Information security applications : 6th international workshop, WISA 2005, Jeju Island, Korea, August 22-24, 2005 : revised selected papers

The 6th International Workshop on Information Security Applications (WISA 2005) was held on Jeju Island, Korea, during August 22-24, 2005. The workshop was sponsored by the Korea Institute of Information Security and Cryptology (KIISC), the Electronics and Telecommunications Research Institute (ETRI) and the Ministry of Information and Communication (MIC). The aim of the workshop is to serve as a forum for new conceptual and - perimental research results in the area of information security applications, with contributions from the academic community as well as from industry. The wo- shop program covers a wide range of security aspects including network security, e-commerce, cryptography, cryptanalysis, applications and implementation - pects. TheProgramCommitteereceived168papersfrom17countries,andaccepted 29 papers for a full presentation track and 16 papers for a short presentation track. Each paper was carefully evaluated through a peer-review process by at least three members of the Program Committee. This volume contains revised versionsof29papersacceptedandpresentedinthefullpresentationtrack.Short papersonlyappearedintheWISA2005pre-proceedingsaspreliminaryversions, and their extended versions may be published elsewhere. In addition to the contributed papers, the workshop had ?ve special talks. Moti Yung gave a tutorial talk, entitled "Malware Meets Cryptography." Virgil Gligor and Michel Abdalla gave invited talks in the full presentation track, en- tled "On the Evolution of Adversary Models in Security Protocols" and "Public- Key Encryption with Keyword Search," respectively. Finally, Shozo Naito and Jonguk Choi gave invited talks in the short presentation track, entitled "New RSA-Type Public-Key Cryptosystem and Its Performance Evaluation" and "A New Booming Era of DRM: Applications and Extending Business," respectively.

Security Analysis and Attacks.- Security Weakness in Ren et al.'s Group Key Agreement Scheme Built on Secure Two-Party Protocols.- Cryptanalysis of Some Group-Oriented Proxy Signature Schemes.- Application of LFSRs in Time/Memory Trade-Off Cryptanalysis.- System Security.- An Alert Data Mining Framework for Network-Based Intrusion Detection System.- Key Factors Influencing Worm Infection in Enterprise Networks.- Evaluation of the Unified Modeling Language for Security Requirements Analysis.- Network Security.- A Simple and Efficient Conference Scheme for Mobile Communications.- A Hash-Chain Based Authentication Scheme for Fast Handover in Wireless Network.- Efficient Multicast Stream Authentication for the Fully Adversarial Network Model.- Elastic Security QoS Provisioning for Telematics Applications.- DRM/Software Security.- An Improved Algorithm to Watermark Numeric Relational Data.- Video Fingerprinting System Using Wavelet and Error Correcting Code.- Secure Asymmetric Watermark Detection Without Secret of Modified Pixels.- Kimchi: A Binary Rewriting Defense Against Format String Attacks.- Software Protection Through Dynamic Code Mutation.- Efficient HW Implementation.- Efficient Hardware Implementation of Elliptic Curve Cryptography over GF(p m ).- Developing and Implementing IHPM on IXP 425 Network Processor Platforms.- Analysis on the Clockwise Transposition Routing for Dedicated Factoring Devices.- mCrypton - A Lightweight Block Cipher for Security of Low-Cost RFID Tags and Sensors.- Side-Channel Attacks.- Practical Modifications of Leadbitter et al.'s Repeated-Bits Side-Channel Analysis on (EC)DSA.- A DPA Countermeasure by Randomized Frobenius Decomposition.- DPA Attack on the Improved Ha-Moon Algorithm.- An Efficient Masking Scheme for AES Software Implementations.- Privacy/Anonymity.- Secure Multi-attribute Procurement Auction.- Oblivious Conjunctive Keyword Search.- Efficient, Non-optimistic Secure Circuit Evaluation Based on the ElGamal Encryption.- Efficient Implementation.- New Concept of Authority Range for Flexible Management of Role Hierarchy.- Role-Based Access Control Model for Ubiquitous Computing Environment.- Designing Security Auditing Protocol with Web Browsers.