The EUROCRYPT '96 conference was sponsored by the International Asso- ation for Cryptologic Research (IACR)l, in cooperation with the University of Saragossa. It took place at the Palacio de Congresos in Saragossa, Spain, during May 12-16, 1996. This was the fifteenth annual EUROCRYPT conference (this name has been used since the third conference held in 1984), each of which has been held in a different city in Europe. For the second time, proceedings were available at the conference. JosC Pastor Franco, the General Chair, was resp- sible for local organization and registration. His contribution to the snccess of the conference is gratefully acknowledged. The Program Committee considered 126 submitted papers and selected 34 for presentation. Each paper was sent to all members of the Program Committee and was assigned to at least three of them for careful evaluation. There were also two invited talks. James L. Massey, this year's IACR Distinguished Ltcturer, gave a lecture entitled "The difficulty with difficulty". Massey is the third to receive this honor, the first two being Gustavus Simmons and Adi Shamir. Shafi Goldwasser gave an invited talk entitled "Multi party secure protocols: past and present". These proceedings contain revised versions of the 34 contributed talks. While the papers were carefully selected, they have not been refereed like submissions to a refereed journal. The authors bear full responsibility for the contents of their papers. Some authors may write final versions of their papers for publication in a refereed journal.

EUROCRYPT '95. Sponsored by the International Association for Cryp- logic Research (IACR), in cooperation with the Centre Commun d'Etudes de T616vision et T61Qcommunications (CCETT), a workshop on the theory and - plications of cryptographic techniques takes place at the Palais du Grand Large, Saint Malo, France, May 21-25, 1995. The General Chair of EUROCRYPT '95 is Franqoise Scarabin. The Or- nization Committee was helped by Maryvonne Lahaie and her communication team. Moreover, the CCETT has generously provided the help of a young - glish lady, Miss Virginia Cooper, for the secretariat of both the Organization arid Program Committees. They all did an excellent job in preparing the conference. It is our pleasure to thank them for their essential work. IACR and EUROCRYPT. According to a very good suggestion expressed during CRYPTO '82, the Association was established at CRYPTO '83. Today, the Association has approximately 600 members and the mailing file managed by its Secretariat consists of more than 2 000 names. The main goal of the Association is the sponsoring of two annual conferences: CRYPTO, every summer at the University of California, Santa Barbara (UCSB), and EUROCRYPT, every spring in a different European country. Moreover, the Association edits quarterly the Journal of Cryptology (JoC).

This manual documents the outcome of the EC sponsored project RACE Integrity Primitives Evaluation (R1040), RIPE. This project is a huge joint 350 man-month project conducted by 16 leading European security experts.
This book offers expert advice to professionals seeking to secure information systems by applying up-to-date cryptographic techniques. The core of this volume is a detailed integrity primitives portfolio recommendation. Among the issues addressed are security services, integrity mechanisms, data origin authentication, entity authentication, access control, data integrity, non-repudiation, signatures, and key exchange.

Safety-related computer systems are those which may lead to loss of life, injury or plant and environmental damage. Such systems therefore have to be developed and implemented so that they meet strict require and security because their applications cover ments on safety, reliability nearly all areas of daily life and range from controlling and monitoring industrial processes, through robotics and power generation, to transport systems. Highly reliable electronic systems for safety-related applications represent an area in which industry has been involved for many years and which is now gaining increasing importance in academia. Their relevance also results from an increased perception of safety by society. Therefore, not only are technicians involved in this area, but psycho logical and sociological aspects also play a major role. Dealing with safety-related systems we have to consider the whole lifecycle of these systems, starting from specification up to implementation, assessment and operation. All those issues mentioned above are covered in this book, which represents the proceedings of the 14th International Conference on Computer Safety, Reliability and Security, SAFECOMP '95, held in Belgirate, Italy, 11-13 October 1995. The conference continues the series of SAFECOMP conferences which was originated by the European Workshop on Industrial Computer Systems, Technical Committee 7 on Safety, Security and Reliability (EWICS TC7) and reflects the state of the art, experience and new trends in the area of safety-related computer systems."

As a social space, the web provides researchers both with a tool and an environment to explore the intricacies of everyday life. As a site of mediated interactions and interrelationships, the 'digital' has evolved from being a space of information to a space of creation, thus providing new opportunities regarding how, where and, why to conduct social research. Doing Research In and On the Digital aims to deliver on two fronts: first, by detailing how researchers are devising and applying innovative research methods for and within the digital sphere, and, secondly, by discussing the ethical challenges and issues implied and encountered in such approaches. In two core Parts, this collection explores: content collection: methods for harvesting digital data engaging research informants: digital participatory methods and data stories . With contributions from a diverse range of fields such as anthropology, sociology, education, healthcare and psychology, this volume will particularly appeal to post-graduate students and early career researchers who are navigating through new terrain in their digital-mediated research endeavours.

Crypto'92 took place on August 16-20, 1992. It was the twelfth in the series of annual cryptology conferences held on the beautiful campus of the University of California, Santa Barbara. Once again, it was sponsored by the International Association for Cryptologic Research, in cooperation with the IEEE Computer Society Technical Committee on Security and Privacy. The conference ran smoothly, due to the diligent efforts of the g- eral chair, Spyros Magliveras of the University of Nebraska. One of the measures of the success of this series of conferences is represented by the ever increasing number of papers submitted. This year, there were 135 submissions to the c- ference, which represents a new record. Following the practice of recent program comm- tees, the papers received anonymous review. The program committee accepted 38 papers for presentation. In addition, there were two invited presentations, one by Miles Smid on the Digital Signature Standard, and one by Mike Fellows on presenting the concepts of cryptology to elementary-age students. These proceedings contains these 40 papers plus 3 papers that were presented at the Rump Session. I would like to thank all of the authors of the submitted papers and all of the speakers who presented papers. I would like to express my sincere appreciation to the work of the program committee: Ivan Damgard (Aarhus University, Denmark), Odd Goldreich (Technion, Israel), Burt Kaliski (RSA Data Security, USA), Joe Kilian (NEC, USA).

The language of business and management, and of infor mation technology, is being employed across all sectors of economic and social activity. In recent years computers and information technology (IT) in general have moved from being a scarce resource to being a more generally available commodity, without a corresponding increase in understanding of how the new generation of tools can be used. IT is available on individual desktops, supporting decision making and communication, but often conven tional organizations have failed to adapt, individuals lack competence and confidence, and senior managers lack both the strategic insight to develop appropriate strategies and the humility to accept that they need to learn. As each sector, whether business, education, public sec tor management or the community and voluntary sector, realizes that the potential of IT is not being exploited to the full, calls are issued for the development of new "hybrid managers," a term coined to describe the gap in understanding and competence that is to be filled. The two editors work in the hybrid field of business information technology, which is a melting pot of ideas and experience from numerous traditional disciplines. The pace of change is such that no one individual could ever be abreast of all technical and business develop ments, but the field is now sufficiently mature for us to identify certain underlying issues and principles, and areas of research for the coming years."

This book contains the proceedings of AUSCRYPT '92, an international conference on cryptologic research held on the Gold Coast, Australia, in December 1992. This is the third conference held outside the series of CRYPTO meetings held in Santa Barbara, California, each August and EUROCRYPT meetings held in European countries each northern spring. The first two were AUSCRYPT '90, held in Australia, and ASIACRYPT '91, held in Japan. The volume contains three invited papers and 44 contributed papers selected from 77 submissions. The articles cover all main topics in modern computer and communications security research.These include: - authentication - secret sharing - digital signatures - one-way hashing functions - design of block ciphers - cryptanalysis - cryptographic protocols - pseudo-random sequences and functions - public key cryptography.

This volume contains the proceedings of ASIACRYPT '91, the first international conference on the theory and application of cryptology to be held in the Asian area. It was held at Fujiyoshida, near Mount Fuji in Japan, in November 1991. The conference was modeled after the very successful CRYTO and EUROCRYPT series of conferences sponsored by the International Association for Cryptologic Research (IACR). The IACR and the Institute of Electronics, Information and Communication Engineers were sponsors for ASIACRYPT '91. The papers from the conference were improved and corrected for inclusion in this volume. The papers are grouped into parts on: differential cryptanalysis and DES-like cryptosystems; hashing and signature schemes; secret sharing, threshold, and authenticationcodes; block ciphers - foundations and analysis; cryptanalysis and new ciphers; proof systems and interactive protocols; public key ciphers - foundations and analysis. Also included are four invited lectures and impromptu talks from the rump session.

This volume is based on a course held several times, and again in 1993, at the ESAT Laboratorium of the Department of Electrical Engineering at the Katholieke Universiteit Leuven in Belgium. These courses are intended for both researchers in computer security and cryptography and for practitioners in industry and government. The contributors of the 1991 course were invited to submit revised and updated versions of their papers for inclusion in a book. This volume is the final result; it is well- balanced between basic theory and real life applications, between mathematical background and juridical aspects, and between technical developments and standardization issues. Some of the topics are public key cryptography, hash functions, secure protocols, digital signatures, security architectures, network security, and data encryption standards (DES).

Advances in health information technology (health IT) have the potential to improve the quality of healthcare, to increase the availability of health information for treatment, and to implement safeguards that cannot be applied easily or cost-effectively to paper-based health records. However, the digitization of health information is also raising new privacy risks and concerns. Sensitive health information in digital form is more easily aggregated, used, and shared. In addition, the rising cost of healthcare and the search for efficiency may create incentives to use the information in new ways. Research has consistently shown that while the public sees the potential value of health information exchange and technological advancements, it remains gravely concerned about the privacy of their sensitive health information. As a result, it is becoming increasingly clear that ensuring public trust will be critical to the successful implementation of nationwide health information exchange. The purpose of this second edition is two-fold: 1) to educate readers about privacy concepts and 2) highlight key privacy issues facing the nation and the healthcare community as it moves towards electronic health records and health information exchange. The first three chapters are descriptive in nature, defining privacy and distinguishing it from security, defining the complex legal landscape for health information privacy, and setting the stage for the following chapters by describing the current landscape of the evolving healthcare environment. The following chapters discuss specific privacy issues and challenges in detail. The book concludes with a chapter providing a view to the future of healthcare and the association privacy implications. This is an updated version of one of HIMSS' best-selling books on information privacy.

Secure message transmission is of extreme importance in today's information-based society. Stream encryption is a practically important means to this end. This monograph is devoted to a new aspect of stream ciphers, namely the stability theory of stream ciphers, with the purpose of developing bounds on complexity which can form part of the basis for a general theory of data security and of stabilizing stream-cipher systems. The approach adopted in this monograph is new. The topic is treated by introducing measure indexes on the security of stream ciphers, developing lower bounds on these indexes, and establishing connections among them. The treatment involves the stability of boolean functions, the stability of linear complexity of key streams, the period stability of key streams, and the stability of source codes. Misleading ideas about stream ciphers are exposed and new viewpoints presented. The numerous measure indexes and bounds on them that are introduced here, the approach based on spectrum techniques, andthe ten open problems presented will all be useful to the reader concerned with analyzing and designing stream ciphers for securing data.

Crypto '90 marked the tenth anniversary of the Crypto conferences held at the University of California at Santa Barbara. The conference was held from August 11 to August 15, 1990 and was sponsored by the International Association for Cryptologic Research, in cooperation with the IEEE Computer Society Technical Committee on Security and Privacy and the Department of Computer Science of the University of California at Santa Barbara. 227 participants from twenty countries around the world. Crypto '90 attracted Roughly 35% of attendees were from academia, 45% from industry and 20% from government. The program was intended to provide a balance between the purely theoretical and the purely practical aspects of cryptography to meet the needs and diversified interests of these various groups. The overall organization of the conference was superbly handled by the general chairperson Sherry McMahan. All of the outstanding features of Crypto, which we have come to expect over the years, were again present and, in addition to all of this, she did a magnificent job in the preparation of the book of abstracts. This is a crucial part of the program and we owe her a great deal of thanks.

It is our pleasure to thank dl those uho contributed to nial\ing thew proceeding\ possible: the authors. progriimme committee. organihing committee, I4C.K otticfrh and directors, and all the attendees. We were all deeplq saddened nhen ne lemied th,it Tore Ilerle~tam. J member 01 the programme committee, had died unexpsctedl\ Thi\ olunie I\ dedicated to liim Amsterdum, the Netherlirnds London, Englund Junuur,, 1988 __~ ...~~~. ~ ~ ~ I. Advances in C'r>ptolog?: .A Report on C'RY t'TO Si. Allen Cirr\lio. k.d. L 04. Department of P.lectrica1 and ('omputcr Engineering, S'iiita Harhara 2. C'ryptography: Proceeding\. Burg keusrwiii lYX2 (I.ecturr biotr5 in C'omptitcr Scicncr: 149). I li- mas Beth, Ed. Springer-Verlag. 1983. 3. Advanccs in C'rytology: Proceedings cif C'KY'PTO S2, I),]\ id ('hauin. Ronald L KiLcsi. and Al~n I Sherman. Eds. Plenum NY. 1YX3. 4. Advances in C'ryptology: Proceeding5 of C'K)'f)l.O S3. D;i\id ('hiiuni, kd. I'Icnuiii XY. IY84. IV ~~~ ~ ~~~_.______ 5 4dbances in Crqptolog>: Proceeding, of C'RYP'TO X4 (Lecture Notes in Computer Science: 196). G.R. Blakley and Ua\ id ('haurn. Eda. Springer-Verlag, 19x5. 6. .Advances in CTptology: Proceeding\ of C'RYPTO X5 (Lecture Notes in C'oiiiputer Sc~encc: 2 IX). tlugh C. Williams. Ed. Springer-Vrrl:ig. 1986. 7. Advances in Cqptologq : Proceedings of C'RYP10 80 (Lecture h'cite\ in C'ornputer Scwncc: 263). A.hl Odlyzko. td. Springer-Verlag. 1987. 8. No proceedings were published for ECROCRYP7 X3. which w:i\ held in Udiiie Ital?.

The storage, routing and transmission of information, either in the form of digital data or of analog signals, plays a central role in modern society. To ensure that such information is protected from access by unauthorized persons is an important new challenge. The development of the theory and practical techniques needed to meet this challenge is the goal of current cryptological research. This research is highly varied and multidisciplinary. It is concerned with fundamental problems in mathematics and theoretical computer science as well as with the engineering aspects of complex information systems. Cryptology today ranks among the most active and interesting areas of research in both science and engineering. EUROCRYPT '85 maintained the tradition of the three previous workshops in this series (Paris 1984, Udine 1983, Burg Feuerstein 1982) with its emphasis on recent developments in cryptology, but also made a concerted effort to encompass more traditional topics in cryptology such as shift register theory and system theory. The many papers on these topics in this volume are witness to the success of this effort.

Most of the devices in the Internet of Things will be battery powered sensor devices. All the operations done on battery powered devices require minimum computation. Secure algorithms like RSA become useless in the Internet of Things environment. Elliptic curve based cryptography emerges as a best solution for this problem because it provides higher security in smaller key size compare to RSA. This book focuses on the use of Elliptic Curve Cryptography with different authentication architectures and authentication schemes using various security algorithms. It also includes a review of the math required for security and understanding Elliptic Curve Cryptography.

"The data economy" is a term used by many, but properly understood by few. Even more so the concept of "big data". Both terms embody the notion of a digital world in which many transactions and data flows animate a virtual space. This is the unseen world in which technology has become the master, with the hand of the human less visible. In fact, however, it is human interaction in and around technology that makes data so pervasive and important - the ability of the human mind to extract, manipulate and shape data that gives meaning to it. This book outlines the findings and conclusions of a multidisciplinary team of data scientists, lawyers, and economists tasked with studying both the possibilities of exploiting the rich data sets made available from many human-technology interactions and the practical and legal limitations of trying to do so. It revolves around a core case study of Singapore's public transport system, using data from both the private company operating the contactless payment system (EZ-Link) and the government agency responsible for public transport infrastructure (Land Transport Authority). In analysing both the possibilities and the limitations of these data sets, the authors propose policy recommendations in terms of both the uses of large data sets and the legislation necessary to enable these uses while protecting the privacy of users.

Top analyst Leslie Gruis's timely new book argues that privacy is an individual right and democratic value worth preserving, even in a cyberized world. Since the time of the printing press, technology has played a key role in the evolution of individual rights and helped privacy emerge as a formal legal concept. All governments exercise extraordinary powers during national security crises. In the United States, many imminent threats during the twentieth century induced heightened government intrusion into the privacy of Americans. The Privacy Act of 1974 and the Foreign Intelligence Surveillance Act (FISA, 1978) reversed that trend. Other laws protect the private information of individuals held in specific sectors of the commercial world. Risk management practices were extended to computer networks, and standards for information system security began to emerge. The National Institute of Standards and Technology (NIST) incorporated many such standards into its Cybersecurity Framework, and is currently developing a Privacy Framework. These standards all contribute to a patchwork of privacy protection which, so far, falls far short of what the U.S. constitutional promise offers and what our public badly needs. Greater privacy protections for U.S. citizens will come as long as Americans remember how democracy and privacy sustain one another, and demonstrate their commitment to them.

This open access book provides researchers and professionals with a foundational understanding of online privacy as well as insight into the socio-technical privacy issues that are most pertinent to modern information systems, covering several modern topics (e.g., privacy in social media, IoT) and underexplored areas (e.g., privacy accessibility, privacy for vulnerable populations, cross-cultural privacy). The book is structured in four parts, which follow after an introduction to privacy on both a technical and social level: Privacy Theory and Methods covers a range of theoretical lenses through which one can view the concept of privacy. The chapters in this part relate to modern privacy phenomena, thus emphasizing its relevance to our digital, networked lives. Next, Domains covers a number of areas in which privacy concerns and implications are particularly salient, including among others social media, healthcare, smart cities, wearable IT, and trackers. The Audiences section then highlights audiences that have traditionally been ignored when creating privacy-preserving experiences: people from other (non-Western) cultures, people with accessibility needs, adolescents, and people who are underrepresented in terms of their race, class, gender or sexual identity, religion or some combination. Finally, the chapters in Moving Forward outline approaches to privacy that move beyond one-size-fits-all solutions, explore ethical considerations, and describe the regulatory landscape that governs privacy through laws and policies. Perhaps even more so than the other chapters in this book, these chapters are forward-looking by using current personalized, ethical and legal approaches as a starting point for re-conceptualizations of privacy to serve the modern technological landscape. The book's primary goal is to inform IT students, researchers, and professionals about both the fundamentals of online privacy and the issues that are most pertinent to modern information systems. Lecturers or teachers can assign (parts of) the book for a "professional issues" course. IT professionals may select chapters covering domains and audiences relevant to their field of work, as well as the Moving Forward chapters that cover ethical and legal aspects. Academics who are interested in studying privacy or privacy-related topics will find a broad introduction in both technical and social aspects.

In this book, Yuko Suda examines the Safe Harbor debate, the passenger name record (PNR) dispute, and the Society for Worldwide Interbank Financial Transactions (SWIFT) affair to understand the transfer of personal data from the European Union (EU) to the United States. She argues that the Safe Harbor, PNR, and SWIFT agreements were made to mitigate the potentially negative effects that may arise from the beyond-the-border reach of EU data protection rules or US counterterrorism regulation. A close examination of these high-profile cases would reveal how beyond-the-border reach of one jurisdiction's regulation might affect another jurisdiction's policy and what responses the affected jurisdiction possibly makes to manage the effects of such extraterritorial regulation. The Politics of Data Transfer adds another dimension to the study of transatlantic data conflicts by assuming that the cases exemplify not only the politics of data privacy but also the politics of extraterritorial regulation. A welcome and timely collection uncovering the evolution of and prospects for the politics of data privacy in the digitalized and interconnected world.

Discusses the evolution of WHOIS and how policy changes will affect WHOIS place in IT today and in the future This book provides a comprehensive overview of WHOIS. The text begins with an introduction to WHOIS and an in-depth coverage of its forty-year history. Afterwards it examines how to use WHOIS and how WHOIS fits in the overall structure of the Domain Name System (DNS). Other technical topics covered include WHOIS query code and WHOIS server details. The book also discusses current policy developments and implementations, reviews critical policy documents, and explains how they will affect the future of the Internet and WHOIS. Additional resources and content updates will be provided through a supplementary website. * Includes an appendix with information on current and authoritative WHOIS services around the world * Provides illustrations of actual WHOIS records and screenshots of web-based WHOIS query interfaces with instructions for navigating them * Explains network dependencies and processes related to WHOIS utilizing flowcharts * Contains advanced coding for programmers * Visit the book's companion website http://whois.knujon.com for technical and policy documents concerning WHOIS, WHOIS code examples, internet locations for WHOIS databases and more. WHOIS Running the Internet: Protocol, Policy, and Privacy is written primarily for internet developers, policy developers, industry professionals in law enforcement, digital forensic investigators, and intellectual property attorneys. Garth O. Bruen is an Internet policy and security researcher whose work has been published in the Wall Street Journal and the Washington Post. Since 2012 Garth Bruen has served as the North American At-Large Chair to the Internet Corporation of Assigned Names and Numbers (ICANN). In 2003 Bruen created KnujOn.com with his late father, Dr. Robert Bruen, to process and investigate Internet abuse complaints (SPAM) from consumers. Bruen has trained and advised law enforcement at the federal and local levels on malicious use of the Domain Name System in the way it relates to the WHOIS record system. He has presented multiple times to the High Technology Crime Investigation Association (HTCIA) as well as other cybercrime venues including the Anti-Phishing Working Group (APWG) and the National Center for Justice and the Rule of Law at The University of Mississippi School of Law. Bruen also teaches the Fisher College Criminal Justice School in Boston where he develops new approaches to digital crime.

A collection of best practices and effective implementation recommendations that are proven to work, Secure, Resilient, and Agile Software Development leaves the boring details of software security theory out of the discussion as much as possible to concentrate on practical applied software security for practical people. Written to aid your career as well as your organization, the book shows how to gain skills in secure and resilient software development and related tasks. The book explains how to integrate these development skills into your daily duties, thereby increasing your professional value to your company, your management, your community, and your industry. Secure, Resilient, and Agile Software Development was written for the following professionals: AppSec architects and program managers in information security organizations Enterprise architecture teams with application development focus Scrum teams DevOps teams Product owners and their managers Project managers Application security auditors With a detailed look at Agile and Scrum software development methodologies, this book explains how security controls need to change in light of an entirely new paradigm on how software is developed. It focuses on ways to educate everyone who has a hand in any software development project with appropriate and practical skills to Build Security In. After covering foundational and fundamental principles for secure application design, this book dives into concepts, techniques, and design goals to meet well-understood acceptance criteria on features an application must implement. It also explains how the design sprint is adapted for proper consideration of security as well as defensive programming techniques. The book concludes with a look at white box application analysis and sprint-based activities to improve the security and quality of software under development.