Lecture Notes in Computer Science 3574 CommencedPublicationin1973 FoundingandFormerSeriesEditors: GerhardGoos,JurisHartmanis,andJanvanLeeuwen EditorialBoard DavidHutchison LancasterUniversity,UK TakeoKanade CarnegieMellonUniversity,Pittsburgh,PA,USA JosefKittler UniversityofSurrey,Guildford,UK JonM.Kleinberg CornellUniversity,Ithaca,NY,USA FriedemannMattern ETHZurich,Switzerland JohnC.Mitchell StanfordUniversity,CA,USA MoniNaor WeizmannInstituteofScience,Rehovot,Israel OscarNierstrasz UniversityofBern,Switzerland C.PanduRangan IndianInstituteofTechnology,Madras,India BernhardSteffen UniversityofDortmund,Germany MadhuSudan MassachusettsInstituteofTechnology,MA,USA DemetriTerzopoulos NewYorkUniversity,NY,USA DougTygar UniversityofCalifornia,Berkeley,CA,USA MosheY.Vardi RiceUniversity,Houston,TX,USA GerhardWeikum Max-PlanckInstituteofComputerScience,Saarbruecken,Germany Colin Boyd Juan M. González Nieto (Eds.) Information Security and Privacy 10th Australasian Conference, ACISP 2005 Brisbane, Australia, July 4-6, 2005 Proceedings 1 3 VolumeEditors ColinBoyd JuanM.GonzálezNieto QueenslandUniversityofTechnology InformationSecurityInstitute GPOBox2434,Brisbane4000,Australia E-mail:[email protected],[email protected] LibraryofCongressControlNumber:2005928379 CRSubjectClassification(1998):E.3,K.6.5,D.4.6,C.2,E.4,F.2.1,K.4.1 ISSN 0302-9743 ISBN-10 3-540-26547-3SpringerBerlinHeidelbergNewYork ISBN-13 978-3-540-26547-4SpringerBerlinHeidelbergNewYork Thisworkissubjecttocopyright.Allrightsarereserved,whetherthewholeorpartofthematerialis concerned,specificallytherightsoftranslation,reprinting,re-useofillustrations,recitation,broadcasting, reproductiononmicrofilmsorinanyotherway,andstorageindatabanks.Duplicationofthispublication orpartsthereofispermittedonlyundertheprovisionsoftheGermanCopyrightLawofSeptember9,1965, initscurrentversion,andpermissionforusemustalwaysbeobtainedfromSpringer.Violationsareliable toprosecutionundertheGermanCopyrightLaw. SpringerisapartofSpringerScience+BusinessMedia springeronline.com ©Springer-VerlagBerlinHeidelberg2005 PrintedinGermany Typesetting:Camera-readybyauthor,dataconversionbyBollerMediendesign Printedonacid-freepaper SPIN:11506157 06/3142 543210 Preface The 2005AustralasianConferenceonInformationSecurity andPrivacywasthe tenthintheannualseriesthatstartedin1996.Overthe yearsACISPhasgrown fromarelativelysmallconferencewithalargeproportionofpaperscomingfrom Australia into a truly international conference with an established reputation. ACISP 2005washeldatQueenslandUniversityofTechnologyin Brisbane,dur- ing July 4–6, 2005. This year there were 185 paper submissions and from these 45 papers were accepted.Accepted paperscame from13 countries,withthe largestproportions coming from Australia (12), China (8) and Japan (6). India and Korea both contributed 2 papers and one came from Singapore. There were also 11 papers from European countries and 3 from North America. We would like to extend our sincere thanks to all authors who submitted papers to ACISP 2005. The contributed papers were supplemented by four invited talks from emi- nent researchers in information security. The father-and-son team of Prof. and Dr. Bob Blakley (Texas A&M University and IBM) gave a talk entitled “All Sail, No Anchor III,” following up on a theme started at their ACISP 2000 in- vited talk. Adrian McCullagh (Phillips Fox Lawyers and QUT) talked on the benefit and perils of Internet banking. Ted Dunstone (Biometix) enlightened us on multimodal biometric systems. Yvo Desmedt (University College London) elucidatedthe growinggapbetweentheoryandpractice ininformationsecurity. We were fortunate to have an energetic team of experts who formed the Program Committee. Their names may be found overleaf, and we thank them warmly for their considerable efforts. This team was helped by an even larger numberofindividualswhoreviewedpapersintheirparticularareasofexpertise. A list of these names is also provided; we hope it is complete. We are delighted to acknowledge the generous financial sponsorship of ACISP 2005by EracomTechnologiesandRNSA (a researchnetwork funded by theAustralianResearchCouncil).TheconferencewashostedbytheInformation Security Institute at Queensland University of Technology who provided first- classfacilities andmaterialsupport.The excellentLocalOrganizingCommittee was led by the ACISP 2005 General Chair, Ed Dawson, and included Lauren May, Elizabeth Hansford and Christine Orme. We made use of electronic sub- missionandreviewingsoftwareexpertlywrittenandsupportedbyAndrewClark fromthe InformationSecurity Institute atQUT;this softwarewasinvaluable in easing our administrative tasks. July 2005 Colin Boyd Juan M. Gonza´lez Nieto VI Organization ACISP 2005 10th Australasian Conference on Information Security and Privacy Sponsored by Information Security Institute, Queensland University of Technology ARC Research Network for a Secure Australia (RNSA) Eracom Technologies Pty. Ltd. General Chair Ed Dawson Queensland University of Technology, Australia Program Chairs Colin Boyd Queensland University of Technology, Australia Juan M. Gonza´lez Nieto Queensland University of Technology, Australia Program Committee Paul Ashley IBM, Australia Tuomas Aura Microsoft Research, UK Feng Bao Institute for Infocomm Research, Singapore Lynn Batten Deakin University, Australia Matt Bishop University of California at Davis, USA Bob Blakley Texas A&M University, USA Mike Burmester Florida State University, USA Marc Dacier Eurecom, France Yvo Desmedt University College London, UK Josep Domingo Universitat Rovira i Virgili, Spain Jordi Forn´e Universitat Polit`ecnica de Catalunya, Spain Virgil Gligor University of Maryland, USA Dieter Gollmann TU Hamburg-Harburg, Germany Peter Gutmann University of Auckland, New Zealand Bill Hutchinson Edith Cowan University, Australia Audun Josang DSTC, Australia Marc Joye CIM-PACA, France Svein Knapskog Norwegian University of Science and Technology, Norway Organization VII Byoungcheon Lee Joongbu University, Korea Javier Lo´pez University of M´alaga, Spain Wenbo Mao HP Laboratories, UK Chris Mitchell Royal Holloway, UK George Mohay QUT, Australia Paul Montague Motorola, Australia SangJae Moon Kyungpook National University, Korea Winfried Mueller University of Klagenfurt, Austria Eiji Okamoto University of Tsukuba, Japan Susan Pancho-Festin University of the Philippines, Philippines Radia Perlman Sun Microsystems, USA Josef Pieprzyk Macquarie University, Australia Bart Preneel Katholieke Universiteit Leuven, Belgium Pandu Rangan Indian Institute of Technology, India Anthony Rhodes Zayed University, UAE Carsten Rudolph Fraunhofer SIT, Germany Rei Safavi-Naini University of Wollongong, Australia Pierangela Samarati University of Milan, Italy Akashi Satoh IBM Research, Japan Jennifer Seberry University of Wollongong, Australia Miquel Soriano Universitat Polit`ecnica de Catalunya, Spain Sridha Sridharan QUT, Australia Vijay Varadharajan Macquarie University, Australia Kapali Viswanathan SETS, India Huaxiong Wang Macquarie University, Australia Matt Warren Deakin University, Australia Chuan-Kun Wu Australian National University, Australia Yuliang Zheng University of North Carolina, Charlotte, USA VIII Organization External Reviewers Riza Aditya Michael Hitchens Christian Ritz Isaac Agudo Zhenjie Huang Bruno Robisson Toru Akishita Sarath Indrakanti Rodrigo Roman Stig Andersson Kouichi Itoh Chun Ruan Andr´e ˚Arnes Udaya Kiran Tupakula Francesc Seb´e Joonsang Baek Lars Knudsen Bouchra Senadji Mark Branagan Joe Lano Leonie Simpson Gareth Brisbane HoonJae Lee Nigel Smart Jordi Castella`-Roca Ching Lin Agusti Solanas Vinod Chandran Ling Liu Martijn Stam Liqun Chen Subhamoy Maitra Ron Steinfeld Joe Cho Antoni Chris Steketee Mathieu Ciet Mart´ınez-Ballest´e Hung-Min Sun Andrew Clark Michael Mason Willy Susilo Scott Contini Anish Mathuria Gelareh Taban Nora Dabbous Bill Millan Dong To Breno de Medeiros Jose A. Montenegro Guillaume Urvoy-Keller Christophe De Canni`ere Sumio Morioka Tri Van Le Alex Dent Yi Mu N. Vijayarangan Jintai Ding Jose Luis Muoz R. Vijayasarathy Hans Dobbertin Gregory Neven Guilin Wang Christophe Doche Lan Nguyen Yongge Wang Jiang Du Katsuyuki Okeya Duncan S. Wong Oscar Esparza Jose A. Onieva Yongdong Wu Serge Fehr Kenny Paterson Alec Yasinsac Clinton Fookes Josep Pegueroles Fangguo Zhang Steven Galbraith Kun Peng Janson Zhang PraveenGauravaram Angela Piper Weiliang Zhao Pierre Girard Fabien Pouget Yunlei Zhao Goichiro Hanaoka Geraint Price Huafei Zhu Keith Harrison Micha¨el Quisquater Jacob Zimmermann Yvonne Hitchcock Jason Reid Table of Contents Invited Talk All Sail, No Anchor III: Risk Aggregationand Time’s Arrow ........... 1 Bob Blakley, G.R. Blakley Network Security Traversing Middleboxes with the Host Identity Protocol ............... 17 Hannes Tschofenig, Andrei Gurtov, Jukka Ylitalo, Aarthi Nagarajan, Murugaraj Shanmugam AnInvestigationofUnauthorisedUseofWirelessNetworksinAdelaide, South Australia................................................... 29 Phillip Pudney, Jill Slay An Efficient Solution to the ARP Cache Poisoning Problem ............ 40 Vipul Goyal, Rohit Tripathy Cryptanalysis On Stern’s Attack Against Secret Truncated Linear Congruential Generators....................................................... 52 Scott Contini, Igor E. Shparlinski On the Success Probability of χ2-attack on RC6 ...................... 61 Atsuko Miyaji, Yuuki Takano Solving Systems of Differential Equations of Addition.................. 75 Souradyuti Paul, Bart Preneel Group Communications A Tree Based One-Key Broadcast Encryption Scheme with Low Computational Overhead .......................................... 89 Tomoyuki Asano, Kazuya Kamio Dynamic Group Key Agreement in Tree-BasedSetting................. 101 Ratna Dutta, Rana Barua Immediate Data Authentication for Multicast in Resource Constrained Network ........................................................ 113 C.K. Wong, Agnes Chan X Table of Contents Elliptic Curve Cryptography Redundant Trinomials for Finite Fields of Characteristic 2 ............. 122 Christophe Doche Efficient Tate Pairing Computation for Elliptic Curves over Binary Fields ........................................................... 134 Soonhak Kwon A Complete Divisor Class Halving Algorithm for Hyperelliptic Curve Cryptosystems of Genus Two....................................... 146 Izuru Kitamura, Masanobu Katagi, Tsuyoshi Takagi Mobile Security Using “Fair Forfeit” to Prevent Truncation Attacks on Mobile Agents ... 158 Min Yao, Kun Peng, Ed Dawson An Improved Execution Integrity Solution for Mobile Agents ........... 170 Michelangelo Giansiracusa, Selwyn Russell, Andrew Clark, John Hynd RFID Guardian: A Battery-PoweredMobile Device for RFID Privacy Management ..................................................... 184 Melanie R. Rieback, Bruno Crispo, Andrew S. Tanenbaum Side Channel Attacks Enhanced DES Implementation Secure Against High-Order Differential Power Analysis in Smartcards ...................................... 195 Jiqiang Lv, Yongfei Han Improved Zero Value Attack on XTR................................ 207 R´egis Bevan Efficient Representations on Koblitz Curves with Resistance to Side Channel Attacks .................................................. 218 Katsuyuki Okeya, Tsuyoshi Takagi, Camille Vuillaume Evaluation and Biometrics SIFA: A Tool for Evaluation of High-Grade Security Devices ........... 230 Tim McComb, Luke Wildman Cancelable Key-BasedFingerprint Templates......................... 242 Russell Ang, Rei Safavi–Naini, Luke McAven Public Key Cryptosystems Hybrid Signcryption Schemes with Insider Security.................... 253 Alexander W. Dent Table of Contents XI On the Possibility of Constructing Meaningful Hash Collisions for Public Keys ...................................................... 267 Arjen Lenstra, Benne de Weger Tunable Balancing of RSA ......................................... 280 Steven D. Galbraith, Chris Heneghan, James F. McKee Access Control I Key Management for Role Hierarchy in Distributed Systems............ 293 Celia Li, Cungang Yang, Richard Cheung A Formalization of Distributed Authorization with Delegation .......... 303 Shujing Wang, Yan Zhang Signatures I Two Improved Partially Blind Signature Schemes from Bilinear Pairings . 316 Sherman S.M. Chow, Lucas C.K. Hui, S.M. Yiu, K.P. Chow On the Security of Nominative Signatures............................ 329 Willy Susilo, Yi Mu Invited Talk Who Goes There? Internet Banking: A Matter of Risk and Reward...... 336 Adrian McCullagh, William Caelli Access Control II Role Activation Management in Role Based Access Control ............ 358 Richard W.C. Lui, Sherman S.M. Chow, Lucas C.K. Hui, S.M. Yiu VO-Sec: An Access Control Framework for Dynamic Virtual Organization ..................................................... 370 Hai Jin, Weizhong Qiang, Xuanhua Shi, Deqing Zou Threshold Cryptography An Efficient Implementation of a Threshold RSA Signature Scheme ..... 382 Brian King GBD Threshold Cryptography with an Application to RSA Key Recovery ........................................................ 394 Chris Steketee,Jaimee Brown,Juan M.Gonza´lez Nieto, Paul Montague An (n−t)-out-of-n Threshold Ring Signature Scheme ................. 406 Toshiyuki Isshiki, Keisuke Tanaka