Information Security and Privacy

ACISP2001,theSixthAustralasianConferenceonInformationSecurityandP- vacy,washeldinSydney,Australia. TheconferencewassponsoredbyInfor- tionandNetworkedSystemSecurityResearch(INSSR),MacquarieUniversity, theAustralianComputerSociety,andtheUniversityofWesternSydney. Iam gratefultoalltheseorganizationsfortheirsupportoftheconference. Theaimofthisconferencewastodrawtogetherresearchers,designers,and usersofinformationsecuritysystemsandtechnologies. Theconferenceprogram addressedarangeofaspectsfromsystemandnetworksecuritytosecureInternet applicationstocryptographyandcryptanalysis. Thisyeartheprogramcomm- teeinvitedtwointernationalkeynotespeakersDr. YacovYacobifromMicrosoft Research (USA) and Dr. Cli?ord Neumann from the University of Southern California(USA). Dr. Yacobi stalkaddressedtheissuesoftrust,privacy,and anti-piracyinelectroniccommerce. Dr. Neumann saddresswasconcernedwith authorizationpolicyissuesandtheirenforcementinapplications. Theconferencereceived91papersfromAmerica,Asia,Australia,and- rope. The program committee accepted 38 papers and these were presented insome9sessionscoveringsystemsecurity,networksecurity,trustandaccess control,Authentication,cryptography,cryptanalysis,DigitalSignatures,Elliptic CurveBasedTechniques,andSecretSharingandThresholdSchemes. Thisyear theacceptedpaperscamefromarangeofcountries,including7fromAustralia, 8fromKorea,7fromJapan,3fromUK,3fromGermany,3fromUSA,2from Singapore,2fromCanadaand1fromBelgium,Estonia,andTaiwan. Organizingaconferencesuchasthisoneisatime-consumingtaskandIwould liketothankallthepeoplewhoworkedhardtomakethisconferenceasuccess. Inparticular,IwouldliketothankProgramCo-chairYiMuforhistirelesswork andthemembersoftheprogramcommitteeforputtingtogetheranexcellent program,andallthesessionchairsandspeakersfortheirtimeande?ort. Special thanks to Yi Mu, Laura Olsen, Rajan Shankaran, and Michael Hitchens for theirhelpwithlocalorganizationdetails. Finally,Iwouldliketothankallthe authorswhosubmittedpapersandalltheparticipantsofACISP2001. Ihope thattheprofessionalcontactsmadeatthisconference,thepresentations,and theproceedingshaveo?eredyouinsightsandideasthatyoucanapplytoyour owne?ortsinsecurityandprivacy. July2001 VijayVaradharajan AUSTRALASIANCONFERENCEON INFORMATIONSECURITYANDPRIVACY ACISP2001 Sponsoredby MacquarieUniversity AustralianComputerSociety General Chair: VijayVaradharajan MacquarieUniversity,Australia Program Chairs: VijayVaradharajan MacquarieUniversity,Australia YiMu MacquarieUniversity,Australia Program Committee: RossAnderson CambridgeUniversity,UK ColinBoyd QueenslandUniversityofTechnology,Australia EdDawson QueenslandUniversityofTechnology,Australia YvoDesmedt FloridaStateUniversity,USA PaulEngland Microsoft YairFrankel ColumbiaUniversity,USA AjoyGhosh UNISYS,Australia DieterGollman Microsoft JohnGordon ConceptLabs,UK KwangjoKim ICU,Korea ChuchangLiu DSTO,Australia MasahiroMambo TohokuUniversity,Japan WenboMao Hewlett-PackardLab. ,UK ChrisMitchell LondonUniversity,UK EijiOkamoto UniversityofWisconsin,USA JoePato Hewlett-PackardLab. ,USA JosefPieprzyk MacquarieUniversity,Australia BartPreneel KatholiekeUniversity,Belgium SteveRoberts WithamPtyLtd,Australia QingSihan AcademyofScience,China ReiSafavi-Naini UniversityofWollongong,Australia JenniferSeberry UniversityofWollongong,Australia YuliangZheng MonashUniversity,Australia TableofContents AFewThoughtsonE-Commerce. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 YacovYacobi NewCBC-MACForgeryAttacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 KarlBrincat,ChrisJ. Mitchell CryptanalysisofaPublicKeyCryptosystemProposedatACISP2000. . . . 15 AmrYoussef,GuangGong ImprovedCryptanalysisoftheSelf-ShrinkingGenerator . . . . . . . . . . . . . . . . 21 ErikZenner,MatthiasKrause,StefanLucks AttacksBasedonSmallFactorsinVariousGroupStructures . . . . . . . . . . . . 36 ChrisPavlovski,ColinBoyd OnClassifyingConferenceKeyDistributionProtocols. . . . . . . . . . . . . . . . . . 51 Sha

Includes supplementary material: sn.pub/extras

Klappentext

program,andallthesessionchairsandspeakersfortheirtimeande?ort. Special thanks to Yi Mu, Laura Olsen, Rajan Shankaran, and Michael Hitchens for theirhelpwithlocalorganizationdetails. Finally,Iwouldliketothankallthe authorswhosubmittedpapersandalltheparticipantsofACISP2001. Ihope thattheprofessionalcontactsmadeatthisconference,thepresentations,and theproceedingshaveo?eredyouinsightsandideasthatyoucanapplytoyour owne?ortsinsecurityandprivacy. July2001 VijayVaradharajan AUSTRALASIANCONFERENCEON INFORMATIONSECURITYANDPRIVACY ACISP2001 Sponsoredby MacquarieUniversity AustralianComputerSociety General Chair: VijayVaradharajan MacquarieUniversity,Australia Program Chairs: VijayVaradharajan MacquarieUniversity,Australia YiMu MacquarieUniversity,Australia Program Committee: RossAnderson CambridgeUniversity,UK ColinBoyd QueenslandUniversityofTechnology,Australia EdDawson QueenslandUniversityofTechnology,Australia YvoDesmedt FloridaStateUniversity,USA PaulEngland Microsoft YairFrankel ColumbiaUniversity,USA AjoyGhosh UNISYS,Australia DieterGollman Microsoft JohnGordon ConceptLabs,UK KwangjoKim ICU,Korea ChuchangLiu DSTO,Australia MasahiroMambo TohokuUniversity,Japan WenboMao Hewlett-PackardLab. ,UK ChrisMitchell LondonUniversity,UK EijiOkamoto UniversityofWisconsin,USA JoePato Hewlett-PackardLab. ,USA JosefPieprzyk MacquarieUniversity,Australia BartPreneel KatholiekeUniversity,Belgium SteveRoberts WithamPtyLtd,Australia QingSihan AcademyofScience,China ReiSafavi-Naini UniversityofWollongong,Australia JenniferSeberry UniversityofWollongong,Australia YuliangZheng MonashUniversity,Australia TableofContents AFewThoughtsonE-Commerce. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 YacovYacobi NewCBC-MACForgeryAttacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 KarlBrincat,ChrisJ. Mitchell CryptanalysisofaPublicKeyCryptosystemProposedatACISP2000. . . . 15 AmrYoussef,GuangGong ImprovedCryptanalysisoftheSelf-ShrinkingGenerat

Inhalt
A Few Thoughts on E-Commerce.- New CBC-MAC Forgery Attacks.- Cryptanalysis of a Public Key Cryptosystem Proposed at ACISP 2000.- Improved Cryptanalysis of the Self-Shrinking Generator.- Attacks Based on Small Factors in Various Group Structures.- On Classifying Conference Key Distribution Protocols.- Pseudorandomness of MISTY-Type Transformations and the Block Cipher KASUMI.- New Public-Key Cryptosystem Using Divisor Class Groups.- First Implementation of Cryptographic Protocols Based on Algebraic Number Fields.- Practical Key Recovery Schemes.- Non-deterministic Processors.- Personal Secure Booting.- Evaluation of Tamper-Resistant Software Deviating from Structured Programming Rules.- A Strategy for MLS Workflow.- Condition-Driven Integration of Security Services.- SKETHIC: Secure Kernel Extension against Trojan Horses with Informat ion-Carrying Codes.- Secure and Private Distribution of Online Video and Some Related Cryptographic Issues.- Private Information Retrieval Based on the Subgroup Membership Problem.- A Practical English Auction with One-Time Registration.- A User Authentication Scheme with Identity and Location Privacy.- An End-to-End Authentication Protocol in Wireless Application Protocol.- Error Detection and Authentication in Quantum Key Distribution.- An Axiomatic Basis for Reasoning about Trust in PKIs.- A Knowledge-Based Approach to Internet Authorizations.- Applications of Trusted Review to Information Security.- Network Security Modeling and Cyber Attack Simulation Methodology.- Cryptographic Salt: A Countermeasure against Denial-of-Service Attacks.- Enhanced Modes of Operation for the Encryption in High-Speed Networks and Their Impact on QoS.- Improving the Availability of Time-Stamping Services.- Randomness Required for Linear Threshold Sharing Schemes Defined over Any Finite Abelian Group.- Democratic Systems.- Efficient and Unconditionally Secure Verifiabl…