Information security and privacy : 6th Australasian Conference, ACISP 2001, Sydney, Australia, July 11-13, 2001 : proceedings

ACISP2001,theSixthAustralasianConferenceonInformationSecurityandP- vacy,washeldinSydney,Australia. TheconferencewassponsoredbyInfor- tionandNetworkedSystemSecurityResearch(INSSR),MacquarieUniversity, theAustralianComputerSociety,andtheUniversityofWesternSydney. Iam gratefultoalltheseorganizationsfortheirsupportoftheconference. Theaimofthisconferencewastodrawtogetherresearchers,designers,and usersofinformationsecuritysystemsandtechnologies. Theconferenceprogram addressedarangeofaspectsfromsystemandnetworksecuritytosecureInternet applicationstocryptographyandcryptanalysis. Thisyeartheprogramcomm- teeinvitedtwointernationalkeynotespeakersDr. YacovYacobifromMicrosoft Research (USA) and Dr. Cli?ord Neumann from the University of Southern California(USA). Dr. Yacobi'stalkaddressedtheissuesoftrust,privacy,and anti-piracyinelectroniccommerce. Dr. Neumann'ACISP2001,theSixthAustralasianConferenceonInformationSecurityandP- vacy,washeldinSydney,Australia. TheconferencewassponsoredbyInfor- tionandNetworkedSystemSecurityResearch(INSSR),MacquarieUniversity, theAustralianComputerSociety,andtheUniversityofWesternSydney. Iam gratefultoalltheseorganizationsfortheirsupportoftheconference. Theaimofthisconferencewastodrawtogetherresearchers,designers,and usersofinformationsecuritysystemsandtechnologies. Theconferenceprogram addressedarangeofaspectsfromsystemandnetworksecuritytosecureInternet applicationstocryptographyandcryptanalysis. Thisyeartheprogramcomm- teeinvitedtwointernationalkeynotespeakersDr. YacovYacobifromMicrosoft Research (USA) and Dr. Cli?ord Neumann from the University of Southern California(USA). Dr. Yacobi'stalkaddressedtheissuesoftrust,privacy,and anti-piracyinelectroniccommerce. Dr. Neumann'saddresswasconcernedwith authorizationpolicyissuesandtheirenforcementinapplications. Theconferencereceived91papersfromAmerica,Asia,Australia,and- rope. The program committee accepted 38 papers and these were presented insome9sessionscoveringsystemsecurity,networksecurity,trustandaccess control,Authentication,cryptography,cryptanalysis,DigitalSignatures,Elliptic CurveBasedTechniques,andSecretSharingandThresholdSchemes. Thisyear theacceptedpaperscamefromarangeofcountries,including7fromAustralia, 8fromKorea,7fromJapan,3fromUK,3fromGermany,3fromUSA,2from Singapore,2fromCanadaand1fromBelgium,Estonia,andTaiwan. Organizingaconferencesuchasthisoneisatime-consumingtaskandIwould liketothankallthepeoplewhoworkedhardtomakethisconferenceasuccess. Inparticular,IwouldliketothankProgramCo-chairYiMuforhistirelesswork andthemembersoftheprogramcommitteeforputtingtogetheranexcellent program,andallthesessionchairsandspeakersfortheirtimeande?ort. Special thanks to Yi Mu, Laura Olsen, Rajan Shankaran, and Michael Hitchens for theirhelpwithlocalorganizationdetails. Finally,Iwouldliketothankallthe authorswhosubmittedpapersandalltheparticipantsofACISP2001. Ihope thattheprofessionalcontactsmadeatthisconference,thepresentations,and theproceedingshaveo?eredyouinsightsandideasthatyoucanapplytoyour owne?ortsinsecurityandprivacy. July2001 VijayVaradharajan AUSTRALASIANCONFERENCEON INFORMATIONSECURITYANDPRIVACY ACISP2001 Sponsoredby MacquarieUniversity AustralianComputerSociety General Chair: VijayVaradharajan MacquarieUniversity,Australia Program Chairs: VijayVaradharajan MacquarieUniversity,Australia YiMu MacquarieUniversity,Australia Program Committee: RossAnderson CambridgeUniversity,UK ColinBoyd QueenslandUniversityofTechnology,Australia EdDawson QueenslandUniversityofTechnology,Australia YvoDesmedt FloridaStateUniversity,USA PaulEngland Microsoft YairFrankel ColumbiaUniversity,USA AjoyGhosh UNISYS,Australia DieterGollman Microsoft JohnGordon ConceptLabs,UK KwangjoKim ICU,Korea ChuchangLiu DSTO,Australia MasahiroMambo TohokuUniversity,Japan WenboMao Hewlett-PackardLab. ,UK ChrisMitchell LondonUniversity,UK EijiOkamoto UniversityofWisconsin,USA JoePato Hewlett-PackardLab. ,USA JosefPieprzyk MacquarieUniversity,Australia BartPreneel KatholiekeUniversity,Belgium SteveRoberts WithamPtyLtd,Australia QingSihan AcademyofScience,China ReiSafavi-Naini UniversityofWollongong,Australia JenniferSeberry UniversityofWollongong,Australia YuliangZheng MonashUniversity,Australia TableofContents AFewThoughtsonE-Commerce...1 YacovYacobi NewCBC-MACForgeryAttacks...3 KarlBrincat,ChrisJ. Mitchell CryptanalysisofaPublicKeyCryptosystemProposedatACISP2000...15 AmrYoussef,GuangGong ImprovedCryptanalysisoftheSelf-ShrinkingGenerator ...21 ErikZenner,MatthiasKrause,StefanLucks AttacksBasedonSmallFactorsinVariousGroupStructures ...36 ChrisPavlovski,ColinBoyd OnClassifyingConferenceKeyDistributionProtocols...51 ShahrokhSaeednia,ReiSafavi-Naini,WillySusilo PseudorandomnessofMISTY-TypeTransformationsandtheBlockCipher KASUMI ...60 Ju-SungKang,OkyeonYi,DowonHong,HyunsookCho NewPublic-KeyCryptosystemUsingDivisorClassGroups...74 HwankooKim,SangJaeMoon FirstImplementationofCryptographicProtocolsBasedonAlgebraic NumberFields...84 AndreasMeyer,StefanNeis,ThomasPfahler PracticalKeyRecoverySchemes...104 Sung-MingYen Non-deterministicProcessors...115 DavidMay,HenkL. Muller,NigelP. Smart PersonalSecureBooting...130 NaomaruItoi,WilliamA. Arbaugh,SamuelaJ. Pollack, DanielM. Reeves EvaluationofTamper-ResistantSoftwareDeviatingfromStructured ProgrammingRules...145 HideakiGoto,MasahiroMambo,HirokiShizuya,YasuyoshiWatanabe AStrategyforMLSWork?ow...1 59 VladIngarWietrzyk,MakotoTakizawa,VijayVaradharajan X TableofContents Condition-DrivenIntegrationofSecurityServices ...176 Cli?ordNeumann SKETHIC:SecureKernelExtensionagainstTrojanHorseswith Information-CarryingCodes...177 Eun-SunCho,SunhoHong,SechangOh,Hong-JinYeh,ManpyoHong, Cheol-WonLee,HyundongPark,Chun-SikPark SecureandPrivateDistributionofOnlineVideoandSomeRelated CryptographicIssues...190 FengBao,RobertDeng,PeirongFeng,YanGuo,HongjunWu PrivateInformationRetrievalBasedontheSubgroupMembership Problem...206 AkihiroYamamura,TaiichiSaito APracticalEnglishAuctionwithOne-TimeRegistration ...221 KazumasaOmote,AtsukoMiyaji AUserAuthenticationSchemewithIdentityandLocationPrivacy...235 ShouichiHirose,SusumuYoshida AnEnd-to-EndAuthenticationProtocolinWirelessApplicationProtocol. 247 Jong-PhilYang,WeonShin,Kyung-HyuneRhee ErrorDetectionandAuthenticationinQuantumKeyDistribution ...260 AkihiroYamamura,HirokazuIshizuka AnAxiomaticBasisforReasoningaboutTrustinPKIs...274 ChuchangLiu,MarisOzols,TonyCant AKnowledge-BasedApproachtoInternetAuthorizations...292 AlongLin ApplicationsofTrustedReviewtoInformationSecurity...3 05 JohnYesberg,MarieHenderson NetworkSecurityModelingandCyberAttackSimulationMethodology...320 Sung-DoChi,JongSouPark,Ki-ChanJung,Jang-SeLee CryptographicSalt:ACountermeasureagainstDenial-of-ServiceAttacks. . 334 DongGookPark,JungJoonKim,ColinBoyd,EdDawson EnhancedModesofOperationfortheEncryptioninHigh-SpeedNetworks andTheirImpactonQoS...

A Few Thoughts on E-Commerce.- New CBC-MAC Forgery Attacks.- Cryptanalysis of a Public Key Cryptosystem Proposed at ACISP 2000.- Improved Cryptanalysis of the Self-Shrinking Generator.- Attacks Based on Small Factors in Various Group Structures.- On Classifying Conference Key Distribution Protocols.- Pseudorandomness of MISTY-Type Transformations and the Block Cipher KASUMI.- New Public-Key Cryptosystem Using Divisor Class Groups.- First Implementation of Cryptographic Protocols Based on Algebraic Number Fields.- Practical Key Recovery Schemes.- Non-deterministic Processors.- Personal Secure Booting.- Evaluation of Tamper-Resistant Software Deviating from Structured Programming Rules.- A Strategy for MLS Workflow.- Condition-Driven Integration of Security Services.- SKETHIC: Secure Kernel Extension against Trojan Horses with Informat ion-Carrying Codes.- Secure and Private Distribution of Online Video and Some Related Cryptographic Issues.- Private Information Retrieval Based on the Subgroup Membership Problem.- A Practical English Auction with One-Time Registration.- A User Authentication Scheme with Identity and Location Privacy.- An End-to-End Authentication Protocol in Wireless Application Protocol.- Error Detection and Authentication in Quantum Key Distribution.- An Axiomatic Basis for Reasoning about Trust in PKIs.- A Knowledge-Based Approach to Internet Authorizations.- Applications of Trusted Review to Information Security.- Network Security Modeling and Cyber Attack Simulation Methodology.- Cryptographic Salt: A Countermeasure against Denial-of-Service Attacks.- Enhanced Modes of Operation for the Encryption in High-Speed Networks and Their Impact on QoS.- Improving the Availability of Time-Stamping Services.- Randomness Required for Linear Threshold Sharing Schemes Defined over Any Finite Abelian Group.- Democratic Systems.- Efficient and Unconditionally Secure Verifiable Threshold Changeable Scheme.- Provably Secure Distributed Schnorr Signatures and a (t, n) Threshold Scheme for Implicit Certificates.- How to Construct Fail-Stop Confirmer Signature Schemes.- Signature Schemes Based on 3rd Order Shift Registers.- Anonymous Statistical Survey of Attributes.- Secure Mobile Agent Using Strong Non-designated Proxy Signature.- Elliptic Curve Based Password Authenticated Key Exchange Protocols.- Elliptic Curve Cryptography on a Palm OS Device.- Reducing Certain Elliptic Curve Discrete Logarithms to Logarithms in a Finite Field.