Information Security Practice and Experience

The4thInformationSecurityPracticeandExperienceConference(ISPEC2008) was held at Crowne Plaza, Darling Harbour, Sydney, Australia, during April 21 23, 2008. The previous three conferences were held in Singapore in 2005, Hangzhou, China in 2006 and Hong Kong, China in 2007. As with the previous three conference proceedings, the proceedings of ISPEC 2008 were published in the LNCS series by Springer. Theconferencereceived95submissions,outofwhichtheProgramCommittee selected 29 papers for presentation at the conference. These papers are included in the proceedings. The accepted papers cover a range of topics in mathem- ics, computer science and security applications, including authentication and digital signatures, privacy, encryption and hash-function algorithms, security analysis, network security, access control, security devices, pairing and elliptic curve-basedsecuritypractice,securitycomputationandso forth.The conference proceedings contain revised versions of the selected papers. Since some of them were not checked again for correctness before publication, the authors (and not the ProgramCommittee)bear full responsibilityfor the contentsoftheir papers. In addition to the contributed papers, the program comprised two invited talks.TheinvitedspeakerswereVijayVaradharajan(MacquarieUniversity,A- tralia) and Robert Huijie Deng (Singapore Management University, Singapore). Special thanks are due to these speakers. Wewouldliketothankallthepeoplewhohelpedwiththeconferenceprogram and organization. First, we thank the Steering Committee for their guidance on the general format of the conference. We also heartily thank the Program Committee and the sub-reviewers listed on the following pages for their hard e?orts and time contributed to the review process, which took seven weeks. Each paper was carefully evaluated by at least two or three people. There was signi?cant online discussion about a large number of papers.

This book constitutes the refereed proceedings of the 4th International Information Security Practice and Experience Conference, ISPEC 2008, held in Sydney, Australia, in May 2008.
The papers cover a wide range of topics.

Verification of Integrity and Secrecy Properties of a Biometric Authentication Protocol.- An On-Line Secure E-Passport Protocol.- Secure Multi-Coupons for Federated Environments: Privacy-Preserving and Customer-Friendly.- 1-out-of-n Oblivious Signatures.- A Formal Study of the Privacy Concerns in Biometric-Based Remote Authentication Schemes.- Private Query on Encrypted Data in Multi-user Settings.- Towards Tamper Resistant Code Encryption: Practice and Experience.- A New Public Key Broadcast Encryption Using Boneh-Boyen-Goh's HIBE Scheme.- RSA Moduli with a Predetermined Portion: Techniques and Applications.- Variants of the Distinguished Point Method for Cryptanalytic Time Memory Trade-Offs.- Secure Cryptographic Precomputation with Insecure Memory.- Securing Peer-to-Peer Distributions for Mobile Devices.- Unified Rate Limiting in Broadband Access Networks for Defeating Internet Worms and DDoS Attacks.- Combating Spam and Denial-of-Service Attacks with Trusted Puzzle Solvers.- PROBE: A Process Behavior-Based Host Intrusion Prevention System.- Towards the World-Wide Quantum Network.- Synthesising Monitors from High-Level Policies for the Safe Execution of Untrusted Software.- Mediator-Free Secure Policy Interoperation of Exclusively-Trusted Multiple Domains.- Privacy of Recent RFID Authentication Protocols.- A New Hash-Based RFID Mutual Authentication Protocol Providing Enhanced User Privacy Protection.- An Efficient Countermeasure against Side Channel Attacks for Pairing Computation.- Efficient Arithmetic on Subfield Elliptic Curves over Small Finite Fields of Odd Characteristic.- Secure Computation of the Vector Dominance Problem.- Rational Secret Sharing with Repeated Games.- Distributed Private Matching and Set Operations.- Computational Soundness ofNon-Malleable Commitments.- Square Attack on Reduced-Round Zodiac Cipher.- Analysis of Zipper as a Hash Function.- On the Importance of the Key Separation Principle for Different Modes of Operation.