The two-volume set, LNCS 9878 and 9879 constitutes the refereed proceedings of the 21st European Symposium on Research in Computer Security, ESORICS 2016, held in Heraklion, Greece, in September 2016. The 60 revised full papers presented were carefully reviewed and selected from 285 submissions. The papers cover a wide range of topics in security and privacy, including data protection: systems security, network security, access control, authentication, and security in such emerging areas as cloud computing, cyber-physical systems, and the Internet of Things.
This book introduces readers to the tools needed to protect IT resources and communicate with security specialists when there is a security problem. The book covers a wide range of security topics including Cryptographic Technologies, Network Security, Security Management, Information Assurance, Security Applications, Computer Security, Hardware Security, and Biometrics and Forensics. It introduces the concepts, techniques, methods, approaches, and trends needed by security specialists to improve their security skills and capabilities. Further, it provides a glimpse into future directions where security techniques, policies, applications, and theories are headed. The book represents a collection of carefully selected and reviewed chapters written by diverse security experts in the listed fields and edited by prominent security researchers. Complementary slides are available for download on the book’s website at Springer.com.
This book provides a concise yet comprehensive overview of computer and Internet security, suitable for a one-term introductory course for junior/senior undergrad or first-year graduate students. It is also suitable for self-study by anyone seeking a solid footing in security – including software developers and computing professionals, technical managers and government staff. An overriding focus is on brevity, without sacrificing breadth of core topics or technical detail within them. The aim is to enable a broad understanding in roughly 350 pages. Further prioritization is supported by designating as optional selected content within this. Fundamental academic concepts are reinforced by specifics and examples, and related to applied problems and real-world incidents. The first chapter provides a gentle overview and 20 design principles for security. The ten chapters that follow provide a framework for understanding computer and Internet security. They regularly refer back to the principles, with supporting examples. These principles are the conceptual counterparts of security-related error patterns that have been recurring in software and system designs for over 50 years. The book is “elementary” in that it assumes no background in security, but unlike “soft” high-level texts it does not avoid low-level details, instead it selectively dives into fine points for exemplary topics to concretely illustrate concepts and principles. The book is rigorous in the sense of being technically sound, but avoids both mathematical proofs and lengthy source-code examples that typically make books inaccessible to general audiences. Knowledge of elementary operating system and networking concepts is helpful, but review sections summarize the essential background. For graduate students, inline exercises and supplemental references provided in per-chapter endnotes provide a bridge to further topics and a springboard to the research literature; for those in industry and government, pointers are provided to helpful surveys and relevant standards, e.g., documents from the Internet Engineering Task Force (IETF), and the U.S. National Institute of Standards and Technology.
This book comprehensively reviews searchable encryption, which represents a series of research developments that directly enable search functionality over encrypted data. The book majorly covers: 1) the design and implementation of encrypted search algorithms, data structures, and systems that facilitate various forms of search over always-encrypted databases; 2) different threat models, assumptions, and the related security guarantees, when using searchable encryption in the real-world settings; and 3) latest efforts in building full-fledged encrypted database systems that draw insights from searchable encryption constructions. The book fits in the timely context, where the necessity of safeguarding important and sensitive data has been globally recognized. Traditional security measures, such as storing data behind network firewalls and layers of access control mechanisms to keep attackers out, are no longer sufficient to cope with the expanding landscape of surging cyber threats. There is an urgent call to keep sensitive data always encrypted to protect the data at rest, in transit, and in use. Doing so guarantees data confidentiality for owners, even if the data is out of their hands, e.g., hosted at in-the-cloud databases. The daunting challenge is how to perform computation over encrypted data. As we unfold in this book, searchable encryption, as a specific line of research in this broadly defined area, has received tremendous advancements over the past decades. This book is majorly oriented toward senior undergraduates, graduate students, and researchers, who want to work in the field and need extensive coverage of encrypted database research. It also targets security practitioners who want to make well-informed deployment choices of the latest advancements in searchable encryption for their targeted applications. Hopefully, this book will be beneficial in both regards.
This book constitutes the refereed proceedings of the 7th International Conference on Mathematical Methods, Models, and Architectures for Computer Network Security, MMM-ACNS 2017, held in Warsaw, Poland, in August 2017. The 12 revised full papers, 13 revised short presentations, and 3 invited papers were carefully reviewed and selected from a total of 40 submissions. The papers are organized in topical sections on Critical Infrastructure Protection and Visualization; Security and Resilience of Network Systems; Adaptive Security; Anti-malware Techniques: Detection, Analysis, Prevention; Security of Emerging Technologies; Applied Cryptography; New Ideas and Paradigms for Security.
This book constitutes the proceedings of the 21st International Conference on Information Security, ISC 2018, held in Guildford, UK, in September 2018. The 26 full papers presented in this volume were carefully reviewed and selected from 59 submissions. The book also includes one invited talk in full-paper length. The papers were organized in topical sections named: software security; symmetric ciphers and cryptanalysis; data privacy and anonymization; outsourcing and assisted computing; advanced encryption; privacy-preserving applications; advanced signatures; and network security.
This book presents a holistic view on compiler assisted practical secure multi-party computation (MPC) over Boolean circuits. It discusses that two or more parties jointly evaluate a function over their inputs in such a way that each party keeps its input unknown to the other parties in MPC. MPC provides a generic way to construct Privacy-Enhancing Technologies, which protect sensitive data during processing steps in untrusted environments. A major obstacle in the past was to generate MPC applications by hand. Recently, special compilers have been developed to build all kinds of applications. This book also explains in detail how efficient MPC applications can be created automatically from ANSI-C, thus, bridging the areas of cryptography, compilation and hardware synthesis. It also gives an insight into the requirements for creating efficient applications for MPC and is hence of interest to not only researchers in the area of MPC but also developers realizing practical applications with MPC. For a better understanding of the complete compile chain from ANSI-C to circuits, which is the ‘machine code’ of MPC, the authors first give the necessary background information on MPC protocols, Boolean logic, and logic synthesis. Then the authors describe the various compilation steps required to translate any code into an adequate circuit description. Afterwards, the authors introduce a variety of optimization techniques for two classes of MPC protocols, namely techniques that improve the runtime of applications in constant- and multi-round MPC protocols. The authors also illustrate how efficient parallelization of MPC protocols can be achieved using the assistance of compilers. It presents the effectiveness of the proposed techniques by giving a detailed evaluation on benchmarking applications. Most of the aforementioned techniques are implemented in our open source compiler that is accompanying this book and allows to study compilation for MPC in practice.Researchers who are interested in practical secure multi-party computation (MPC), and developers who are interested in realizing MPC applications in practice will find this book useful as a reference, as well as advanced-level students in computer science.
Despite being 2000 years old, cryptography is still a very active field of research. New needs and application fields, like privacy, the Internet of Things (IoT), physically unclonable functions (PUFs), post-quantum cryptography, and quantum key distribution, will keep fueling the work in this field. This book discusses quantum cryptography, lightweight cryptography for IoT, PUFs, cryptanalysis, and more. It provides a snapshot of some recent research results in the field, providing readers with some useful tools and stimulating new ideas and applications for future investigation.
This book constitutes the refereed proceedings of the 15th International Conference on Information Security Practice and Experience, ISPEC 2019, held in Kuala Lumpur, Malaysia, in November 2019. The 21 full and 7 short papers presented in this volume were carefully reviewed and selected from 68 submissions. They were organized into the following topical sections: Cryptography I, System and Network Security, Security Protocol and Tool, Access Control and Authentication, Cryptography II, Data and User Privacy, Short Paper I, and Short Paper II.
