Information Security Practice and Experience

The4thInformationSecurityPracticeandExperienceConference(ISPEC2008) was held at Crowne Plaza, Darling Harbour, Sydney, Australia, during April 21-23, 2008. The previous three conferences were held in Singapore in 2005, Hangzhou, China in 2006 and Hong Kong, China in 2007. As with the previous three conference proceedings, the proceedings of ISPEC 2008 were published in the LNCS series by Springer. Theconferencereceived95submissions,outofwhichtheProgramCommittee selected 29 papers for presentation at the conference. These papers are included in the proceedings. The accepted papers cover a range of topics in mathem- ics, computer science and security applications, including authentication and digital signatures, privacy, encryption and hash-function algorithms, security analysis, network security, access control, security devices, pairing and elliptic curve-basedsecuritypractice,securitycomputationandso forth.The conference proceedings contain revised versions of the selected papers. Since some of them were not checked again for correctness before publication, the authors (and not the ProgramCommittee)bear full responsibilityfor the contentsoftheir papers. In addition to the contributed papers, the program comprised two invited talks.TheinvitedspeakerswereVijayVaradharajan(MacquarieUniversity,A- tralia) and Robert Huijie Deng (Singapore Management University, Singapore). Special thanks are due to these speakers. Wewouldliketothankallthepeoplewhohelpedwiththeconferenceprogram and organization. First, we thank the Steering Committee for their guidance on the general format of the conference. We also heartily thank the Program Committee and the sub-reviewers listed on the following pages for their hard e?orts and time contributed to the review process, which took seven weeks. Each paper was carefully evaluated by at least two or three people. There was signi?cant online discussion about a large number of papers.