Sebery J.Cryptography.An introduction to computer security.1989
.pdfReferences 641
151.T. Dierks and C. Allen. RFC 2246: The TLS Protocol Version 1.0, January 1999. Available at http://www.ietf.org/rfc/rfc2246.txt.
152.W. DiÆe and M.E. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, 22:644{654, 1976.
153.W. DiÆe and M.E. Hellman. Exhaustive cryptanalysis of the NBS data encryption standard. Computer, 10:74{84, June 1977.
154.W. DiÆe, P. Van Oorschot, and M. Wiener. Authentication and authenticated key exchanges. Designs, Codes, and Cryptography, 2:107{125, 1992.
155.J.F. Dillon. A survey of bent functions. The NSA Technical Journal, pages 191{215, 1972. (unclassi ed).
156.H. Dobbertin. Cryptanalysis of MD4. In D. Gollmann, editor, Fast Software Encryption 1996. Lecture Notes in Computer Science No. 1039, pages 53{69. Springer, Berlin Heidelberg New York, 1996.
157.H. Dobbertin. Cryptanalysis of MD5 compress. Announcement on Internet, May 1996.
158.H. Dobbertin, A. Bosselaers, and B. Preneel. RIPEMD-160: a strengthened version of RIPEMD. In D. Gollmann, editor, Fast Software Encryption 1996 Lecture Notes in Computer Science No. 1039, pages 71{79. Springer, Berlin Heidelberg New York, 1996.
159.D. Dolev and A. Wigderson. On the security of multi-party protocols in distributed systems. In D. Chaum, R.L. Rivest, and A.T. Sherman, editors, Advances in Cryptology ( Crypto'82), pages 167{175. Plenum, New York.
160.C. Dowell and P. Ramstedt. The Computer Watch data reduction toll. In Proceedings of the 13th National Computer Security Conference, pages 99{108, 1990.
161.A.R. Downing, I.B. Greenberg, and T.F. Lunt. Issues in distributed database security. In Proceedings of the 5th Aerospace Computer Security Applications Conference, pages 196{203, Tucson, AZ, December, 1989.
162.T. Du . Experience with viruses on UNIX systems. Computing Systems, 2:155{171, 1989.
163.T. ElGamal. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, IT-31:469{472, 1985.
164.T. ElGamal. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, IT-31:469{472, 1985.
165.S. Even and O. Goldreich. Des-like functions can generate the alternating group. IEEE Transactions on Information Theory, IT-29(6):863{865, 1983.
166.V. Fak. Repeated use of codes which detect deception. IEEE Transactions on Information Theory, IT-25(2):233{234, 1979.
167.R. Farrow. UNIX System Security. Addison-Wesley, Boston, 1991.
168.U. Feige, A. Fiat, and A. Shamir. Zero knowledge proofs of identity. Journal of Cryptology, 1(2):77{94, 1988.
169.H. Feistel. Cryptography and computer privacy. Scienti c American, 228:15{23, May 1973.
170.H. Feistel, W. Notz, and J. Smith. Some cryptographic techniques for machine-to- machine data communications. Proceedings of IEEE, 63(11):1545{1554, November 1975.
642 References
171.P. Feldman. A practical scheme for non-interactive veri able secret sharing. In Proceedings of the 28th IEEE Symposium on Foundations of Computer Science, pages 427{437. IEEE, 1987.
172.J. Fellows and J. Hemenway. The architecture of a distributed trusted computing base. In
Proceedings of the 10th National Computer Security Conference, pages 68{77, Baltimore, MD, September 1987. NBS/NCSC.
173.D. Ferbrache. INIT29 { infections but your data is safe. Virus Bulletin, December 1989.
174.D. Ferbrache. Virus analysis: nVIR and its clones. Virus Bulletin, October 1989.
175.D. Ferbrache. Mac threats. Virus Bulletin, December 1990.
176.D. Ferbrache. Virus report: WDEF { the hidden virus. Virus Bulletin, January 1990.
177.N. Ferguson. Extensions of single-term coins. In D.R. Stinson, editor, Advances in Cryptology (CRYPTO'93). Lecture Notes in Computer Science No. 773, pages 292{301. Springer, Berlin Heidelberg New York, 1994.
178.N. Ferguson, J. Kelsey, S. Lucks, B. Schneier, M. Stay, D. Wagner, and D. Whiting. Improved cryptanalysis of Rijndael. In Fast Software Encryption 2000, 2000.
179.E.B. Fernandez, E. Gudes, and H. Song. A security model for object-oriented databases. In Proceedings of the 1989 IEEE Symposium on Security and Privacy, pages 110{115. IEEE, 1989.
180.D. Ferraiolo and R. Kuhn. Role based access controls. In Proceedings of the 15th National Computer Security Conference, pages 554{563. NIST, Gaithersburg, MD, 1992
181.R. Feynman. Simulating physics with computers. International Journal of Theoretical Physics, 21(6-7):467{488, 1982.
182.A. Fiat and A. Shamir. How to prove yourself: practical solutions to identi cation and signature problems. In A.M. Odlyzko, editor, Advances in Cryptology (CRYPTO'86). Lecture Notes in Computer Science No. 263, pages 186{194. Springer, Berlin Heidelberg New York, 1987.
183.S. Fischer-H•ubner and K. Brunnstein. Combining veri ed and adaptive system components towards more secure computer architectures. In Proceedings of the International Workshop on Computer Architectures to Support Security and Persistence of Information, Section 14 page 1{7, 1990.
184.R. Fischlin and C.P. Schnorr. Stronger security proofs for RSA and Rabin bits. In
W.Fumy, editor, Advances in Cryptology (EUROCRYPT'97). Lecture Notes in Computer Science No. 1233, pages 267{279. Springer, Berlin Heidelberg New York, 1997.
185.D.H. Fishman, J. Annevelink, D. Beech, E.C. Chow, T. Connors, J.W. Davis,
W.Hasan, C.G. Hoch, W. Kent, S. Leichner, P. Lyngbaek, B. Mahbod, M.A. Neimat,
T.Risch, M.C. Shan, and W.K. Wilkinson. Overview of the Iris DBMS. In W. Kim and F.H. Lochovsky, editors, Object-Oriented Concepts, Databases and Applications, pages 219{250. Addison-Wesley, New York, 1989.
186.D.H. Fishman, D. Beech, H.P. Cate, E.C. Chow, T. Connors, J.W. Davis, N. Derrett, C.G. Hoch, W. Kent, P. Lyngbaek, B. Mahbod, M.A. Neimat, T.A. Ryan, and M.C. Shan. Iris: An object-oriented database management system. ACM Transactions on OÆce Information Systems, 5(1):48{69, 1987.
References 643
187.National Institute for Standards and Technology. Digital Signature Standard (DSS). Federal Register, 56(169), August 30, 1991.
188.R. Forre. Methods and instruments for designing S-boxes. Journal of Cryptology, 2(3):115{130, 1990.
189.W.F. Friedman. The index of coincidence and its application in cryptography. Riverbank Laboratories,, Publication No. 22, 1920.
190.A. Fujioka, T. Okamoto, and K. Ohta. A practical secret voting scheme for large scale elections. In J. Seberry and Y. Zheng, editors, Advances in Cryptology (AUSCRYPT'92). Lecture Notes in Computer Science No. 718. pages 244{251. Springer, Berlin Heidelberg New York, 1993.
191.A. Furche and G. Wrightson. Computer Money: A Systematic Overview of Electronic Payment Systems. DPunkt, Heidelberg 1996.
192.M. Garey and D.S. Johnson. Computers and Intractability: A Guide to the Theory of NP-Completeness. Freeman, New York, 1979.
193.C. Garvey and A. Wu. ASD Views. In Proceedings of the 1988 IEEE Symposium on Security and Privacy, pages 85{95. IEEE, 1988.
194.T.D. Garvey and T.F. Lunt. Multilevel security for knowledge-based systems. In Proceedings of the Workshop on Object-Oriented Database Security, University of Karlsruhe, W. Germany. European Institute for System Security, 1990. (preprint)
195.T.D. Garvey and T.F. Lunt. Multilevel security for knowledge-based systems. In Proceedings of the 6th Computer Security Applications Conference, Tucson, AZ, December, 1990. (preprint)
196.M. Gasser, A. Goldstein, C. Kaufman, and B. Lampson. The digital distributed system security architecture. In Proceedings of 12th National Computer Security Conference, pages 305{319. Baltimore, MD, 1989.
197.R. Gennaro, S. Jarecki, H. Krawczyk, and T. Rabin. Robust threshold DSS signatures. In U. Maurer, editor, Advances in Cryptology (EUROCRYPT'96). Lecture Notes in Computer Science No. 1070, pages 354{371. Springer, Berlin Heidelberg New York, 1996.
198.J. Gersting. Mathematical Structures for Computer Science. Freeman, New York, 1987.
199.H. Ghodosi, J. Pieprzyk, and R. Safavi-Naini. Dynamic threshold cryptosystem: a new scheme in group oriented cryptography. In J. Pribyl, editor, Proceedings of PRAGOCRYPT'96, pages 370{379. CTU, Prague, 1996.
200.J. Gibson. Discrete logarithm hash function that is collision free and one way. In IEE Proceedings-E, (138)6: 407{410. Springer, Berlin Heidelberg New York, 1991.
201.E.N. Gilbert, F.J. MacWilliams, and N. J.A. Sloane. Codes which detect deception. Bell System Tech. J., 53:405{424, 1974.
202.J. Gill. Computational complexity of probabilistic Turing machines. Society of Industrial and Applied Mathematicians (SIAM), 6:675{695, December 1977.
203.M. Girault. Self-certi ed public keys. In D. Davies, editor, Advances in Cryptology (EUROCRYPT'91). Lecture Notes in Computer Science No. 547 pages 490{497. Springer, Berlin Heidelberg New York, 1991.
644 References
204.J. I. Glasgow, G.H. MacEwen, T. Mercouris, and F. Ouabdesselam. Specifying multilevel security in a distributed system. In Proceedings of the 7th DOD/NBS Computer Security Conference, pages 319{340, September 1984.
205.J.A. Goguen and J. Meseguer. Unwinding and inference control. In Proceedings of the 1984 IEEE Symposium on Security and Privacy, pages 75{86. IEEE, 1984.
206.O. Goldreich. Modern Cryptography, Probabilistic Proofs and Pseudorandomness. Springer, Berlin Heidelberg New York, 1999.
207.O. Goldreich, S. Goldwasser, and S. Micali. How to construct random functions. Journal of the ACM, 33(4):792{807, 1986.
208.O. Goldreich, Y. Mansour, and M. Sipser. Interactive proof systems: provers that never fail and random selection. In Proceedings of the 28th IEEE Symposium on Foundations of Computer Science, pages 449{460.IEEE, 1987.
209.O. Goldreich, S. Micali, and A. Wigderson. Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems. Journal of the ACM, 38(1):691{ 729, 1991.
210.S. Goldwasser and S. Micali. Probabilistic encryption. Journal of Computer and System Science, 28(2):270{299, April 1984.
211.S. Goldwasser, S. Micali, and C. Racko . The knowledge complexity of interactive proofsystems. SIAM Journal of Computing, 18(1):186{208, February 1989.
212.S. Goldwasser, S. Micali, and R. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. Society of Industrial and Applied Mathematicians (SIAM), 17(2):281{308, April 1988.
213.J. Golic. Intrinsic statistical weakness of keystream generators. In J. Pieprzyk and R. Safavi-Naini, editors, Advances in Cryptology (ASIACRYPT'94). Lecture Notes in Computer Science No. 917, pages 91{103. Springer, Berlin Heidelberg New York, 1995.
214.D. Gollmann. What do we mean by entity authentication. In IEEE Symposium on Research in Security and Privacy, pages 46{54, IEEE, 1996.
215.D. Gollmann. Computer Security. Wiley, New York, 1999.
216.D. Gollmann, T. Beth, and F. Damm. Authentication services in distributed systems.
Computers & Security, 12:753{764, 1993.
217.D. Gollmann and W. Chambers. Clock-controlled shift registers: a review. IEEE Journal of Selected Areas of Communications, 7(4):525{533, May 1989.
218.L. Gong, R. Needham, and R. Yahalom. Reasoning about belief in cryptographic protocols. In IEEE Symposium on Security and Privacy, pages 234{248. IEEE, 1990.
219.A. Goscinski. Distributed Operating Systems The Logical Design. Addison-Wesley, New York, 1991.
220.G. Graham and P. Denning. Protection: principles and practices. In Proceedings of the AFIPS Spring Joint Computer Conference, pages 417{429, 1972.
221.P.P. GriÆths and B.W. Wade. An authorization mechanism for a relational database system. ACM Transactions on Database Systems, 1(3):242{255, 1976.
222.CIDF Working Group. the common intrusion detection framework. Version 0.6, available at http://seclab.cs.ucdavis.edu/cidf, 1999.
References 645
223.D. Gryaznov. Scanners for the year 2000: Heuristics. In Proceedings of the 5th International Virus Bulletin Conference, pages 225{234, 1995.
224.L. Guillou and J-J. Quisquater. EÆcient digital public-key signature with shadow. In C. Pomerance, editor, Advances in Cryptology (CRYPTO'87). Lecture Notes in Computer Science No. 293, pages 223{223. Springer, Berlin Heidelberg New York, 1988.
225.C. G•unter. An identity-based key-exchange protocol. In J.-J. Quisquater and J. Vandewalle, editors, Advances in Cryptology (EUROCRYPT'89). Lecture Notes in Computer Science No. 434, pages 29{37. Springer, Berlin Heidelberg New York, 1990.
226.S. Gupta and V.D. Gligor. Experience with a penetration analysis method and tool. In
Proceedings of the 15th National Computer Security Conference, pages 165{183, 1992.
227.N. Habra, B. Charlierand, A. Mounji, and I. Mathieu. ASAX: software architecture and rule-based language for universal audit trial analysis. In Y. Deswarte, G. Eizenberg, and J.-J. Quisquater, editors, Proceedings of the European Symposium on Research in Computer Security (ESORICS'92). Lecture Notes in Computer Science No. 648, pages 435{450. Springer, Berlin Heidelberg New York, 1992.
228.L. Had eld, D. Hatter, and D. Bixler. Windows NT Server 4 Security Handbook. Que Corporation, Indianapolis, IN, 1997.
229.S. Halevi. EÆcient commitment schemes with bounded sender and unbounded receiver. In D. Coppersmith, editor, Advances in Cryptology (CRYPTO'95). Lecture Notes in Computer Science No. 963, pages 84{966. Springer, Berlin Heidelberg New York, 1995.
230.S. Hansen and T. Atkins. Automated system monitoring and noti cation with swatch. In Proceedings of the USENIX Systems Administration (LISA VII) Conference, pages 145{155, 1993.
231.T. Hardjono and J. Seberry. Authentication via multi-service tickets in the KUPEREE server. In D. Gollmann, editor, Proceedings of the 3rd European Symposium on Research in Computer Security (ESORICS'94). Lecture Notes in Computer Science No. 875, pages 143{160. Springer, Berlin Heidelberg New York, 1994.
232.T. Hardjono and J. Seberry. Replicating the KUPEREE authentication server for increased security and reliability. In J. Pieprzyk and J. Seberry, editors, Proceedings of the 1st Australasian Conference on Information Security and Privacy ACISP96, Lecture Notes in Computer Science No. 1172, pages 14{27. Springer, Berlin Heidelberg New York, 1996.
233.D. Harkins and D. Carrel. RFC 2409: The Internet Key Exchange (IKE), November 1998. Available at http://www.ietf.org.
234.M. Harrison, W. Ruzzo, and J. Ullman. Protection in operating systems. Communications of the ACM, 19(8):461{471, 1976.
235.H.R. Hartson. Database security { system architectures. Information Systems (GB), 6:1{22, 1981.
236.P. Hawkes. Di erential-linear weak key classes of IDEA. In K. Nyberg, editor, Advances in Cryptology (EUROCRYPT'98). Lecture Notes in Computer Science No. 1403, pages 112{126. Springer, Berlin Heidelberg New York, 1998.
237.R.R. Henning and S.A. Walker. Computer architecture and database security. In Proceedings of the 9th National Computer Security Conference, pages 216{230. National
646 References
Bureau of Standards/National Computer Security Center. Gaithersburg, MD, September 1986.
238.M.P. Herlihy and J.D. Tyger. How to make replicated data secure. In C. Pomerance, editor, Advances in Cryptology (CRYPTO '87). Lecture Notes in Computer Science No. 293, pages 380{391. Springer, Berlin Heidelberg New York, 1987.
239.A. Herzberg, S. Jarecki, H. Krawczyk, and M. Yung. Proactive secret sharing or: how to cope with perpetual leakage. In D. Coppersmith, editor, Advances in Cryptology (CRYPTO'95). Lecture Notes in Computer Science No. 963, pages 339{352. Springer, Berlin Heidelberg New York, 1995.
240.E. Heyst and T. Pedersen. How to make eÆcient fail-stop signatures. In R. Rueppel, editor, Advances in Cryptology (EUROCRYPT'92). Lecture Notes in Computer Science No. 658, pages 366{377. Springer, Berlin Heidelberg New York, 1993.
241.H. Highland. The BRAIN virus: facts and fantasy. Computers & Security, 7:367{370, 1988.
242.H. Highland. A macro virus. Computers & Security, 8:178{188, 1989.
243.H. Highland. Procedure to reduce the computer virus threat. Computers & Security, 16:439{449, 1997.
244.M. Hirvensalo. Quantum Computing. Prentice-Hall, Englewood Cli s, NJ, 2001.
245.J. Hochberg, K. Jackson, C. Stallings, J. McClary, D. DuBois, and J. Ford. NADIR: An automated system for detecting network intrusion and misuse. Computers & Security, 12:235{248, 1993.
246.J. Horton. Introduction to viruses. PhD Thesis, School of IT and CS, University of Wollongong, 2000.
247.J. Horton and J. Seberry. Companion viruses and the Macintosh: threats and countermeasures. In Proceedings of the Fourth Australasian Conference on Information Security and Privacy (ACISP'99). Lecture Notes in Computer Science No. 1587, pages 202{212. Springer, Berlin Heidelberg New York, 1999.
248.D.K. Hsiao. Data base computers. In M.C. Yovits, editor, Advances in Computers, pages 1{64. Academic Press, New York, 1980.
249.K. Ilgun. USTAT: a real-time intrusion detection system for UNIX. In IEEE Symposium on Research in Security and Privacy, pages 16{28, IEEE, 1993.
250.Apple Computer Inc. Inside Macintosh: Files. Addison-Wesley, New York, 1992.
251.Apple Computer Inc. Inside Macintosh: Macintosh Toolbox Essentials. Addison-Wesley, New York, 1992.
252.Apple Computer Inc. Inside Macintosh: More Macintosh Toolbox. Addison-Wesley, New York, 1993.
253.Apple Computer Inc. Inside Macintosh: Operating System Utilities. Addison-Wesley, New York, 1994.
254.Oracle Inc. Oracle8 and Oracle8 Enterprise Edition, 1998. On-line Generic Documentation, Version 8.0.5.0.0.
255.I. Ingemarsson, D. Tang, and C. Wong. A conference key distribution system. IEEE Transactions on Information Theory, IT-28:714{720, IEEE, 1982.
References 647
256.M. Ito, A. Saito, and T. Nishizeki. Secret sharing scheme realizing general access structure. In Proceedings of the IEEE Globecom '87, pages 99{102. IEEE, 1987.
257.K. Iversen. A cryptographic scheme for computerized general elections. In J. Feigenbaum, editor, Advances in Cryptology (CRYPTO'91). Lecture Notes in Computer Science No. 576, pages 405{419. Springer, Berlin Heidelberg New York, 1992.
258.C. Jackson. Worms in the ripe apple. Virus Bulletin, July 1998. see http://www.virusbtn.com/VirusInformation/autostart9805.html.
259.M. Jakobsson and M. Yung. Revocable and versatile electronic money. In Proceedings of the 3rd ACM Conference on Computer and Communication Security, pages 76{87. ACM, Boston, 1996.
260.H.S. Javitz and A. Valdes. The SRI IDES statistical anomaly detector. In Proceedings of the 1991 IEEE Symposium on Security and Privacy, pages 316{326. IEEE, 1991.
261.T. Johansson. Lower bounds on the probability of deception in authentication with arbitration. IEEE Transactions on Information Theory, IT-40(5):1573{1585, 1994.
262.T. Johansson and A. Sgarro. Strengthening Simmons bound on impersonation. IEEE Transactions on Information Theory, IT-37(4):1182{1185, 1991.
263.T. Johansson, B. Smeets, and G. Kabatianskii. On the relation between a-codes and codes correcting independent errors. In T. Helleseth, editor, Advances in Cryptology (EUROCRYPT'93). Lecture Notes in Computer Science No. 765, pages 1{11. Springer, Berlin Heidelberg New York, 1994.
264.R.W. Jones and M.S.J. Baxter. The role of encipherment services in distributed systems. In F. Pichler, editor, Advances in Cryptology (EUROCRYPT'85). pages 214{220, Linz, Austria, April 1985.
265.D. Kahn. The Codebreakers. Macmillan, New York, 1967.
266.J. Kam and G. Davida Structured design of substitution-permutation networks. IEEE Transactions on Computers, C-28:747{753, 1979.
267.I. Kantzavelou and S. Katsikas. An attack detection system for secure computer systems - outline of the solution. In Proceedings of the 13th International Information Security Conference, pages 123{135, 1997.
268.I. Kantzavelou and A. Patel. An attack detection system for secure computer systems - design of ads. In Proceedings of the 12th International Information Security Conference, pages 1{16, 1996.
269.E.D. Karnin, J.W. Greene, and M.E. Hellman. On secret sharing systems. IEEE Transactions on Information Theory, IT-29:35{41, 1983.
270.D. Karpinski. AntiCMOS { brain damage. Virus Bulletin, August 1994.
271.Kasselman and W. Penzhorn. Cryptanalysis of reduced version of haval. Electronic Letters, 36:30{31, 2000.
272.A. Kaufmann. Graphs, Dynamic Programming, and Finite Games. Mathematics in Science and Engineering. Academic Press, New York, 1967.
273.T.F. Keefe, W. T. Tsai, and M.B. Thuraisingham. SODA: A secure object-oriented database system. Computers & Security, 8(6):517{533, 1989.
648 References
274. A. M. Keller. Updates to relational databases through views involving joins. In
P.Scheuermann, editor, Improving Database Usability and Responsiveness, pages 363{ 384. Academic Press, New York, 1982.
275.R. Kemmerer, C. Meadows, and J. Millen. Three systems for cryptographic protocol analysis. Journal of Cryptology, 7(2):79{130, 1994.
276.S. Kent and R. Atkinson. RFC 2401: Security architecture for the Internet Security. Network Working Group, IETF, November 1998. Available at http://www.ietf.org.
277.S. Kent and R. Atkinson. RFC 2402: IP Authentication Header, November 1998. Available at http://www.ietf.org.
278.S. Kent and R. Atkinson. RFC 2406: IP Encapsulating Security Payload (ESP), November 1998. Available at http://www.ietf.org.
279.W. Kim, N. Ballou, H. Chou, J.F. Garza, and D. Woelk. Features of the ORION objectoriented database system. In W. Kim and F.H. Lochovsky, editors, Object-Oriented Concepts, Databases and Applications, pages 251{282. Addison-Wesley, New York, 1989.
280.W. Kim, J.F. Garza, N. Ballou, and D. Woelk. Architecture of the ORION nextgeneration database system. IEEE Transaction on Knowledge and Data Engineering, 2(1):109{124, 1990.
281.W. Kim and F.H. Lochovsky. Object-Oriented Concepts, Databases and Applications. Addison-Wesley, New York, 1989.
282.L. Knudsen and W. Meier. Improved di erential attacks on RC5. In Koblitz N., editor, Advances in Cryptology (CRYPTO'96). Lecture Notes in Computer Science No. 1109, pages 216{236. Springer, Berlin Heidelberg New York, 1996.
283.D.E. Knuth. Seminumerical Algorithms, Vol. 2 of The Art of Computer Programming. Addison-Wesley, New York, 1969. Second edition, 1981.
284.N. Koblitz. Elliptic curve cryptosystems. Mathematics of Computation, 48(177):203{ 209, 1987.
285.N. Koblitz. Algebraic Aspects of Cryptography. Springer, Berlin Heidelberg New York, 1999.
286.T. Kohno, J. Kelsey, and B. Schneier. Preliminary cryptanalysis of reduced-round serpent. In Proceedings of the 3rd Advanced Encryption Standard (AES) Candidate Conference, 2000. Available at www.counterpane.com/serpent-aes.html.
287.K. Koyama, U.M. Maurer, T. Okamoto, and S.A. Vanstone. New public-key schemes based on elliptic curves over the ring zn. In J. Feigenbaum, editor, Advances in Cryptology (CRYPTO'91). Lecture Notes in Computer Science No. 576,.pages 252{266. Springer, Berlin Heidelberg New York, 1992.
288.K. Koyama and K. Ohta. Identity-based conference key distribution systems. In
C.Pomerance, editor, Advances in Cryptology (CRYPTO'87). Lecture Notes in Computer Science No. 293, pages 175{184. Springer, Berlin Heidelberg New York, 1988.
289.H. Krawczyk. SKEME: A versatile secure key exchange mechanism for Internet. In
Proceedings of the Internet Society Symposium on Network and Distributed System Security, pages 114{127. IEEE, 1996.
290.P. Kumar and R. Scholtz. Bounds on the linear span of bent sequences. IEEE Transactions on Information Theory, IT-29 No. 6:854{862, 1983.
References 649
291.P. Kumar, R. Scholtz, and L. Welch. Generalized bent functions and their properties.
Journal of Combinatorial Theory, Ser. A, 40:90{107, 1985.
292.S. Kumar and E. Spa ord. A pattern matching model for misuse intrusion detection. In
Proceedings of the 17th National Computer Security Conference, pages 11{21, 1994.
293.K. Kurosawa, K. Okada, and S. Tsujii. Low exponent attack against elliptic curve RSA. In J. Pieprzyk and R. Safavi-Naini, editors, Advances in Cryptology (ASIACRYPT'94). Lecture Notes in Computer Science No. 917, pages 376{383. Springer, Berlin Heidelberg New York, 1995.
294.J.C. Lagarias and A.M. Odlyzko. Solving low-density subset sum problems. In Proceedings of the 24th IEEE Symposium on Foundations of Computer Science, pages 1{10. IEEE, 1983.
295.X. Lai and J. Massey. A proposal for a new block encryption standard. In I.B. Damgard, editor, Advances in Cryptology (EUROCRYPT'90). Lecture Notes in Computer Science No. 473, pages 389{404. Springer, Berlin Heidelberg New York, 1990.
296.X. Lai, J. Massey, and S. Murphy. Markov ciphers and di erential cryptanalysis. In D.W. Davies, editor, Advances in Cryptology (EUROCRYPT'91). Lecture Notes in Computer Science No. 547, pages 17{38. Springer, Berlin Heidelberg New York, 1991.
297.L. Lamport. Constructing digital signatures from a one-way function. Technical Report CSL-98, SRI International, October 1979.
298.B. Lampson. Protection. In Proceedings of the 5th Princeton Conference on Information and System Sciences, pages 437{443, 1971.
299.A.K. Lenstra, H.W. Lenstra, Jr., and L. Lovasz. Factoring polynomials with rational coeÆcients. Mathematische Annalen, 261:513{534, 1982.
300.A.K. Lenstra, H.W. Lenstra, Jr., M.S. Manasse, and J.M. Pollard. The number eld sieve. In Proceedings 22nd ACM Symposium on Theory of Computing, pages 564{572. ACM, New York, 1990.
301.A.K. Lenstra and E.R. Verkeul. Selecting cryptographic keys sizes. Journal of Cryptology, 14(4):255{293, 2001.
302.H.W. Lenstra, Jr. Factoring integers with elliptic curves. Annals of Mathematics, 126:649{673, 1987.
303.L.A. Levin. One-way function and pseudorandom generators. Combinatorica, 7(4):357{ 363, 1987.
304.C.M. Li, T. Hwang, and N.Y. Lee. Threshold-multisignature schemes where suspected forgery implies traceability of adversarial shareholders. In A. De Santis, editor, Advances in Cryptology (EUROCRYPT'94). Lecture Notes in Computer Science No. 950, pages 194{204. Springer, Berlin Heidelberg New York, 1995.
305.G.E Liepins and H.S. Vaccaro. Intrusion detection: Its role and validation. Computers & Security, 11:347{355, 1992.
306.G. Lowe. Some new attacks upon security protocols. In IEEE Computer Security Foundations Workshop, pages 162{169. IEEE, 1996.
307.J. Loxton, D. Khoo, G. Bird, and J. Seberry. A cubic RSA code equivalent to factorization. Journal of Cryptology, 5:139{150, 1992.
650 References
308.M. Luby and C. Racko . How to construct pseudorandom permutations and pseudorandom functions. SIAM Journal of Computing, 17(2):373{386, April 1988.
309.P. Lucas and L. Van Der Gaag. Principles of Expert Systems. Addison-Wesley, New York, 1991.
310.T. Lunt and R. Jagannathan. A prototype real-time intrusion detection expert system. In Proceedings of the 1988 IEEE Symposium on Security and Privacy. IEEE, 1988.
311.T. Lunt, A. Tamaru, F. Gilham, R. Jagannathan, P. Neumann, and C. Jalali. IDES: a progress report. In Proceedings of the 6-th Annual Computer Security Applications Conference, pages 273{285. IEEE, 1990.
312.T.F. Lunt. Multilevel security for object-oriented database systems. In D.L. Spooner and C. Landwehr, editors, Database Security III: Status and Prospects (Results of the IFIP WG 11.3 Workshop on Database Security), pages 199{209, 1989. North-Holland, Amsterdam, 1989.
313.T.F. Lunt, D.E. Denning, R.R. Schell, M. Heckman, and W.R. Shockley. Element-level classi cation with A1 assurance. Computers & Security, 7(1):73{82, 1988.
314.T.F. Lunt, D.E. Denning, R.R. Schell, M. Heckman, and W.R. Shockley. The SeaView security model. IEEE Transactions on Software Engineering, SE-16(6):593{607, 1990.
315.T.F. Lunt and J.K. Millen. Secure knowledge-based systems. Technical Report SRI-CSL- 90-04, SRI International, Menlo Park, CA, August 1989.
316.T.F. Lunt, R.R. Schell, W.R. Shockley, M. Heckman, and D. Warren. A near-term design for the SeaView multilevel database system. In Proceedings of the 1988 IEEE Symposium on Security and Privacy, pages 234{244. IEEE, 1988.
317.G.H. MacEwen. E ects of distributed system technology on database security: A survey. In C.E. Landwehr, editor, Database Security: Status and Prospects (Results of the IFIP WG 11.3 Initial Meeting), pages 253{261, Annapolis. North-Holland, Amsterdam, 1987.
318.F. MacWilliams and N. Sloane. The Theory of Error-Correcting Codes. North-Holland, Amsterdam, 1977.
319.S. Magruder. High-level language computer viruses - a new threat ? Computers & Security, 13:263{269, 1994.
320.J. Massey. Contemporary cryptology, an introduction. Proceedings of the IEEE, 76:533{ 549, 1988.
321.M. Matsui. The rst experimental cryptanalysis of the data encryption standard. In
Y.Desmedt, editor, Advances in Cryptology (CRYPTO'94). Lecture Notes in Computer Science No. 839, pages 1{11. Springer, Berlin Heidelberg New York, 1994.
322.M. Matsui. Linear cryptanalysis method for DES cipher. In T. Helleseth, editor, Advances in Cryptology (EUROCRYPT'93). Lecture Notes in Computer Science No. 765, pages 386{397. Springer, Berlin Heidelberg New York, 1994.
323.M. Matsui. On correlation between the order of S-boxes and the strength of DES. In
A.De Santis, editor, Advances in Cryptology (EUROCRYPT'94). Lecture Notes in Computer Science No. 950, pages 366{376. Springer, Berlin Heidelberg New York, 1995.
324.M. Matsui and A. Yamagishi. A new method for known plaintext attack of FEAL cipher. In R. Rueppel, editor, Advances in Cryptology (EUROCRYPT'92). Lecture Notes in Computer Science No. 658, pages 81{91. Springer, Berlin Heidelberg New York, 1993.