of these affect security, privacy, property, and other important social, political, and economic issues. Kernighan touches on fundamental ideas from computer science and some of the inherent limitations of computers, and new sections in the book explore Python programming, big data, machine learning, and much more. Numerous color illustrations, notes on sources for further exploration, and a glossary explaining technical terms and buzzwords are included. Understanding the Digital World is a must-read for readers of all backgrounds who want to know more about computers and communications.

In this book, Yuko Suda examines the Safe Harbor debate, the passenger name record (PNR) dispute, and the Society for Worldwide Interbank Financial Transactions (SWIFT) affair to understand the transfer of personal data from the European Union (EU) to the United States. She argues that the Safe Harbor, PNR, and SWIFT agreements were made to mitigate the potentially negative effects that may arise from the beyond-the-border reach of EU data protection rules or US counterterrorism regulation. A close examination of these high-profile cases would reveal how beyond-the-border reach of one jurisdiction's regulation might affect another jurisdiction's policy and what responses the affected jurisdiction possibly makes to manage the effects of such extraterritorial regulation. The Politics of Data Transfer adds another dimension to the study of transatlantic data conflicts by assuming that the cases exemplify not only the politics of data privacy but also the politics of extraterritorial regulation. A welcome and timely collection uncovering the evolution of and prospects for the politics of data privacy in the digitalized and interconnected world.

Welcome to the 2nd International Conference on Image and Video Retrieval, CIVR2003. The goal of CIVR is to illuminate the state of the art in visual information retrieval and to stimulate collaboration between researchers and practitioners. This year we received 110 submissions from 26 countries. Based upon the reviews of at least 3 members of the program committee, 43 papers were accepted for the research track of the conference. First, we would like to thank all of the members of the Program Committee and the additional referees listed below. Their reviews of the submissions played a pivotal role in the quality of the conference. Moreover, we are grateful to Nicu Sebe and Xiang Zhou for helping to organize the review process; Shih-Fu Chang and Alberto del Bimbo for setting up the practitioner track; and Erwin Bakker for editing the proceedings and designing the conference poster. Special thanks go to our keynote and plenary speakers, Nevenka Dimitrova fromPhilipsResearch, RameshJainfromGeorgiaTech, ChrisPorterfromGetty Images, andAlanSmeatonfromDublinCityUniversity.Furthermore, wewishto acknowledge our sponsors, the Beckman Institute at the University of Illinois at Urbana-Champaign, TsingHuaUniversity, theInstitutionofElectricalEngineers (IEE), PhilipsResearch, andtheLeidenInstituteofAdvancedComputerScience at Leiden University. Finally, we would like to express our thanks to severalpeople who performed important work related to the organization of the conference: Jennifer Quirk and Catherine Zech for the localorganizationat the BeckmanInstitute; Richard Harvey for his help with promotional activity and sponsorship for CIVR2003; andtotheorganizingcommitteeofthe?rstCIVRforsettinguptheinternational mission and structure of the co

This book constitutes the thoroughly refereed post-proceedings of the 5th International Conference on Financial Cryptography, FC 2001, held in Grand Cayman, British West Indies, in February 2001.The 20 revised full papers presented together with various panel statements and one invited paper were carefully selected during two rounds of reviewing and improvement. The papers are organized in topical sections on managing payment transaction costs, trust and risk management, groups and anonymity, certificates and authentication, credit card security, markets and multiparty computation, digital signatures and financial cryptography, and auctions.

This book constitutes the refereed proceedings of the 22nd International Cryptology Conference, CRYPTO 2002, held in Santa Barbara, CA, in August 2002.The 39 revised full papers presented were carefully reviewed and selected from a total of 175 submissions. The papers are organized in topical sections on block ciphers, multi-user oriented cryptosystems, foundations and methodology, security and practical protocols, secure multiparty computation, public key encryption, information theory and secret sharing, cipher design and analysis, elliptic curves and Abelian varieties, authentication, distributed cryptosystems, pseudorandomness, stream ciphers and Boolean functions, commitment schemes, and signature schemes.

Inference control in statistical databases, also known as statistical disclosure limitation or statistical confidentiality, is about finding tradeoffs to the tension between the increasing societal need for accurate statistical data and the legal and ethical obligation to protect privacy of individuals and enterprises which are the source of data for producing statistics. Techniques used by intruders to make inferences compromising privacy increasingly draw on data mining, record linkage, knowledge discovery, and data analysis and thus statistical inference control becomes an integral part of computer science.This coherent state-of-the-art survey presents some of the most recent work in the field. The papers presented together with an introduction are organized in topical sections on tabular data protection, microdata protection, and software and user case studies.

This book constitutes the thoroughly refereed post-proceedings of the International Workshop on Security and Privacy in Digital Rights Management, DRM 2001, held during the ACM CCS-8 Conference in Philadelphia, PA, USA, in November 2001.The 14 revised full papers presented were carefully reviewed and selected from 50 submissions. The papers are organized in topical sections on renewability, fuzzy hashing, cryptographic techniques and fingerprinting, privacy and architectures, software tamper resistance, cryptanalysis, and economic and legal aspects.

This book constitutes the refereed proceedings of the 21st International Conference on Computer Safety, Reliability and Security, SAFECOMP 2002, held in Catania, Italy in September 2002.The 27 revised papers presented together with 3 keynote presentations were carefully reviewed and selected from 69 submissions. The papers are organized in topical sections on human-computer system dependability, human factors, security, dependability assessment, application of formal methods, reliability assessment, design for dependability, and safety assessment.

This open access book provides researchers and professionals with a foundational understanding of online privacy as well as insight into the socio-technical privacy issues that are most pertinent to modern information systems, covering several modern topics (e.g., privacy in social media, IoT) and underexplored areas (e.g., privacy accessibility, privacy for vulnerable populations, cross-cultural privacy). The book is structured in four parts, which follow after an introduction to privacy on both a technical and social level: Privacy Theory and Methods covers a range of theoretical lenses through which one can view the concept of privacy. The chapters in this part relate to modern privacy phenomena, thus emphasizing its relevance to our digital, networked lives. Next, Domains covers a number of areas in which privacy concerns and implications are particularly salient, including among others social media, healthcare, smart cities, wearable IT, and trackers. The Audiences section then highlights audiences that have traditionally been ignored when creating privacy-preserving experiences: people from other (non-Western) cultures, people with accessibility needs, adolescents, and people who are underrepresented in terms of their race, class, gender or sexual identity, religion or some combination. Finally, the chapters in Moving Forward outline approaches to privacy that move beyond one-size-fits-all solutions, explore ethical considerations, and describe the regulatory landscape that governs privacy through laws and policies. Perhaps even more so than the other chapters in this book, these chapters are forward-looking by using current personalized, ethical and legal approaches as a starting point for re-conceptualizations of privacy to serve the modern technological landscape. The book's primary goal is to inform IT students, researchers, and professionals about both the fundamentals of online privacy and the issues that are most pertinent to modern information systems. Lecturers or teachers can assign (parts of) the book for a "professional issues" course. IT professionals may select chapters covering domains and audiences relevant to their field of work, as well as the Moving Forward chapters that cover ethical and legal aspects. Academics who are interested in studying privacy or privacy-related topics will find a broad introduction in both technical and social aspects.

The Cambridge International Workshop on Security Protocols has now run for eight years. Each year we set a theme, focusing upon a speci?c aspect of security protocols, and invite position papers. Anybody is welcome to send us a position paper (yes, you are invited) and we don t insist they relate to the current theme in an obvious way. In our experience, the emergence of the theme as a unifying threadtakesplaceduringthediscussionsattheworkshopitself.Theonlyground rule is that position papers should formulate an approach to some unresolved issues, rather than being a description of a ?nished piece of work. Whentheparticipantsmeet, wetrytofocusthediscussionsupontheconc- tual issues which emerge. Security protocols link naturally to many other areas of Computer Science, and deep water can be reached very quickly. Afterwards, we invite participants to re-draft their position papers in a way which exposes the emergent issues but leaves open the way to their further development. We also prepare written transcripts of the recorded discussions. These are edited (in some cases very heavily) to illustrate the way in which the di?erent arguments and perspectives have interacted. We publish these proceedings as an invitation to the research community. Although many interesting results ?rst see the light of day in a volume of our proceedings, laying claim to these is not our primary purpose of publication. Rather, we bring our discussions and insights to a wider audience in order to suggest new lines of investigation which the community may fruitfully pursue."

This book constitutes the refereed proceedings of the Fourth International Workshop on Recent Advances in Intrusion Detection, RAID 2001, held in Davis, CA, USA, in October 2001.The 12 revised full papers presented were carefully reviewed and selected from a total of 55 submissions. The papers are organized in sections on logging, cooperation, anomaly detection, intrusion tolerance, legal aspects and specification-based IDS.

This book constitutes the refereed proceedings of the Second International Conference on Research in Smart Cards, E-smart 2001, held in Cannes, France, in September 2001. The 20 revised full papers presented were carefully reviewed and selected from 38 submissions. Among the topics addressed are biometrics, cryptography and electronic signatures on smart card security, formal methods for smart card evaluation and certification, architectures for multi-applications and secure open platforms, and middleware for smart cards and novel applications of smart cards.

ACISP2001,theSixthAustralasianConferenceonInformationSecurityandP- vacy,washeldinSydney,Australia. TheconferencewassponsoredbyInfor- tionandNetworkedSystemSecurityResearch(INSSR),MacquarieUniversity, theAustralianComputerSociety,andtheUniversityofWesternSydney. Iam gratefultoalltheseorganizationsfortheirsupportoftheconference. Theaimofthisconferencewastodrawtogetherresearchers,designers,and usersofinformationsecuritysystemsandtechnologies. Theconferenceprogram addressedarangeofaspectsfromsystemandnetworksecuritytosecureInternet applicationstocryptographyandcryptanalysis. Thisyeartheprogramcomm- teeinvitedtwointernationalkeynotespeakersDr. YacovYacobifromMicrosoft Research (USA) and Dr. Cli?ord Neumann from the University of Southern California(USA). Dr. Yacobi'stalkaddressedtheissuesoftrust,privacy,and anti-piracyinelectroniccommerce. Dr. Neumann'ACISP2001,theSixthAustralasianConferenceonInformationSecurityandP- vacy,washeldinSydney,Australia. TheconferencewassponsoredbyInfor- tionandNetworkedSystemSecurityResearch(INSSR),MacquarieUniversity, theAustralianComputerSociety,andtheUniversityofWesternSydney. Iam gratefultoalltheseorganizationsfortheirsupportoftheconference. Theaimofthisconferencewastodrawtogetherresearchers,designers,and usersofinformationsecuritysystemsandtechnologies. Theconferenceprogram addressedarangeofaspectsfromsystemandnetworksecuritytosecureInternet applicationstocryptographyandcryptanalysis. Thisyeartheprogramcomm- teeinvitedtwointernationalkeynotespeakersDr. YacovYacobifromMicrosoft Research (USA) and Dr. Cli?ord Neumann from the University of Southern California(USA). Dr. Yacobi'stalkaddressedtheissuesoftrust,privacy,and anti-piracyinelectroniccommerce. Dr. Neumann'saddresswasconcernedwith authorizationpolicyissuesandtheirenforcementinapplications. Theconferencereceived91papersfromAmerica,Asia,Australia,and- rope. The program committee accepted 38 papers and these were presented insome9sessionscoveringsystemsecurity,networksecurity,trustandaccess control,Authentication,cryptography,cryptanalysis,DigitalSignatures,Elliptic CurveBasedTechniques,andSecretSharingandThresholdSchemes. Thisyear theacceptedpaperscamefromarangeofcountries,including7fromAustralia, 8fromKorea,7fromJapan,3fromUK,3fromGermany,3fromUSA,2from Singapore,2fromCanadaand1fromBelgium,Estonia,andTaiwan. Organizingaconferencesuchasthisoneisatime-consumingtaskandIwould liketothankallthepeoplewhoworkedhardtomakethisconferenceasuccess. Inparticular,IwouldliketothankProgramCo-chairYiMuforhistirelesswork andthemembersoftheprogramcommitteeforputtingtogetheranexcellent program,andallthesessionchairsandspeakersfortheirtimeande?ort. Special thanks to Yi Mu, Laura Olsen, Rajan Shankaran, and Michael Hitchens for theirhelpwithlocalorganizationdetails. Finally,Iwouldliketothankallthe authorswhosubmittedpapersandalltheparticipantsofACISP2001. Ihope thattheprofessionalcontactsmadeatthisconference,thepresentations,and theproceedingshaveo?eredyouinsightsandideasthatyoucanapplytoyour owne?ortsinsecurityandprivacy. July2001 VijayVaradharajan AUSTRALASIANCONFERENCEON INFORMATIONSECURITYANDPRIVACY ACISP2001 Sponsoredby MacquarieUniversity AustralianComputerSociety General Chair: VijayVaradharajan MacquarieUniversity,Australia Program Chairs: VijayVaradharajan MacquarieUniversity,Australia YiMu MacquarieUniversity,Australia Program Committee: RossAnderson CambridgeUniversity,UK ColinBoyd QueenslandUniversityofTechnology,Australia EdDawson QueenslandUniversityofTechnology,Australia YvoDesmedt FloridaStateUniversity,USA PaulEngland Microsoft YairFrankel ColumbiaUniversity,USA AjoyGhosh UNISYS,Australia DieterGollman Microsoft JohnGordon ConceptLabs,UK KwangjoKim ICU,Korea ChuchangLiu DSTO,Australia MasahiroMambo TohokuUniversity,Japan WenboMao Hewlett-PackardLab. ,UK ChrisMitchell LondonUniversity,UK EijiOkamoto UniversityofWisconsin,USA JoePato Hewlett-PackardLab. ,USA JosefPieprzyk MacquarieUniversity,Australia BartPreneel KatholiekeUniversity,Belgium SteveRoberts WithamPtyLtd,Australia QingSihan AcademyofScience,China ReiSafavi-Naini UniversityofWollongong,Australia JenniferSeberry UniversityofWollongong,Australia YuliangZheng MonashUniversity,Australia TableofContents AFewThoughtsonE-Commerce...1 YacovYacobi NewCBC-MACForgeryAttacks...3 KarlBrincat,ChrisJ. Mitchell CryptanalysisofaPublicKeyCryptosystemProposedatACISP2000...15 AmrYoussef,GuangGong ImprovedCryptanalysisoftheSelf-ShrinkingGenerator ...21 ErikZenner,MatthiasKrause,StefanLucks AttacksBasedonSmallFactorsinVariousGroupStructures ...36 ChrisPavlovski,ColinBoyd OnClassifyingConferenceKeyDistributionProtocols...51 ShahrokhSaeednia,ReiSafavi-Naini,WillySusilo PseudorandomnessofMISTY-TypeTransformationsandtheBlockCipher KASUMI ...60 Ju-SungKang,OkyeonYi,DowonHong,HyunsookCho NewPublic-KeyCryptosystemUsingDivisorClassGroups...74 HwankooKim,SangJaeMoon FirstImplementationofCryptographicProtocolsBasedonAlgebraic NumberFields...84 AndreasMeyer,StefanNeis,ThomasPfahler PracticalKeyRecoverySchemes...104 Sung-MingYen Non-deterministicProcessors...115 DavidMay,HenkL. Muller,NigelP. Smart PersonalSecureBooting...130 NaomaruItoi,WilliamA. Arbaugh,SamuelaJ. Pollack, DanielM. Reeves EvaluationofTamper-ResistantSoftwareDeviatingfromStructured ProgrammingRules...145 HideakiGoto,MasahiroMambo,HirokiShizuya,YasuyoshiWatanabe AStrategyforMLSWork?ow...1 59 VladIngarWietrzyk,MakotoTakizawa,VijayVaradharajan X TableofContents Condition-DrivenIntegrationofSecurityServices ...176 Cli?ordNeumann SKETHIC:SecureKernelExtensionagainstTrojanHorseswith Information-CarryingCodes...177 Eun-SunCho,SunhoHong,SechangOh,Hong-JinYeh,ManpyoHong, Cheol-WonLee,HyundongPark,Chun-SikPark SecureandPrivateDistributionofOnlineVideoandSomeRelated CryptographicIssues...190 FengBao,RobertDeng,PeirongFeng,YanGuo,HongjunWu PrivateInformationRetrievalBasedontheSubgroupMembership Problem...206 AkihiroYamamura,TaiichiSaito APracticalEnglishAuctionwithOne-TimeRegistration ...221 KazumasaOmote,AtsukoMiyaji AUserAuthenticationSchemewithIdentityandLocationPrivacy...235 ShouichiHirose,SusumuYoshida AnEnd-to-EndAuthenticationProtocolinWirelessApplicationProtocol. 247 Jong-PhilYang,WeonShin,Kyung-HyuneRhee ErrorDetectionandAuthenticationinQuantumKeyDistribution ...260 AkihiroYamamura,HirokazuIshizuka AnAxiomaticBasisforReasoningaboutTrustinPKIs...274 ChuchangLiu,MarisOzols,TonyCant AKnowledge-BasedApproachtoInternetAuthorizations...292 AlongLin ApplicationsofTrustedReviewtoInformationSecurity...3 05 JohnYesberg,MarieHenderson NetworkSecurityModelingandCyberAttackSimulationMethodology...320 Sung-DoChi,JongSouPark,Ki-ChanJung,Jang-SeLee CryptographicSalt:ACountermeasureagainstDenial-of-ServiceAttacks. . 334 DongGookPark,JungJoonKim,ColinBoyd,EdDawson EnhancedModesofOperationfortheEncryptioninHigh-SpeedNetworks andTheirImpactonQoS...

Invasion of privacy and misuse of personal data are among the most obvious negative effects of today's information and communication technologies. Besides technical issues from a variety of fields, privacy legislation, depending on national activities and often lacking behind technical progress, plays an important role in designing, implementing, and using privacy-enhancing systems.Taking into account technical aspects from IT security, this book presents in detail a formal task-based privacy model which can be used to technically enforce legal privacy requirements. Furthermore, the author specifies how the privacy model policy has been implemented together with other security policies in accordance with the Generalized Framework for Access Control (GFAC).This book will appeal equally to R&D professionals and practitioners active in IT security and privacy, advanced students, and IT managers.

Since 1998, RAID has established its reputation as the main event in research on intrusion detection, both in Europe and the United States. Every year, RAID gathers researchers, security vendors and security practitioners to listen to the most recent research results in the area as well as experiments and deployment issues. This year, RAID has grown one step further to establish itself as a well-known event in the security community, with the publication of hardcopy proceedings. RAID 2000 received 26 paper submissions from 10 countries and 3 continents. The program committee selected 14 papers for publication and examined 6 of them for presentation. In addition RAID 2000 received 30 extended abstracts proposals; 15 of these extended abstracts were accepted for presentation. - tended abstracts are available on the website of the RAID symposium series, http: //www.raid-symposium.org/. We would like to thank the technical p- gram committee for the help we received in reviewing the papers, as well as all the authors for their participation and submissions, even for those rejected. As in previous RAID symposiums, the program alternates between fun- mental research issues, such as newtechnologies for intrusion detection, and more practical issues linked to the deployment and operation of intrusion det- tion systems in a real environment. Five sessions have been devoted to intrusion detection technology, including modeling, data mining and advanced techniques

Today the vast majority of the world's information resides in, is derived from, and is exchanged among multiple automated systems. Critical decisions are made, and critical action is taken based on information from these systems. Therefore, the information must be accurate, correct, and timely, and be manipulated, stored, retrieved, and exchanged safely, reliably, and securely. In a time when information is considered the latest commodity, information security should be top priority.
A Practical Guide to Security Engineering and Information Assurance gives you an engineering approach to information security and information assurance (IA). The book examines the impact of accidental and malicious intentional action and inaction on information security and IA. Innovative long-term vendor, technology, and application-independent strategies show you how to protect your critical systems and data from accidental and intentional action and inaction that could lead to system failure or compromise.
The author presents step-by-step, in-depth processes for defining information security and assurance goals, performing vulnerability and threat analysis, implementing and verifying the effectiveness of threat control measures, and conducting accident and incident investigations. She explores real-world strategies applicable to all systems, from small systems supporting a home-based business to those of a multinational corporation, government agency, or critical infrastructure system.
The information revolution has brought its share of risks. Exploring the synergy between security, safety, and reliability engineering, A Practical Guide to Security Engineering and Information Assurance consolidates and organizes current thinking about information security/IA techniques, approaches, and best practices. As this book will show you, there is considerably more to information security/IA than firewalls, encryption, and virus protection.

ICICS 99, the Second International Conference on Information and C- munication Security, was held in Sydney, Australia, 9-11 November 1999. The conference was sponsored by the Distributed System and Network Security - search Unit, University of Western Sydney, Nepean, the Australian Computer Society, IEEE Computer Chapter (NSW), and Harvey World Travel. I am g- teful to all these organizations for their support of the conference. The conference brought together researchers, designers, implementors and users of information security systems and technologies. A range of aspects was addressed from security theory and modeling to system and protocol designs and implementations to applications and management. The conference con- sted of a series of refereed technical papers and invited technical presentations. The program committee invited two distinguished key note speakers. The ?rst keynote speech by Doug McGowan, a Senior Manager from Hewlett-Packard, USA, discussed cryptography in an international setting. Doug described the current status of international cryptography and explored possible future trends and new technologies. The second keynote speech was delivered by Sushil Ja- dia of George Mason University, USA. Sushil s talk addressed the protection of critical information systems. He discussed issues and methods for survivability of systems under malicious attacks and proposed a fault-tolerance based - proach. The conference also hosted a panel on the currently much debated topic of Internet censorship. The panel addressed the issue of censorship from various viewpoints namely legal, industrial, governmental and technical."

The4thAustralasianConferenceonInformationSecurityandPrivacywasheld attheUniversityofWollongong, Australia. Theconferencewassponsoredby theCentreforComputerSecurityResearch, UniversityofWollongong, andthe AustralianComputerSociety. Theaimoftheconferencewastobringtogether peopleworkingindi erentareasofcomputer, communication, andinformation securityfromuniversities, industry, andgovernmentinstitutions. Theconference gavetheparticipantsanopportunitytodiscussthelatestdevelopmentsinthe quicklygrowingareaofinformationsecurityandprivacy. Theprogramcommitteeaccepted26papersfrom53submitted. Fromthose accepted, thirteen papers were from Australia, two each from Belgium and China, andoneeachfromAustria, Belarus, France, India, Japan, Korea, Sin- pore, theUSA, andYugoslavia. Conferencesessionscoveredthefollowingtopics: accesscontrolandsecuritymodels, networksecurity, Booleanfunctions, group communication, cryptanalysis, keymanagementsystems, electroniccommerce, signatureschemes, RSAcryptosystems, andoddsandends. We would like to thank the members of the program committee who - nerouslyspenttheirtimereadingandevaluatingthepapers. Wewouldalsolike tothankmembersoftheorganisingcommitteeand, inparticular, ChrisCh- nes, HosseinGhodosi, MarcGysin, Tiang-BingXia, Cheng-XinQu, SanYeow Lee, YejingWang, Hua-XiongWang, Chih-HungLi, WillySusilo, ChintanShah, Je reyHorton, andGhulamRasoolChaudhryfortheircontinuousandtireless e ortinorganisingtheconference. Finally, wewouldliketothanktheauthorsof allthesubmittedpapers, especiallytheacceptedones, andalltheparticipants whomadetheconferenceasuccessfulevent. February1999 JosefPieprzyk ReiSafavi-Naini JenniferSeberry FOURTHAUSTRALASIANCONFERENCE ONINFORMATIONSECURITY ANDPRIVACY ACISP 99 Sponsoredby CenterforComputerSecurityResearch UniversityofWollongong, Australia and AustralianComputerSociety GeneralChair: JenniferSeberry UniversityofWollongong ProgramCo-Chairs: JosefPieprzyk UniversityofWollongong ReiSafavi-Naini UniversityofWollongong ProgramCommittee: ColinBoyd QueenslandUniversityofTechnology, Australia LawrieBrown AustralianDefenceForceAcademy, Australia BillCaelli QueenslandUniversityofTechnology, Australia EdDawson QueenslandUniversityofTechnology, Australia CunshengDing NationalUniversityofSingapore, Singapore DieterGollmann MicrosoftResearch, UK YongfeiHan Gemplus, Singapore ThomasHardjono BayNetworks, US ErlandJonsson ChalmersUniversity, Sweden SveinKnapskog UniversityofTrondheim, Norway KeithMartin KatholiekeUniversiteitLeuven, Belgium CathyMeadows NavalResearchLaboratory, US KaisaNyberg NokiaResearchCenter, Finland Choon-SikPark ElectronicsandTelecommunicationResearchInstitute, Korea DingyiPei AcademiaSinica, China SteveRoberts WithamPtyLtd, Australia ConferenceOrganization VII GregRose Qualcomm, Australia RaviSandhu GeorgeMasonUniversity, US Sta ordTavares Queen sUniversity, Canada VijayVaradharajan WesternSydneyUniversity, Australia YuliangZheng MonashUniversity, Australia Referees N. Asokan ZhangJiang DingyiPei YunBai ErlandJonsson JosefPieprzyk SimonBlackburn SveinKnapskog VincentRijmen ColinBoyd HuLei SteveRoberts LawrieBrown LeszekMaciaszek GregRose BillCaelli KeithMartin ReiSafavi-Naini EdDawson CathyMeadows RaviSandhu CunshengDing BillMillan RajanShankaran GaryGaskell QiMing Sta ordTavares JanuszGetta Sang-JaeMoon VijayVaradharajan DieterGollmann YiMu Kapaleeswaran MarcGysin KennyNguyen Viswanathan YongfeiHan KaisaNyberg ChuanWu ThomasHardjono Choon-SikPark YuliangZheng. TableofContents BooleanFunctions BooleanFunctionDesignUsingHillClimbingMethods WilliamMillan, AndrewClark, andEdDawson. . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 EnumerationofCorrelationImmuneBooleanFunctions SubhamoyMaitraandPalashSarkar. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 OntheSymmetricPropertyofHomogeneousBooleanFunctions ChengxinQu, JenniferSeberry, andJosefPieprzyk. . . . . . . . . . . . . . . . . . . . . . . . 26 KeyManagement PubliclyVeri ableKeyEscrowwithLimitedTimeSpan KapaliViswanathan, ColinBoyd, andEdDawson. . . . . . . . . . . . . . . . . . . . . . . . . 36 AcceleratingKeyEstablishmentProtocolsforMobileCommunication SeungwonLee, Seong-MinHong, HyunsooYoon, andYookunCho. . . . . . . . . 51 ConferenceKeyAgreementfromSecretSharing Chih-HungLiandJosefPieprzyk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Cryptanalysis Onm-PermutationProtectionSchemeAgainstModi cationAttack W. W. FungandJ. W. Gray, III. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 InversionAttackandBranching JovanDj. Golic, AndrewClark, andEdDawson . . . . . . . . . . . . . . . . . . . . . . . . . . 88 Signatures Fail-StopThresholdSignatureSchemesBasedonEllipticCurves WillySusilo, ReiSafavi-Naini, andJosefPieprzyk. . . . . . . . . . . . . . . . . . . . . . . 103 DivertibleZero-KnowledgeProofofPolynomialRelationsand BlindGroupSignature KhanhQuocNguyen, YiMu, andVijayVaradharajan. . . . . . . . . . . . . . . . . . . . 117 RepudiationofCheatingandNon-repudiationof Zhang sProxySignatureSchemes HosseinGhodosiandJosefPieprzyk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 X TableofContents RSACryptosystems OntheSecurityofanRSABasedEncryptionScheme SigunaMul ]ler . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135 GeneralisedCyclingAttacksonRSAandStrongRSAPrimes MarcGysinandJenniferSeberry. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 RSAAccelerationwithFieldProgrammableGateArrays AlexanderTiountchikandElenaTrichina. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164 GroupCryptography ChangingThresholdsintheAbsenceofSecureChannels KeithM. Martin, JosefPieprzyk, ReiSafavi-Naini, andHuaxiongWang . 177 ASelf-Certi edGroup-OrientedCryptosystemWithoutaCombiner ShahrokhSaeedniaandHosseinGhodosi . . . . . . . . . . . . . . . . . . . .

The Department of Electrical Engineering-ESAT at the Katholieke Universiteit Leuven regularly runs a course on the state of the art and evolution of computer security and industrial cryptography. The rst course took place in 1983, the second in 1989, and since then the course has been a biennial event. The course is intended for both researchers and practitioners from industry and government. It covers the basic principles as well as the most recent - velopments. Our own interests mean that the course emphasizes cryptography, but we also ensure that the most important topics in computer security are covered. We try to strike a good balance between basic theory and real-life - plications, between mathematical background and judicial aspects, and between recent technical developments and standardization issues. Perhaps the greatest strength of the course is the creation of an environment that enables dialogue between people from diverse professions and backgrounds. In 1993, we published the formal proceedings of the course in the Lecture Notes in Computer Science series (Volume 741). Since the el d of cryptography has advanced considerably during the interim period, there is a clear need to publish a new edition. Since 1993, several excellent textbooks and handbooks on cryptology have been published and the need for introductory-level papers has decreased. The growth of the main conferences in cryptology (Eurocrypt, Crypto, and Asiacrypt) shows that interest in the eld is increasing