This book constitutes the thoroughly refereed proceedings of the 11th International Conference on Financial Cryptography and Data Security, FC 2007, and the co-located 1st International Workshop on Usable Security, USEC 2007, both held in Scarborough, Trinidad/Tobago, in February 2007. The book includes 17 revised full papers, 1 system presentation paper and the transcriptions of 5 panel sessions from FC 2007. The papers, which were carefully reviewed and selected from 85 submissions, are organized in topical sections on Payment Systems, Anonymity, Authentication, Anonymity and Privacy, Cryptography and Commercial Transactions, Financial Transactions and Web Services, and Cryptography. The book concludes with 5 revised full and 5 revised short papers from the USEC 2007 workshop. This workshop brought together an interdisciplinary group of researchers and practitioners to discuss usability problems and deepen the understanding of users' capabilities and motivations in performing security tasks. The 11th International Conference on Financial Cryptography and Data Security (FC 2007, http://fc07. ifca. ai), organized by the International Financial Crypt- raphy Association (IFCA, http://www. ifca. ai/), was held in Tobago, February 12¿15, 2007. The conference is a well-established and premier international - rum for research, advanced development, education, exploration, and debate - garding security in the context of ?nance and commerce. We continue to cover all aspects of securing transactions and systems, which this year included a range of technical areas such as cryptography, payment systems, anonymity, privacy, - thentication, and commercial and ?nancial transactions. For the ?rst time, there was an adjacent workshop on Usable Security, held after FC 2007 in the same - cation. The papers are included in the last part of this volume. The conference goal was to bring together top cryptographers, data-security specialists, and c- puter scientists with economists, bankers, implementers, and policy makers. The goal was met this year: there were 85 submissions, out of which 17 research papers and 1 system presentation paper were accepted. In addition, the conference featured two distinguished speakers, Mike Bond and Dawn Jutla, and two panel sessions, one on RFID and one on virtual economies. As always, there was the rump session on Tuesday evening, colorful as usual. Keynote Address Leaving Room for the Bad Guys (Abstract) 1 Mike Bond Payment Systems Vulnerabilities in First-Generation RFID-enabled Credit Cards 2 Thomas S. Heydt-Benjamin, Daniel V. Bailey, Kevin Fu, Ari Juels, and Tom O'Hare Conditional E-Cash 15 Larry Shi, Bogdan Carbunar, and Radu Sion A Privacy-Protecting Multi-Coupon Scheme with Stronger Protection Against Splitting 29 Liqun Chen, Alberto N. Escalante B., Hans L hr, Mark Manulis, and Ahmad-Reza Sadeghi Panel Panel: RFID Security and Privacy (Abstract) 45 Kevin Fu Position Statement in RFID S&P Panel: RFID and the Middleman 46 Ross Anderson Position Statement in RFID S&P Panel: Contactless Smart Cards 50 Jon Callas Position Statement in RFID S&P Panel: From Relative Security to Perceived Secure 53 Yvo Desmedt Anonymity A Model of Onion Routing with Provable Anonymity 57 Joan Feigenbaum. Aaron Johnson, and Paul Syverson K-Anonymous Multi-party Secret Handshakes 72 Shouhuai Xu and Moti Yang Authentication Using a Personal Device to Strengthen Password Authentication from an Untrusted Computer 88 Mohammad Mannan and P.C. van Oorschot Scalable Authenticated Tree Based Group Key Exchange for Ad-Hoc Groups 104 Yvo Desrnedt, Tanja Lange, and Mike Burmester On Authentication with HMAC and Non-random Properties 119 Christian Rechberger and Vincent Rijmen Anonymity and Privacy Hidden Identity-Based Signatures 134 Aggelos Kiayias and Hong-Sheng Zhou Space-Efficient Private Search with Applications to Rateless Codes 148 George Danezis and Claudia Diaz Cryptography and Commercial Transactions Cryptographic Securities Exchanges 163 Christopher Thorpe and David C. Parkes Improved Multi-party Contract Signing 179 Aybek Mukhamedov and Mark Ryan Informant: Detecting Sybils Using Incentives 192 N. Boris Margolin and Brian N. Levine Financial Transactions and Web Services Dynamic Virtual Credit Card Numbers 208 Ian Molloy, Jianytao Li, and Ninghui Li The Unbearable Lightness of PIN Cracking 224 Omer Berkman and Odelia Moshe Ostrovsky Panel Virtual Economies: Threats and Risks 239 Christopher Thorpe, Jessica Hammer, Jean Camp, Jon Callas, and Mike Bond Invited Talk Usable SPACE: Security, Privacy, and Context for the Mobile User (Abstract) 245 Dawn Jutla System Presentation Personal Digital Rights Management for Mobile Cellular Devices 246 Siddharth Bhatt, Bogdan Carbunar, Radu Sion, and Venu Vasudevan Cryptography Certificate Revocation Using Fine Grained Certificate Space Partitioning 247 Vipul Goyal An Efficient Aggregate Shuffle Argument Scheme 260 Jun Furukawa and Hideki Imai Usable Security Workshop Preface 277 Rachna Dhamija Full Papers An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks 281 Collin Jackson, Daniel R. Simon, Desney S. Tan, and Adam Barth WSKE: Web Server Key Enabled Cookies 294 Chris Masone, Kwang-Hyun Back, and Sean Smith Usability Analysis of Secure Pairing Methods 307 Ersin Uzun, Kristiina Karvonen, and N. Asokan Low-Cost Manufacturing, Usability, and Security: An Analysis of Bluetooth Simple Pairing and Wi-Fi Protected Setup 325 Cynthia Kuo, Jesse Walker, and Adrian Perrig Empirical Studies on Software Notices to Inform Policy Makers and Usability Designers 341 Jens Grossklags and Nathan Good Short Papers What Instills Trust? A Qualitative Study of Phishing 356 Markus Jakobsson, Alex Tsow, Ankur Shah, Eli Blevis, and Youn-Kyung Lim Phishing IQ Tests Measure Fear, Not Ability 362 Vivek Anandpara, Andrew Dingman, Markus Jakobsson, Debin Liu, and Heather Roinestad Mental Models of Security Risks 367 Farzaneh Asgharpour, Debin Liu, and L. Jean Camp Improving Usability by Adding Security to Video Conferencing Systems 378 April Slayden Mitchell and Alan H. Karp A Sense of Security in Pervasive Computing Is the Light on When the Refrigerator Door Is Closed? 383 Jakob Illebovg Pagter and Marianne Graves Petersen Author Index 389