Information Security Practice and Experience 5th International Conference, ISPEC 2009 Xi'an, China, April 13-15, 2009 Proceedings

The 5th International Conference on Information Security Practice and Expe- ence (ISPEC 2009) was held in Xi’an, China, April 13–15, 2009. The ISPEC conference series is an established forum that brings together - searchers and practitioners to provide a con?uence of new information security technologies, including their applications and their integration with IT systems in various vertical sectors. In previous years, ISPEC has taken place in Sin- pore (2005), Hangzhou, China (2006), Hong Kong, China (2007), and Sydney, Australia (2008). For all sessions, as this one, the conference proceedings were published by Springer in the Lecture Notes in Computer Science series. In total, 147 papers from 26 countries were submitted to ISPEC 2009, and 34 were ?nally selected for inclusion in the proceedings (acceptance rate 23%). The accepted papers cover multiple topics of information security and applied cryptography. Each submission was anonymously reviewed by at least three - viewers. We are grateful to the Program Committee, which was composed of more than 40 well-known security experts from 15 countries; we heartily thank them as well as all external reviewers for their time and valued contributions to the tough and time-consuming reviewing process. Inadditiontothe regularpaperpresentations,the programalsofeaturedfour invited talks by Yupu Hu, from Xidian University, China; Youki Kadobayashi, from Nara Institute of Science and Technology, Japan; Mark Ryan, from the University of Birmingham, UK; and Gene Tsudik, from the University of C- ifornia at Irvine, USA. We are grateful to them for accepting our invitation to speak at the conference.

Public Key Encryption.- Efficient and Provable Secure Ciphertext-Policy Attribute-Based Encryption Schemes.- A Ciphertext-Policy Attribute-Based Encryption Scheme with Constant Ciphertext Length.- RSA-Based Certificateless Public Key Encryption.- Digital Signatures.- Strongly Unforgeable ID-Based Signatures without Random Oracles.- On the Security of a Certificate-Based Signature Scheme and Its Improvement with Pairings.- System Security.- An Empirical Investigation into the Security of Phone Features in SIP-Based VoIP Systems.- Reconstructing a Packed DLL Binary for Static Analysis.- Static Analysis of a Class of Memory Leaks in TrustedBSD MAC Framework.- Applied Cryptography.- Efficient Concurrent n poly(logn)-Simulatable Argument of Knowledge.- New Constructions for Reusable, Non-erasure and Universally Composable Commitments.- Certificateless Hybrid Signcryption.- On Non-representable Secret Sharing Matroids.- Multimedia Security and DRM.- A Novel Adaptive Watermarking Scheme Based on Human Visual System and Particle Swarm Optimization.- Defending against the Pirate Evolution Attack.- Security Specification for Conversion Technologies of Heterogeneous DRM Systems.- Security Protocols.- Analysing Protocol Implementations.- Measuring Anonymity.- A Hybrid E-Voting Scheme.- Key Exchange and Management.- A Framework for Authenticated Key Exchange in the Standard Model.- Secret Handshake: Strong Anonymity Definition and Construction.- An Extended Authentication and Key Agreement Protocol of UMTS.- Hash-Based Key Management Schemes for MPEG4-FGS.- Hash Functions and MACs.- Twister – A Framework for Secure and Fast Hash Functions.- Preimage Attack on Hash Function RIPEMD.- Full Key-Recovery Attack on the HMAC/NMAC Based on 3 and 4-Pass HAVAL.- Cryptanalysis.- Memoryless Related-Key Boomerang Attack on the Full Tiger Block Cipher.- Memoryless Related-Key Boomerang Attack on 39-Round SHACAL-2.- Some New Observations on the SMS4 Block Cipher in the Chinese WAPI Standard.- On the Correctness of an Approach against Side-Channel Attacks.- Network Security.- Ranking Attack Graphs with Graph Neural Networks.- Implementing IDS Management on Lock-Keeper.- Security Applications.- Ensuring Dual Security Modes in RFID-Enabled Supply Chain Systems.- Achieving Better Privacy Protection in Wireless Sensor Networks Using Trusted Computing.- Trusted Privacy Domains – Challenges for Trusted Computing in Privacy-Protecting Information Sharing.