Bücher der Reihe Security and Cryptology

The RSA Conference is the largest regularly-staged computer security event, with over 350 vendors and many thousands of attendees. The Cryptographers' Track (CT-RSA) is a research conference within the RSA Conference. CT-RSA began in 2001, and has become one of the major established venues for presenting cryptographic research papers to a wide variety of audiences. CT-RSA 2008 was held in San Francisco, California from April 8 to April 11. The proceedings of CT-RSA 2008 contain 26 papers selected from 95 subm- sions pertaining to all aspects of cryptography. Each submission was reviewed by at least three reviewers, which was made possible by the hard work of 27 P- gram Committee members and many external reviewers listed on the following pages. The papers were selected following a detailed online discussion among the Program Committee members. The program included an invited talk by Sha? Goldwasser. The current proceedings include a short abstract of her talk. I would like to express my deep gratitude to the Program Committee m- bers, who volunteered their expertise and hard work over several months, as well as to the external reviewers. Special thanks to Shai Halevi for providing and maintaining the Web review system used for paper submission, reviewing, and ?nal-version preparation. Finally, I would like to thank Burt Kaliski and Ari Juels of RSA Laboratories, as well as the RSA conference team, especially Bree LaBollita, for their assistance throughout the process.

With the rapid development of information technologies and the transition to next-generation networks, computer systems and in particular embedded s- tems are becoming more and more mobile and ubiquitous. They also strongly interact with the physical world. Ensuring the security of these complex and resource-constrained systems is a really challenging research topic. Therefore this Workshop in Information Security Theory and Practices was organized to bring together researchers and practitioners in related areas, and to encourage cooperation between the research and the industrial communities. This was the second edition of WISTP, after the ?rst event in Heraklion, Greece, in 2007. This year again we had a signi?cant number of high-quality submissions coming from many di?erent countries. These submissions re?ected the major topics of the conference, i. e. , smart devices, convergence, and ne- generation networks. Submissions were reviewed by at least three reviewers, in most cases by four, and at least by ?ve for the papers involving Program C- mittee members. This long and rigorousprocess could be achievedthanks to the hard work of the Program Committee members and additional reviewers, listed in the following pages. This led to the selection of high-quality papers that made up the workshop program and are published in these proceedings. A number of posters and short papers were also selected for presentation at the conference. The process was very selective and we would like to thank all those authors who submitted contributions that could not be selected.

This book constitutes the refereed proceedings of the 9th International Conference on Cryptology in India, INDOCRYPT 2008, held in Kharagpur, India, in December 2008.The 33 revised full papers were carefully reviewed and selected from 111 submissions. The papers are organized in topical sections on stream ciphers, cryptographic hash functions, public-key cryptography, security protocols, hardware attacks, block ciphers, cryptographic hardware, elliptic curve cryptography, and threshold cryptography.

TCC 2009, the 6th Theory of Cryptography Conference, was held in San Fr- cisco, CA, USA, March 15-17, 2009. TCC 2009 was sponsored by the Inter- tional Association for Cryptologic Research (IACR) and was organized in - operation with the Applied Crypto Group at Stanford University. The General Chair of the conference was Dan Boneh. The conference received 109 submissions, of which the Program Comm- tee selected 33 for presentation at the conference. These proceedings consist of revised versions of those 33 papers. The revisions were not reviewed, and the authors bear full responsibility for the contents of their papers. The conference program also included two invited talks: "e;The Di?erential Privacy Frontier,"e; given by Cynthia Dwork and "e;Some Recent Progress in Lattice-Based Crypt- raphy,"e; given by Chris Peikert. I thank the Steering Committee of TCC for entrusting me with the resp- sibility for the TCC 2009 program. I thank the authors of submitted papers for their contributions. The general impression of the Program Committee is that the submissions were of very high quality, and there were many more papers we wanted to accept than we could. The review process was therefore very - warding but the selection was very delicate and challenging. I am grateful for the dedication, thoroughness,and expertise ofthe ProgramCommittee. Obse- ing the way the members of the committee operated makes me as con?dent as possible of the outcome of our selection process.

Welcome to the Third International Conference on Information Security and Ass- ance (ISA 2009). ISA 2009 was the most comprehensive conference focused on the various aspects of advances in information security and assurance. The concept of security and assurance is emerging rapidly as an exciting new paradigm to provide reliable and safe life services. Our conference provides a chance for academic and industry professionals to discuss recent progress in the area of communication and networking including modeling, simulation and novel applications associated with the utilization and acceptance of computing devices and systems. ISA 2009 was a succ- sor of the First International Workshop on Information Assurance in Networks (IAN 2007, Jeju-island, Korea, December, 2007), and the Second International Conference on Information Security and Assurance (ISA 2008, Busan, Korea, April 2008). The goal of this conference is to bring together researchers from academia and industry as well as practitioners to share ideas, problems and solutions relating to the multifaceted aspects of information technology. ISA 2009 contained research papers submitted by researchers from all over the world. In order to guarantee high-quality proceedings, we put extensive effort into reviewing the papers. All submissions were peer reviewed by at least three Program Committee members as well as external reviewers. As the quality of the submissions was quite high, it was extremely difficult to select the papers for oral presentation and publication in the proceedings of the conference.

This book constitutes the refereed proceedings of the 12th International Conference on Information Security Conference, ISC 2009, held in Pisa, Italy, September 7-9, 2009.The 29 revised full papers and 9 revised short papers presented were carefully reviewed and selected from 105 submissions. The papers are organized in topical sections on analysis techniques, hash functions, database security and biometrics, algebraic attacks and proxy re-encryption, distributed system security, identity management and authentication, applied cryptography, access control, MAC and nonces, and P2P and Web services.

The present volume contains the proceedings of the 5th International Workshop on Formal Aspects in Security and Trust (FAST 2008), held in Malaga, Spain, October 9-10, 2008. FAST is an event a?liated with the 13th European Sym- sium on Research in Computer Security (ESORICS 2008). FAST 2008 was held under the auspices of the IFIP WG 1.7 on Foundations of Security Analysis and Design. The 5th International Workshop on Formal Aspects in Security and Trust (FAST 2008) aimed at continuing the successful e?ort of the previous three FAST workshop editions for fostering the cooperation among researchers in the areas of security and trust. As computing and network infrastructures become increasingly pervasive, and as they carry increasing economic activity, society needs well-matched security and trust mechanisms. These interactions incre- ingly span several enterprises and involve loosely structured communities of - dividuals. Participants in these activities must control interactions with their partners based on trust policies and business logic. Trust-based decisions - fectively determine the security goals for shared information and for access to sensitive or valuable resources. FAST sought for original papers focusing on formal aspects in: security and trust policy models; security protocol design and analysis; formal models of trustand reputation;logicsfor security andtrust;distributed trust management systems;trust-basedreasoning;digitalassetsprotection;dataprotection;privacy and ID issues; information ?ow analysis; language-based security; security and trust aspects in ubiquitous computing; validation/analysis tools; Web service security/trust/privacy; GRID security; security risk assessment; case studies.

The past decade has seen tremendous growth in the demand for biometrics and data security technologies in applications ranging from law enforcement and immigration control to online security. The benefits of biometrics technologies are apparent as they become important technologies for information security of governments, business enterprises, and individuals. At the same time, however, the use of biometrics has raised concerns as to issues of ethics, privacy, and the policy implications of its wi- spread use. The large-scale deployment of biometrics technologies in e-governance, e-security, and e-commerce has required that we launch an international dialogue on these issues, a dialogue that must involve key stakeholders and that must consider the legal, poli- cal, philosophical and cultural aspects of the deployment of biometrics technologies. The Third International Conference on Ethics and Policy of Biometrics and Inter- tional Data Sharing was highly successful in facilitating such interaction among - searchers, policymakers, consumers, and privacy groups. This conference was supported and funded as part of the RISE project in its ongoing effort to develop wide consensus and policy recommendations on ethical, medical, legal, social, cultural, and political concerns in the usage of biometrics and data security technologies. The - tential concerns over the deployment of biometrics systems can be jointly addressed by developing smart biometrics technologies and by developing policies for the - ployment of biometrics technologies that clearly demarcate conflicts of interest - tween stakeholders.