This book constitutes the thoroughly refereed post-conference proceedings of the 16th International Conference on Financial Cryptography and Data Security (FC 2012), held in Kralendijk, Bonaire, February 27-March 1, 2012. The 29 revised full papers presented were carefully selected and reviewed from 88 submissions. The papers cover all aspects of securing transactions and systems, including information assurance in the context of finance and commerce.

Voice over IP (VoIP) and Internet Multimedia Subsystem technologies (IMS) are rapidly being adopted by consumers, enterprises, governments and militaries. These technologies offer higher flexibility and more features than traditional telephony (PSTN) infrastructures, as well as the potential for lower cost through equipment consolidation and, for the consumer market, new business models. However, VoIP systems also represent a higher complexity in terms of architecture, protocols and implementation, with a corresponding increase in the potential for misuse.

In this book, the authors examine the current state of affairs on VoIP security through a survey of 221 known/disclosed security vulnerabilities in bug-tracking databases. We complement this with a comprehensive survey of the state of the art in VoIP security research that covers 245 papers. Juxtaposing our findings, we identify current areas of risk and deficiencies in research focus. This book should serve as a starting point for understanding the threats and risks in a rapidly evolving set of technologies that are seeing increasing deployment and use. An additional goal is to gain a better understanding of the security landscape with respect to VoIP toward directing future research in this and other similar emerging technologies.

Software that covertly monitors user actions, also known as spyware, has become a first-level security threat due to its ubiquity and the difficulty of detecting and removing it. This is especially so for video conferencing, thin-client computing and Internet cafes.

CryptoGraphics: Exploiting Graphics Cards for Security explores the potential for implementing ciphers within GPUs, and describes the relevance of GPU-based encryption to the security of applications involving remote displays. As the processing power of GPUs increases, research involving the use of GPUs for general purpose computing has arisen. This work extends such research by considering the use of a GPU as a parallel processor for encrypting data. The authors evaluate the operations found in symmetric and asymmetric key ciphers to determine if encryption can be programmed in existing GPUs. A detailed description for a GPU based implementation of AES is provided. The feasibility of GPU-based encryption allows the authors to explore the use of a GPU as a trusted system component. Unencrypted display data can be confined to the GPU to avoid exposing it to any malware running on the operating system.

Insider Attack and Cyber Security: Beyond the Hacker defines the nature and scope of insider problems as viewed by the financial industry. This edited volume is based on the first workshop on Insider Attack and Cyber Security, IACS 2007. The workshop was a joint effort from the Information Security Departments of Columbia University and Dartmouth College.

This book sets an agenda for an ongoing research initiative to solve one of the most vexing problems encountered in security, and includes the following topics: critical IT infrastructure, insider threats, awareness and dealing with nefarious human activities in a manner that respects individual liberties and privacy policies of organizations while providing the best protection of critical resources and services. In some sense, the insider problem is the ultimate security problem. This volume concludes with technical and legal challenges facing researchers who study and propose solutions to mitigate insider attacks.

ACNS2008, the6thInternationalConferenceonAppliedCryptographyandN- work Security, was held in New York, New York, June 3-6, 2008, at Columbia University. ACNS 2008 was organized in cooperation with the International - sociation for Cryptologic Research (IACR) and the Department of Computer Science at Columbia University. The General Chairs of the conference were - gelos Keromytis and Moti Yung. The conference received 131 submissions, of which the Program Committee, chairedbyStevenBellovinandRosarioGennaro, selected 30 for presentation at the conference. The Best Student Paper Award was given to Liang Xie and Hui Song for their paper "On the E?ectiveness of Internal Patch Dissemination Against File-Sharing Worms" (co-authored with Sencun Zhu). These proceedings consist of revised versions of the presented papers. The revisions werenot reviewed.The authors bear full responsibility for the contents of their papers. Thereweremany submissionsof goodquality, and consequentlythe selection process was challenging and very competitive. Indeed, a number of good papers were not accepted due to lack of space in the program. The main considerations in selecting the program were conceptual and technical innovation and quality of presentation. As re?ected in the Call for Papers, an attempt was made to solicit and publish papers suggesting novel paradigms, original directions, or non-traditional perspectives.

Insider Attack and Cyber Security: Beyond the Hacker defines the nature and scope of insider problems as viewed by the financial industry. This edited volume is based on the first workshop on Insider Attack and Cyber Security, IACS 2007. The workshop was a joint effort from the Information Security Departments of Columbia University and Dartmouth College. This book sets an agenda for an ongoing research initiative to solve one of the most vexing problems encountered in security, and includes the following topics: critical IT infrastructure, insider threats, awareness and dealing with nefarious human activities in a manner that respects individual liberties and privacy policies of organizations while providing the best protection of critical resources and services. In some sense, the insider problem is the ultimate security problem. This volume concludes with technical and legal challenges facing researchers who study and propose solutions to mitigate insider attacks.

Software that covertly monitors user actions, also known as spyware, has become a first-level security threat due to its ubiquity and the difficulty of detecting and removing it. This is especially so for video conferencing, thin-client computing and Internet cafes.

CryptoGraphics: Exploiting Graphics Cards for Security explores the potential for implementing ciphers within GPUs, and describes the relevance of GPU-based encryption to the security of applications involving remote displays. As the processing power of GPUs increases, research involving the use of GPUs for general purpose computing has arisen. This work extends such research by considering the use of a GPU as a parallel processor for encrypting data. The authors evaluate the operations found in symmetric and asymmetric key ciphers to determine if encryption can be programmed in existing GPUs. A detailed description for a GPU based implementation of AES is provided. The feasibility of GPU-based encryption allows the authors to explore the use of a GPU as a trusted system component. Unencrypted display data can be confined to the GPU to avoid exposing it to any malware running on the operating system.

The 3rd International Conference on Applied Cryptography and Network Security (ACNS 2005) was sponsored and organized by ICISA (the International Commu- cations and Information Security Association). It was held at Columbia University in New York, USA, June 7-10, 2005. This conference proceedings volume contains papers presented in the academic/research track. ACNS covers a large number of research areas that have been gaining importance in recent years due to the development of the Internet, wireless communication and the increased global exposure of computing resources. The papers in this volume are representative of the state of the art in security and cryptography research, worldwide. The Program Committee of the conference received a total of 158 submissions from all over the world, of which 35 submissions were selected for presentation at the a- demic track. In addition to this track, the conference also hosted a technical/ industrial/ short papers track whose presentations were also carefully selected from among the submissions. All submissions were reviewed by experts in the relevant areas.

This volume presents the refereed proceedings of the 8th International ICST Conference on Security and Privacy in Communication Networks, SecureComm 2012, held in Padua, Italy, in September 2012. The 21 revised papers included in the volume were carefully reviewed and selected from 73 submissions. Topics covered include crypto and electronic money; wireless security; web security; intrusion detection and monitoring; and anonymity and privacy.