Information Security Practice and Experience Third International Conference, ISPEC 2007, Hong Kong, China, May 7-9, 2007, Proceedings

The third international conference on Information Security Practice and - perience (ISPEC 2007) was held in Hong Kong, China, May 7 – 9, 2007. The conference was organized and sponsored by City University of Hong Kong. As applications of information security technologies become pervasive, - sues pertaining to their deployment and operation are becoming increasingly important. ISPEC is an annual conference that brings together researchers and practitioners to provide a con?uence of new information security technologies, their applications and their integration with IT systems in various vertical s- tors. In 2005 and 2006,the ?rst and second conferences were held successfully in Singapore and Hangzhou, China, respectively. The conference proceedings were published by Springer in the Lecture Notes in Computer Science series. The Program Committee received 135 submissions, and accepted 24 papers for presentation. The ?nal versions of the accepted papers, which the authors ?nalized on the basis of comments from the reviewers, are included in the p- ceedings.The entire reviewing process tooknine weeks,eachpaper was carefully evaluated by at least three members from the ProgramCommittee. The indiv- ual reviewing phase was followed by a Web-based discussion. Papers over which the reviewers signi?cantly disagreed were further reviewed by external experts. Based on the comments and scores given by reviewers, the ?nal decisions on acceptance were made. We appreciate the hard work of the members of the P- gram Committee and external referees, who gave many hours of their valuable time.

Invited Talks.- Application Security – Myth Or Reality?.- Tools and Technology for Computer Forensics: Research and Development in Hong Kong (Invited Paper).- Cryptanalysis.- A Linear Analysis of Blowfish and Khufu.- Related-Key Rectangle Attack on 43-Round SHACAL-2.- On the Ability of AES S-Boxes to Secure Against Correlation Power Analysis.- Signatures.- A Sanitizable Signature Scheme with Aggregation.- A Novel Verifiably Encrypted Signature Scheme Without Random Oracle.- Certificate Based (Linkable) Ring Signature.- An Efficient ID-Based Verifiably Encrypted Signature Scheme Based on Hess’s Scheme.- On the Sequentiality of Three Optimal Structured Multisignature Schemes.- Network Security and Security Management.- Secure Feedback Service in Wireless Sensor Networks.- An Economical Model for the Risk Evaluation of DoS Vulnerabilities in Cryptography Protocols.- Practical Uses of Virtual Machines for Protection of Sensitive User Data.- Formalization of RBAC Policy with Object Class Hierarchy.- Privacy and Applications.- Privacy-Preserving Credentials Upon Trusted Computing Augmented Servers.- Two-Party Privacy-Preserving Agglomerative Document Clustering.- Efficient Bid Validity Check in ElGamal-Based Sealed-Bid E-Auction.- Cryptographic Algorithms and Implementations.- How to Prevent DPA and Fault Attack in a Unified Way for ECC Scalar Multiplication – Ring Extension Method.- Secure Signed Radix-r Recoding Methods for Constrained-Embedded Devices.- Some Efficient Algorithms for the Final Exponentiation of ? T Pairing.- Towards Minimizing Memory Requirement for Implementation of Hyperelliptic Curve Cryptosystems.- Authentication and Key Management.- Achieving End-to-End Authentication in Intermediary-Enabled Multimedia Delivery Systems.- Scalable Group KeyManagement Protocol Based on Key Material Transmitting Tree.- A Time-Based Key Management Protocol for Wireless Sensor Networks.- Cryptosystems.- Identity-Based Threshold Decryption Revisited.- Visual Cryptography Schemes with Dihedral Group Access Structure for Many Images.